The Division of the Treasury’s just lately issued Illicit Finance Danger Evaluation of Decentralized Finance is principally supposed to supply perception on how illicit actors are abusing decentralized finance (DeFi) companies, in addition to anti-money laundering (AML) and countering the financing of terrorism (CFT) vulnerabilities distinctive to DeFi. Nevertheless, the report additionally accommodates essential perception on how Treasury, and, presumably, the Monetary Crimes Enforcement Community (FinCEN) inside Treasury, view the applicability of current US AML/CFT laws, issued pursuant to the Financial institution Secrecy Act (BSA), to DeFi tasks.
FinCEN has beforehand issued two steering paperwork concerning what it calls “convertible digital foreign money” or “CVC,” in addition to various administrative rulings. The 2013 steering didn’t particularly focus on DeFi. The 2019 steering briefly addresses decentralized purposes (“DApps”) and decentralized exchanges, however dedicates solely a few pages to the subject.
The Danger Evaluation dedicates considerably extra textual content to the subject of when a DeFi challenge is likely to be topic to FinCEN’s guidelines, significantly as a cash transmitter, a sort of cash companies enterprise (MSB). The Danger Evaluation states that it “doesn’t alter any current authorized obligations, concern any new regulatory interpretations, or set up any new supervisory expectations.” Nevertheless, it does make express various vital factors which might be at finest implied in FinCEN’s 2019 steering and introduces essential new terminology that doesn’t seem within the prior FinCEN steering. For instance, the Danger Evaluation attracts a pointy distinction between the idea of “decentralization,” which it states shouldn’t be related to assessing a DeFi challenge’s standing beneath the BSA, and “disintermediation,” which it states is related (albeit as a spot in current guidelines that must be crammed). Notably, “disintermediation” is a time period that’s by no means utilized in FinCEN’s prior steering.
Subsequently, whereas the Danger Evaluation is purportedly not supposed to supply “new regulatory interpretations” it’s a key new doc in understanding how the BSA applies to DeFi tasks.
FinCEN’s 2019 Steering on DeFi
To grasp the intersection of the Danger Evaluation and FinCEN’s prior steering, it’s price briefly revisiting that steering. As famous above, FinCEN’s 2019 steering addresses DApps and decentralized exchanges. FinCEN’s 2019 steering describes DApps as, “software program applications that function on a P2P community of computer systems working a blockchain platform (a sort of distributed public ledger that permits the event of secondary blockchains), designed such that they don’t seem to be managed by a single particular person or group of individuals (that’s, they don’t have an identifiable administrator).”
The steering explains “when DApps carry out cash transmission, the definition of cash transmitter will apply to the DApp, the homeowners/operators of the DApp, or each.” Nevertheless, it provides that “the developer of a DApp shouldn’t be a cash transmitter for the mere act of making the appliance, even when the aim of the DApp is to concern a CVC or in any other case facilitate monetary actions denominated in CVC,” supplied the developer doesn’t use or deploy the DApp to have interaction in cash transmission. FinCEN guidelines may additionally apply to 3rd events that use the DApp to have interaction in cash transmission.
With respect to decentralized exchanges, FinCEN explains:
[I] f a CVC buying and selling platform solely offers a discussion board the place consumers and sellers of CVC submit their bids and presents (with or with out automated matching of counterparties), and the events themselves settle any matched transactions via an outdoor venue (both via particular person wallets or different wallets not hosted by the buying and selling platform), the buying and selling platform doesn’t qualify as a cash transmitter beneath FinCEN laws.
Conversely, FinCEN guidelines do apply if, “when transactions are matched, a buying and selling platform purchases the CVC from the vendor and sells it to the client.”
Danger Evaluation
The Danger Evaluation builds on the fairly sparse dialogue of DeFi within the 2019 steering in various important manners.
First, the Danger Evaluation states that the centralized or decentralized standing of a given DeFi challenge shouldn’t be related to its standing beneath the BSA. For instance, it explains “a DeFi service that capabilities as a monetary establishment as outlined by the BSA, no matter whether or not the service is centralized or decentralized, can be required to adjust to BSA obligations, together with AML/CFT obligations. A DeFi service’s declare that it’s or plans to be ‘absolutely decentralized’ doesn’t impression its standing as a monetary establishment beneath the BSA.” Whereas such a view is arguably implied within the 2019 steering’s dialogue of DApps it isn’t explicitly said. Nor does both the 2019 steering or the Danger Evaluation clarify who FinCEN would anticipate to hold out AML/CFT compliance obligations in a completely decentralized mannequin. The creators that coded the challenge? Every particular person participant within the challenge? Governance token holders or a DAO (if such a factor exists for the given challenge)? Every potential reply raises a number of extra questions and problems not addressed within the steering or Danger Evaluation.
