On Thursday, the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a Notice of Proposed Rule Making (NPRM) that labels international convertible virtual currency mixing (CVC mixing) as a class of transactions of primary money laundering concern.

The NPRM highlights the risks posed by the extensive use of CVC mixing services throughout the world and proposes a rule to increase transparency around CVC mixing to combat its use by malicious actors including Hamas, Palestinian Islamic Jihad, and the Democratic People’s Republic of Korea (DPRK).

CVC mixing involves making crypto transactions in a certain manner that obfuscates the source, destination, and often the amount involved in one or more transactions, making them untraceable and anonymous. Basically, the crypto mixers allow users to receive funds without revealing who sent them.

CVC mixing transactions can play a central role in facilitating the laundering of CVC derived from a variety of illicit activity, FinCEN says in the NPRM.

New use of Section 311

“CVC mixing offers a critical service that allows players in the ransomware ecosystem, rogue state actors, and other criminals to fund their unlawful activities and obfuscate the flow of ill-gotten gains,” said FinCEN Director Andrea Gacki.

“This is FinCEN’s first ever use of the Section 311 authority to target a class of transactions of primary money laundering concern, and, just as with our efforts in the traditional financial system, Treasury will work to identify and root out the illicit use and abuse of the CVC ecosystem,” Gacki said.

Section 311 is a part of the USA PATRIOT Act that provides the Treasury Secretary with a range of options that can be adapted to target specific money-laundering and terrorist-financing risks with immediate action to protect the nation’s financial system from specific threats. This often means the agency ends up prohibiting or imposing conditions upon certain transmittals of funds to and from certain regions of the world.

Reporting obligations

The NPRM would require covered financial institutions to report information about a transaction when they know, suspect, or have reason to suspect it involves CVC mixing within or involving jurisdictions outside the United States. It will expand reporting obligations for covered financial institutions, like requiring wallet information.

As proposed by FinCEN, the proposed rule would require recordkeeping and reporting of biographical and transactional information related to transactions involving CVC mixing, increasing transparency makes the use of CVC mixing services by illicit actors less attractive, plus support investigations into illicit activities by actors who use CVC mixing mixing to launder their ill-gotten gains.

“This is FinCEN’s first ever use of the Section 311 authority to target a class of transactions of primary money laundering concern, and Treasury will work to identify and root out the illicit use and abuse of the CVC ecosystem.”

Andrea Gacki, FinCEN Director

There is no similar or equivalent mechanism possessed by law enforcement to readily collect such information, FinCEN admits.

Remembering Tornado Cash and Blender.io

In August last year, The Treasury’s Office of Foreign Asset Control (OFAC) imposed sanctions on virtual currency mixer Tornado Cash, accusing it of helping hackers, including from the DPRK, to launder proceeds from their cyber crimes. At the time, OFAC said Tornado Cash, one of the largest mixers identified as problematic by the Treasury, had reportedly laundered more than $7 billion worth of virtual currency since it was created in 2019.

And last May, OFAC sanctioned virtual currency mixer Blender.io, which the agency said was being used by the DPRK to support its malicious cyber activities and money-laundering of stolen virtual currency. OFAC said in that case that Lazarus Group, a DPRK state-sponsored cyber hacking group, carried out a virtual currency heist at that time worth almost $620m, which involved a blockchain project linked to an online game – and that Blender was used in processing over $20.5m of the illicit proceeds.

“We urge you to swiftly and categorically act to meaningfully curtail illicit crypto activity and protect our national security and that of our allies.”

US lawmakers in a letter to the Biden Administration

Senator Elizabeth Warren (D-MA) drafted a letter, co-signed by more than 105 other lawmakers, citing a WSJ report describing how Hamas and Palestinian Islamic Jihad had raised millions in crypto to fund their attack on Israel. The lawmakers sought answers from the Biden Administration as to how it plans to prevent crypto-financed terrorism going forward.

“Congress and this Administration must take strong action to thoroughly address crypto illicit finance risks before it can be used to finance another tragedy. As Congress considers legislative proposals designed to mitigate crypto money laundering and illicit finance risks, we urge you to swiftly and categorically act to meaningfully curtail illicit crypto activity and protect our national security and that of our allies,” said the lawmakers.

What to expect

Expect pushback. Maybe you remember how crypto players and commentators reacted to the sanctioning of Tornado Cash – the Coinbase crypto exchange filed a lawsuit in response. Coinbase said OFAC was casting too wide a net, used overly broad language to target open-source code, and was potentially violating users’ free-speech rights.

OFAC had to provide some much-needed clarity to its sanctions, and it did so in September 2022, updating its FAQs to point out that “interacting with open-source code itself” is not illegal. It further explained that copying the protocol’s code, publishing the code and even visiting an archived version of the Tornado Cash website are all allowed.

With CVC mixing services now in the government’s crosshairs, we can expect to see challenges focused on how broadly FinCEN has targeted decentralized finance here and sanctioned an entire technology instead of specific individuals or entities.