Crypto Currency

Cryptocurrency in Conflict Zones: Risks and Opportunities

For the past two weeks, the world’s attention has been firmly fixed on Afghanistan. One critical challenge, both for those fleeing and those left behind, is access to money.  The banking system is on the verge of collapse, with many branches closed and those which are open quickly running out of cash. There are long-term concerns for what Taliban rule will mean for the economy and for people’s livelihoods. In the face of this uncertainty, a small but increasing number of Afghans are reportedly turning to cryptocurrency as a way to shore up their savings, evade Taliban oversight, and maintain international access.

There have been similar developments in other conflict zones and politically unstable countries. According to a Guardian article earlier this year, Libya, Palestine and Syria neared the top in online searches for bitcoin and other digital currencies, and there are reports of growing usage in troubled countries including Venezuela, Iran, Zimbabwe and Lebanon. Many of these countries have a substantial middle class with moderate levels of savings and financial literacy and high internet penetration rates - the ideal conditions for crypto adoption. The phenomenon has gained scholarly attention; Boston University convened a task force in 2015 to explore how cryptocurrencies could provide assistance in conflict zones. So how realistic is this idea?  And what financial crime challenges would wider adoption bring in its wake?

Unlike in developed markets, where crypto adoption was initially driven by ideology and later by speculation, in fragile states adoption is mostly driven by practical need. Virtual currencies can offer solutions to a number of critical problems:

  • Inflation: despite the inherent instability of crypto assets themselves, they can be a good hedge in jurisdictions afflicted by severe currency depreciation. Both Venezuela and Iran have witnessed increasing crypto adoption in the face of dramatic inflation - in Venezuela’s case, peaking at 10,000,000% in 2019. Wealthier individuals in such countries have previously turned to stock markets and physical assets such as gold and property to protect their wealth, but crypto offers a more accessible option to those with smaller amounts to invest.

  • Circumventing sanctions controls: crypto is sometimes the only solution for those in sanctioned countries who cannot move money abroad any other way. Many small businesses and freelancers in Iran, for instance, choose to be paid in crypto as they are not able to receive international bank transfers or use services like PayPal.  

  • Avoiding currency controls in countries with restrictions on the amount of currency that can be moved abroad. For instance, during the Lebanese financial crisis which broke out in 2019, customers’ savings were effectively frozen by banks imposing informal capital controls and blocking transfers abroad. New regulations were introduced in May 2020 to permit foreign currency withdrawals, but these were limited to $50 to a few hundred dollars a month, with transfers abroad capped at $50,000 a year for “necessary matters” only. Growing numbers of Lebanese citizens are choosing to keep their savings in cryptocurrency to maintain control and prevent losing it to bank- or state-imposed restrictions. 

  • Uncensored: while the lack of centralised control was originally a purely ideological plus point, in conflict zones this is often of practical importance. The censorship-resilient system reassures users who have lost faith in their national financial systems and want to keep their assets out of reach of the authorities, and safe from seizure, freezes or other restrictions. 

  • Price and speed: Perhaps most obviously, crypto offers faster and cheaper overseas transfers. While this is a positive anywhere, it’s especially useful in unstable countries which have large diasporas and are heavily reliant on remittances (e.g. Somalia where remittances account for a huge 23% of GDP). It is also a key consideration in countries deemed to be high risk and “derisked” by global banks, where the local banking network is poorly connected internationally, resulting in higher fees, longer waits, and greater inconvenience.

Nevertheless, there are still clearly numerous barriers to more widespread adoption. Top of the list in most emerging markets is a lack of awareness, and unreliable access to the internet. In high-risk and fragile states, there are additional barriers in the form of access to the banking system. Crypto may seem like a good solution for the unbanked, but not being able to use a bank account or credit card to trade restricts the type of platforms available. Users may also lack the ID documents required to open accounts with the larger exchanges.

