September 16, 2021

With Criminal Use of Cryptocurrency on the Rise, Senator Hassan Calls for Action from Federal Agencies

Senator Hassan’s Call Comes Following the Peterborough Cyberattack

WASHINGTON – U.S. Senator Maggie Hassan (D-NH), a member of the Homeland Security and Governmental Affairs Committee, called on multiple federal agencies to address current aspects of the cryptocurrency market that allow for criminal usage. Senator Hassan’s call follows last month’s cyberattack on the Town of Peterborough, which resulted in the theft of $2.3 million in taxpayer dollars, almost all of which was converted into cryptocurrency rendering it nearly impossible to recover.

 

In the letter, Senator Hassan discusses how lax requirements create anonymity that facilitates criminal use of cryptocurrency, writing, “It is clear that more robust KYC (Know Your Customer) requirements for cryptocurrency exchanges, cryptocurrency kiosks, and OTC (Over-the-Counter) cryptocurrency trading desks could improve transparency in the U.S. and global cryptocurrency markets, and lead other countries to follow our lead in requiring KYC information for users on these services. This in turn could prevent illicit use of this novel financial technology while allowing the legitimate use of cryptocurrencies to flourish as a whole.” 

 

The letter was sent to the Department of Justice, Internal Revenue Service, Department of Homeland Security, Securities and Exchange Commission, and the Financial Crimes Enforcement Network with the Department of Treasury.

 

Senator Hassan’s call is part of her ongoing efforts to strengthen cybersecurity. Senator Hassan’s bill, The State and Local Cybersecurity Improvement Act, creates a state and local cybersecurity grant program and recently passed the Senate as part of the bipartisan infrastructure package. The bill authorizes a new grant program at the Department of Homeland Security dedicated to improving cybersecurity for state, local, tribal, and territorial entities. If signed into the law, the legislation would provide $1 billion over 4 years nationally, and at least $10 million to New Hampshire. The latest National Defense Authorization Act, which is now law, included a bipartisan amendment that Senator Hassan introduced to create a cybersecurity state coordinator in each state. 

 

Read the Senator’s full letter here or below:

 

Dear Attorney General Garland, Secretary Mayorkas, Commissioner Rettig, Chairman Gensler, and Acting Director Das,

 

I write to express my concern over the rise in the use of cryptocurrency for criminal purposes, and request that your agencies take additional targeted steps to prevent and prosecute the use of cryptocurrency for criminal purposes.  Last month, the Town of Peterborough, New Hampshire suffered a cyberattack where criminals stole $2.3 million in taxpayer dollars. Before the original fraud was discovered, most of the funds were converted into cryptocurrency and are likely now unrecoverable.

 

The anonymity provided by cryptocurrency has helped facilitate its use by criminals in a myriad of ways. These uses include drug sales over the dark web, payments for ransomware attacks, tax evasion, financing for terrorism and organized crime, money laundering, and more.

 

Cryptocurrencies are primarily bought, sold, and traded on centralized and decentralized exchanges. Centralized exchanges use an order book to match, buy, and sell cryptocurrency orders between traders, similar to how stocks are traded. Buyers and sellers rely on these centralized exchanges to hold and handle their assets and process their transactions. But these centralized exchanges often require know-your-customer (“KYC”) information from their users to partake in their services. Decentralized exchanges allow the direct exchange of cryptocurrency, by using software to match buyers and sellers who wish to trade cryptocurrencies without an intermediary institution controlling the funds. Many decentralized exchanges have far less stringent KYC requirements than the centralized exchanges, and some have no KYC requirements at all. Recent studies have found that many exchanges, both centralized and decentralized, have weak KYC requirements.

 

Cryptocurrency can also be bought, sold, and traded at cryptocurrency kiosks and over-the-counter (OTC) trading desks. Cryptocurrency kiosks are physical machines that look and function similar to automated teller machines (ATM) and can be located anywhere while OTC desks function similarly to foreign currency exchanges, where the user buys or sells the cryptocurrency to the desk directly. Both cryptocurrency kiosks and OTC desks usually require less KYC than centralized exchanges.

 

It is clear that more robust KYC requirements for cryptocurrency exchanges, cryptocurrency kiosks, and OTC cryptocurrency trading desks could improve transparency in the U.S. and global cryptocurrency markets, and lead other countries to follow our lead in requiring KYC information for users on these services. This in turn could prevent illicit use of this novel financial technology while allowing the legitimate use of cryptocurrencies to flourish as a whole.

 

To that end, I request answers to the following questions:

 

  1. What authority do your agencies have to regulate U.S.-based cryptocurrency exchanges, cryptocurrency kiosks, and OTC cryptocurrency trading desks and their users?
  2. What additional authority could be helpful in your agencies’ attempts to regulate U.S.-based cryptocurrency exchanges, cryptocurrency kiosks, and OTC cryptocurrency trading desks and their users?
  3. Would additional civil or criminal penalties under 18 U.S. Code § 1960 aid your agencies’ efforts to prevent and prosecute the criminal use of cryptocurrency?
  4. Would an additional waiting period requirement for conversion from fiat currency into cryptocurrency help your agencies recover funds before they are converted and become unrecoverable such as in the Peterborough case? Could an additional waiting period be implemented for select transactions that could be designated as high risk, or according to value, or would a waiting period need to need to be universally implemented?
  5. Would an additional waiting period requirement for conversion from fiat currency into cryptocurrency be permissible under current authorities? If not, what additional authorities would your agencies require to institute one?
  6. Would requiring cryptocurrency exchanges to reverse or reimburse users in cases of fraud, similar to what is done with credit cards and wire transfers, help combat the criminal use of cryptocurrencies?
  7. Would a requirement that cryptocurrency exchanges reverse or reimburse users in cases of fraud be permissible under current authorities? If not, what additional authorities would your agencies require to institute one?
  8. What additional authority or resources would assist your agencies in preventing and prosecuting the criminal use of cryptocurrency?

 

###