The Combatting Money Laundering in Cyber Crime Act of 2025 expands the investigative reach of the United States Secret Service to pursue money laundering tied to cybercrime, including activities involving digital assets and structured transactions. It also broadens FinCEN Exchange data retention and updates sanctions-related provisions tied to international financial institutions, while mandating a Government Accountability Office study within one year to evaluate enforcement capabilities against cybercrime money laundering.
The bill does not create new criminal offenses by itself but broadens the tools available to law enforcement and the regulatory framework for AML/cybercrime investigations.
At a Glance
What It Does
Expands USSS investigative authorities to cover money laundering and structured transactions linked to cybercrime, and updates how institutions and digital assets are treated under related statutes.
Who It Affects
Federal law enforcement, the Treasury/FinCEN ecosystem, financial institutions (including banks and money services businesses), digital asset service providers, and international counterparties.
Why It Matters
Sets a stronger, cross-border AML framework for cybercrime by expanding investigative powers, extending data retention, and mandating a GAO assessment to measure enforcement effectiveness.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill broadens the Secret Service’s mandate to investigate cybercrime money laundering by amending the statutory language around what constitutes a reportable transaction and who can be investigated. It adds money laundering and structured transactions to the regime covered by Section 3056(b) of title 18, U.S.C., and modifies the definition of “institution” by removing a federally insured qualifier and tying it to the broader federal framework in 31 U.S.C. 5312.
In parallel, the FinCEN Exchange provision is reworked to push the retention window from five years to ten, enabling longer data availability for tracing illicit flows that cross digital and traditional financial channels. The legislation also tweaks a sanctions provision from the 2019 Act, increasing a numeric benchmark from six to ten, broadening the scope for sanctions-related enforcement tied to international financial activity.
Finally, the bill requires a GAO study within one year of enactment to assess how effectively section 6102 of the AML Act of 2020 is being implemented to identify and deter cybercrime money laundering, focusing on law enforcement capabilities. Together, these changes aim to close gaps between digital-asset activity and traditional AML controls while providing oversight to evaluate progress.
A key question for compliance programs is how these expanded authorities will interact with existing reporting duties and with evolving digital-asset service provider standards.
The Five Things You Need to Know
Section 2 expands USSS investigative authorities to include money laundering and structured transactions, and updates coverage by removing the ‘federally insured’ qualifier and broadening the definition of ‘‘institution’’ under 31 U.S.C. 5312.
Section 3 raises the FinCEN Exchange data-retention window from 5 to 10 years, expanding data availability for cross-border AML investigations.
Section 4 amends the 2019 sanctions law by replacing the numeric benchmark of 6 with 10, broadening enforcement reach in relation to international financial activity.
Section 5 requires GAO to complete a study within one year on the implementation of section 6102 of the AML Act of 2020, focusing on enforcement capabilities to identify and deter cybercrime money laundering.
The bill’s overall framework strengthens cross-border AML enforcement around cybercrime and digital assets, but it also raises questions about implementation, privacy, and regulatory burden for compliant financial actors.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Expansion of Secret Service Investigative Authorities
The bill expands the United States Secret Service’s investigative authorities by amending section 3056(b) of title 18, U.S.C. to explicitly include money laundering and structured transactions as criminal activity within its cross-border AML/cybercrime mandate. It also adjusts the terminology around who qualifies as an investigation target by removing the word ‘federally insured’ from the relevant clause and by clarifying that an ‘institution’ is as defined in section 5312 of title 31. The change broadens the reach to include digital asset-related transactions and other cyber-enabled financial crimes, enabling the USSS to pursue a wider set of financial flows tied to cybercrime. This creates a more unified authority to connect online illicit activity with real-world financial movement and is intended to support coordinated enforcement with other agencies and international partners.
FinCEN Exchange Data Retention
Section 310(d)(3)(A) of title 31, U.S.C. is amended to replace a five-year retention period with ten years. The longer retention window enhances the ability of investigators to trace and reconstruct money flows related to cybercrime, including those involving digital assets, across time and jurisdictions. By extending how long financial trail data remains accessible, FinCEN Exchange participants can perform more robust longitudinal analyses and support cross-agency investigations.
International Financial Institutions
Section 7125(b) of the 2019 Otto Warmbier North Korea Nuclear Sanctions and Enforcement Act is amended by striking the numeral 6 and inserting 10. The exact operative context is a sanctions framework benchmark tied to international financial institutions; the amendment broadens the threshold used in that provision, potentially enabling more aggressive or expansive sanctions-related measures or reporting requirements in related cross-border enforcement scenarios.
GAO Study on Implementation
The bill requires the Government Accountability Office to conduct a study within one year of enactment and report to the relevant congressional committees on the implementation of section 6102 of the AML Act of 2020 (as carried in the Act’s division with the National Defense Authorization Act). The study must evaluate how well law enforcement can identify and deter money laundering in cyber crimes, focusing on practical enforcement capabilities, data access, interagency coordination, and any gaps between policy intent and on-the-ground execution.
This bill is one of many.
Codify tracks hundreds of bills on Finance across all five countries.
Explore Finance in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- U.S. Secret Service gains explicit authority to pursue cybercrime-related money laundering and structured transactions, improving investigative coverage.
- FinCEN and Treasury components benefit from an extended data-retention regime and enhanced information-sharing capabilities.
- Banks and money services businesses benefit from clearer enforcement against illicit competitors and a stronger AML enforcement environment.
- International law enforcement partners and foreign banks gain clearer channels and statutory support for cross-border investigations.
- Compliance teams at regulated financial institutions gain reference points and structured expectations for AML procedures under expanded authority.
Who Bears the Cost
- Unlicensed money transmitters and cybercriminals face enhanced enforcement pressure and higher risk of investigation and penalties.
- Regulated financial institutions may incur greater compliance costs due to expanded definitions, reporting expectations, and data-retention requirements.
- Budgetary and resource pressures on federal agencies to implement expanded authorities, maintain longer data archives, and conduct GAO studies.
- Digital asset service providers may face increased regulatory scrutiny and a need to align with broader AML enforcement provisions.
- International counterparties could experience tighter sanctions-related scrutiny and cooperation requirements, potentially impacting cross-border activity.
Key Issues
The Core Tension
The central tension is between expanding robust enforcement against sophisticated cybercriminal networks and avoiding overreach or regulatory friction that could hamper legitimate digital-asset activity or impose excessive compliance costs on industry. The bill attempts to balance this by tying new powers to existing AML regimes and by instituting an oversight study, but the practical trade-offs—privacy, cost, and cross-border cooperation—will shape how effective these changes prove in real-world enforcement.
The bill substantially strengthens cross-border AML enforcement by expanding the Secret Service’s investigative authority, extending data retention through FinCEN Exchange, and broadening sanctions-related tools with respect to international financial activity. This raises legitimate questions about the practical challenges of enforcing cybercrime money laundering in a rapidly evolving digital-asset landscape, the privacy and civil-liberties implications of longer data retention, and the potential burden on compliant entities to adapt to expanded definitions and reporting duties.
The GAO study is intended to provide an early, independent assessment of how well the new framework works in practice, but it does not itself resolve implementation questions or funding needs.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.