Virtual Currencies (VC) have come a long way in the 10 years since Bitcoin first emerged, born out of the financial crises and now a decade later they are considered part of the financial landscape. With more than 1,000 VC’s to choose from, tens of millions of customers use VC whether as a store of value, unit of account and/or as a payment medium. As with any currency, there are those minorities that use it to further illicit acts. Criminals have recognised that VC has unique properties that could potentially serve their interests in laundering illicit funds and evading law enforcement. Users of VC employ pseudonyms rather than names, funds can be transferred without intermediaries and across international borders as easily as sending email.
Law Enforcement Concerns and Responses
In February 2018, Europol estimated that £3-4 billion (3-4%) of criminal monies was being laundered annually in Europe through virtual currencies. Then Europol Director, Rob Wainwright stated that VC’s are “not banks and [not] governed by a central authority so the police cannot monitor those transactions..And if they do identify them as criminal they have no way to freeze the assets unlike in the regular banking system.” Another problem Europol has identified involves the method that criminals use to launder money. Proceeds from criminal activity are being converted into VC’s split into smaller amounts and given to people who are seemingly not associated with the criminals but who are acting as “money mules”. These money mules then convert the bitcoins back into hard cash before returning it to the criminals. He also said that police were also seeing a trend where money “in the billions” generated from street sales of drugs across Europe was being converted into VC. He called on those running the VC industries to work with enforcement agencies, stating that they “have to take a responsible action and collaborate with us when we are investigating very large-scale crime,” and “they also have to develop a better sense of responsibility around how they’re running virtual currency.“
Europol is not the only agency to call out VC as a concern and an area where criminals have clearly targeted, with FinCEN and the UK’s NCA (“LE”) amongst others warning that VC pose real risks and challenges for LE. In April, 2019, Europol, Interpol & the Basel Institute of Governance hosted over 230 participants from over 60 different countries for the 3rd Global Conference on Criminal Finances and Cryptocurrencies which focussed on the vulnerabilities and threats in VC’s leading to their misuse for Ml/TF purposes, as well as focussing on what solutions, tools and coalitions can be deployed to combat these threats.
Whilst transactions in VC’s are generally considered anonymous, private sector forensic and AML solution providers demonstrated tools and techniques to combat the criminal use of cryptocurrencies and other distributed ledger technologies. As money launderers explore new ways to obscure the direct link with the proceeds of their crimes, private companies are developing new solutions to follow these transactions, helping law enforcement in their investigations.
FATF Concerns and Responses
It is therefore little surprise that FATF is introducing definitive rules for VC’s with detailed instructions expected at the next Plenary in June 2019. In fact the only surprise is the length of time this has taken. As far back as June 2014 FATF recognised that whilst VC’s “offer many benefits such as increased payment efficiency and lower transaction costs [and] VC’s facilitate international payments and have the potential to provide payment services to populations that do not have access or limited access to regular banking services,” they also have “other characteristics which, coupled with their global reach, present potential AML/CFT Risks.” Namely: i) the anonymity provided by the trade in VC on the internet, ii) the limited identification and verification of participants; iii) the lack of clarity regarding the responsibility for AML/CTF Compliance, supervision and enforcement for these transactions that are segmented across several countries, and iv) the lack of a central oversight body. In 2015 FATF issued guidance on a risk-based approach to VC’s, whilst continuing to monitor VC risks.
FATF has appeared reluctant to act on VC risks so far, until a consensus from FATF Members was clear, perhaps fearful that action might stifle innovation and competition. In 2013, US agency, FinCEN clarified its approach to VC, requiring entities that generate or sell VC for fiat currency be licensed and regulated as a money transmitters, requiring the implementation of an AML/CTF programme. This is the approach FATF members (under the US Presidency) have now agreed to take. Still there are many Countries that have banned VC in whole or in part, for example: there are more than 20 Countries that consider VC as illegal including much of the Islamic nations and socialist-communist states. These Countries may still retain their bans if they can show that VC risks warrant this response in their particular cases. For Countries which have yet to regulate VC’s they will need to act.
If the current FATF requirements are adopted in June 2019, VC’s and VC service providers, (described by FATF as “VASP’s” or virtual asset service providers) will be required to adopt risk based AML/CTF based programmes and to be examined by independent supervisors. According to industry bodies such as Global Digital Finance (GDF), “enforcing existing FATF principles will see the reduction in the prevalence of VASP’s, whose existence represents one of the most effective forms of prevention and partnership to law enforcement working in the virtual asset sector.”
One key area still to be finalised (and subject to consultation is whether the transfer of VC should be subject to the same or equivalent regulations to those that apply to Recommendation 16 relating to the transfer of currencies, i.e. by requiring VASP’s to “obtain and hold required and accurate originator information and required beneficiary information on virtual asset transfers, submit the above information to beneficiary VASPs and counterparts (if any), and make it available on request to appropriate authorities.” This also applies equally to beneficiary VASP’s. Whilst FATF have clarified that, “it is not necessary for this information to be attached directly to virtual asset transfers,” it is not yet clear how this could work, though weak alternatives have been suggested.
According to many industry groups, including GDF which represents more than 30 industry participants, the argument goes that the original design of crypto is such that this can not be achieved technologically, at least in the current environment. In essence no one is able to enforce full transparency in the VC network, and even if they tried, the attempt to do so, it is suggested would be quickly defeated, for example “by parties interposing peer-to-peer (“P2P”) transfers or non-custodial wallets, which are significantly harder for law enforcement to track or control, akin to peer-to-peer cash transfers today.” As an alternative GDF proposes:
- robust CDD/KYC minimum standards, including screening customer details against sanctions lists, whilst working towards reliance on CDD/KYC consortia, utilities and reliable digital identity
- enhanced information sharing to otherwise satisfy Law Enforcement expectations
Notwithstanding these technical objections, in sessions focused on VC at the recent FATF private sector consultative forum held in Vienna in May 2019, potential alternatives included building a separate global depository for originator and beneficiary information on VC transfers that is made available for law enforcement queries, or building infrastructure to support confidential messaging to go alongside VC transactions, much in the same way that international payments work today. Whilst the current infrastructure may have technical limitations, it seems FATF is looking to the VC industry to find a solution. The VC industry is asking in response for more time. FATF will finalise it’s position in June 2019.
Limited AML/CTF requirements, anonymised transfers and low fees with huge price volatility have been the hallmarks of VC’s over the first 10 years. The VC creation story offered the prospect of a real alternative, a currency that had a stable store of value, offered help to the unbanked and was cheap to transfer from wherever there was an internet connection, a computer, tablet or mobile phone. Instead much of the activity involving VC’s comes from speculators, investors, and those seeking an alternative to traditional payment providers, and last but not least unfortunately also from criminals. Criminals seek to exploit every form of value transfer system and likely launder more by physical fiat currency, but they also launder illicit funds exploiting the inherent benefits available via VC and they benefit from the lack of a comprehensive AML/CTF VC response. Whilst some may see the proposed FATF changes as an attack targeting the very DNA of VC, regulation may come to be seen more positively, reassuring legitimate users and service providers who ultimately want a safe and secure marketplace and can boost the growth of VC’s over the next 10 years as its reputation continues to grow.
Introducing regulation may come though at a price, albeit one worth paying. Chainalysis predict, “forcing onerous investment and friction onto regulated businesses, could reduce their prevalence, drive activity to decentralised and peer-to-peer exchanges, and lead to de-risking by FI’s. Such measures would decrease the transparency that is currently available to law enforcement.”