The DOJ’s National Cryptocurrency Enforcement Team and Treasury’s OFAC are setting their sights on cryptocurrency use in cybercrimes.

By Benjamin A. Naftalis, Eric S. Volkman, Douglas K. Yatter, Nima H. Mohebbi, Jessie R. Michelin, and Deric Behar

The US Department of Justice (DOJ) is sharpening its focus on combatting cryptocurrency use in criminal activity. On October 6, 2021, the DOJ announced the creation of a National Cryptocurrency Enforcement Team (NCET) — a unit aimed to be the centerpiece in “a nationwide enforcement effort to combat the use of cryptocurrency as an illicit tool.” The DOJ identifies cryptocurrency as the “primary demand mechanism for ransomware payments” and “preferred means of exchange of value” to facilitate crimes on the dark web. The stated purpose of NCET is to conduct complex investigations and prosecutions of criminal misuse of cryptocurrency by individuals and entities operating in the digital asset space.

Underlying NCET is the DOJ Cyber Digital Task Force’s first published report, which highlighted the need to address threats posed by the use of cryptocurrency in cybercrimes, as well as its October 2020 Cryptocurrency Enforcement Framework (the Framework), which highlighted the emerging threats and enforcement challenges posed by cryptocurrency use and infrastructure abuse. In the Framework, the DOJ asserted broad and diverse jurisdiction over crimes involving cryptoassets to pursue violations of US law even if those violations were conducted by individuals or entities based outside the US, so long as those entities maintained a nexus of activity involving US persons (see this Latham post for more information).

Multi-Agency Enforcement and Collaboration

NCET represents the latest evolution in the government’s effort to identify and pursue illegal conduct in the cryptocurrency sector. It brings together individuals from various DOJ divisions and units, harnessing expertise in local criminal law enforcement, money laundering, cybercrime, and blockchain technology. The DOJ previously made clear in the Framework that it intends to collaborate with numerous US regulators and agencies to police the cryptocurrency space. NCET will expand on this focus, seeking to collaborate with US Attorneys across the country; with federal, state, local, tribal, territorial, and international law enforcement agencies; and even with private sector actors with expertise in cryptocurrency matters. Presumably, NCET’s collaboration will extend to the Commodity Futures Trading Commission’s Division of Enforcement (with a dedicated Digital Assets Task Force and Bank Secrecy Act Task Force), as well as the Securities and Exchange Commission’s Division of Enforcement (with a dedicated Cyber Unit and Strategic Hub for Innovation and Financial Technology).

Ransomware Prevention and Sanctions Effectiveness as a Top Priority

Combatting ransomware through strategic use of sanctions has been a critical component of the US Department of the Treasury’s enforcement program in recent years. Those efforts reached a tipping point on September 21, 2021, when Treasury’s Office of Foreign Asset Control (OFAC) announced that, for the first time, it had added a virtual currency exchange to its Specially Designated Nationals (SDN) list for its role in facilitating financial transactions for ransomware actors. Treasury also issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which describes the potential sanctions risks associated with making and facilitating ransomware payments, and recommended that individuals and companies focus on “defensive and resilience measures to prevent and protect against ransomware attacks.”

OFAC also reiterated earlier guidance encouraging victims to report ransomware attacks to law enforcement. The updated advisory adds that OFAC will consider a company’s self-initiated and complete report that is made to OFAC or a number of other government agencies to be a “voluntary self-disclosure” warranting mitigation credit under OFAC’s Enforcement Guidelines. OFAC further clarified that it would be “more likely” to resolve apparent sanctions violations involving ransomware attacks with a non-public response (i.e., a No Action Letter or a Cautionary Letter) when the affected party disclosed to law enforcement and provided ongoing cooperation.

Perhaps not coincidentally, on the same day that the DOJ announced the establishment of NCET, OFAC released Sanctions Compliance Guidance for the Virtual Currency Industry (the Guidance). According to the Treasury press release, the Guidance is part of a “whole of government” effort to combat the risks associated with illicit cryptocurrency use and ransomware. The Guidance aims to help the virtual currency industry effectively implement compliant sanctions programs to prevent financial system exploitation by sanctioned persons and other illicit actors. The Guidance provides firms in the digital asset industry key insights for:

  • Evaluating sanctions-related risks in their lines of business
  • Building a risk-based sanctions compliance program
  • Protecting their business from sanctions violations and intentional misuse of virtual currencies by malicious actors
  • Understanding OFAC’s recordkeeping, reporting, licensing, and enforcement processes

The Guidance includes new OFAC expectations regarding appropriate sanctions compliance measures in the digital assets space, including IP geoblocking, blockchain analytics, treating the use of VPNs as a potential red flag, and conducting retroactive reviews of transactions with designated wallet addresses that occurred prior to those addresses being sanctioned.

In tandem with its release of the Guidance, Treasury published a Sanction Review Report, which expresses the agency’s view that digital currencies and alternative payment platforms can reduce the efficacy of US sanctions programs. According to the agency, innovative technologies “offer malign actors opportunities to hold and transfer funds outside the traditional dollar-based financial system.” As a countermeasure, Treasury is committed to “deepening its institutional knowledge and capabilities in the evolving digital assets and services space” to ensure that sanctions remain an effective national security and foreign policy tool.

Compliance in an Evolving World

The establishment of NCET, related initiatives by Treasury, and reports of the US House of Representatives filling a senior investigative counsel role from the legal affairs team of a leading blockchain analysis firm all demonstrate that disrupting illicit cryptocurrency use is a central priority for US lawmakers and enforcement agencies. That focus will only sharpen as cryptocurrencies increasingly go mainstream. To the extent that enforcement agencies view cryptocurrency as a primary medium of exchange of cybercriminal activity and ransom demands, it is likely that strategic priorities and prosecutions will be framed around countering this trend.

To avoid the consequences of non-compliance, virtual asset service providers and traditional finance firms with crypto touchpoints (including non-US entities with a nexus of activity involving US persons) should review the new guidance for potential applicability and ensure that all relevant aspects of financial crimes compliance programs are up to date. Program components that may call for review include know-your-customer implementation, counterparty screening, transaction monitoring, policies and procedures, testing, reporting, and training. Such programs should take account of the US government’s heightened focus on illicit use of cryptocurrencies, ransomware prevention, and the use of sanctions as an effective policy tool.