Written by James Thomas on Monday 4 January, 2021
“In the first five months of 2020, crypto thefts, hacks, and frauds totalled $1.36bn, suggesting 2020 could see the second-highest value in crypto crimes ever recorded. In a trend that continues from last year, fraud and misappropriation still make up most of the year’s stolen crypto compared to hacks and thefts.”
- CipherTrace Cryptocurrency Anti-Money Laundering and Crime Report, Spring 2020 [1]
2020 has seen a plethora of fraud risks unleashed by COVID-19, as criminals have seized upon the fear and disruption created by the pandemic [2], including potential weaknesses associated with work from home arrangements and temporary regulatory reliefs introduced to support firms and individuals through the crisis.
In a recently published article we reviewed the main frauds of 2020. In this piece, however, we consider the convergence between the pandemic and the ongoing digital revolution. Specifically, we highlight how the coming together of the two is further focusing the minds of both criminals and the anti-financial crime community on the fraud risks and opportunities associated with cryptocurrencies.
COVID and life online
The pandemic has led to a growth in online activity [3] as individuals, confined to their homes as a result of global lockdowns, have increasingly accessed services and products virtually as opposed to physically. While cash transactions were already in decline [4] prior to the pandemic, COVID-19 has accelerated (and has potentially locked in) the trend towards cashless payments. Indeed, the World Health Organisation has identified physical money as a vector for the virus, encouraging the use of alternative payment methods.
It is worth noting that criminals have also been living through lockdown conditions, making it more difficult for them to access their physical networks and the cash economy. Therefore, while cash has traditionally been king [5] in financial crime, the restrictions imposed by the pandemic may have led wrongdoers to look more closely at the possibilities presented by virtual currencies.
As Tim Tyler, Head of Financial Crime Compliance, ICA, suggests: “While there is, as yet, no firm evidence of this trend, it is reasonable to anticipate that criminals will be defaulting to use cryptocurrencies amidst the pandemic, because of the difficulty in meeting people and exchanging value, and because of the attractiveness of crypto due to its opacity when compared with traditional banking services or credit cards.”
Crypto-related frauds
Many crypto-related frauds are not necessarily novel variations on more traditional frauds with the substitution of virtual for fiat currencies. Rather than devising new schemes, criminals are therefore capitalising on the novelty of the asset class itself, and the technology underlying it, which renders it both poorly understood and, to date, on the fringes of regulatory scrutiny. Notable crypto frauds in 2020 have included:
- Payment for non-existent products – often related to COVID – which are never delivered to the purchaser. This is a continuation of an existing trend. In the US, “cryptocurrency scams rose to the second riskiest scam in 2019” according to the Better Business Bureau (BBB), and “32% of these scams involved the trade of cryptocurrencies for goods, services or fiat currency”. However, it has been exacerbated by the demand created by COVID for health-related products (from PPE to medications etc). Exploiting the climate of fear, COVID-fraud scams often involve the impersonation of legitimate, trusted entities (such as the Red Cross) to extract payment in cryptocurrencies.
- Blackmail and ransomware – Payment of ransom demands in crypto has been a favoured approach for some time; the WannaCry attack providing perhaps the best-known example. With the advent of COVID, the FBI reported “a new twist on this scam. The correspondence claims that the writer will both release your information and infect you and/or your family with coronavirus unless payment is sent to a Bitcoin wallet.”
- Investment fraud – In July the UK’s Fraud Advisory Panel noted a rise in investment fraud, in particular cryptocurrency-related scams. Due to the hype surrounding crypto, and the promise of significant returns, many unsophisticated or first-time investors have been lured into investing in such schemes. Although crypto investment fraud predates COVID, it is conceivable that the pandemic (which has simultaneously seen returns falter on many traditional investment products at the same time as individuals have come under increased financial strain) may have exacerbated the problem, driving vulnerable investors to seek returns that are, literally, too good to be true. Examples of frauds involving crypto investment include:
- Fraudulent Initial Coin Offerings – An initial coin offering (ICO) is the cryptocurrency industry's equivalent to an initial public offering (IPO). Such is the problem of fake ICOs that the US Securities and Exchange Commission (SEC) earlier this year launched its own fake ICO website as a means of educating investors about the risks associated with them.
