“Cryptocurrency is the perfect way to launder money”. This has been the view of many hackers, fraudsters and even regulators. The creation of a distributed network of servers allowing anonymous accounts and the instant transfer of value anywhere in the world was initially seen as an opportunity to launder illicit funds. ‘Money Laundering’ is the process of disguising the origin and nature of funds that come from an illicit or illegal transaction. The intention is to convert ‘hot money’ into regular assets and to break the financial trail that would expose criminals. Money Laundering is essential to the survival of criminals active in human trafficking and exploitation, illegal narcotics, and the funding of terrorism.
The Financial Action Task Force (‘FATF’) is a global coordination body whose aim is to identify and prevent money laundering and terrorism. They research the financial mechanisms used to move illicit funds, and then provide recommendations to governments. More than 200 countries have signed treaties committing themselves to implementing FATF’s Anti-Money Laundering (‘AML’) recommendations. Each country applies FATF’s recommendation to local laws that are usually enforced by a dedicated financial crime office, resulting in serious criminal convictions. FATF reviews the quality of the enforcement of these recommendations, and poor implementation results in countries being excluded from the global financial system.
Bitcoin and other cryptocurrencies / digital assets have also been gleefully adopted by investment scams and Ponzi schemes. The gains made by early owners of Bitcoin and the large amount of money raised through Initial Coin Offerings (‘ICO’) made headlines for years. Scammers exploit human greed, and sadly we have seen too many fraudulent investment schemes successfully defraud the unsuspecting general public. When these scams do get exposed, the legitimate cryptocurrency industry is often unfairly tarnished. Regulators are required to protect the public against such scams, but face challenges in doing so because cryptocurrency does not fit their existing model of an ‘issued’ financial security.
Regulators around the globe have grappled to understand and develop policies on digital assets. The ‘self-sovereign’ nature of many public blockchains may pose an existential challenge to central banks. Incumbent payment firms (both global and national) use legacy clearing and settlement infrastructure that has only recently been digitized and never properly overhauled. In contrast, the way a cryptocurrency transaction clears and settles simultaneously, in a decentralized and immutable manner, is a radical new technical and business paradigm. The regulators governing payment systems are intrigued by the potential of blockchain technology and want to see how it could be integrated into national and global payment systems.
South Africa’s Intergovernmental FinTech Working Group (‘IFWG’) was created in 2016 to coordinate a policy response to the FinTech industry. A specific Crypto Asset Working Group was created for policy and regulation relating to cryptocurrency, bringing together all South African regulators impacted by blockchain technology and cryptocurrencies. The IFWG have identified money laundering or criminal activity, unmonitored cross-border flow, tax evasion, and the financing of terrorism as the main problems facing regulators in South Africa. Extensive consultations have taken place with the local blockchain industry, culminating in a public Consultation Paper issued earlier this year.
Our company Centbee is a digital currency mobile wallet and payment ecosystem using BitcoinSV. Unlike many other cryptocurrency camps, the BitcoinSV ecosystem fully supports creating a regulation-friendly environment so that governments, businesses and consumers all have confidence in the digital currency and supports its growth to global usage. That’s why Centbee has proactively engaged with regulators and submitted several recommendations to the IFWG; we expect the final regulations to be issued largely as outlined in the Consultation Paper, although they will be promulgated at different times by the different regulatory authorities over the next 6 to 12 months.
In addition to developing policy guidance for the various regulators, the IFWG has also created a Regulatory Guidance Unit. This team provides a single contact point for FinTech firms to obtain expert advice on regulatory interpretations. Following the model of many regulators, notably Singapore and the UK, the South African regulators have also created a ‘sandbox’, where FinTech firms can test new business models. The first cohort in the sandbox is expected to be announced soon, and the participants will be given specific exemptions from regulatory constraints. The regulators will be able to closely observe the participants in the sandbox, learning how they implement new business models in the traditional regulatory context. We expect this will help regulators with relaxing certain constraining regulations and provide guidance to the industry to ensure customers are properly protected.
