Introduction

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, This Act may be cited as ‘‘the Compliant Operations of Decentralized Entities Act of 2025’’ or the ‘‘the CODE Act of 2025’’.

Findings

1. (1) In 2019, under the Trump Administration, the Financial Crimes Enforcement Network issued guidance (FIN–2019–G001) to clarify that decentralized finance applications may be required to register with the agency and comply with the Bank Secrecy Act, including anti-money laundering, record-keeping, and reporting requirements.
2. (2) In 2019, under the Trump Administration, the Financial Crimes Enforcement Network published an advisory (FIN–2019–A003) noting that the prevalence of unregistered cryptocurrency entities without sufficient anti-money laundering controls enables illicit activity that threatens national security.
3. (3) In 2022, under the Biden Administration, the Federal Bureau of Investigation published a public service announcement (I–082922–PSA) encouraging decentralized finance services to institute real-time analytics, monitoring, and rigorous testing of computer code to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
4. (4) In 2023, under the Biden Administration, the Commodity Futures Trading Commission issued a report (“Decentralized Finance”) advocating for building regulatory compliance into decentralized finance systems and noting that areas like illicit finance compliance and cybersecurity are ripe for this kind of near-term action by software developers.
5. (5) Decentralized finance services may be subject to Bank Secrecy Act requirements, but there is a lack of standardization across decentralized finance services and compliance processes.
6. (6) Decentralized finance services present unique cybersecurity risks and have been vulnerable to exploitation campaigns by North Korean threat actors.
7. (7) Decentralized finance services and the broader cryptocurrency ecosystem could benefit from a set of technological controls that are coherent, consistent, and capable of satisfying Bank Secrecy Act requirements.

Public-Private Partnership Program for Decentralized Finance Services

(a) IN GENERAL.—Not later than 6 months after the date of enactment of this Act, the Secretary of the Treasury, in consultation with the Financial Crimes Enforcement Network, the Office of Foreign Assets Control, the Federal Bureau of Investigation, the United States Secret Service, the National Institute of Standards and Technology, the Cybersecurity and Infrastructure Security Agency, and such other relevant agencies as determined by the Secretary of the Treasury, shall develop a public-private partnership program to implement this subtitle.

1. (1) The program established under subsection (a) shall include—
2. Partnerships with risk management experts, including:
   • Identity verification software providers;
   • Fraud detection services;
   • Blockchain analytics firms;
   • Smart contract auditors;
   • Blockchain oracle services; and
   • Blockchain cybersecurity services.

Definitions

(1) COVERED PERSON.—The term ‘‘covered person’’ means— (A) the President; (B) the Vice President; (C) a Member of Congress; (D) a senior executive branch employee; or (E) the spouse, child, son-in-law, or daughter-in-law, as determined under applicable common law, of any individual described in paragraph (A), (B), (C), or (D).

• (F) any other decentralized finance service determined by the Secretary of the Treasury.

(3) DECENTRALIZED SMART CONTRACT.—The term ‘‘decentralized smart contract’’ means a digital contract or collections of computer code on a public blockchain network that are automatically executed if specific conditions are met.