Q&A: Digital assets fraud and anti-money laundering (AML)
December 2022 | SPECIAL REPORT: WHITE-COLLAR CRIME
Financier Worldwide Magazine
December 2022 Issue
FW discusses digital assets fraud and anti-money laundering with Alma Angotti at Guidehouse, Katherine Lemire at Quinn Emanuel Urquhart & Sullivan, LLP and Eytan Fisch at Skadden, Arps, Slate, Meagher & Flom LLP.
FW: How would you characterise the evolution and popularity of digital assets in recent years? What key trends would you highlight?
Angotti: The market for digital assets has exploded over the past few years. Since March 2020, the crypto market cap has grown from approximately $150bn to a current valuation of more than $900bn. Initially, digital assets consisted mostly of speculative retail-centric investments such as crypto, initial coin offerings (ICOs) and non-fungible tokens (NFTs). These assets were typically offered only on exchanges that specialised in the crypto space. But now we are seeing digital assets being embraced by governments and large institutions, both financial and non-financial. We are also seeing governments and financial regulators prioritise the creation of guidance and regulation specific to digital assets. Regulations are slowly becoming more defined. Traditional financial institutions (FIs) have been launching various crypto services, like credit cards, debit cards and gift cards, and 105 countries are currently exploring central bank digital currency (CBDC). Traditional FIs have not only been launching various crypto services, but they are also exploring how distributed ledger technology (DLT), the blockchain technology that is the basis for cryptocurrency, may be used for securities like stocks and bonds.
Lemire: It is undeniable that digital assets have grown immensely in popularity in recent years. One trend is that the most explosive growth among crypto trading platforms has occurred among those with particularly jazzy, customer-friendly app interfaces. The problem, of course, with some of these platforms, is that the seeming simplicity and carnival-like nature of their apps conceal the sophisticated nature of the trading on the platforms, leading to unanticipated and significant consumer losses. Some regulators have addressed this issue, for example by accusing those apps of pointedly luring inexperienced investors, and insisting that platforms dress themselves down and make clear the risks associate with trading crypto.
Fisch: Digital assets have certainly become more popular and more varied over the past several years. Once a relatively niche field with a relatively narrow set of product offerings, the digital assets space has become substantially more widespread with diverse and varied asset types and related services. Decentralised finance (DeFi) and NFTs are two areas that have garnered a lot of attention over the past several years and have a wide range of potential use cases. Even with the so-called ‘crypto winter’, the digital assets and Web3 space remains a dynamic and innovative area that we expect to continue to develop and mature – both from a product offering standpoint and regulatory perspective – in the years to come.
FW: To what extent are financial institutions (FIs) actively evaluating and pursuing new opportunities associated with digital assets? What are some of the key areas of interest around cryptocurrencies and other virtual assets, including NFTs?
Lemire: On the one hand, consumer caution has set in with regard to the trading of crypto in the aftermath of bankruptcy filings of Celsius and Voyager, as well as the collapse of the so-called stablecoin TerraUSD. On the other hand, we are still in the midst of the ‘roaring twenties’, with rapid innovation such as in the areas of NFTs and of course Web3. Established payment platforms such as Paypal and Venmo have enabled crypto trading on their platforms. Moreover, the growth in the DeFi space continues unabated: the overall value of assets deposited in DeFi transactions has grown from an estimated $700m in December 2019 to more than $200bn at the start of 2020.
Fisch: FIs – ranging from small community banks to major asset managers – are increasingly interested in pursuing new opportunities associated with digital assets. Banks see digital assets as an area where they can add value, whether as custodians for customers’ private keys or, in some circumstances, as issuers of stablecoins. Banks and others are continuing to navigate regulatory challenges associated with these products and services. Asset managers see digital assets as an asset class to which their customers are seeking investment exposure. Whether via direct investments in digital assets or via structured products, we expect to see more interest in digital assets from asset managers and mainstream investors in the months and years ahead.
