Cryptocurrency is fast maturing as an alternative digital asset class, and it’s no surprise that - as part of this maturation process - there is more urgency for better risk management.
Today, the crypto market is mostly self-regulated and has automated governance with limited or no regulatory structure. This serves up Pandora’s box of legal dilemmas for both the policymakers and corporate risk managers alike.
Without regulatory guidance, crypto companies define their own risk thresholds, which include, according to Simon Douyer, the COO of cryptocurrency trading service firm SheeldMarket:
direct risks - determining if a crypto transaction is connected to addresses under sanctions or derived from illegal activities;
indirect risks - assessing what risks can derive from business clients.
Unfortunately, due to the unprecedented complexity and the ever-changing nature of crypto, setting clear rules - particularly for cross-border transactions - will take some time. This leaves the industry testing its limits and potential for the time being, as traditional financial instruments don’t apply.
On the other hand, just because there is no international consensus on how to regulate cryptocurrencies does not mean that organizations will not get fined or penalized for improper conduct.
(80%) 16 actions alleged an unregistered securities offering violation under Sections 5(a) and 5(c) of the Securities Act;
(65%) 13 actions alleged fraud under Section 17(a) of the Securities Act and/or Section 10(b) and Rule 10b-5 of the Exchange Act;
(55%) 11 contained both allegations.
When unregulated, the way that crypto companies determine and manage their risk thresholds becomes a form of business strategy. While risk is opportunity, it is necessary to identify and avoid destructive risk in operations.
Transacting in different cryptocurrency markets brings complex legal and compliance hazards
There are over 18,000 cryptocurrencies in existence as of March 2022. And all of them are different in terms of their security, programmability, and governance characteristics - hence, they’re not interchangeable. Moreover, there is no consistency in government standards globally in what concerns cryptocurrencies. And whatever standards there are, they only apply to the jurisdiction that issues them, creating siloed legal guidelines.
In the US alone, crypto companies have to deal with both federal and state regulators who often compete against each other, says Hailey Lennon, a regulatory compliance specialist at Anderson Kill PC law firm. Hence it is crucial for risk and compliance managers to ensure that their crypto law library is comprehensive for all jurisdictions they operate in and properly updated in a timely fashion.
Cyber risks necessitate a solid AML program for crypto exchanges and custodian solutions
With an array of independent storage and security solutions, ranging from specialized financial institutions to digital wallets and hardware to exchanges that are intended to protect investors’ interests, mitigating fraud and hacker risks is key.
Institutional custodial solutions for cryptocurrencies are both legally and technologically complicated because the encryptions that systems use to track and verify transactions cryptographically are easily and publicly accessible.
This makes the custodial solutions highly vulnerable to malware and hackers, forcing a need for security measures that manage and control how custodial systems can access, use, and verify these keys.
In July 2021, major crypto thefts, hacks, and frauds totaled $681 million, because cheaper, faster international transactions also make the crypto sector a fertile ground for criminal activity, such as money laundering and terrorist funding.
To help cryptocurrency exchanges and custodian services avoid money laundering (as well as the risks inherently posed to consumers, investors, and businesses), regulatory bodies are putting anti-money laundering (AML) legislation in place that must include a solid know-your-customer (KYC) protocol.
Both AMLD 5 and AMLD 6 in Europe and FinCEN’s Final Rule in the US make it clear that virtual currencies and the exchanges on which they’re traded are subject to anti-money laundering legislation.
As a risk and compliance manager, consider these five pillars for your AML compliance program:
Internal controls to assure ongoing compliance;
Independent testing of the AML program;
Designated person responsible for monitoring the program;
Audit or risk-based procedures to conduct ongoing due diligence.
As the consumer demand grows, the need for legal guardrails is heightened
The good news is that the crypto-asset market is maturing fast, with more institutional involvement over the last year from both investors and service providers. There is more willingness from banks and other financial institutions to undertake activities in and gain exposure to cryptocurrencies, which is a sign of evolution for otherwise risk-averse organizations. (After all, it’s forecasted to become a 3 million dollar industry.)President Biden’s Executive Order on digital assets from March 9, 2022, was, in part, the result of under-regulation of the industry that has been growing rapidly in the past years. Now, digital assets are making headlines every day, and consumers want more information on how to acquire them. Consequently, properly-designed risk and compliance programs are crucial for those services and solution providers who handle cryptocurrencies.
Risk and regulatory compliance managers need to ensure they have the necessary risk profile, risk assessment, anti-money laundering program, and a robust regulatory change management solution in place to keep up with the updates of all important regulations globally that are forthcoming for the crypto market.