- One notable trend has seen celebrities or businesspeople charged with promoting ICOs on social media without disclosing that they had been paid to do so. Most recently, “US federal prosecutors are pushing for a heavy prison sentence to be levied against one of the founders of Centra Tech – the company behind a notorious initial coin offering in 2017 that was promoted by professional boxer Floyd Mayweather and musician DJ Khaled”.
- As an aside, the potential for the combination of celebrity endorsement and social media to lure unwary investors was further demonstrated when the Twitter accounts of several high-profile figures were hacked and used to post fraudulent Bitcoin ‘give-aways’.
- Fraudulent cryptocurrency investment platforms
- Fraudulent or unregulated cryptocurrency exchanges
- Ponzi schemes – significant recent examples being the billion dollar Wotoken scheme in China, and a $722m crypto mining fraud scheme that “solicited money from investors in exchange for shares of pooled investments in cryptocurrency mining and that rewarded existing investors for recruiting new investors”.
- ‘Pump and dump’ schemes – Once again, the role of social media can be fundamental to these frauds. Instead of using boiler rooms to inflate the value of a share, as is typical in conventional pump and dump schemes, “price pumps are conducted by spreading fake information about a coin on social media”
Regulatory momentum
As alluded to above, regulation has largely been playing ‘catch up’ in this rapidly-developing space. However, the FATF has been instrumental in building momentum towards the development of global standards. Indeed, speaking at the ICA’s BIG Compliance Festival, FATF President, Dr Marcus Pleyer, highlighted crypto as a potential “weak link” in the financial system and stressed that the FATF will continue its efforts in this area.
Key to these efforts has been the FATF’s 2015 Guidance for a Risk-based approach to Virtual Currencies, which focused on “points where virtual currency activities intersect with and provide gateways to and from (i.e. the on and off ramps to) the traditional regulated financial system”. Its 2019 publication – Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers – expanded the 2015 Guidance, and was instrumental in helping to develop understanding of the risk-based approach to virtual assets and virtual asset service providers (VASPs).
“The FATF’s definition of crypto as a ‘virtual asset’, and its definition of VASPs, was a seismic evolution for the whole sector, providing regulators with clarity,” suggests James Wood-Rickett, AML/Financial Crime Prevention Course Director, ICA. “At the European level, a further significant development came with the Fifth Money Laundering Directive (AMLD5), transposed earlier this year, which applies to crypto exchanges. This has provoked a lot more awareness of VASPs in the industry. Banks have been wary of dealing with VASPs, but that is now becoming easier as they now fall under similar controls.”
Significant further regulatory developments include:
- The FATF’s announcement that progress has been made towards the implementation of its ‘travel rule’, which “requires VASPs such as cryptocurrency exchanges, digital wallet providers and even some financial institutions including banks dealing with crypto assets, to ensure that certain customer data is disclosed and transferred.”
- The European Commission’s adoption on 24 September 2020 of the Digital Finance Package (DFP). This includes “The European Commission's proposed Regulation on Markets in Crypto-assets (MICA) [which] will bring within the scope of regulation all crypto-assets not already covered by EU financial services legislation.”
- In the US at the start of the year, the Crypto-Currency Act of 2020 was drafted “to add clarity to the cryptocurrency industry and provide a clear framework for crypto regulations in the US.”
There is some early evidence of the effects of this increased regulatory attention. According to the CipherTrace report:
“The global average of direct criminal funds received by exchanges dropped 60% from 2017 to 2019, most of which occurred in the last year with a 47% drop from 2018 to 2019 … As more crypto AML regulations are implemented around the world (including AMLD5 in Europe), many criminals are finding it harder to offload their illict funds directly to cryptocurrency exchanges – the most common crypto-to-fiat offramp.”
