“Those who are familiarized to risk meet it without shrinking; whereas those unused to it often apprehend danger where no danger is” – adapted from General George Washington in letter to Congress February 9, 1776
Risk is perceived to be higher when a subject area is unfamiliar, which is particularly likely for emerging technologies and products. However, while it is sensible to consider risks and any mitigations required, new technologies also offer opportunities to more effectively manage financial crime risks.
In an evolving environment, taking no action is still taking risk. In a national security setting, taking no action may mean being outmaneuvered by adversaries. In a commercial setting, it means being overtaken by competitors. How can Chief Compliance Officers support business demand for new products and services, while ensuring staff have the knowledge and experience to effectively manage risk and gain the advantages of new technologies?
One solution is to develop the capability of their staff through training and experience, utilizing partners to support upskilling and augment internal capability where required.
Digital assets provide a good case study. (Digital assets include virtual assets, cryptocurrencies, and crypto assets – for a primer on terminology and concepts, refer to our article Crypto Jargon Defined.)
When speaking about digital assets, a frequent response in informal settings is “But aren’t they just used for money laundering?” This caution is also reflected in financial services, where digital asset products and services are often assigned a high risk rating in internal models.
How does the financial crime risk associated with digital assets compare with traditional financial services such as cash? Chainalysis, a blockchain analytics company, estimates that 0.35% of on-chain transactions are illicit activity. In contrast, the United Nations Office on Drugs and Crime (UNODC) estimates that 2 – 5 % of global GDP is laundered every year through the traditional financial system.
Focusing specifically on cash, economist Ken Rogoff estimates that one-third of USD cash in circulation is used by criminals and tax evaders and the Reserve Bank of Australia estimates that 10% of Australian banknotes are used in the “shadow economy.” (The “shadow economy” includes concealing transactions to avoid tax, paying for illegal goods and services, or storing wealth generated by selling illegal goods and services.) While these are all estimates and subject to caveats and challenges, the perception of misuse of digital assets could be seen as out of alignment with actual use, particularly when traditional financial methods such as cash are used as a comparison benchmark.
Digital assets in fact present advantages in detection and prevention of financial crime. Well-established digital assets such as Bitcoin and Ether use a public blockchain as a ledger to record transactions. Because the blockchain is publicly visible, it provides a traceable record of sending and receiving wallet addresses (which are equivalent to bank account numbers) and the transactions between them.
Due diligence and investigations teams have access to extensive datasets on digital asset transactional activity. For example, with tools and training, they can identify whether a client or potential client’s wallet address is associated with criminal activity such as ransomware, cybercrime, or sanctions evasion. The availability of blockchain data also presents opportunities to use artificial intelligence to fight financial crime.
This access to data compares favorably with cash transactions which are rarely traceable. It also compares favorably with aspects of traditional banking. Within the financial system, transactional and client data is held within one firm, with legislation and regulation permitting sharing only in limited circumstances. The effect is that in many cases, each firm to see only some steps in the end-to-end transactional flow. Sharing between countries is even more restricted.
While blockchain provides an extensive data set, it has its own limitations. Specialist skills and tools are required to interpret the data. Additionally, the real-world identities of the sender and recipient are not recorded on the blockchain. In some situations, wallet addresses may be linked with identities through investigative techniques, while in others this link may only be identified through action by law enforcement or other formal processes.
“Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.” – Marie Curie
Within the digital asset environment, not all assets are equal, and detailed knowledge within compliance and business teams is required.
Example 1: Privacy Coins
While some digital assets use a public blockchain like the ones described above, others such as Monero deliberately include “privacy” features to make them “confidential and untraceable.” When deciding whether to approve trading in digital assets, a firm may choose to approve those using public blockchain (such as Bitcoin and Ether) but prohibit those with privacy features.
Example 2: Stablecoins
A “stablecoin” refers to an asset which is intended to maintain a stable value relative to a specified asset or group of assets, as defined by the Bank for International Settlements. We can contrast two stablecoins intended to be stable relative to the USD. USDC (USD Coin) is backed by cash and cash equivalents, with the reserves attested to every month by accounting firm Deloitte. This means that for every USDC in circulation, there is $1 held in a recognized financial institution. In contrast, USDT (Tether), which is also presented as being ‘tethered’ to the USD, was fined $41 million by the Commodity Futures Trading Commission in 2021 because it “misrepresented to customers and the market that [it] maintained sufficient U.S. dollars to back every USDT in circulation… [but] in fact Tether reserves were not ‘fully backed’ the majority of the time.” Tether has since taken steps to improve its transparency. When making a decision about whether it will permit transactions with stablecoins, a firm may decide to approve those transactions which is considers to have reliable backing but not those which are less reliable.
A Chief Compliance Officer who makes a decision to approve new products or services also needs to ensure the people, processes, and platforms to support these new initiatives are in place. For example, blockchain analytics tools will be required to undertake due diligence on wallet addresses during onboarding and for ongoing monitoring. Staff will need new skills to use these tools and knowledge to make informed decisions.
It is not only compliance teams who need to develop capability when faced with new products. Client-facing teams also need to be up-skilled so they can answer client questions. For example, if a large bank decides to offer digital asset products, it may be approached by new clients such as “crypto natives.” These are businesses that were established within the “crypto” environment rather than traditional businesses expanding into digital assets. A crypto native may previously have dealt only with unregulated providers and may challenge the CDD/KYC requirements of a regulated financial institution. Client-facing staff require training to address these questions, ideally providing them with specific knowledge for their role.
