Talking Crypto, Criminals & Cybersecurity with Coinbase’s Bank Secrecy Act Officer Daniel Sankey

Topics: Criminal Enforcement, Cryptocurrency, Cybersecurity, Financial Crime, Financial Fraud & Anti-Money Laundering, Fraud, Government, Risk Management

crypto-crime

As the global cryptocurrency surge continues, so does its mainstream viability. No longer is “crypto” solely known as a magnet for financial fraud and deception as in the Mt. Gox debacle, or as a means to buy and sell illicit goods, such as drugs, guns, and even human beings via human trafficking on the “darkweb”.

The evolution of blockchain technology and decentralized digital currencies presents the opportunity to take things even one step further. As cryptocurrencies like Bitcoin, Ether, and Litecoin become more ubiquitous, so does the technology surrounding them. But where does one go to reliably buy, sell and trade virtual currencies? A digital currency exchanger, of course!

While there are several out there, we spoke with Daniel Sankey, Bank Secrecy Act (BSA) Compliance Officer at Coinbase, one of the most popular digital currency exchange in the marketplace today. Sankey was also a recent speaker at the Florida International Bankers Association’s 33rd Annual Financial Cybersecurity Conference (CELAES) in Miami.

In Crypto We Trust: What Makes Coinbase Reliable?

If you are new to the cryptocurrency space, you may be right to have some skepticism when it comes to virtual currencies. In 2017, Reuters reported that while regulators require banks to verify who their customers are, some cryptocurrency trading platforms have performed minimal checks on their customers. And then financial powerhouse Warren Buffet likened crypto to rat poison. (Even without that harsh assessment or outright fraud, cryptocurrencies are a dicey investment. If you’ve held Bitcoin for the past year, for example, you’ve seen about 75% of its value melt away during that time.)

So that’s why I asked Sankey what makes Coinbase a safe and reliable trading platform? Are they a fly-by-night operation, here one day, and gone overseas with piles of currencies the next? Millions of customers in 33 countries have bought, sold, and exchanged more than $150 billion of cryptocurrencies since Coinbase’s inception in 2012. Are those individuals at risk of a price plummet or fraud scheme in crypto, leaving traders destitute in the streets with only the hoodies on their backs?

crypto

Daniel Sankey, BSA Compliance Officer at Coinbase

According to Sankey, that is hardly the case.

“Coinbase is regulated. We have legal framework that ensures we are complying with best practices as it relates to fairness and Know Your Customer (KYC) and anti-money laundering (AML) procedures,” Sankey says. “We are a real business, licensed and regularly examined at the State and Federal level by the government.”

From a regulatory standpoint, Coinbase is registered as a money service business (MSB) at the federal level, and it complies with information-sharing laws such as the USA PATRIOT Act 314 (a) and 314 (b), the Bank Secrecy Act (BSA) and many state laws.

Cryptocurrency Criminal Typologies

No doubt that crypto has a reputation — mostly, one known for crime. “The overwhelming majority of our users are not engaged in criminal activity,” Sankey says. “Obviously, there are criminal use-cases — just like all financial instruments have criminal use-cases — and that can be used for advantage by bad actors who exploit the system and commit financial crime.”

One of the biggest issues he has seen relates to fraudulent investment schemes. This is where bad actors create worthless investments with no intent on delivering. Why does this happen? Sankey says he believes the scams are effective because of ambiguous regulations and lack of education on behalf of users. “If there was one thing I could change about this industry it would be better awareness surrounding virtual currency,” he explains. “People are more likely to be taken advantage of due to lack of awareness of how cryptocurrency works. Education is huge.”

But that doesn’t only fall on the consumer. Sankey works tirelessly to monitor suspicious transactions for “red flags” and alert both customers and law enforcement, if appropriate, when an account or transaction appears to be compromised. Other types of criminal typologies he has seen include capital flight from countries like China that have strict capital controls. Coinbase acts on those accounts, including shutting them down.

Holding Vital Records Hostage for Bitcoin

Crypto-ransoms or ransomware scams are perhaps the scariest of all criminal activity, especially for individual users. Here, the cyberthief will send the target a virus that locks down their computers and holds the entire hard drive or larger computer network for ransom until the victim pays a ransom in cryptocurrency.

It is one thing to have your personal photos held ransom on a hard drive, but the bigger challenge, according to Sankey, is when a criminal locks down the computers of an organization that provides important services such as hospitals, schools, companies, and government agencies. One needs only look to the recent SamSam ransomware attack as a prime example. “These types of situations are serious,” Sankey notes. “When it comes to hospital records, people could die — and the criminals know this!”

Simply paying the virtual currency ransom, however, doesn’t guarantee the user will regain control of the files. Cyber-attackers are unethical, Sankey says, and Coinbase, as an exchanger, is often caught in the middle of the situation between the criminals and their own customers, which is why Coinbase has fostered a strong, proactive approach to partnering with law enforcement. “We work to thwart this behavior by partnering with law enforcement and sharing intelligence to go after these people. We analyze the blockchain to see where the funds are going,” he says.

Keeping Your Virtual Currency Safe

With all of this in mind, is there a way to really keep virtual currency safe or are we at the mercy of attackers and thieves? There are cybersecurity controls that a Coinbase user can implement to better ensure their safety, and Sankey advises that consumers make themselves aware of them. For instance:

  •        Unique Password — Do not use the same password for all your accounts. Hackers are smart and if they determine one password, they will try the password on all your accounts.
  •        Two-Factor Authentication — Sankey highly encourages users to use authenticators on an app which generate a random string of numbers only you have access to rather than using a home phone number or email address.
  •        Vault — Coinbase has a feature which allows the user to keep cryptocurrency in a virtual “vault” which prevents stored funds from being transferred instantly (usually within 48 hours) and it requires users to approve any fund transfers.

Want to stay up-to-date on our thought leadership pieces and other topics such as anti-money laundering and fraud? Sign up for the CLEAR Picture newsletter, a free, bimonthly e-newsletter developed for professionals working on AML, KYC and other high-risk rules and regulations compliance. You can also follow the Risk & Compliance Spotlight page on the Legal Executive Institute’s blog.