Comment: De-risking cryptos
Reputational risks associated with digital currencies call for new due diligence approach, argues Henry Burrows.
Last month, the Bank of England warned City bosses that the lure of cryptocurrencies could expose their businesses to “reputational risks”, and urged extensive due diligence before proceeding. The announcement is part of a wider debate on regulation and compliance in the sector, and comes amid mounting awareness that fraudsters are seeking to exploit unsuspecting users and minimal oversight.
Cryptocurrency news website Bitcoin.com estimates that more than $1.36bn has been stolen by scammers so far in 2018 through a mixture of theft, hacking, phishing and scam ICOs (a type of fundraising mechanism for new cryptocurrency-based projects). In April, individuals behind two such ICOs successfully swindled investors out of approximately $650m, one of the largest and most brazen scams to date. Those who have lost out will likely not see their funds again. US State watchdogs have since declared fraud in cryptocurrencies to be “widespread”.
Responses from regulators to this emerging threat have so far lacked clarity. Pronouncements from governments over the last year have ranged from rejection – including an outright ban in China – to acceptance, such as in Japan and, more recently, Switzerland. Influential US and European regulators currently sit hesitantly in the middle, offering some guidance but no firm direction.
While the BoE is right to be concerned, the absence of any formal regulatory framework means that rigorous due diligence remains scarce. Some of those engaging in the sector have taken the lack of oversight to mean that compliance controls are an option rather than a necessity. Others, including banks, have hesitated in part due to difficulties in conducting rigorous anti-money laundering checks on counter-parties. For businesses seeking to on-board crypto investors, offer custody services, or deal in digital currency, there remain few options to suitably mitigate counterparty risk.
Integrity through intelligence
Undoubtedly, the unique characteristics of digital currencies mean that such risks cannot be entirely captured through traditional intelligence-gathering means. And without regulations in place to combat illegality, businesses will have to look at ways of adopting new due diligence measures as a means of safeguarding integrity.
Paradoxically, the key to unlocking part of this puzzle lies in the very technology underpinning cryptocurrencies: the blockchain, a decentralised public ledger of digital currency transactions. Despite the perception that cryptocurrencies offer a means of engaging in illicit activities anonymously, there is in fact a substantial amount of information stored on these ledgers that can be used to draw inferences about how people use digital coins.
As a public ledger, the entire transaction history of a counterparty and relevant touchpoints of any other public address can be recorded and reviewed from beginning to end. Furthermore, thanks to analytics programmes, thousands of high-risk digital addresses, such as scam or hacker addresses, fake ICO accounts or deep-web wallets, have now been tagged and monitored, providing critical insight on sources of wealth and potential financial crime issues.
By coupling this data with existing customer information, cryptocurrency exchanges and ICOs have started to apply KYC processes that satisfy basic anti-money laundering criteria. Yet, the looming concern is that these checks fall short in areas where a subject’s business activities span both traditional business segments and the digital realm.
Detail on commercial track records, reputations, and more importantly, sources of fiat currency wealth or potential criminality in the ‘real world’, are not fully captured in current KYC processes. As a result, clients receive only a small part of the overall integrity picture, potentially exposing themselves to broader commercial risks at a later date.
That isn’t to say that traditional investigative techniques need remain the same either. A large proportion of counterparties in the crypto space are young and tech-savvy, with minimal media footprints and little to no discernible corporate affiliations. They do not fall neatly into typical investor categories. Important information on their background and track record often exists in the digital realm: on social media, online discussion forums, news aggregation sites, and in some cases, on the deep web. Consequently, typical methods of public record research need to adapt in order to provide meaningful and comprehensive profiling work.
Equally, anyone who has participated in an ICO will know that almost all discussion and marketing of new cryptocurrencies is done on social media. There are no stock market filings or red herring prospectuses, and no regulator guidance. Yet while this presents new hurdles for potential investors, it generates a suite of fresh research leads for rigorous due diligence.
At its heart, these new approaches provide an opportunity to intertwine cryptocurrency transaction analysis with ‘real world’ investigations – something that is yet to be seen in the sector. Risks present in both domains are not mutually exclusive, and businesses stand to gain access to a level of information on counter-parties not seen with current KYC checks. Moreover, the implementation of such processes will foster more rigorous compliance practices in a sector in which regulators, including the BoE, are beginning to take an increasingly active interest.
Henry Burrows is a Senior Associate at Alaco, a London-based business intelligence consultancy.