For this reason, crypto activity in fragile countries rarely takes place on international, centralised exchanges. It is mostly driven by decentralised P2P exchanges, which do not require KYC and allow users to buy and sell in cash - either through local crypto-to-cash brokers or in-person payments. Social media is also increasingly used to match local buyers and sellers. These platforms help customers avoid restrictions imposed by larger exchanges such as geoblocking; under pressure from their banking partners, a growing number of exchanges have banned users based in Iran, for instance. In other instances, users buy and sell crypto with the help of friends or family based abroad with fiat bank accounts and credit cards, who can purchase and hold crypto on the user’s behalf. In a creative blend of the old and the new, hawala dealers can also facilitate purchases, either by sending or receiving money from friends and family overseas, or by letting people cash out by selling their coins to the dealer in exchange for local currency.  

Conflict zones are inherently high-risk for financial crime including arms trafficking, sanctions evasion, corruption, and terrorist financing, and P2P activity on decentralised exchanges only exacerbates these risks. The absence of KYC controls and the use of cash are ideal for criminal actors as well as civilian users. Having associates or hawala dealers making purchases and holding crypto on behalf of a user in a fragile state clearly obscures the true owner and source of the funds. The use of P2P exchanges is also risky for users themselves, as they are more exposed to fraud and theft when making cash payments or using exchanges without escrow services.   

Unsurprisingly, governments in conflict-affected and fragile states are unlikely to be too concerned with developing the cryptocurrency regulatory environment. The onus therefore falls on financial institutions to find ways to monitor developments and address the risks posed.  One clear lesson is the need to understand the broader context, looking at political and security developments to predict and engage with peaks in demand.  Widespread adoption remains unlikely, given the numerous challenges around infrastructure, trust and education.  Nevertheless, it is clear that crypto will remain an appealing option for some, as long as the traditional financial system fails to offer a better alternative. Finding ways to reduce the risks and integrate these users into a regulated crypto ecosystem could provide new options for financial inclusion for the most vulnerable.


If you would like to speak to FINTRAIL about any of the issues raised in this article, please contact Maya Braine, Managing Director for the Middle East and Africa at maya.braine@fintrail.com. We work with FinTechs in Saudi Arabia and the wider Middle East region to build out their financial crime compliance controls, secure banking partnerships, select and integrate RegTech vendors, perform health checks and audits, provide interim compliance support, and run training.

Goodbye 2020: Highlights of the year from the Europe team

Regulatory Changes

Throughout 2020, the financial sector saw a number of changes - including regulatory change. Whilst the year had its fair share of bad press around the adoption of regulation, there were also a number of positives to come out of 2020.  The implementation of the Fifth Anti-Money Laundering Directive (5AMLD) at the start of the year and the newly updated UK National Risk Assessment were long awaited updates that will help to drive positive change within the financial sector and beyond.   

Fifth Anti-Money Laundering Directive 

The 5AMLD came into force on January 10th 2020. The directive brought a number of changes, which now applied to firms that were previously unregulated. The 5AMLD now covers cryptocurrency firms, high value dealers (anything over 10,000 euro), and estate agencies. In 2020, cryptocurrency firms started to bolster and refine their anti-financial crime frameworks  - a sure result of 5AMLD.  

UK National Risk Assessment

Towards the end of the year the UK released it’s 2020 National Risk Assessment - an update on the 2017 Risk Assessment. The changes (highlighted in our December 2020 RegCap) included a number of increased risk levels for some specific industries such as property and trust/company service providers. The assessment also included initial ratings of newly regulated sectors such as estate agents. No areas saw their risk levels lowered, either for money laundering or terrorist financing. 

FINTRAIL Projects: Europe

Whilst the year wasn’t quite as many had planned, we at FINTRAIL continued to work with our global client base to deliver the best of anti-financial crime consultancy. The year saw us work on a number of different projects, from risk assessments to creating due diligence policies. Two areas that increased in popularity this year were audits and training. 

Audits often get a bad reputation. They are a regulatory requirement and often seen as a burden. However, these can be extremely useful tools and help to shape and prioritise the year ahead for your anti-financial crime function. We conducted several audits in 2020, from a crypto firm’s first audit to working with a challenger bank who is well versed in the audit process. 

