Criminals are now adopting cryptocurrency and non-fungible tokens (NFTs) to cleanse their illicit funds as an additional method of money laundering. For banks and their regulators, the emerging world of decentralized finance (DeFi) raises a slew of cybersecurity concerns. To prevent illicit activity, these new digital currencies must be regulated, but this will take time.
Below are four data points that outline the issues that DeFi and cryptocurrencies are causing, along with what organizations need to know to boost their cybersecurity.
Also see: The Successful CISO: How to Build Stakeholder Trust
1. Crypto Crime is Growing
A report by Chainalysis found that crypto-based crime hit a record high in 2021, with illicit addresses receiving $14 billion over the course of the year. For comparison, that figure was $7.8 billion in 2020.
Presently, DeFi operates with meager AML (anti-money laundering) or KYC (know your customer) checks. It’s mostly unregulated compared to centralized finance, where the regulations are clear, and centralized virtual asset service providers are bound by the same standards as traditional financial institutions.
Some cryptocurrencies are used for ransomware money laundering far more than others, and it’s believed that a few virtual currencies account for 10–20% of ransom payments. Simultaneously, a growing number of dark web sites are exclusively taking crypto for all manner of illegal purchases, from guns to drugs.
2. Decentralized Finance Has Ushered in New Methods for Money Laundering
How much NFTs are worth is arbitrary; they are worth whatever price someone sets, basically. Let’s imagine a criminal wants to launder a large amount of money; they can buy and sell NFTs and then route the payment through a third party. This method cleanses the money in a safer and simpler way than traditional layering methods. Such transactions are hard to control and identify using current rules.
While DeFi is slightly more traceable than NFTs, it’s still a complex situation. You must use a centralized platform like Coinbase to withdraw money from many of these decentralized currencies.
For example, suppose you buy $10,000 of crypto and put it in a decentralized platform. Then, you transfer the crypto to someone else, at which point you must either pull it back through or buy it back on the transfer. Because anyone can observe the history of the transactions through the blockchain, this action makes the transaction more traceable.
3. Regulation is Painfully Lagging
The new digital currencies need to be regulated to prevent criminal activity, but regulation is going to take time and diligence to prevent stifling growth.
This year, the Financial Action Task Force (FATF) issued new recommendations, but just 58 of the 128 reporting regions indicate they’re applied the amended FATF criteria to virtual assets. And because each region must go through its own regulatory process, these types of rules take a long time to implement.
That said, in March 2022, U.S. President Joseph Biden signed an executive order directing the federal government to develop a plan for regulating cryptocurrencies. The goal is to coordinate efforts among regulations to better understand and mitigate the risks of illicit use of crypto and to explore the opportunities digital assets bring.
Additionally, there are several other pieces of pending or passed legislation that clarify the treatment of cryptocurrency and seek to mitigate its role in criminal activity. These include:
- The Sanction and Stop Ransomware Act seeks to develop regulations to reduce the anonymity of crypto exchanges.
- The Eliminate Barriers to Innovation Act requires the SEC and the CFTC to establish a joint group to promote regulatory clarity and encourage innovation.
- The Token Taxonomy Act seeks to create regulatory transparency by defining digital tokens to exempt them from the definition of a security.
These proposals and Biden’s order represent a big step forward, but it remains to be seen how and when these will be rolled out and how quickly the findings will be turned into action.
4. Financial Institutions Need to Stay Informed
The first step in resolving the issue is to determine how to control decentralized finance without becoming overly restrictive. Right now, the best thing financial institutions can do is watch for new regulations and work with organizations that are attempting to track down these criminals—even if there is no accountability for financial firms to catch them and invest money in these solutions.
Policing DeFi necessitates a collaborative approach that includes industry leaders as well as regulators, as the U.S. Ransomware and Digital Extortion Task Force and others are demonstrating.
Keep Current and Collaborate
Bad actors prefer to reach for the low-hanging fruit. They are being pushed to adopt safer, alternative ways to commit financial fraud due to the development within traditional financial institutions of more complex transaction monitoring systems that use AI. These techniques are used in markets that are less regulated, such as NFTs and DeFi.
Finance professionals must stay current on the latest money laundering schemes and collaborate with regulators to make it harder and riskier for criminals to use these methods.
About the Authors:
Edward Moss, Head of Market Research, and Deleep Nair, Head of Solution Engineering, Symphony AyasdiAI