Elliptic’s David Carlisle and Onchain Custodian’s El Lee discuss opportunities for the banking and cryptoasset industries to learn from one another in the fight against financial crime.
The recent unauthorised leak of over 2,000 suspicious activity reports (SARs) from FinCEN has shed light on how illicit actors target the banking system. The information illegally disclosed in this leak has raised concerns across the globe among policymakers, regulators, compliance professionals, and the general public about whether the current AML regime is fit for purpose.
While press reporting on the so-called “FinCEN Files” has focused on the institutional scale of the suspected money laundering that is alleged to have occurred, public debate has centred on whether the financial institutions involved, and those charged with oversight of them, were ultimately culpable in underlying criminal activity.
Is fiat money “dirtier” than cryptoassets?
Many observers in the cryptoasset industry have pointed to the scale of the suspicious activity detailed in the leaked files as ostensible evidence that the incumbent financial system is ultimately “dirtier” than the cryptoasset sector. To some, the contents of the SARs are evidence that concerns about cryptoassets being used for illicit activity may be misplaced, and it is the banking sector that may need to get its own house in order.
However, the real lesson here is not about whether fiat currencies or cryptoassets are ‘dirtier’, or which market deserves more blame for financial crime. Rather, the revelations of the FinCEN Files present an opportunity to reflect on how participants in both sectors can learn from each other.
Indeed, there are governance and compliance practices that the cryptoasset sector can adopt from the banking sector. Likewise, incumbent financial institutions should now consider whether the distributed ledger technology underpinning cryptoassets can help to improve a decades-old AML regime and rebuild public trust in the financial system.
Digital transformation of financial crime
The SAR reporting regime was designed more than two decades ago and still contains many inefficiencies derived from an analogue approach to detecting and reporting financial crime. This approach to combating financial crime is seen as outdated, indicating a need to update the current system.
Law enforcement agencies frequently lack the capacity to analyse the large volumes of SARs that financial institutions file. Meanwhile, financial institutions are often incentivised to focus on tick-box compliance, filing SARs just to satisfy legal and regulatory requirements.
These problems combine to produce a largely reactive system, one that is slow to identify illicit finance threats and fails to produce high-quality intelligence at the scale and pace needed to effectively combat the multi-trillion dollar world of financial crime.
Despite misperceptions that they are almost exclusively the domain of criminals, cryptoassets offer instructive lessons for improving current practices in financial crime detection.
Transparency means traceability
Contrasting with frequently-cited concerns about “anonymity” – bitcoin and most other cryptoassets are highly transparent. Because all transactions are recorded on public blockchains, information about all historical fund flows in a given cryptoasset can be readily accessed and analysed.
It is true that cryptoasset addresses are generally pseudonymous, however once they are linked to real-world identities, such as sanctioned individuals, illicit marketplaces, or cybercriminals, information about illicit funds flows is readily attainable and viewable in real-time.
This transparency can enable full traceability for AML purposes not possible in the mainstream banking sector. Banks and other financial institutions are generally limited in their ability to follow an entire trail of funds to its ultimate source. Barriers to information sharing can frequently make it difficult for banks to obtain information from peer institutions about suspected illicit transfers.
Law enforcement agencies similarly face a daunting amount of paperwork to obtain banking records from their overseas counterparts. This siloing of information reinforces many inefficiencies of the SAR regime. Cryptoasset blockchains, however, provide a fully open and public record of transactions that both compliance professionals and public sector agencies can leverage to identify illicit funds flows.
The impact of this transparent ecosystem on financial crime was demonstrated powerfully in the Twitter hack of July this year. In what was considered a major incident, criminals hijacked the Twitter accounts of high profile celebrities and politicians and solicited bitcoin payments from unsuspecting victims. Within minutes of obtaining the cryptoassets, the perpetrators attempted to launder the stolen bitcoin – relying on tools such as bitcoin “mixers” to attempt to obfuscate the trail of funds.
Yet, these laundering attempts fell short. Blockchain analytics frms including Elliptic were able to follow the flow of funds in real-time, allowing regulated businesses and law enforcement to trace the transfers to their beneficiaries. The hackers were arrested in just 16 days.
