Treasury Department to crack down on crypto in response to hacks
Following the attacks on JBS and Colonial Pipeline, the US Treasury Department will likely consider stepping up enforcement of anti-money laundering laws and adopt new reporting requirements for cryptocurrency transactions.
In ransomware attacks, hackers demand payments after excluding victims from their computer networks; de-anonymizing payments could discourage these hackers from continuing to push such ransomware extortion schemes. Currently, hackers are using digital currencies to avoid regulations within the traditional financial system. If the Treasury Department applies many of the same anti-money laundering laws to cryptocurrency transactions, it could help identify cybercriminals (and possibly reduce the number of attacks).
What would help make these regulations effective? Well, requiring disclosure of who is using the digital wallet and where the cryptocurrency ransom is being sent would be a start. Lawmakers may also consider monitoring the exchange of cryptocurrencies against other currencies (such as the US dollar). The problem? U.S. cryptocurrency regulations would not reach overseas, where cybercriminals often cash in their funds. Of course, US authorities could use sanctions to prevent trading of US dollar transactions, unless all participants agree to use a crypto-declaration system.
Of course, this is not the first time that this oversight has been mentioned. Late last year, the Treasury Department proposed a rule requiring banks and stock exchanges to report transactions over $ 10,000 using digital wallets NOT hosted by a financial institution. This is similar to the existing rules for cash withdrawals exceeding this amount. This type of reporting rule would help law enforcement to track the flow of money for cybercrime.
Crypto exchanges must already report suspicious transactions from customers. The proposed rule would add reports when unhosted wallets are involved, whether or not the transaction is considered suspicious. Non-hosted wallets are similar to anonymous bank accounts.
The proposed rule came after US companies were warned that paying a ransom to hackers could violate US sanctions. The warning encouraged companies to cooperate with law enforcement to protect themselves against liability for mistakenly paying a ransom to a sanctioned entity.
A Treasury Department spokeswoman said the proposed rule for reporting crypto transactions “is actively evolving in the rule-making process” after receiving thousands of comments in response.
When cyber attacks on large companies like JBS and Colonial Pipeline affect consumer gas prices and the availability of meat at the grocery store, it will likely lead to increased public scrutiny and a call to action on the cryptocurrency and other ransomware issues.
Of course, the underlying problem with these ransomware attacks is the lax (or lack of) security measures to protect the data hosted at those companies that have been (and will be) attacked. Businesses need to focus on security and prevention to prevent these attacks from happening and to avoid having to negotiate and pay a ransom.
Copyright Â© 2021 Robinson & Cole LLP. All rights reserved.Revue nationale de droit, volume XI, number 161