In Short
The Situation: Terrorists may be
increasingly turning to cryptocurrencies to evade sanctions and
finance terrorist acts, as recent prosecutions and reports suggest.
Under the Antiterrorism Act (“ATA”), as amended by the
Justice Against Sponsors of Terrorism Act (“JASTA”),
companies working with cryptocurrencies may expose themselves to
civil terrorism litigation or governmental investigations if they
indirectly support operatives perpetrating terrorist
acts—such as through the provision of banking services, or
assistance transacting with, transferring, or “mixing”
cryptocurrencies.
The Result: Cryptocurrency companies may
find themselves targeted in civil actions and criminal
investigations as the use of cryptocurrencies by terrorists
continues. Even when such claims rest on weak foundations, ATA
cases may require costly investigations and litigation.
Looking Ahead: Companies should review
their due diligence practices with respect to existing customers
and new business opportunities to account for sanctions compliance
considerations and exposure under the ATA, particularly to the
extent they or their suppliers or counterparties operate in regions
where terrorism is prevalent. Companies should also prepare to
retain seasoned ATA litigation counsel should they face allegations
in connection with terrorism-related civil litigation and criminal
investigations.
Reported Terrorist Use of Cryptocurrencies
Since the late 2000s, cryptocurrencies have exploded in growth and popularity. Even
accounting for recent turbulence in the sector, such
currencies—including Bitcoin, Litecoin, and
Ethereum—and organizations participating in that sector
continue to proliferate. Most cryptocurrencies are not managed by
central authorities or administrators. Instead, they rely on
algorithms and distributed ledgers (sometimes referred to as
“blockchains”) for accounting, and on cryptography for
security and transaction validation. Although cryptocurrencies can
serve a variety of purposes, their decentralized nature and the
potential anonymity of users make them especially attractive to
criminals, including terrorists.
The U.S. government and the United Nations (“U.N.”)
have sounded the alarm about the potential malign uses of
cryptocurrencies by criminal enterprises. The U.N. Security Council
has expressed “grave concern” at
the potential for financial technologies such as cryptocurrencies
to be “misused, including for terrorist financing.” The
U.N. Counter-Terrorism Committee Executive Directorate estimates that the use of
cryptocurrencies by terrorist organizations is
growing—financing as many as 20% of terrorist attacks.
Because some features of cryptocurrencies make them attractive
to malicious actors, companies operating in the cryptocurrency
space—token manufacturers and “miners”; those
enabling businesses to transact using cryptocurrencies; those
“mixing” cryptocurrencies (a process enabling even
greater anonymity); and others—may face heightened risks of
being exploited by terrorists.
Among other things, cryptocurrency technologies “pose a
more complex money trail for financial investigators to
follow.” Foreign states—including North Korea and
Iran—have relied on that feature to circumvent U.S. sanctions. As documented by the Congressional Research
Service, North Korea recently attempted to convert one
cryptocurrency into another (a practice referred to as
“chain-hopping”) to launder stolen cryptocurrency and to
evade sanctions.
Laying the foundations for future efforts, the U.S. Attorney
General’s Cyber-Digital Task Force described the increasing role of
cryptocurrency technologies “in many of the most significant
criminal and national security threats our nation faces.” In
2020, following criminal investigations, the Department of Justice
(“DOJ”) employed civil forfeiture tools to try to disrupt
Al-Qaeda’s bitcoin money laundering network as well as a scheme
by another terrorist organization to solicit bitcoin donations from
its supporters on social media. (Following the first known use of a
nonfungible token by a terrorist organization in September 2022,
the DOJ may expand its disruption efforts to other digital
instruments.) In 2021, the DOJ formed the National Cryptocurrency
Enforcement Team to lead complex investigations and prosecutions of
“criminal misuses of cryptocurrency.”
In July 2022, President Biden issued Executive Order 14067,
“Ensuring Responsible Development of Digital Assets.”
Warning of the role of digital assets such as cryptocurrencies in
terrorist financing, the President directed a range of federal
agencies—including the DOJ as well as the Departments of
State, Defense, the Treasury, and Homeland Security—to, among
other things, take steps to “mitigate the illicit finance and
national security risks posed by misuse of digital
assets.”
Both before and after the issuance of E.O. 14067,
cryptocurrencies have drawn scrutiny from officials at a range of
other U.S. agencies. For example, shortly after the Order was
issued, the Treasury’s Office of Foreign Assets Control
(“OFAC”) sanctioned two “virtual currency
mixer[s],” Blender.io and Tornado Cash, for their role in
efforts to launder the proceeds of cybercrimes, particularly by a
sanctioned North Korean state-sponsored hacking group. In October
2022, OFAC and the Financial Crimes Enforcement Network
(“FinCEN”) announced settlements with Bittrex, Inc.,
a Washington-based virtual currency exchange, following accusations
that Bittrex willfully violated multiple sanctions programs as well
as the Bank Secrecy Act’s anti-money laundering and suspicious
activity reporting requirements. Most recently, in April 2023, the
Treasury published the 2023 DeFi Illicit Finance
Risk Assessment, signaling the U.S. government’s growing
interest in decentralized finance (“DeFi”) and the
threats posed by illicit actors exploiting DeFi services.