Firms have also looked to either increase their knowledge or change the way they are learning and conducting training. Despite the challenges of working from home, FINTRAIL delivered bespoke, specialist training - albeit from behind a screen. This appetite for training stretched across most companies with an increase in requests for training of more junior members of staff as well as the more senior compliance employees. RegTechs also requested training in 2020, to ensure their sales teams were attuned to the latest regulations; understand where their product fits into their potential clients’ lives; and were aware of the problems it solves. Alongside RegTech partners, our clients within the training space in 2020 included challenger banks, crypto firms and law enforcement agencies to name a few. This trend for increased training is likely to continue into 2021.

Another highlight of the year was conducting work in the investigations space. One particularly interesting project included a due diligence review and evaluation of the specific risks posed by a particularly high-risk client. FINTRAIL also assessed the current control measures in place and offered suggestions for enhancements to the financial crime control framework to mitigate the risk further. 

Part of  2020 was also spent leading a major transformation project within a bank's anti-financial crime function. This large scale project was great to work on, as it involved delivering various pieces of work from an enterprise wide risk assessment to customer due diligence policies, right the way through to the training programme for its employees. FINTRAIL successfully helped to shape a more effective compliance framework for the bank, entirely through remote delivery.  

Looking to the future

Entering into 2021, we look forward to working with our existing and any new clients that the year may bring. There are already early signs that the year could be an eventful one, with rapidly changing crypto regulation through to Brexit finally being realised. 2021 is sure to bring its challenges - and opportunities.


ON DEMAND: FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

***NOW AVAILABLE ON DEMAND***

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Originally launched on 30 June 2020, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

SESSION 1: CRYPTOASSET RISKS . . . WHAT’S YOUR APPETITE? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

SESSION 2: ASSESSING AND GETTING TO GRIPS WITH THE FINCRIME RISKS:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

SESSION 3: SYSTEMS AND CONTROLS - MANAGING YOUR CRYPTOASSET RISKS IN PRACTICE 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance.

The Payment Services Act - A unique risk based approach to regulation or an overly complicated set of standards?

In January 2020 the anticipated Payments Services Act (‘PSA’) came into force in Singapore. According to the Monetary Authority of Singapore (‘MAS’) the act is:

 

“A forward looking and flexible framework for the regulation of payment systems and payment service providers in Singapore. It provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech.”

 

In this paper we look to understand:

  • the genesis of the PSA

  • what approach has been taken to licensing new payment methods

  • what are the differences to the approach taken in Europe, and

  • whether the implementation of the PSA in Singapore will succeed in promoting innovation

Why Virtual Asset Service Providers in South Korea Must Act Now

South Korea remains the third-largest market for virtual currency, behind the United States and Japan. During the Bitcoin bull run of 2017, an estimated 1 in 3 office workers owned cryptocurrencies.

This crypto gold rush existed alongside limited regulatory oversight which created a fertile breeding ground for exploitation. This is evidenced through numerous controversies including  exit scams, exchange hacks, price manipulation, and fake trading volume. Data from the Korean Ministry of Justice indicates that South Koreans lost $2.7 billion USD in cryptocurrency scams between July 2017 and June 2019. The ministry also said it has indicted and detained 132 individuals accused of cryptocurrency fraud and indicted another 288 individuals without detaining them.

In March this year,  South Korea’s National Assembly passed an important new legislative amendment to their Financial Information Act that effectively legitimizes virtual asset ownership and trading and aligning the country requirements with international anti-money laundering and counter-terrorism funding (AML/CFT) standards. All Korean Virtual Asset Service Providers (‘VASPs’) must be fully compliant with the Act no later than September 2021.

Whilst formally bringing crypto exchanges into the regulatory fold, these requirements are not without their challenges. All Korean exchanges are now legally required to establish a verified real-name individual account with an authorized Korean bank. The exchange’s designated individual account holder will be responsible for withdrawing and depositing fiat currency between the exchange and the bank by way of a single bank account. South Korea introduced the real-name verification system in January 2018. Although not a requirement, crypto exchanges were encouraged to partner with approved banks to use the system. However, so far, only the largest exchanges — Bithumb, Upbit, Coinone, and Korbit — have been able to use this system, as banks have been reluctant to provide this service to small and medium-sized exchanges.  Under the new Act the VASP  is required to report their business and real-name bank account before September 2021, or else potentially face a 5-year prison sentence or 50 million Korean Won fine.

