Crypto-asset compliance myths and misconceptions

In this first of a four-part series, we look at some of the possible criminal uses, and challenge some of the common misconceptions, of crypto-assets.

Potential criminal uses for crypto-currencies

As with any new technology, crypto-assets have the potential to be used for criminal purposes. These can broadly be separated into two categories. The first is those where the cyber-act itself constitutes a crime, such as:

  • The use of ransomware
  • an Initial Coin Offering scam, and
  • the stealing of coins or tokens via wallet theft or exchange hacking.

The second category is where crypto-assets are used to facilitate the moving of assets obtained via criminal conduct. Principally, these are:

  • money laundering (via a mixing/tumbling service or a coin without a public traceable ledger);
  • tax evasion, where taxpayers with crypto-asset holdings are underreporting or failing to report profits or income from their holdings, and
  • the evasion of sanctions, for example the development of the crypto-rouble.

It is also important to note that these potential uses can be perpetrated by “classic” criminal actors, but that recently there has been a rise in state led or sponsored cyber activity (eg alleged North Korean hacking activity or potential Venezuelan sanctions avoidance).

Clearly, therefore there is a significant level of risk in the crypto-asset space. However, that is not to say that these risks cannot be managed, and the benefits of this new asset class realised. Indeed, the opportunities presented by crypto-assets are often forgotten in the reporting of such issues. We set out below what are, in our opinion, the four biggest misconceptions surrounding crypto-assets.

Crypto-currency misconceptions

Perception: The use of crypto-assets is inherently suspicious

Between May 2016 and July 2017 only 1,584 UK suspicious activity reports (SARs) referred to crypto-assets and of these SARs, the National Crime Agency (‘NCA’ - the UK’s Financial Intelligence Unit) found that in the majority of cases the suspicion was created by the mere fact that crypto-assets were used in the transaction. For context, in just the month of March 2017 the total number of SARs the NCA received was 43,290.

Accordingly, the use of crypto-assets therefore seems to be regarded, even by sophisticated players, as inherently suspicious even though, as we set out below, there is limited evidence that crypto-assets are being used (at present) for money laundering.

This position does not, however, extend as far as services that deliberately obscure the digital ownership trail of a crypto-asset. At present, given the infancy of the technology we would still regard the use of “tumbling” tools by a key holder, where they seek to obfuscate the underlying blockchain relating to an asset - thereby obfuscating their ownership of that asset, to be inherently suspicious unless valid justifications such as an increased need for privacy can be provided.

Perception: crypto-assets are high risk for AML / terrorist financing

The NCA considered in October 2017 that the risk of crypto-assets being used for money laundering to be “relatively low” and found little evidence that crypto-assets were being used to launder large amounts of criminal property. In addition, it found that crypto-assets were not typically used by terrorists to move funds in and out of the UK (see the UK National Risk Assessment published in October 2017).

However, we note that, in time, much in the same way any other asset class may become susceptible to criminal exploitation, the risk is expected to grow. This is because, as crypto-assets become an increasingly established method of payment, volumes increase, and it becomes easier for criminals to obscure the proceeds of crime. Indeed. whilst the FCA stated in its "Dear CEO" letter of 11 June 2018 that there was emerging evidence “of the scope of crypto-assets to be used for criminal purposes” the FCA confirm that in their view “[t]here are many non-criminal motives for using cryptoassets”.

Perception: crypto-assets go hand in hand with cyber-crime

There is more evidence that crypto-assets are used to facilitate cyber dependent crime. Ransomware payments are typically requested to be paid in crypto-assets (for example the WannaCry ransomware attack). In addition, we have seen that crypto-assets are typically paid from criminal to criminal for the purchase of illicit goods and services (see Silk Road) and they are then used to launder cyber dependent crime.

However, regulators and governments (particularly the EU) are making efforts in this area to regularise and regulate exchanges, evidenced by the 5th EU Money Laundering Directive. Whilst this may not break the link, we anticipate this will result in law enforcement being better equipped to combat such activity, and tracing the assets involved.

Perception: Individuals using the crypto-assets are anonymous and untraceable

At present there are several companies which provide services to financial institutions and government bodies to perform due diligence on crypto-asset owners to assist on-boarding checks (including KYC and Source of Wealth analysis) and ongoing transaction monitoring.

Diligence is done to identify the digital trail of ownership that blockchain technologies create and allows these companies to link what would otherwise be just an account number to a real-life profile, or at the least, a basic electronic profile of account activity. Indeed, one company claims it has mapped c. 70% of crypto-assets addresses or keys and linked these to real life profits.

However, as the uptake of mixing/tumbling services, and crypto-assets such as Monero, which deliberately obscure the digital ownership trail, increases, origin identification may become harder in the future. As a result, additional methods of conducting effective due diligence may become needed to ensure accurate risk identification can be completed.

Looking ahead

In conclusion, therefore, whilst crypto-assets create certain risks linked to criminal activity, mitigating these risks is by no means insurmountable. With this in mind, the next article in our series will look at how law enforcement is seeking to tackle these issues.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.