Bitcoin keeps on turning, AML standards body pays attention

And we’re rolling, rolling, rolling on a river… OK so, it doesn’t scan brilliantly, but any fans of crypto currency and/or Tina Turner will get the joke.

FCA - BitcoinThe Financial Action Task Force (FATF) has produced a study on the financial crime risks associated with crypto or digital currencies, a clear indicator that it is taking the newcomers seriously. The FATF is placing the risks associated with digital currency use and its potential policy responses as a priority for the 2014/15 presidency, expanding on the mention of Bitcoin (BTC) in the 2013 report on financial crime risks in new payments products and services (NPPS) report which grazed the surface of digital currency’s potential.

The report leads with a glossary of terms that the FATF has agreed upon to let readers know what they are referring to and it has adopted ‘virtual currency’ as the common denominator. Financial Crime Asia takes issue with the use of virtual to describe these new currencies that are taking the world by storm. They are, after all as real as a national debt or any fiat currencies governed by central banks; what started off as an algorithm is now worth USD615 per unit. Whether we like it or not, virtual will be the term used by the financial sector when referring to crypto and digital currencies.

The FATF weighs in from the US regulations’ angle, defining convertible and non-convertible ‘virtual currency’; briefly, convertible is something that can be exchanged for fiat currency, such as BTC or Linden Dollars used on the Second Life role playing game. Non-convertible currencies cannot be exchanged – think Q Coins or World of Warcraft Coins. Aligning BTC with currencies used in role playing games is a little confusing, given their increasing use in commerce (Expedia has started accepting BTC and pretty soon Financial Crime Asia will too) and, as pioneered by the States of Jersey last week, in investments. However, the FATF is taking notice and its report will permeate the banking sector nonetheless.

The vast majority of bankers and regulators are interested in BTC at the time of exchange into fiat currency. This is where the FATF sees the potential risks and the opportunity to offer guidance  in terms of anti-money laundering and counter-terrorist financing. That said, the power of BTC lies in its exchange for goods and services and not in whether or not you cash it in for fiat at a favourable exchange rate. Although there are some BTC speculators out there who make money on the exchange rate, the vast majority of users are trading BTC outside of the fiat system. In June, US Marshalls made a sale of USD18m worth of BTC last month and the buyer plans to use them as they are to fund the development of BTC use.

FCA -Emperors new clothesUsefully, the FATF does assess the risks posed decentralised systems of exchange. Although BTC addresses contain the information on every transaction the coin has made, unlike fiat currency, there is some concern that the user’s identifying information is not held on file. This would make monitoring suspicious transactions extremely difficult and would confound law enforcement’s attempts to investigate the malicious use of digital currency. The report looks at Liberty Reserve as an example of this, but let’s face it, LR was practically set up to launder money for crooks. Bitcoin was not. Customers on the Silk Road anonymous market place were restricted to using BTC when buying innumerable goods and services, both legitimate and illegitimate and that is a classic example of how criminals can exploit a financial system, bitcoin is simply the launderer’s new clothes.

The qualities that make BTC brilliant are also those that pose the greatest risks when held up against the fiat monetary systems and AML/CTF. BTC and other Altcoins (Litecoin, Peercoin, Ripple) using the BTC protocol are exchanging without Silk Road. They are transparent, are not bound by central governing body, some are limited by geography – see Auroracoin and Mazacoin – but most are not. We are starting to see some regulators tackle this (Germany has done so, the US is talking about it and a few countries have banned the use of BTC) but more importantly, we are stargting to see more jurisdictions adopting crypto-currency.

The FATF’s report is worth reading as an indicator of where the FATF, OECD and national governments are thinking. In the meantime, BTC keeps on trading.

Related articles

Crypto: What does the Mt.Gox closure mean?

The cyber attack yesterday which closed Mt.Gox, the heretowith largest bitcoin exchange, has realised some of the concerns felt by Compliance and AML specialists. What will you tell clients who lose their funds via cyber-theft? While Mt.Gox has closed – its webpage is blank – other crypto-businesses and exchanges are working to restore trust in crypto-currencies and reassure investors. Many observers I have spoken to in the past few months have erred on the side of caution in terms of investing in bitcoin. Crypto-currencies are vulnerable to attack, but they are also developing rapidly. At the time of publishing, the exchange rate was XBT1 = USD441.9.