Angotti: Traditional FIs have been making significant investments into blockchain infrastructure and have shown willingness to embrace digital assets. Custody, new payment channels, and investment diversification appear to be the most common areas that traditional FIs are exploring currently. Some recent examples of traditional FIs embracing opportunities with digital assets include BlackRock, the world’s largest asset manager, launching a bitcoin fund for its institutional clients, BNY Mellon launching the world’s first custody solution that enables clients to hold both crypto and traditional assets in one platform, and Depository Trust & Clearing Corporation (DTCC) launching its own private blockchain, Project Ion, to settle equity transactions using DLT. Project Ion is currently testing in the live environment and processing over 100,000 trades per day. Furthermore, several well-known traditional FIs, such as Barclays, BNY Mellon, Charles Schwab, Citadel Securities, Citigroup and Credit Suisse, have partnered with DTCC to develop Project Ion. Goldman Sachs stated during a presentation in April 2022 that it is exploring the use of NFTs in the context of FIs. Goldman Sachs currently offers Bitcoin derivatives and over-the-counter crypto trading services to its clients. The Society for Worldwide Interbank Financial Telecommunication (SWIFT), which is the dominant payment network for worldwide transactions, just completed an eight-month experiment testing different DLTs that can be used for CBDC transactions.
FW: Alongside the opportunities, what inherent risks need to be considered when dealing with digital assets and associated transactions? How do fraud and money laundering fit into this equation?
Angotti: As outlined in president Biden’s Executive Order on ‘Ensuring Responsible Development of Digital Assets’, issued on 9 March 2022, the major risks of digital assets that concern regulators and governments are illicit finance, consumer protection, and the stability of the financial system.
Theft, fraud and money laundering continue to be major challenges that the industry is trying to combat. In most situations, the transfer of digital assets is irreversible, which makes them a prime target for theft and fraud. According to Chainalysis, approximately $718m worth of cryptocurrency was stolen in October 2022 alone. This brings the total count of stolen cryptocurrency to more than $3bn in 2022. The majority of hacks have occurred on DeFi protocols. Hackers have been able to exploit flaws in the security, coding and structure of DeFi marketplaces. About $1bn worth of this stolen cryptocurrency has been linked to groups affiliated with North Korea. Fraud continues to be a significant problem with digital assets. Fraudsters may trick unsuspecting victims into giving up their private keys via fake websites, fake apps, phishing, and so on. Once the fraudster accesses the wallet via the private key, there is little that can be done to stop all assets from being stolen. Pump and dump schemes, investment schemes, fraudulent ICOs and romance schemes are additional risks to watch out for. Digital assets have facilitated the rise of illicit finance, which includes money laundering, terrorist financing and other criminal activity.
Fisch: It is important for participants in the digital assets space to consider the range of potential risks of digital assets and associated transactions, but also the compliance opportunities offered by the underlying technology. Many of the risks mirror those that the traditional financial system has confronted. Digital assets continue to face operational risks related to cyber security, including hacks and thefts of digital tokens by malicious actors. There are also compliance risks related to digital assets, including with respect to financial crime. Digital assets can be a tool used by criminals, terrorists and rogue states to facilitate illicit transactions, collect ransom payments and launder ill-begotten gains. Digital assets may also carry the risk of fraud – both that the digital assets themselves may be fraudulent and that they may be part of a fraudulent scheme. At the same time, however, there are unique compliance tools in the digital assets environment that offer participants new and evolving opportunities to monitor, detect and respond to fraud, money laundering, sanctions evasion and other risks, including powerful blockchain analytic tools and services. Market participants dealing in digital assets or involved in associated transactions should conduct appropriate diligence and institute other controls to reduce their risk of being a victim of or inadvertently facilitating fraud or other financial crime.
Lemire: While there are undeniable benefits to digital assets, it is no secret that crypto has become the currency of choice for fraudsters and money launderers. For example, the US Treasury Department estimates that ransomware attackers made off with more than half a billion dollars in the first six months of 2021. Of that half billion dollars, ransomware attackers demanded in most instances that payments be made in cryptocurrency. Government agencies have responded in kind: in late 2021, the US Department of Justice (DOJ) created the National Cryptocurrency Enforcement Team to lead prosecutions of unlawful uses of cryptocurrency, while the US Securities & Exchange Commission (SEC) nearly doubled the size of its enforcement crypto unit earlier this year.