The U.S. Congress has likewise taken aim at the crypto industry.
In December 2022, Senators Elizabeth Warren and Roger
Marshall introduced the Digital Asset Anti-Money
Laundering Act, aimed at bringing digital assets “into greater
compliance” with existing anti-money laundering/countering the
financing of terrorism (“AML/CFT”) regulations. And, in
March 2023, a bipartisan group of senators accused crypto exchange Binance of
evading U.S. regulators and being “a hotbed of illegal
activity.”
The United States is not alone in its efforts to impede
criminals’ cryptocurrency initiatives. In 2021, for example,
Israel began seizing cryptocurrency accounts
used by the terrorist group Hamas to raise money for the
group’s military campaigns. (One cryptocurrency
exchange estimated that, as of 2021, Hamas had
raised almost $1 million in cryptocurrency—more than any
other terrorist organization.) Foreign governments are also
updating their laws: The European Union Parliament and Council
recently agreed to new rules for tracking
cryptocurrency transfers to prevent money laundering and terrorist
financing, and the United Kingdom passed legislation making it easier for
law enforcement agencies to seize cryptocurrencies linked to
terrorist activities.
These recent actions exemplify governments’ increasing focus
on cryptocurrencies and policing their use.
The Legal Framework
Civil Liability. The ATA provides for a
federal civil cause of action for U.S. nationals injured by acts of
international terrorism. In 2016, Congress passed JASTA, which
extended liability to anyone that aids and abets acts of
international terrorism “by knowingly providing substantial
assistance.” 18 U.S.C. § 2333(d)(2). To bring a claim,
plaintiffs must allege facts showing (i) an injury caused by an act
of international terrorism; (ii) that the act was committed,
planned, or authorized by a designated Foreign Terrorist
Organization (“FTO”); and (iii) that the defendant aided
and abetted the terrorism by knowingly providing substantial
assistance. In analyzing the third element of aiding and abetting
civil liability, courts consider (i) whether plaintiffs alleged the
defendant was “generally aware” that it was playing a
role in the FTO’s unlawful activities from which the terrorist
attacks were foreseeable; and (ii) whether the defendant provided
knowing and substantial
assistance. See, e.g., Kaplan
v. Lebanese Canadian Bank, SAL, 999 F.3d 842, 856, 860 (2d
Cir. 2021). The Supreme Court has recently held that for knowing
and substantial assistance, a defendant must “consciously,
voluntarily, and culpably participate in” the terrorist act
that injured plaintiffs. Twitter, Inc. v. Taamneh,
143 S. Ct. 1206, 1223, 1230 (2023).
Prior to the Taamneh decision, recent
decisions from appellate courts show that companies accused of
aiding and abetting may face, at a minimum, years of costly civil
discovery. In Kaplan, the U.S. Court of Appeals for
the Second Circuit noted that a defendant’s “general
awareness” that it was assisting terrorism could be pled by,
among other things, citing media reports suggesting a connection
between its customers and a terrorist organization. 999 F.3d at
864.
Likewise, the U.S. Court of Appeals for the District of Columbia
Circuit allowed ATA claims against medical-supply and manufacturing
companies to proceed in Atchley v. AstraZeneca UK
Ltd., 22 F.4th 204, 220 (D.C. Cir. 2022). Plaintiffs alleged
that the defendant companies entered into contracts with the Iraqi
Ministry of Health, which the plaintiffs alleged was controlled by
an organization that was intertwined with Hezbollah. According to
the Atchley court, the “allegations
support[ed] an inference that [the] defendants were generally aware
they were engaged in illegal
activity.” Id.
Together, Kaplan
and Atchley show the risks of dealing with
customers or contractual counterparties who may be alleged to be
terrorists or intermediaries of terrorists. It remains to be seen
whether Taamneh—in which the Court narrowed the scope of liability under the
ATA—will prompt lower courts to more readily dismiss
terrorism-based claims against companies accused of supporting acts
of terrorism.
Criminal Liability. The ATA also
criminalizes the provision of any “material support” to
terrorists, 18 U.S.C. § 2339A(a), and
FTOs, id. § 2339B(a) as well as
“willfully provid[ing] or collect[ing] funds” to be used
to carry out terrorism, id. § 2339C(a). It
is, in turn, unlawful to launder funds in connection with any of
those offenses. Id. § 1956(a). In addition,
foreign governments may seek to investigate and police the use of
crypto assets by terrorists.
