Empowering the future of finance
Protecting against crime in the crypto ecosystem
Stories of the illegal use of cryptocurrencies often dominate headlines and influence the mainstream narrative. Federica Taccogna, managing director at FTI Consulting and strategic advisor to the MFSA writes about how compliance can be one of the key enablers to change perspective.
Cryptocurrencies, and the ecosystem surrounding them are as vulnerable to the threats of financial crime – money laundering, terrorist financing, fraud, scams, and hacking attacks –as traditional financial instruments and market participants are.
Crypto ATMs can be exploited by money mules just as traditional ATMs can; and crypto-to-crypto exchanges are increasingly used by criminals who layer the proceeds of crime through a number of them and then acquire (often extremely expensive) goods from vendors that accept cryptocurrencies.
Bitcoin has become the primary means of payment for the infrastructure used to support espionage and state-driven hacking. The WannaCry ransomware attack requested that the ransom be paid using Bitcoins. Behind it was the North Korean Lazarus group, also responsible for the theft of USD 81 million from Bangladesh Bank; the hacking of Sony Pictures Entertainment and numerous other intrusions on the defence, financial services, technology, and virtual currency industries.
Recently, Al-Qassam Brigades, a wing of Hamas, launched a fundraising campaign in Bitcoin and the Russian hacking group Fancy Bear was found to have stored illicit funds in a wallet in the cryptocurrency exchange BTC-e (also a popular destination for funds belonging to a long list of Russian criminals and cyber-criminals).
Cryptocurrencies can be used to circumvent economic sanctions. Some states have already made an attempt at creating their very own, state-backed cryptocurrency (Venezuela’s Pedro) and with Russia and Iran reportedly working on similar endeavours, it is easy to see why there is growing concern. OFAC has also started to include cryptocurrency addresses on its sanctions list.
These are symptoms of the fact that cryptocurrencies are a reality, a presence in the financial ecosystems that criminals are already exploiting.
The very aspects of cryptocurrencies that make them attractive from a commercial point of view – such as pseudonymity and ease of transfer – make them valuable tools for those looking to hide the proceeds of crime in the mainstream system, fund illicit activities and distance themselves from criminal activity. Some, such as privacy coins, are designed to offer the very quality that money launderers seek.
Some have observed that the scale of illicit activity relating to cryptoassets is relatively low when compared to volumes in the traditional financial sector. Whilst this is true, it is also very likely to
be due to the relatively marginal role played by cryptoassets in the bigger financial services context. It is not implausible to conclude that as the role of cryptoassets grows, so will the desire and the ability for criminals to exploit them.
In the mainstream narrative, this aspect – the ‘dangerous nature’ of cryptocurrencies – often receives more attention than the potential of the technology. The advent of change is hardly ever met with full trust by the majority. Even more so when change comes by way of disruptive technology that challenges the rules with decentralisation, pseudonymity, and immutability.
However, crypto businesses might have an advantage. One of the main reasons why the traditional financial services has ‘allowed’ so much financial crime to happen has been the failure, on the part of markets participants, to understand how their business models and operations might be exploited for financial crime. Compliance and control happened as an afterthought.
Businesses in the crypto space can use lessons learnt from the traditional financial services and build AML and financial crime compliance and protection within their models, from inception.
Being associated, even involuntarily, with criminal activity, may have catastrophic criminal and reputational consequences for a crypto business. Moreover, with the tightening of regulation, crypto businesses now also face a higher risk of regulatory action.
It is clear that safely operating in the crypto space means, first of all, understanding vulnerabilities and assessing the risk inherent in an endeavour or business model. The risks faced by cryptoexchanges are not the same faced by those facilitating the sale of tokens for an ICO, or by decentralised exchanges, or crypto ATMs.
Building defences against financial crime then, means that firms (of any size and type), operating in this space, must understand where the funds behind the transactions they facilitate originate from and ultimately, move to. In the fiat world, this process of knowing your customer (KYC) and performing customer due diligence (CDD) is relatively easier (in theory at least, because failures, in practice, have allowed incredible amounts of illicit funds to flow through the system). With cryptoassets, users can route funds through pseudonymous cryptocurrency addresses that are not readily attributable to realworld identities. Only the use of specifically designed technology that can help identify these ‘paths’ and make KYC/ CDD in the crypto space are truly effective.
Finally, crypto businesses must monitor transactions to detect indicators of financial crime and trace flows of illicit funds. Once again, a concept identical to that applied to the fiat world. With the difference that a transaction in cryptoassets is different from one in fiat. Traditional methods on transactional analysis will not work, unless they are built upon and integrated with chain analysis.
To achieve control of and protection against financial crime in the crypto ecosystem, it is important that all participants – from regulators to established businesses, through to new entrants – are aware of the risks and come together to share information, shape regulation and controls and protect the industry from the risks without slowing down or constraining innovation but, rather, enhancing it.
Read more articles like in the digital edition of Block magazine.
Malta AI & Blockchain Summit is a bi-annual expo covering topics relating to the global sectors for blockchain, AI, Big Data, IoT, and Quantum technologies. The event includes conferences hosted by globally renowned speakers, workshops for industry learning and discussion, an exhibition space accommodating more than 400 brands and a number of networking events.