Blockchain & Cryptocurrency , Next-Generation Technologies & Secure Development , Standards, Regulations & Compliance
How Sam Bankman-Fried and Changpeng Zhao Will Shape Crypto
Experts Call for Better Regulation, Implementation and Compliance MeasuresSince crypto main characters Changpeng Zhao and Sam Bankman-Fried are now confirmed felons, those left in the famously regulation-averse industry find themselves not only contemplating government-imposed rules but even possibly welcoming them.
Zhao, the former chief of cryptocurrency trading platform Binance took a plea deal earlier this month that could result in an 18-month prison sentence, and former FTX wunderkind Bankman-Fried awaits sentencing for crimes that add up to potentially more than a century of prison time.
Those high-profile collars show the "extreme urgency" for tailored, comprehensive oversight for crypto, said Yesha Yadav, associate dean at Vanderbilt University Law School and a financial regulation expert.
The key is to make sure that crypto custody standards don't sweep up customer assets in the event of an exchange bankruptcy proceeding and ensure that customers have real recourse if their assets are mishandled, she said. Disclosure standards offer a discrete target for regulatory reform, with big payoffs for market integrity and good governance, she told Information Security Media Group.
"Even if major omnibus legislation cannot be passed in the short term, then at least more discrete measures could help," Yadav said.
The events at Binance and FTX show the need for control over the digital currency industry, said Adam McLaughlin, global head of financial crime strategy and anti-money laundering at NICE Actimize. "There will continue to be a crypto industry even though it may look different once the regulators and governments have taken steps to control it more," he said.
Of course, those who claim to want regulation may not always really want it. Bankman-Fried is a case in point: In public, he was a staunch proponent of crypto regulation, while in private he derided it as "Just PR," telling a reporter "F--- regulators," in text messages unveiled during his trial.
Still, cryptocurrency clearly has a crime problem. Bankman-Fried ran a poorly governed, under-compliant family of companies under the guise of regulatory compliance. FTX was registered in all the right ways in all the jurisdictions in which it operated and seemed to be the poster child of the crypto industry for compliance.
But the industry grew too quickly, said McLaughlin. "As soon as these ideas started taking off in the mid-2010s and became popular with the masses, who arguably saw these as get-rich-quick schemes, the technology nerds were suddenly thrust into the mainstream, creating crypto exchanges, crypto businesses and online gaming platforms where digital currencies are used and traded, ultimately to capitalize on the new demand to make money themselves. Tech experts quickly had to learn about compliance, money laundering and meeting regulatory expectations - things they historically needed to consider more and were not used to."
If it wasn't clear before, it should be now: Centralized exchanges must run like traditional financial institutions, complete with "know your customer" and anti-money laundering controls in place. Merely offering a new technology does not absolve them of adhering to traditional compliance norms, said Michael Fasanello, head of policy and government affairs at Anchain.
An "overwhelming majority" of digital asset players want to be compliant and safe for consumers, a Chainalysis spokesperson said. The digital assets industry, the spokesperson said, needs a clear regulatory regime that takes into account the specifics of the underlying technology and offers the certainty needed for further investment.
What Does 'Compliance' Even Mean?
Getting crypto industry doyens to concur on the need for regulation is one thing. Getting them to agree on what that means is another. There are broad disconnects between policymakers and industry on how to define certain parties in blockchain transactions; how to define what type of regulation various assets - such as commodities, currencies, securities and collectibles - fall under; and whether or not the structures of service providers can actually comply in a meaningful way with regulations as they currently exist on the books pertaining to traditional finance.
The United States has chosen "not to be a benchmark of clear crypto compliance regulations, permitting regulators to regulate through enforcement alone," Fasanello said.
Clarity in defining parties and assets, understanding the unique identification challenges posed by blockchain technology, and understanding that an iterative rather than fixed regulatory approach will accomplish more in an evolving industry should be important considerations for policymakers, Fasanello said.
But the biggest challenge with the crypto industry is that by nature, digital currencies are decentralized, meaning that the ledger of who owns what sits on decentralized servers located around the globe - many of them on individuals' home computers, McLaughlin said. "The 'currency' is not owned or controlled by any government or central bank. This makes it harder to control the currency. You can only regulate the companies dealing with digital currency," he said.
Not all countries regulate crypto organizations to the same extent, creating differences, and where the transfer of digital currency is decentralized, individuals can place digital currency in a custodian or exchange located in a country with poor anti-money laundering controls or none at all but still move the money across the blockchain with relative ease, he said.
The other challenge is that unlike with fiat currency, the travel rule under the U.S. Bank Secrecy Act mandating that financial institutions convey basic data such as who the money is from and who the money is for, isn't easy to apply with digital currency, he said.
With fiat currency, there are defined and centralized payment rails for moving funds from one bank to another or from one country to another. With crypto, those rails have not yet been created. "Because crypto is decentralized and there is no central body, like SWIFT for fiat transactions, creating a centralized approach to adding information to the transaction message is challenging," McLaughlin said.
Without a crypto SWIFT, investigators can only see a transaction code - or wallet ID - where the crypto coin has been and where it is going. Investigating suspicious transactions means approaching each exchange or wallet where the currency is stored to gather the account holder's "know your customer" information, which takes time. If the crypto organization is in a country where it is unwilling or not obliged to share that information, the details are unlikely or extremely difficult to obtain, he said.
What Next?
Virtual asset service providers are presently considered money services businesses under the Bank Secrecy Act. They must implement a formal anti-money laundering program and adhere to the five pillars of an effective program: designating a compliance officer, developing and maintaining internal policies and procedures, providing periodic and relevant training to employees, conducting independent testing and monitoring of controls, and ensuring customer due diligence. Compliance with economic sanctions administered by the Office of Foreign Assets Control, while not specifically targeting money laundering, is also a requirement for the crypto industry.
McLaughlin expects that the recent actions in the crypto space will put the spotlight on the role of money laundering reporting officers and Bank Secrecy Act compliance officers - as was the case for Binance's now ex-chief compliance officer Samuel Lim, who earlier this month agreed to pay $1.5 million dollars to the Commodity Futures Trading Commission for violating an anti-money laundering statute. Many organizations, especially in the fintech and crypto space, have inserted tick box compliance heads, MLROs and BSA officers who possess very little experience or knowledge and are certainly not sufficient to perform the role effectively, he said.
"I have sometimes seen CEOs or heads of operations acting as the MLRO. This introduces a massive conflict of interest where business and profits often trump a strong compliance culture. If the officer or executive is not independent or of solid character, therefore unable to say 'no' or always overruled, it means they are there in spirit but not in reality. Any business decisions get passed anyway, even if they are noncompliant or criminal," McLaughlin said.