Our qualifications help compliance professionals develop relevant knowledge and best practice for operating within the fields of governance, risk and compliance, financial crime prevention and anti money laundering (AML). Awarded in conjunction with the Alliance Manchester Business School, The University of Manchester, you can be assured that you are studying for a worthwhile qualification that is the benchmark of excellence.

End Point Assessment


ICA is the trusted partner for you and your organisation.

Corporate Certification


Insight

Cryptocurrency is complicated – but it’s not going away

Written by David Povey on Monday November 16, 2020


"The future of money is digital currency" – Bill Gates

"I can say with almost certainty that cryptocurrencies will come to a bad end" – Warren Buffet

When such esteemed (and profitable) investors have such contrasting views about cryptocurrency, it is hard for the rest of us to say for certain if its influence is positive or malign. However, one thing is certain: it is here to stay. Cryptocurrency is no longer the plaything of criminals or confined to dark corners of the Web. These views are outdated, mere excuses to avoid confronting it. And, whilst no one can claim to be an expert, it’s still an area we must try to understand. We shouldn’t judge ourselves too harshly as it’s a complicated topic, but by accepting it and trying to get to grips with what it is – and how it works – we will be better placed to avoid regulatory censure and benefit from it.

This article will illustrate some of the challenges, even mysteries, of cryptocurrency and highlight the importance of everyone in compliance staying on top of it all. We’ll look at what regulators are trying to do, and we will also give you a tip on where to go to study this complex topic further.

The fast-evolving blockchain and distributed ledger technologies have the potential to radically change the financial landscape. But, their speed, global reach and above all - anonymity - also attract those who want to escape authorities’ scrutiny.[1]

The solution? As the saying goes, you can’t run before you can walk, so in this situation you need to understand the technology before comprehending how it is used. Cryptocurrency, blockchain, distributed ledger technology (DLT) – these are all terms becoming more and more common as they gain higher levels of adoption. It can be great for compliance (for example, DLT can be used to bring more transparency to business transactions and speed up global commerce) but it also has the potential to be an asset for criminals (the anonymity provided through blockchain can create a haven for criminals in which to operate). What about for the regulator? Well, this is not as clear cut as they sit in the middle and this is where their difficulties lie. Too much regulation stifles growth and adoption (at a time when the world is crying out for developments and improvements to how business is done) but too slack an approach allows criminals to run riot and exploit holes in regulation.

The problem for compliance professionals, then, is how to treat this burgeoning technology when we begin to encounter it? It’s really complicated but that’s ok, we’re all discovering and trying to understand it together. As with all risks, there are threats and there are opportunities. Clearly, we must follow regulatory guidance, but what happens when that evolves or is updated? Equally, what happens when new technology emerges so quickly that regulation can’t keep up? There are so many new products and novel ways of moving value globally that criminals are poised to exploit that regulators have a mighty challenge on their hands to stay abreast. So, let’s take a breath and see how regulators and authorities are attempting to do exactly that.

FATF viewpoint

Bitcoin exploded on to the scene in 2009, immediately catching the attention of the Financial Action Task Force (FATF). The most recent additional guidance was added to their recommendations in 2019.[2] As part of that addition, a 12-month review was planned for June 2020 and a survey of its membership and its broader Global Network was carried out in March 2020. Thirty-eight FATF members (37 jurisdictions and 1 regional organisation) and 16 FATF-style regional bodies (FSRBs) member jurisdictions responded.

Quite often when a new regulation is issued, or guidance given on a specific topic, there is the temptation to feel that its contents are sufficient to cover the need, and the issue resolved. However, it is rarely that simple. Regulations are complicated and the guidance that follows them can take a number of iterations to get right and take time to be absorbed. This is especially true in such fast-paced areas as new technology, virtual assets and cryptocurrency.

Click to enlarge:

The above shows that, while the recommendations are being implemented, there is still a long way to go to total adoption and full regulation. FATF is aiming to bring consistency through their Virtual Asset Service Provider (VASP) frameworks, the recommendations and their review. It will help you and your business to understand the FATF guidance and see how it relates to your firm. 

While crypto-assets do not pose a threat to global financial stability at this point, we remain vigilant to risks, including those related to consumer and investor protection, anti-money laundering and countering the financing of terrorism.

FATF, G20 Finance Ministers and Central Bank Governors Meeting, Fukuoka, Japan, 9 June 2019

 

EU takes its first steps

In addition to the recommendations from FATF, other jurisdictions are coming to terms with how to regulate this sector. The EU has found it is hard to set clear and strict rules given the opaque nature of the Internet (anonymity provided by IP addresses, data being moved quickly, locations disguised via a virtual network and so on). It is proving near impossible to apply sanctions in the world of cyber in the same way as against arms dealers or nuclear proliferation activities.