FW: How would you describe the regulatory and compliance landscape with regard to digital assets? On what issues are governing agencies setting their focus and priorities?
Fisch: As the digital assets space continues to develop and mature, so too does the regulatory and compliance landscape. Among those authorities leading regulatory and compliance initiatives with respect to digital assets, the twin priorities appear to be consumer and investor protection and financial crime prevention. In the US, the SEC and Commodity Futures Trading Commission (CFTC) brought, settled and successfully litigated enforcement actions claiming that digital assets and related services are, depending on the facts and circumstances, subject to existing US regulatory regimes within their respective purviews. They are poised to continue bringing consumer protection-oriented enforcement actions against individuals and institutions in the digital assets space, identifying the contours of their respective regulatory regimes primarily through enforcement actions. At the same time, the Financial Crimes Enforcement Network (FinCEN) and the Office of Foreign Assets Control (OFAC) continue to take steps to combat financial crime in the digital assets space. FinCEN continues to take action against money services businesses under the Bank Secrecy Act (BSA) and its implementing regulations, while OFAC has targeted mixing services Blender.io and Tornado Cash in connection with their alleged use by North Korea to launder stolen cryptocurrency. OFAC has also taken enforcement action against virtual currency exchanges for apparent violations of OFAC sanctions programmes, and FinCEN and OFAC recently issued parallel actions against a virtual currency exchange for simultaneous violations of the BSA and apparent violations of US sanctions. While regulators may have once viewed digital assets as a niche field, digital assets are now a major regulatory and compliance priority for the SEC, CFTC, FinCEN, OFAC and the US DOJ, as well as authorities at the US state level.
Lemire: Anti-money laundering (AML) issues continue to be a primary focus of government agencies, including FinCEN and the CFTC. The SEC, on the other hand, has focused chiefly on crypto as a security and has focused crypto enforcement firepower primarily in connection with allegations of unregistered sales of securities. In August 2021, for example, the SEC announced that Poloniex LLC would pay more than $10m to settle charges for operating an unregistered online digital asset exchange in connection with its operation of a trading platform that facilitated buying and selling of digital asset securities. More recently, in February 2022, BlockFi Lending LLC agreed to settle with the SEC for $100m for failing to register the offers and sales of its retail crypto lending product.
Angotti: The regulatory and compliance landscape for digital assets is a work in progress. Many of the larger crypto exchanges have registered in jurisdictions that require regulatory oversight, which requires robust know your customer (KYC) and AML procedures. However, there are still many exchanges operating in jurisdictions that have little to no regulation. DeFi, which consists of mainly peer-to-peer trading, falls into a regulatory grey area in most jurisdictions. DeFi protocols are ostensibly decentralised, which raises the issue of who the regulators would regulate. Given the growth of the industry and its inherent risks, we are seeing a shift to prioritise the creation of clear and consistent regulations. The White House recently issued the first-ever framework for ‘Responsible Development of Digital Assets’. The framework outlines recommendations to protect consumers, investors, businesses, financial stability, national security and the environment. European parliament officials recently approved new crypto legislation on the Markets in Crypto-Assets Regulation. The global oversight organisation, the Financial Stability Board, proposed a worldwide crypto framework to stop the funding of terrorism and money laundering. Japan is in the process of amending its laws to prevent money laundering via crypto by May 2023.
FW: Are you seeing an increase in cooperation between digital asset service providers and law enforcement, in an effort to reduce fraud and improve AML efforts?
Lemire: Several high-profile settlements, such as the recent $30m fine imposed on Robinhood by the New York State Department of Financial Services (NYSDFS), undoubtedly have caught the attention of digital asset service providers. The Robinhood settlement, which focused primarily on AML deficiencies, provides a roadmap for compliance failures in the AML arena as well as expectations of regulators. I expect compliance professionals in the industry will review this settlement in seeking to stay ahead of enforcement investigations. I have also seen an increase in collaboration between law enforcement and industry, for example in joint panel presentations and roundtables, as both sides seek to educate the other.
