Wednesday, March 29 2023

By Stanley I. Foodman

Don’t expect aligned, coherent rules anytime soon

Multiple enforcement agencies within the US government agree that the $2.5 trillion crypto industry needs regulation. And heads of the largest crypto companies have told Congress that they agree. But therein lies the rub: competing government initiatives have yet to arrive at consensus on multiple fronts: pending legislative and regulatory proposals struggle to define cryptocurrencies, let alone how they will be regulated and taxed.

A litany of questions remains

Is crypto a commodity or a security? Is crypto the financial system of the future, or the hub of money laundering criminals? Will regulations be overseen by the US Office of Foreign Assets Control? The Justice Department’s new National Cryptocurrency Enforcement Team? The Financial Action Task Force? The Securities and Exchange Commission? The Financial Crimes Enforcement Network? State and local governments? The judicial system? All of these all have reports, proposals and recommended enforcement resources.

Who will prosecute bad actors? Will the focus be on the crypto criminals themselves or the “enablers” that help foreign clients hide assets in the American financial system.  These could include trust companies, lawyers, accountants, notaries, real estate agents, dealers in precious metals and stones, art dealers, casinos and even public relations firms.

While lawmakers wrestle with definitions, the digital currency industry continues to grow exponentially, with 21 bitcoin and blockchain leaders making the coveted Forbes 30 Under 30 list for 2021. There is no doubt that the crypto industry, and its holdings, are on the rise.

Hearings, lobbying and a soupcon of desperation

Charles Cascarilla, chief executive and co-founder of Paxos Trust Company, the back-end infrastructure provider powering PayPal’s cryptocurrency exchange, testified at the House Financial Services Committee hearing on regulation of digital assets on December 8. “We need clear standards and the government’s support to create a new, more secure, more competitive financial system. The benefits of getting this right are enormous — but so are the consequences of getting it wrong.”

The subtext throughout the hearing: if the virtual currency regulations are too stringent, the players will simply leave the U.S. to operate offshore. Banks want Congress to apply the same level of regulatory scrutiny to crypto startups as they do traditional lenders. In its statement to the Congressional committee, the American Bankers Association argued that firms offering bank-like services should receive bank-like regulation.

Can’t we all get along?

While U.S. Deputy Treasury Secretary Wally Adeyemo considers digital assets a potentially transformative innovation, much remains unknown. Speaking at the Chainalysis LINKS Conference in November, Adeyemo said, “We don’t know how this new technology will evolve, but we know that like other innovations, they offer the potential to unlock new opportunities.”

Government regulation fosters responsible innovation through “clear rules of the road that mitigate these risks while preserving the economic opportunities this technology creates,” he said.

But then there are the existing and proposed penalties, fines, taxes and regulations from myriad agencies.

Proposed Regulations

Definitive regulations seem far off, given the confusing, and repetitive world of those being proposed. Here are the leading players.

NCET

Enter stage left: The Department of Justice’s National Cryptocurrency Enforcement Team (NCET), which focuses on directing enforcement resources towards the financial ecosystem that allows ransomware and similar threats to flourish. NCET is composed of federal prosecutors from the Money Laundering Asset Recovery Section (MLARS), the Computer Crime and Intellectual Property Section (CCIPS), and Assistant U.S. Attorneys detailed from U.S. Attorneys’ offices around the country.

It plans to “investigate, support, and pursue cases against cryptocurrency exchanges, infrastructure providers, and other entities that are enabling the misuse of cryptocurrency and related products to commit or facilitate criminal activity.”

Additionally, the NCET will provide training, advise government agencies, and support coordination and information sharing among federal, state, local, tribal, and international law enforcement agencies.

This announcement represents a shift in focus from the criminal actors themselves to the companies that provide the services and technology in the crypto space to make the crimes possible.

Enablers

Then there is the bipartisan Establishing New Authorities for Business Laundering and Enabling Risks to Security (Enablers) Act. It would also update the 51-year-old Bank Secrecy Act, which requires banks to investigate their clients and the source of their wealth. In effect, the new provisions would expand FinCen’s 2020 Anti-Money Laundering Act.

U.S. Deputy Treasury Secretary Wally Adeyemo clarified at the Chainalysis conference that “ransomware is not a cryptocurrency problem,” although he leaned on the government’s perception that the misuse of virtual currencies results in cybercrime and is a national security problem.

SEC and OFAC

Both the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), through their respective directors of enforcement, recently emphasized their focus on enforcement targeting the cryptocurrency sector.

