On 7 January 2018, the value (in terms of market capitalisation) of virtual currencies globally hit a high point of just over $800 billion – that’s equivalent to 7% of the liquid money supply in the US and Eurozone combined. For all the concern and skepticism expressed about virtual currencies, what is clear is that they are here to stay – and they are rapidly entering the mainstream of global finance.
As is often the case with financial innovation, regulators around the world are racing to catch up. While blockchain, the technology behind virtual currencies, is widely recognised as a positive development in the international fight against financial crime, the virtual currency market remains woefully under-regulated; Richard Cordray, Director of the Consumer Financial Protection Bureau, memorably described it as ‘the Wild West’ of finance.
In 2014, the European Banking Authority issued an opinion on virtual currencies, which identified 14 risks connected to financial integrity. The Financial Action Task Force (FATF) has also looked closely at the use of virtual currencies around the world, and found evidence that some had been used as a conduit to fund terrorist organisations. One convicted terrorist was found to have sent out instructions over social media, explaining how to use bitcoin to mask the movement of funds to ISIL.
The key AML-CTF risks identified by the FATF included the potential anonymity of virtual currencies, their global reach and the segmentation of services through a complex infrastructure of multiple entities spread across the globe, including in jurisdictions with weak AML-CTF frameworks. The FATF’s concerns are that virtual currency exchanges represent a gateway to the regulated financial system, making them an attractive option for money launderers. It recommended that these gateways should be actively supervised and monitored, to allow the authorities to identify individuals and entities who exchange virtual currency into fiat currency and vice versa.
Heterogeneous Regulatory Responses
So far, the regulation of virtual currencies has been light, with a few exceptions. In the US, anti-money laundering (AML) regulations have applied to anyone creating, obtaining, distributing, exchanging, accepting or transmitting virtual currencies since 2013. Money exchange bureaus that deal in virtual currencies must also be licensed.
Regulators across Asia are also turning their attention to virtual currency markets. In Japan, currently one of the biggest crypto currency sectors in the world, the government passed legislation in 2017 that requires exchange operators to report virtual currency transactions. Exchanges in Malaysia are now required to identify virtual currency traders, and South Korea has banned anonymous trading. Singapore’s central bank has said that it is also assessing the virtual currency market to see if investor protections are necessary.
In Europe, the approach has been more piecemeal. While the European Union has followed developments in virtual currencies, it did not take the opportunity to harmonise the regulatory framework for virtual currencies’ during the adoption of the 4th AML Directive back in 2015 (even though it was recommended by the European Banking Authority). As a result, individual EU member states have, until recently, been developing their regulatory response autonomously.
The European Union’s Response
But that changed on 19th June 2018 with the publication of the fifth revision of the European Commission’s AML Directive (5AMLD). The Directive is the first piece of European regulation aimed at addressing the money laundering and terrorism financing risks of virtual currencies. The revision expands the scope of the AML Directive to include virtual currency exchange platforms and custodian wallet providers as subjected entities. Member States are required to implement the Directive by January 2020.
In terms of the actual requirements, the Directive means that subjected providers of services in virtual currencies will need to:
- Identify their users (through a predefined set of reliable documentation)
- Collect a range of information about their intended use of the services
- Monitor their transactions (in order to ensure consistency with customer profile & intended use)
- Report suspicious activity to their competent Financial Intelligence Units
Although this is a founding piece of regulation for the virtual currency industry in Europe, the 5th Directive leaves some risks unaddressed. It does not include, for example, exchanges that only allow transactions from one virtual currency to another. Also, the Directive does not provide for the exchange transactions that are conducted outside of exchanges (p-to-p).
Further, the Directive does not introduce the requirement for service providers in virtual currencies to register or be authorised in their home member state, nor does it provide for the prohibition of virtual currency products or services that are expressly designed for guaranteeing anonymity or untraceable transactions.
Beyond AML-CTF Requirements
Subjection of service providers in virtual currencies to AML-CTF requirements will carry further operational requirements. Thanks to their newly constituted set of identification data, international sanctions screening will become mandatory. Additional requirements relating to sanctions compliance are also arising. In March this year, the US Office of Foreign Assets Control (OFAC) updated its guidance to include a section on virtual currency. OFAC added that it will use sanctions to “fight against criminal and other malicious actors abusing digital currencies and emerging payment systems”. One option open to OFAC is to include digital currency addresses associated with sanctioned individuals and entities onto its list of Specially Designated Nationals and Blocked Persons (known as the SDN list). It is also possible that authorities will consider banning dealings in some virtual currencies, either for foreign policy reasons (as OFAC did with Petro, as the virtual currency can help a sanctioned country to get access to financing, for example), or because of the technical features of the currency (such as if they are specifically designed to transact anonymously).
Concluding Thoughts – Engaging in Effective Compliance
Our new whitepaper, Virtual Currencies, the Wild West of finance? outlines regulators’ growing interest in virtual currencies. There is already a wide consensus among global regulators for regulation on virtual currency activities, and in particular to distinguish between legitimate use and financial crime. Virtual currencies are underpinned by a decentralised technological concept and as such, are truly borderless. An effective regulatory response to mitigate ML-TF risks of virtual currencies can only be global.
Regulators are focusing their attention on the providers of exchange services, extending know-your-customer (KYC) and sanctions screening requirements that are applied to banks and other institutions to those that deal in virtual currencies. This is the first necessary piece of a global regulatory framework for the virtual currency industry. It also circumvents the need for immediate stand-alone legislation as the scope of existing requirements can simply be extended to mitigate the most obvious risks. Under US Bank Secrecy Act, for example, virtual currency platforms are defined as “money transmitters” and must as such register with FinCEN and implement AML-CTF compliance frameworks. What is certain is that the providers of virtual currency services across the world should prepare themselves for compliance with AML and counter-terrorism financing regulation. Before long, the virtual currency industry will be defined by high regulatory standards and strong frameworks to mitigate the risk of financial crime.
Regulators will look for robust due diligence procedures, effective transaction-monitoring systems and sanctions filtering programs, and clear processes for the regulatory reporting of suspicious activity. The good news is that there are excellent systems and solutions available – such as Accuity’s Fircosoft products – which are designed to help institutions and others meet compliance requirements efficiently and effectively. These solutions, already used extensively by many of the world’s largest banks, are easy to use and provide the confidence that compliance legislation is being met effectively without impacting the customer experience.
Good compliance will also require training, and a review of processes. The work should start now – regulators already have virtual currency in their sights. This isn’t a matter of if, but when.