Angotti: We have seen examples of crypto exchanges working with law enforcement to combat crypto crime. Binance has built a team of specialists to train law enforcement organisations all over the world on how to deal with crypto crimes. Coinbase offers its crypto compliance tool, Coinbase Tracer, to law enforcement agencies. All of the top blockchain tracing software providers actively work with law enforcement and offer their tools to law enforcement agencies. Most crypto exchanges operating in regulated jurisdictions are required to file suspicious activity reports (SARs), or reports of unusual activity that may be related to the transmission of criminal proceeds. SARs enable law enforcement agencies to uncover and prosecute significant money laundering, criminal financial schemes and other illegal endeavours. Crypto platforms have been linked to a surge in SAR filings over the past few years. Industry conferences such as CoinDesk’s Consensus, Blockchain Expo World Series, Permissionless, and many more invite both industry experts and law enforcement to speak and attend.
Fisch: As the industry matures, and as key players grow into established institutions, so too do regulatory expectations regarding financial crime compliance, including the kinds of disclosures that may be required to be made to regulators and law enforcement. In September 2022, the US Department of the Treasury issued a public request for comment seeking input to better understand views on the emerging risks related to digital assets and what the Treasury should do to help mitigate those risks. A number of the questions on which the Treasury sought input were matters related to public-private cooperation. We also expect to see increased cooperation among regulators and law enforcement at the national and international levels as a way of tackling the perception of jurisdictional arbitrage.
FW: What innovations and technologies are assisting customer onboarding processes for digital asset services? As part of this process, how important is it for FIs to maintain regulatory compliance with AML, fraud and sanctions-related obligations, for example?
Fisch: New technologies offer new opportunities for AML compliance, including for businesses with exposure to virtual assets. Over the past several years, sophisticated new analytics platforms have developed that can use information from various blockchains, open source information and other data sources to help identify transactions and wallets that may be engaged in suspicious or potentially unlawful activity. The use of blockchain analytics is becoming increasingly common, and in some cases, a regulatory expectation. For example, earlier this year, the NYSDFS issued guidance on the use of blockchain analytics for BitLicense holders and for limited purpose trust companies under the New York Banking Law. This guidance signalled increasing regulatory expectations that institutions engaged in virtual currency activities will take advantage of the unique opportunities that blockchain analytics offer to support compliance functions, such as customer due diligence, transaction monitoring and sanctions screening.
Angotti: Institutions have slowly been embracing the use of artificial intelligence (AI) and application programming interfaces (APIs) to streamline the client onboarding process. AI can be used throughout the onboarding process, from AI chatbots to answering client questions, auto-filling forms and online documents using data extracted from other digital documents, document forensics that verify the authenticity of documents provided by the client, and automated risk analysis. APIs are used to automate portions of the onboarding process that were previously manual and time consuming. APIs allow institutions to communicate with other products and services. API is being used to automate various customer screening requirements, such as sanctions screening, negative news screening and identity checks. Previously, traditional FIs were required to set up contracts with all the individual vendors that are used for the various customer screenings and due diligence. This process is quite cumbersome and increases the difficulty of integrating many different platforms into one. We are beginning to see vendors that offer customer onboarding solutions, consolidate this under one platform.
Lemire: There has been a rapid development of tools to assist crypto businesses in recognising potentially illicit funds. These tools may discern, for example, whether the funds originated from a dark web marketplace, regardless of the volume of wallet transfers, and analyse the proximity between a transaction and its ultimate source. In doing so, these tools conduct blockchain analysis to assess the risks associated with a particular wallet holder by, for example, reviewing the risk associated with others with whom the wallet holder has transacted. These tools also take into account whether the customer has conducted transactions on questionable exchanges. Many of these tools initially were created to assist law enforcement. Over time, these tools have expanded from a focus on the origin of and parties associated with transactions, on the one hand, to other traditional areas of AML and BSA compliance, including a focus on the nature of transactions and whether transactions comport with the profile of the wallet holder.
FW: How do you expect the market for digital assets to develop over the months and years ahead? What enforcement trends are we likely to see on the fraud and AML front?