October 2021 also saw the Office of Foreign Asset Control (OFAC) release updated guidance on sanctions compliance for the virtual currency industry. Then, on Nov. 8, 2021, FinCEN released a new advisory on ransomware, reiterating that disrupting payment mechanisms used by cybercriminals to stop ransomware attacks is a high priority of the federal enforcement establishment. It also reminds companies to implement appropriate compliance programs to identify and report suspicious cyber-related activity.

The issues identified in his remarks that must be addressed by the U.S. Government are centered around the risks and national security concerns of AML, terrorist financing, and ransomware.

Treasury Department and FATF

In addition, there is the Treasury’s recently released Bank Secrecy Act Report on Ransomware Trends. It provides an industry snapshot of the suspicious activity reports that FinCEN received during the first half of 2021.

The Financial Action Task Force (FATF) issued an updated Virtual Currency Guidance in October 2021. Stating that it wishes to clarify its recommendations about virtual assets, it goes on for 109 pages that are anything but clear.

Its chief recommendation is that the crypto industry should not wait for the Treasury to act and should police its own platforms for compliance.

The Bottom Line

When it comes to government regulation of the burgeoning virtual currency industry, there currently is no clear guidance. Don’t expect rules alignment any time soon.

While we wait for decisions on whether crypto is currency, security, commodity, utility or a new tulip craze, my best advice is to carry on and stay calm.

The author, Stanley I. Foodman, CEO of Foodman CPAs & Advisors.
Stanley I. Foodman, chief executive of Foodman CPAs & Advisors.

A version of this article originally appeared on the Foodman CPAs blog.

Previous

Cyber Deals: PlainID, Noname Security, UncommonX, Entegra

Next

Cyber Executive Moves: AmEx, Cybereason, HackerOne

Check Also

Widget

Don’t Miss

Cyber Executive Moves: Netizen, Kroll, Coalfire

Julia Bischoff

Netizen hires Joe Carr as director of cybersecurity, and Krebs Stamos Group names new chief information security officer. Netizen, a veteran-owned cybersecurity solutions provider, named Joe Carr as director of cybersecurity. Carr held many different positions before Netizen, including overseeing acquisition programs for the United States military.  Krebs Stamos Group, a technology risk insights provider, […]

Cyber Deals: Opscura, Acceldata, and Sensiguard Acquisition

Austin Boland-Ferguson

Cybersecurity venture funding activity and mergers and acquisitions: This week’s most sizable deals included emergency and healthcare security service providers. Funding Industrial control system (ICS) cybersecurity provider Opscura Inc. received $9.4 million in Series A funding, which will help the Spain-based company with US expansion. Tenable’s corporate venture capital arm led a $7 million seed […]

Cyber Executive Moves: Appgate, Trellix, Rubrik

Julia Bischoff

Appgate appoints a new CEO, Trellix hires loanDepot’s CISO, SANS Institute taps new CISO director. Secure access solutions provider Appgate appointed Leo Taddeo as chief executive officer and president. Taddeo stepped into the new role after serving as Appgate’s chief information security officer since February of 2022. The SANS Institute, a cybersecurity training company, appointed […]

Cyber Deals: Drata, Field Effect investments, and Veracode acquisition

Julia Bischoff

Cybersecurity venture funding and merger activity: This week’s largest deals were MDR and security automation investments, as MSP consolidation continues to attract corporate buyers. Funding Cork, Ireland-based, data encryption company Valutree acquired $12.8 million in their series A funding round, led by investors Molten Ventures and Ten Eleven Ventures. Funds will be used to expand […]

Cyber Deals: Spin Technology, CyberArk, Mesh Security

James Hu

Cybersecurity Venture Funding and Mergers: This week’s deals involved cloud security services, data privacy, and industrial cybersecurity companies. Funding Cloud cybersecurity firm Mesh Security has secured $4.5 million in venture funding. The round was led by Booster Ventures with participation from other investors. Spin Technology, a firm providing SaaS security solutions, raised $16 million in […]

Cyber Deals: Cybrary, Ping Identity, Axio Global

James Hu

Cybersecurity Venture Funding and Mergers: Key investments were made in cybersecurity training, secure enterprise browser, and risk management companies. M&A activity this week involved identity security, zero trust, and threat intelligence firms. Funding Cybrary, a cybersecurity training platform, raised $25 million in a Series C funding round. The round was led by BuildGroup and Gula […]