It is anonymous and decentralised, with secure peer-to-peer technology controlling its distribution: cryptocurrency’s ability to bypass the world of traditional banking and regulation lies at the heart of its promise for enthusiasts. But as it becomes increasingly popular and comes under wider scrutiny, it does seem legitimate to question how cryptocurrency can be effectively regulated, for users’ and society’s good.
Cryptocurrencies are, by definition, hidden/secret: a cryptocurrency is effectively a digital currency that is created and managed through the use of advanced encryption techniques (cryptography). They use secure technology to record who owns what and to track payments between users. So, they are a type of electronic cash but, crucially, they are in existence thanks to a peer-to-peer system recording and creating them, the blockchain.
How is this relevant to Money Laundering and Terrorist Financing?
You might still be struggling to see how this is relevant to our primary interest of money laundering here.
But consider this: the cryptocurrency market actually faces some of the most sophisticated criminal scam attacks, with latest research indicating an estimated $4.26 billion has been taken from cryptocurrency exchanges by online scammers in just the first half of 2019.
It is not just organised crime networks ‘cashing in’ but also state actors, like North Korea, who are using criminal cyber-tactics to steal money to then fund its weapons of mass destruction programmes. We have previously written about North Korea’s activities in proliferation financing, and reports suggest that one of the tactics in this is to target banks and cryptocurrency exchanges through sophisticated cyber-attacks.
So, what is it about cryptocurrency that makes it more vulnerable to criminals?
Key Attraction #1: Anonymity
It is fair to say that the biggest pull-factor for criminals when it comes to cryptocurrency is the same reason that makes it so unique with most of its enthusiasts: the capacity for peer-to-peer value transfer that is anonymous.
Although transactions and users are visible to all to see on the currency’s public ledger, they are identifiable by random numbers and letters, not by name or other such distinguishing factors. Criminals trying to game the system to move their ill-gotten gains still have to use a range of tactics, like using multiple addresses and exchanges, to launder their money through this system. This is not necessarily as easy as it seems, since everything is documented – just not necessarily in the format as more conventional financial institutions operate with.
Although one can see how anonymity provides quite a pull factor, it is also true that, given cryptocurrencies’ limited spending power at the moment, conventional bank accounts will constitute an end-point for criminals wanting to get to their ill-gotten gains at some point.
In a recent case in the Netherlands, the money launderers were easily spotted by banks. How? ‘Large sums of money’ were simply deposited in bank accounts before being immediately withdrawn at cashpoints – as we know, these are huge red flags in suspicious customer activity! So, consider whether next time you notice a red flag, it could also be linked to illicit gains from the dark web!
#2: Opportunities for sophisticated scammers
The above is not to say, however, that criminals gaming virtual currency exchanges are to be underestimated. Although cryptocurrency is by definition highly secure, cryptocurrency exchanges (where digital currencies can be traded) are vulnerable to hacking.
In 2019 alone, two known cryptocurrency exchanges were hacked, with $28 million being stolen from Japanese BITpoint and $40 million from Binance. According to Binance:
"The hackers had the patience to wait, and execute well-orchestrated actions through multiple seemingly independent accounts at the most opportune time. The transaction is structured in a way that passed our existing security checks. It was unfortunate that we were not able to block this withdrawal before it was executed."
And have you heard of ‘typosquatting’? This involves creating a fake cryptocurrency exchange, targeting users who incorrectly type a web address, e.g., Yahooo.com rather than Yahoo.com. One case earlier this year found at least 4,000 people were victims of an organised effort that included money laundering.
Unfortunately, Ponzi schemes and exit scams are rife in this area as well, with one example gaining notoriety recently being OneCoin, the subject of a current BBC investigation. Dr Ruja Ignatova, founder of OneCoin, has been charged in absentia by the US Department of Justice with money laundering. The accusations essentially amount to her having made up the cryptocurrency in order to defraud investors. She has not been seen since 2017, with the general suspicion being of this being an exit scam, i.e., of her simply vanishing with investors’ money.
The above does not necessarily show that cryptocurrency itself is more risky than other forms of investment, but it again highlights the need for effective regulation and legal enforcement if investors are to be protected.
#3: Regulators catching up
For regulators, the challenge is to gain control of a market that has anonymity and decentralisation at its centre. Many actors might also be trying to take advantage of the fact that legislatures and regulators across the world are still largely ignorant of what cryptocurrency is and the implications its existence might have on our financial systems. This opens up too many opportunities for criminals.
The US Treasury’s Financial Crimes Enforcement Network (FinCEN) issued its first enforcement action against a peer-to-peer virtual currency exchange earlier this year: they fined the operator of this exchange $35,000 for not registering as a Money Services Business (MSB) and thus evading relevant reporting requirements.
This meant that he ignored requirements to report suspicious transactions even though he processed numerous such transactions, including doing business with the notorious darknet marketplace ‘Silk Road’.
In the last year we have definitely seen international and regional regulators realizing the scale of the problem and implementing requisite laws.
Off the back of the Financial Action Task Force’s (FATF’s) updated guidance on virtual assets, the European Union (EU) have included a definition of virtual currencies, subjecting those that handle these to customer due diligence requirements as well as the duty to report suspicious transactions. This helps clarify expectations and enables crypto service providers to operate as part of a regulated market.
Similarly, FinCEN have been clarifying their guidance on virtual currencies, reinforcing the point that just because a currency is virtual does not mean that their exchangers are not bound by rules. Moreover, anonymity does not prevent exchangers from keeping to Know Your Customer (KYC) rules, albeit in a slightly different format.
There is still a lot of work to be done as recent research shows how relatively unregulated the crypto market is, with most crypto exchanges still not having complete and transparent KYC procedures in place. Moreover, evidence shows that those laundering funds through cryptocurrencies choose to ensure it ends up in a country with lax AML regulations.
It seems that the biggest challenge right now is to ensure regulation of cryptocurrencies worldwide.
Brave new world?
Like everywhere where money is involved, there are plenty of opportunities for scams in the cryptocurrency market. There are also, unfortunately, plenty of people who fall for these scams: we recommend listening to the particularly addictive BBC podcast report on the One Coin scam, where they speak to victims who simply had no idea about what they were getting themselves into.
Ultimately, this might prove to us the need for tighter regulation. Though we may find regulation tedious on a day-to-day basis, the alternative could be very bleak indeed.