Anyone who’s spent any time in cryptocurrency communities knows fraud is a widespread issue.
We’ve seen ‘pump and dump’ tactics, Ponzi schemes, Twitter cryptocurrency scambots impersonating tech moguls like Elon Musk, and multi-million dollar exit-scams.
All of these put investors at risk. The Texas State Securities board investigated 32 cryptocurrency investment promoters investigated in four weeks, with at least five failed to tell would-be investors about the risks while guaranteeing returns of up to 40 percent a month. Furthermore, nearly two-thirds failed to provide a physical address. This should be enough to set off alarm bells as lack of information is a red flag for business misconduct.
Consumer fraud in the age of cryptocurrencies
Consumer fraud is the type of fraud where something or someone pretends to be you. According to PWC’s 2018 economic crime survey, 29% of companies said they had suffered from consumer fraud.
For individuals, a common scenario would be that someone uses your debit card to buy something for themselves. A wide-scale version of this happened when ashley madison, the extramarital affairs site, got hacked. Hackers stole personal data and exposed it online, allowing others to use this personal information to log into other sites for personal or financial gain.
The anonymity that cryptocurrency provides has opened up another channel for illegal activity that can affect consumers. PwC NL recognizes that this is a new risk for crypto-businesses, so they have 10 full-time staff dedicated to organizations active in the crypto domain.
Money laundering through unregulated exchanges
How do stolen cryptocurrencies end up in real wallets? Once hackers have managed to gain access to the funds, they need to retrieve the money somehow and convert it to fiat currency. To do this, they use one of the many unregulated cryptocurrency exchanges that exist.
Unregulated exchanges have a lax know-your-customer (KYC) policy so the user’s identity is not publicly listed, which allows hackers to get away with the theft. It allows customers to deposit or withdraw up to 2 bitcoin (roughly $11,200, at current value) per day without a full identity check.
Times are changing: meet 5AMLD
However, the golden era of unregulated exchanges is about to come to an end once the 5th EU anti-money laundering directive (5AMLD) comes into force in January 2020. There are three main changes that will affect how cryptocurrency is regulated.
Firstly, cryptocurrencies will be considered “obliged entities” and will have an obligation to perform customer due diligence (CDD) and submit suspicious activity reports (SAR).
Secondly, financial intelligence units (FIU) can be mandated to obtain addresses and identities of virtual currency owners, negating the anonymity benefit of using cryptocurrency.
Finally, cryptocurrency exchanges and wallets will now be required to register with the competent authorities in their domestic locations e.g. Financial Conduct Authority for the UK.
By putting exchanges under regulation, fraudulent activity is discouraged because hackers have no way of converting cryptocurrency into fiat currency outside of using regulated exchanges. Also, the lack of anonymity will enable authorities to trace transactions much faster and go after the people behind the fraud.
Detecting ‘pump and dump’ schemes
5AMLD will also deter other forms of criminal activity involving cryptocurrency. Money laundering, the act of concealing and transferring money made from criminal activity, will be made harder due to the lack of anonymity and cryptocurrency exchange registration with domestic financial authorities. Similarly, market movement schemes, where online groups select a currency to mass buy so that the price goes up and then subsequently dump shares so that the price goes down, will be easier to identify.
How to better protect your crypto funds
5AMLD seems like the first step to further regulate this business, but January 2020 is still about nine months away. Therefore, PwC recommends certain crypto controls to be in place for organizations active in the crypto domain such as brokers and exchanges:
- Key generation
Private/secret keys are generated in a secure manner ensuring the keys confidentiality and integrity
- Key storage
Private/secret keys are stored in a secure manner ensuring the keys confidentiality and integrity. Keys cannot be accessed and controlled by a single person
- Key/Device handling
Keys/devices are kept or destroyed securely to protect the confidentiality of the keys or the integrity of the device.
- Wallet management
Wallets are divided between hot, cold and deep cold based on risk appetite.
- Transaction signing
Transaction data’s integrity is ensured and the transaction is approved by authorized personnel after authentication.
Do you want to take the lead in the digital era? Let’s bring business, technology, and experience together to shape your personal value proposition within the digital world and become PwC’s Next Digital Leader.
This post is brought to you by PwC.
Published March 19, 2019 — 09:17 UTC