Thursday, July 18 2024

By Stanley I. Foodman

Don’t expect aligned, coherent rules anytime soon

Multiple enforcement agencies within the US government agree that the $2.5 trillion crypto industry needs regulation. And heads of the largest crypto companies have told Congress that they agree. But therein lies the rub: competing government initiatives have yet to arrive at consensus on multiple fronts: pending legislative and regulatory proposals struggle to define cryptocurrencies, let alone how they will be regulated and taxed.

A litany of questions remains

Is crypto a commodity or a security? Is crypto the financial system of the future, or the hub of money laundering criminals? Will regulations be overseen by the US Office of Foreign Assets Control? The Justice Department’s new National Cryptocurrency Enforcement Team? The Financial Action Task Force? The Securities and Exchange Commission? The Financial Crimes Enforcement Network? State and local governments? The judicial system? All of these all have reports, proposals and recommended enforcement resources.

Who will prosecute bad actors? Will the focus be on the crypto criminals themselves or the “enablers” that help foreign clients hide assets in the American financial system.  These could include trust companies, lawyers, accountants, notaries, real estate agents, dealers in precious metals and stones, art dealers, casinos and even public relations firms.

While lawmakers wrestle with definitions, the digital currency industry continues to grow exponentially, with 21 bitcoin and blockchain leaders making the coveted Forbes 30 Under 30 list for 2021. There is no doubt that the crypto industry, and its holdings, are on the rise.

Hearings, lobbying and a soupcon of desperation

Charles Cascarilla, chief executive and co-founder of Paxos Trust Company, the back-end infrastructure provider powering PayPal’s cryptocurrency exchange, testified at the House Financial Services Committee hearing on regulation of digital assets on December 8. “We need clear standards and the government’s support to create a new, more secure, more competitive financial system. The benefits of getting this right are enormous — but so are the consequences of getting it wrong.”

The subtext throughout the hearing: if the virtual currency regulations are too stringent, the players will simply leave the U.S. to operate offshore. Banks want Congress to apply the same level of regulatory scrutiny to crypto startups as they do traditional lenders. In its statement to the Congressional committee, the American Bankers Association argued that firms offering bank-like services should receive bank-like regulation.

Can’t we all get along?

While U.S. Deputy Treasury Secretary Wally Adeyemo considers digital assets a potentially transformative innovation, much remains unknown. Speaking at the Chainalysis LINKS Conference in November, Adeyemo said, “We don’t know how this new technology will evolve, but we know that like other innovations, they offer the potential to unlock new opportunities.”

Government regulation fosters responsible innovation through “clear rules of the road that mitigate these risks while preserving the economic opportunities this technology creates,” he said.

But then there are the existing and proposed penalties, fines, taxes and regulations from myriad agencies.

Proposed Regulations

Definitive regulations seem far off, given the confusing, and repetitive world of those being proposed. Here are the leading players.


Enter stage left: The Department of Justice’s National Cryptocurrency Enforcement Team (NCET), which focuses on directing enforcement resources towards the financial ecosystem that allows ransomware and similar threats to flourish. NCET is composed of federal prosecutors from the Money Laundering Asset Recovery Section (MLARS), the Computer Crime and Intellectual Property Section (CCIPS), and Assistant U.S. Attorneys detailed from U.S. Attorneys’ offices around the country.

It plans to “investigate, support, and pursue cases against cryptocurrency exchanges, infrastructure providers, and other entities that are enabling the misuse of cryptocurrency and related products to commit or facilitate criminal activity.”

Additionally, the NCET will provide training, advise government agencies, and support coordination and information sharing among federal, state, local, tribal, and international law enforcement agencies.

This announcement represents a shift in focus from the criminal actors themselves to the companies that provide the services and technology in the crypto space to make the crimes possible.


Then there is the bipartisan Establishing New Authorities for Business Laundering and Enabling Risks to Security (Enablers) Act. It would also update the 51-year-old Bank Secrecy Act, which requires banks to investigate their clients and the source of their wealth. In effect, the new provisions would expand FinCen’s 2020 Anti-Money Laundering Act.

