By Edward Moss, Head of Market Research, and Deleep Nair, Head of Solution Engineering, Symphony AyasdiAI
In addition to the standard methods of money laundering that criminals have used since time immemorial, they’re now also using cryptocurrency and non-fungible tokens (NFTs) to clean their illicit funds. The new world of decentralized finance (DeFi) brings up thorny issues for banks and their regulators. These new digital currencies need to be regulated to prevent criminal activity, but regulation is going to take time and due diligence to avoid hindering growth. Financial institutions need to stay informed on the problems being introduced by cryptocurrencies and think through how they can take action now to protect themselves and their customers.
The strange new world of finance
Non-fungible tokens (NFTs) aren’t just another new craze; they’re also a new way to launder money. Their digital format makes it difficult to show via reasonable cause whether someone has sold or bought an NFT for nefarious reasons.
The pricing of NFTs is essentially arbitrary – whatever the price someone assigns it, that’s the value of it. Let’s say someone wants to launder a million dollars; they’ll buy an NFT for $10,000 (with clean money), then use a third-party source or someone they trust to pay a million dollars for it. Tax evasion through NFTs can also be easily achieved through the same strategies employed using physical art: make eleven NFTs, sell one to a friend for $10,000, and donate the other ten for a $100,000 loss. This process washes the money while being safer and easier than typical layering schemes. Under existing rules, such transactions are difficult to regulate and ultimately identify.
New regulations were passed regarding physical art with the recent AML act of 2020 in the U.S. and the EU’s sixth AML directive. But because of this, it’s now even more complicated to regulate.
DeFi is a little bit more traceable, but it’s still complicated. With many of these decentralized currencies, to pull money out, you must go back through a centralized platform such as Coinbase. For instance, you buy $10,000 and transfer it into a decentralized platform. Then you buy, let’s say Monero, which is one of the primary cryptocurrencies used for ransomware or money laundering. After that, you transfer the money to someone else, and then you must pull it back through or buy it back on the transfer. That action makes the transaction more traceable because you’re able to see the history of the transactions through the blockchain.
Examining recent attempts at regulation
The Financial Action Task Force (FATF) implemented new guidelines this year, and 58 out of 128 reporting jurisdictions say they’ve implemented the revised FATF standards regarding virtual assets. Of these 58, they’ve introduced virtual asset service provider (VASP) regulation schemes. But 58 out of 128 implementing these rules is nothing to write home about. And these types of guidelines take a long time to put into place because each jurisdiction has to go through their individual regulatory process.
A recent bill put forward by U.S. Representative Don Beyer would incorporate digital assets into existing financial regulatory structures. It would help direct regulators to create rules for decentralized finance and possibly create a charter for crypto exchanges, among other measures.
This is an important step. Regulating decentralized finance or cryptocurrencies has been incredibly difficult, and there’s debate over which agencies should be in charge of it. Yet while the regulators hash this out, criminals are flourishing.
The potential for traceability is improving in some respects. With many cryptocurrencies, a lot of the transactions are being printed onto the blockchain so that all their transaction history is permanently online. So, any sort of investigator who wants to try to trace a transaction can easily do that.
The DeFi-AML connection
DeFi currently operates with minimal KYC (Know Your Customer) or AML checks – in other words, largely unregulated versus centralized finance where the regulatory framework is clear and centralized virtual asset service providers are tied to the standards set for traditional financial institutions. That’s because they’ve been designated as DSPs (direct stock purchases) and so have started to become regulated by SEC and Federal Election Committee (FEC) because they are money providers.
As mentioned earlier, one of the most well-known decentralized coins being used for money laundering in ransomware is Monero. It’s estimated that about 10-20% of ransoms are paid in Monero – and that’s expected to rise to 50% by the end of 2021. At the same time, an increasing number of marketplaces that are on the dark web are exclusively accepting crypto for everything from guns to drugs.
Complicating this further is the fact that with increasing interest in decentralized finance for regulators, criminals are also getting smarter about this topic. Within the dark web, there are places that give tips and tricks on how to further hide your coins. Criminals are checking these tips to see whether their actions will catch regulators’ eyes. Anti-analysis allows criminals to check their own Bitcoin wallets and see whether they have any sort of association with criminal activity.
How to fight this new type of crime
Fixing the problem begins with figuring out how to regulate decentralized finance without being too aggressive about it. A lot of innovation from the private sector is going to be needed to really see or discover new methods of detecting these criminals and the sort of methodologies used by them in order to further regulation.
The best thing that financial institutions can do at this point is to keep an eye out for any sort of new regulation and try to be proactive with fintech companies that are trying to pursue these criminals, even if there’s zero accountability for the financial institutions to catch them and spend money on these solutions.
Regulating DeFi requires collaborative action that involves industry leaders and not just the regulators – like what we’re seeing with efforts from the U.S. Ransomware and Digital Extortion Task Force and others. More assistance is needed from the private sector, as well. The IRS last year offered a bounty of about $625k for any contractors able to develop tools to help trace transactions involving private cryptocurrency coins like Monero. This type of thing is likely to become more common as regulators attempt to stay on top of new cryptocurrencies or decentralized currencies.
Vigilance and cooperation
Criminals follow a natural cycle of flowing to the path of least resistance. The development of more advanced transaction monitoring systems (TMS) that use artificial intelligence (AI) within traditional financial institutions is pushing criminals to use safer alternative methods. These methods are specifically within less regulated markets such as NFTs and decentralized finance. Finance professionals must stay up to date on the latest opportunities for money laundering and work alongside regulators to make it increasingly riskier and difficult for criminals to operate using these tactics.