The accelerated adoption of digital assets in our everyday lives is creating market demand across organizations as well as increasing focus across regulatory agencies and the government. In large part, this is due to cryptocurrency’s potential to destabilize and disrupt traditional financial markets on a global scale and provide widespread access to financial services to those across the globe that were previously unbanked or underbanked. Furthermore, the creation of new blockchain-enabled innovations such as “smart contracts”, decentralized finance (“DeFi”), and tokenized assets [i.e., non-fungible tokens (“NFTs”)] create potential for even greater disruption and introduce incremental regulatory considerations to address risk vulnerabilities that may potentially undermine the crypto market.
Key macro-risks requiring greater evaluation and regulatory clarity:
- Low levels of investor and consumer understanding of crypto assets including costs, fees, and conflicts of interest
- Lack of redress and/or recovery and resolution mechanisms
- Uncertainties around the operational resilience of some crypto-asset-focused institutions
It is possible that given the public prominence of crypto-assets and crypto-asset trading platforms, the rapidly growing retail investor adoption, and the use of leverage that any loss of confidence in crypto-assets could have implications to the direct financial interconnectedness of crypto-asset markets”.1 The effects of widespread loss of confidence have been experienced before in multiple crashes, and most recently with TerraUSD collapse in May 2022. Stablecoins – once thought as a minimizing risk – have disproven this as seen by the collapse of the algorithmic Stablecoin UST or TerraUSD losing its currency peg to drop below $0.30 2 , which has been followed by around $1 trillion leaving the crypto market. Compounding the challenge, the pace of technology innovation has further accelerated after each of the previous five major market resets since the inception of Bitcoin. For example, the period following the 2018 crash helping foster DeFi, NFT’s, Ethereum alternatives, and Stablecoins. 3
The lack of regulations and regulatory oversight around crypto is more crucial now than ever before and directly affects how firms must assess and mitigate risks. Regulations today were written to apply to traditional fiat currency, and do not always easily translate to cryptocurrency. For example, legislation like the ‘Howey Test’ is not easily transferable to cryptocurrency to determine of the type of asset.4 Due to this lack of regulatory clarity, many traditional financial institutions (“FIs”) have opted not to offer cryptocurrency-based products/services.
To facilitate increased regulatory clarity, President Biden issued an executive order in March requiring a collaborative, interagency approach to ensure the responsible development of digital assets within the U.S., pushing various regulatory agencies to increase research efforts and further develop regulations surrounding digital assets. To facilitate greater adoption and ensure the safety and soundness of the financial system, regulators would need to further develop a regulatory framework addressing concerns spanning privacy, security, price stability, consumer safety and financial crime. These tenets are a necessary precursor to a viable micropayment system, bringing cryptocurrencies into ubiquity for the entire market.
Compliance & Risk Trends
While the OCC, FinCEN, SEC, and other regulatory bodies provide guidance, it is still left to each firm to evaluate their specific crypto strategy, positions, risk appetite, and risk management programs to assess and mitigate risk exposure. As their risks evolve at the same pace of new product development, FIs would need a new risk assessment and management frameworks.
In that regard, there are a myriad key compliance risk types to lookout for. In this blog, we will further explore three of the emerging risk areas in greater detail:
1. Privacy/Information Security
Cryptocurrencies provide a platform to meet or exceed many privacy regulations in existence today, but transparency of distributed ledgers poses unique challenges for many coins, including Central Bank Digital Currencies (“CBCDs”).
There are growing concerns about data privacy in the context of cryptocurrencies, as wallet identification (ID) may be considered Personally Identifiable Information (PII) because the blockchain contains wallet IDs that can be linked to specific individuals. Some of the privacy concerns in the cryptocurrency ecosystem include:
- Oversight of centralized entities
- Evaluation of additional data available against privacy laws
- Ability to track the spending habits of a wallet owner
- Need for physical cash or additional tokens to provide consumer privacy.
