Author: Jack Goewey

Hearing entitled: Held for Ransom: How Ransomware Endangers Our Financial System 

On April 16, 2024, the House Financial Services Subcommittee on National Security, Illicit Finance, and International Financial Institutions held a hearing to discuss the critical issue of ransomware and its implications for the security of our financial system.

Witnesses (testimony linked): 

Jacqueline Burns Koven: Head of Cyber Threat Intelligence, Chainalysis 

Daniel Sergile: Senior Consulting Director, Unit 42 by Palo Alto Networks 

Megan Stifel: Chief Strategy Officer, Institute for Security and Technology 

Kemba Eneas Walden: President, Paladin Global Institute 

Hearing Takeaway: 

While digital assets were not the central theme, they emerged as a key topic due to their role in ransomware economics. The hearing delved into ransomware’s operational intricacies, the alarming rise in payment values despite fewer incidents, and the challenge of ransomware as a service (RaaS) operating beyond U.S. jurisdiction. There was a general acknowledgment that ransomware is a national security issue requiring tight regulation, improved public-private cooperation, and resources to help small businesses strengthen their cyber defenses. The discussion highlighted the effectiveness of blockchain analytics in tracing ransom payments and the potential legislative actions to advance the fight against these cyber threats. 

Member Opening Statements: 

Vice Chair Elaine (R-CA) opened the hearing on ransomware, emphasizing the critical need for a comprehensive understanding of this growing cyber threat that has not been fully addressed since pandemic-related fraud hearings four years ago. She highlighted the vulnerability of all sectors to ransomware, which extorted over $1B in 2023 alone, and underscored the potential for even a single employee error to result in significant breaches. Kim pointed out the real-world impacts of such attacks in her district and beyond, stressing the ongoing threat and the use of AI by cybercriminals to exploit system vulnerabilities. She also touched upon geopolitical dimensions, noting Iran’s role in cyber operations against the U.S. and its allies. Kim called for enhanced congressional awareness and a unified effort to address the ransomware challenge, appreciating the bipartisan approach to tackling this critical national security issue. 

Ranking Member Joyce Beatty (D-OH) thanked the Chair for their collaborative efforts on financial issues and for convening the hearing on the escalating threat of ransomware, particularly highlighting its impact on small and medium-sized businesses and national security. She noted the dramatic rise in ransomware incidents, with the value of attacks increasing from $102 million in 2018 to $1.1 billion in 2023. Beatty stressed the need for bipartisan congressional action to enhance business preparedness and consumer protection and praised the Biden administration and Treasury agencies like FinCEN and OFAC for their efforts in combating these attacks through legislation and strategic initiatives to trace ransom payments. She emphasized supporting these agencies rather than undermining their efforts and expressed a commitment to collaborating across party lines to address this significant national security challenge. 

Witness Statements: 

Jacqueline Burns Koven from Chainalysis emphasized the pivotal role of blockchain technology in countering ransomware during her testimony. As Head of Cyber Threat Intelligence, she outlined how the tool facilitates tracking and disrupting ransomware operations on the blockchain, aiding policymakers and law enforcement. Koven debunked the myth that cryptocurrency transactions are anonymous, noting they are public and traceable. She cited significant successes such as the FBI’s Colonial Pipeline case, where Chainalysis’ data led to substantial seizures of bitcoin. Despite the increase in ransom demands, she noted a decrease in actual payments, suggesting greater difficulty for attackers to profit. Koven advocated for enhanced support from Congress to empower federal efforts with blockchain intelligence, emphasizing a collaborative, whole-of-government approach to sustain pressure on ransomware actors. 

Daniel Sergile from Palo Alto Networks discussed the evolution of ransomware into a significant operational risk across various sectors, emphasizing the increasing sophistication of extortion tactics, including AI-enhanced attacks. He identified vulnerabilities due to insufficient visibility across digital infrastructures and outdated IT systems, particularly in financial services. Sergile recommended strengthening cybersecurity through actions like enhancing incident response strategies, improving infrastructure visibility, leveraging AI, adopting zero-trust architectures, and prioritizing cloud security. He highlighted the importance of collaboration within cybersecurity forums like JCDC, the Ransomware Task Force, and FS-ISAC to enhance collective defense capabilities. Sergile’s testimony did not specifically mention cryptocurrency. 

Megan Stifel, Chief Strategy Officer at the Institute for Security and Technology highlighted the critical role of cryptocurrency in ransomware economies during her testimony. She discussed the Ransomware Task Force’s efforts, which led to a report with 48 recommendations—12 targeting financial services—stressing the need for strict regulation of the cryptocurrency sector to mitigate ransomware payments through compliance with KYC, AML, and CFT rules. Stifel emphasized that despite efforts following significant ransomware incidents substantial progress is needed, especially in the financial sector where cryptocurrency transactions facilitate these criminal activities. She proposed enhancing sector resilience, ensuring adequate resources for investigating financial abuses, and promoting cybersecurity best practices through collaboration between the government and private sectors. Stifel concluded by expressing readiness to continue addressing these urgent cybersecurity challenges. 

