Crypto Regulation Masterclass: Risk-based approach to digital assets necessary for compliance officers

Compliance officers at financial institutions feel they still have a low understanding of digital assets, blockchain, and their surrounding legal issues. That was the main takeaway from a two-hour workshop hosted by RAW Compliance and featuring the Bitcoin Association‘s Southeast Asia Manager, Ella Qiang.

Wallet security, digital asset ATM networks, and the speed at which money can move around and exit the blockchain space remained the primary realistic concerns for those involved—rather than past-hyped stories such as darknet markets and theoretical “51% attacks.” However terrorist financing could still be a concern due to anyone’s ability to post a public address anywhere on the internet and receive funds from any source, anywhere in the world.

Many issues could be met with “traditional” investigative methods and there were perhaps more problems concerning more common financial crimes that used digital assets, like investment scams, extortion, and money laundering.

It was also clear that blockchain itself is a constantly changing industry. Its almost-daily new developments can easily leave those impacted by it (but who aren’t direct participants) with outdated information and a lack of understanding of what they should be focusing on.

RAW Compliance (which stands for “Real Authentic Awareness”) is a networking group for compliance officers that enables them to gather, share opinions and discuss issues impacting their work, particularly on cultural and technological issues.

The March 17 session, held via Zoom, was Part 4 in a six-part series of events designed to bring compliance officers together with blockchain forensics investigators, law enforcement veterans, advocacy groups, and those representing digital asset businesses themselves, such as exchanges.

Wide range of blockchain risk experience

Joining Ella Qiang were speakers Scott Johnston (former Met Police officer in the U.K. and now with Chainalysis), Onchain Custodian CEO and co-founder Alexandre Kech, Chief Compliance Officer at 100x Group (parent company of BitMEX) Malcolm Wright, Merkle Science’s Ian Lee, Inca Digital Head of Investigations Paul Marrinan, AML Expert at Minerva Stratagem Consulting Dev Odedra, and investigator Adebayo Tiamiyu.

Host Oonagh Van Den Berg reminded participants their role is not to be “business prevention officers” and that the industry needed to build from a risk perspective, rather than being automatically suspicious of any activity involving this (relatively) new technology. Though large knowledge gaps still existed and participants may not fully understand the types of risks they should be looking for, they shouldn’t be afraid to ask questions and challenge leaders in their own organizations in order to work effectively.

Qiang noted that courts have recently ruled that “crypto assets” count as property, setting the legal framework for managing related issues. However, the situation regarding digital asset mining remained unclear in some places.

Making a point often reiterated in Bitcoin SV (BSV) but rarely heard outside it, Qiang said blockchains should be secured more by economic incentives than technology. Proof of work (PoW) mining remained more secure in this sense than proof of stake (PoS) and other methods, given that PoW operations require large facilities and a large public commitment to the operation. “It’s hard to hide a large mining facility,” she said, which would quickly lead to legal ramifications if they did anything wrong or illegal.

Is blockchain actually riskier than other financial activity?

The group discussed the typologies of crimes and other legal issues surrounding blockchain and digital assets. Thanks to past media reports, there’s a continuing belief among some that illicit activity comprises a large percentage of all blockchain-related transactions. Additionally, there remains an over-emphasis on technological issues like theoretical “51% attacks” on networks.

Kech also noted that 51% attacks were not realistic, at least on well-known blockchains like BTC and ETH, given the resources required to perform one and the existential risk an attacker would impose on the network they were trying to profit from.

Van Den Berg urged participants to read all the latest reports from firms like Chainalysis, Elliptic and CipherTrace if they wanted to stay up to date. Marrinan pointed out that some estimates show that only 1.4 – 2% of digital currency transactions represented some kind of illicit activity—far lower than some imagined, and matching levels found in the traditional financial ecosystem.

How much illegal activity is there?

However, it’s still possible the true extent of illicit activity in blockchain is unknown. Increased KYC requirements and regulatory compliance at exchanges/custodial services have improved investigators’ ability to trace transactions that pass through those systems. But funds that never passed through compliant systems or were never converted to fiat could remain undetected, since anyone could generate an address and use it to send/receive any size transaction instantly, from anywhere in the world.

For criminals, “cash is still king,” Marrinan said. Criminals were far more likely to use “cryptos” to obtain cash, rather than store or hide their gains. Malcolm Wright pointed out that illicit cash transactions reached about US$2 trillion in a year (digital assets were far lower, used to launder about $11.5 billion annually).

Lee reminded everyone that blockchains (apart from “privacy coins”) were pseudonymous rather than anonymous, and Wright agreed that the inherent traceability of blockchain transactions meant that the more criminals came to understand about digital assets, the less likely they were to try using them to hide their activities.

On that note, there was little to no discussion of privacy coins and whether they presented any problems greater than other assets. This is one area of blockchain that is still poorly understood by those other than users and investigators, with even the latter facing issues (again, for transactions that never touched exchanges or other compliant services).

Qiang said that her and her organization (Bitcoin Association) were keen to work closer with regulators and assist with understanding issues, and that the overall trend was towards more regulation in larger jurisdictions. Jurisdictions that remained un- or less-regulated may find their transactions being blocked or investigated to a larger extent than compliant ones.

Mixing, speed, and methods

Another issue of concern was “coin mixers” and some forensics firms’ techniques to trace transactions through them. Lee reminded everyone that “any cryptocurrency service that comingles its users’ funds is essentially a mixer,” including exchanges with “common wallets” for all users’ funds. Those with investigative experience were more worried about the speed at which criminals could transfer, exchange, and exit the system (and trade gains for off-chain, real-world assets) which made tracing transactions difficult, especially if companies were slow or reluctant to respond to queries.

The workshop also discussed digital asset ATMs, gambling, pre-paid and debit cards, the additional challenge of “DeFi” services, and ransomware attacks.

Human capital remained the weakest point in any system—legal or illegal. Phishing attacks and scams were still where ordinary people lost the most money, and poor security implementations at hastily-built exchange services were responsible for funds lost to hacks and social engineering.

Overall, the conclusion was that there needed to be regular and relevant communication between those involved, from blockchain industry representatives to investigators and those devising (non-blockchain companies’) compliance policies. It wasn’t necessary to be suspicious of all blockchain activity, but knowing and understanding exactly what’s going on would be a big improvement in determining the risks.

See also: CoinGeek Live presentation, Blockchain Intelligence: Analytics, Forensics & Compliance Tools for Bitcoin SV

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.