U.S. Deputy Treasury Secretary Wally Adeyemo clarified at the Chainalysis conference that “ransomware is not a cryptocurrency problem,” although he leaned on the government’s perception that the misuse of virtual currencies results in cybercrime and is a national security problem.


Both the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC), through their respective directors of enforcement, recently emphasized their focus on enforcement targeting the cryptocurrency sector.

October 2021 also saw the Office of Foreign Asset Control (OFAC) release updated guidance on sanctions compliance for the virtual currency industry. Then, on Nov. 8, 2021, FinCEN released a new advisory on ransomware, reiterating that disrupting payment mechanisms used by cybercriminals to stop ransomware attacks is a high priority of the federal enforcement establishment. It also reminds companies to implement appropriate compliance programs to identify and report suspicious cyber-related activity.

The issues identified in his remarks that must be addressed by the U.S. Government are centered around the risks and national security concerns of AML, terrorist financing, and ransomware.

Treasury Department and FATF

In addition, there is the Treasury’s recently released Bank Secrecy Act Report on Ransomware Trends. It provides an industry snapshot of the suspicious activity reports that FinCEN received during the first half of 2021.

The Financial Action Task Force (FATF) issued an updated Virtual Currency Guidance in October 2021. Stating that it wishes to clarify its recommendations about virtual assets, it goes on for 109 pages that are anything but clear.

Its chief recommendation is that the crypto industry should not wait for the Treasury to act and should police its own platforms for compliance.

The Bottom Line

When it comes to government regulation of the burgeoning virtual currency industry, there currently is no clear guidance. Don’t expect rules alignment any time soon.

While we wait for decisions on whether crypto is currency, security, commodity, utility or a new tulip craze, my best advice is to carry on and stay calm.

The author, Stanley I. Foodman, CEO of Foodman CPAs & Advisors.
Stanley I. Foodman, chief executive of Foodman CPAs & Advisors.

A version of this article originally appeared on the Foodman CPAs blog.


Cyber Deals: PlainID, Noname Security, UncommonX, Entegra


Cyber Executive Moves: AmEx, Cybereason, HackerOne

Check Also


Don’t Miss

Sevco Security Platform Product Review

Ellie Buscemi

What is the Sevco Security Platform? The Sevco Security Platform is a cyber asset attack service management (CAASM) product that focuses on aggregating and correlating data from across a company’s cybersecurity infrastructure to give cybersecurity professionals a better sense of what the company’s infrastructure looks like as a whole. The platform’s sources include a company’s […]

Cyber Deals: Huntress, Cyberhaven, and SpyCloud


Cybersecurity Surge: Top Funding Rounds and Strategic Acquisitions Fuel Growth in AI, Cloud Security, and Threat Prevention Solutions

Fidelis Elevate: A Deep Dive

Ellie Buscemi

What is Fidelis Elevate? Fidelis Elevate is an open extended detection and response (open XDR) solution focusing on network protection, endpoint security, and cyber attacker deception. The platform aims to protect various elements of a company’s infrastructure, such as devices and servers while tracking suspicious behavior and preventing access to cyber criminals. What features does […]

Partially closed laptop screen

Best Extended Detection and Response (XDR) Solutions

Lara Oporto

What is Extended Detection and Response and how does it work? Extended Detection and Response (XDR) is a cybersecurity system that gathers information from different places like computers, networks and emails. Unlike other security tools that focus on one area like computers or networks, XDR looks at everything together. The comprehensive approach helps to find […]

Close up of computer chip

Best Managed Detection and Response (MDR) Solutions

Lara Oporto

What is Managed Detection and Response? Managed Detection and Response (MDR) is a cybersecurity service that provides continuous monitoring, threat detection and incident response capabilities. MDR achieves these capabilities through the deployment of advanced technologies such as machine learning and behavioral analytics as well as analysis from security professionals. MDR is a cybersecurity service that […]

Best Hyperconverged Infrastructure Software

Ellie Buscemi

What is Hyperconverged Infrastructure and how does it work? Hyperconverged infrastructure (HCI) is a software that provides computing, storage and network operations for a company from a single point on a company’s hardware. Originally, computing, storage and network operations were divided in a company’s hardware infrastructure and potentially provided by separate vendors with different management […]