Kemba Walden of Paladin Global Institute emphasized the sophistication of ransomware attacks and the necessity for a multi-faceted approach to deter and disrupt these threats. Highlighting the Task Force’s work, she spoke about the importance of raising the cost and lowering the profitability of ransomware. Walden identified the critical moments when ransomware criminals are most vulnerable—during the ‘on and off ramps’ of cryptocurrency transactions where fiat currency and crypto are converted— and stressed the need for quick action between financial services and law enforcement to exploit these vulnerabilities. Concluding with a call to action, she urged for the full implementation of policy recommendations, including those that address legislative gaps in combating ransomware and its financial mechanisms. 

Questioning: 

Vice Chair Young Kim opened the questioning by asking Jacqueline Koven what role digital assets play in ransomware attacks and how law enforcement and congress can work to combat ransomware. Koven explained how bad actors are no longer putting their crypto address on display now. This is an Achilles heel for bad actors; once the address is found blockchain analytics can be used to trace everything and “law enforcement is able to understand the entire ransomware supply chain.” 

Responding to another Rep. Kim question, Megan Stifel emphasized AI’s role in ransomware evolution, while Daniel Sergile stressed foundational cyber hygiene for companies. 

Ranking Member Joyce Beatty addressed the vulnerability of small to medium-sized businesses to ransomware due to limited cyber defense resources. Stifel advocated for the use of grant programs, and Walden proposed tax incentives to promote cybersecurity practices among these businesses. 

Rep. Andy Barr (R-KY) highlighted the national security risk posed by the cybersecurity workforce shortage and queried the targeting pattern of ransomware attacks in relation to cybersecurity insurance holders. 

Rep. Maxine Waters (D-CA) discussed the potential effects of banning ransomware payments, with Walden cautioning that such a ban could severely impact small to medium-sized businesses and emphasized the need to fortify cyber defenses for critical infrastructure. 

Rep. Barry Loudermilk (R-GA) emphasized the importance of trust and public-private partnerships in the aftermath of incidents like the Colonial Pipeline disruption. 

Rep. Wiley Nickel (D-NC) echoed Koven’s remarks on the traceability of cryptocurrency in ransomware cases, with Koven underscoring the need for rapid law enforcement action to prevent fund laundering by bad actors that move quickly. Koven also stated that increased training and resources for law enforcement are needed. 

Nickel also asked why there has been a significant increase in ransomware payments. Walden noted a decrease in the number of ransomware payments but an increase in their average dollar value. 

Rep. Roger Williams (R-TX) questioned the evolution of ransomware and the legislative actions needed to keep pace. Sergile illustrated the use of AI in combatting threat actors, and Koven noted the increasing sophistication of ransomware, suggesting a need for involvement from multiple agencies. 

Koven also analogized it to big game hunting as bad actors are increasingly more sophisticated. Koven flagged how nation state actors engaged in ransomware are being used to obfuscate national politically motivated activities like disruption and espionage and the important to involve multiple agencies because of this. 

Rep. Dean Phillips (D-MN) referred to the significant rise in ransom payments and the need for legal and investigative capacity investment. Stifel discussed the shortage of trained investigators, while Walden highlighted the necessity for enhanced government understanding of investigative tools like blockchain analysis. 

Rep. Zach Nunn (R-IA) inquired about the nature of “Ransomware as a Service” and brought up his Public and Private Ransomware Response Coordination Act, which aims to improve threat detection, information sharing, response time, and threat suppression. Stifel described RaaS operators utilizing services outside of U.S. jurisdiction, while Koven highlighted the impact of public-private partnerships citing how their collaborative work with law enforcement has resulted in freezing North Korean funds and the colonial pipeline resolution.  

Rep. Bill Foster (D-IL) continued to push his Digital ID legislation saying implementing Digital ID is the single most useful thing congress could do. This is the same Digital driver’s license idea he pushed for in last year’s July HFSC markup while Sergile replied that the Digital ID proposed may not be infallible.  

Rep. Dan Meuser (R-PA) focused on what makes certain companies targets for ransomware, with Stifel emphasizing the need for more support for small businesses. 

Rep. Monica De La Cruz (R-TX) wrapped up the questioning by supporting the idea of tax incentives for small businesses to enhance their cybersecurity measures, drawing from her personal experience as a business owner. 

