Remarks by Assistant Secretary of State for Terrorism Financing and Financial Crimes Elizabeth Rosenberg on DeFi Risk Assessment at Atlantic Council


in preparation for delivery

On April 6, the Ministry of Finance released its first Decentralized Financial Fraud Risk Assessment. This is the world’s first fraudulent financial risk assessment conducted for a decentralized financial (DeFi) service. Today, I want to share with you why we did this, some of our most important findings, and how we think about our next steps in this new field.

Given the rapid growth of the sector and theft from DeFi services over the past few years, including several high-profile cases involving North Korean cyber attackers who not only stole virtual assets from DeFi services, , DeFi services have received considerable attention. , then used DeFi services to launder stolen earnings. As such, in September 2022, the Treasury Department committed to conducting a risk assessment of DeFi services as part of its action plan to mitigate fraudulent financial risks in digital assets.

In this risk assessment, we started by defining what we mean by “DeFi” and cut through some of the amorphous and ambiguous interpretations of “DeFi” itself. It is intended to allow some of the protocols and services of virtual assets using DeFi. A form of automated P2P transaction, often using self-executing code such as smart contracts developed on blockchain technology. We have decided to take this broad approach to DeFi services, covering a wide variety of structures and activities, and hopefully reaching all current illicit financial risks across the DeFi ecosystem.

We spoke with a number of stakeholders to gather input for the report, and deliberately asked broad questions, such as whether illegal actors are abusing DeFi services. Only later did we proceed to determine what steps we could take to mitigate the risks we discovered. Our intention with this risk assessment was not to assess the relative merits of decentralization or centralization. , was to broadly consider the fraudulent financial risks associated with DeFi services and potential countermeasures to address them.

The results of researching these questions form the basis of your risk assessment. That everyone interested in DeFi will read the product, use it in their decision-making, and provide substantive feedback on how the risk landscape is changing as DeFi technology advances. I hope

Now let’s talk about the survey results.

One of our key findings confirms what the Treasury Department previously said. DeFi services often have governing bodies behind them that provide a means of centralized control and governance. We do not deny the possibility that true DeFi services will one day become widespread, but they are not the main feature of the current landscape. It means that there are individuals or businesses associated with the service to which obligations may already apply.

Not surprisingly, in our assessment, illicit actors such as ransomware cybercriminals, thieves, scammers, and North Korean cyber actors are using DeFi services, especially for illegal money laundering. I understand.

The assessment further identified several techniques involving DeFi services in this process. This includes exchanging virtual assets with other virtual assets running on other blockchains using cross-chain bridges. Send your virtual assets through the mixer. Some of them claim to be decentralized. Arrange virtual assets into liquidity pools in a tiered fashion. There are also outright thefts from DeFi services, exploiting weak cybersecurity controls within DeFi technology.

The primary regulatory vulnerability identified by the risk assessment is DeFi services’ violation of existing US AML/CFT obligations. The U.S. Treasury believes that DeFi services that perform covered financial institution functions are subject to BSA obligations, including AML/CFT obligations, regardless of the decentralization of the service. Additionally, Americans must comply with US economic sanctions regulations wherever they are. Many of his DeFi services subject to these mandates are non-compliant, making them easier to access and more likely to be abused by rogue actors looking to fund their malicious activities. Technology, especially her DeFi, conveys a sense of impersonation, but let’s remember why he has AML/CFT controls in the first place: cutting off funding to illicit actors, and controlling their crimes and This is to prevent acts of terrorism. Failure to comply with these regulatory obligations has real consequences.

So where are we going now?

The first recommendation I would like to focus on is to continue to strengthen U.S. AML/CFT oversight of crypto-asset activities, in parallel with considering additional guidance for the private sector on AML/CFT obligations for DeFi services. In addition, he will assess the strengthening of his AML/CFT regulatory regime in the country as it applies to DeFi services, and monitor responsible innovation of AML/CFT and sanctions compliance tools. Now I would like to send a concrete message to the private sector. “DeFi innovation” should not only occur in the technical and financial realms. There is a tremendous need and potential for innovation in compliance mechanisms that help all parties in the digital ecosystem stay on the right side of the law and ensure they are on the right side. Do not facilitate the funding of criminal or terrorist networks.

We are passionately invested in having and sustaining these discussions with the private sector. We are not only interested in encouraging responsible innovation and the development of emerging technologies, but also recognize the need to adapt to technological advances. This is why we have and will continue to emphasize public-private engagement and collaboration on emerging technologies in general and her DeFi service in particular.

Just last week, a member of my team presented the results of a risk assessment at the Financial Action Task Force (FATF) Virtual Assets Liaison Group meeting in Tokyo. Over 100 participants from over 18 countries and 30 private companies, both in government-only sessions and sessions with private sector members, discussed how FATF standards apply to DeFi services. .

If you’ve already reviewed the risk assessment, you may have seen how the report intentionally poses questions to the reader to ensure that this feedback loop continues. How DeFi services can be encouraged to comply with existing AML/CFT and sanctions regulations, where obligations need to be clarified, and to prevent abuse of DeFi services outside the scope of current regulations I need your perspective on how. Illegal actor.

So, we welcome your feedback on the report, the current state of DeFi, and how we can all play a role in protecting the financial system from abuse.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *