Cryptocurrency has now taken a firm hold in society, moving from being something of a niche or underground concept to becoming far more mainstream. (It’s even a popular topic on TikTok!) While the exact number is hard to pinpoint, there are more than 14,500 cryptocurrencies globally – and growing. Most people think of the best-known ones, like Bitcoin, Ethereum and Dogecoin, but those are just the tip of the iceberg in a market now worth more than $3 trillion.
The rapid adoption is understandable. Cryptocurrency offers many benefits by eliminating centralized control of money by governments and providing a cheap, secure and fast payment method across the world. That said, bad actors have taken notice and are also using cryptocurrency for nefarious purposes – and that’s where financial institutions can’t turn a blind eye.
Cryptocurrency’s illicit uses
The security and anonymity that cryptocurrency offers are precisely what also makes it appealing to malicious actors. In fact, crypto crime hit an all-time high of $14 billion in 2021, nearly double from the prior year. That figure’s likely to rise in 2022; the Department of Justice recently announced arrests in one of the biggest heists involving cryptocurrency – a $4.5 billion Bitcoin laundering scheme.
Crypto offers a lot of appeal for bad actors. For instance, if you’re trying to extort money from someone as part of a ransomware attack – a typical scenario – then you need to be able to get the money from the victim, whose digital assets have been blocked, without being traced. Cryptocurrency is ideal for this, from the ransomer’s perspective.
Here are three major areas where we’re seeing crypto used for nefarious purposes.
Ransomware: U.S. victims of ransomware paid hackers $590 million in the first half of 2021 – more than all ransomware payments in 2020 – and Bitcoin was the primary payment method, according to the U.S. Treasury. Worldwide, more than $5.2 billion in Bitcoin payments were potentially linked to ransomware, the Treasury also found. There’s even at least one cryptocurrency startup that’s specifically focused on helping ransomware victims pay their attackers.
Money laundering: The ease of use and guarantee of anonymity has made crypto popular for money laundering. The process of cleaning illicit earnings has three steps: placement, layering and integration/extraction.
The first, placement, entails introducing illegitimate funds into the legitimate financial system. Then, it’s moved around through multiple accounts to make it more difficult for authorities to trace funds back to its origins – this is the layering step. And that’s where cryptocurrency can play a key role. No longer do you have to rely on the lax scrutiny of say, a Swiss bank; now you can do this via cryptocurrency. That allows you to essentially put a black box around the entry point and the final destination of the money.
Moving money across borders: The peer-to-peer functionality of crypto currencies makes it far easier to move large capital funds across borders without the ability of centralized governments to stop or intercept them. That’s because no participant in the network can establish a gate between the two other wallets to approve or decline a transfer. That’s been particularly problematic for countries like China, which have policies in place to retain capital within their borders, but those policies are enforced through the traditional finance system like banks and currency exchanges.
Cryptocurrency Regulatory action lags
There are many steps being taken towards cracking down on cryptocurrency, but as with almost all financial regulation, it’s always going to be at least a few steps behind what the criminals are currently doing. The fact is that cryptocurrencies remain largely unregulated – and what regulation does exist has been a piecemeal approach. The IRS, the Securities and Exchange Commission, and the Office of the Comptroller of the Currency have all issued various pronouncements on crypto regulation, but only covering the individual aspects of it that fall under the purview of each agency.
In the meantime, crimes are being committed. So, banks and financial institutions have to protect themselves rather than just sitting on their hands until regulations force them to act. They will be fined for money laundering that occurs on their watch, regardless of whether it involved cryptocurrency or regular currency.
Actions steps for banks and other financial services organizations
The number one way to protect your organization is not to engage with cryptocurrency at all. But that doesn’t make much business sense for most organizations. The reality is that crypto is rapidly growing in adoption and more customers want to use it. This is something organizations need to really think about: Do the potential benefits ultimately matter more than the potential downfalls? If so, then organizations have to find a way to root out the fraudulent and criminal behavior that crypto enables.
This is where your anti-money laundering (AML) and know your customer (KYC) tools come into play. For instance, customers who are using cryptocurrencies may need to come under different levels of scrutiny. You can have hard-coded rules that separate these users out or use other KYC processes that let you treat cryptocurrency users a little differently. But, if a large enough number of your customers are using crypto, this almost becomes moot.
The more realistic approach is to lean on technological solutions like ML/AI-based transaction monitoring, which will pick up even very subtle differences in the behavioral patterns of two entities, hence targeting much more accurately the malicious actors without disrupting the activity of regular customers. Ultimately, that’s going to be much less painful – and more effective – for the financial firm.
This is still very much a rapidly evolving field, and there are bound to be some missteps and lessons along the way. But the big takeaway is that financial organizations need to understand the potential problems and have an active, defined plan for how they are going to approach prevention and detection, regardless of what regulatory action does or doesn’t come to fruition.
Advanced crime prevention
The rise of decentralized finance has created additional obstacles for financial institutions and regulators to prevent digital currencies from enabling money laundering. Financial institutions need to take action now – they can’t wait until their hands are forced by regulation, because the regulation lags behind and the risk is real now. Fortunately, there are already tools in place that can help – they may just need a bit of tweaking. AI can also play a role in helping you detect new forms of financial fraud, avoid fines, and prevent crime.
