AML/CFT Part 2: Sanctions Compliance and Law Enforcement in the DeFi Ecosystem

In the last post, we debunked the common misconception that DeFi protocols are out of compliance with current laws and policies in the U.S. In the DeFi ecosystem, there simply aren’t intermediaries to which to apply the Bank Secrecy Act (BSA) framework in the way that banks and traditional financial intermediaries are.

But that doesn’t mean DeFi participants don’t have an obligation to uphold U.S. sanctions or that law enforcement can’t combat illicit finance and sanctions evasion in the DeFi ecosystem. In the words of Treasury Secretary Janet Yellen just yesterday, “‘It’s not that [the cryptocurrency] sector is completely one where things can be evaded,’ she said.” According to the same Wall Street Journal article, Yellen “added that many participants in cryptocurrency networks are subject to anti-money laundering and sanction rules.” In this post, we’ll discuss in detail some of the ecosystem’s sanctions compliance efforts as well as law enforcement’s tactics within DeFi.

First, it’s important to note that under U.S. sanctions law, every U.S. person (people and businesses alike) anywhere in the world — including any U.S. person operating in the DeFi ecosystem — is prohibited from “facilitating” transactions with sanctioned entities.

In the DeFi ecosystem, one of the most prominent examples of sanctions compliance are efforts by websites that streamline access to underlying DeFi protocols.¹ To comply with sanctions obligations, a number of these “front end” websites implement a range of processes to prevent sanctioned persons or entities from using their websites to gain access to underlying DeFi protocols.

These tools generally fall into two categories: “geofencing” and wallet screening using “blockchain analytics.”

Geofencing is a process that creates a “virtual perimeter” around a sanctioned location to block users from those locations from accessing the website. In other words, geofencing aims to limit access to these websites based on a potential user’s location — for example, sanctioned jurisdictions. Geofencing software uses data including location information from users’ devices to disable or enable certain actions when a user enters the website.

Geofencing can be quite sophisticated. For example, geofencing services have moved beyond simply tracking a device’s IP address to leveraging multi-source geolocation data to establish where a user is located. This reduces the risk of bad actors spoofing their IP data to trick geofencing software, and it helps DeFi market participants meet their sanctions compliance duties.

Wallet screening using “blockchain analytics” tools are a different kind of screening tool that can be used to ensure compliance with sanctions. Blockchain analytics are a kind of software that aims to analyze the vast amount of transaction information produced by transparent blockchains to identify wallets participating in or linked to risky and/or illicit activities. In its simplest form, blockchain analytics tools can automatically flag sanctioned wallet addresses using a list regularly updated by the Treasury Department. Websites and other market participants that use blockchain analytics services can then easily and effectively block sanctioned wallets and avoid interacting with them.

Blockchain analytics tools have more advanced capabilities as well. For example, many of these tools can identify and group together addresses belonging to the same owner, a technique that prevents illicit actors from obfuscating their activity on the blockchain. This process allows DeFi market participants to pinpoint potentially suspicious transactions, identify wallet addresses that may be linked to bad actors or sanctioned entities, and develop a deeper understanding of the market and how different addresses interact with one another. This information is an important part of promoting sanctions compliance and preventing illicit financial activity in DeFi markets.

These tools are also used by law enforcement to great effect. In a recent notable case, the Department of Justice used blockchain analytics to trace stolen bitcoin across thousands of transactions. Their investigation resulted in the arrest of two individuals for money laundering and the seizure of $3.6 billion in bitcoin. And it’s certainly not the first time that law enforcement has been able to counter illicit finance in the crypto ecosystem.

Here’s a graphic in the Department of Justice’s filing in the recent $3.6 billion seizure and arrests that shows what analysis of transaction information on transparent blockchains can reveal. They traced stolen cryptocurrency from the initial hack of the victim virtual currency exchange (“Victim VCE”) through to an individual eventually arrested:

Victim VCE graph

As things currently stand, the DeFi ecosystem can in fact comply with U.S. sanctions regulations, and immutable public blockchains also provide law enforcement with solid ways to track illegal activity and apprehend criminals. But you may be wondering: how prevalent is illicit finance within DeFi, and how successful is law enforcement in combating illicit finance within DeFi when compared to the traditional financial system?

In our next blog post, we’ll tackle these questions and explore how crypto markets stack up against traditional financial markets in the fight against financial crime.


¹DeFi protocols themselves operate on decentralized networks like the ethereum blockchain and interacting with them directly can sometimes be cumbersome and technically complex. “Front-end” websites aim to streamline the process of using DeFi protocols and are sometimes operated by businesses obligated to comply with U.S. sanctions. Some examples for comparison: Services like Cornell’s Legal Information Institute makes it easier to interact with the U.S. Code and the Code of Federal Regulations and websites like streamline the process of comparing travel prices across numerous airlines, hotel chains, etc.