A letter the tax bureau sent to a key senator says stronger penalties for failure to report cryptocurrency-based income gains might also help deter cyber criminals.
Sharing information with law enforcement about the beneficial ownership of companies trading cryptocurrencies and related entities is one of several ways the Internal Revenue Service could help combat cyber attackers that use decentralized ledger technology as a cloak for their escape, according to the bureau.
“The IRS generally may not share information it collects with [the Financial Crimes Enforcement Network] or other law enforcement agencies, like the FBI, currently receiving” reports regarding income in excess of $10,000, the bureau said in a recent letter to Sen. Maggie Hassan, D-N.H. “If those agencies can’t receive digital asset transaction information, it will significantly degrade the utility of the information they do collect.”
The letter explains that despite Congress calling for relevant federal agencies to contribute to a database on who ultimately owns and profits from a company—in the Corporate Transparency Act that became law with the National Defense Authorization Act of 2021—the IRS is not permitted to do so due to confidentiality provisions of the Internal Revenue Code.
The beneficial ownership database, which FinCEN is working to implement, has been a bipartisan effort aimed at countering money laundering and various other purposes for which criminals use shell companies. The IRS is empowered to levy penalties on “illicit money-transmitting businesses engaged in the use of both crypto and fiat currencies,” the bureau said, adding “enhancements to these civil and criminal penalties for egregious behavior in the cryptocurrency space could also be applied to promote voluntary compliance.”
A spokesperson for the IRS told Nextgov, “our responsive letter does not ask for a change in legislation.” Indeed the IRS was not asking, but responding to, questions in a letter Hassan had addressed to Commissioner Charles Rettig, along with Attorney General Merrick Garland, Homeland Security Department Secretary Alejandro Mayorkas, Securities and Exchange Commission Chairman Gary Gensler and FinCEN Acting Director Him Das.
Hassan’s office said only the IRS has so far replied to her letter, which highlighted cybercriminals’ use of cryptocurrency infrastructure after a town in her state lost $2.3 million. The perpetrators of that incident had fooled officials into turning the dollars over through a business email compromise, which is essentially a high-level phishing attack. The criminals then converted the fiat money into an untraceable cryptocurrency. Hassan’s letter notes that not all cryptocurrency exchanges are the same, but that those using decentralized systems are especially guilty of facilitating cyber crime by not requiring identifying information from their customers.
“Decentralized exchanges allow the direct exchange of cryptocurrency by using software to match buyers and sellers who wish to trade cryptocurrencies without an intermediary institution controlling the funds. Many decentralized exchanges have far less stringent [Know Your Customer] requirements than the centralized exchanges, and some have no KYC requirements at all,” she wrote. “Recent studies have found that many exchanges, both centralized and decentralized, have weak KYC requirements.”
While FinCEN has issued guidance for cryptocurrency exchanges on implementing KYC—improving the effectiveness of Suspicious Activity Reports the IRS helps to review for illicit activities like money laundering—the bureau is not currently allowed to cite a lack of compliance with KYC as grounds for an enforcement action.
Asked what additional authorities would assist in preventing and prosecuting the criminal use of cryptocurrency, Rettig said: “Either enhancing due diligence procedures on high-volume customers or implementing KYC requirements regardless of volume and risk is likely to decrease the volume of suspicious transactions, provide a stronger SAR program, and help identify both the business purpose of transactions and the source of funds. A stronger SAR program should, in turn, enhance recovery of stolen or embezzled funds or even prevent such crimes in the first place.”
Hassan has successfully invoked the plight of state and local entities in passing bipartisan legislation to send them federal cybersecurity aid in the way of grants and personnel.
“The release of this letter from the IRS comes as part of Senator Hassan’s work to crack down on criminals who use crypto, and she is now looking into how we can move on the IRS’s recommendations,” Hassan’s office told Nextgov following a press release Thursday.