On July 28th, Senators Elizabeth Warren (D-Mass), Roger Marshall (R-Kan.), Joe Manchin (D-W.Va.) and Lindsey Graham (R-S.C.), reintroduced the Digital Asset Anti-Money Laundering Act (the “Act”), legislation aimed at closing gaps in the existing anti-money laundering and countering of the financing of terrorism (AML/CFT) framework as it applies to digital assets.  Senators Warren and Marshall previously had introduced the same piece of legislation in December 2022, but at that time it lacked widespread support and stalled in the Senate.

Now, potentially in response to crypto-friendly legislation that recently passed in the House, the Act gained momentum with a larger group of bipartisan legislators and may have a more promising future.  The Act also was reintroduced immediately on the heels of a successful amendment to the 2024 National Defense Authorization Act (NDAA) pertaining to AML compliance examinations for financial institutions under the Bank Secrecy Act (BSA) and the future regulation of anonymity-enhancing technologies, such as mixers or tumblers.  According to Senator Warren’s press release the Act currently enjoys the support of the Bank Policy Institute, the National District Attorneys Association, Major County Sheriffs of America, and the National Consumers League, among other groups.

As we discuss immediately below, the Act would make major changes to the current BSA/AML regulatory regime as it applies to digital assets.

The Act:  Unhosted Wallet Providers and Validators

Big picture, the goal of the Act is to apply broadly the existing BSA framework to many aspects of digital assets.

Perhaps most importantly, the Act would amend the BSA to expand its definition of a covered “financial institution” to include the following:

Unhosted wallet providers, digital asset miners, validators, or other nodes that may act to validate or secure third-party transactions, independent network participants (including maximal extractable value searchers), miner extractable value searchers, other validators or network participants with control over network protocols, or any other person facilitating or providing services related to the exchange, sale, custody, or lending of digital assets that the Secretary shall prescribe by regulation.

Accordingly, unhosted wallet providers, as well as “validators,” would become BSA-regulated financial institutions, subject to implementing regulations by the Financial Crimes Enforcement Network (FinCEN). 

The Act defines an “unhosted wallet” as “software or hardware that facilitates the storage of public and private keys used to digitally sign and securely transact digital assets, such that the stored value is the property of the wallet owner and the wallet owner has total independent control over the value.”  It defines a “validator” as a person or entity that “processes and validates, approves or verifies transactions, or produces blocks of digital asset transactions to be recorded on a cryptographically secured distributed ledger or any similar technology.”  This latter definition appears broad enough to include digital asset miners.  If so, and depending upon how FinCEN crafted the implementing regulations, this could be in significant tension with FinCEN’s 2014 guidance which opined that miners need not register with FinCEN as money service businesses (MSBs) covered by the BSA, so long as the miner used the digital assets for its own purposes.

The inclusion of unhosted wallet providers and validators within the ambit of BSA-regulated financial institutions would be a major change to digital asset regulation.  The Act directs FinCEN to promulgate regulations imposing BSA obligations upon these new financial institutions, including requiring them to register with FinCEN as MSBs.  The Act provides certain potential exemptions from such regulations, such as for technologies “used solely for internal business applications,” assets “not offered for sale, traded or otherwise converted to fiat currency or another digital asset,” or assets “otherwise deemed to pose little illicit finance risk.”  But those exemptions (depending upon how FinCEN crafted the implementing regulations) likely would not apply to miners or validators on the biggest, public-facing blockchains, including those for Ether and Bitcoin.

Relatedly, the Act would require FinCEN to finalize its December 2020 proposed rule to require banks and MSBs to verify customer identities, keep records, and file reports in relation to certain digital asset transactions involving unhosted wallets or wallets hosted in certain riskier jurisdictions.  FinCEN’s rulemaking proposal appears to target transactions involving a counterparty that does not have an account with, or wallet hosted by, either: (i) a financial institution regulated under the BSA; or (ii) certain foreign financial institutions located in “problematic” jurisdictions (i.e., “jurisdictions of primary money laundering concern,” including Iran and North Korea).  In this respect, differentiating between hosted and unhosted wallets is something of an open question.  FinCEN proposes that affected institutions will need a “reasonable basis” to conclude that a counterparty has an account or wallet hosted by a BSA-regulated institution or covered foreign financial institution.  For transactions involving an unhosted or otherwise covered wallet, and among other new obligations, the proposed rule would require affected institutions to submit a report to FinCEN, analogous to the current Currency Transaction Report requirement and form, if the value of the transaction is greater than $10,000.

The Act: Digital Asset Kiosks

The Act would require FinCEN to engage in rulemaking for digital asset kiosks – “digital assets automated teller machine[s] that facilitate[] the buying, selling, and exchanging of digital assets.”  Specifically, the Act would seek regulations requiring digital asset kiosk owners and administrators to verify customer identity, and collect the name of physical address of each counterparty to a transaction.  FinCEN also would have to require digital asset kiosk owners and administrators to submit and update the physical addresses of the kiosks that they own or operate every 90 days.  Further, the Act would require FinCEN to issue a report identifying all “digital asset kiosk networks” operating as unregistered MSBs and assess whether “any additional resources [are] . . . necessary to investigate the unlicensed digital asset kiosk networks.”

