U.S. Treasury Warns DeFi Is Used by North Korea, Scammers to Launder Dirty Money

Decentralized finance (DeFi) services that aren’t compliant with anti-money laundering and terrorist financing rules pose “the most significant current illicit finance risk” in that corner of the crypto sector, according to the U.S. Department of the Treasury’s first analysis of hazards from the technology.

In an expected risk assessment, published Thursday, the Treasury Department said thieves, scammers, ransomware cyber criminals and actors for the Democratic People’s Republic of Korea (DPRK) are using DeFi to launder proceeds from crime.

On the basis of its findings, the department recommends an assessment of “possible enhancements” to U.S. anti-money laundering (AML) requirements and the rules for countering the financing of terrorism (CFT) as they should be applied to DeFi services. It also calls for input from the private sector to inform the next steps.

“Clearly, we can't do this alone,” said Brian Nelson, Treasury’s undersecretary for terrorism and financial intelligence, in a Thursday webcast hosted by ACAMS, a global organization focused on preventing financial crime. “We call on the private sector to use the findings of the risk assessment to inform your own risk-mitigation strategies.”

The 40-page report warns that “DeFi services at present often do not implement AML/CFT controls or other processes to identify customers, allowing layering of proceeds to take place instantaneously and pseudonymously.”

Read more: Money Laundering Picks Up Steam on DeFi Protocols: Chainalysis

The report references several instances where DeFi projects “have affirmatively touted a lack of AML/CFT controls as one of the primary goals of decentralization.” A footnote in the document cites ShapeShift’s 2021 transformation to a decentralized exchange “for the purpose of ceasing to collect customer information for AML/CFT compliance.”

“When these entities fail to register with the appropriate regulator, fail to establish and maintain sufficient AML/CFT controls or do not comply with sanctions obligations, criminals are more likely to exploit their services successfully, including to circumvent U.S. and [United Nations] sanctions,” the report said.

Although the goal of the assessment is to “identify the scope of an issue,” the report recommends the U.S. government strengthen its AML/CFT regulatory supervision and consider providing additional guidance for the private sector on compliance checks for DeFi services.

The assessment furthers the work outlined in President Joe Biden’s executive order on crypto from last year, and Nelson said it's the first of its kind in the world. Other jurisdictions including the European Union have also started looking at tackling money laundering risks associated with DeFi.

Nelson noted that DeFi can often pose challenges in trying to figure out the individuals behind the business activities. But he pointed out it doesn't matter whether the services are centralized or decentralized when figuring out whether they're covered by the Bank Secrecy Act.

He said even those that claim full decentralization can really engage in a wide range of activity that falls somewhere closer to traditional finance than they're suggesting.

“In some ways they're really decentralized in name only,” he said.

Read more: DeFi Platforms Need to Beef Up Security, Former Prosecutor Says

UPDATE (April 6, 2023, 11:12 UTC): Adds comments from Treasury's Brian Nelson.