red 
On October 11, the Office of Foreign Assets Control (OFAC) and the Financial Crimes Enforcement Network (FinCEN) issued enforcement actions against Washington-based virtual asset exchange Bittrex. The action follows apparent breaches of regulatory requirements and anti-money laundering (AML) obligations under the Bank Secrecy Act (BSA).
This is OFAC’s largest enforcement action against a virtual exchange to date, and FinCEN and OFAC’s first parallel enforcement action in the space. Specifically, it says the exchange listed privacy coins without adequate risk mitigation.
In a Treasury Department press release about the agency’s actions against Bittrex, FinCEN Acting Director Himamauli Das stated that: “For years, Bittrex’s AML program and SAR reporting failures have unnecessarily exposed the US financial system to threat actors. Bittrex’s failures created exposure to high-risk parties, including sanctioned jurisdictions, darknet markets, and ransomware attackers. Virtual asset service providers have been notified that they must implement robust risk-based compliance programs and meet their BSA reporting requirements. FinCEN will not hesitate to act when it discovers willful violations of the BSA.”
The press release continued: “Bittrex has agreed to remit $24,280,829.20 to OFAC to settle its potential civil liability for 116,421 apparent violations of multiple sanctions programs. As a result of deficiencies related to Bittrex’s sanctions compliance procedures, Bittrex was unable to prevent persons apparently located in the Crimea region of Ukraine, Cuba, Iran, Sudan and Syria from using its platform to engage in virtual currency transactions valued at approximately $263,451,600.13. between March 2014 and December 2017.”
Regarding the FinCEN settlement, it added: “Bittrex has agreed to pay $29,280,829.20 for its willful violations of the BSA’s AML program and SAR requirements. FinCEN will credit a payment of $24,280,829.20 as part of Bittrex’s agreement to settle its potential liability with OFAC. FinCEN’s investigation found that – from February 2014 to December 2018 – Bittrex failed to maintain an effective AML program. This included the implementation of inadequate and ineffective transaction monitoring on its platform resulting in significant exposure to illicit financing.”
EU launches study of automated DeFi supervision
The European Union has just published a proposal to explore the embedded (or automated) oversight of decentralized finance (DeFi) – specifically, focusing on DeFi protocols on top of the Ethereum blockchain.
The EU proposal describes the goal of this pilot research project as “developing, implementing and testing a technological solution for the embedded monitoring of decentralized finance (DeFi) activities. The project will seek to leverage the open nature of transaction data on the Ethereum blockchain, which is the largest settlement platform for the DeFi protocol. Its main focus will be on automatically collecting surveillance data directly from the blockchain to test technological capabilities for real-time surveillance of DeFi activity.”
The project could take as much as 15 months and 250,000 euros ($246,000) to complete, as estimated in the proposal. Like other similar projects that have been announced, the Treasury is set to complete a DeFi and NFT risk assessment in 2023. These research opportunities are likely to signal ongoing and potentially heightened laws and regulations coming from agencies around the world.
More regulators are turning to technology to modernize their approach to enforcement and oversight – for example, Dubai’s Virtual Asset Regulatory Authority (VARA) set up shop in the metaverse this year.
OECD unveils its new transparency framework for digital assets
The lack of crypto disintermediation is a challenge for tax collection agencies around the world, especially given the popularity of person-to-person (P2P) transactions made seamlessly easy by blockchain technology and DeFi. In an effort to address this tax reporting challenge and other gaps in the international coordination of crypto regulation, the Organization for Economic Co-operation and Development (OECD) has unveiled its new reporting framework – called the “Crypto-Asset Reporting Framework and Amendments to the Common reporting Standard” – for G20 countries earlier in October.
According to a press release published by the OECD: “The Crypto-Asset Reporting Framework (CARF) will target any digital representation of value that relies on a cryptographically secured distributed ledger or similar technology for the validation and security of transactions. Allocations are provided for funds that cannot be used for payment or investment purposes and for funds that are already fully covered by CRS. Entities or individuals that provide services to perform crypto asset exchange transactions for or on behalf of customers would be required to report under CARF. CARF contains model rules that can be transposed into domestic legislation and commentaries to assist administrations in implementation.
“Over the coming months, the OECD will continue to work on legal and operational instruments to facilitate the international exchange of information collected under CARF and ensure its effective and broad application, including the timing of the initiation of CARF-compliant exchanges.”
The statement added: “The OECD also proposed a series of further amendments to the CRS to the G20, with the aim of modernizing its scope to comprehensively cover digital financial products and improve its operations, taking into account the experiences gained by countries and business.” As with CARF, this work will be complemented by updating international legal and operational mechanisms for the automatic exchange of information in accordance with the amended CRS, as well as coordinated timelines for bringing agreed amendments into force.”
The CFTC will remain a strict regulator if it gains greater regulatory authority over cryptocurrencies
There is an ongoing battle between the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) over each agency’s role in regulating the crypto market. While many industry stakeholders bemoaned the SEC’s heavy reliance on enforcement actions, CFTC Chairman Rostin Benham reminded the audience that the CFTC will not be complacent about wrongdoing if they are given more authority to regulate the crypto industry.
During his speech at the Financial Markets Quality Conference hosted by Georgetown University’s McDonough School of Business, Benham reminded the audience that, “Those who describe us as light-touch simply don’t know the CFTC.”
Despite the CFTC’s current limited power over the industry, he reinforced the agency’s commitment to strong oversight, stating that the CFTC has brought over 60 enforcement cases against cryptocurrency-related entities and projects. There have been many recent proposed laws that take some form of assigning greater oversight responsibilities to the CFTC.
Benham continued: “So what I was looking for was a cash market authority in the digital asset, commodity space, and that would give us legislative authority over the cash markets. These would be trading platforms, intermediaries or broker-dealers, custodians, potentially treasuries data and that basic infrastructure and market components.”
Interestingly, SEC Chairman Gary Gensler gave a speech during the same event at Georgetown University where he supported the idea of the CFTC gaining further power in its cryptocurrency oversight authority. Gary Gensler stated, “I think the CFTC could have more authority. They currently have no direct regulatory bodies over the underlying non-security tokens.”
While Gensler confirmed that he believes very few crypto tokens and projects are not categorized under the SEC’s jurisdiction — so few that you can count them on one or two hands — those that fall outside the agency’s oversight should be properly regulated by the CFTC.
Sanctions Law Enforcement DeFi