Introduction

On April 11^th, Representatives Patrick McHenry (R-NC) and Brittany Pettersen (D-CO) introduced the bipartisan Ransomware and Financial Stability Act of 2024. This bill amends text in the Consolidated Appropriations Act, 2021.

Summary

This legislation aims at strengthening the resilience of the U.S. financial system against ransomware attacks, establishing clear protocols for ransom payments, and ensuring that such payments, including those involving cryptocurrencies, are made within a controlled and legally compliant framework.

Key Provisions

Financial institutions must secure a “ransomware payment authorization” from a federal law enforcement agency for any payouts exceeding $100,000. Also, these institutions must report to the Financial Crimes Enforcement Network (FinCEN) before making such payments, providing full details of the attack and the ransom sought.

The Treasury Department will offer guidance to simplify reporting, ensuring that institutions are not overburdened. In cases where national interests are at stake, the President may waive these stringent requirements, but Congress and the relevant institutions must be notified.

By adhering to these guidelines, financial institutions can enjoy legal protection, gaining immunity from certain liabilities and shielding from adverse actions. This immunity extends to institutions that, in good faith, attempt to report ransomware attacks; they will not be penalized for incomplete reports due to a lack of information.

The bill grants federal and state agencies the right to review the validity of any ransomware payment authorizations. It also outlines confidentiality provisions, ensuring that information related to these incidents is disclosed only when legally necessary. The scope of this bill is quite broad, covering major financial entities and tech service providers, and it includes a sunset clause that mandates a legislative review a decade after enactment.

How we see it

Intentionally defining “ransomware payment” to include digital currency payments is a clear nod to the digital asset sector’s staying power and growing role in finance. This proactive legislative approach mirrors global trends and the increasing integration of digital assets into the economy.

This stance also aligns with Deputy Secretary Adeyemo’s April 9th Senate Banking testimony, where he stated that bad actors will increasingly exploit expanding markets. The bill’s approach to digital currencies recognizes their legitimacy and tackles the risks they may pose, paving the way for regulations that balance risk mitigation with the industry’s innovative momentum.

Senate Committee on Banking, Housing and Urban Affairs 

Hearing entitled: An Update from the Treasury Department: Countering Illicit Finance, Terrorism and Sanctions Evasion. 

On April 9th, 2024, the Senate Banking, Housing, and Urban Affairs Committee held a hearing for clarity from the Treasury Department on Illicit finance, terrorism and sanctions evasion.  

Witness (testimony linked): 

Honorable Adewale “Wally” O. Adeyemo, Deputy Secretary, Department of the Treasury 

Hearing Takeaway: 

The nearly two-hour hearing covered broad topics including the effectiveness of U.S. sanctions and the Biden administration’s recent decision to release another Iran sanctions waiver, indicating a focus on global finance and geopolitical issues.  

In terms of digital assets, Deputy Secretary Adeyemo reinforced his earlier calls for more rigorous regulation and monitoring in response to their increasing use in illicit activities. He advocated for Congress to allocate more authority to Treasury to effectively manage the risks associated with cryptocurrencies, though the details of these expanded powers were not thoroughly explored. 

There was a shared recognition between parties and Treasury of the challenges posed by the evolving use of cryptocurrencies in illicit finance. Both parties acknowledged the necessity for effective regulatory frameworks to address the misuse of digital assets by terrorists, state actors, and criminal organizations. While their focus and proposed solutions may differ, there is a common understanding of the need for legislative and regulatory actions to adapt to the changing financial landscape, ensuring U.S. national security and financial system integrity.  

Republican Takeaway: 

Ranking Member Tim Scott (R-SC) and other Republicans expressed concerns about the current administration’s focus, particularly on digital assets, which they viewed as potentially distracting from more significant security threats and economic policies. They were also critical of policies toward countries like Iran and Venezuela, connecting these to broader security and economic issues in the U.S., such as the fentanyl crisis. The Republicans seemed skeptical of the heavy focus on regulating cryptocurrencies, suggesting it might be an overemphasis at the expense of addressing broader financial and international policy issues. 

Democrat Takeaway: 

Democrats, led by Chairman Sherrod Brown (D-OH), emphasized the threats posed by the misuse of cryptocurrencies by terrorists, autocrats, and criminal organizations. They supported strict regulatory measures for crypto platforms, akin to those for traditional financial institutions, to close gaps in anti-money laundering and counter-terrorism financing. They expressed urgency in equipping the Treasury and other agencies with the necessary tools to regulate and monitor illicit activities facilitated by digital assets, emphasizing the need for legislative action to address these challenges. 