In addition, each Korean VASP must apply for an Information Security Management System (ISMS) certificate from the Korea Internet & Security Agency (KISA) in order to do business. To receive ISMS certification, they’ll need to implement new AML/KYC measures such as Recommendation 16 travel rule which requires VASPs to exchange customers’ personally identifiable information.

As crypto exchanges look to build / enhance their AML programme to meet regulatory requirements and also  secure banking partnerships, what should they be focusing on?

  • Know Your Customer:

    • This goes beyond simply to collation of ID documents - which is just one piece ( arguably the easiest piece) of the puzzle. 

    • Think about proportionality. Perhaps you do not need to collect ID when your customer registers, but only when they start actively trading. The amount of KYC you collect can be tailored to your clients activity and wallet caps included to limit exposure. 

    • VASPs may also consider using some more enhanced data points to better understand their customer such 

  • Transaction monitoring:

    • Whilst companies are able to apply a risk based approach to the collection of documentation at onboarding, the key to understanding your customers behaviour is to have robust monitoring in place. 

    • The monitoring of both fiat transactions, and the crypto transactions is very important. A customer's transaction profile should be considered by looking at both of these elements. 

    • An increasingly popular request from banks is that they require a look back on the VASPs transactions over a set period of time. This usually forms a report, and is facilitated by the bank by either asking the VASP directly, or requesting this information through a third party blockchain analysis provider. 

  • Governance:

    • The usual governance applies, however this should also be extended to include an audit and regular reviews of the crypto transaction monitoring systems, as well as a review of the crypto-assets themselves that the VASPs are listing. 

  • Sanctions:

    • OFAC have now started including cryptocurrency addresses as part of their sanctions regime. This is an extremely important area to focus on, and something that is vital for your transaction monitoring. When liaising with vendors for blockchain analysis, a key question should be around how they deal with sanctioned addresses, and how often those lists are updated. 

The newly passed law forces any non-compliant VASPs to either quickly reform their AML/KYC programme or cease their operations. While a handful of the biggest Korean exchanges already comply with most of these measures, there is a real chance that many of the other VASPs that have not adequately considered AML protocols as they have built and scaled, will struggle to implement these new regulations.  Some may even be forced to cease operations all together. 

FINTRAIL are currently working with crypto exchanges globally to build, scale and test their AML and CTF programmes  to not only meet regulatory requirements, but also to secure banking partnerships and help them proactively manage their financial crime risks, thereby helping to strengthen the AML health and wellbeing of the sector.

If you are interested in speaking to the FINTRAIL team about the issues discussed in this article or any other financial crime topic please get in touch via contact@fintrail.co.uk.

FINTRAIL- Elliptic Cryptoasset Compliance Virtual Bootcamp

For financial crime compliance professionals, cryptoassets are one of the hottest topics around. With regulators and global watchdogs like the Financial Action Task Force zeroing in on cryptoassets, any compliance team that isn’t educated on cryptoassets has a major blind spot. 

Cryptoassets are no longer a fringe financial technology: cryptoassets have a total market value of more than $250 million; bitcoin is among the top ten currencies globally in terms of the overall value of banknotes and coins in circulation; and over $500 billion flows between the banking sector and cryptoasset businesses annually. Cryptoassets are now a feature of the financial landscape. This exciting technology presents both compliance challenges and business opportunities for teams not only at cryptoasset businesses, but also for banks and FinTechs who can no longer ignore this burgeoning asset class.  

That’s why we’re partnering with the team at Elliptic to launch our first ever cryptoasset compliance virtual bootcamp. Launching on June 30, this online bootcamp is one we’ve designed to assist banks, FinTechs, and cryptoasset firms alike in identifying strategies for managing financial crime risks in this new phase of cryptoassets. We’ve launched this initiative to help compliance teams in their journey, and to educate and ensure the wider regulated sector understands the cryptoasset industry, how it may affect their business, and how best to practically address the risks while harnessing new opportunities. The bootcamp focuses on how your business can apply an effective risk based approach towards cryptoassets. This ensures the highest risks to your business are the focus of your compliance efforts, with less impactful risks sitting lower down the priority list. 