Second, the Danger Evaluation discusses the idea of “disintermediation,” a time period that by no means seems in FinCEN’s prior steering. In line with the Danger Evaluation, disintermediation refers to “digital property [that] might be self-custodied and transferred with out the involvement of an middleman monetary establishment.” For instance, disintermediation contains “customers of unhosted wallets [that] can retain custody of and switch their digital property with out the involvement of a regulated monetary establishment.” The Danger Evaluation notes, “Many DeFi companies declare to be disintermediated by enabling automated P2P transactions with out the necessity for an account or custodial relationship.” The Danger Evaluation acknowledges that such disintermediated tasks at the moment fall exterior FinCEN guidelines, however suggests the foundations must be up to date to handle that hole. Subsequently, the Danger Evaluation attracts a pointy line between “decentralization,” which isn’t related to an entity’s BSA standing, and “disintermediation,” which is a key consideration. This distinction doesn’t seem in FinCEN’s prior steering, at the very least not in any express method. As famous above, the phrase “disintermediation” by no means even seems within the prior steering.
Third, the Danger Evaluation states that FinCEN takes a unique method than the Monetary Motion Job Pressure (FATF) with respect to DeFi. FATF is a world AML/CFT standards-setting physique that establishes a sequence of suggestions for AML/CFT compliance, which, whereas not strictly compulsory, most jurisdictions search to observe. As outlined in FATF’s Up to date Steering for a Danger-Primarily based Strategy to Digital Property and Digital Asset Service Suppliers, software program applications themselves aren’t topic to AML/CFT necessities beneath the FATF requirements and, subsequently, absolutely decentralized DeFi tasks aren’t topic to these obligations. With that mentioned, FATF notes that in apply most DeFi tasks do have some components of centralization and, subsequently, could not the truth is be absolutely decentralized, regardless of representations to that impact.
FATF’s up to date steering was printed in October 2021 and the US was extensively understood to be concerned in that replace. No US authorities company or official had publicly said that the US disagreed with FATF’s method to DeFi till the Danger Evaluation. The Danger Evaluation criticizes FATF’s method noting it “may result in potential gaps for DeFi companies in different jurisdictions” and contrasts it in opposition to the US method by which, in accordance with the Danger Evaluation, the decentralized standing of a challenge shouldn’t be related to the applicability of the BSA.
Lastly, the Danger Evaluation highlights various methods by which tasks claiming to be decentralized could the truth is be largely or partially centralized. Amongst different examples, the Danger Evaluation cites: a focus of governance tokens or voting energy, a focus of nodes or validators, retention of an administrative key or comparable again door to amend a protocol, and a centralized front-end that’s essential to entry the protocol (or with out which protocol entry may be very tough). Nevertheless, as famous above, as a result of the Danger Evaluation states that the extent of decentralization of a challenge shouldn’t be related beneath the BSA, these components mustn’t impression the general evaluation of whether or not a challenge falls throughout the BSA.
The Path Forward
Whereas the Danger Evaluation shouldn’t be supposed to alter regulatory interpretations, it accommodates the US authorities’s most intensive feedback thus far on the applicability of the BSA to DeFi and, as such, will undoubtedly form how trade understands FinCEN’s guidelines and steering. The Danger Evaluation’s introduction of recent terminology and ideas which might be, at finest, solely implied in FinCEN’s prior steering will additional heighten the significance of the doc.
The Danger Evaluation signifies Treasury is open to receiving trade feedback, together with on the next questions:
- What components must be thought-about to find out whether or not DeFi companies are a monetary establishment beneath the BSA?
- How can the U.S. authorities encourage the adoption of measures to mitigate illicit finance dangers … together with by DeFi companies that fall exterior of the BSA definition of economic establishment?
- The evaluation finds that non-compliance by lined DeFi companies with AML/CFT obligations could also be partially attributable to a lack of know-how of how AML/CFT laws apply to DeFi companies. Are there extra suggestions for methods to make clear and remind DeFi companies that fall beneath the BSA definition of a monetary establishment of their current AML/CFT regulatory obligations?
- How can the U.S. AML/CFT regulatory framework successfully mitigate the dangers of DeFi companies that at the moment fall exterior of the BSA definition of a monetary establishment?
- How ought to AML/CFT obligations fluctuate primarily based on the several types of companies supplied by DeFi companies?
Entities concerned within the DeFi house could want to fastidiously evaluate the Danger Evaluation and to supply feedback to Treasury. Steptoe is accessible to help firms in getting ready and submitting feedback. For help concerning this subject please contact a member of our Anti-Cash Laundering Apply or Blockchain and Cryptocurrency Apply