Data Protection: Virtual Currencies, Crowdfunding, Money Laundering and Terrorism Financing Threats
20 December 2017, Bachir El Nakib, Senior Consultant Compliance Alert LLC
In the financial crime space, cryptocurrency and crowdfunding are buzzwords du jour - yet what actually is known about the money laundering and terrorist financing risk associated with each?
In January 2016, a Europol report concluded that the use of Bitcoin by terrorist organisations to finance their activities could not be confirmed. Moreover, in March 2015 HM Treasury found, referring to a 2014 NCA assessment on the nature and scale of threat posed by virtual currencies, “little evidence to indicate use by established money laundering specialists or that digital currencies played a role in terrorist financing.” More recently, on 4 July 2017, the European Commission released a supranational assessment of the risks of money laundering and terrorist financing for various financial and non-financial sector products. The report assesses the threat level of traditional financial sector products such as payment services, life insurance, mortgages, business loans as well as virtual currencies and crowdfunding.
Additionally, it considers the threat and vulnerability level of non-financial products such as high value goods. Interesting observations are made on the money laundering threat posed by virtual currencies, the best known of which is Bitcoin, as well as crowdfunding platforms.
According to FATF, decentralised virtual or “crypto” currencies have received attention as not only a new method of payment but a potential new criminal tool for terrorist financiers and money launderers to move and store criminal funds. FATF identified the potential anti money laundering (“AML”) and counter terrorist financing (“CTF”) risks of anonymity, lack of a centralised oversight body, global reach and the complex infrastructures as the basis for the cause for concern. The money laundering risk is said to materialise when criminals or terrorist financiers use virtual currency to transfer goods or funds anonymously.
In relation to the specific terrorist financing threat, the 2017 European Commission report notes that there are few examples of terrorism being funded by way of virtual currencies. There is, however, a sustained interest in using virtual currency to finance terrorism. That said, the report identifies certain features which make the use of virtual currencies less attractive, namely the cost, high level of technical expertise required and the fact that virtual currencies are a relatively nascent technology, with constant updates and improvements in the area making their use not as stable as other forms of funding. The Commission concludes by regarding the level of terrorist financing threat as “moderately significant” (level 2) on a scale of 1 – 4, just above a “lowly significant” threat.
Similarly, with respect to virtual currencies and the money laundering threat, the Commission report notes the ease with which organised criminal groups can use virtual currencies to launder monies anonymously with the added benefit of not having to worry about the transaction trail. Inconsistent with the hype surrounding virtual currency threats, the Commission finds that virtual currency laundering cases are quite rare and few investigations into the risk scenario have been completed. As with the terrorist financing threat, the money laundering threat posed by virtual currencies, such as Bitcoin, is said to be “moderately significant” (level 2).
The perceived vulnerability level, however, is considerably greater. In its report, the Commission notes that the vulnerability level for cryptocurrency relative to money laundering and terrorist financing is “significant/very significant’ (level 3/4). This assessment is based on a lack of EU regulation and monitoring in the area, an inability to report suspicious activities to financial intelligence units and the inherent features of anonymity, cross border reach and structural complexities.
Crowdfunding is a practice of funding a project or venture, personal or otherwise, by making an open call to the public to raise the funds online. It is, in effect, a form of alternative finance. As with virtual currencies, the perceived money laundering and terrorism financing threat associated with crowdfunding platforms is based on the anonymity offered by the online presence and the worldwide reach of these platforms. Further, the ease of using a crowdfunding platform is said to make it prone to abuse.
An example of such abuse involves use of a platform to crowdfund a fake company that is in fact owned by a criminal group. The backer of the initiative might receive the illegitimate funds which become legitimately disguised by the crowdfunding transaction. At this point, the funds can be more easily integrated into the financial system. Crowdfunding is also susceptible to abuse by terrorist financiers as demonstrated by evidence of campaigns seeking backers for fictitious charitable initiatives abroad or the use of fake individuals backing a fake company (i.e. purchasing fake equity) or project. The money is then removed from the platform and transferred for illegal activities.