“It is not the ship so much as the skillful sailing that assures the prosperous voyage.” – George William Curtis (1824-1892), writer and reformer
Emerging technologies present both risks and opportunities, as illustrated through the case studies on digital assets above. We now return to the broader objective of capability development: what actions can a Chief Compliance Officer take?
1. Advocate for company-wide training
Training should include instruction for compliance teams on business products and services so the compliance team understands the context and commercial objectives of their work. It should also include training for client-facing and business teams to understand the financial crime considerations they should have in mind when identifying and engaging with clients and potential clients, for example on requirements such as KYC/CDD.
2. Provide training customized for the audience
Training programs should take into consideration products, services, and geographies, as well as the responsibilities of those being trained. For those working most closely with new technologies and products, detailed training may be suitable. For those less directly involved, high level awareness may be sufficient.
3. Support staff to complete industry-recognized certifications and qualifications
For staff requiring specialist knowledge, support should be given to undertaking formal training. This might include industry-recognized certifications on financial crime, anti-money laundering, sanctions evasion, and/or terrorist financing. Alternatively, specialists should be encouraged to undertake more technical training. For example, in digital assets this might be investigative courses provided by blockchain analytics companies.
4. Communicate resources and subscribe to updates to maintain currency
Following completion of initial training, there is a need to maintain currency. News stories, daily/weekly digests, thought leadership articles, podcasts, and webinars can help teams remain informed on current developments. Useful sources are government regulators, industry bodies, law firms, or industry specialists, depending on the subject area. A Chief Compliance Officer could communicate recommended sources throughout their department. They could also consider enterprise subscriptions to a financial crime news service to provide access to consistent and reliable financial crime information.
5. Consider extending training to clients
A business could consider extending its training to clients. This will enable those clients to better protect themselves and the wider financial system, while providing a ‘value add’ and strengthening to the client relationship.
For example, a correspondent bank has other banks for its clients. If the correspondent bank helps its clients (the respondent banks) improve their detection and prevention of the proceeds of crime, the integrity of the financial system will be better protected. Additionally, the correspondent bank is also better protected from processing illicit financial flows.
Even large and well-resourced firms may not have the capacity or experience to build training programs, maintain content, and provide specialist subject knowledge across all financial crime subject areas. A Chief Compliance Officer could identify and work closely with partners, blending internal and external experience to build capability. For example, they may engage a specialist training provider to develop and roll out a training program specific to their requirements or acquire technology from a blockchain analytics company to enhance investigative capability.
Skilled and knowledgeable staff provide value in external relationships too. They can provide expert input on regulatory consultations, communicating the practical implications of proposals and negotiating how best to achieve regulatory objectives. They can engage more effectively with their partners in government and law enforcement – bilaterally, multi-laterally, or through formalized public-private partnerships – to work together to protect the financial system and our community.
By selecting specialist partners to augment and develop internal capability, a Chief Compliance Officer will fulfil their responsibilities to manage risk, gain the advantages of new technologies for the financial crime function, and enable sound business growth.
“Great things in business are never done by one person.” – Steve Jobs, Founder Apple Inc
The digital assets sector presents unique compliance challenges, including a complex and rapidly evolving regulatory landscape, misuse of digital assets in financial crime, and the need to adapt existing risk and compliance frameworks to include digital assets. As this industry continues to grow, with projections indicating substantial market expansion, staying ahead of compliance requirements and future challenges is crucial for financial institutions to safeguard their operations and reputation, while benefiting from the potential of this asset class.
Effective defense strategies are paramount to mitigating these risks and maintaining the highest standards of compliance. Led by industry experts, panelists will assess the integral roles of the first and second lines of defense in maintaining rigorous compliance frameworks and will dive into the future challenges that could redefine regulatory landscapes. Prepare to gain actionable insights and forward-looking strategies to elevate your compliance practices in the fast-evolving world of digital assets.
https://finintegrity.org/wp-content/uploads/2024/11/bg-digital-asset-detective.jpg
1200
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-11-21 07:00:052024-11-21 09:42:42How to be a Digital Asset Detective
https://finintegrity.org/wp-content/uploads/2024/11/side-quest-bg.jpg
1013
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-11-19 07:00:042024-11-12 10:23:38Side Quest
https://finintegrity.org/wp-content/uploads/2024/10/bg-Big-finers-bigger-lessons.jpg
1562
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-10-30 07:00:552024-10-29 10:12:19Big Fines, Bigger Lessons
https://finintegrity.org/wp-content/uploads/2024/10/blog-risky-convergences.jpg
1004
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-10-28 07:00:162024-10-28 08:58:27Risky Convergences
https://finintegrity.org/wp-content/uploads/2024/10/blog-pep-talk.jpg
1200
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-10-24 07:00:412024-10-24 10:08:08A PEP Talk
https://finintegrity.org/wp-content/uploads/2024/10/bg-td-bank-mistake.jpg
1532
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-10-22 07:00:122024-10-23 09:18:37A $3 Billion Mistake
https://finintegrity.org/wp-content/uploads/2024/10/beneficial-bg.jpg
1200
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-10-17 07:00:022024-10-16 10:47:24Beneficial Ownership: Who Owns What?
https://finintegrity.org/wp-content/uploads/2024/10/cash-to-clicks-bg.jpg
798
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-10-02 07:00:422024-10-04 11:42:21From Cash to Clicks – AML Challenges & Typologies for Digital Payments
https://finintegrity.org/wp-content/uploads/2024/09/aml-smallbusiness-bg.jpg
1333
2000
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2024-09-04 07:00:082024-09-03 19:38:48AML Compliance for Small Businesses
Understanding and Addressing Fraud and Corruption Risks