If the government were to use a centralized cryptocurrency utilizing blockchain technology, all transactions of every individual could be publicly available, potentially requiring consumer protection laws to remove anonymity. Most cryptocurrencies, with the exception of privacy coins, are not considered compliant with the Global Data Protection Regulation (GDPR). Privacy coins are GDPR compliant, but they include almost no information on the blockchain, making it difficult to track them. Privacy coins use methods like stealth or ring addresses to hide user information, but they are often heavily regulated or banned by governments due to their potential use in illegal activities.
2. Financial Crime
Cryptocurrency offers pseudo-anonymity which led the regulators to take notice and require action to prevent financial crimes. FIs will need to Know Your Customer, Sanctions and Know Your Transaction programs to detect and manage these risks.
The increasing investment by banks in blockchain technology, which is the underlying technology for cryptocurrencies, reflects confidence in the potential of the technology to modernize various aspects of financial operations. In 2021, the 13 largest financial institutions in the US invested a total of $3 billion in blockchain technology. These investments are aimed at improving payments processing, custody offerings, capital markets platforms, and other areas of financial operations. The trend towards institutional investment in blockchain technology also raises expectations that cryptocurrencies will be used as a medium of exchange alongside traditional fiat currencies.
Cryptocurrency exchanges, which are registered with the Securities and Exchange Commission (SEC), are required to report the digital tokens they hold for customers on their balance sheets as liabilities. This means that the balance sheets of these exchanges are likely to grow significantly.
As the use of cryptocurrencies by financial institutions becomes more widespread, it is also likely to bring with it complex operational challenges and emerging financial crime risks. These risks will need to be carefully managed in order for the potential benefits of cryptocurrencies to be realized.
Moreover, Cryptocurrency poses financial crime risks to the financial system due to its anonymity, ease of use, and limited oversight. These risks include fraud, money laundering, sanctions evasion, and cybercrime. While mechanisms have been put in place to trace the identities of individuals using cryptocurrency, these processes, controls, and oversight are limited compared to traditional fiat currencies. Un-hosted wallets, or self-hosted or non-custodial wallets that are not supported by a custodial exchange, are untraceable and pose a challenge to regulators and enforcement authorities. Mixers and tumblers, which are used to combine various types of cryptocurrencies to conceal the identity of the payer, have been utilized on “darknet markets” for a range of criminal activities. One highly publicized case involved the operation of a darknet money laundering service involving mixers and tumblers.
As companies are increasingly expected to identify and manage ESG-related risks, they would need to understand and manage risk associated with the environmental impact of mining and payments, stakeholder diversity, and distributed decision-making methodologies.
As firms consider the above risks and tailor their risk and compliance functions to better respond to these, they will be better able to build a true cryptocurrency competitive advantage with appropriate risk management.
The ESG (environmental, social, and governance) issue and opportunities in decentralized finance (DeFi) are becoming increasingly important for investors. Companies are being pushed to include ESG-related risks and opportunities in their financial disclosures and it is important for all investment portfolios to understand the impacts of DeFi.
E for Environment
The emissions and energy consumption of blockchain mining and transactions, particularly those of Bitcoin, have come under scrutiny. The type of mining used and the location of the mining can affect fossil fuel consumption. There is a push towards clean energy in the industry, with the Crypto Climate Accord committing to net-zero by 2030 through green technology and carbon offsets. However, there are challenges with reporting cryptocurrency holdings and evolving regulation on sustainability and climate reporting, and legislation is needed to address these challenges.
S for Social
DeFi has the potential to address issues like banking the unbanked, solving world hunger, and freeing consumers from hyperinflation. Cryptocurrency can facilitate cheaper and faster cross-border transactions, but it also presents risks such as scams and money laundering. Decentralized finance is also vulnerable to cyberattacks and there is a need for greater cybersecurity measures to protect users.
G for Governance
Decentralized finance is largely unregulated, but regulation is evolving and there is a need for it to ensure investor protection and prevent financial crime. There are risks of fraud and scams in decentralized finance and regulation is needed to protect investors. Decentralized finance also poses risks of money laundering and sanctions evasion and regulation is needed to prevent financial crime. It is important for regulators to balance the benefits of DeFi with the need for investor protection and financial crime prevention.