In November 2022, the Financial Industry Regulatory Authority (FINRA) launched a targeted crypto asset sweep, reviewing more than 500 retail communications related to crypto assets from member firms.

Monitoring the financial services industry to help companies navigate through regulatory compliance, enforcement, and litigation issues
In November 2022, the Financial Industry Regulatory Authority (FINRA) launched a targeted crypto asset sweep, reviewing more than 500 retail communications related to crypto assets from member firms.
Cryptocurrency, with its anonymity and decentralization, has revolutionized financial transactions. However, it has also opened doors for illicit activities, such as terrorist financing. Below we explore the role of cryptocurrency in terrorist financing, focusing on Hamas, a U.S.-designated terrorist organization.
On November 20, the Securities and Exchange Commission (SEC) instituted a civil enforcement action against Kraken, a major U.S. cryptocurrency exchange. The SEC alleged Kraken operated as an unregistered broker, dealer, exchange, and clearing agency, in violation of the Securities Exchange Act. The SEC’s lawsuit aims to prohibit Kraken from continuing these activities and seeks an unspecific amount of civil monetary penalties.
On November 20, 2023, the California Department of Financial Protection and Innovation (DFPI) issued an invitation for comments on proposed application-related rulemaking under the Digital Financial Assets Law (DFAL). This move comes after Governor Gavin Newsom signed Assembly Bill 39 and Senate Bill 401, which together create the DFAL. The DFAL and Senate Bill 401, signed into law by Governor Gavin Newsom on October 13, 2023, are set to regulate virtual currency activities within California, effective July 1, 2025.
On November 21, the U.S. Department of Justice (DOJ) unsealed its criminal indictment against Binance.com (Binance), the world’s largest cryptocurrency exchange, and its CEO, Changpeng “CZ” Zhao (CZ). The indictment against Binance contains three charges: (1) conspiracy to violate the Bank Secrecy Act (BSA) by failing to implement and maintain an effective anti-money laundering (AML) program; (2) conducting an unlicensed money services business; and (3) willful violation of the International Emergency Economic Powers Act (IEEPA). On the same day, at a press conference also attended by Treasury Secretary Janet Yellen and Commodity Futures Trading Commission (CFTC) Chairman Russ Behnam, Attorney General Merrick Garland announced Binance pled guilty to all charges, and the DOJ is requiring Binance to pay approximately $4.3 billion in criminal penalties and forfeiture. CZ also pled guilty to violating the BSA by failing to maintain an effective AML program. As a result, he must resign as Binance’s CEO and is awaiting criminal sentencing.
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently announced a Notice of Proposed Rulemaking (NPRM) that identifies international convertible virtual currency mixing as a class of transactions of primary money laundering concern and seeks to increase transparency around virtual currency mixing to combat its use by illicit actors.
On October 13, California Governor Gavin Newsom (D) signed Assembly Bill 39 (Digital Financial Assets Law). This new law broadly empowers the California Department of Financial Protection and Innovation (DFPI) to govern “digital financial asset business activity” and prohibits entities from engaging in such activity with California residents without obtaining a license from the DFPI, among other criteria.
On November 1, New York Governor Kathy Hochul announced that the state’s Department of Financial Services (NY DFS) has amended its Cybersecurity Regulations to “enhance cyber governance, mitigate risks, and protect New York businesses and consumers from cyber threats.” According to the NY DFS, key changes in the regulations include: enhanced governance requirements; additional controls to prevent unauthorized access to information systems and mitigate the spread of an attack; requirements for more regular risk assessments, as well as a more robust incident response plans; updated notification requirements; and updated direction for companies to invest in at least annual training and cybersecurity awareness programs that are relevant to their business model. The newly amended compliance requirements will take effect in phases.
On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.
The Securities and Exchange Commission’s Division of Examinations has outlined its 2024 Examination Priorities, with a significant focus on cryptocurrency, emerging technology, and Anti-Money Laundering (AML) laws. This has important implications for financial services. Our Regulatory Oversight blog has the details; key highlights are below.
In addition to cookies that are necessary for website operation, this website uses cookies and other tracking tools for various purposes, including to provide enhanced functionality and measure website performance. To learn more about our information practices, please visit our Privacy Notice.