A new audit from the Justice Department’s (DoJ) Office of the Inspector General (IG) found that the U.S. Marshals Service (USMS) needs to implement new policies and procedures to improve its management of seized cryptocurrency.
Due to its virtual nature and often high degree of anonymity, cryptocurrency has been increasingly attractive to criminals conducting illegal business transactions. To combat this, DoJ has used its statutory authority to seize cryptocurrency used in illicit activity, and the USMS has been appointed the primary custodian for the seized assets.
In this role, USMS has implemented adequate safeguards over the storage of and access to seized cryptocurrency in its custody. But, said the DoJ IG, USMS still needs to take additional steps to properly track and organize its cryptocurrency assets through improved inventory management.
Currently, DoJ’s official seized-asset tracking system – the Consolidated Asset Tracking System (CATS) – does not have the necessary functionality to enable daily management of cryptocurrency assets. Therefore, USMS has turned to supplemental spreadsheets to track seized assets.
However, these spreadsheets lack documented operating procedures and other important inventory management controls.
“Without periodic reconciliations, seized assets could be mismanaged and inventory records could be fraudulently altered without detection,” the report says. “These deficiencies risk an inaccurate accounting of cryptocurrency in USMS custody and the potential for a loss of assets.”
Additionally, the audit highlights that current USMS seized cryptocurrency management policies – specific to asset storage, quantification, valuation, and disposal – are inadequate, absent, and in some instances provide conflicting guidance. Addressing these issues could help the USMS ensure that seized asset records include information critical to managing cryptocurrencies, such as the asset type and quantity.
“Better documenting its required practices for the management of seized cryptocurrency [could also] help USMS ensure that its employees, especially new employees, know and understand what is expected of them when handling seized cryptocurrency,” the audit states.
The USMS is actively seeking to outsource the management of seized cryptocurrency. And while the IG stated that it finds no issue with the possibility of a cryptocurrency service contract, the USMS does currently have a proper foundation to award that type of contract. The USMS should establish seized cryptocurrency policies and procedures related to inventory management, asset storage, quantification, valuation, and disposal before handing over its seized cryptocurrency responsibilities to a contractor, the IG said.
“We believe this will best prepare the USMS to ensure the future contractor’s services meet USMS’s needs and expectations,” the report noted.
Overall, the IG offered seven recommendations to the USMS:
- Manage cryptocurrency inventory records in a property management system designed with necessary features to maintain appropriate controls over cryptocurrency.
- Establish policy requirements for the proper use, security, and handling of cryptocurrency inventory spreadsheets.
- Develop and implement formal processes and procedures to identify, handle, document, and dispose of anonymity-enhanced cryptocurrency.
- Require the recording of quantity of seized cryptocurrency in CATS, and in the USMS’s inventory record down to the exact decimal to ensure that fractional cryptocurrency units are not lost or overlooked due to rounding or approximation.
- Develop and implement policies and procedures to handle cryptocurrency forks that occur for an asset in custody.
- Establish documented policies related to the storage of, and physical controls over, seized cryptocurrency once it is transferred into USMS custody.
- Ensure all employees are familiar with established policies on appraising and recording the value of seized cryptocurrency.
The USMS concurred and begun to take steps to implement the seven recommendations by the IG.