Member Opening Statements: 

In his opening statement, Chairman Brown emphasized the threats to American national security posed by various global actors, including autocrats, terrorists, and drug traffickers. He specifically highlighted the increasing use of cryptocurrencies by these groups as a method to move money and evade traditional financial safeguards like KYC rules. Brown pointed out incidents involving Bitcoin, Tether, and North Korea’s crypto activities to underscore this trend. He emphasized the need for crypto platforms to follow the same regulatory standards as traditional financial institutions and urged for the closing of legislative gaps to effectively combat illicit finance involving digital assets. 

Ranking Member Scott (R-SC) emphasized the need for U.S. leadership in tackling global security issues, expressing concern over the administration’s policies towards Iran and Venezuela. He criticized the easing of financial restrictions on these countries and linked these international policies to domestic challenges, particularly the U.S. fentanyl crisis. Scott also expressed disappointment in the administration’s focus on climate goals over security concerns. Notably, his statement did not specifically mention cryptocurrencies or their role in these issues. 

Witness Statement: 

Deputy Secretary Adewale O. Adeyemo’s testimony focused on the Treasury Department’s efforts to combat illicit finance, emphasizing the growing challenge of cryptocurrency use by terrorist groups and state actors. He highlighted instances of digital asset misuse by al-Qaeda, Hamas, and countries like North Korea and Russia. Adeyemo proposed three key reforms: secondary sanctions against foreign digital asset providers involved in illicit finance, updating existing authorities to cover digital asset players, and managing jurisdictional risks from offshore crypto platforms. Adeyemo stressed the importance of Congressional action to provide the necessary tools to address these challenges effectively. 

Questioning: 

In the questioning between Chairman Brown and Deputy Secretary Adeyemo, the focus was on the risks associated with the gaps in the illicit finance framework, particularly concerning digital assets. Chairman Brown asked about the potential risks if Congress fails to address these gaps, especially in preventing terrorists and drug traffickers from exploiting cryptocurrencies. Adeyemo responded by emphasizing the shift of such groups towards cryptocurrencies as traditional financial monitoring becomes more stringent. He noted that cryptocurrencies provide an easier and faster route for illegal transactions, which is why obtaining tools proposed in recent legislation is crucial. 

The discussion also covered the administration’s actions against China regarding the fentanyl trade. Adeyemo mentioned ongoing dialogues with China, emphasizing the U.S.’s preparedness to take action against companies supplying precursor chemicals for fentanyl if China does not act. He highlighted the importance of U.S. sanctions in discouraging such activities. Furthermore, Adeyemo addressed the Chairman’s concerns about Russia, detailing efforts to build international coalitions to reduce Russian revenues and disrupt their ability to finance their military operations, including the war in Ukraine. Lastly, Chairman Brown mentioned he would send a written question about the use of stablecoins in illicit activities. 

Ranking Member Scott (R-SC) questioned Deputy Secretary Adeyemo on the administration’s focus on digital assets, suggesting it is a scapegoat given other pressing global financial issues, particularly regarding Iran. He expressed concerns that U.S. policies were inadvertently aiding Iranian resources and endangering American interests. Adeyemo clarified the Treasury’s limited control over certain financial transactions involving Iran and its need for authority over cryptocurrency transactions. 

Senator Bob Menendez (D-NJ) focused on challenges in sanction enforcement against Iranian oil exports, particularly considering China’s involvement. Adeyemo highlighted the need for more authority to tackle the use of cryptocurrencies in circumventing sanctions. Further, Menendez questioned the Treasury’s efforts to regulate Virtual Asset Service Providers (VASPs), especially those not fully complying with Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) controls. Adeyemo affirmed the Treasury’s commitment to enforcing existing laws and updating regulatory frameworks to address these challenges in the digital asset space. He emphasized the necessity for Congress to provide the Treasury with more authority to effectively regulate VASPs and similar entities within the evolving digital asset landscape. 

Senator John Kennedy (R-LA) questioned Deputy Secretary Adeyemo about the U.S. waiving sanctions on Iran, suggesting it indirectly aids Iran financially. Adeyemo assured that the funds in question have never and will not go to Iran, noting that this policy began under the Trump administration. Kennedy argued about the fungibility of money and its potential indirect support to Iran. Adeyemo countered by insisting that the funds would not be used in such a manner.  

In the exchange between Senator Mark Warner (D-VA) and Deputy Secretary Adeyemo, Warner discussed CANSEE and how it targets efforts to evade sanctions through cryptocurrencies and DEFI (Decentralized Finance). He suggested applying similar legislative tools against Hamas. 

Adeyemo expressed willingness to work on this and acknowledged the need for additional tools. Warner elaborated that the proposed bill would expand coverage to foreign financial entities facilitating transactions for any terrorist group. Adeyemo highlighted the challenges of curtailing Hamas’s access to funds, as they are moving away from traditional financial systems to methods like cash and cryptocurrencies. He underscored the necessity of secondary sanctions tools to disrupt these networks. 

