All kinds of unwanted users — ransomware gangs, thieves, scammers, and North Korea — are merrily transacting in decentralized finance and even laundering funds, according to a new report from the Treasury Department. That’s because DeFi doesn’t comply with anti-money laundering and anti-terrorism finance laws.
Poor compliance with anti-money laundering as well as poor cybersecurity puts DeFi users at risk of theft and fraud, the Treasury says.
In the US, the Bank Secrecy Act — and some other regulations — mean that financial institutions have to help the government detect money laundering. In this paper, the Treasury notes that a DeFi service might well be a financial institution under the BSA, even if it’s decentralized, and will have to comply with the law. Uh-oh! That sounds like a warning shot. If I worked in DeFi, I would be worried that a crackdown is coming; the Treasury is essentially saying that DeFi services are vulnerable under existing laws.
The report finds that “many” DeFi services don’t comply with the BSA, which is not exactly a surprise given, you know, the whole history of Bitcoin being a currency-based way to hate the government. In some cases, the paper notes, DeFi services purposefully decentralize what they’re doing to try to avoid anti-money laundering enforcement. Unfortunately, the Treasury says, that is not at all how the law works.
There’s a second warning shot in the paper: it recommends “stepping up engagements with foreign partners to push for stronger implementation” of anti-money laundering laws, which sounds an awful lot like the US leaning real hard on other countries where DeFi might be established.