RegTech Intelligence 
Criminal networks have eluded Anti Money Laundering and Terrorist Financing (AML/TF) nets for decades. Digital assets have forced policy makers and RegTech providers to rethink the challenge and chart a course towards digitally-native compliance. If the sector engages now, it can reap enormous benefits for digital asset and TradFi compliance. Like a dog that has been watching cars whizzing by for years, we might yet be in a position to catch the AML car with digitally-native compliance.
Ahead of our 23 June seminar, we invited policy gurus, Nick Van Benschoten, UK Finance, Lawrence Wintermeyer, GDF and Brian Yeoh, ADGM to discuss the risk we face today, new approaches and the future risk framework for a digital economy.
AML/TF policy
TradFi has long been expected to perform Anti Money laundering and Terrorist Financing (AML/TF) miracles with limited help from the public sector. By some estimates, 99% of economic crime goes undetected.
New, open access to registries and public/private partnerships which enable better standards and data sharing are starting to emerge just in time for the De Fi debate. With sanctions escalating and crypto values varying wildly, new rules are expected this year.
With such a wide range of issues falling under the umbrella of economic crime, we asked our panellists to identify the areas where they feel the risks are the greatest today.
Much of the discussion cantered on the demise of anonymity being driven by investors pushing for transparency on the projects and individuals they are entrusting with their funds. This bottom-up concern from the market will be met by top down efforts by regulators looking to de-risk the system. Organizations such as the OECD, BIS, FSB, US Digital Asset Executive Order and ADGM have already identified the need for action in this space.
One of the biggest policy drivers is not AML but Terrorist Financing. Consider the March 22 Axie Infinity breach, which resulted in the theft of $600 million in cryptocurrencies in North Korea. The need to protect the system may come into conflict with privacy law, but our panellists argued that safety may trump personal data rights.
The RegTech challenges
The AML/TF challenge is enormous and we have been failing as a sector for a while. Criminals use sophisticated networks of accounts that cross multiple financial institutions.
Spotting them is not even like looking for a needle in a haystack. It’s a piece of hay in a haystack. Multi-platform, multisector intelligence sharing is required.
Attempting to retrofit regulation that was written for technology from a different era to the new, digital world will result in failure on many different levels.
With a plethora of rule books to follow, new entrants look for guidance on how to set-up and manage their risk frameworks. Standardization makes AML/TF work.
Guidance in this space is vast and difficult to apply cross sector. For example, chapter one of the Joint Money Laundering Steering Group’s AML advice is 200 pages long, with a further 200 pages for cross-sector details in chapter two.
However, despite the length, the guidance takes a principles based approach and does not enter into how the process and systems should be delivered. This is done, in part, to make it difficult to reverse engineer the rulebook and exploit the system.
The downside of this guidance gap is that it leaves every firm defining broadly similar risk frameworks written by a handful of consultancies who work with a select pool of software providers to create an ineffective system. Despite the big consultancy fees and software licenses there are many knowledge gaps in the digital space.
Some urban myths, like the rumour that crypto exchanges are not obligated to perform full customer due diligence have been debunked. However, there are many policy decisions which remain open
- Will VASPs be able to use DeFi mixers?
- Do valid privacy coins need to be accessible by law enforcement?
- How do the rule sets get codified and shared cross jurisdiction?
Leaving these policy questions unanswered leaves the policy making to be done via enforcement.
The path forwards
Digital asset providers have proven they are able to work together to collectively manage risk across sectors. One expert cited 15 million digital wallet addresses connected to illicit activity in Russia which were identified and shared quickly in the face of Eastern European conflict this year. This would be unheard of in an analogue environment.
The ability to be able to identify transparently, any counterparty in the network system that in this instance, falls foul of a sanction, illustrates the strength of the technology.
The next step is to develop a deeper set of protocols and escalation criteria. Current guidance, aimed at policy and legal experts needs to be interpreted for coders. To do this, standard lexicons and ontologies that point out differences in regimes by activity are required.
One expert suggested that the engagement path over the next five to ten years will enable compliance oracles to interact with regulatory nodes which express the way they comply with standards on the token.
Conclusion
Digital asset compliance offers the best opportunity to get the next leg of the journey right.
Better collaboration between incumbents, startups, innovators, regulators and policymakers is required and we are at an inflection point when policies can change quickly.
Digitally-native compliance approaches enable the industry to share solutions, protocols, practices and data that has hampered TradFi efforts for decades. To get there, we need a clarion call from policy, operations and technology in unison.
It is up to all of us to work out how we can move the dial up from 1%. There is a big opportunity for us to come together to simulate policy issues at an operational level now. Join us on 23 June to learn how.