HR4394-119

1. Short title This Act may be cited as the Compliant Operations of Decentralized Entities Act of 2025 or the the CODE Act of 2025.

2. Findings The Congress finds the following: In 2019, under the Trump Administration, the Financial Crimes Enforcement Network issued guidance (FIN–2019–G001) to clarify that decentralized finance applications may be required to register with the agency and comply with the Bank Secrecy Act, including anti-money laundering, recordkeeping, and reporting requirements. In 2019, under the Trump Administration, the Financial Crimes Enforcement Network published an advisory (FIN–2019–A003) noting that the prevalence of unregistered cryptocurrency entities without sufficient anti-money laundering controls enables illicit activity that threatens national security. In 2022, under the Biden Administration, the Federal Bureau of Investigation published a public service announcement (I–082922–PSA) encouraging decentralized finance services to institute real-time analytics, monitoring, and rigorous testing of the computer code to more quickly identify vulnerabilities and respond to indicators of suspicious activity. In 2023, under the Biden Administration, the Commodity Futures Trading Commission issued a report (Decentralized Finance), advocating for building regulatory compliance into decentralized finance systems and noting that areas like illicit finance compliance and cybersecurity are ripe for this kind of near-term action by software developers. Decentralized finance services may be subject to Bank Secrecy Act requirements, but there is a lack of standardization across decentralized finance services and compliance processes. Decentralized finance services present unique cybersecurity risks and have been vulnerable to exploitation campaigns by North Korean threat actors. Decentralized finance services and the broader cryptocurrency ecosystem could benefit from a set of technological controls that are coherent, consistent, and capable of satisfying Bank Secrecy Act requirements.

3. Public-private partnership program for decentralized finance services Not later than 6 months after the date of enactment of this Act, the Secretary of the Treasury, in consultation with the Financial Crimes Enforcement Network, the Office of Foreign Assets Control, the Federal Bureau of Investigation, the United States Secret Service, the National Institute of Standards and Technology, the Cybersecurity and Infrastructure Security Agency, and such other relevant agencies as determined by the Secretary of the Treasury, shall develop a public-private partnership program with decentralized finance services and relevant risk management experts to— focus on decentralized finance applications and front-end user interfaces; consider integrating anti-money laundering, identity verification, sanctions, and cybersecurity controls and other technological solutions into decentralized smart contracts prior to deployment on a public blockchain network; test the capabilities of such integrated controls in decentralized smart contracts; consider establishing a regulatory gateway to external, verifiable data inputs and outputs that are capable of upgrading smart contract behavior after it has been deployed; and provide legislative and regulatory recommendations related to integrated compliance mechanisms for decentralized finance services. Participants selected for the public-private partnership program required under subsection (a) shall not include a decentralized finance service owned or controlled, directly or indirectly, by a covered person. The public-private partnership program developed under subsection (a) shall terminate 18 months after the date of enactment of this Act. Nothing in subsection (a) shall be construed to limit, impair, or otherwise affect the supervisory, regulatory, or enforcement authority or the jurisdiction of the agencies described in subsection (a) under any applicable law. The Secretary of the Treasury shall share the recommendations provided pursuant to subsection (a)(5) with other appropriate agencies, and such agencies shall take the recommendations into account when issuing rules or carrying out supervisory functions.

4. FinCEN advisory Not later than 18 months after the date of enactment of this Act, the Financial Crimes Enforcement Network shall publish an advisory related to the responsible development, deployment, and ongoing operation of decentralized finance services on a public blockchain network for the purposes of strengthening compliance with the Bank Secrecy Act.

5. Rulemaking to modernize and strengthen Bank Secrecy Act requirements for decentralized finance services Not later than 30 months after the date of enactment of this Act, the Secretary of the Treasury shall issue a rule to— further define the terms decentralized finance service and decentralized smart contract; and expressly require that a decentralized finance service implements and maintains— a risk-based anti-money laundering program that meets the requirements under the Bank Secrecy Act; and a risk-based sanctions compliance program.

6. Definitions In this Act: The term Bank Secrecy Act means— section 21 of the Federal Deposit Insurance Act (12 U.S.C. 1829b); chapter 2 of title I of Public Law 91–508 (12 U.S.C. 1951 et seq.); and subchapter II of chapter 53 of title 31, United States Code. The term covered person means— the President; the Vice President; a Member of Congress; a senior executive branch employee; or the spouse, child, son-in-law, or daughter-in-law, as determined under applicable common law, of any individual described in subparagraph (A), (B), (C), or (D). The term decentralized finance service means a protocol, application, or service that, through the use of decentralized smart contracts deployed on a public blockchain network, facilitates digital asset transactions or the exchange of digital assets for other digital assets or fiat currency and may include— a peer-to-peer digital asset trading platform; a digital asset lending protocol; a digital asset staking or liquidity service; a digital asset mixing service; a cross-chain bridge service provider; or any other decentralized finance service determined by the Secretary of the Treasury. The term decentralized smart contract means a digital contract or collections of computer code on a public blockchain network that are automatically executed if specific conditions are met. The term public blockchain network means an open source, decentralized, permissionless distributed ledger system that records digital asset transactions. The term risk management expert means a person or entity with specialized knowledge or expertise in identifying, preventing, and managing illicit finance, cybersecurity, or compliance risks associated with decentralized finance services, and may include— an identity verification software provider; a fraud detection service; a blockchain analytics firm; a smart contract auditor; a blockchain oracle service; a blockchain cybersecurity service; and any other relevant risk management experts as determined by the Secretary of the Treasury. The term senior executive branch employee means an executive branch employee— who is employed in a position listed in section 5312 of title 5, United States Code, or for which the rate of pay is equal to the rate of pay payable for level I of the Executive Schedule; who is employed in a position— in the Executive Office of the President; and listed in section 5313 of title 5, United States Code, or for which the rate of pay is equal to the rate of pay payable for level II of the Executive Schedule; who is appointed by the President pursuant to section 105(a)(2)(A) of title 3, United States Code; or who is appointed by the Vice President pursuant to section 106(a)(1)(A) of title 3, United States Code.