Cryptocurrency issuers must improve their anti-money laundering game

All signs point to the end of a “Wild West” era of cryptocurrencies, specifically with ICOs. As governments step up to protect investors, companies considering an ICO should take the initial steps to self-regulate, before regulatory bodies step in and do it for them.

In July 2017, the SEC issued an investigative report “cautioning market participants that offers and sales of digital assets by ‘virtual’ organizations are subject to the requirements of the federal securities laws.”

The SEC is strongly considering labeling ICOs as securities, meaning that future offerings or sales of “blockchain technology-based securities” will have to be registered, just like the offerings or sales of traditional securities.

Chris Ratcliffe/Bloomberg

These unregistered offerings would then be liable for violations of securities laws in many countries including the U.S. The penalties for securities fraud are severe, and stand to increase as bipartisan groups of U.S. senators introduce a bill to raise penalties for securities law violations.

Other countries have taken even more strident regulatory actions against ICOs. In September 2017, China’s central bank announced a complete ban on ICO funding because it “seriously disrupted the economic and financial order.” China’s ban reflects a legitimate worry, shared by governments worldwide, over the danger of ICOs facilitating money laundering, online fraud, and terrorist financing.

When regulators recognize ICOs as securities offerings, they will likely require issuers to fully comply with standard Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.

Currently, most ICOs don’t perform even the most basic customer check. In our review of U.S. based ICOs, we discovered that only 11% of these offerings require investors to prove that they are U.S. citizens.

A key piece in the overall AML landscape, KYC enables financial institutions to manage risk by granting them full transparency on their customers. Broadly speaking, the KYC process analyzes basic identity information and checks this information against lists of known parties who have been associated with fraudulent practices. Using profiles of similar customers, KYC models typical transactional behavior, and then monitors actual behavior against this model.

Such traditional KYC/AML regimes, designed to verify merchant identity and business scope, have been the frontlines of fraud prevention for decades. Even before specific KYC/AML regimes are updated to include ICOs, a growing number of companies considering ICOs are proactively ensuring their compliance with basic KYC/AML tenets. KYC also ensures that companies are not concealing part of their business activities or acting as a storefront for illegal products.

And it’s not just startups that are preparing for ICO regulations. Recently, the Waves blockchain platform joined forces with the ICO Governing Foundation, the Ethereum Competencies Centre, and Deloitte CIS to launch a self-regulatory body for ICOs.

The idea is to drive change from the ground-up by having the industry itself provide reporting, legal, tax, accounting, KYC, and business due diligence standards for ICOs.

Recognizing the fact that cryptocurrency fundraising is on the rise, this move makes sense.

Without best practices and standards in place, organic growth can be impeded by perceived risks to investors and issuers. Vladislav Martynov, the Head of the Ethereum Competence Center, noted in the Deloitte release that “joint and voluntary initiatives such as this self-regulatory body for token sales are a critical element in the professionalization of the blockchain industry. As custodians of some of the most remarkable and disruptive technology ever created, we must be seen to be fostering its responsible use as well as building functionality and maintaining the security of the ecosystem.”