FinCEN Proposes Designating CVC Mixing as a Money Laundering Concern

By Alma Angotti, Gene Bolton

What's New?

On October 19, 2023, the Financial Crimes Enforcement Network (FinCEN) announced a Notice of Proposed Rule Making (NPRM) that identifies Convertible Virtual Currency (CVC) mixing (CVC mixing) as a class of transactions of primary money laundering concern pursuant to Section 311.  This is the first time FinCEN has designated a class of transactions under Section 3111. The NPRM proposes rules that would require covered financial institutions to implement certain recordkeeping and reporting requirements for transactions involving CVC mixing.


Detailed Highlights

Current State: Regulatory Requirements and CVC Mixing

One of the primary differences between crypto and traditional finance is that crypto-currency transactions are traceable on publicly available blockchains. CVC mixing, however, uses anonymity-enhancing technologies to make crypto harder to trace. Due to the numerous illicit applications of CVC mixing, it has long been (in crypto years) a known money laundering typology2. The Office of Foreign Assets Control (OFAC) has, in fact, designated certain mixing services as Specially Designated Nationals and Blocked Persons (SDNs) (see: Tornado Cash) due, at least in part, to the fact they are a CVC mixing service.

Currently, covered financial institutions (FIs) with CVC mixing exposure (such as CVC exchanges), are required to report suspicious activities if there is activity by, at, or through the institution that meets Suspicious Activity Report (SAR) filing criteria. For example, CVC exchanges with hosted wallets may file a SAR if a customer receives digital assets directly from a known CVC mixing service. Whether an institution files a particular SAR, however, is based on the totality of circumstances (i.e., whether the exposure is direct or indirect), and other red flags—or mitigants—about that particular customer. 

Future State: Proposed Requirements and Implications

This proposed rule does not change a covered FI’s SAR filing obligations, but instead imposes new reporting requirements on CVC mixing as a class of transactions. Spe-cifically, covered FIs would be required to report "covered transactions” to FinCEN within 30 calendar days of initial detection, regardless of whether such transactions were already reported in a SAR3.

FinCEN defines “covered transactions” as “A transaction as defined in 31 CFR 1010.100(bbb)(1) in CVC by, through, or to the covered financial institution that the covered financial institution knows, suspects, or has reason to suspect involves CVC mixing within or involving a jurisdiction outside the United States.

Importantly, FinCEN states that “…covered transactions do not include transactions that are only indirectly related to CVC, such as when a CVC exchanger sends the non-CVC proceeds of a sale of CVC that was previously processed through a CVC mixer from the CVC exchanger’s bank account to the bank account of the customer selling CVC.4” In other words, off-ramping transactions in fiat would not be considered a covered transaction, even if the crypto was involved in CVC mixing.

In the NPRM, FinCEN highlights several different types of CVC mixing methods, but notes that one of the most common is the use of mixers—like Tornado Cash. “CVC mixers can accomplish this through a variety of mechanisms, including: pooling or aggregating CVC from multiple individuals, wallets, or accounts into a single trans-action or transactions; splitting an amount into multiple amounts and transmitting the CVC as a series of smaller independent transactions; or leveraging code to coordinate, manage, or manipulate the structure of the transaction…5

FinCEN, however, explicitly states that CVC mixing does not solely rely on the use of a CVC mixing service. In the NPRM, FinCEN highlights methods that may be indicative of CVC mixing, such as “peel chains”6 and “chain hopping,”7 among other methods. Covered FIs, therefore, may need to implement new monitoring techniques to detect activity indicative of CVC mixing, beyond simply looking at exposures to mixing services8.

FinCEN would require covered FIs to report the following information about a covered transaction9:

  1. Amount of any CVC transferred, in both CVC and its US dollar equivalent, when the transaction is initiated;
  2. CVC type;
  3. CVC mixer used, if known;
  4. CVC wallet address associated with the customer;
  5. Transaction hash;
  6. Date of transaction; 
  7. IP addresses and time stamps associated with the covered transaction; and
  8. Narrative of activity observed.

FinCEN would also require covered FIs to report the following customer information associated with the covered transaction10

  • Customer’s full name;
  • Customer’s date of birth;
  • Address;
  • Email address associated with any and all accounts from which or to which the CVC was transferred; and 
  • Unique identifying numbers.


What This Means for Your Organization

As part of the NPRM, FinCEN is requesting comments on specific matters. If you are an impacted FI, then you should review these specific matters and provide comments, as appropriate. In addition, impacted FIs should start reviewing current systems, processes, and controls to assess (a) their exposure to CVC mixing; and (b) ability to detect and potentially report transactions as required.

Industry participants may also argue that there are legitimate applications for CVC mixing. FinCEN addresses this perspective in the NPRM (See: The extent to which the class of transactions is used for legitimate business purposes), but does not offer much by way of specificity. Although FinCEN states “…CVC mixing may be used for legitimate purposes, such as privacy enhancement for those who live under repressive regimes or wish to conduct licit transactions anonymously,” most of this section highlights the illicit nature of CVC mixing, despite its title. This section is a telling sign of Treasury’s expectations—that CVC mixing should be generally  regarded as suspicious, regardless of other factors. As a result, impacted FIs, at a minimum, should consider reviewing investigative protocols and detection systems to ensure they are able to identify CVC mixing and file SARs, as appropriate. 

This article was contributed by Matt Alicona.


1 Financial Crimes Enforcement Network. 10AD. Review of Proposal of Special Measure Regarding Convertible Virtual Currency Mixing, as a Class of Transactions of Primary Money Laundering Concern. FinCEN. 23, 10AD.
3 See Footnote 1.
4 See Footnote 1.
5 See Footnote 1.
6 FinCEN defines Peel Chains as “the use of single-use wallets, addresses, or accounts…in a series of unnatural transactions that have the purpose or effect of obfuscating the source and destination of funds by volumetrically increasing the number of involved transactions, thereby decreasing the probability of determining both intended persons for each unique transaction.”
7 FinCEN defines Chain Hopping as a method that “involves exchanges between two or more types of CVC or other digital assets…to facilitate transaction obfuscation by converting one CVC into a different CVC at least once before moving the funds to another service or platform, thereby decreasing the probability of determining both intended persons for each unique transaction.”
8 Covered domestic financial institutions may need to modify or replace the current systems in place used to detect other types of illicit activity in virtual currency transactions, such as sanctions compliance systems, to detect transactions involving CVC mixing. Such burdens are commensurate with established AML/CFT protocols.
9 See Footnote 1.
10 See Footnote 1.

Alma Angotti, Partner

Gene Bolton, Associate Director

Let Us Help Guide You

Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.