Finally, Warner asked about the need for additional resources for entities like OFAC or FinCEN, given the evolving challenges in tracking illicit funds. Adeyemo agreed, emphasizing the importance of equipping these agencies with the necessary resources to effectively pursue these complex financial investigations. 

Senator Thom Tillis (R-NC) questioned Deputy Secretary Adeyemo around the challenges of regulating digital assets and cryptocurrencies. He expressed frustration over previous administrations’ policies towards Iran and the need for effective regulation in the digital asset space. Tillis mentioned the ENFORCE Act, aimed at creating a regulatory framework that accommodates the unique nature of digital assets without overburdening them with traditional banking regulations like BSA, AML, and KYC. He stressed the need for a balanced approach to ensure the U.S. remains an attractive jurisdiction for digital asset enterprises. 

Adeyemo agreed that a differentiated, risk-based approach is necessary and emphasized the role of the regulatory process in providing certainty to digital asset companies. Tillis inquired about the timeframe for implementing new regulations, to which Adeyemo responded that it could be as quickly as a year. 

Tillis highlighted the need for regulations that address the evolving tactics of illicit financing and terrorism, including the use of digital assets by cartels for money laundering. He suggested a joint classified briefing with the Treasury and DEA to better understand and address these challenges, aiming to create a regulatory environment that effectively counters these illicit activities. 

Senator Elizabeth Warren (D-MA) questioned Deputy Secretary Adeyemo about the Treasury’s request for Congress to close gaps in anti-money laundering rules, specifically after reports of Hamas receiving crypto funding. Adeyemo explained that as traditional financial avenues are monitored, groups like Hamas are turning to cryptocurrencies, which are harder to track, necessitating additional tools to counteract this shift. 

Warren inquired about how Hamas accesses financing, to which Adeyemo mentioned their turn to alternative means, including cryptocurrencies. She highlighted the broader use of crypto financing by various illicit actors and pointed out the lack of stringent rules for crypto validators compared to traditional banking. Adeyemo confirmed that there could be instances where such validators are involved in processing transactions for illicit activities, including for groups like Hamas and North Korea. 

Warren raised concerns that Iran, despite sanctions, could be profiting from validating crypto transactions, illustrating the potential for sanctioned entities to exploit the growing crypto market. She emphasized the need for a robust regulatory framework, especially with the growth of the crypto market and the introduction of new on-ramps like stablecoins. Adeyemo agreed, noting the tendency of bad actors to exploit expanding markets. Warren concluded by stressing the importance of implementing effective anti-money laundering rules in the crypto sector. 

Senator J. D. Vance (R-OH) had a line of questioning on GDP growth in Russia compared to our European allies, and how the REPO Act would affect Russian sanctions. 

Senator Raphael Warnock (D-GA) expressed concerns with sanctions affecting innocent people disproportionately and the humanitarian crises in Gaza. 

Senator Katie Britt (R-AL) voiced her concerns about Iran’s increasing oil profits and the Biden administration’s approach towards Iran. Deputy Secretary Adeyemo acknowledged the risk of Iran using cryptocurrency to evade sanctions and emphasized the need to make sanction evasion more costly for Iran. When asked about unused tools in sanction enforcement, Adeyemo highlighted the significance of U.S. dollar-based tools. Additionally, Britt inquired about loopholes in the petrochemical sector, with Adeyemo noting that Iran is utilizing financial mechanisms other than U.S. dollars to circumvent sanctions. 

Senator Catherine Cortez Masto (D-NV) was the last to question Deputy Secretary Adeyemo. She questioned Adeyemo about the Treasury’s ability to combat the use of cryptocurrencies in drug trafficking. Adeyemo highlighted the need for additional tools to target the crypto ecosystem, especially parts attempting to evade U.S. jurisdiction. He noted the necessity of updating regulations to include cryptocurrencies and the potential of a secondary sanctions regime. 

Senator Cortez Masto asked if the FEND Off Fentanyl Act would aid in enforcement, and Adeyemo confirmed its utility, but warned that as traditional financial avenues are targeted, traffickers might increasingly turn to cryptocurrencies. 

She also inquired about cryptocurrency mixers and their role in illicit financing. Adeyemo explained that mixers allow for anonymous transactions and are used by bad actors to move money illicitly. He emphasized the importance of gaining more tools to effectively combat these elements of the crypto ecosystem, as they provide means for illicit actors to evade traditional financial monitoring. 

Ensuring Necessary Financial Oversight and Reporting of Cryptocurrency Ecosystems (ENFORCE) Act

Introduction

On April 8, Senators Thom Tillis (R-NC) and Bill Hagerty (R-TN) released the ENFORCE Act, a draft proposal aimed at addressing the U.S. Treasury’s request for more robust legislative framework to address digital asset anti-money laundering concerns and improve the current Bank Secrecy Act (BSA) treatment of digital assets. The proposal was intentionally released the night before a Senate Banking Committee hearing on the digital asset illicit finance featuring U.S. Deputy Treasury Secretary Wally Adeyemo as a witness.

