Cryptocurrencies are a haven for fraud, money laundering, and all sorts of criminal activity —this has been a truism since the first days that cryptocurrencies became a topic of conversation in regulatory circles. This perceived risk carried through to compliance functions in banks across the country, where account closures were common for anyone found to be buying Bitcoin.
This mindset shifted in recent years, with FinCEN, FATF, and other regulatory bodies acknowledging that blockchain technology carries significant potential worth exploring. They began developing new frameworks to manage the risks presented by the many novel aspects of blockchain technology without stifling the explosion of innovation occurring around the world.
This is a daunting challenge as existing regulatory models were designed based on fundamentally different assumptions about how money moves. Applying existing concepts like the travel rule to the crypto space seems to make sense at a surface level. However, it starts to fall apart when transplanted without modification to account for differences in the underlying technology.
Arguably, some of these approaches may miss the point entirely. The rules exist to produce actionable information for law enforcement. But, if you ask the law enforcement community whether they want to see more stringent requirements that might push criminals away from cryptocurrencies, you might be surprised by the answer.
A crypto-primer presented by a Secret Service agent to a room full of law enforcement professionals that I attended may serve as an example that proves the rule. His presentation included two pictures: the first, a photo of a man handing a pizza box full of cash from one car to another in a parking lot; the second, a photo of himself at his desk drinking coffee. He explained that his team had to sit in hiding for three days waiting for the pizza box handoff to occur to gain the critical break in their case. The second photo was taken as his team sat in the comfort of their offices using blockchain analytics tools to piece together a case that eventually led to the arrest of over a hundred individuals in an international scam ring. He then asked the agents in the room which type of case they would prefer to work. You can imagine the response of the agents in the room.
In my time leading the compliance team at Circle.com, one of the early large crypto exchanges, I had the opportunity to witness the change in perspective in the law enforcement community firsthand. Skepticism gradually evolved to curiosity and then enthusiasm as regtech teams built increasingly more robust tools with capabilities that often go well beyond what is possible with traditional financial products.
The concerns that the regulatory community has are not unfounded. Criminals are using cryptocurrency. As the pandemic caused massive growth in e-commerce and digital payments in the last year, cyber-crime grew at a similar rate. The UN noted a 350 percent increase in phishing activity in 2020. Meanwhile, reported ransomware activity spiked by 485 percent. The powerful capabilities that cryptocurrencies provide to average consumers prove equally convenient for cybercriminals. Recent headlines about ransomware attacks involving cryptocurrency payments against the Colonial Pipeline and other large businesses don’t paint the best picture.
However, it is important to put this into context. Coinbase compiled research from various blockchain intelligence companies into a report that includes some notable points:
- While cyber-crime grew significantly during the pandemic, the proportional level of criminal activity using cryptocurrencies fell from 2.1 percent in 2019 to less than one percent in 2020.
- More than 99 percent of cryptocurrency transactions run through regulated exchanges that are subject to KYC and AML requirements that provide a source of information on the identities of individuals behind the wallet addresses.
- Meanwhile, the UN estimates that between two and five percent of global GDP, up to $2 trillion, is laundered through the traditional financial system annually.
As a former regulator, it is no surprise that I believe in the need for regulation in the crypto space. However, novel technologies require novel regulation. The speed with which the Department of Justice traced and seized the proceeds from the aforementioned Colonial Pipeline ransomware attack shows what is achievable with capabilities developed in just the last several years. Recent arrests related to Bitcoin Fog and a Latin American human trafficking ring share a common theme best illustrated by this quote from Reuters:
“It was not the 2,000 women Santoyo is alleged to have blackmailed and sexually exploited that ultimately led to his capture, but the bitcoin he is suspected of using to help launder the proceeds of his operations, officials said.”
Similarly, the operator of Bitcoin Fog was apprehended thanks to the “decade long trail of digital footprints” he left behind in an immutable ledger that law enforcement could trace.
Money launderers existed before the advent of cryptocurrency. Crypto has provided new tools for criminals, but the approach used to catch these people would not have been possible previously. As the world begins to adopt crypto more widely, new challenges will arise. Still, new capabilities may make it easier to capture bad actors and allow law enforcement professionals to crack critical cases from the safety of their offices instead of sitting in the cold waiting for someone to deliver a pizza box full of cash to a parked car.