CipherTrace Urges Crypto Companies to Prepare for Anti-Money Laundering Compliance

Published at: Nov. 8, 2019

For better or for worse, the cryptocurrency space is coming of age. Since Bitcoin’s rise to mainstream prominence in 2015, there has been increasing recognition of digital assets from government agencies around the world. In turn, new regulations are being imposed to control the way cryptocurrency companies operate and do business globally. 

Most recently, the Financial Action Task Force issued new guidelines on how digital assets should be regulated. In order to raise awareness around these requirements, the blockchain security company CipherTrace hosted a conference and hackathon this week in San Francisco dedicated entirely to discussions on the FATF guidelines, also known as the “travel rule.”

The travel rule requires regulators and Virtual Asset Service Providers, such as exchanges from various countries worldwide, to collect and share personal data during transactions. Much like the guidelines followed by traditional banks under the United States Bank Secrecy Act, the travel rule being enforced for crypto firms follow the same requirements as money transmitters do to record identifying information on all parties in fund transfers made between financial institutions.

Yet, unlike traditional financial firms, many cryptocurrency exchanges do not capture personally identifiable information by default. Complying with the travel rule will therefore require significant shifts for businesses operating in the crypto space.

“The new regulations coming from FATF will ultimately change the way crypto companies operate, requiring them to track not only their own customers’ transactions, but also where their customers are sending money to,” Dave Jevans, CEO of CipherTrace, told Cointelegraph.

One of the main goals of the CipherTrace conference was to gather regulators, banks, crypto companies and programmers together to make sense of the new guidelines, and then build a solution that would allow organizations to easily comply with the FATF rules.

“There are broad implications around privacy, identification of customers, how data works across various blockchains and privacy coins,” said Jevans. “We need to come up with solutions to ensure that companies can easily comply with these regulations, which is what we aim to achieve here.”

Companies must act now

Prior to working on a compliance solution at the hackathon, a number of panels highlighted the themes and main challenges surrounding the FATF regulations. While these rules are not yet legally binding — as the FATF said in a public statement in June that countries have until June 2020 to adopt the guidelines — a broad theme at the CipherTrace conference was that action must be taken immediately. The G-20 stated that it already uses the recommendations for anti-money laundering regulation of cryptocurrencies, so crypto companies that fail to comply with the new regulations are likely to face penalties.

“The consequences for non-compliance could range from a slap on the wrist, to going to jail if a company violates the Bank Secrecy Act,” Carol Van Cleef, CEO of blockchain consulting firm Luminous Group, warned on stage during the legal requirements panel. “No matter how big or small a company is, each has obligations to fulfil under the law.”

Although this may be the case, John Jefferies, CipherTrace’s chief financial analyst, pointed out that many companies operating in the cryptocurrency sphere have yet to comply with the new regulations.

“Many U.S. exchanges may not yet be compliant, but they should be at this time,” Jefferies said. “Moving forward, when Binance or Coinbase completes a transaction for example, they need to send the sender recipient data at the same time with that transaction. Otherwise, they are not in compliance.”

While most crypto companies are not yet compliant with the FATF regulations, Jevans, the CEO of CipherTrace, stressed the importance of getting everyone on the same page.

“Education is the main challenge we have to tackle first,” he said. “We need to know what the FATF laws are, why we should care and what can happen if companies don’t comply.”

The U.S. Treasury Department’s Financial Crimes Enforcement Network emerging technology policy specialist, Carole House, explained the FATF guidelines during her keynote. She highlighted that the guidelines are designed to curb the use of cryptocurrencies for financial crimes by making crypto transactions more traceable, giving regulators increased visibility into both cross-border and domestic currency transfers.

“Crypto companies need to comply with the virtual currency recommendations by the end of June 2020. We’ve already been involved with a number of people from the Digital Commerce Association to provide commentary around accomplishing this,” House stated.

The regulations are clear — now what?

As the FATF regulations were brought to light, a number of challenges around ensuring compliance followed.

For instance, the question of how the FATF guidelines would relate to privacy coins was a pressing issue. One of the stated goals of privacy coins such as Monero and Zcash is to ensure that users have anonymized transactions, so it is questionable how these could be compliant with the new regulations.

During the privacy coin panel, Jack Gavigan, head of product and regulatory affairs at Zcash, asked, “Is compliance possible in relation to privacy coins?”

Answering his own question, Gavigan stated his belief that compliance is indeed possible, as a number of privacy coins are already listed in U.S. exchanges regulated by the Financial Crimes Enforcement Network.

Even though this may be the case, understanding how to abide by the FATF regulations in a way that focuses on privacy while maintaining the decentralized ethos of cryptocurrency and blockchain remains a challenge.

Jake Tarnow, a security software developer at CipherTrace, aimed to solve this problem during the hackathon. His team came up with an impressive solution that aims to keep data anonymous when information is being exchanged between Virtual Asset Service Providers.

“If VASP A is trying to send data to VASP B, we need to know how this can be done in a way that none of the information is in the clear,” Tarnow told Cointelegraph.

