Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Feds ramp up to tame ‘wild west’ of crypto crime

During our time investigating FCPA violations for the FBI and the DOJ, we learned money launderers embrace innovation quickly for the simple objective of self-preservation. Their leveraging of cryptocurrency has accelerated the risk and compliance challenges to organizations around the globe.

For example, at an October 2022 press conference, the DOJ announced a counterintelligence investigation of two Chinese intelligence officers who paid a total of $61,000.00 in Bitcoin in an attempt to bribe a double agent controlled by the FBI. The charges included money laundering violations. 

The DOJ Fraud Section’s Market Integrity and Major Fraud Unit — which sits within feet of the DOJ’s FCPA Unit — has been successfully prosecuting complex financial crimes with cryptocurrency connectivity for several years. The sharing of newly identified criminal schemes and innovative investigative techniques is a regular occurrence within Fraud Section.

The U.S. government’s ability to investigate and prosecute complex cryptocurrency-related matters has been strengthened more recently with the establishment of DOJ’s National Cryptocurrency Enforcement Team in 2021 and the doubling of the SEC’s Crypto Assets and Cyber Unit to 50 personnel in May 2022.

Beyond the use of crypto in bribe schemes, recent scandals within the crypto industry have resulted in potentially $10 billion in losses to individual and corporate victims. Despite these losses, including the recent FTX crypto fraud debacle, digital currency, commonly referred to as virtual assets, continues to become more mainstream in business operations and important market opportunities. The lure of real-time, inexpensive global money transfers and access to an important growing demographic is too enticing for many organizations to ignore the increasing use of cryptocurrency.

The nascency of the crypto industry has created opportunities for bad actors to withdraw to jurisdictions that require minimal AML oversight. The belief is that these locations make it easier to conduct money transfers between cryptocurrency exchanges without scrutiny and regulatory oversight, thus presenting real challenges in conducting due diligence. These exchanges, commonly known as virtual asset service providers (VASPs), are the vehicles buyers and investors use to purchase and exchange cryptocurrency. An investor entrusts their capital and funds to these exchanges, and they are at the mercy of the exchange to access their money.

However, due to the valuable market share to be gained, many VASPs are determined to operate within the jurisdiction of the U.S., and many others unknowingly are, despite their overseas base location. The most trustworthy exchanges are well-known names that are incorporated in the U.S., with an extensive track record of corporate governance, collecting know-your-customer information, and responding to requests for information.

Within U.S. jurisdictions, virtual asset service providers are considered Money Service Providers under the Financial Action Task Force (FATF) standards and by FinCEN. This categorization triggers AML compliance under the Bank Secrecy Act.

The FATF has extended the so-called Travel Rule recommendations  to virtual assets and VASPs, starting in 2019. The Travel Rule essentially states that crypto companies must “screen, record, and communicate the information of both sender and recipient for crypto transactions that exceed $1,000.” Failure to comply with these requirements could result in losing their operating license. This has provided a more consistent and effective framework to address some of the money laundering and ultimate beneficial ownership risks, but much more work is still needed.

The reality is most virtual assets are transferred to private non-custodial digital wallets for storage via the blockchain to avoid theft from hacking. The transfers and amounts are public using various blockchain technologies. Still, these digital wallets are owned by individuals who lack regulatory oversight; therefore, no requirements exist to provide personally identifiable information. For bad actors, these private wallets provide havens from government investigations and potential forfeiture. This represents the “wild west” nature of the industry, and serving legal process for identification, account analysis, forfeiture, or seizure is essentially non-existent.

Similar to traditional AML detection, frequency and volume, among others, can be important indicators of misconduct when assessing virtual asset transactions. High-value with high-frequency transactions, clusters, or numerous transactions below amount thresholds, or post transaction, immediate cryptocurrency withdrawals, could all be considered red flags. Nuanced red flags exist in cryptocurrency as well. A few examples include:

  • The use of duplicate IP addresses across multiple accounts and users.
  • The use of untrusted or unknown IP addresses.
  • Multiple account openings in a short time by the same user.

Crypto misuse, including its connections to being used for illicit purposes, poses a significant risk to corporations that have U.S. interests, clients, or presence. An ability to assess and address AML red flags must be incorporated into any organization’s framework.

Examining the source of virtual assets is thus critical. 

The technology complexities and lack of regulatory oversight have helped establish an ever-changing and confusing cryptocurrency ecosystem that requires specific expertise, technical assistance, and the need for organizations to assess the risk accurately. Organizations that effectively manage these risks can avoid serious business harm while simultaneously positioning themselves to make informed business decisions on market opportunities that may require legitimate cryptocurrency connectivity. 


Robert Appleton, pictured above left, is a partner at the New York-based law firm of Olshan Frome Wolosky LLP and specializes representing both foreign and US companies and individuals in cross border matters, including asset recovery, whistleblower claims, defending companies and individuals before US regulatory agencies. Robert spent more than 14 years in the US Department of Justice (DOJ) as a senior and later supervisory federal prosecutor leading numerous high profile international fraud and corruption cases, money laundering and international trade prosecutions.

George “Ren” McEachern, above right, is a former FBI Supervisory Special Agent and in 2015 was selected to lead the FBI’s Washington Field Office, International Corruption Squad. In this role, Ren led a team of Special Agents, Forensic Accountants, and Intelligence Analysts with a focus on investigations related to the FCPA, International Money Laundering, Kleptocracy and Antitrust violations. Currently, Ren is the Founder and President of TrustStorm, based in Arlington, Virginia.  

Share this post


Comments are closed for this article!