21 February 202316 minute read

Coordinated DOJ, Treasury and international law enforcement actions against crypto exchange Bitzlato and its founder highlight laser focus on combatting illicit activity involving digital assets and Russia

On January 18, 2023, the US Department of Justice (DOJ) and US Treasury Department (Treasury) held a joint midday press event announcing the takedown of Bitzlato, a China-based cryptocurrency exchange, and the arrest of and charges against its alleged founder, Anatoly Legkodymov, a Russian national.  Although neither Bitzlato nor Legkodymov were household names, DOJ and Treasury quickly revealed their relevance: Bitzlato was a go-to crypto-exchange for cybercriminals, including Hydra, the world’s largest darknet market until April 2022 when DOJ took it down and Russia-affiliated Ransomware-as-a-Service (RaaS) providers including Conti, a recently sanctioned group that provided RaaS malicious software to enterprising criminals. 

DOJ worked with international law enforcement to seize Bitzlato’s servers on the day of Legkodymov’s arrest, but for Legkodymov himself, DOJ leveraged a powerful statutory tool:18 U.S.C. Section 1960 (Section 1960). Under that section, the DOJ charged Legkodymov with operating a money transmission business without a license and transmitting funds derived from a criminal offense or intended to be used to promote or support unlawful activity. Treasury deployed an equally impressive tool of its own for the first time by identifying Bitzlato, a financial institution operating outside of the US, as a “primary money laundering concern” in connection with Russian illicit finance pursuant to section 9174(a) of the Combating Russian Money Laundering Act of 2021 (Public Law 116-283)(the Act) by the Financial Crimes Enforcement Network (FinCEN) (the Order).

“Blitz-a-lato?” Analyzing DOJ’s significant powers under 18 USC Section 1960

The DOJ’s case against Anatoly Legkodymov demonstrates how prosecutors can – and will – use Section 1960 and it also signals a real and aggressive pursuit of companies and individuals acting as cryptocurrency exchangers or administrators who have either knowingly serviced customers involved in illicit activities, or simply just failed to register with FinCEN. However, while the use of it certainly took Bitzlato (and the industry) by surprise, DOJ’s plan to use Section 1960’s bar against unlicensed money transmitting businesses to pursue targeted individuals and companies that have failed to register as money transmission businesses or failed to implement Anti-Money Laundering (AML) programs under the Bank Secrecy Act (BSA) was hidden in plain sight. Only true devotees of government reports will recall that, back in October 2020, Section 1960 was identified briefly as an enforcement mechanism deep within in a lengthy Cryptocurrency Enforcement Framework Report (the CEF Report) issued by the DOJs cyber-digital task force, mentioned along such classics such as wire fraud, mail fraud, securities fraud, and money laundering. The CEF Report also promises that the DOJ will prosecute “conduct involving cryptocurrency that provides material support to a designated foreign terrorist organization,” and that DOJ has brought, and will bring, “actions against individuals and companies that failed to meet their legal obligation to counter illicit activities” involving cryptocurrency.

What is 18 USC § 1960?

Section 1960 criminalizes anyone who “knowingly conducts, controls, manages, supervises, directs, or owns all or part of an unlicensed money transmitting business.” 18 U.S. Code § 1960(a).  As relevant to the Bitzlato case, an “unlicensed money transmitting business” means a money transmitting business that affects interstate or foreign commerce in any manner or degree and that either “fails to comply with the money transmitting business registration requirements” under the BSA or the regulations thereunder or “otherwise involves the transportation or transmission of funds that are known to the defendant to have been derived from a criminal offense or are intended to be used to promote or support unlawful activity.” 18 U.S. Code § 1960(b)(1)(B), (C). 

Generally speaking, entities may qualify as money transmitters or money services businesses (MSBs) under FinCEN’s regulations (and fall within Section 1960’s ambit) if, among other things:

  • They do business wholly or in substantial part in the US, wherever located and whether or not on a regular basis or as an organized or licensed business.

  • They accept currency, funds, or other value that substitutes for currency from one person and transmit it to another, by any means. Per FinCEN’s’s 2013 and 2019 guidance, this includes Bitcoin and other cryptocurrencies, but there are also exemptions for certain products and business models.

With limited exceptions, MSBs operating in the US must register with FinCEN, file reports of suspicious activity, and set up an AML program. Such programs must include “[i]ncorporat[ing] policies, procedures, and internal controls reasonably designed to assure compliance” with an MSB’s obligations to verify customer identification (typically referred to as a “know your customer” or “KYC” requirement), file reports, creating and retaining records, and responding to law enforcement requests. 31 C.F.R. Section 1022.210(d).

Why is Section 1960 important to understand?

In short, these felony violations don’t require intent to be prosecuted, and the statute is continually being used by federal prosecutors. Further breakdowns of these three key considerations follow.

  • Section 1960(b)(1)(B) is a general intent crime, and no mens rea is required. Section 1960(b)(1)(B) is a “strict liability” or “general intent” crime, relatively unique in the corporate and white-collar crime world for which no mens rea is required.  In other words, one need not know that FinCEN registration (or state licensure under subsection (b)(1)(C)) was required.

