Ward Ferraye takes us through the challenges of safeguarding your cryptocurrency transactions and why compliance plays a big role in combatting them.
Cryptocurrency has seen increased popularity in recent years, and its adoption rate by individuals, companies and even countries has increased tremendously thanks to its unprecedented and unmatched technological benefits its use can offer. Its use, however, also comes with disadvantages, such as money laundering, financial crime, sanctions evasion, and terrorism support.
According to a recent report published by Chainalysis, approximately $8.6 billion worth of cryptocurrency was laundered in 2021, double the amount in 20171. On a similar note, the report stated that in 2021 $3.2 billion in digital currency was stolen, which equals six times the amount which was stolen in the previous year. (2)
Money-Laundering Reporting Officers (MLROs) and Compliance Officers are able to trace criminal activities due to the public transparency offered by Blockchain technology. In fact, by interpreting the statistics and report released by the UN Office of Drugs and Crime and Chainalysis, since 2017, money laundering using fiat currency (US dollars) is about five times the amount of money that has been laundered using cryptocurrencies. (1,3.)
The process of money laundering through cryptocurrencies can be fraudulent money being legitimised through DeFi (Decentralized Finance), mining pools, high-risk exchanges, gambling platforms, mixing, or unnamed services. What stands out the most, is the amount of stolen funds that were transferred from illicit addresses to DeFi. In 2021, almost half of the stolen money was laundered through DeFi; as the technology is still in its infancy it’s no surprise that tech-savvy hackers are able to take advantage of it. Similarly, regular amateur scammers have used exchanges as part of their usual and traditional layering strategies.
A recent report by the UN stated that hackers from North Korea ‘have stolen more than £37million worth of cryptocurrency to finance and develop its nuclear and ballistic missile programmes’ according to the Daily Mail Online4. Investigators were then able to link that amount to £37million stolen from and reported by three exchanges in Asia, Europe, and North America. In addition, the United Nations mentioned that North Korean hackers targeted 35 countries by launching ‘numerous attacks on financial institutions and cryptocurrency exchanges’, who have earned nearly two billion dollars. When speaking of DeFi money laundering and heist, the most astonishing figure might be that DeFi theft increased 1,330% from 2020 to 2021, according to the finance magazine Outlook Money (5).
When it comes to regulating cryptocurrencies, governments are approaching the digital assets world differently. Some regulators’ enforcement cases have helped seize and freeze illegal assets, as well as helped to catch criminals. For instance, the IRS announced that in 2021, it was able to seize $3.5 billion of illicit money relating to cryptocurrency, none of which was related to tax or tax evasion investigations. On a similar note, on June 7th 2021, the US Department of Justice stated that it captured “$2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside”. That amount consisted of almost 63 Bitcoins; these Bitcoins were given as a ransom payment to members in a group called “DarkSide”; that party targeted Colonial Pipeline, “resulting in critical infrastructure being taken out of operation”, as the website of the US Department of Justice mentioned.
On the other hand, some governments have been filing enforcement actions against companies in the cryptocurrency business to attempt to control the space as much as possible.
Some regulators with little to no cryptocurrency related rules and regulations, such as the Securities and Exchange Commission (SEC) have been using enforcement to regulate rather than providing clarity to the market by drafting new policies and guidance. One of the many clear examples is SEC’s case against Ripple Labs, in which the SEC claimed that the cryptocurrency “XRP” is a security rather than a commodity, currency, or token6. Clearly, one of the many reasons why XRP is not a security is the simple reason that it does not meet the definition of an investment contract, according to SEC’s Howey Test7. In this example, the Howey Test was written in 1946, which is outdated, and therefore, does not keep pace with today’s innovation. This technology has brought with it unprecedented cases in the legal world; since XRP holders suffered huge losses as a result of the lawsuit by the SEC, 65,000 holders of the digital currency have signed a petition against the regulator, lead by attorney Jean Deaton, according to FinanceFeeds (8).
Regardless of the SEC’s intention, what is important to note is that regulation plays an important part in the cryptocurrency world. Without it, consumer protection is not achieved, money laundering cases will continue to rise, which will push the sentiment down, rather than adopting it as an exciting innovation and enhancing its use.
With that said, the worldwide view is ambitious; while 10 years ago, most governments accused all users of cryptocurrencies to be financial criminals, they have started to realise that digital technology is too good not to be safely used. On March 9, 2022, the White House released a statement that said:
“President Biden to sign executive order on ensuring responsible development of digital assets” (9).
The order specifically calls for measures to Protect U.S. consumers, investors, businesses, global financial stability and mitigate systemic risk, illicit finance and national security risks. It also requires responsible development and use of digital assets, and the exploration of a U.S. Central Bank Digital Currency (CBDC).
Similarly, on March 10, 2022 his Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice President and Prime Minister of UAE and Ruler of Dubai, approved a first-of-its-kind law to regulate virtual assets in Dubai, which includes cryptocurrencies and NFTs. The Dubai Virtual Asset Regulatory Authority (VARA) will monitor digital transactions and protect the personal data of users. Its main responsibilities are regulating the issuance and release of virtual assets and NFTs, regulating and licensing virtual assets service providers, protecting personal data of users and beneficiaries, regulating and monitoring the platforms offering cryptocurrencies and digital wallets, monitoring digital transactions, and preventing the manipulation or modification of prices of virtual assets.
As cryptocurrency and blockchain are changing the world, regulators and governments are being pushed to adapt and create new rules appropriate to the nature of the new technology. Parallelly, compliance professionals need to understand the technology and draft new procedures and controls to keep their companies safe from theft, money laundering, and cybercrime.
If you need any advice or guidance for the best way to navigate compliance on cryptocurrency and blockchain, please get in touch with Ward Ferraye for more information.
(1) DeFi Takes on Bigger Role in Money Laundering But Small Group of Centralized Services Still Dominate - Chainalysis
(2) Crypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity - Chainalysis
(3) Overview (unodc.org)
(4) North Korea hackers stealing millions of pounds in cryptocurrency, UN says | Daily Mail Online
(5) DeFi Thefts Up By 1330% In 2021, Precautions Crypto Investors Should Take (outlookindia.com)
(6) The SEC Raised its Fist and Showed Its Contempt for Us. Today, We Answered. - CryptoLaw (crypto-law.us)
(7) The Ethereum Free Pass, Fair Notice and the Fight Ahead - CryptoLaw (crypto-law.us)
(8) XRP lawsuit: SEC rather settle with Ripple than hand over docs, says attorney - FinanceFeeds
(9) Executive Order on Ensuring Responsible Development of Digital Assets | The White House
This article has been carefully prepared, but it has been written in general terms and should be seen as broad guidance only. The article cannot be relied upon to cover specific situations and you should not act, or refrain from acting, upon the information contained therein without obtaining specific professional advice. Please contact Equiom to discuss these matters in the context of your particular circumstance. Equiom Group, its partners, employees and agents do not accept or assume any liability or duty of care for any loss arising from any action taken or not taken by anyone in reliance on the information in this article or for any decision based on it.
For information on the regulatory status of our companies, please visit www.equiomgroup.com/regulatory