The U.S. Department of the Treasury, in a report released last week, said national security is under threat by illicit actors using decentralized finance (DeFi) services and called for greater regulation of the space.
The report, Illicit Finance Risk Assessment of Decentralized Finance, is available here.
“Risk assessments play a foundational role in promoting understanding of the illicit finance risk environment and more effectively protecting the integrity of the U.S. financial system,” said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “Our assessment finds that illicit actors, including criminals, scammers, and North Korean cyber actors are using DeFi services in the process of laundering illicit funds.”
The report identifies a lack of anti-money-laundering (AML) controls and slack adherence to regulations that govern the combating of the financing of terrorism (CFT).
“Capturing the potential benefits associated with DeFi services requires addressing these risks,” Nelson said. “The private sector should use the findings of this assessment to inform their own risk mitigation strategies and to take clear steps, in line with AML/CFT regulations and sanctions obligations, to prevent illicit actors from abusing DeFi services.”
What the Report Prescribes
The risk assessment’s primary purpose is to identify the scope of the problem. The Treasury report goes a step further, with recommendations for governmental action. Among them:
- Strengthening AML/CFT regulation.
- Considering more private-sector guidance on the AML/CFT obligations associated with DeFi services.
- Assessing AML/CFT regulatory gaps related to DeFi services.
In a news release announcing the publication of the report, the Treasury wrote: “The primary vulnerability that illicit actors exploit stems from non-compliance by DeFi services with AML/CFT and sanctions obligations. DeFi services engaged in covered activity under the Bank Secrecy Act have AML/CFT obligations regardless of whether the services claim that they currently are or plan to be decentralized. Other vulnerabilities include the potential for some DeFi services to be out of scope for existing AML/CFT obligations, weak or non-existent AML/CFT controls for DeFi services in other jurisdictions, and poor cybersecurity controls by DeFi services, which enable the theft of funds.”
In short: Players in the space should gird for more regulation and enforcement.
What is DeFi?
Decentralized finance (DeFi) seeks to empower users through peer-to-peer digital exchanges that remove third parties and centralized institutions (like banks and credit unions) from transactions. It’s based on secure distributed ledgers and smart contracts, as used by cryptocurrencies.
In the impact note Next Steps for Crypto: Weathering the FTX Fallout, Javelin Strategy & Research analysts James Wester and Joel Hugentobler predicted an onrush of regulation in the wake of the high-profile flameouts of FTX and others in the crypto space, writing that “building in tight controls, strong oversight, transparency, governance, and all the other tools that have long been a part of traditional finance will be a key to staying out of trouble.”
The analysts also wrote that as DeFi grows, fintechs would develop tools to address the needs of governance, oversight, and compliance—those things the Treasury finds lacking.
What’s Next?
Tighter regulation seems a certainty. DeFi, for all its transparency to participants in a transaction, is opaque in the eyes of federal regulators because it runs on a system without traditional financial intermediaries, such as banks.
Forward-thinking actors in the crypto space will, on their own, strengthen their vetting so as to head off enforcement action from government agencies. But even that might not be enough. Coinbase, widely regarded as a cryptocurrency exchange that does things right, has nonetheless attracted the attention of the Securities and Exchange Commission, which seems poised to bring action against it.
Wester noted that regulation has its limitations. DeFi and cryptocurrency, as relatively new spaces in financial services, need a coherent and applicable set of laws.
“The report shows that current regulation may not be the right tool and Congress needs to be involved in drafting new legislation,” he said.