The dawn of cryptocurrency regulation is upon us.
Recently, the U.S. Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC) and FinCEN announced they will regulate cryptocurrency exchanges and Initial Coin Offerings (ICOs) to clamp down on market fraud and criminal finance.
For cryptocurrency firms, it's not a matter of whether regulation will occur, but how quickly it will take hold and how harshly it will be enforced.
At this point, cryptocurrency players should begin to consider their compliance strategies.
Initial Coin Offerings (ICOs): Market Manipulation and Trade Fraud
Initial Coin Offerings (ICOs) – the issuance of digital coin to back a new venture or cryptocurrency – have generated between $3-5 billion worldwide, drawing investors who are taking a chance on nascent exchanges which are completely unmonitored or regulated by any jurisdiction.
ICOs sometimes mimic flat currency-based markets where companies issue shares as a form of crowdfunding a new venture or currency type and then enable ongoing trading. Yet unlike public markets, the exchanges, issuers and investors are not vetted, and activity is not monitored.
As a result, we've already seen notable instances of ICO and exchange fraud, including high-dollar exit scams and pump-and-dump schemes, where issuing firms raise millions in investment, or artificially raise values, only to cash out without investor returns.
SEC and CFTC Prepare the Clamp Down
Aiming to stop the scams, both the SEC and CFTC are aligning in regulation.
Specifically the SEC has deemed most cryptocurrency tokens and their futures as securities, which means token exchanges must register with the regulator as a national securities exchange or an "alternate trading system," becoming subject to SEC compliance requirements.
Meanwhile the CFTC has said all coin and virtual currency should be treated as a commodity, making cryptocurrency exchanges – as well as brokers, dealers and traders – subject to Commodity Exchange Act compliance requirements.
It remains unclear how heavily the commissions will pursue firms determined to be out of compliance – and once they do, the validity of these rules are likely to be challenged in court. Yet most cryptocurrency firms don't have the cash to battle regulators -- and if rulings are upheld, they'll face the same severe fines and penalties as traditional market players. (The CFTC's authority was already upheld last month in a U.S. District Court).
In order to get proactively compliant, cryptocurrency firms will need to begin vetting issuers and investors, monitoring broker and trader transactions, recording trade-related communication, maintaining records, and enabling the reconstruction of these trades on demand.
Preventing Money Laundering: Regulators Won't Stop at Trading
With the CTFC and SEC at work on preventing trade fraud, FinCEN has said ICOs and cryptocurrency must register as Money Service Businesses (MSBs), requiring them to comply with Bank Secrecy Act (BSA) rules. The goal is to prevent the use of ICOs and other cryptocurrency for money laundering and criminal finance.
Once registered as MSBs, cryptocurrency firms would be required to collect information about their customers, monitor transactions, and report on suspicious activity indicative of money laundering or criminal financing.
The regulatory commissions have all aligned, which means FinCEN is focusing only cryptocurrency firms which sell coins in exchange for other currency or enable money movement, leaving securities and commodity regulation to the SEC and CFTC.
Getting Compliant: The Good News
Criminal activity in cryptocurrency will have many of the same patterns we see in traditional currency systems. Money launders will attempt to stay under the radar by structuring digital currency transactions the same as they would cash. Meanwhile traders will share insider information, artificially inflate values and fix rates.
Why is this good news? It means cryptocurrency firms can mirror some of the existing compliance strategies used in traditional currency environments with a few tweaks along the way to adapt to emerging attack patterns.
To get compliance in AML, cryptocurrency firms will need to look to the trinity: Know Your Customer (KYC) / Customer Due Diligence (CDD), Watch List Filtering (WLF) and transaction monitoring for end-to-end coverage. In early days, these firms will likely begin with the basics of existing KYC and WLF, which are perceived as easier to implement and go a long way toward checking the compliance box.
But in the long run, cryptocurrency exchanges and payment platforms will need intelligent monitoring solutions which use risk-based analytics to unearth the behavioral patterns linked to money-laundering and market fraud. It is this monitoring that identifies structuring, unusual bursts in trade activity, anomalous relationships and communications between entities in a trading ecosystem regardless of the cryptocurrency business model.
Cryptocurrency exchanges will need to seek out analytics-driven solutions which are light enough to manage (potentially on the cloud), and agile enough in analytics to be tweaked for the nuances of changing attack patterns.
Beyond the U.S., a global regulatory framework is taking shape. The International Monetary Fund is calling for cross-jurisdiction alignment, and many nations are joining unified regulatory working groups. This international framework may take years to solidify, but as news spills out from these efforts, investors are showing uncertainty. This uncertainty is resulting in market volatility which should be enough for cryptocurrency firms to get serious about compliance.