The US Treasury Department has proclaimed that all US crypto exchanges must register with FinCEN, the agency’s Financial Crimes Enforcement Network.

In a series of reports published last week, Janet Yellen’s Treasury urged all virtual asset service providers (VASPs), including crypto exchanges, to follow Bank Secrecy Act rules.

• The advice came just days after Russia invaded Ukraine.
• Treasury claimed crypto payments increase the risk of illicit activity.
• Coinbase then advertised it had already blacklisted 25,000 crypto wallets connected to Russia before the incursion.

Each crypto exchange must also employ a dedicated chief compliance officer.

Treasury still on about ‘unhosted’ crypto wallets

The Treasury expressed concerns about crypto wallets hosted on personal devices like smartphones or hardware wallets. These devices, “unhosted wallets,” can send crypto without a third party’s authorization.

It’s possible to track transactions from VASP-controlled addresses to private addresses. However, Treasury said criminals can use unhosted wallets for illicit activity involving regulated parties that don’t have reporting requirements, a la the Bank Secrecy Act.

The Bank Secrecy Act requires financial service providers to implement strict anti-money laundering (AML) protocols and report suspicious activity.

It requires record-keeping when sending value worth more than $3,000 on behalf of a customer, or issuing traveler’s checks or money orders between $3,000 and $10,000 to a single customer in one day.

Read more: [What can the Federal Reserve, Treasury, and SEC really do to Tether?]

The Treasury’s report expressed concern that foreign VASPs would not file suspicious activity reports (SARs) due to lax compliance in some countries.

Some US Senators have also worried that unhosted wallets, dark web services, and coin mixers can make it more difficult to track funds gained through illicit financial activity like ransomware or — you guessed — avoiding wartime sanctions.

FinCEN has always wanted crypto exchanges to register

Some outlets, like Law360, viewed Treasury’s publications as news. But the Treasury has consistently urged crypto exchanges to register with FinCEN, with the earliest such guidance starting in 2013.

A FinCEN report issued last June tracked trends in ransomware that targeted US infrastructure.

Investigators allege that Russian agents received crypto ransomware payments, typically made in Bitcoin, sourced from attacks like SolarWinds’ Orion and the Colonial Pipeline.

Almost always, ransomware hackers demand payment in crypto due to the practical difficulty of reversing crypto transactions.

FinCEN cited obstacles in tracking crypto funds generated by breaking the Bank Secrecy Act, which mostly relates to money laundering:

• mixing services,
• decentralized exchanges,
• single-use crypto addresses,
• anonymity-enhanced cryptocurrencies like Monero,
• and jumping across blockchains through “chain-hopping.”

In October, the Office of Foreign Asset Control (OFAC) supported FinCEN’s efforts by publishing similar guidance on sanctions compliance for the crypto industry.

One month later, the Treasury issued a press release detailing efforts to counteract ransomware.

Agents identified and sanctioned international ransomware operators, including Russian and Ukrainian individuals. It acknowledged the legitimacy of crypto yet reiterated concerns about ransomware attacks on US infrastructure.

Around the same time, government contracts with Chainalysis grew to more than $10 million, as regulators and law enforcement agencies increased their tracking of crypto transactions.

No doubt, that figure is set to grow substantially under the backdrop of the Russia-Ukraine war.

Follow us on Twitter for more informed news.