Additionally, the draft aims to serve as a workable counterproposal to the significant momentum that Senators Elizabeth Warren (D-MA) and Roger Marshall (R-KS) have promulgated with S.2669, the Digital Asset Anti-Money Laundering (DAAML) Act.

Below, please find a full summary and analysis of the legislation. If you have any questions, please email The Digital Chamber’s National Security team: Kristopher Klaich, Policy Director and Jack Goewey, Senior Policy Associate.

Summary

Section 1: Title

Section 2: Creates the New Category of Digital Asset Financial Institution

• Dispels any notion that digital asset firms are not required to comply with the BSA under current standards by creating an additional definition for Digital Asset Financial Institutions, focused on centralized, customer facing entities which includes digital asset exchanges, custodians, issuers, or intermediaries that convert monetary instruments into digital assets or vice versa.

Section 3: Applies Applicable AML Requirements to Digital Asset Financial Institutions

• Prescribes the same AML and KYC requirements applied to money service businesses (MSBs) to the new definition of digital asset financial institutions.

Section 4: Applies Applicable Suspicious Activities Reports (SARs) Requirements to Digital Asset Financial Institutions

• Prescribes the same reporting requirements currently applied to money service businesses (MSBs) to the new definition of digital asset financial institution.
• Adds optionality to allow the digital asset financial institution to utilize a third-party to assist with the filing, record-keeping, and management of SARs reporting.
• Requires the Department of the Treasury to conduct a review after five years and to publish a set of ‘best practices’ for SARs reporting by digital asset financial institutions.

Section 5: New Special Measures Authority

• Adds a new provision to existing Section 311 authority that gives Treasury the ability to impose one or more of the ‘special measures’ in instances where digital assets are utilized to facilitate a primary money laundering concern providing legal certainty that Treasury can bring the same tools to bear in instances of digital asset illicit finance as in other assets.
• Maintains existing Section 311 requirements for Treasury to undergo notice-and-comment rulemaking when implementing new authority.

Section 6: Ensures Anti-Tip Off Compliance for Digital Asset Financial Institutions

• Prescribes edits to Section 1510(b)(3) of title 18, United States Code to ensure that digital asset financial institutions and other entities in the digital asset ecosystem operate under the same anti-tip off laws and standards that cover traditional financial institutions to ensure that law enforcement can properly investigate, and the justice system can properly adjudicate those involved in illicit financial activity.

Section 7: Information Sharing Pilot Program to Combat Illicit use of Digital Assets

• Requires the Attorney General (AG) to establish a pilot program under which relevant law enforcement agencies and voluntarily participating private sector entities may share information about potential illicit finance violations and bad actors to coordinate and deploy resources most effectively and establish related best practices.

Section 8: Crypto Asset Anti-Money Laundering Examination Standards

• Requires Treasury, CFTC, SEC and state authorities to work together to adopt financial institution examination standards related to the prevention of money laundering and sanctions evasion aiming to establish standards comparable to those mandatory for traditional financial institutions, to fill a gap in the regulatory landscape.

Section 9: Rule of Construction

• Delineates that this clarity on requirements for digital asset participants around the BSA, AML, KYC and SARs does not affect any existing FIs’ requirements under the BSA.

How we see it

The Draft takes a reasonable approach in codifying the Financial Crimes Enforcement Network (FinCEN) standards for the newly defined ‘digital asset financial institution’.  The bulk of the bill appears duplicative, essentially restating the same BSA standards for digital asset financial institutions and FinCEN has previously asserted its authority in this area. However, this approach prevents FinCEN from creating specific future rulemaking for the industry. It also ensures the digital asset sector is not treated more harshly than other sectors or industries.

The bill purposefully does not touch miners/validators, P2P transactions, smart contracts, and decentralized finance (DeFi), though it may need more clarification to ensure DeFi founders’ activities do not subject them to this regime. This is a direct win for those miners and validators that were subject to register as financial institutions under Senator Warren’s proposed DAAML Act.

Expanding the Treasury’s Section 311 authority over digital assets financial institutions and transactions codifies what FinCEN has already claimed it has and is not any broader than its authority over other financial institutions.

Furthermore, any changes under this authority require a notice and comment period for industry to respond to rulemaking. Another line of effort to expand the Treasury’s authority to cover digital assets financial institutions has been to modify the 9714 authorities to remove the word “Russia” and make it applicable to any geography. However, implementing this change would NOT require a notice and comment period for future rulemaking so we view the 311 modifications as a beneficial landing point.

