Rules Navigator

Register

New focus for compliance as crypto goes mainstream

Illustration of people standing by pile of bitcoin
Graphic: Getty Images

Julie DiMauro

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

The significance of US legislation and the risk-management imperative.

As cryptocurrencies edge closer to mainstream adoption, they pose significant challenges to compliance and legal departments in financial services firms, as well as to regulators and the investing community.

Effective regulation and mindfully constructed compliance policies within businesses are critical to sustaining growth in the digital asset space, with the all-important balancing act being between innovation and investor protection and achieving the right approach when it comes to retail versus institutional investors.

In the US, the SEC has accepted digital assets as an integral part of the future financial ecosystem; certain companies can offer and trade a variety of electronically traded funds made up of certain digital assets, and the Trump administration has opened the door to cryptocurrencies being a component of certain employer-sponsored retirement funds.

Congress has passed and is working on legislation, described more below, that focuses on stablecoins specifically and on market structure issues for all digital assets more broadly. Each of them could help rectify the regulatory limbo that had characterized crypto policy in America.

Fraud remains rampant

As these regulatory and legal measures are further refined and implemented, there is an overarching concern – because fraud remains rampant in the cryptocurrency space.

Criminals have capitalized on the growing attention to virtual currencies, their anonymous features, their still-mostly unregulated nature, and the public’s desire for quick payments that avoid a traditional banking fee. Plus, there’s just a general lack of understanding or appreciation of their incredible volatility.  

Scammers can distort prices and investment returns and may even defraud people into buying non-existent crypto assets. They can reach a wide array of individuals easily online, and they can use celebrity endorsements that end up being fake.

Though cryptocurrency blockchains are highly secure, off-chain crypto-related key storage repositories, such as exchanges and wallets, can be hacked.

With growing interconnections between the crypto world and the traditional financial system, strengthening compliance programs has become even more urgent.

And for compliance professionals, they can be used in more sophisticated criminal activities that ensnare the firm, posing money laundering threats in particular, since existing anti-money-laundering (AML) approaches that rely on trusted intermediaries have limited effectiveness with decentralized record-keeping in permissionless public blockchains.

With growing interconnections between the crypto world and the traditional financial system, strengthening compliance programs to guard against money laundering and other forms of illicit activity has become even more urgent.

The good news in the fraud context is that some of the technological aspects of the assets offer some promise in terms of fraud surveillance: The transaction history on blockchains can enable AML compliance efforts by showing the history of any unit of a crypto asset, including stablecoin.

And as more businesses understand the indicia of financial criminal activity, employ more people with relevant skill sets, and use more refined techniques and technology to monitor transactions, their crypto asset supervisory posture will make it far harder for criminals to use their organization to further their aims.

Legislative overview

While the realities of finding consensus among lawmakers on cryptocurrency have delayed some lawmaking progress so far, the passage of the GENIUS Act in late July, is a sign that lawmakers are making inroads.

The GENIUS Act – or Guiding and Establishing National Innovation for US Stablecoins Act – passed by a bipartisan vote of 308 to 122 in the US House of Representatives after passing in the Senate a month prior.

The law establishes a regulatory framework for “payment stablecoins” – generally defined as digital assets redeemable at a fixed monetary value and used for payments or settlement.

The law does the following (among other things):

  • permits payment stablecoin issuers, including subsidiaries of insured depository institutions; nonbank entities, Office of the Comptroller of the Currency (OCC)-chartered uninsured national banks; and OCC-approved federal branches; and entities established under state laws and approved to issue payment stablecoins;
  • establishes requirements for Issuing Payment Stablecoins, including requirements for reserves, disclosures (such as fees, redemption), audits and certifications;
  • creates capital, liquidity and risk management requirements to be issued by the federal payment stablecoin regulators and including risk-based capital and capital buffers, liquidity standards, reserve asset diversification, and risk management principles;
  • enumerates Bank Secrecy Act (BSA) and sanctions laws requirements, where permitted payment stablecoin issuers would be treated as “financial institutions” for purposes of laws related to economic sanctions, anti-money laundering, customer identification, and due diligence.

Still being debated in Congress at the time of this publication is the Digital Assets Market Clarity Act (CLARITY Act), which needs a majority vote in the Senate after getting approved by the US House with significant bipartisan support. As passed, the bill would establish a market structure, including regulatory oversight by the Commodity Futures Trading Commission (CFTC) and the SEC for the offer and sale of digital assets.

As currently drafted, the bill notes that entities are expected to comply with “core principles” that include trade monitoring, record keeping and reporting, antitrust considerations, and conflicts of interest, as well as additional requirements including provisions related to BSA/anti-money laundering compliance and custody.

The Central Bank Digital Currency (CBDC) Anti-Surveillance State Act passed out of the House on a 219 to 210 vote and awaits passage in the Senate. As passed, the bill (among other provisions) would prohibit the Federal Reserve Banks from offering, directly or indirectly, a CBDC, or any digital asset that is substantially similar under any other name or label, to an individual through a financial institution or other intermediaries. 

Crypto fraud overview

Some crypto-related frauds have already been referenced above more generally, but some of the more specific and prevalent ones are:

Investment or business opportunity frauds

Investment or business opportunity frauds often start with an unsolicited offer, typically to become a cryptocurrency investor, that lures you to a fraudulent website to learn more about the apparent opportunity. Once on the site, you’re encouraged to invest and make money quickly. The website might even have celebrity endorsements or testimonials that are fake.

Once you complete your transaction the offer never comes into being, and you don’t see your money again.

Imposter or impersonation scams

An imposter or impersonation scam is when a cybercriminal poses as a trusted source to convince victims to complete a cryptocurrency transaction. This might be under the guise of government authorities, credit card providers, banks, a service provider or even a fake celebrity and they will often reach out via email and request you complete payment via cryptocurrency.

Blackmail or extortion scams

Blackmail or extortion is when you receive a message that someone has compromising information about you – be it photos, videos, confidential data etc. – and they request you pay them money or else they’ll release it.

Romance cryptocurrency scams

Cybercriminals play the part of an online love interest and gain a victim’s trust before asking them to send money. Once the victim does, the cybercriminal takes the money.

Romance cryptocurrency scams follow the same approach, but the funds are requested in cryptocurrency and are much more difficult to reverse.

Fraudulent initial coin offerings (ICOs)

Scammers have found ways to make money by creating fake cryptocurrencies or hyping an existing currency by offering buyers a chance to get in on the ground floor of an ICO. Once they have enough investors, they will disappear with all of the ‘invested’ funds, leaving investors with nothing.

Digital currencies can be used for illicit activity through exchanges, peer-to-peer exchanges, mixers (a service that mixes different streams of potentially identifiable cryptocurrency), and darknet markets, which increase the risk of money laundering and terrorist financing.

Companies transacting in crypto assets must augment traditional AML procedures to include crypto-specific tracking and analysis in their compliance regimens.

, , , , , , , , , , , ,
You may also like