Led by FINTRAIL’s Danielle Jukes and Elliptic’s David Carlisle, and featuring guest speakers from around the financial crime compliance space, this complementary virtual bootcamp will include three engaging sessions across June and July. Each session will focus on the key pillars that we see as vital to a strong cryptoasset financial crime risk management framework. Content for the sessions will include: 

Session 1: Cryptoasset risks . . . What’s your appetite? 

Effective risk management starts by defining your risk appetite. If you are a cryptoasset business, have you articulated to your staff which risks you’re willing to accept? For example, are there certain countries that present especially high cryptoasset risks and with which you won’t do business? And if you are a FinTech or bank, have you clearly defined what degree of interaction your business will or won’t have with cryptoassets, and do your staff understand how to ensure adherence to that risk appetite? Until you’ve defined your risk appetite, you can’t expect your compliance team to develop an effective response. In this session, we’ll provide you with a conceptual framework for defining your cryptoasset risk appetite and using that foundation for effective risk management.

  • Key takeaways: an understanding of how you can develop a risk appetite statement on crypto, and how it can affect your business, relevant examples of statements related to cryptoassets.

Session 2: Assessing and Getting to Grips with the FinCrime Risks:

Cryptoassets present specific financial crime risks and feature heavily in some typologies more than others. Understanding these risks and executing a crypto-specific risk assessment is critical to managing risk exposure, whether your platform offers cryptoasset services directly or not. If you are a cryptoasset business, do you understand which fincrime typologies present the highest risks to your platform? Do you offer privacy coins or other services that may present an elevated risk to your profile? If you are a FinTech or bank, while you may not offer cryptoasset services, do you understand crypto-specific typologies that may expose your business to indirect cryptoasset risks that are sometimes very difficult to detect? This session will equip you with the know-how you require to conduct an effective cryptoasset risk assessment for your business. 

  • Key takeaways: an understanding of different types financial crime risks, how they present themselves within cryptoassets, and how your business can assess these risks.

Session 3: Systems and Controls - Managing Your Cryptoasset Risks in Practice 

Managing cryptoasset risks requires access to systems and controls that can detect and protect against bespoke risks. Your compliance team should be working to solve the following questions:.

  • For cryptoasset businesses, do you have access to these bespoke cryptoasset monitoring tools tools, and are they configured appropriately to your business needs? 

  • For banks and fintechs, are you able to detect and assess risks related to counterparties who may be dealing in cryptoassets? Solutions exist that can enable you to do so, but they require expertise your business may not possess. 

  • Filing SARs and undertaking reporting obligations related to cryptoassets can present specific challenges. Are you equipped to navigate these challenges? 

  • Key takeaways: an understanding of what systems and controls are out there, and how they can fit into your wider anti-financial crime framework.

This bootcamp will help your compliance team work through these and other questions, and in doing so, will empower you to execute on a vital component of your financial crime risk management framework. If these three pillars are executed effectively, then your compliance team can confidently tackle the risks associated with cryptoassets. 

You don’t want to miss out on this opportunity to learn from FINTRAIL and Elliptic’s experts in cryptoasset compliance. You will also be awarded a certificate of attendance after attending all three sessions. 

EUROMONEY - Regulation: For AML, FinTech is both problem and answer

Set against a number of high profile money laundering scandals in the sector, FINTRAIL Co Founder, Robert Evans was interviewed by Dominic O’Neill, EUROMONEY, along with some key industry leaders to discuss AML and FinTech and how technology, particularly RegTech, can help support financial institutions in upholding their regulatory requirements in the global fight against financial crime.

Rob discussing the negative press around FinTech:

“Because of the online nature of the communities they serve, they can be vulnerable to pressure applied by legitimate customers with legitimate complaints and vulnerable to misinformation,” says Evans, discussing the neobanks. “Fraudsters have learnt that applying pressure via social media is a way to release funds that have been frozen for good reasons.”