By Edward Moss, Head of Market Research, and Deleep Nair, Solution Engineering, Symphony AyasdiAI
Successful criminals have always led the way in clever and consistently effective ways to launder cash, so it’s not surprising they’ve now turned their attention to exploiting the new classes of digital currencies, networks and assets. The growth of criminal activities is exploding under poor regulations, wild west entrepreneurship and continued lack of understanding of what these things are. As an example, earlier this year, the Department of Justice made its largest ever seizure – more than $3.6 billion in bitcoin stored in a couple’s crypto wallet. This record won’t last long. Like so many technologies, decentralized finance (DeFi) is a double-edged sword. Banks and regulators must find ways to regulate these new digital currencies, networks and assets to mitigate criminal activity. Critically, the regulation shouldn’t lag behind the need for it. The financial industry and its participants need a uniform solution now – one that won’t hinder their growth as it protects them and their customers.
Cryptocurrency is fundamentally broken down into two different groups: centralized finance and decentralized finance (DeFi). With centralized finance, the responsibility of safeguarding the money of the users is with the exchanges. The assumption behind DeFi, however, is that the transactions would be successful because of smart contracts (an agreement between two parties that enforces certain rules/terms of negotiation when a particular/specific condition is met). In simple terms, the users themselves are responsible for managing their own funds and activities.
A non-fungible token (NFT) is a non-interchangeable unit of data stored on a blockchain, a form of digital ledger, that can be sold and traded. Each token is uniquely identifiable so think of it as a digital version of assets such as art, real estate, etc. They aren’t mutually interchangeable, hence “non fungible.” While all bitcoins are equal, each NFT may represent a different underlying asset with a different value. NFTs have rapidly gained popularity among speculative investors and criminals alike; these blockchain-based tokens represent a new way to launder money. Their digital format makes it difficult to show via reasonable cause whether someone has sold or bought an NFT for nefarious reasons.
The value of an NFT is determined to be worth whatever the creator and purchaser agree that it’s worth. So, let’s say someone wants to launder a million dollars; they’ll buy an NFT for $10,000 (with clean money), then use a third-party source or someone they trust to pay a million dollars for it. Tax evasion through NFTs uses the same strategies employed using physical art: make 11 NFTs, sell one to a friend for $10,000, and donate the other 10 for a $100,000 loss. This process washes the money while being safer and easier than typical layering schemes. Under existing rules, such transactions are difficult to regulate and ultimately identify.
The ability to transfer NFTs via the internet without concern for geographic distance and across borders nearly instantaneously makes digital art susceptible to exploitation by those seeking to launder illicit proceeds of crime. That’s because the movement of value can be accomplished without incurring potential financial, regulatory, or investigative costs of physical shipment. This has enabled easier out-maneuvering of traditional tax, border security and law enforcement structures. Will it do the same to the banking system?
The characteristics of digital art aren’t the only reason this submarket is vulnerable to laundering: the structure of transactions in the market can also be different from the traditional art market as well. These structural differences can create perverse incentives and money laundering vulnerabilities in the marketplace. NFT platforms range in structure, ownership and operation –and no single platform operates the same way or has the same standards or due diligence protocols.
The AML act of 2020 in the U.S. and the EU’s sixth AML directive contain relatively new regulations regarding physical art. But because of this, it’s now even more complicated to regulate. The regulations are behind, leaving a large and compelling opportunity to arbitrage the financial system through cash to new asset class alignment.
DeFi is said to be more traceable, yet it also creates considerable complexity. Many of these DeFi protocols allow for quick swapping between different types of cryptocurrency, which is attractive for launderers. In the 2022 Crypto Crime Report released by Chainalysis, the firm found that DeFi protocols were widely used by North Korea-affiliated hackers responsible for $400 million worth of cryptocurrency hacks last year.
With many of these decentralized currencies, to pull money out you must go back through a centralized platform such as Coinbase. For instance, you buy $10,000 and transfer it into a decentralized platform. Then you buy, let’s say Monero, one of the primary cryptocurrencies used for ransomware or money laundering. After that, you transfer the money to someone else, and then you must pull it back through or buy it back on the transfer. That action makes the transaction more traceable because you’re able to see the history of the transactions through the blockchain.
Trying to regulate virtual assets
In 2020, the Financial Action Task Force (FATF) implemented new guidelines. Fifty-eight of 128 reporting jurisdictions say they’ve implemented the revised FATF standards regarding virtual assets. Of these 58, they’ve introduced virtual asset service provider (VASP) regulation schemes. But 45% of VASPs implementing these rules is not exactly a huge compliance win. And these types of guidelines take a long time to put into place because each jurisdiction has to go through their individual regulatory process. But this isn’t enough, because criminals laundered $8.6bn (£6.4bn) of cryptocurrency in 2021. That was up 30% from the previous year, according to Chainalysis. The report suggests that so-called DeFi protocols have become more important to criminals trying to hide cash — receiving 17% of all funds sent from illicit wallets in 2021, up from 2% the previous year.
The U.S. government has issued an executive order to ensure responsible development of digital assets. This lays the groundwork for increased regulation, which is an important step.
Regulating DeFI and cryptocurrencies has been incredibly difficult, and there’s debate over which agencies should be in charge of it. Yet while the regulators hash this out, criminals are flourishing.
In some respects, the ability to trace transactions is improving. With many cryptocurrencies, all the transactions are being logged on the blockchain so that all their transaction history is permanently online. So, any investigator who wants to trace a transaction can do that. With currencies however, they are specifically designed to keep the anonymity of those using the currency. It will require a wholesale transformation of knowledge in the investigation community and a significant improvement in support technology.
A collaborative crime-fighting approach
Regulators need to consider how they can regulate digital networks, currencies and assets without being too heavy-handed. The digital economy has the disruptive power on commerce that the internet did on consumerism. It’s an incredibly exciting time, but also a dangerous one for the financial system and the societies it supports. A lot of innovation from the private sector is going to be needed to really see or discover new methods of detecting crime and the sort of methodologies used by them to further regulation. Regulators need to modernize their approach, away from antiquated rules and processes that no longer help institutions understand and combat the challenges they face to instead focus on a holistic risk and customer behavior view.
For their part, financial institutions can pay attention to any new regulation. But better still they should try to be proactive with fintech companies that are trying to pursue these criminals, even if there’s zero accountability for the financial institutions to catch them and spend money on these solutions. This time the banks may be able to define the regulatory framework to make it more effective, dynamic and fitting for the financial industry’s desired results instead of waiting for some more guesswork from Washington or London.
Industry leaders need to collaborate with regulators to truly regulate DeFi. An example is in the efforts from the U.S. Ransomware and Digital Extortion Task Force and others. More assistance is needed from the private sector, as well. The IRS offered a bounty of about $625k in 2020 for any contractors able to develop tools to help trace transactions involving private cryptocurrency coins like Monero. This type of thing is likely to become more common as regulators attempt to stay on top of new cryptocurrencies or decentralized currencies.
About the authors:
Deleep Nair is head of solution engineering for North America and Edward Moss is a senior research analyst at Symphony AyasdiAI. Symphony AyasdiAI empowers banks and financial institutions with a complete picture of customer, third party and user behavior to discover crime, risk and competitive opportunity through unparalleled, predictive insights.