Rapid development of crypto AML compliance
Blockchain analytics has yielded powerful and tangible AML compliance results for the cryptoasset industry. While in the early days of bitcoin, criminal activity comprised as much as 35 percent of all transactions, Elliptic research has shown that today illicit activity comprises less than 1 percent of all bitcoin transactions. The underlying transparency of cryptoassets has been critical in enabling this massive decline.
This diminishing prevalence of criminal activity in cryptoassets is also bolstered by regulation, which is increasingly viewed as necessary to ensure the industry is doing business in a sound and responsible manner and takes measures to manage risks. Regulatory oversight builds trust among the public that the industry is able to actively deter criminal activities.
The introduction of the Travel Rule for virtual asset service providers (VASPs) by the Financial Action Task Force (FATF) in June 2019 has further enhanced transparency in the cryptoasset space. Under FATF Recommendation 16, VASPs are required to share information about the originators and beneficiaries of all transfers of digital funds. The rule will apply to all VASPs, financial institutions and obliged entities, making the identification of digital wallet owners easier than ever before.
National regulators around the world have already begun moving to introduce legislative changes designed to align their domestic AML requirements with the revised FATF Recommendations. Last month, the Monetary Authority of Singapore (MAS), Hong Kong Securities and Futures Commission (SFC) and South Korea’s Financial Services Commission (FSC) all proposed new rules for VASPs.
Rather than relying on existing licensing regimes, which are often not fit-for-purpose within the cryptoasset space, these legislative changes establish each jurisdiction as digital asset financial centres that are committed to innovation and industry growth, customer protection and the prevention of financial crime. This will ultimately enable the safe, responsible mainstream adoption of crypto assets.
In Singapore, MAS has expanded on its previous definition of a VASP to include Digital Payment Token (DPT) service providers that facilitate activities involving the custody or transfer of such tokens. In light of recent hacks and cyber attacks against VASPs, as well as lapses in corporate governance, the formal addition of custody to the licensing framework under Singapore’s Payments Services Act (PSA) will reinforce robust security and ensure safekeeping of cryptoassets. As such, any VASPs that control customer assets and are applying to the MAS, must either attain the custody licence or work with a third-party custodian.
VASPs like Onchain Custodian have welcomed the increased regulatory clarity, recognising that custody services require regulatory oversight to establish the trust and confidence needed for institutional investors, family offices and high net worth individuals to invest in the cryptoasset sector.
This is a notable departure from early parallels drawn between cryptoassets and the Wild West, where accountability for security and protection was largely placed upon the user. The combination of regulatory certainty, enhanced AML requirements, and the availability of compliant and insured custody services have been critical in driving sophisticated investors into cryptoassets, stablecoins and asset-backed tokens so far this year.
The cryptoasset sector has embraced the challenges that come with greater regulatory oversight, in the knowledge that it will pave the way for a maturation of the industry and promote a culture of greater openness and transparency. As regulators increasingly crack down on cryptoasset businesses that fail to comply with national rules, it is evident that the businesses that remain will be able to engender the trust needed to advance the industry as a whole.
Where fiat and crypto compliance converge
Yet, there is still much work to be done. The truth is that the banking and cryptoasset sectors can learn from one another as they work to improve effectiveness in the fight against financial crime.
The banking sector can look to cryptoasset solutions like blockchain analytics for inspiration to design more open, transparent, and efficient ways of identifying suspicious activity. The cryptoasset industry, meanwhile, can look to the experience of the banking sector in meeting regulatory challenges and promoting greater accountability.
A more open financial system is ultimately in the interest of all participants – incumbents, and cryptoasset businesses alike. It’s time for all committed parties to avoid finger-pointing and instead take an innovative approach to building trust and transparency.
David Carlisle is Head of Policy and Regulatory Affairs at blockchain analytics firm Elliptic; El Lee is Chief Operating Officer at Onchain Custodian, which specialises in safekeeping of institutional digital asset investments.