Prospects: The Senate has prioritized illicit finance digital assets legislation and a vehicle like this one remains the most likely bill in this space to move forward and receive consideration. However, there remains limited time on the legislative calendar in an election year and digital assets is not a priority for the broader Senate. We do anticipate that this proposal will receive considerable attention and serves as a strong bill to address illicit finance while balancing the goal for U.S. digital asset and blockchain innovation to remain in the U.S., but likely will act as a messaging bill to influence future legislative action.

Summary

On February 15, 2024, the House Committee on Financial Services Subcommittee on Digital Assets held the second part of its Crypto Crime in Context hearings. Witnesses for the hearing included: 

• Caroline Hill, Senior Director of Global Policy and Regulatory Strategy at Circle

• Michael Mosier, Co-Founder and Partner, Arktouros

• Grant Rabenn, Director, Financial Crimes Legal, Coinbase 

• Carole Noelle House, Senior Fellow, Atlantic Council; Executive in Residence, Terranet Ventures

• Ari Redbord, Global Head of Policy and Government Affairs, TRM Labs (one of our very own National Security Task Force leaders)

These hearings are in response to the October 7th attacks on Israel by Hamas, which raised concerns over cryptocurrency’s role in illicit finance. This hearing focused on the current landscape of illicit finance in the digital asset industry, gaps in compliance, blockchain analytic tools, as well as current legislative proposals and risk assessments that may have significant effects on our industry. 

Overall Takeaway: The hearing underscored the complexity of regulating digital assets and the importance of balancing innovation with robust compliance measures. The need for continuous collaboration between the industry and regulatory bodies was emphasized to ensure a secure digital asset environment. We anticipate that increased focus on sanctions enforcement across the industry is extremely likely. The Chamber of Digital Commerce will continue to be a lynchpin to facilitate cooperation and actively foster sensible laws that enable blockchain technology to thrive in the U.S. 

Summary

In his opening statement, Subcommittee Chairman French Hill (R-AR) emphasized the critical need for a balanced regulatory approach to digital currencies, highlighting the challenges posed by the decentralized nature of the blockchain. He advocated for a combined strategy of domestic and international regulatory cooperation to address potential gaps being exploited by bad actors. This perspective aligns closely with the Chamber of Digital Commerce advocacy for proactive and collaborative regulatory measures. Alongside Ranking Member Stephen Lynch’s (D-MA) observations about the rising use of digital assets in ransomware attacks and other illicit activities, their insights reinforce the Chamber’s stance on the importance of evolving regulation and technological capabilities in the crypto sector.

Witnesses gave very strong opening statements, particularly Michael Mosier urging government to “resource existing treasury authorities before adding more unfunded mandates. Throwing more shovels at people who already have 15 in each hand is not making them more effective, it’s setting them up for failure.” This underscored the importance of government resource allocation, cautioning against the ineffectiveness of overburdening agencies with unfunded mandates. Carole House offered four areas for proposed action to reduce illicit activity that may be indicative of where future legislative and regulatory action will evolve:  

(1) Enhance regulatory and enforcement capability to take sustained, timely actions against the most egregious violators in the space through prioritized agency funding and honing of disruption authorities (e.g., FinCEN’s 311 and 9714),

(2) Promote timely international action on FATF standard adoption through diplomacy and capacity building across priority jurisdictions,

(3) Enhance outcome-oriented public-private partnerships for info sharing and R&D (examples like NCIJTF’s IVAN program, NCFTA, the FBI’s Financial Fraud Kill Chain, FinCEN’s Rapid Response Program, Crypto-ISAC, IST Ransomware Task Force, etc.) and,

(4) Promote development of secure, trustworthy, and interoperable digital identity infrastructure.

Reps. Ritchie Torres (D-NY) and Wiley Nickel (D-NC) expressed support for blockchain technology, and cited the nature of distributed ledger technology as a major benefit for combating illicit finance. Chair Hill also stated that most illicit activity using digital assets occurs offshore where U.S. regulations do not apply. Witnesses came to consensus on these ideas and reinforced the miniscule amount of illicit activity happening through digital assets in comparison to traditional finance.

Full Committee Ranking Member Maxine Water (D-CA), Subcommittee Ranking Member Lynch and Representative Sean Casten (D-IL) spoke on their primary concerns with the decentralized nature of DeFi allowing for illicit activity and the prevalence of off-chain illicit activity. Takeaway: As off-chain transactions are used more widely to improve blockchain scalability this issue of regulating off-chain transactions could become more prevelant. 
Rep. Brad Sherman (D-CA) continued his previous rhetoric against the industry, by stating that the sole purpose of CVC Mixers is for illicit activity. Takeaway: Rep. Sherman intentionally neglects to see the privacy benefits of mixing technology. See the Chamber’s response to FinCEN’s notice of proposed rulemaking on CVC mixing.

