• The US Treasury Department’s report on Decentralized Finance services highlights the risk of illicit actors exploiting vulnerabilities in the system.
• The Bank Secrecy Act and related regulations impose obligations on financial institutions to assist US government agencies in detecting and preventing money laundering.
• Federal regulators should engage with the industry to explain applicable laws, regulations, and AML/CFT requirements.
Growing Concern Over Illicit Use of DeFi
The US Treasury Department has released a report highlighting its growing concern about „illicit“ actors exploiting decentralized finance (DeFi) services and their associated vulnerabilities. It notes that many DeFi services have a controlling organization or governance that provides a measure of centralized administration. This creates openings for cybercriminals, thieves, scammers, ransomware operators, and Democratic People’s Republic of Korea (DPRK) cyber actors to launder their illegal proceeds.
AML/CFT Regulations Apply to DeFi
The Bank Secrecy Act (BSA) and related regulations impose obligations on financial institutions to assist US government agencies in detecting and preventing money laundering. This applies to entities that function as financial institutions as defined by the BSA, regardless of whether they are centralized or decentralized. Therefore, all DeFi services functioning as financial institutions must comply with the BSA’s obligations, including Anti Money Laundering/Combating the Financing of Terrorism (AML/CFT).
Vulnerabilities Exploited By Illicit Actors
The Treasury Department’s risk assessment also outlines alleged vulnerabilities in both domestic and foreign AML/CFT regulatory, supervisory, and enforcement regimes that these illicit actors might exploit when using DeFi services. These could include weaknesses in the technology underpinning decentralized finance services or gaps in existing AML/CFT policies and procedures.
Engaging With Industry To Explain Obligations
In order to address these risks effectively, the report recommends that federal regulators engage with the industry to explain how relevant laws and regulations – including securities, commodities, money transmission laws – as well as applicable AML/CFT requirements apply to DeFi services operating as financial institutions.
Overall this report highlights the potential risks associated with decentralized finance services when exploited by „illicit“ actors. It emphasizes that all such entities must comply with existing AML/CFT obligations under the Bank Secrecy Act and other relevant laws if they are classified as a financial institution. Therefore it is important for federal regulators to continue engaging with industry players so they understand their legal obligations under these frameworks