Angotti: The financial industry has not had many technology breakthroughs for a very long time. Much of the infrastructure that has been built is now outdated and inefficient compared to what can be achieved with better technology. DLT seems to be the future for processing payments and conducting financial transactions. We expect to see this area continue to grow in all facets, including usability, security and market acceptance. In terms of enforcement trends, in the US there is a clear need to define which agency has regulatory authority over the various digital assets. The White House issued its first-ever ‘Comprehensive Framework for Responsible Development of Digital Assets’. The framework urges regulators like the SEC and the CFTC to aggressively pursue investigations and enforcement actions against unlawful practices in the digital assets space.
Lemire: Digital assets undoubtedly will be subject to increased regulation in the future. In the US, this regulation involves federal and state regulators. High-profile bankruptcies of digital asset platforms, such as Voyager and Celsius, for example, and resulting consumer losses have served to increase lawmakers’ focus on the regulation of digital assets. Likewise, current trends point to increased AML regulation by multiple government agencies in the near future. While regulatory grey areas and safe harbours abound, regulators continue to establish oversight over this growing industry. Regulated cryptocurrency businesses that fail to engage in basic AML compliance – such as conducting KYC on new customers, monitoring transactions and investigating suspicious transactions – may find themselves in the crosshairs of federal and state regulators in the US.
Fisch: The US and other regulators have emphasised that AML regulations should be technology-neutral. In other words, substantively similar financial products and services should be subject to the same kinds of AML requirements, even if they are based on different technologies. This approach was reflected in the four reports mandated by president Biden’s ‘Executive Order on Ensuring Responsible Development of Digital Assets’, released on 16 September 2022. Like the Executive Order, the reports generally welcome innovation and broadly accept digital assets as a component of the US financial system. Among other things, the reports raise concerns about consumer protection, illicit finance and potential gaps in the current regulatory regime, particularly relating to novel products and services like DeFi and NFTs. They also generally reflect what appears to be an emerging consensus by US authorities that their existing authorities are capable of addressing many of the new regulatory and compliance challenges raised by digital assets. Given the enhanced focus of regulators on digital assets, and the concerns they have highlighted, we expect to see this area remain an enforcement priority for regulators in the months and years ahead.
Alma Angotti is a partner in Guidehouse’s financial services segment, and global legislative and regulatory risk lead. She is a recognised expert in compliance and investigations with an emphasis on anti-money laundering (AML), combatting the financing of terrorism (CFT) and economic sanctions compliance. She can be contacted on +1 (202) 481 8398 or by email: alma.angotti@guidehouse.com.
Katherine Lemire has extensive financial services regulatory and enforcement experience. She most recently served as executive deputy superintendent at the New York State Department of Financial Services, overseeing the consumer protection and financial enforcement division. In that role, Ms Lemire oversaw regulatory and enforcement actions brought against financial institutions, including cryptocurrency businesses. She previously served as a federal prosecutor in the Southern District of New York. She can be contacted on +1 (212) 849 7000 or by email: katherinelemire@quinnemanuel.com.
Eytan J. Fisch is a partner in Skadden, Arps, Slate, Meagher & Flom LLP's financial institutions regulation and enforcement group who advises clients on regulatory and enforcement matters, with a focus on economic sanctions, anti-money laundering, FinTech, blockchain and virtual currency matters. Mr Fisch has extensive experience representing global financial institutions and multinational companies on complex cross-border compliance and enforcement matters, including internal investigations, voluntary disclosures, and administrative and enforcement proceedings. He can be contacted on +1 (202) 371 7314 or by email: eytan.fisch@skadden.com.
© Financier Worldwide
THE PANELLISTS
Guidehouse
Quinn Emanuel Urquhart & Sullivan, LLP
Skadden, Arps, Slate, Meagher & Flom LLP
Q&A: Asset seizures and recovery
Some more carrots, and definitely more sticks: DOJ corporate criminal enforcement
The SEC’s enforcement regime may soon undergo a constitutional revamp
The SDNY’s early ventures into crypto-insider trading cases
The European Public Prosecutor’s Office: a new player in the fight against white-collar crime
Red flags in internal investigations in India