The work of the IFWG in South Africa can be instructive on how FATF recommendations will be implemented across the world as more countries introduce cryptocurrency regulations in the coming months and years. We can expect most countries to follow these broad themes:
Anti-Money Laundering (AML) / Combatting the Financing of Terrorism (‘CFT’)
Financial transactions are at the core of blockchain technology, so it is exposed to money laundering risk. All financial technologies have some level of intrinsic risk of being abused. Businesses that offer cryptocurrency-related services are defined as ‘Virtual Asset Service Providers’ (‘VASP’s) and will be required to register with the local financial crimes authority. VASP’s must collect KYC data from customers, verify this data, and perform regular AML and CFT analysis and transaction monitoring. Suspicious transactions must be reported as they occur to the authorities and funds must be frozen. Each VASP must formally assess and document all risks and management controls in a Risk Management and Compliance Programme (‘RMCP’). This comprehensive RMCP document must specify the risk appetite, evaluate risks faced and document the controls the VASP will apply in order to mitigate financial crime risk. A very significant investment of time and resources will be required of all blockchain firms.
Customers will be required to provide KYC data and VASP’s must be satisfied as to the source of funds and identity validity. It is clear that the days of anonymous accounts are numbered. Cryptocurrency exchanges that fail to comply are likely to be shut down, and their management teams held accountable for non-compliance. Support for so-called ‘privacy’ coins and services is likely to dwindle (and in fact, the U.S. Internal Revenue Service has even published a Request for Information, seeking proposals for technology tools to help it better trace transactions with ‘privacy’ coins, features or Layer 2 solutions — such as the Lightning Network on BTC — that are intended to obscure information). As each regulator operates at its own pace, implementation and enforcement will occur at different times across the different jurisdictions. However, 2020 will be a watershed year and I expect that by the end of the year there will be large-scale implementation of this approach across the world’s largest markets.
There are some cryptocurrency services such as non-custodial wallet services (where the customer controls the ‘private keys’) that are typically excluded from these compliance requirements. This is due to the technical challenges in regulating such a service, such as the inability to freeze customer funds. This service is seen as more of a software service as opposed to a regulated financial service.
Digital asset and cryptocurrency firms face a significant challenge in the FATF requirement (Recommendation 16) that addresses cross-border funds transfers. This is known colloquially as the ‘Travel Rule’ and has been applicable for many years to conventional cross-border bank transactions. FATF requires that the KYC details of both the sender and the receiver of cross-border transfers must be established before the transaction can proceed. It has been recommended that VASP’s exchange KYC data with each other before settling a cryptocurrency transaction. This is a significant development, as cryptocurrency exchanges will likely be restricted from sending funds to an address unless they have the KYC details of the receiver.
In the absence of a way to enforce Travel Rule regulations in the short term, it is still possible to send cryptocurrencies to an address that is not managed by a VASP (i.e. a non-custodial wallet). In these cases the sender VASP would not be able to receive any assurances as to whether the receiving entity is compliant with the Travel Rule or not.
The cryptocurrency industry is not well known for collaboration and interoperability between exchanges and amongst digital assets, and although its intent is understandable, practical implementation is problematic for VASP’s. There are some tentative standards that are being proposed for the interchange of KYC data, however they might be constrained by privacy laws like POPI and GDPR, and the risk of extremely sensitive customer data being exposed.
Cryptocurrencies as a ‘Financial services product’
Some regulators view cryptocurrencies as an alternative asset class and attempt to regulate the sale of crypto assets under their financial services products or financial exchange regulatory frameworks. Of course, in most cases there is no ‘product issuer’, so the licensing requirements would tend to follow the same approach as that of a financial intermediary or broker. Regulators expect formal registration, good product disclosure, transparency of fees and charges, avoidance of hype, and the fair treatment of customers.
In South Africa, the proposed regulations are that entities selling, promoting or facilitating the purchase of cryptocurrencies and digital assets require a license from the Financial Services Conduct Authority, and will be considered providers of a regulated ‘financial service’. In many other countries, cryptocurrency exchanges will be required to register under the securities exchange frameworks or similar frameworks being enacted expressly for digital asset exchanges. For example, the island country of Antigua & Barbuda recently enacted a comprehensive Digital Asset Businesses Act that requires (among other things) approval and registration of any exchange and other digital asset businesses. Such regulations expect highly sophisticated and diligent segregation of interests, protecting market participants from a variety of operational and legal risks. I expect the standards to be promulgated by many countries will be significantly higher than that which most cryptocurrency exchanges have experience with to date, and this will lead to a consolidation of participants.
Security Token Offerings and Licensed Custodians
Blockchain technologies typically involve a ‘token’ (crypto coin) used to reward those that power the network (miners) for processing transactions. While the Bitcoin token has been generally recognized as a commodity rather than a security, many other types of digital tokens raise significant questions about whether they are considered ‘securities’ subject to registration under financial securities laws, similar to other financial instruments such as shares and bonds. This is especially problematic if the issuer and its founders have retained ‘free’ coins from the total circulation for themselves and thus easily profit from merely promoting the token’s sale in the market. Given that the process around issuing and exchanging publicly traded financial instruments is heavily regulated, the same regulation will be applied to tokens that fall into a country’s definition of covered securities. The issuer of a token will have to, amongst other things, prepare a prospectus. The offering to the public of these instruments (usually known as an ICO) must be done through a licensed broker-dealer.
