US Treasury Statement on DeFi emphasizes anti-money laundering rules
The US Treasury Department has some strong words to share in its risk assessment on decentralized finance, also known as DeFi, as it also seeks to start a conversation about industry guidance.
The Ministry of Finance’s latest report assesses risk, discussing myriad illicit financial challenges such as fraud, ransomware, hacks and money laundering. However, the biggest takeaway from the 40-page report is what it says about potential regulatory requirements for DeFi. While the Treasury Department clarifies that the assessment does not “establish new supervisory expectations”, the report advances the view that even truly (and somewhat) decentralized services should implement anti-money laundering compliance under the Bank Secrecy Act – the US AML regime.
The US Treasury Department, which uses the term “should” 17 times and “obligations” 53 times in the assessment, is sending a message to anyone involved in “DeFi services” – that they “should” implement AML controls under the existing BSA “ commitments”. “
The BSA requires covered financial institutions to maintain records, file transaction reports, and report suspicious activity that may indicate money laundering, tax evasion, or other criminal activity. Active implementation of traditional AML compliance is in some respects at odds with the potential of DeFi – that is, the reliance on disintermediated software rather than teams of compliance officers.
The report sends mixed messages. For example, it states that “money laundering, proliferation financing, and terrorist financing most often occur using fiat currency or other traditional assets as opposed to virtual assets.” However, the report spends 40 pages digging into potential AML risks in a relatively unimportant place for illicit finance today.
That said, the Treasury’s ambitions are clear – to send a message to the DeFi space that the BSA uses today and to start a discussion with industry players on how to implement AML in a more decentralized space.
US Treasury says AML applies to DeFi
“The report is a signal that the Ministry of Finance is trying to encourage industry and developers to integrate AML compliance into DeFi services,” Yaya Funasie, Director of Policy for AML and Cyber Risk at the Crypto Council for Innovation, told me in a interview. “While it does not offer a new legal standard, it emphasizes that Treasury believes that much of the activity already happening in the DeFi space falls under the BSA even if a project is truly decentralized.”
Treasury does not distinguish between fully decentralized and “DeFi-in-name-only” services as other policymakers such as the Financial Action Task Force (FATF) have done. Rather, the report says that anyone or anything that offers financial services falls under the BSA and its onerous AML requirements.
In my interview with Treasury Senior Policy Advisor Caroline Horres – one of the review’s authors – she hammered home this point, explaining that there is a “misunderstanding” that you can essentially decentralize-your-way-out-of-AML obligations.
“To the extent that you provide the services to a covered financial institution, you have BSA obligations, centralized or decentralized,” says Horres.
Regulators want to work with the crypto industry
Despite all the “messaging”, the finance report also makes clear that regulators are seeking industry input and engagement as it builds towards potential industry guidance on AML for DeFi.
While most of the report describes risks and vulnerabilities, the final pages call on the US government to work with the industry to “further explain how current regulations apply to DeFi services,” and provide additional guidance based on feedback. In addition, the Treasury Department encourages the US government to partner with private sector entities that build utilities in an effort to promote innovative solutions.
“We will really benefit from engagement with industry,” Horres says, that engagement will “inform how we move forward with the recommended actions identified in the risk assessment, and we certainly welcome input on those. I think in many ways this is a conversation starter.”
This likely means we will see industry engagement resulting in guidance rather than a series of enforcement actions as we have seen from other agencies.
US Treasury points to technology solutions for risk reduction
In a section on risk mitigation, the report points to technology solutions such as blockchain intelligence tools, digital identity and zero-knowledge proofs to “support various elements of compliance with AML/CFT obligations while maximizing user privacy, including through digital identity technology to support identity verification by DeFi services that can be informed by a user’s transaction history on the public blockchain.” This raises the question of how these new technological tools can be implemented for the compliance requirements the report describes as the tools and technology evolve rapidly.
“A major challenge remains in exactly how to implement AML compliance in many DeFi platforms that are governed by code and do not have traditional concrete responsible parties,” says Fanusie.
All things considered, the US Treasury Department has now unequivocally clarified that they believe all financial services platforms should comply with the BSA.
But as we move into a more decentralized world, where financial services are facilitated automatically by disintermediated software rather than by intermediary financial institutions with robust compliance teams, it is unclear how or if DeFi platforms are even able to meet this requirement Today. Fortunately, that’s why the review is just a conversation starter.
Follow me on Twitter or LinkedIn.