X

Treasury Warns of AML Gaps in DeFi Services

The Treasury's Office of Terrorist Financing and Financial Crimes ("TFFC") identified illicit finance risks posed by decentralized finance ("DeFi") and offered recommendations to close regulatory gaps and mitigate those risks.

In the report, TFFC defined "DeFi" as "virtual asset protocols and services that purport to allow for some form of automated peer-to-peer (P2P) transactions" often through the use of smart contracts. Because DeFi services often do not implement AML procedures, TFFC said that cyber criminals are able to engage in the transferring and laundering of illicit proceeds. TFFC identified the following vulnerabilities in the DeFi space:

  • Disintermediation. TFFC stated that disintermediation can lead to (i) a reduced likelihood that the financial institution will implement AML/CFT safeguards for the service if they are not obligated under the BSA and (ii) gaps in suspicious activity reporting.
  • Cross-Border Regulatory Gaps. TFFC warned that the "most significant illicit financing risks" with regard to virtual asset service providers come from operating in jurisdictions with "substantially deficient" AML/CFT programs for virtual assets.
  • Cyber-related Risks. TFFC said that DeFi services experience a risk of large-scale threat due to a mix of several factors, including the "aggregation of large amounts of funds, the lack of requirements for cybersecurity and audits in the DeFi space, concentrated administrator rights and the availability of open-source code for DeFi services’ smart contracts." As a result, TFFC concluded that DeFi services are vulnerable to hackers via security breaches, code exploits and "flash loan attacks."

While regulatory frameworks are in place on a domestic and global scale to regulate DeFi services, TFFC found that these measures only "partially mitigate illicit financial risk" and that more must be done to "sufficiently address the identified vulnerabilities." To address these risks, TFFC recommended that the government and regulators:

  • enhance existing supervisory and enforcement functions to "harmonize" AML/CFT regulatory requirements, such as DeFi financial institutions with BSA obligations and provide clarity on how regulations apply to DeFi services;
  • monitor changes in the "DeFi ecosystem" that create risks of illicit finance;
  • continue to coordinate efforts with foreign partners;
  • advocate for virtual asset firms offering DeFi services to institute (i) real time analytics and monitoring and (ii) testing of code to immediately detect vulnerability and address suspicious activity; and
  • engage with developers to promote innovation aimed at mitigating illicit finance risks of DeFi services.

Primary Sources

  1. Treasury Report: Illicit Finance Risk Assessment of Decentralized Finance
  2. Treasury Press Release: Treasury Releases 2023 DeFi Illicit Finance Risk Assessment

Premium Content

Available only to Premium subscribers.

 

Join Premium

US Regulatory Intelligence combines regulatory and enforcement news, analysis, and practical work tools on an easy-to-use digital platform.

Request a Free Trial

Tags

Regulated Activities
AML Compliance
Regulated Products
Digital Assets
Body of Law
AML Regulation
Jurisdiction
US - Federal
Organization
Treasury / FinCEN / OFAC / CFIUS
Sub-Author
Treasury