The trading of securities-classified crypto tokens will be regulated under current securities legislation. This includes the requirement to have traded tokens segregated from the assets of the licensed exchange and placed for safekeeping with a licensed crypto asset custodian (the equivalent of a Central Securities Depository). These rules will benefit the broader digital asset community and pave the way for sophisticated institutional investors to enter the space and offer the opportunity for blockchain to disrupt capital markets in a meaningful way.
Foreign exchange and capital controls
Many emerging economies (and a few of the G20) have some form of capital control, regulating the processes for exporting financial capital from the country. South Africa has quite stringent exchange control legislation and all entities dealing with foreign currency have to be licensed by the South African Reserve Bank (‘SARB’). Essentially the proposed regulations in South Africa treat cryptocurrency as ‘foreign currency’, and expand upon existing licensing requirements for Money Transfer Operators. Entities that facilitate the exchange between cryptocurrencies and South African Rands would have to apply to be licensed by the SARB.
Money Transfer Operators must comply with AML and CFT requirements, and operate under restrictions on the type of customer they may serve (i.e. typically not businesses or banks), the value of transactions they may handle, and the nature of these transactions (i.e. restricted to Person-to-Person transfers, bill payments etc). Money Transfer Operators are typically required to collect certain data like the source of funds and purpose of transaction from customers and report these details to the regulator on a daily basis. The regulator aggregates this information to inform monetary policy, and to prepare balance-of-payments and trade statistics. In some countries the regulators may be concerned about the risk of capital flight and may impose limits on customers. We’re seeing this in South Africa, and other countries should expect to see the same.
Payment services
Although FATF recommends regulating VASP’s that perform payment services, it appears that most regulators do not consider retail payments using cryptocurrencies as a material money-laundering risk. It is important to note that the merchant accepting BitcoinSV as payment for goods and services is not classified as a VASP themselves, and customer KYC is not required.
South African merchants are currently permitted to accept foreign currency as tender. As cryptocurrencies become formally designated as ‘foreign currency’, we anticipate that South African merchants who have received cryptocurrency payments for goods and services, are compelled to convert that to Rands via a VASP. The cryptocurrency Payment Processor (VASP) providing services to the merchant will have a reporting obligation to the Central Bank.
Advantages of a Public Blockchain like BitcoinSV
The immutability and transparency of public blockchains — like BitcoinSV — actually make them of lower intrinsic risk than existing financial systems. A public ledger is transparent, auditable and verifiable — making it possible for governments and businesses to trace illicit activity on the chain. Banks apply strict KYC procedures in order to reduce intrinsic risk. Applying similar controls to cryptocurrencies will address the pseudonymity of cryptocurrencies and reduce the risk of money laundering and terrorist financing. And technology tools are increasingly being developed to help financial institutions detect problematic coins, addresses and transactions on a blockchain
Because the BitcoinSV blockchain is a public ledger, it means transaction systems can also enable audit and regulatory compliance benefits in the future. The use of a public (meaning transparent, verifiable and auditable) blockchain to power transactions means it will be easier for businesses to comply with audit requirements, and even satisfy reporting requirements to their governing regulators. In fact, analytics solutions can be built that allow auditors and regulators to monitor transaction activity on the blockchain in real-time, and more quickly verify the accuracy of transaction and revenue reported by businesses in order to satisfy regulatory compliance requirements. If all transaction activity happens on a public ledger that everyone can access, at any time, compliance reporting becomes easier for everyone. This is among the many reasons we support BitcoinSV as the blockchain for business and regulatory compliance.
In conclusion, we expect that 2020 will be a momentous year for cryptocurrency regulation. Although financial authorities will publish their regulations at different times across the world, increased scrutiny will force changes to the entire industry. The intended outcome is better protection for customers and reduced opportunity for criminal activity. This may create some friction for customers and will also likely consolidate the number of VASP’s who can sustain operations. In South Africa, we have been engaging with regulators to help guide a responsible approach, which seeks to curb abuses while also encouraging innovation. We hope experiences from South Africa’s regulatory sandbox and cryptocurrency legal regime can provide lessons for the rest of the world.