On April 6, 2023, the U.S. Department of the Treasury published its illicit finance risk assessment on Decentralized Finance (DeFI) services. Non-compliance to Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) was identified as the primary DeFi vulnerability exploited by illicit actors.
In March 2022, the U.S. Department of the Treasury published National Risk Assessments for Money Laundering, Terrorist Financing, and Proliferation Financing, highlighting the most significant illicit finance threats, vulnerabilities, and risks facing the United States.
Also in March 2022, U.S. President Joe Biden signed Executive Order 14067 on Ensuring Responsible Development of Digital Assets, which called upon all relevant federal agencies to coordinate actions to mitigate the Illicit Finance and National Security Risks Posed by the Illicit Use of Digital Assets.
The just released Treasury risk assessment has made several recommendations, including strengthening the U.S. AML/CFT supervision of virtual asset activities and assessing possible enhancements to the U.S. AML/CFT regulatory regime as applied to DeFi services.
Other Treasury recommendations included the need to continue research and private sector engagement to support understanding of developments in the DeFi Ecosystem and to continue engagements with foreign partners to close gaps in the implementation of the international standards to virtual assets and virtual asset service providers.
More Treasury recommendations included advocating for cyber resilience in virtual asset firms, rigorous code testing, the robust sharing of information about potential threats, and the promotion of responsible innovation of mitigation measures associated with DeFi.
In the United States, the Bank Secrecy Act (BSA) and related regulations impose obligations on financial institutions to assist U.S. government agencies in detecting and preventing money laundering.
The Treasury Department has requested stakeholder input on the risk assessment to inform the next steps. Public input is sought on determining whether DeFi services are a financial institution under the BSA.
According to the risk assessment, the Treasury also seeks to understand how the U.S. government can encourage the adoption of measures to mitigate illicit finance risks and additional recommendations to remind DeFi services that fall under the BSA definition of a financial institution of their existing AML/CFT regulatory obligations.
The Treasury further seeks public input on how the U.S. AML/CFT regulatory framework can effectively mitigate the risks of DeFi services that currently fall outside the BSA definition of a financial institution and how AML/CFT obligations should vary based on the different types of DeFi services.
The Treasury Department’s risk assessment on DeFi services aims to identify and address potential gaps in the United States’ AML/ CFT regulatory, supervisory, and enforcement regimes.
As per the 2023 Crypto Crime Report by Chainalysis, in 2022 DeFi protocols accounted for US$ 3.1 billion or 82.1% of all cryptocurrency stolen by hackers.