As anticipated, it has been an incredibly active year for regulation and financial crime related to virtual assets (see our previous alert from
Despite the onset of the “crypto winter,” illicit use of virtual assets rose
again to an all-time high of $20.1 billion. While the illicit share of the market remains less than 1% of overall volume, legitimate transaction volumes declined throughout 2022, while illicit volumes remained steady, growing slightly.
According to Chainalysis, 44% of the illicit activity in virtual assets was attributable to sanctioned persons – in large part representing attempts to evade new U.S., UK and EU sanctions on Russia. Another large source of illicit activity includes fraud,
scams and hacking.
At the same time, there has been unprecedented regulatory enforcement including the U.S. sanctioning of individuals, entities, wallet addresses and crypto exchanges involved in hacking and illicit activity (e.g., Garantex, Hydra Marketplace, Blender.io)
and of notorious mixer, Tornado Cash (see our update here),
as well as efforts to regulate virtual assets (see link to our prior alert here).
In mid-January, reports
began to emerge that the Central Bank of Iran is cooperating with Russia to issue a joint cryptocurrency “stablecoin” to enable cross-border trade. While commentators do
not believe that such an arrangement could help either country evade sanctions on a massive scale, the move underscores the importance of efforts to regulate the sector, in particular exchanges and other access points to the global market.
In the US
The start of 2023 has already been active in terms of enforcement. On January 4, 2023, the New York Department of Financial Services entered into a
consent order with Coinbase, its second with a cryptoasset service provider (the first was
in August of last year with Robinhood).
On January 18, the U.S. Financial Crimes Enforcement Network (FinCEN) issued a notice
of enforcement against cryptocurrency exchange, Bitzlato Limited, while the U.S. Department of Justice (DOJ) arrested
Bitzlato’s founder, Anatoly Legkodymov, a Russian national. According to the DOJ, as a result of its deficient know-your-customer procedures – indeed marketing itself as requiring minimal customer identification – Bitzlato “became a haven for criminal
proceeds and funds intended for use in criminal activity.”
On January 26, the DOJ also announced a successful
campaign to disrupt the Hive ransomware group. According
to FinCEN, cybercriminals often request payments in cryptocurrencies to seek to evade detection through the traditional financial system.
On January 31, New York authorities announced
the indictment of an NYC-based woman for using cryptocurrency to provide support for terrorist groups operating in Syria.
On February 1, the Office of Foreign Assets Control imposed blocking
sanctions on individuals and wallet addresses associated with Russian sanctions evasion.
Although the future of anti-money laundering/counterterrorist financing ("AML/CTF") regulation in the United States remains unclear, we continue to expect significant use of sanctions designations and federal and state enforcement powers.
In the UK
rule for cryptoassets will come into force in September 2023 (see our prior alert here).
The Financial Conduct Authority (FCA) released
feedback on good and poor quality applications for cryptoasset businesses registering under the Money Laundering Regulations (you may recall that cryptoasset firms have struggled to meet FCA registration requirements, see our alert here).
The FCA highlights that it will not approve an application where the firm “has an incorrect understanding of the risks associated with cryptoasset products [or…] with its ongoing business model” (including not only AML/CTF risks but also proliferation
financing risks), nor will it approve an application where the firm has an “underdeveloped AML framework or a weak governance structure.”
This includes, “[f]or example, where the applicant has no clear methodology for risk-scoring its customers, does not consider all relevant factors or where it allows customer transactions before it has completed customer due diligence and does not understand
the enhanced due diligence triggers.”
The UK HM Treasury also issued
its consultation aimed to robustly regulate a broad range of cryptoasset activities and make the UK a safe jurisdiction for cryptoasset activity. The consultation will close on April 30.
In the EU
The European Union continues to finalize the Markets
in Crypto Assets (MiCA) proposal. It is reported the
final vote has been delayed to April. Deadlines for cryptoasset firms to register and comply with the travel
rule in the European Union are still to be set.
It may still be chilly in the crypto markets, but to ensure future survival, firms must also incorporate controls to protect consumers and guard against misuse by illicit actors.