However, the report warns that this “does not necessarily mean exchanges are actually receiving fewer criminal funds”. It may simply be that, in the face of stronger controls, criminals are working harder to disguise the origins of these illicit funds
The UK’s National Crime Agency’s recently-published Suspicious Activity Reports Annual Report 2020, provides some additional indication of the greater scrutiny being placed on the virtual asset space, from within the FinTech industry itself. It notes that: “The most significant growth in SARs [suspicious activity reports] was seen from financial technology (FinTech) companies. Such firms submitted 83,609 SARs in 2019-20 – up 263.94% from 2018- 19 (22,973)”. NB: ‘FinTech’ here refers to “companies enabling payments or transfers of value by using new or emerging technologies”.
With regulation gathering momentum, the onus is therefore on compliance to continue to develop its knowledge of this burgeoning field. Indeed, crypto is not going away but is expected to become increasingly mainstream, with some predicting that its use in financial services will mature rapidly. For example, in August Fidelity launched a crypto fund for wealthy investors. As customers become increasingly fluent in these virtual assets, the requirement for CDD analysts, for example, to be familiar with crypto will only increase.
Opportunities
Finally, with greater understanding of crypto and its underlying technology, will emerge opportunities to improve compliance processes. Indeed, there is growing discussion amongst regulators, central banks and governments regarding the potential presented by blockchain technology to improve efficiencies in all areas of the economy. Again, some of this discussion has been inspired by challenges witnessed during the pandemic, for example: “Medical supply, pharmaceutical and other industries may look more closely at how distributed ledger technology can fix some of the problems we’ve seen in supply chains and distribution of critical goods.”
More specifically, in the field of financial services regulation and compliance “blockchain technology could become a useful tool in reducing complications associated with financial regulatory compliance and transparency”. Indeed, FATF’s President Dr Marcus Pleyer has made it clear that the FATF will pursue technological initiatives aimed at improved effectiveness and efficiency in fighting financial crime, while balancing these against data protection requirements.
As ICA’s Tim Tyler concludes: “The heart of this is that the blockchain offers a public, and potentially transparent, ledger that records activity. The Bitcoin ledger is public and transparent, the information is there and you and I, if we had the right tools, could look at it. The difficulty is that it doesn’t show real peoples’ details: it doesn’t show name and address, it just uses unique identification numbers. But the blockchain could require you to enter your details before permitting a transaction or another record to go ahead. So, on the one hand, blockchain is currently being used by criminals because it is opaque, but on the other hand it has the potential to be used as part of the solution. It could be used in conducting due diligence, it could be used to identify source of funds, it could be used as a way of tracking activity in a supply chain, for instance.”
References:
[1] Cipher Trace, Cryptocurrency Anti-Money Laundering and Crime Report, Spring 2020, 2 March 2020, https://ciphertrace.com/cryptocurrency-anti-money-laundering-and-crime-report-spring-2020/, Last accessed - 4 January 2021
[2] Europol, 'HOW COVID-19-RELATED CRIME INFECTED EUROPE DURING 2020', 12 November 2020, https://www.europol.europa.eu/publications-documents/how-covid-19-related-crime-infected-europe-during-2020, Last accessed - 4 January 2021
[3] Europol, 'BEYOND THE PANDEMIC - HOW COVID-19 WILL SHAPE THE SERIOUS AND ORGANISED CRIME LANDSCAPE IN THE EU' 30 April 2020, https://www.europol.europa.eu/publications-documents/beyond-pandemic-how-covid-19-will-shape-serious-and-organised-crime-landscape-in-eu, Last accessed - 4 January 2021
[4] The Independent, 'Has Covid finally killed off the UK’s love of cash?', 23 June 2020, https://www.independent.co.uk/money/coronavirus-cash-notes-coins-virus-clean-dirty-cards-contactless-rural-elderly-cashless-a9580626.html, Last accessed - 4 January 2021
[5] Europol, 'CASH IS STILL KING: CRIMINALS PREFER CASH FOR MONEY LAUNDERING', 8 July 2015, Link, Last accessed- 4 January 2021