The DOJ’s recent prosecution of Lafarge S.A. signals the
U.S. government’s growing interest in enforcing the ATA against
corporations. Lafarge, a French cement maker, and its Syrian
subsidiary pleaded guilty to providing material support and
resources to the Islamic State of Iraq and al-Sham and the Al-Nusra
Front. Following its plea, Lafarge, which reportedly reaped $70
million in total sales revenue from the scheme, was ordered to pay
fines totaling $777.78 million in addition to being placed on
probation. Following the guilty plea, in March 2023, the
DOJ announced an increase in the number of
prosecutors focused on counterintelligence and exports controls. If
the Lafarge plea agreement and the DOJ’s staffing announcement
foreshadow future prosecutions, companies should anticipate greater
government scrutiny and the potential for costly
investigations.
Risks to Companies Working With Cryptocurrencies
Parties that engage with cryptocurrency—whether to issue
tokens, process or validate transactions, maintain accounts on
behalf of customers, or trade—should be sensitive to this
shifting legal landscape. In particular, given the growing use of
cryptocurrencies to evade U.S. sanctions and fund acts of terrorism
and the increasing U.S. government enforcement efforts in the
industry, such parties should take steps to mitigate their
risks.
A customer’s use of cryptocurrency to evade sanctions or
support terrorist attacks may be the basis for future ATA/JASTA
civil claims or criminal prosecutions. As a result, legitimate
businesses may find themselves in the crosshairs of governmental
investigations and civil litigation. Even apart from any ultimate
civil liability, companies working with cryptocurrencies may find
themselves forced to engage in extensive civil discovery. While
acknowledging that such discovery could be “intrusive,”
the Atchley court permitted claims against the
defendants to proceed because of the “challenges of
establishing a defendant’s state of mind without the benefit of
discovery.” 22 F.4th at 220. Moreover, the risks of
investigations by U.S. government agencies are increasing. On the
heels of its major win securing the Lafarge plea agreement, the DOJ
may be eager to bring additional criminal prosecutions under the
ATA. Such criminal investigations will no doubt overlap with civil
investigations by the other federal agencies taking interest in
cryptocurrencies—including OFAC, FinCEN, the U.S. Securities
and Exchange Commission, and the Commodity Futures Trading
Commission. As with civil discovery, such investigations will be
time-consuming and costly.
Reducing the Risks
Companies working with cryptocurrencies should take steps to
limit their exposure to legal, financial, and reputational harms.
First, companies should consider conducting risk assessments to
understand how, if at all, their services may be exploited by bad
actors and how to minimize that risk. Such assessments may be
conducted on a confidential and privileged basis with the
assistance of outside counsel. Companies should also consider
reviewing their policies, procedures, and practices to ensure
compliance with relevant laws and regulations. Moreover, if a
company receives an allegation of misconduct involving
cryptocurrencies or uncovers any concerning conduct by its
employees, agents, or customers, the company should engage
qualified legal counsel to determine next steps, including whether
an internal investigation is called for and whether modification of
corporate practices, enhancement of employee training, or other
remediation is necessary.
Second, cryptocurrency companies should consider implementing
due diligence procedures to mitigate against future litigation
exposure under the ATA, in addition to those already in place to
address sanctions and AML compliance considerations. For banks and
other financial institutions, such procedures should meet or exceed
ordinary “Know Your Customers” industry standards.
Companies should monitor OFAC’s list of sanctioned individuals and
entities before engaging new customers and consider whether to
screen existing customers on a regular basis.
Third, cryptocurrency companies should familiarize themselves
with the red flags indicative of terrorist funding. In addition to
U.S. government guidance, such as
OFAC’s Sanctions Compliance Guidance for the Virtual
Currency Industry, the international Financial Action Task
Force’s Terrorist Financing Risk Assessment
Guidance outlines some of the strategies companies
can take to identify and prevent abuse of those companies’
services.
Finally, given the evolving landscape of virtual currencies
generally, and cryptocurrencies in particular, companies should
keep apprised of changes in the law that are relevant to their
business models and geographic and industry profiles.
Four Key Takeaways
- Cryptocurrencies are an expanding source of funding for
terrorist groups around the world. - Under the ATA, companies that are generally aware they are
indirectly supporting terrorist acts may be secondarily liable.
Recent decisions by courts of appeals have relaxed the standard for
alleging such general awareness, and ATA secondary-liability cases
are surviving motions to dismiss. It remains to be seen whether
recent Supreme Court precedent narrowing the standard will prompt
lower courts to more readily grant motions to dismiss. - The ATA also criminalizes support for terrorism. As indicated
by the recent Lafarge plea agreement, the risks of investigations
by the DOJ and other U.S. government agencies are multiplying. - Companies working with cryptocurrencies should take steps to
anticipate and mitigate against legal risks under the ATA,
including conducting risk assessments and implementing due
diligence procedures.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.