Financial fraud and criminal schemes tend to go where the action is, so it’s no surprise that cryptocurrencies are seeing a spike in related crimes, with loses surging from the theft of cryptocurrencies from exchanges and fraud-related activities to $1.2 billion so far this year, or roughly 70% percent of the level for all of 2018, as reported by Reuters.
I recently moderated a webinar in partnership with the Association of Certified Financial Crime Specialists (ACFCS) where we discussed how cyber-criminals exploit virtual currency to commit various kinds of criminal activity such as Ponzi schemes and fraud scams.
The Federal Bureau of Investigations (FBI) is investigating one such cross-border case involving Quadriga, a cryptocurrency exchange that has been unable to account for at least $136 million in customer funds since the mysterious death of its 30-year-old CEO in December. These cases present major challenges to regulators and law enforcement agencies.
On the webinar, Methods for Detecting & Preventing Crypto Financial Crime, we heard from Daniel Sankey, Bank Secrecy Act (BSA) Compliance Officer at Coinbase, discuss the development and evolution of financial crime in the crypto space, including methods and strategies utilized by Coinbase to detect and prevent criminal activity. He also talked about the Quadriga case.
During the 60-minute, ACFCS members-only discussion, the audience had numerous questions for Sankey. Here are a few with his responses:
Do you have any suggestions as to how financial institutions should monitor for virtual currency or how we should monitor Bitcoin ATMs?
Daniel Sankey: Virtual currency companies should be monitored by banks in the same manner that banks would monitor any Money Service Business (MSB) or financial institution. While their business might be unique, their regulatory status is not. Many virtual currency businesses are defined as MSBs by the US Financial Crimes Enforcement Network (FinCEN); and banks have been doing business with and successfully mitigating the risk of MSBs for quite some time.
Virtual currency businesses do not require different or unique controls from any other MSB. A bank should have a thorough onboarding process to ensure the MSB is licensed and that it understands its regulatory obligations. The bank should design testing and auditing to ensure the MSB is meeting its obligations, such as collecting know your customer (KYC) data or filing required reports.
For example, if the virtual currency company is a Bitcoin ATM then the bank would also want to ensure it is licensed, if such licensing is required by the jurisdictions they operate in. The bank would expect to see regular Currency Transaction Reports being filed, as well as controls to detect and prevent structuring. The bank might ask to see previous risk assessments or annual audits performed by independent third parties. In other words, the bank should utilize similar controls and processes it uses to manage any financial institution it chooses to do business with.
How can financial institutions leverage the information you shared with us today?
Daniel Sankey: Financial institutions can leverage this information by understanding that virtual currency does not present an unmanageable risk from a regulatory and anti-money laundering perspective. Controls have been built by regulated exchanges to ensure money laundering and other high-risk activity is prevented, detected, and reported on.
Moreover, financial institutions need to understand that they are currently doing business with virtual currency users even if their official position is that they do not. Established companies such as PayPal and Overstock do business with virtual currency users which means that if you share mutual customers, you share virtual currency risk.
Rather than burying one’s head in the proverbial sand, banks need to understand that the future is here and create policy and procedure to manage the risks this new and exciting technology presents. Absent such policy and procedure, the bank opens itself up to regulatory risk when regulators eventually identify that you have been processing transactions for virtual currency when your official position is that you do not.
Regulated virtual currency companies, such as Coinbase, are very eager to engage with the banking industry and partner with them in order to facilitate the adoption of virtual currency while also creating effective controls to manage the risk they present. We welcome any financial institution to reach out to Coinbase, we’re happy to share information and discuss ways in which to solve one another’s regulatory challenges.