Biden’s cryptocurrency executive order addresses illicit financial risks

Early indications are that the cryptocurrency industry will work with the U.S. government to help minimize risk and make it harder for cybercriminals to profit from their activities.

frozen bitcoin circuits
KTSimage / Polygraphus / Getty Images

The Biden administration issued its much-anticipated cryptocurrency executive order, laying out a wide-ranging investigation into digital assets to gain at least a preliminary grasp on how to address the rapidly growing $3 trillion financial market and its role in ransomware and other illicit activities. The order, entitled “Ensuring Responsible Development of Digital Assets,” outlines a series of far-reaching goals, including reducing the risks that digital assets could pose to consumers and investors, improving business protections, financial stability, and financial system integrity, combating and preventing crime and illicit finance, enhancing national security, fostering human rights and financial inclusion, and addressing climate change and pollution.

“Without oversight, the explosive growth in cryptocurrency use would pose risks to Americans and to the stability of our businesses, our financial system, and our national security,” an administration official said during a press briefing preceding the order’s release. “The absence of sufficient oversight can also provide opportunities for criminals and other malicious actors to leverage cryptocurrencies to launder the proceeds of their crimes or circumvent justly-applied sanctions,” the official said.

Reflective of the order’s even-handed tone, the official added, “At the same time, however, digital assets can also provide opportunities for American innovation and competitiveness, and promote financial inclusion.” To ensure that the U.S. government is not left out of these opportunities, the order also spells out a series of measures to create a federal central bank digital currency (CBDC) that at least 80 monetary authorities around the world are also exploring, and, in some cases, have introduced.

Cybercrime and ransomware pose significant risks

The EO lays out 14 deadlines that encompass many government departments and independent regulatory agencies such as the Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), the Commodities Futures Trading Commission (CFTC), federal banking agencies, and the Consumer Financial Protection Bureau (CFPB). It directs these government entities to submit reports, technical evaluations, action plans, and recommendations on achieving the order’s goals.

From a security perspective, the most critical deadlines are those surrounding the submission to Congress of an updated version of the Treasury Department’s National Strategy for Combating Terrorist and Other Illicit Financing.

The EO stipulates that:

  • Within 90 days of the submission of the updated report, “The Secretary of the Treasury, the Secretary of State, the Attorney General, the Secretary of Commerce, the Secretary of Homeland Security, the Director of the Office of Management and Budget, the Director of National Intelligence, and the heads of other relevant agencies may each submit to the President supplemental annexes, which may be classified or unclassified, to the Strategy offering additional views on illicit finance risks posed by digital assets, including cryptocurrencies, stablecoins, CBDCs [central bank digital currencies], and trends in the use of digital assets by illicit actors.”
  • Within 180 days of the report’s submission, “The Secretary of the Treasury, in consultation with the Secretary of State, the Attorney General, the Secretary of Commerce, the Secretary of Homeland Security, the Director of the Office of Management and Budget, the Director of National Intelligence, and the heads of other relevant agencies shall develop a coordinated action plan based on the Strategy’s conclusions for mitigating the digital‑asset-related illicit finance and national security risks addressed in the updated strategy.” The EO states that the plan “shall address the role of law enforcement and measures to increase financial services providers’ compliance with AML/CFT [Anti-Money Laundering/Combating the Financing of Terrorism] obligations related to digital asset activities.”
  • Within 120 days following completion of the National Strategy as well as the completion of other reports, including the National Money Laundering Risk Assessment, the National Terrorist Financing Risk Assessment, and the National Proliferation Financing Risk Assessment, the Secretary of the Treasury shall notify the relevant agencies of any pending, proposed, or prospective rulemakings to address digital asset illicit finance risks. 

Ransomware threat actors and sanctioned foreign entities are targets of this section of the EO. “Digital assets may pose significant illicit finance risks, including money laundering, cybercrime and ransomware, narcotics and human trafficking, and terrorism and proliferation financing,” the order states. “Digital assets may also be used as a tool to circumvent United States and foreign financial sanctions regimes and other tools and authorities.”

During the press briefing, an administration official said, “The White House has already demonstrated leadership in this space by aligning departments and agencies to combat misuse of digital assets enabling the rise and spread of ransomware. Most current digital asset systems were not designed with critical controls in mind like identity, sanctions screening, and revocability of illicit transactions. Similar to our efforts to secure software development under the cyber executive order, this executive order is a signal to industry on the need to build in the critical protections needed for financial systems so we can leverage these innovative technologies for our benefit.”

The beginning of a long conversation about cryptocurrency oversight

The primary trade association representing the cryptocurrency industry, the Blockchain Association, expressed its willingness to work with the administration’s efforts under the order. “The Blockchain Association and its member companies stand ready to assist the Administration with its efforts to study pragmatic and timely oversight to our industry, and we are eager to collaborate,” the association said in a statement.

Faryar Shirzad, chief policy officer for top cryptocurrency exchange Coinbase, said in a tweet that “The White House seems to understand and embrace the transformational potential of digital asset technology, and the importance of maintaining American leadership.” He added, “This is a hopeful moment. We look forward to continuing our work with regulators and lawmakers to ensure the path forward encourages public participation, protects U.S. leadership, and takes a holistic view of this transformational moment.”

Ivan Zapien, partner at Hogan Lovells and a lobbyist for cryptocurrency exchange, tells CSO that the order is “going to be round one of several rounds. I think it’s the beginning of a long conversation. I think they’re setting the table for a conversation that’s due in Washington, DC, on a cutting-edge policy issue.”

Calling the EO a “good exercise for the industry,” Zapien says that “there is nothing that focuses on the need to come to a consensus like a deadline for a report.”

The message that the White House is sending with this EO is “that this is all hands on deck and we’re going to work across agencies on this,” Zapien says, adding that the cryptocurrency industry is already moving forward to address many of the issues raised in the order with the use of innovation and technology.

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)