On April 6, 2023, the US Department of the Treasury released a report analyzing the risks of decentralized finance (DeFi) and potential vulnerabilities in the United States’ anti-money laundering (AML) and countering the financing of terrorism (CFT) regulatory, supervisory, and enforcement systems for DeFi. The report identifies risks associated with DeFi services, such as a person’s ability to control the service that facilitates the transaction, which could lead to regulatory consequences. The report also highlights that cybercriminals and scammers have used DeFi services for transferring and laundering illicit proceeds.
According to the report, DeFi services often have a controlling organization that provides centralized administration and governance, which raises questions about claims of “decentralization.” The report notes that any DeFi service that functions as a financial institution as defined by the Bank Secrecy Act (BSA) will be required to comply with BSA obligations. Any DeFi service doing business in the US and accepting and transmitting virtual assets will most likely qualify as a money transmitter, and therefore have the same AML/CFT obligations as a money transmitter offering services in fiat currency.
While DeFi services conduct transactions using smart contracts that settle on a public blockchain, the report found significant limitations on relying on public blockchain information to trace illicit funds in the DeFi space. The report emphasizes that DeFi services must recognize that AML/CFT obligations still apply even if they purposefully seek to decentralize a virtual asset service to avoid triggering such obligations.
Additionally, this Treasury report highlights the challenges faced by regulators in ensuring compliance and enforcement in the DeFi space. With the absence of a centralized entity, it can be challenging to hold individuals or organizations accountable for violations of AML/CFT laws. The report notes that DeFi services have the potential to facilitate illegal activities, and regulators must ensure that they remain vigilant in detecting and preventing such activities.
The report also emphasizes the need for regulatory clarity in the DeFi space. With no generally accepted definition of DeFi, it can be difficult for regulators to determine which DeFi services fall under their jurisdiction. The report notes that some DeFi services claim to be decentralized, but in reality, they have a centralized entity that controls the service. The lack of regulatory clarity can create confusion for market participants and hinder innovation in the DeFi space. The report calls for increased collaboration between regulators and industry participants to establish clear regulatory frameworks that foster innovation while ensuring compliance with AML/CFT laws.