  • Section 1960 crimes are serious felony violations, currently punishable by up to five years in prison.  Section 1960 crimes are felonies, have a five-year statutory maximum and also carry the potential for criminal fines and criminal and/or civil forfeiture. What’s more, in September 2022, DOJ called upon Congress to double the criminal penalties to ten years and for sentencing enhancement for individuals and corporations who transact more than $1 million within a year “to reflect the seriousness of the conduct at issue.”  The White House echoed the request that Congress “aid law enforcement” by “strengthen[ing] penalties for violating illicit-finance rules.”

  • DOJ has deployed Section 1960 for virtual asset crimes since at least 2013, and its use of the tool is Increasing. DOJ has been using Section 1960 since at least 2013 to prosecute digital asset-related businesses and/or individuals in district courts throughout the country.  Based on its own press releases, DOJ’s use of Section 1960 to police the virtual asset space appears to have increased in recent years, including notable cases out of the US Attorney’s Offices for the Eastern District of New York and District of New Jersey since 2021.

What can those in the financial services and digital asset industry expect?

This case confirms suspicions that a capable DOJ, well-armed with sophisticated tools, can be expected to use statutory enforcement tools in the digital asset space, including against individuals and entities located outside of the US, although FINCEN did not provide additional guidance about what it means to do business in the US “in substantial part” under 31 C.F.R. Section 1010.100(ff).

  • The DOJ’s National Cryptocurrency Enforcement Team (NCET) appears to be active and well-staffed. The NCET was created in November 2021 “to combat the growing illicit use of cryptocurrencies and digital assets” and both “conduct[] and support[] investigations into individuals and entities that enable the use of digital assets to commit and facilitate a variety of crimes.” The NCET has a “particular focus” on virtual currency exchanges such as Bitzlato, mixing and tumbling services, and infrastructure providers. According to Assistant Attorney General Kenneth Polite, this was the first public enforcement action led by the DOJ’s NCET, but the team’s investigations have been ongoing, and it is in ramp-up mode.

  • The Government continues to deploy sophisticated blockchain tracing technology through outside vendors.US law enforcement already spends millions on highly sophisticated blockchain tracing and analysis software to help it detect (and ultimately prosecute) cryptocurrency-related crime.  According to usaspending.gov, a website which tracks government contracts, between August 2015 and October 2022, several US government agencies – including DOJ, Treasury and DHS – have awarded multiple leading blockchain software and consulting companies support contracts as more investigations unfold.

  • 2023 agency budget requests will increase in order to fight digital asset-related crime: The White House recently stated that it would call on Congress to, among other things, “fund greater law-enforcement capacity building, including with international partners.” We should expect to see increased budget requests come March 2023 to fight illicit activity in the digital asset world.

  • FinCEN did not elaborate on the meaning of operating an MSB “in substantial part” in the US.  Notably, while a review of the Legkodymov Amended Complaint may provide some additional granularity about what the DOJ believes qualifies as doing business in the US “in substantial part” for Section 1960 liability and earlier FinCEN civil enforcement efforts (in July 2017 against BTC-E and August 2021 against BitMEX) shed some light, FinCEN did not weigh in. In its order identifying Bitzlato to be of primary money laundering concern, FinCEN specifically explained that it “has not considered the extent to which Bitzlato does business in the United States” under the BSA.

What financial institutions need to know about Bitzlato and FinCEN’s powers under Section 9174(a) of the Combatting Russian Money Laundering Act of 2021

During the joint press event with the DOJ, the Treasury also announced its order prohibiting transactions with Bitzlato, a China-based cryptocurrency exchange as a “primary money laundering concern” in connection with Russian illicit finance, the first order of its kind under section 9714(a) of the Combatting Russian Money Laundering Act (the Act). Deputy Treasury Secretary Walley Adeyemo acknowledged, this as “a unique step that has only been taken a handful of times in Treasury’s history, for some of the most egregious money laundering cases, and is the first of its kind specifically under new authorities to combat Russian illicit finance.”  Further, he stated that “[b]ecause of its significant operations in, and connection to, Russia and Russian illicit finance,” including its support of and use by RaaS group(s) based in/with ties to Russia such as the recently sanctioned group, Conti, “Bitzlato threatens US national security, the integrity of the US and international financial sectors, and businesses and institutions worldwide.”

What does Treasury’s Order require?

  • As of February 1, 2023 – and with no end date – any “covered financial institution” meaning, any “financial institution” as defined in 31 CFR Section 1010.100(t), is prohibited from engaging in a transmittal of funds from or to Bitzlato, or from or to any account or convertible virtual currency (CVC) address administered by or on behalf of Bitzlato.

  • For traditional funds transfers, covered financial institutions must reject the transaction without accepting the funds.

  • The Order acknowledges that it may be difficult (or impossible) for covered financial institutions to proactively decline or reject prohibited transfers because of certain technological limitations related to virtual currency transactions. Therefore, covered financial institutions may simply reject the virtual currency transaction by preventing the intended recipient from accessing the cryptocurrency and returning it to Bitzlato, or to the wallet address from which it originated.