Bitcoins, other digital currencies stolen in massive ‘Pony’ botnet attack

Cybercriminals have infected the computers of digital currency holders, using a virus known as “Pony” to make off with account credentials, bitcoins and other digital currencies in one of the largest

FCA - Bitcoinattacks on the technology, security services firm Trustwave said.

The attack was carried out using the “Pony” botnet, a group of infected computers that take orders from a central command-and-control server to steal private data. A small group of cybercriminals were likely behind the attack, Trustwave said.

Over 700,000 credentials, including website, email and FTP account log-ins, were stolen in the breach. The computers belonging to between 100,000 and 200,000 people were infected with the malware, Trustwave said.

The Pony botnet has been identified as the source of some other recent attacks, including the theft of some 2 million log-ins for sites like Facebook, Google and Twitter. But the latest exploit is unique due to its size and because it also targeted virtual wallets storing bitcoins and other digital currencies like Litecoins and Primecoins.

Eighty-five wallets storing the equivalent of $220,000, as of Monday, were broken into, Trustwave said. That figure is low because of the small number of people using Bitcoin now, the company said, though instances of Pony attacks against Bitcoin are likely to increase as adoption of the technology grows. The attackers behind the Pony botnet were active between last September and mid-January.

“As more people use digital currencies over time, and use digital wallets to store them, it’s likely we’ll see more attacks to capture the wallets,” said Ziv Mador, director of security research at Chicago-based Trustwave.

Most of the wallets that were broken into were unencrypted, he said.

“The motivation for stealing wallets is obviously high—they contain money,” Trustwavesaid in a blog post describing the attack. Stealing bitcoins might be appealing to criminals because exchanging them for another currency is easier than stealing money from a bank, Trustwave said.

There have been numerous cyberattacks directed at Bitcoin over the last year or so as its popularity grew. Last year, a piece of malware circulating over Skype was identified as running a Bitcoin mining application. Bitcoin mining is a process by which computers monitor the Bitcoin network to validate transactions.

“Like with many new technologies, malware can be an issue,” said a spokesman for the Bitcoin Foundation, a trade group that promotes the use of Bitcoin, via email. Wallet security should improve, the spokesman said, as more security features are introduced, like multisignature transactions, he said.

Digital currency users can go to this Trustwave site to see if their wallets and credentials have been stolen.

Source: Zach Myners for PCWorld

Enhanced by Zemanta

Crypto-currency: Lakota Nation set to launch Mazacoin

A brand new crypto-kid on the block, Mazacoin, is set to launch on 22 February 2014. Unlike bitcoin, litecoin and other crypto-Children Dancers on the Wind River Indian Reservation, Wyomingcurrencies, Mazacoin is billed as the official currency of the Traditional Lakota Nation, a native American community on the Pine Ridge Reservation in South Dakota, US. The Lakota are part of the Sioux First Nation of America and Pine Ridge is reputedly the poorest of all reservations in the US. High unemployment rates bring alcoholism, high mortality rates, depression and a host of other social problems. According to sources, there are no banks within the reservation and much of the USD80m given annually in federal funding, is spent in shops and businesses just across the border in Nebraska, bringing no economic benefit to the Lakota Nation.

With the introduction of Mazacoin, the Lakota Nation will move away from dependency on fiat currency, the US dollar in this case, and begin to generate its own wealth and trade based upon Mazacoins.  This is a great experiment which should bring about financial inclusion, one of the G20’s principles.

Read more about the project here

Crypto-coin use and security

Naturally, the financial services community is cautious about the operating platforms for crypto-currencies in their present state.

Mazacoin is billed as “an all new fork of the ZetaCoin project that branched from BitCoin.” Zetacoin itself is an open source crypto-currency based on the bitcoin protocol. Although the  bitcoin community is working constantly to maintain security, there have been some glitches lately which have raised alarm bells for observers.

Two bitcoin related platforms were hacked recently, by a group sending mutated lines of code into the program which runs bitcoin. Although the hackers were unable to steal bitcoin, they did manage to suspend transactions  –  via a series of “denial of service attacks” – designed to disrupt the currency.

Bitcoin companies, as witnessed at a recent round of bitcoin conferences, are implementing compliance with financial services regulations as a pillar of their business from the outset. Compliance officers at crypto-currency firms are meeting with regulators and complying with the rules in the US and this should reassure the rest of the financial services compliance community, at least partly, about the integrity of crypto-currency operators who are trying to break into the mainstream.

