On 6 April, the US Treasury announced the publication of this report, which it says is the first illicit finance risk assessment conducted on decentralised finance (DeFi) in the world. The assessment considers risks associated with what are commonly called DeFi services. While there is currently no generally accepted definition of DeFi, the term broadly refers to virtual asset protocols and services that purport to allow some form of automated peer-to-peer (P2P) transactions, often through use of self-executing code known as “smart contracts” based on blockchain technology. This term is frequently used loosely by the private sector, often for services that are not functionally decentralised. It is said that the primary vulnerability that illicit actors exploit stems from non-compliance by DeFi services with AML/CFT and sanctions obligations.