Saturday, April 13 2024

By Stanley I. Foodman

Don’t expect aligned, coherent rules anytime soon

Multiple enforcement agencies within the US government agree that the $2.5 trillion crypto industry needs regulation. And heads of the largest crypto companies have told Congress that they agree. But therein lies the rub: competing government initiatives have yet to arrive at consensus on multiple fronts: pending legislative and regulatory proposals struggle to define cryptocurrencies, let alone how they will be regulated and taxed.

A litany of questions remains

Is crypto a commodity or a security? Is crypto the financial system of the future, or the hub of money laundering criminals? Will regulations be overseen by the US Office of Foreign Assets Control? The Justice Department’s new National Cryptocurrency Enforcement Team? The Financial Action Task Force? The Securities and Exchange Commission? The Financial Crimes Enforcement Network? State and local governments? The judicial system? All of these all have reports, proposals and recommended enforcement resources.

Who will prosecute bad actors? Will the focus be on the crypto criminals themselves or the “enablers” that help foreign clients hide assets in the American financial system.  These could include trust companies, lawyers, accountants, notaries, real estate agents, dealers in precious metals and stones, art dealers, casinos and even public relations firms.

While lawmakers wrestle with definitions, the digital currency industry continues to grow exponentially, with 21 bitcoin and blockchain leaders making the coveted Forbes 30 Under 30 list for 2021. There is no doubt that the crypto industry, and its holdings, are on the rise.

Hearings, lobbying and a soupcon of desperation

Charles Cascarilla, chief executive and co-founder of Paxos Trust Company, the back-end infrastructure provider powering PayPal’s cryptocurrency exchange, testified at the House Financial Services Committee hearing on regulation of digital assets on December 8. “We need clear standards and the government’s support to create a new, more secure, more competitive financial system. The benefits of getting this right are enormous — but so are the consequences of getting it wrong.”

The subtext throughout the hearing: if the virtual currency regulations are too stringent, the players will simply leave the U.S. to operate offshore. Banks want Congress to apply the same level of regulatory scrutiny to crypto startups as they do traditional lenders. In its statement to the Congressional committee, the American Bankers Association argued that firms offering bank-like services should receive bank-like regulation.

Can’t we all get along?

While U.S. Deputy Treasury Secretary Wally Adeyemo considers digital assets a potentially transformative innovation, much remains unknown. Speaking at the Chainalysis LINKS Conference in November, Adeyemo said, “We don’t know how this new technology will evolve, but we know that like other innovations, they offer the potential to unlock new opportunities.”

Government regulation fosters responsible innovation through “clear rules of the road that mitigate these risks while preserving the economic opportunities this technology creates,” he said.

But then there are the existing and proposed penalties, fines, taxes and regulations from myriad agencies.

Proposed Regulations

Definitive regulations seem far off, given the confusing, and repetitive world of those being proposed. Here are the leading players.

NCET

Enter stage left: The Department of Justice’s National Cryptocurrency Enforcement Team (NCET), which focuses on directing enforcement resources towards the financial ecosystem that allows ransomware and similar threats to flourish. NCET is composed of federal prosecutors from the Money Laundering Asset Recovery Section (MLARS), the Computer Crime and Intellectual Property Section (CCIPS), and Assistant U.S. Attorneys detailed from U.S. Attorneys’ offices around the country.

It plans to “investigate, support, and pursue cases against cryptocurrency exchanges, infrastructure providers, and other entities that are enabling the misuse of cryptocurrency and related products to commit or facilitate criminal activity.”

Additionally, the NCET will provide training, advise government agencies, and support coordination and information sharing among federal, state, local, tribal, and international law enforcement agencies.

This announcement represents a shift in focus from the criminal actors themselves to the companies that provide the services and technology in the crypto space to make the crimes possible.

Enablers

Then there is the bipartisan Establishing New Authorities for Business Laundering and Enabling Risks to Security (Enablers) Act. It would also update the 51-year-old Bank Secrecy Act, which requires banks to investigate their clients and the source of their wealth. In effect, the new provisions would expand FinCen’s 2020 Anti-Money Laundering Act.

U.S. Deputy Treasury Secretary Wally Adeyemo clarified at the Chainalysis conference that “ransomware is not a cryptocurrency problem,” although he leaned on the government’s perception that the misuse of virtual currencies results in cybercrime and is a national security problem.

SEC and OFAC

Both the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), through their respective directors of enforcement, recently emphasized their focus on enforcement targeting the cryptocurrency sector.

October 2021 also saw the Office of Foreign Asset Control (OFAC) release updated guidance on sanctions compliance for the virtual currency industry. Then, on Nov. 8, 2021, FinCEN released a new advisory on ransomware, reiterating that disrupting payment mechanisms used by cybercriminals to stop ransomware attacks is a high priority of the federal enforcement establishment. It also reminds companies to implement appropriate compliance programs to identify and report suspicious cyber-related activity.

The issues identified in his remarks that must be addressed by the U.S. Government are centered around the risks and national security concerns of AML, terrorist financing, and ransomware.

Treasury Department and FATF

In addition, there is the Treasury’s recently released Bank Secrecy Act Report on Ransomware Trends. It provides an industry snapshot of the suspicious activity reports that FinCEN received during the first half of 2021.

The Financial Action Task Force (FATF) issued an updated Virtual Currency Guidance in October 2021. Stating that it wishes to clarify its recommendations about virtual assets, it goes on for 109 pages that are anything but clear.

Its chief recommendation is that the crypto industry should not wait for the Treasury to act and should police its own platforms for compliance.

The Bottom Line

When it comes to government regulation of the burgeoning virtual currency industry, there currently is no clear guidance. Don’t expect rules alignment any time soon.

While we wait for decisions on whether crypto is currency, security, commodity, utility or a new tulip craze, my best advice is to carry on and stay calm.

The author, Stanley I. Foodman, CEO of Foodman CPAs & Advisors.
Stanley I. Foodman, chief executive of Foodman CPAs & Advisors.

A version of this article originally appeared on the Foodman CPAs blog.

Previous

Cyber Deals: PlainID, Noname Security, UncommonX, Entegra

Next

Cyber Executive Moves: AmEx, Cybereason, HackerOne

Check Also

Widget

Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]