The future of the AML is in cryptocracy

22 August 2019
Knowledge Base

by Giacomo Luca Aleo

On June 18, 2019 Facebook announced the birth of its own cryptocurrency: Libra, whose name is inspired by Roman unit of measurement, deriving from balance Latin name; the debut is expected for the first half of 2020. The announcement caused, on one hand, a general uproar and, on the other, the value increase of the other cryptocurrencies. The “Libra Association” (no-profit organization) will manage Libra. It currently counts 28 heterogeneous founding partners (with the goal of reaching 100), representing business giants: from Mastercard and Visa to operators of payment system (PayPal, PayU, Stripe), from telecommunications operators (Vodafone and Iliad) to consumer companies (including Booking, eBay, Spotify, Uber), from venture capital such as Andreessen Horowitz to a global exchange Coinbase. Managing Libra actually means manage the Libra Blockchain: it is a permissioned ledgers model, i.e. the management and the validation of transactions is prerogative of a single node, which – in this case – is collective and represented by the Libra Association. The blockchain will record the entire history of the transactions by replicating them in the node; therefore, the transactions will be transparent to all participants of the Libra Association.

Libra Blockchain will use an innovative programming language called Move, which is based on three requirements:
• scalability to billions of accounts, with low response times (practicality) low latency, and an high-capacity storage system;
• high security standards, to guarantee the safety of users’ funds and financial data;
• flexibility, in order to allow future innovation in financial services.

The Association will be also responsible for supervising the evolution of the Libra Blockchain protocol and network, continuing to evaluate new techniques for users’ privacy improvement, taking into consideration the issues related to scalability, practicality and regulatory impacts.

In any case, Zuckerberg has already pointed out that – in order to pursuit users’ interests – the goal is to reach a permissionless ledgers model, like Bitcoin, within 5 years. The Bitcoin Blockchain is open, it is not subject to control/ ownership of individual actors and anyone has the possibility of becoming a node; the validation of the single transaction passes through the consent of 51% of the nodes.

This is a cause for concern because on this type of blockchain are occurring most frequent phenomena of money laundering and terrorist financing. The concerns, worldwide, are mainly related to:
• the lack of an underlying claim;
• the (partially) unregulated nature of the cryptocurrencies;
• the absence of a formal governance structure;
• the possibility of opening a digital wallet with providers that do not use adequate KYC measures;
• the semi-anonymity of the instrument itself: the owner of the digital wallet obtains an address consisting of a combination of letters and numbers; anonymity is guaranteed as long as no one links the address to the data of the “real” owner;
• the use of the “mixers”, i.e. addresses in which cryptocurrencies are mixed with transactions of other users and redistributed among hundreds of thousands of wallets that belong to the mixer, in order to obscure the path to the original source of the funds.

Application of KYC measures

A further point of attention is linked to the application of KYC measures to cryptocurrencies private key owners, whom does not need a digital wallet. So what are the differences with cash possession?

Simple, the Supervisory Authorities can follow the transactions traces up to the IP address of the owner’s PC; following cash movements is quite impossible.
It’s clear that there are still many questions to be resolved, given that cryptocurrencies at the moment, in the eyes of Governments and Regulators, can represent the new cash: the fear is to return to American laundries (hence the term money laundering), but this time digital and delocalized on a global scale.

Various start-ups and technology companies (including the famous Skry, Numisight, Chainalysis and Elliptic) have built software in order to analyse and track crypto transactions and able to help the Authorities in the identification of illegal activities; FBI itself uses ransomwares (computer viruses) to trace the crypto movements. Calibra, new Facebook subsidiary, will instead be the wallet provider. Kevin Weil, Calibra’s VP of product, has already made it clear that who wants to open a digital wallet will have to register, filling a KYC questionnaire and uploading a valid identity document.

Calibra will use the same verification and anti-fraud processes used by the banks

With reference to the monitoring of transactions, Calibra ensures that it will use automated systems to intercept the suspicious transactions of its users. It is clear to expect the use of artificial intelligence systems (data detective?), by creating tailored alerts on the single user based on economic information and transactions, but this is another story. It still need to be clarified whether the other members of the Libra Association will help in transaction monitoring, since most of them are not obliged to fulfil AML obligations (yet!). Surely, they will bring added value in intercepting frauds.

The FATF, in its “Guidance for a risk-based approach for Virtual Assets (VA) and Virtual Asset Service Providers (VASP)” published on June 21, 2019, defines VASP as any natural or legal person who conducts one or more of the following activities or operations for or on behalf of another natural or legal person:
i. Exchange between VAs and fiat currencies;
ii. Exchange among different forms of VAs;
iii. Transfer of VAs;
iv. Safekeeping and/or administration of VAs or instruments enabling control over VAs;
v. Participation in and provision of financial services related to an issuer’s offer and/or sale of a VA.

Evidently, because of the bullet point iv., Calibra falls within the definition of VASP.

According to the guidance, to operate in a country, it will have to require registration or licencing whose services can be accessed by or are made available to people residing or living within that country. In any case, the road traced by the FATF reveals holes in the VAMLD, so let’s expect the VIAMLD drafting shortly.

Some concluding remarks

1. European Central Bank, in the Economic Bulletin, Issue 5/2019, asserts that:
“Individuals and financial institutions, including credit institutions/investment firms, payment institutions and e-money institutions, are not prohibited by EU law from holding or investing in crypto-assets.” China has accelerated the creation of its own cryptocurrency following the decision of a court in Hangzhou to recognize for the first time Bitcoin as a “Legal Commodity”, i.e. an asset having a value. Regarding AML obligations, there are also other countries that are far ahead in the management of VASPs: the Finnish Supervisory Authority is about to publish its secondary legislation, while Japan has its own self-regulatory body and has already identified, following a focused working group, the changes to its regulation.

2. The United States’ largest bank, JPMorgan Chase (JPM), is expecting to pilot its own cryptocurrency (called JPM Coin) by the end of 2019 and also Goldman Sachs might be following in the footsteps of its competitor (in an interview Goldman Sachs CEO David Solomon said that they are doing extensive research on the concept of “tokenization”).

3. What the other international technological players like Google, Amazon and Apple are going to do? Will they move on their own routes (as it seems from the first rumours) or eventually will they join the Libra Association?

Ultimately, welcome to cryptocracy.

The author, Giacomo Luca Aleo, is Senior Compliance & AML Specialist at OASI Diagram S.p.A in Milano, Italy.

Leave a Reply

Your email address will not be published. Required fields are marked *