/cloudfront-us-east-2.images.arcpublishing.com/reuters/JEUL2B5V7BJCFMRTKGOS3ZSN4Y.jpg "Hungary’s anti-LGBTQ law breaches international rights standards – European rights body")
/cloudfront-us-east-2.images.arcpublishing.com/reuters/DYF5BFEE4JNPJLNCVUO65UKU6U.jpg "The curious case of a map and a disappearing Taiwan minister at U.S. democracy summit")
/cloudfront-us-east-2.images.arcpublishing.com/reuters/UF7R3GWJGNMQBMFSDN7PJNRJ5Y.jpg "Blinken touts deeper U.S. engagement amid concern over ‘aggressive’ China")
Countries are proceeding at very different speeds to combat virtual currency abuse, leaving regulatory gray areas in which small cryptocurrency exchanges can hide. Many countries disagree on which transactions to allow and how tightly they should control. And experts warn of a persistent gap between well-resourced governments and those with less economic power.
“Developed nations will have uniform standards and other countries will not, and always will,” said Andrew Jacobson, a former New York State financial crime investigator who is now an attorney in the cryptocurrency group at Seward & Kissel LLP.
The fuel for ransomware
The ability for cyber criminals to hide in the vast and complex world of cryptocurrencies has encouraged gangs of ransomware that are demanding ever larger sums of money to unlock their victims’ files. The average ransom payment in the first quarter of 2021 was $ 220,298, up 43 percent from the previous quarter, according to security firm Coveware. In 2020, the FBI said it received 20 percent more ransomware complaints than in 2019.
Speaking at a press conference in early July, White House press secretary Jen Psaki said Biden’s strategy against ransomware would “include expanding cryptocurrency analytics to find and track criminal transactions.”
The legislature is also involved. At the end of last month, Senator Elizabeth Warren (D-Mass.) Urged Treasury Secretary Janet Yellen to lead the development of a “comprehensive regulatory system for cryptocurrencies” in the US and referred to her “use in cyberattacks that can be disruptive”. the financial system. “
And earlier this month, Anne Neuberger, Assistant National Security Advisor on Cyber and New Technologies, focused on the global challenge. “If we want to disrupt ransomware money laundering networks, we have to be able to quickly detect and stop them worldwide,” she said at a conference.
One disappears, another appears
The role of cryptocurrency in cybercrime isn’t new, but efforts to contain it have so far failed in an environment where criminals can easily move from well-regulated websites to shady corners of the ecosystem.
It’s easy to set up a cryptocurrency exchange, and there are hundreds of them around the world. The largest exchanges are held in a handful of countries, including the US, China, Singapore, and several European nations, some of which have strong oversight systems. But regulatory maturity and rigor vary widely, and there are many small, opaque exchanges where ransomware operators can convert their cryptocurrency into dollars, euros, or rubles.
International experts have identified a group of countries fighting cryptocurrency abuse and other forms of money laundering, including Ghana, Myanmar, Pakistan and Syria.
“They come to countries in Southeast Asia or Africa or Eastern Europe and they may not have taken on anything or have absolutely no resources to enforce,” said Casey Jennings, another member of the Seward & Kissel cryptocurrency practice. “It really depends on a mole.”
Some countries, including Bolivia, Nepal, and Turkey, have chosen to simply ban cryptocurrencies, but technology experts say that does not prevent their adoption, it simply blinds regulators to their illegal use.
A weak global response
The existing international coordination around the abuse of cryptocurrencies was dispersed.
There is no UN agency dedicated to harmonizing countries’ cryptocurrency rules. Instead, the Financial Action Task Force, established in 1989 by the Seven Nations Group to combat money laundering, forms the nexus of global regulatory efforts. As part of its work, the FATF publishes regular reviews of the national and regional regulatory regimes for cryptocurrencies.