Reputation and the bitcoin revolution

The recent arrest of former Bitcoin Foundation President Charlie Shrem on money laundering charges has done nothing to clean FCA - ShremBitinstantup crypto-currencies’ image in the eyes of the cautious regulated financial sector. Shrem is under house arrest in Brooklyn, NY, facing charges of conspiring to commit money laundering, and operating an unlicensed money transmitting business, failing to complete a suspicious transaction report. The charges relate to a USD1m exchange of bitcoins for use on the now defunct Silk Road on-line marketplace, used widely to buy and sell narcotics and other goods.

He has not commented on his arrest and instead is focusing attention back onto bitcoin and awareness of the currency. According to Shrem, it doesn’t matter if people understand how bitcoin works in order for it to become effective: “You don’t know how every nut and bolt works on a car, but you can still drive,” he told the press.

While some non-banking operations are carefully making enquiries into how they could integrate crypto-currency into payment systems, others are acutely aware of the pitfalls and reputational damage which could arise if, for example, a hacker breaks into a customer account and steals crypto-currency. At the moment, there is no legal recourse. As one industry insider mentioned, law enforcement is at a loss to pursue the theft of crypto-currency.

Fans of bitcoin and other crypto-currency are eagerly awaiting what new developments will happen in 2014. The planned launch of two new crypto-currencies in Iceland and in the Traditional Lakota Nation should provide observers with the opportunity to see how crypto works in a controlled environment. Although bitcoin is not intended to be used within the physical borders of one jurisdiction, the Auroracoin and Mazacoin economies could generate discussion on how bitcoin and other border-less crypto-currency can be used and monitored for AML/CTF purposes in the future. Furthermore, the New York Department of Financial Services is observing and learning from bitcoin operations and has announced plans to launch regulation in 2014.

Compliance officers – what do you think? Please comment either publicly or privately. I am interested to hear your opinions.

Enhanced by Zemanta

Crypto: Iceland to adopt crypto-currency, while hackers attack Bitcoin and NY regulations loom

In the face of economic ruin while tied to fiat currency, Iceland has opted to dole out crypto-currency to its citizens, in a bid to reinvigorate the economy. On March 25th 2014, Iceland will being to issue Auroracoins as gifts in a program called the AirddropFCA - airdrop, sending free currency to 330,000 people and will encourage Icelanders to use them as part of their daily lives. This requires support from developers to create programs for accepting Auroracoins and the global crypto-currency exchanges to accept them. The idea that a country is adopting crypto-currency, if only partially, to combat out-of-control hyper inflation is powerful. If this works in Iceland, it could work elsewhere. Watch this space.

Source: Auroracoin and Rob Chamberlain

It was only a matter of time before hackers managed to break into crypto-currencies. Unknown assailants are sending “mutated” lines of code into the programme that runs Bitcoin and have caused problems at two Bitcoin firms to date – Slovenia-based FCA - BitcoinBitstamp and Bitcoin exchange Mt.Gox.

Source – Bitcoin Foundation

The New York Department of Financial Services is weighing up how to regulate a non-fiat currency and is considering the use of the public ledgers behind Bitcoins, for example, as  a possible anti-money laundering control in combination with a know-your-customer programme. As nearly all Bitcoin firms have an AML compliance programme in place, this could be an easy segue for the NYDFS and other regulators.

Source – Chicago Tribune

Enhanced by Zemanta

Indian Bitcoin exchange produces KYC/AML guidance

A bitcoin exchange in India has published a compliance policy for dealing with clients in terms of bitcoin transfers. BTCXIndia FCA - Bitcoinhas reproduced the standard Know Your Customer and Anti-Money Laundering (KYC/AML) policy used by financial institutions and tailored the requirements to fit a typical bitcoin customer and transaction.

The KYC/AML guidelines focus on a customer acceptance policy, identification procedures, transaction monitoring and risk management. In brief, anyone who wants to open an exchange account with BTCXIndia will undergo the same due diligence as a client opening a regular bank account. Identification processes will include scrutiny of beneficial owners, monitoring will look for  complex, unusually large transactions and BTCXIndia has hinted that it will set thresholds for transaction limits if required. Remittances worth more than INR50,000 (USD798, XBT0.836) will be effected by debit to the customer’s account or against cheques and there will be no cash transactions through the firm at all, which would reduce some of its risks.

The exchange has committed itself to creating risk profiles for all customers, based on low, medium and high categories and using information derived from their identity, social/ financial status, nature of business activity, information about his clients’ business and their location. Salaried employees, government owned companies, regulators will fall into the low risk group, along with any client whose financial/business information is easy to acquire, barring high net worth individuals who will not automatically receive low risk status.

