Decentralized finance (DeFi) services that aren’t compliant with anti-money laundering and terrorist financing rules pose “the most significant current illicit finance risk” in that corner of the crypto sector, according to the U.S. Department of the Treasury’s first analysis of hazards from the technology.
In an expected risk assessment, published Thursday, the Treasury Department said thieves, scammers, ransomware cyber criminals and actors for the Democratic People’s Republic of Korea (DPRK) are using DeFi to launder proceeds from crime.
On the basis of its findings, the department recommends an assessment of “possible enhancements” to U.S. anti-money laundering (AML) requirements and the rules for countering the financing of terrorism (CFT) as they should be applied to DeFi services. It also calls for input from the private sector to inform the next steps.
“Clearly, we can't do this alone,” said Brian Nelson, Treasury’s undersecretary for terrorism and financial intelligence, in a Thursday webcast hosted by ACAMS, a global organization focused on preventing financial crime. “We call on the private sector to use the findings of the risk assessment to inform your own risk-mitigation strategies.”
The 40-page report warns that “DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously.”
The report references several instances where DeFi projects “have affirmatively touted a lack of AML/CFT controls as one of the primary goals of decentralization.” A footnote in the document cites ShapeShift’s 2021 transformation to a decentralized exchange “for the purpose of ceasing to collect customer information for AML/CFT compliance.”
“When these entities fail to register with the appropriate regulator, fail to establish and maintain sufficient AML/CFT controls or do not comply with sanctions obligations, criminals are more likely to exploit their services successfully, including to circumvent U.S. and [United Nations] sanctions,” the report said.
Although the goal of the assessment is to “identify the scope of an issue,” the report recommends the U.S. government strengthen its AML/CFT regulatory supervision and consider providing additional guidance for the private sector on compliance checks for DeFi services.
Nelson noted that DeFi can often pose challenges in trying to figure out the individuals behind the business activities. But he pointed out it doesn't matter whether the services are centralized or decentralized when figuring out whether they're covered by the Bank Secrecy Act.
He said even those that claim full decentralization can really engage in a wide range of activity that falls somewhere closer to traditional finance than they're suggesting.
“In some ways they're really decentralized in name only,” he said.
UPDATE (April 6, 2023, 11:12 UTC): Adds comments from Treasury's Brian Nelson.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.