Expanding the FBAR Filing Requirement to Digital Assets

The BSA currently requires U.S. taxpayers to file a BSA Form 114, Report of Foreign Bank and Financial Accounts (“FBAR”), if they hold a financial interest or signatory authority over one or more “financial accounts” located outside the United States, when the aggregated value of the accounts exceeds $10,000.  Notably, that requirement does not currently apply to digital assets. If passed, the Act would expand the FBAR filing requirements to include digital assets.  This sort of expansion has been discussed for years.

Other Obligations

The Act also specifically calls on FinCEN to implement regulations or take steps over the next two-year period to accomplish the following:

  • Promulgate regulations requiring financial institutions covered by the BSA to establish controls to mitigate the illicit finance risks of transacting with digital assets that have been anonymized using digital asset mixers and other anonymity-enhancing technologies (on which we have blogged hereherehere and here);
  • Establish a risk-based AML/CFT compliance examination and review process regarding digital assets for MSBs and other entities covered by the BSA; and
  • Similarly, direct the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) to establish a risk-based AML/CFT compliance examination and review processes for the entities they regulate.

FinCEN already faces a daunting list of projects, coupled with budgetary restraints and mounting pressure from Congress regarding the slow roll-out of implementing regulations for the Corporate Transparency Act.  This new legislation, if passed, would add considerably to FinCEN’s current burdens.

Timing is Everything

Framing the issue as a matter of national security, the group of senators who reintroduced the Act spoke about the risks of countries like Iran, Russia, and North Korea committing cybercrimes and laundering billions of dollars from U.S. financial institutions.  Senator Warren previously has spoken about the need for tougher regulations over digital assets in other contexts as well – like crypto’s role in fueling the fentanyl crisis, and crypto as the method of choice for countries to evade sanctions and fund weapons programs.

While these topical issues likely helped garner support for reintroducing the Act, the timing of the Act’s reintroduction also corresponds to several pieces of legislation that have major implications in the realm of digital assets.  Most notably, the Act was reintroduced on the day after the Senate approved a bi-partisan amendment to the 2024 NDAA (the “Amendment”).  The Amendment has two parts: one, entitled “Crypto Asset Anti-Money Laundering Examination Standards;” the other, “Combatting Anonymous Crypto Asset Transactions.” 

Similar to a provision in the Act, the first part to the Amendment requires the Secretary of the Treasury to “establish a risk-focused examination and review process for financial institutions” under the BSA within one year of the NDAA’s passage.  This examination process should focus on the adequacy of a financial institution’s Suspicious Activity Report filings and its overall BSA/AML and CFT compliance program, as they relate to digital assets.  Although the Amendment, as styled, would apply to any business qualifying as a “financial institution” under the BSA, as a practical matter it would apply primarily to crypto exchanges and other entities qualifying as MSBs under the BSA.

The second part to the Amendment requires the Secretary of the Treasury to submit a report within a year to Congress and the Senate on anonymity-enhancing technologies, such as mixers and tumblers, used in connection with digital assets.  The report should include data on how such technologies are used to conduct illicit financial transactions and violate U.S. sanctions law, as well as related recommendations for legislation or regulation.  As we have blogged (hereherehere and here), the U.S. government views mixers and tumblers as frequent tools for illicit finance.

Also on July 27th, the House advanced a bill entitled the “Keep Your Coins Act of 2023,” which would allow consumers to host their own digital wallets in order to purchase goods and services.  Largely described as a matter of privacy, and praised by many in the crypto industry, this bill would prevent certain governmental restrictions on self-hosted wallets.

Again, on July 27th, the House advanced the “Clarity for Payment of Stablecoins Act of 2023,” which grants oversight of stablecoins to state-level regulators, rather than the federal government.  Passing this legislation would render the SEC and CFTC largely irrelevant in the regulation of stablecoins – the ever-popular fiat-backed type of cryptocurrency – that otherwise would fall under either (if not both) of their authorities.

In contrast to the bipartisan-backed Act and NDAA Amendment in the Senate, these House bills largely progressed on party lines, with Republican lawmakers more willing to curtail the regulatory schemas surrounding digital assets and Democrats seeking the opposite.  In contrast, because much of the rhetoric surrounding the Act is geared at national security and preventing the illicit drug trade, it may be a key exception to the current partisan nature of crypto legislation.  Likewise, now that it is attached to the NDAA, which must be passed every year, the Amendment may have a promising future.

Ultimately, the timing of these legislative reforms is critical, because lawmakers in this space need to keep up with an ever-changing landscape of both market forces and technological advancements – both of which have been in massive flux in recent years.