BankThink

Digital Currency Firms Must Act Fast to Tame Laundering Risk

Digital currencies have reached a critical — and delicate — moment in their evolution.

U.S. regulators and law enforcement are increasingly focused on the potential use of digital currencies to finance criminal activities and launder money. Because decentralized digital currencies, including Bitcoin, lack a network administrator, regulators and law enforcement must pursue public-policy objectives through oversight of digital-currency exchange, brokerage, and trading firms. These firms can ease regulators' concerns, but doing so will require prompt action to enhance current practices and technology.

Digital currencies offer the potential of significant social benefits. They could make certain types of payments significantly cheaper for customers, including person-to-person intercurrency transactions, micropayments, and remittances. Even at this early stage in its development, the cost of sending payment in bitcoins from the U.S. to Europe compares favorably to traditional alternatives. Particularly if the industry can harness Short Message Service technology, digital currencies also have potential to make payments more available and less expensive to the developing world.

However, digital-currency firms must act quickly to reduce anti-money-laundering risk.

U.S. regulators and law enforcement officials expect risk-based AML and sanctions programs — no small feat for digital-currency firms, which generally do not know their customers' counterparties. These firms can partially mitigate heightened risk by strengthening programs in other areas, such as voluntarily adopting bank-level Know Your Customer standards for customer identification and verification. Regulators and law enforcement also expect most firms offering digital-currency exchange, brokerage, or transaction-processing services to get licensed or registered as a money transmitter. Firms offering these services should promptly register with the Financial Crimes Enforcement Network and apply for necessary state licenses, or act as the agent of a registered and licensed firm.

But licensing and registration will not sufficiently mitigate the longer-term AML risks posed by the near-anonymity of digital-currency users. Effective AML compliance requires firms not only to Know Your Customer but also to Know Your Counterparty – in other words, who your customer transacts with. The U.S. government expects firms in widely used payment systems to have information on the originator and beneficiary in all transactions, and at the end of the last decade pressured the Society for Worldwide Interbank Financial Telecommunication into changing its wire-messaging practices to meet that expectation. Now, digital-currency firms, in turn, must develop information-sharing mechanisms that provide access to verified counterparty information, which will enable them to match the transaction monitoring and sanctions-compliance screening expected of regulated financial firms.

Developing these mechanisms takes time, and presents major challenges, notably including new protocols to collect and share such information. Given that many digital-currency users transact from wallets stored on their own computers without using any firm's services, any solution must encompass users not associated with a particular firm — for example, through use of a Web-based verification service.

Sharing this information raises legitimate privacy concerns, especially in light of the rich transaction data available from digital currencies' public ledgers. The industry will need to balance AML controls with best-practice privacy controls to assure customers that their identities and transactions will remain private even without anonymity. This could involve the provision of identity-management services by a trusted third party, with user information not included in transaction data and accessed by firms only when needed.

Steps toward "privacy without anonymity" will offend some legitimate users who value the independence of digital currencies from the influence of national governments. Development of such mechanisms may prompt greater use of measures — such as mixing services and multiple addresses — to try to mask the source of funds. In the longer term, the industry may need to develop ways to prevent transactions involving users or funds that firms cannot adequately verify.

From the perspective of law enforcement and regulatory officials, resolving these issues would turn a perceived threat into an opportunity. The rich data in digital currencies' public ledgers means that successfully addressing the Know Your Counterparty issue would provide firms and law enforcement with a stronger basis for identifying money laundering than most existing payment networks.

Leading digital-currency firms would benefit from a public commitment to address these difficult issues and the prompt formation of credible industry initiatives to support that commitment. The industry must persuade regulators and law enforcement officials of its commitment to good public-policy outcomes and that it therefore deserves the time required to get controls in place. The recent formation of the Committee for the Establishment of the Digital Asset Transfer Authority represents a positive first step toward these goals.

Many digital-currency firms are currently seeking banking partners, particularly in order to provide convenient ways for their customers to convert fiat currency to digital and vice versa. This provides opportunities to banks prepared to offer such services. However, U.S. regulators have recently increased expectations for oversight of higher-risk customers and third-party vendors. Banks providing services to digital-currency firms, such as access to the automated clearing house network, must demonstrate careful risk-based due diligence. Periodic offsite document review will not suffice. Industry-leading practices include onsite review of Bank Secrecy Act/anti-money laundering, information-security, privacy, and consumer compliance programs, as well as ongoing transaction monitoring to identify unusual activity such as spikes in chargeback rates.

AML risks are merely the most immediate regulatory challenges facing digital-currency firms. Over time, the industry will need to address a wide array of additional public-policy concerns, including information security, consumer protection (e.g., the potential application of Regulation E), and applicability of securities and futures regulation. Digital currencies will reach the commercial mainstream only after working through each of these issues thoughtfully and in close consultation with policy makers. This process will require sustained hard work, leadership, and ingenuity from the industry and regulatory authorities alike.

Adam Shapiro is a director at Promontory Financial Group who focuses on helping clients strengthen compliance programs and address issues of regulatory concern.

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation
MORE FROM AMERICAN BANKER