High risk examples

Customers who will require a higher level of due diligence checks, according to the policy, include:

(a) non-resident customers;

(b) high net worth individuals;

(c) trusts, charities, NGOs and organizations receiving donations;

(d) companies having close family shareholding or beneficial ownership;

(e) firms with ‘sleeping partners’;

(f) politically exposed persons (PEPs) of foreign origin;

(g) non-face-to-face customers and

(h) those with dubious reputation as per public information available.

The policy sets out clearly what the company expects from its customers and staff in terms of AML compliance and it is worth reading the policy to see just how BTCXIndia is managing this.

Legal position

The Reserve Bank of India, the regulatory body for banks and Bitcoin exchanges has vaguely mentioned that it is “watching” the crypto-currency but has not yet clarified what that means. BTCXIndia has published a useful guide on the latest legal commentary from different jurisdictions on status of bitcoin use.

There’s gold in them there hills… how to acquire bitcoins

Following on from the last ‘blog about Bitcoins, I spoke to a Bitcoin user and enthusiast to get the low down on acquiring, using and losing Bitcoins.
Getting your hands on a Bitcoin is easier now than it was when they were first launched in 2009.
New coins are ‘mined’ by cyber-prospectors armed with computers and algorithm cracking software programmes, instead of tin pans and shovels. A miner with enough computing power sets a computer to solve a series of complex puzzles which surround each Bitcoin. Once all the codes are cracked, the user receives one freshly mined Bitcoin in his wallet. So far, miners have found around half of the 21m Bitcoins which will ever be produced. Their labours have created a thriving market for the sale and exchange of Bitcoins, which is good news for other potential Bitcoin users.
Although the mining process is complicated, the exchange of value is simple once you have some Bitcoins in your wallet. Virtual currency exchanges such as Mt Gox and Crypto-exchange were set up sell Bitcoins, in the same way a Forex dealer buys and sells currencies, charging a percentage of each transaction as a fee. Individual sellers will also trade Bitcoins for other currencies.
How to use a Bitcoin
Apart from fancy cars, Bitcoins can be used to buy an increasing number of goods. Real estate agents in Australia and Canada have started to accept Bitcoins for their services.  Some individual online sellers are offering to accept Bitcoins for property sales without an agent. In theory, this transaction could go ahead without the intervention of government however there could be national tax implications which potential buyers should investigate.
In Argentina, Brazil and Peru Bitcoins are used to rent cars and pay hotel bills. Numerous Latin American countries have expressed interest in installing Bitcoin ATMs, cash machines which accept the national currency and put crypto-currency into your virtual wallet. There is a chance that Bitcoins could subvert US$ as the alternative currency of choice. As with cash, if it can be used to buy legal goods, it can be used to buy products on the black market.
Silk Road is a virtual market place which is famous for the anonymous trade in Bitcoins for drugs, tools for hacking computer programmes and other illegal as well as legal products. It can only be accessed via a web browser which makes the user’s IP address anonymous, so transactions cannot be traced. Silk Road’s only physical identifier is a piece of code on a server which probably changes regularly enough to keep the hackers at bay.
The market place’s estimated annual turnover of USD$20m makes it a healthy enterprise which is the target of cyber-attacks. Buyers and sellers are still taking huge risks to smuggle drugs and receive the deliveries, which is where law enforcement could try to intercept sales. The only difference between buying on Silk Road or buying from your local drug dealer that you’ll never have to meet in person to make the handover.
How to lose a Bitcoin
Bitcoins are essentially strings of highly valuable code which means hackers and cyber crooks all over the Internet are dedicating a significant amount of effort to stealing Bitcoins from users’ virtual wallets. Backing up your computer hard drive will download the security updates issued by the Bitcoin Foundation to protect your wealth. Storing the Bitcoins off line on a USB stick removes the online threat but increases the actual theft or loss risks. Losing your offline Bitcoins is the same as losing your wallet. Crucially, users should ensure they have an updated block chain which will maintain the coin’s currency and the universal record of transactions. There is also the risk of hackers attacking Bitcoin exchange, which accept fiat currency for Bitcoins. The Australian Crypto Xchange was the victim of a large scale hack which lost money stored for clients and was closed down in November 2012.
As an observer, I’d be interested to hear from banking professionals about how and if they think Bitcoin is a real threat to fiat currency and mainstream banking. Please do comment.