His solution entailed using a zk-SNARK — short for a “zero-knowledge succinct non-interactive argument of knowledge” — a form of cryptography that allows one party to securely reveal that it possesses a piece of information, without actually exposing the information itself.

“By using zk-SNARKs, VASPs can send this information in a bulletproof way, where no one else can pick that up and pull out their proprietary information,” explained Tarnow.

During the hackathon, developers also worked closely with security software gurus to integrate the Travel Rule Information Sharing Architecture into their systems. CipherTrace announced the release of TRISA in September as an open-source, peer-to-peer design for cryptocurrency companies and blockchain projects to comply with the FATF regulations.

TRISA is meant to provide secure, reliable delivery of personally identifiable information, or PII, to the correct VASP, eliminating a huge risk for exchanges. However, sharing PII is prone to spamming, a problem that developers at the CipherTrace hackathon aimed to solve.

“Various backend systems managing PII are vulnerable to spamming, as spammers can get into these systems and start asking people to send PII,” explained Jefferies.

Independent consultant Kenneth Kron and his team won first place in the hackathon for coming up with a solution that introduces PII tokens to prevent spamming in TRISA.

“We want to solve the problem of PII spamming in TRISA by introducing PII tokens and KYC providers who can generate enhanced KYC tokens. If spammers are trying to capture personal information and get a hit, all they get back is a token in this case,” Kron told Cointelegraph.

All the ingredients for a compliance recipe

Overall, the CipherTrace conference and hackathon gathered a unique mix of individuals to discuss the future of cryptocurrency regulations. The discussions throughout the event demonstrated that action must be taken now to ensure that crypto companies are compliant with the FATF regulations by June 2020.

“We gathered many tribes that do not typically interact, enabling experts from government, exchanges and privacy groups to understand each other’s diverse perspectives,” Jefferies told Cointelegraph after the conference. “The conversations instilled a sense of urgency in the community and TRISA, while creating an open-source path to meet these tight regulatory deadlines and defend privacy at the same time.”

Tags
Aml
Related Posts
Users vs. governments: The 'infinity war' for blockchain privacy may be over
The unique power of blockchain and cryptocurrency can also be considered their weakness. Crypto users gain unparalleled privacy for financial transactions through a decentralized transactional system. Governments, however, demand transparency in financial transactions for legal concerns. This creates a paradox. People are less inclined to use financial instruments if, in doing so, they expose their money to the world. Conversely, there are a number of regulations requiring financial institutions to counteract terrorism and money laundering — serious concerns for many governments. The crux of the issue is that most public blockchains require a consensus of all participants to validate transactions. …
Technology / Dec. 23, 2020
Blockchain Can Provide the Right to Privacy That Everyone Deserves
Contrary to popular belief, privacy is not for those with something to hide but with everything to lose. Authoritarian governments across the globe are increasingly using surveillance to control their citizens at the expense of personal freedoms and civil liberties. The privacy of one’s financial transactions is intricately linked to one’s personal liberty. Without privacy (and financial means), true freedom is at risk. We are rendered powerless to resist oppression. The promise of cryptocurrency is that it is uncensorable and unseizable money for the people. But Bitcoin (BTC), which was supposed to be like peer-to-peer digital cash, lacks privacy, which …
Blockchain / June 28, 2020
Comparing Money Laundering With Cryptocurrencies and Fiat
There is no doubt that digital currencies provide benefits for an individual, a company and an institution by facilitating better access to financial products and services. Money laundering costs the global economy between $800 billion and $2 trillion annually, according to a United Nations report. This amounts to 2%–5% of the global gross domestic product. Today, more than 90% of money laundering still goes undetected. Developments in technology, however, have resulted in newer and faster tools. Criminals use these advancements to continue laundering money. At the same time, government authorities and fintech companies leverage technology to identify transaction attributes and …
Adoption / July 30, 2020
‘Not Everyone Is Happy but We Have to Move on,’ Some Challenges to the FATF’s New Guidance
“Travel rule” was a term frequently heard at the V-20 Summit, which took place in parallel with the G-20 meeting in Osaka, Japan from June 28 to 29. Regulators and Virtual Asset Service Providers (VASPs) — such as exchanges from different countries — met in Osaka for two days and discussed how to implement the Financial Action Task Force’s (FATF) latest guidance on how to prevent cryptocurrencies being used for money laundering. The travel rule requires VASPs to collect and transfer customer information during transactions. While its objective is to protect consumers, it is controversial from both technological and philosophical …
Blockchain / July 1, 2019
Blockchain Analytics Firm Chainalysis Outlines User Data Policy Amid Coinbase Allegations
New York-based blockchain analytics firm Chainalysis has published an official statement clarifying that it does not collect or sell users’ personal data when it provides its services to cryptocurrency exchanges. The statement was published in a company blog post on March 5. Chainalysis is one of the highest-profile firms in the blockchain intelligence industry, providing technology — such as its proprietary KYT (Know Your Transaction) tool — that enables firms, governments and law enforcement agencies to monitor blockchain transactions and track suspected illicit activities, such as money laundering or terrorist financing. As reported, allegations that such firms may be circulating …
Blockchain / March 6, 2019