How We See It:

Maybe unsurprisingly, Democrats and Republicans seem to be talking past one another. Republicans emphasized Treasury’s admission that blockchain is not the preferred vector for terrorists to finance their activities while Democrats emphasized that there is still likely more illicit activity occurring than is being detected or reported. This is probably a “both, and” situation and not an “either, or”– it is likely that there is more activity taking place than is being detected and still not nearly as much proportionately as is taking place on traditional financial rails and via the hawala network. Still, this was an important admission coming from the Undersecretary for Terrorism and Financial Intelligence. Democrats advocated for additional resources to enable FinCEN to operate effectively, a perennial need, while also repeating the red herring that crypto is only used by criminals and terrorists. However, the continued attention on the topic and the positive comments of the Undersecretary are beginning to erode this kind of non-starter, unhelpful perspective that does not move the conversation forward.

Yesterday, the House Financial Services Committee conducted a hearing titled “Oversight of the Financial Crimes Enforcement Network (FinCEN) and the Office of Terrorism and Financial Intelligence (TFI)” and featured testimony from Brian E. Nelson, the Undersecretary for Terrorism and Financial Intelligence at the Department of the Treasury, and Andrea Gacki, Director of FinCEN.

The hearing primarily addressed the roles of FinCEN and the Treasury in thwarting illegal financial activities by malicious entities and terrorist groups. Discussions revolved around the enforcement of Suspicious Activity Reports (SARs) and the implementation of the Corporate Transparency Act (CTA), which mandates companies to report Beneficial Ownership Information to FinCEN, and aligning with the Anti-Money Laundering and Countering the Financing of Terrorism Framework (AML/CFT).

The most notable moment came when Representative Tom Emmer (R-MN) inquired about the extent of digital asset utilization by terrorist organizations like Hamas. Undersecretary Nelson clarified that the use of cryptocurrencies by Hamas is significantly less than reported by the Wall Street Journal, indicating that cryptocurrencies are not a favored tool among Hamas terrorists, a sentiment that Rep. Bryan Steil (R-WI) echoed later in the hearing. Other key points include:

• Committee Chairman Patrick McHenry (R-NC) emphasized the need to prevent foreign adversaries from exploiting the U.S. financial system for illicit purposes, questioning the effectiveness of the beneficial ownership reporting regime in helping to catch bad actors. He also expressed frustration at the continual request for more resources and funding with a seeming lack of results.
• Committee Ranking Member Maxine Waters (D-CA) highlighted the Treasury’s role in bringing the cryptocurrency exchange Binance to justice, resulting in a $4.3 billion settlement, and criticized Republicans for not supporting increased funding and authority for Treasury and other national security agencies.
• Undersecretary Nelson discussed the minor role of cryptocurrency in funding militant groups and the efforts to address compliance gaps in the crypto space. Undersecretary Nelson also emphasized that the Treasury is considering systemic deficiencies in U.S. AML/CFT regime.
• Director Gacki highlighted FinCEN’s five-year monitorship of Binance, the opportunities that processing SARs from activity in recent years creates and that FinCEN needs to be adequately funded being at the forefront of virtual asset expertise and monitoring.
• Representative Brad Sherman (D-CA) continued his criticism that cryptocurrencies are primarily used by drug dealers and terrorists.
• Representative Ritchie Torres (D-NY) argued that FinCEN’s proposed rules on mixers are unnecessary, as financial institutions are already required to file SARs for mixer transactions.
• Representative Sean Casten (D-IL) highlighted the prevalence of illicit crypto transactions and use of mixers, urging FinCEN to continue its monitoring efforts while suggesting that illicit activity on-chain and on-exchange are much more prevalent than is currently reported.

The Chamber of Digital Commerce applauds U.S. Representatives Zach Nunn and Abigail Spanberger’s bipartisan Creating Legal Accountability for Rogue Innovators and Technology (CLARITY) Act. 

The CLARITY Act addresses the urgent need to safeguard American intellectual property, enhance our national security, and protect the private information of U.S. citizens from the risks posed by foreign-developed blockchain technologies, particularly those originating from China. 

By prohibiting the federal government’s use of blockchain infrastructure developed by foreign adversaries the CLARITY Act takes a critical step towards ensuring that Americans’ sensitive data and U.S. national security intelligence remain secure from external threats. 

 It’s time for the U.S. to prioritize domestic blockchain innovation to safeguard against these emerging threats and fortify our defenses against the misuse of our data. The Chamber of Digital Commerce proudly advocates for the prompt passage of the CLARITY Act to shield our nation from the dangers inherent in foreign-dominated blockchain platforms.

Additional information on the bill can be found here.