The U.S. Department of Justice’s (DoJ) Attorney General’s Cyber Digital Task Force has published a Report on Cryptocurrency Enforcement Framework. The Report defines virtual asset service providers (VASPs) in the following way:
“Individuals or entities operating as a business to conduct one or more of the following activities for or on behalf of another entity or individual:
i. exchanges between virtual assets and fiat currencies;
ii. exchanges between one or more forms of virtual assets;
iii. transfers of virtual assets;
iv. safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; or
v. participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.”
Moreover, it highlights three broad categories of illicit uses for which cryptocurrency is used:
1. Financial transactions associated with the commission of crimes (e.g. buying and selling drugs or weapons on the dark web, leasing servers to commit cybercrimes, or soliciting funds to support terrorist activity).
2. Engaging in money laundering (ML) or shielding otherwise legitimate activity from tax, reporting, or other legal requirements.
The requirements for exchanges to register, obtain licenses, and collect information about customers and their transactions are not consistent across international jurisdictions, potentially creating challenges for international law enforcement.
3. Committing crimes directly implicating the cryptocurrency marketplace itself (e.g. stealing cryptocurrency from exchanges through hacking or using the promise of cryptocurrency to defraud investors).
Finally, the Report explains the US laws which apply to VASPs and builds a link with the GDPR in light of the Schrems II judgement.