Crypto to Become One of the ‘Safest Environments Ever’

Cryptocurrency experts discuss regulatory fragmentation, rapid travel rule adoption, and good compliance practices for VASPs.

In January, blockchain analytics firm Chainalysis issued a report revealing findings that just 0.34 percent (USD 10 billion) of all cryptocurrency transactions in 2020 represented illicit activity, down from roughly 2.1 percent (USD 21.4 billion) a year earlier.

But if you’re listening to the sensationalisation of individual adverse events by the media or politicians you might have a more negative perception of the crypto sector, according to panellists at a recent webinar hosted by Refinitiv.

Yet, one of the biggest changes in how the industry is perceived in recent years has been among law enforcement and regulators who are actively working with blockchain technology and using its traceability benefits to crack down on crime, according to Pelle Braendgaard, Chief Executive Officer at Notabene, which helps companies manage regulatory and counterparty risk in crypto transactions.

“All the data is there, they can trace everything, which is why they are able to solve things like ransomware. In almost all the major [ransomware] cases, they’ve been able to trace and isolate funds pretty easily and pretty quickly,” Braendgaard said. “The reality of it is that if you’re a money launderer, Bitcoin and crypto is really one of the absolute worst tools out there for it.”

Uneven patchwork of regulation

Despite the rapid development of tools to address concern over illicit activity in the crypto space, the FATF (Financial Action Task Force) said in its second 12-month review of the implementation of its revised Standards on virtual assets and VASPs (virtual asset service providers) that the industry is not moving quick enough, and countries are not implementing regulations fast enough.

According to Malcolm Wright, Chief Compliance Officer at 100x Group, which owns and operates popular crypto exchange BitMEX, some countries are further ahead than others – and this is creating an uneven patchwork of regulation which results in regulatory arbitrage by some VASPs moving to jurisdictions where doing business is easiest.

The FATF would like to see regulators level the playing field, and have fairly similar regulations in place, so that there isn’t any opportunity for firms to circumvent the rules, Wright said.

The fragmented and rapidly evolving regulatory landscape also makes compliance with AML rules more difficult, particularly for large VASPs operating on a global basis, said Grace Chong, Of Counsel at Simmons & Simmons JWS, where she manages regulatory and digital business and represents crypto exchanges, brokers and custodians.

She noted that countries are implementing travel rule and AML requirements differently, with variations in thresholds, while suspicious transaction reporting rules also differ by jurisdiction. All of this can be “extremely challenging” for firms operating in multiple jurisdictions, Chong said.

Regulatory arbitrage to end

According to Braendgaard, who helps companies implement the travel rule, the issue of regulatory arbitrage will likely come to an end in the next one to two years, even if some countries fail to keep pace with implementing national regulatory frameworks for VASPs.

“The really interesting thing is that we’re now seeing a lot of exchanges actually sign up with us, not because it’s a requirement yet, but because their counterparties are in jurisdictions where it’s a requirement, so they now need to implement it [the travel rule],” he said. “This is coming ahead of the local regulation.”

Braendgaard added that initially there was a worry that adoption of the travel rule would be low. However, the industry adoption is now occurring much more rapidly, primarily for business reasons as opposed to simply meeting local regulatory requirements, he said. “I think this is really what’s going to help push it out over the next year.”

There indeed appears to be a broad recognition from industry players of the path ahead, and many crypto exchanges have decided to get ahead of it and started to put in place good practices, including systems to adopt the travel rule, Wright said.

Travel rule implementation

He describes travel rule implementation as having three parts, the first involving the messages that need to be transmitted between VASPs. Last year, industry bodies including GDF (Global Digital Finance), where Wright chairs the AML working group, developed a messaging standard called IVMS101. This has provided a standard data model for VASPs to use to transmit originator and beneficiary information as required by the travel rule.

The second part is the transfer protocol to ensure the IVMS101 message is transmitted securely. While a number of firms provide transfer protocols, the industry is still working to make sure the different protocols can “talk to each other” in a seamless way, Wright said.

The third part involves being able to ensure that data is being stored securely at VASPs. In February, BitMEX released guiding principles for VASPs on good data storage practices when travel rule data is transmitted. The principles cover access management, travel rule data security, information protection, logging and monitoring, incident management, and privacy.

Meanwhile, the FATF in March consulted on updated guidance for virtual assets and VASPs and is working on issuing a final version by November this year. The guidance provides further clarity on the travel rule, and the need for VASPs to use the information obtained from KYC processes, or from the originating institution, to perform sanctions screening.

Immediacy of screening results

The panellists highlighted the challenges for VASPs to comply with the sanctions screening obligations, particularly if they are not collecting information like date of birth and nationality, as this will result in high false positives and slow down customer onboarding. Besides standardising KYC processes, VASPs will need to deploy reliable screening systems like World-Check which allow automation, immediacy of results, and flexibility to adjust thresholds to manage false positive rates.

The World-Check database is already widely used in the broader financial industry. It covers 100 percent of sanctioned entities globally, contains millions of additional records not found on official lists including data on PEPs (politically exposed persons), and features negative media screening functionality to identify further potential for regulatory, legal and reputational risk.

“The travel rule for the first time in crypto allows a better way for institutions to collaborate before the transaction happens,” said Braendgaard. He noted that the latest FATF guidelines say that the transmission of travel rule data should occur immediately, to allow for any freezing actions to take place before the underlying transaction gets settled.

“I believe blockchains and cryptocurrencies, with the correct tools with the correct trained staff, it’s really going to be one of the safest environments ever,” he said.

Hallmarks of good compliance

Looking ahead, Wright said good compliance for a crypto exchange could eventually entail onboarding other exchanges “almost like a correspondent bank” with a Wolfsberg Group-style due diligence questionnaire. This would allow for easy bi-directional onboarding that will include questions on areas like transfer protocols, screening practices, and data storage.

“What we are now building is a very robust ecosystem between exchanges that will allow for the transfer of this information, but will also help to raise the game because if you’re not at that level, then you will eventually find it very hard to transact with those exchanges that are,” Wright said.

For Jason Yu, Compliance and AML Director at HashKey Group, the hallmarks of good compliance would be tone from the top, senior management accountability, clear roles and responsibilities, having in place policies and procedures on controls, having the correct tools and technology to enable the compliance function, well-defined escalation procedures, good record keeping and having a training programme in place.

For more practical guidance on crypto compliance, watch this webinar on demand.

To Top
Share via
Copy link
Powered by Social Snap