Getting a bad FATF rating “can have a significant and major impact on” [a country’s] Ability to function in the global financial system, ”said Jesse Spiro, former chief government affairs officer at cryptocurrency consultancy Chainalysis.
However, the FATF’s ratings are based on self-reported data, raising questions of accuracy.
The regulations for cryptocurrencies have increased in recent years. In 2013, “the ecosystem was certainly more of a Wild West setting,” said Spiro. But since 2018, he added, global pressures have pushed more countries to crack down on virtual currency abuse and introduce more sophisticated rules.
But conflicts and inconsistencies still make money laundering regulation a patchwork. A law of the European Union forbids compliance with certain US sanctions against Iran. And the countries differ in terms of the scope of the most important rules. For example, hedge fund managers in the US are not subject to the same anti-money laundering requirements as managers in many other countries.
Hiding in places that are even more difficult to access
Criminals have responded to regulatory efforts with technology designed to prevent transparency.
Self-hosted cryptocurrency wallets, which allow people to keep their funds on home computers rather than on exchanges, are more difficult to monitor. Decentralized exchanges also hinder regulators as they collect less information about transactions. Both are more popular with ransomware gangs than traditional platforms, according to cryptocurrency experts.
The FBI can sometimes track ransom payments in cryptocurrency, and if it gets the private keys from hackers, it can get some of the money back too. In June, authorities seized more than half of the $ 4.4 million ransom that Colonial Pipeline paid to its attackers. Hackers also use “privacy coins” like Monero, which, unlike Bitcoin, keep its transaction book private.
Put the pressure on
The US has tools it could use to strengthen global regulatory efforts, such as:
It wouldn’t be difficult to target help, said Spiro. “Most of the illicit money we can see in this ecosystem ends up in just a few exchanges,” he said.
And US officials could tell their foreign counterparts that “if they clean up their act, it will also help with foreign investment,” said Chris Painter, who was the United States’ leading cyber diplomat from 2011-2017.
State and finance ministries are leading federal efforts to help other countries implement regulations like the “know-your-customer” rules that require financial institutions to collect personal information about their customers, a spokesman for the company said National Security Council. The spokesman added that the Treasury Department “trains priority jurisdictions” and encourages adoption of FATF standards.
But Biden and Congress still have work to do. The State Department still lacks a cyber office and senior cyber diplomat, and Spiro said the Treasury Department’s Financial Crimes Enforcement Network is understaffed and under-resourced.
The Biden government could also encourage multilateral bodies such as the G-7 and the Group of 20 to streamline national regulations and support training efforts. Agreements within these bodies could pave the way for broader standards.
In October 2020, G-7 finance ministers pledged to tackle the growing threat of ransomware, saying “payment services should be adequately monitored and regulated”. Since then, major attacks have led the US and its allies to make ransomware a national security priority, which, according to Painter, creates “much more room for maneuver among the big players.”
But the United States’ most powerful weapon could be the financial leverage it exerts in global markets.
Exchanges in other countries must comply with US laws if they want to serve American customers or access the US financial system to convert virtual coins into dollars. The more foreign cryptocurrency exchanges meet US standards, the easier it will be for a US-led coalition to convince other countries to pass similar laws.
In order to accelerate this process, some experts want the US to use its sanctions agency much more aggressively. Dmitri Alperovitch, chairman of the board of the Silverado Policy Accelerator, said the Treasury Department should seriously consider sanctioning exchanges that refuse to comply with anti-money laundering regulations. These exchanges would then become global parias as fines would be placed on other websites for executing their transactions.
“That would be pretty devastating for most of these exchanges,” said Alperovitch.
Even most of the people who use self-hosted wallets eventually move their virtual money to exchanges to pay off. Rogue exchanges, frozen out of the US financial system and shunned by their peers, could not complete these transactions, which Alperovitch said constitute “a large part of their business.”
“This is a really critical issue,” said Alperovitch. “Cryptocurrency is the oxygen that fuels the ransomware fire and we absolutely have to address it.”
