The U.S. Treasury Department's (Treasury) September 16, 2022, release of the "Action Plan to Address Illicit Financing Risks of Digital Assets" was published in response to an Executive Order, "Ensuring Responsible Development in Digital Assets." Summarized here last March, the Order called for—among other things—the development of a coordinated interagency action plan for mitigating the digital‑asset‑related illicit finance and national security risks identified in the National Money Laundering Risk Assessment (NRA) (February 2022).

Below is a summary of the Action Plan's structure, key takeaways, and a discussion of overlapping themes in a preceding Department of Justice Report, dated September 6, 2022, addressing criminal activity associated with digital assets.

Action Plan Structure

The Action Plan provides an overview of the NRA and discusses the key threats, vulnerabilities, and illicit financing risks arising from virtual assets. The key threats include: money laundering, proliferation financing, and terrorist financing. The vulnerabilities and illicit financing risks include: the cross-border nature and gaps in AML/CFT regimes across countries; anonymity-enhancing technologies; disintermediation of regulated financial institutions; and virtual asset service providers' (VASP) registration and compliance obligations. The Action Plan also acknowledges that the use of virtual assets for illicit activities remains far below the scale of fiat currency and traditional assets and represents a small portion of overall digital asset use.

The Action Plan then specifies seven priorities, which it later pairs with proposed "supporting actions." The priorities are:

  • 1. Monitoring emerging risks;
  • 2. Improving Global AML/CFT Regulation and Enforcement;
  • 3. Updating BSA Regulations;
  • 4. Strengthening U.S. AML/CFT Supervision of Virtual Asset Activities;
  • 5. Holding accountable cybercriminals and other illicit actors;
  • 6. Engaging with the Private Sector; and
  • 7. Supporting U.S. Leadership in Financial and Payments Technology.

Key Takeaways

  • Depending on the business model, peer-to-peer exchange providers may act as money transmitters, requiring Bank Secrecy Act compliance.
  • There remain future "supporting actions" designed to address the above priorities, which include:
    • Treasury's publication of two risk assessments. The first risk assessment will address money laundering and terrorist financing risks related to DeFi and is due by February 24, 2023. The second assessment will address money laundering and terrorist financing risks related to NFTs and is due by July 2023.
    • The United States and Israel will co-lead a FATF project on the financing of ransomware trends and typologies. The aim of the project is to raise awareness about how ransomware payments are made and how proceeds of ransomware are laundered and made available to cyber criminals.
    • Treasury may continue to evaluate the utility and risks of a proposed FinCEN rule lowering the $3,000 threshold requiring financial institutions to collect, retain, and transmit information on certain transmittals of virtual currency that have legal tender status.
    • Treasury will convene state supervisors responsible for VASPs to promote standardization and coordination of state licensing and AML/CFT obligations, as well as supervision for MSBs, and improve state state and state federal coordination more broadly.
    • Treasury will continue to place virtual asset wallets and addresses associated with illicit use of virtual assets on the list of specially designated nationals and blocked persons.
    • Treasury will expand FinCEN's 314(a) program to include more VASPs and encourage VASPs to participate in and use 314(b) voluntary information-sharing mechanisms.
    • Treasury will consider how to modernize the U.S. payments infrastructure as called for in Section 4(b)(v) of E.O. 14067.
  • Future engagement between the U.S. government and other digital asset stakeholders in mitigating illicit financing and national security risks is likely to be wide-reaching, robust, and guided by a series of questions, including:
    • What illicit finance risks relate to non-fungible tokens?;
    • What regulatory changes would better mitigate risk?;
    • How can Treasury maximize public-private and private-private information sharing on illicit finance and digital assets?; and
    • How can Treasury can most effectively support the incorporation of AML/CFT controls into a potential U.S. CBDC design?

Synthesis With Department of Justice Report

Also in response to the Executive Order, the Department of Justice released a report on "The Role Of Law Enforcement In Detecting, Investigating, And Prosecuting Criminal Activity Related To Digital Assets" (the DOJ Report), which we summarize here. There are three aspects of the DOJ Report that overlap the Action Plan.

First, the DOJ Report discusses the coordinated work between FinCEN, OFAC, and the DOJ to ensure key regulations applying to digital assets are followed. The Report reminds states that virtual currency or other digital asset transactions operating as money transmitters must register as a money services business (MSB) and comply with AML/CFT requirements, including the requirement to monitor for suspicious activity and file suspicious activity reports with FinCEN. The report highlights the "strong working relationship" between OFAC and the DOJ, including coordinated investigations, shared resources, development of leads, and leverage of subject-matter expertise.

Second, the Report proposes amendments to 18 U.S.C. § 1960, which criminalizes the operation of an unlicensed money-transmitting business. The first includes increasing the statutory maximum sentence for violations of § 1960 from five to 10 years' imprisonment; and by doubling individual criminal fines and tripling corporate criminal fines. The current maximum fines are $250,000 for individuals, $500,000 for entities, or—in cases where the offender derives pecuniary gain from the offense—twice the amount of gross gain.

The Report also proposes changes to the statute that clarify that the statute applies to platforms providing services that enable their users to transfer digital assets in a manner analogous to traditional money transmitting businesses. The report encourages legislative actions that ratify existing case law, holding that the same general intent requirement prong now found in the state-licensing prong – that a defendant need only have knowledge as to the conduct of the factual elements, not knowledge of the reporting requirements or the offense –also applies to the federal-registration prong.1

Third and finally, the DOJ Report recommends: (1) providing appropriate support for the proposed FinCEN rule (referenced above, lowering the transaction threshold) that would govern the transfer or transmission of certain digital assets; and (2) clarifying existing laws as necessary to ensure that non-fungible token platforms, such as online auction houses and digital art galleries, are subject to the AML/CFT and suspicious-activity-reporting requirements of the BSA.

We will continue to monitor developments and report as agencies release further rulemaking, reports, and guidance regarding illicit financing risks and digital assets.


1  The statute defines "unlicensed money transmitting business" in three ways: (A) operation of a money transmitting business without a state license where the state requires it; (B) failure to comply with the money transmitting business registration requirements under 31 U.S.C. § 5330 or the accompanying regulations; or (C) transmitting funds knowing that they are derived from a criminal offense or are intended to promote unlawful activity.