Nevertheless, the EU in November 2020 imposed its first cyber sanctions regime targeting Russian, North Korean and Chinese actors deemed responsible for cyberattacks against EU member states.[3] Similarly, the US has also pursued sanctions and indictments against Russian, North Korean and Chinese actors. However, attributing blame and guilt in the cyber-sphere often lacks what would otherwise be deemed essential evidence, either because governments don’t have access to incontrovertible proof, or because they are unwilling to provide it.

Further, given that IP addresses can be altered or hidden, the location of a perpetrator’s address constitutes neither adequate nor necessarily correct evidence of their true location. The easily blurred and untraceable nature of cyberspace will therefore make identifying the complete networks of individuals difficult. Cyber sanctions may consequently not result in significant asset freezes or have much impact on the financial networks supporting illicit cyber actors. Again, this is really complicated and it’s unsurprising that it’s taking some time for authorities to get to grips with it all.

"Cyber sanctions aim to apply conventional facets of sanctions, such as attribution, evidence gathering and asset freezes, to a sphere where gathering such information and accurately designating the actors involved is hampered by easily falsified links and challenges in tracing. The question is therefore whether the use of traditional sanctioning instruments, and sanctions themselves, can be of use in a sphere where weak and blurred connections limit who can be designated and intelligence sensitivities preclude publicising evidence." - Sasha Erskine, KYC360

 

What are nation states doing?

The US is yet to formulate a consistent legal approach to cryptocurrencies with laws varying from state to state. Federal authorities even differ in their definition of the term ‘cryptocurrency’: FinCEN doesn’t yet consider cryptocurrencies legal tender; in contrast, the IRS regards cryptocurrencies as property. Different terms being used for the same thing is just another example of how complicated this area is.

The situation in China is different. Cryptocurrency was initially handled very cautiously there but more recently has received some backing. In 2017, the People’s Bank of China banned initial coin offerings and cryptocurrency exchanges, and attempted to root out the industry by making token sales illegal. The biggest exchanges thus ceased trading. This all changed in 2019 when a Chinese court ruled that Bitcoin was digital property. Since then there has been a shift in cryptocurrency adoption, with Chinese President Xi Jinping calling for an increase in development efforts on blockchain. There is still some caution, but China is certainly a country with development on its mind.

 

So, what can you do? And why should you do it?

So why is this important to you? Well, the adoption of virtual assets, blockchain and cryptocurrency is rapidly increasing (a report by Chainanalysis found that of the 154 countries analysed, 92% had some sort of cryptocurrency activity) and the way we work, bank and live in years to come could well look very different to now, with some of these technologies being used to underpin our basic activities.

In a work environment, and focusing on compliance, it is going to be vital to not just monitor these changes but to take action to ensure you and your business remain compliant. A company that fails to evolve will lag behind and the same applies to compliance professionals – if you don’t keep yourself up to date then you too will be out of the loop. Educate yourself about the technology; demystify it. If you’re able to understand it and know what you’re dealing with, this will help you to manage risks and leverage value. Remember that it works both ways. If you’re a FinTech, understand how the technology is exposed to risk through its features and usability and find ways to control it.

 

There is a plethora of information available on virtual assets, crypto, blockchain and so on but to stay on top of it all is almost a full-time job. As mentioned at the start, no one is an expert in this area yet so all we can do is educate ourselves as best we can, and then share that knowledge.

A really good way to be in the know is to take a course on the subject and allow industry leaders to do the hard work for you. There are risks involved in this new technology and it is important to understand these, but it’s also important to understand the technology itself, including its benefits. At ICA we are proud to be launching ‘Demystifying Cryptocurrencies’, which will give you a fantastic understanding of some key areas including blockchain, DLT, cryptocurrency and virtual assets. Further details about the course can be found here

Cryptocurrency is confusing – there is little point in pretending otherwise. But through education and sharing knowledge we are all better able to understand it and adapt to its adoption and continued use. It’s here to stay, so we may as well get on board and enjoy the ride.

 

[1] Financial Action Task Force, ‘Virtual Assets’: https://www.fatf-gafi.org/publications/virtualassets/documents/virtual-assets.html?hf=10&b=0&s=desc(fatf_releasedate) – accessed November 2020

[2] Financial Action Task Force, ‘Outcomes FATF Plenary, 16-21 June 2019’, 21 June 2019: https://www.fatf-gafi.org/publications/fatfgeneral/documents/outcomes-plenary-june-2019.html – accessed November 2020

[3] Sasha Erskine, ‘The EU tiptoes into cyber sanctions regimes’, KYC360, 2 November 2020: https://www.riskscreen.com/kyc360/news/the-eu-tiptoes-into-cyber-sanctions-regimes/ – accessed November 2020


 


Comments:

Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:

Name

Country

Email *

Comment *



Search posts

View posts by Author


Help and support

Alternatively contact us on: +44(0)121 362 7534 / studentservices@int-comp.org (Qualifications)

or +44(0)121 362 7747 / membership@int-comp.org (Membership)

or +44(0)121 362 7657 / assessment@int-comp.org (Assessment)

or +44 (0) 121 362 7503 / epa@int-comp.org (End Point Assessment)