Wham! In just a few short weeks cryptocurrencies have taken centre stage and grabbed the headlines. This begs a big question for many banks and other financial institutions, ‘can we afford to sit on the side-lines and ignore them?’ Probably not for much longer.
In the last few weeks alone…
Mark Zuckerberg announced that Facebook is to launch its own token currency, Libra, as a method of global payment for Facebook users. Of particular interest were the steps taken to create good governance in an area that has been of major concern to the mainstream. Some might argue this isn’t strictly a cryptocurrency, but it’s certainly not fiat currency and will need tight regulation; lawmakers on Capitol Hill certainly think so.
The much vaunted guidance from FATF on Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) has been released, setting out, in detail, guidance for regulators around the world to adopt. In the EU, virtual asset regulation is embedded into 5MLD; here in the UK, HM Treasury is currently analysing stakeholder views provided in response to the recent 5MLD consultation process – no doubt the responses on virtual assets will receive considerable scrutiny.
OFAC has also been giving cryptos some attention as it has designated Bitcoin addresses as identifiers on its SDN list for two Iran based individuals in relation to money laundering.
And Starbucks’ recent announcement that it will accept Bitcoin (in addition to a number of other retailers), indicates an increased business confidence. Perhaps all of this activity is giving the markets a little bounce, as investors (or are they speculators?) have seen a big rise in the value of Bitcoin.
Cryptocurrencies are well and truly in the spotlight!
The key question everyone in financial services will have to ask themselves is ‘what is our strategy to deal with risks associated with virtual assets; do we even have one?’
Let’s take a look at the highlights of the new FATF guidance:
FATF has established that there is a significant money laundering and terrorist financing risk associated with VAs. Transactions are instant, remote, cross jurisdiction, instantaneous and largely anonymous, hence the need to bring them within scope of regulation.
They are already a chosen playground for financial criminals, as a recent Forbes article highlighted, ‘cryptocurrency has become the favoured detergent for criminals to launder money. Last year, it was reported that £4bn had been laundered through cryptocurrencies in Europe alone.’ Even states such as Iran, North Korea and Venezuela are turning to cryptocurrencies in an attempt to avoid sanctions.
It has also been reported that financial criminals are using cryptocurrencies to launder money through popular peer to peer marketplaces such as AirBNB and Uber. Experts predict this type of financial crime will grow exponentially as the global population of connected devices mushrooms in the next few years. The evidence mounts…
At 57 pages, the FATF guidance is detailed to say the least. Yet, at the highest level, the key message is clear – regulation should bring Virtual Assets (currencies, tokens and other digital representations of value) and Virtual Asset Service Providers (those who provide the infrastructure; the Exchanges, the digital wallets etc…) fully and without favour, or difference, into the same regulatory requirements as all other obliged entities. In addition:
- VASPs will need to be licensed or registered in the jurisdiction where their place of business is located.
- VASPs need to ensure they have undertaken a full risk assessment of their business and implemented an AML/CFT programme to meet their obligations under the AML/CFT regulation. VASPs should refer to the new Guidance in their programmes to ensure their processes align with best practice.
- Full customer due diligence (CDD) will have to be conducted on transactions with a fiat value greater than £1,000
- In particular, the Guidance also clarifies that VASPs who engage in VA transfers will need to obtain, hold, and transmit customer information on all transactions and make this immediately available to permitted authorities, if required. The so-called ‘travel rule’ requires transparency of originator and recipient for all transactions, which is akin to conventional wire transfers. However, no messaging system such as SWIFT exists in the virtual asset world.
What will be the key issues for existing FIs who are regulated?
Firstly, existing KYC/AML controls will have to be recalibrated to reflect the widened scope of VAs and VASPs. No mean feat!
AML Controls will need to prioritise areas of particular risk through robust risk assessments and adoption of the risk based approach. Bitcoin inevitably is by far and away the largest contributor to the total market capitalisation of virtual currencies. There are 2,100 types of coin yet 75% of total market value is in the top 5!
There will be huge challenges identifying the jurisdictions, and therefore the regulatory obligations associated with any cross border cryptocurrency transactions, let alone the issue of transparency with digital assets that are built in blockchain technologies, designed to provide anonymity.
Monitoring digital wallets will also be a big challenge, especially when you consider that if suspicious activity results in one wallet being shut down, the financial criminal can simply open another in seconds.
You may remember the ‘Silk Road’ operation on the Dark Web a few years ago that used much of this digital technology and anonymity to create a huge global trading environment for illegal drugs. Even after the FBI managed to close it down and arrested the ringleaders, new markets opened up on the Dark Web a short time later.
Money launderers are the masters of innovation and re-invention, as our recent research revealed in ‘Money Laundering Exposed: On The Frontline’. Emerging criminal methodologies were identified as the biggest single risk facing compliance professionals. Cryptocurrencies and virtual exchanges, without a doubt, pose a significant challenge to the compliance community and fight against financial crime. They will need special expertise to shape effective regulation and an intelligent response from obliged entities in implementing it.
We are entering an uncertain time – compliance professionals at financial institutions operating in the crypto space will need a high level of specialist support as few have a deep understanding of distributed ledger/blockchain technology, let alone how you apply traditional compliance processes to it.
At the heart of this there is a clear tension between the transparency of transactions embedded into traditional AML controls and the anonymity that the cryptocurrency model was built on.
Technology exists to facilitate this regulatory overlay, but it will be a challenge and firms will need to have core expertise in Data Mining to spot patterns and trends, Predictive Analytics to identify behaviours and events, Machine Learning to develop algorithms which can perform repetitive tasks quickly and consistently, and research to understand money laundering typologies in virtual assets. A big ask with implementation only months away!
There is also a golden opportunity for government to fully embrace digital and accelerate digital identity programmes in eKYC. The virtual finance world needs to be digitally regulated!