DoJ’s crypto czar joins FinCEN in brand-new role: Why it matters
post-template-default,single,single-post,postid-479,single-format-standard,bridge-core-2.2.3,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,footer_responsive_adv,qode-content-sidebar-responsive,qode-theme-ver-21.0,qode-theme-bridge,disabled_footer_top,qode_header_in_grid,wpb-js-composer js-comp-ver-6.1,vc_responsive

DoJ’s crypto czar joins FinCEN in brand-new role: Why it matters

The title says it all. The US Department of Justice has named David S. Cohen, its top cyber official and the former White House National Security official, FinCEN Director Jennifer Shasky Calvery. The appointment comes as the Justice Department struggles to respond to a string of high profile data breaches that have rocked the US in recent months, and as it strives to protect the country from malicious actors who try to steal large amounts of data from various sources.

The Department of Justice has announced that its crypto czar, newly appointed deputy assistant attorney general (DAAG) for the Criminal Division’s Fraud Section, Dina Powell, is joining the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) . Both FinCEN and the Criminal Division are part of the U.S. Department of Justice .

In her monthly Expert Take column, international tax lawyer and CPA Selva Ozelli looks at the intersection of emerging technologies and sustainability, focusing on the latest developments in taxation, AML/CFT regulation, and legal issues affecting cryptocurrencies and blockchain.

It’s a brilliant end to a career in the US Department of Justice. Michelle Korver, the DOJ’s first-ever crypto czar, has advised government lawyers, federal agents, the Treasury Department’s Financial Stability Oversight Council, and the U.S. delegation to the Financial Action Task Force on crypto-currency issues, and has developed policies and laws on seizure and forfeiture of crypto-currencies. While finishing her last day of work, a member of the notorious REvil gang, known for extorting $11 million in bitcoins (BTC) from meat processor JBS after the Memorial Day attack, carried out the largest global ransomware attack to date over the weekend of April 4. The month of July has begun.

Related: Meet the DOJ crypto official: Expert review

The REvil attack targeted the supply chain and successfully spread the malware to thousands of companies in at least 17 countries that outsourced their IT services to Kaseya, a privately held company based in Dublin, Ireland. He did it in one fell swoop, thanks to a hack of Kaseya’s VSA computer systems management software, which allowed him to secure $70 million in Monero (XMR). If REvil succeeds, they can launch a second attack on companies that decide to pay Mondero’s demand. According to a recent report by Cybereason, titled Ransomware: Real value for businesses: 80% of businesses that choose to pay for ransomware fall victim a second time. REvil could then turn around and launder the illegal proceeds through dark web markets, according to a report published by Flashpoint and Chainalysis.

Related: Are cryptocurrency repayments tax deductible?

Criminals prefer to use cryptocurrency mixing services or proprietary coins like Monero when paying for illegal goods and services to hide the trail to the original source of funds, points out Korver, who co-authored an article titled Surfing the First Wave of Cryptocurrency Money Laundering in a journal published by the U.S. Department of Justice. As she writes:

Criminals follow common paths in placing, stacking and embedding their illegally obtained cryptocurrencies. These pathways run through several main areas, including institutional exchanges, P2P exchanges, blending and flipping services, and traditional banks. […] Some of these larger areas, such as P2P exchanges and blending services, seem to be more for criminals looking to launder cryptocurrencies.

For example, Korver explains: To get their hands on cryptocurrencies, criminals [including cyber attackers and ransomware researchers] must first create wallets. These portfolios may be under their exclusive control [non-hosted portfolios] or may be custodial portfolios hosted by a third party, for example. B. an institutional exchange. Once in the wallet, funds can be sent to calling services or gambling sites to hide their historical trail. The funds can then be converted to cash through exchanges, P2P exchanges or kiosks. Sometimes the funds are sent to cryptocurrency bank accounts or debit cards, where they can be used to buy things or pay off debts. While this is the usual way that primary domains appear in the PLI process, criminals can use domains in almost any way: Portfolios can be used to mix funds, P2P exchanges can be used to integrate funds, and kiosks can be used for layering. Criminals may also repeat the steps of the PLI process to further conceal the origin of illicit funds, although they face additional costs and risks with each repetition.

Related: US updates AML/CFT legislation for cryptocurrencies

In the context of ransomware payments, which have increased by about 500% since the start of the COVID-19 pandemic, Korver continued: Victims of ransomware attacks rely on P2P networks for file sharing. As ransomware has become a standardized criminal enterprise, more and more victims are being forced to acquire cryptocurrencies on short notice. An estimated 9% of bitcoin transactions involve ransomware or some other form of cyber extortion. While it takes days or weeks to open a confirmed account on an institutional exchange, a P2P exchange can offer cryptocurrencies in an instant, and victims are willing to pay that quick premium. Victims noted that the processing time [on the registered institutional exchange] was much greater than the urgency of the refund, and that P2P exchange was the best option for getting cryptocurrencies quickly.

Before Corver’s arrival at the Financial Crimes Enforcement Network, the FinCEN leadership proposed a rule against transactions using unhosted wallets for cryptocurrencies, which are typically software installed on a computer, phone or other device. Cryptocurrencies in an unhosted wallet are controlled by a person who can receive, send and trade their cryptocurrencies from person to person with other unhosted wallets or on an exchange platform without disclosing their identity, making it difficult to track and monitor transactions for AML/CTF compliance.

Related: Authorities seek to clear backlog of uncovered portfolios

This concern is shared by the Financial Action Task Force on Money Laundering (FATF), the intergovernmental body responsible for setting anti-money laundering standards. The updates proposed by the FATF in the 2019 guidance expand the definition of a virtual asset service provider (VASP) to include multiple entities for cryptocurrencies that are not vaults, meaning they will fall under AML/CFT rules. Decentralised peer-to-peer exchanges/structures (with the exception of rules applicable to all entities, e.g. targeted financial sanctions) will be further considered.

As crypto-currencies and ransomware attacks become more prevalent, Korver will strengthen FinCEN’s leadership in digital currencies by working with internal and external partners to develop strategic and innovative solutions to prevent and mitigate illicit financial practices and exploitation.

The views, thoughts and opinions expressed herein are those of the author and do not necessarily reflect or represent those of Cointelegraph.

Selva Ozelli, Esquire, CPA, is an international tax lawyer and chartered accountant who writes regularly on tax, legal and accounting issues for Tax Notes, Bloomberg BNA, other publications and the OECD.