the CODE Act of 2025
- Bill Number
- H.R. 4394
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Finance and Financial Sector
- Status
- Introduced
- Latest Action
- 2025-07-15: Referred to the House Committee on Financial Services.
- Last Updated
- 2025-07-31T12:04:50Z
AI-Generated Summary
Purpose
The Compliant Operations of Decentralized Entities Act of 2025 (CODE Act) aims to improve anti-money laundering (AML) compliance in decentralized finance (DeFi) services—financial applications built on blockchain technology that operate without central control. It requires the U.S. Department of the Treasury to create partnerships between government and private sectors to develop innovative tools for preventing illicit activities, such as money laundering and sanctions evasion, while addressing cybersecurity risks in DeFi.
Key Provisions
- Findings (Section 2): Congress recognizes past government actions (from both Trump and Biden administrations) highlighting DeFi's vulnerabilities to crime, including unregistered crypto entities enabling illicit finance, FBI warnings on monitoring suspicious activity, and CFTC reports urging built-in compliance. It notes a lack of uniform standards in DeFi and risks from actors like North Korean hackers.
- Public-Private Partnership Program (Section 3): Within 6 months of enactment, the Treasury Secretary must launch a program with agencies like FinCEN (Financial Crimes Enforcement Network), FBI, and NIST (National Institute of Standards and Technology). It involves DeFi providers and risk experts to:
- Focus on DeFi apps and user interfaces.
- Integrate AML, identity checks, sanctions screening, and cybersecurity into "smart contracts" (self-executing code on blockchains) before deployment.
- Test these controls.
- Explore "regulatory gateways" for updating smart contracts post-deployment using external data.
- Provide recommendations for laws and rules on DeFi compliance.
- Excludes DeFi services owned by high-level officials (e.g., President, Congress members, or their families) to avoid conflicts.
- The program ends after 18 months but does not limit agencies' existing oversight powers.
- Recommendations must be shared with other agencies for rulemaking.
- FinCEN Advisory (Section 4): Within 18 months, FinCEN must issue guidance on responsibly building, launching, and running DeFi services on public blockchains to meet Bank Secrecy Act (BSA) rules, which require financial institutions to report suspicious activities and keep records to combat money laundering.
- Rulemaking for BSA Modernization (Section 5): Within 30 months, Treasury must issue rules defining "DeFi service" (e.g., peer-to-peer trading, lending protocols, or asset mixers on blockchains) and "decentralized smart contract." These rules mandate that DeFi services maintain risk-based AML programs (tailored to their risks) and sanctions compliance programs (to block dealings with prohibited entities or countries).
- Definitions (Section 6): Clarifies terms like BSA (laws on financial recordkeeping and reporting), "covered person" (top officials and relatives), DeFi service (blockchain-based financial protocols), decentralized smart contract (automated blockchain code), public blockchain (open, permissionless transaction ledgers), and risk management expert (specialists in fraud detection, blockchain analysis, etc.).
Significant Changes to Existing Law
- Builds on the BSA by explicitly applying and modernizing it for DeFi, which was previously addressed through guidance but lacked clear definitions and mandatory programs.
- Introduces required risk-based AML and sanctions compliance for DeFi services, filling gaps in standardization.
- Mandates new rulemaking to define DeFi terms, making regulation more precise than prior advisories.
- Establishes a temporary public-private program and advisory, creating structured collaboration not previously required.
Potential Impacts
- Government Agencies: Increases coordination among Treasury, FinCEN, FBI, and others; requires new rules, advisories, and testing, potentially straining resources but enhancing enforcement tools against financial crimes.
- Citizens: Improves security for everyday users of crypto and DeFi by reducing risks of hacks, scams, and illicit fund flows, though it may raise costs or barriers for accessing these services.
- International Relations: Strengthens U.S. efforts against global threats like North Korean cyber exploitation of DeFi; could influence international crypto standards, promoting compliant innovation while pressuring non-compliant foreign entities.
Main Stakeholders Affected
- DeFi Services and Crypto Industry: Must integrate compliance tools, participate in partnerships (if eligible), and follow new rules, affecting developers, platforms, and protocols like lending or trading apps.
- Risk Management Experts: Blockchain analysts, auditors, and cybersecurity firms gain opportunities to collaborate and provide solutions.
- Government Agencies: Treasury, FinCEN, FBI, CFTC, and others lead implementation, sharing insights for broader financial oversight.
- Users and Investors: Everyday participants in DeFi benefit from safer systems but may face indirect costs from compliance requirements.
- Prohibited Participants: High-level officials and families are barred from program involvement, preventing influence peddling.
Notable Legal, Constitutional, or Political Implications
- Legal: Reinforces BSA applicability to DeFi without expanding agency jurisdiction, preserving enforcement flexibility. Definitions and mandates could lead to litigation over what qualifies as a "DeFi service," but the risk-based approach allows tailored compliance.
- Constitutional: No direct challenges apparent; aligns with Congress's commerce clause authority over financial systems and does not infringe on free speech or privacy beyond existing BSA frameworks.
- Political: Bipartisan framing (citing actions from both parties) promotes consensus on crypto regulation. The exclusion of officials addresses ethics concerns, potentially reducing perceptions of insider advantages in emerging tech sectors. The 18- and 30-month timelines provide structured progress without indefinite commitments.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Recent Actions
- 2025-07-15: Referred to the House Committee on Financial Services.
- 2025-07-15: Introduced in House
- 2025-07-15: Introduced in House
Bill Versions
- the Compliant Operations of Decentralized Entities Act of 2025 — issued 2025-07-15 — PDF (9 pages)