  • FinCEN recommended that covered financial institutions continue to implement appropriate Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) procedures and systems, including traditional compliance screening and blockchain tracing software, to identify their customers and determine whether they are involved in a transmittal of funds involving Bitzlato in order to ensure compliance with the Order.

  • The Order does not modify, impair, or otherwise affect any requirements or obligations under the BSA, including filing SARs, or other laws or regulations such as OFAC sanctions.  Thus, covered financial institutions are not required to reject virtual currency transfers if doing so would violate other laws or regulations such sanctions set forth by the US Treasury’s Office of Foreign Assets Control (OFAC).

  • FinCEN has defined “Bitzlato” to include all subsidiaries, branches, and offices of Bitzlato, operating in any jurisdiction, as well as any successor entity, ie, any person that replaces Bitzlato by acquiring its assets, in whole or in part, and/or carrying out the affairs of Bitzlato under a new name.

What are Treasury’s Section 9174 powers?

Under Treasury Orders 180-01 and 101-05, Treasury delegated its authority to administer the BSA and its Section 9174 authority to the Director of FinCEN. Thus, the Act’s Section 9174 powers give FinCEN sanctions-like authority in connection with entities connected to Russian illicit finance.  Section 9174 powers include all of the “special measures” granted to Treasury by Section 311 of the US Patriot Act, including measures requiring financial institutions to record and report certain financial transactions, obtain and retain information relating to beneficial ownership, certain payable-through accounts, and certain correspondent accounts, or avoid opening or maintaining certain correspondent or payable-through accounts. Additionally, under Section 9174:

  • Treasury can simply prohibit – as it did here – or restrict certain funds transmittals involving the designated target, class of transactions, or type of account.

  • Treasury can make this designation through an order – as it did here – instead of going through a slower, rulemaking/notice-and-comment process that Section 311 requires. Of course, this was important here where law enforcement sought to act in a time-sensitive, coordinated, and covert manner presumably to secure evidence and prevent flight.

  • Treasury need not consider any particular factor or set of factors when making a finding under Section 9174. Treasury nonetheless outlined the factors it considered in this action while explaining that it need not have done so.

  • Treasury believes it may use Section 9174 when a financial institution facilitates money laundering transactions for funds derived from illegal activity or the proceeds of illegal activity and those activities have a nexus to Russia.

  • Although it need not have under Section 9174, Treasury “elected to perform interagency consultations prior to issuing [the] order,” including with the DOJ, State Department, Federal Reserve Board, Federal Deposit Insurance Corporation, Securities and Exchange Commission, Commodity Futures Trading Commission, Office of the Comptroller of the Currency, and the National Credit Union Administration, each of which concurred.

What is the impact of the Treasury Order?

According to Treasury, the Order effectively renders Bitzlato an “international pariah,” cutting it off from the US (and likely global) financial system. One might wonder why and whether the Order was necessary considering that the DOJ and French law enforcement seized Bitzlato’s servers on the day of Legkodymov’s arrest and the Order took effect almost two weeks later. 

However, the Order appears to have been necessary for at least three reasons:

  • It prevents covered financial institutions from transacting with any successor-in-interest entity run by Legkodymov’s still-at-large co-executives, including an entity under a different name.

  • It accounts for the possibility that there are not-yet-seized redundant or back-up Bitzlato servers. Since the order took effect on February 1, Bitzlato’s co-founder, Anton Shkurenko, claimed that he could relaunch Bitzlato from his Moscow apartment.

  • It was designed for maximum general deterrence.  According to Treasury, the Order “will further reinforce the importance of AML/CFT compliance in the virtual asset space, help protect the national security of the United States, notify financial institutions around the world of Bitzlato’s illicit activity, and set an example for other international partners to follow in the fight against illicit finance and criminal actors.”

Potential opportunities

FinCEN’s focus on Bitzlato’s inadequate AML/CFT controls provides several important and timely opportunities:

  • First, non-US-based cryptocurrency exchanges, administrators, and MSBs may wish to assess their business models and risk profiles, how their business functions relative to US customers and transactions, as well as the nature and extent of any business activities in the United States to ensure they have all necessary licenses to do business legally.

  • Second, all covered financial institutions, including MSBs, should assess their AML/KYC policies, procedures, and controls, to ensure that they are operating in an effective, risk-based manner, particularly as they relate to illicit financial activity involving Russia. They should also ensure their AML/KYC policies, procedures, and controls are updated to allow rapid implementation of compliance with future similar orders.

  • Third, covered financial institutions should be mindful of the obligation to cease doing business with Bitzlato or wallets associated with Bitzlato, including any successor entity operating under a new name, as of February 1, 2023, and institute both preventative and detective controls as needed.

  • Fourth, covered financial institutions should consider how to approach and document compliance if they encounter dealing with the technological limitations described acknowledged in the Order. Specifically, they should carefully evaluate the facts-and-circumstances surrounding any decision to reject transactions from unknown senders, where the originating wallet address is no longer accessible, where the cryptocurrency originated from Bitzlato but was held for an extended time in an un-hosted wallet, or where financial institution’s risk mitigation procedures would preclude returning funds to Bitzlato.
Print