Crowdfunding has been around for a while, but in the world of finance, fundraising using online platforms is fairly new. For this reason, rules and regulations to govern it have not been clearly defined and therefore, a lot of the campaigns happen with barely enough supervision to minimize the following risks associated with Crowdfunding:
Risk of fraud e.g. funds may be used for different purpose than what was initially disclosed, the creator may also portray an idea he/she doesn’t own. The creator, who has been deemed malicious, may also use the campaign to go on a Phishing trip, where he/she gains access to a backer’s personal and financial records e.g. banking and credit card information and use it to defraud the sponsor. It is expected that the backer perform due diligence before giving their money, but a lot of times they don’t. A survey showed that backers fail to perform due diligence because:
o Since the companies are small and private, or probably not even registered, then audited company accounts as well as business plans may not be available to allow them to find out more about the company.
o Crowd funders give small dollar amounts and thus are not particularly bothered by the returns, they write it off as soon as they give the money
o There is a free-rider problem where everyone thinks that others have carried out due diligence whilst in essence no one has.
Experts are particularly concerned that the Crowdfunding revolution may be crowding out other forms of financing e.g. angel, venture capital financing and traditional financial institutions. This is because a lot of people are turning online for financial help and completely ignoring the other means of financing.
A lot of project creators and backer do not realize that crowds do not know everything. See, human interest, curiosity and excitement is always easily piqued by novelty. Ideas may be great and well received but they may be not easily commercialized. Unfortunately, according to well researched reports, 3 out of 4 startups fail. What this means is that 75% of all successfully funded ideas FAIL. This is very unfortunate.
For Crowdfunding, transactions are one time, and not continuous. Business owners and project creators must learn how to balance the short term influx of cash raised through Crowdfunding efforts with the daily cash flow expense requirements of their business.
There is no protection of intellectual property on Crowdfunding platforms. If one put up information on a Crowdfunding platform or online that has not been patented, then they have up to one year from the date they posted it to patent the idea, after which they lose the chance to patent it. This is recorded in the U.S. Patent act. A lot of the creators seeking funding do not have this knowledge and end up losing the rights to their proprietary information.
There are limited follow up mechanisms. There is no way for the sponsors to follow up on how their money was used, and neither can they follow up on promised rewards if the project owners choose to dishonor their promises.
There is a grey area on ownership of ideas where a project owner, would use an idea submitted by someone commenting on their product or service without giving the commenter credit for it. This could cause a PR meltdown and probably even present legal issues.
A lot of the creators posting their projects online have good ideas and no business expertise. They have no idea how to set up a business or how to fulfill the legal requirements of owning a business and do not have experts to guide them on this. This is a recipe for disaster.
Finally, tax laws governing the ecommerce environment are not clearly defined. For instance, since the funding happens across borders, do international tax laws apply? If rewards can be looked at as sources of income or material possessions, should these be taxed as well?
The Crowdfunding industry will need a lot of regulation to minimize the above mentioned risks. However, many governments are town between regulating the industry, by leaving it as it is, or over regulation that will end up killing the innovation that has been borne by this wild finance market that it is. One thing is for sure, whether the governments choose to regulate it or not, we must be aware of the risks before embarking on Crowdfunding either as a backer or as a creator. Now that you know the risks, consider yourself saved.
Steinberg, Scott. 2012. “The Crowdfunding Bible.”
Ries, Eric. 2011. The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses. New York: Crown Publishing.
Although the Commission report identifies that crowdfunding occurs in every EU member state, different levels of crowdfunding activities occur within each, with the UK, Germany and France hosting the most platforms. Depending on the business model adopted to establish the crowdfunding platform, the EU’s AML and CTF framework does not automatically apply to crowdfunding.
Although the Commission cites open-source information reiterating the use of crowdfunding platforms in recent terror attacks, it notes that the amounts in question were relatively small and broader incidents of use are limited. Whilst the intent to misuse platforms exists, the use of crowdfunding platforms is said to be neither financially viable nor secure for terrorist financiers. This conclusion is supported by the contention that crowdfunding is not an attractive tool to filter large sums of money as it necessarily requires a number of ‘funders’ which is time consuming and requires planning. This acts as a deterrent for terrorist groups looking for an avenue to raise or funnel funds. The Commission considers the terrorist financing threat in relation to crowdfunding as “moderately significant” (level 2).
Interestingly, in relation to the money laundering risk in crowdfunding platforms, it said that there “is little to no evidence of indicators that criminals have used it to launder proceeds of crime.” In assessing the money laundering threat to crowdfunding as “lowly – moderately significant” (level 1/2) the report notes that use of these platforms to launder ill-gotten gains is costly, time consuming and requires expertise.
Again, however, there is a slight disconnect between the threat level and perceived vulnerability of crowdfunding platforms. Risk exposure or vulnerability is said to be “significant” (level 3). Factors that inform this position include a lack of harmonised controls and horizontal legal framework to deal with crowdfunding.
The Commission’s recent findings are noteworthy in several respects. First, if the Commission considers that use of cryptocurrency and crowdfunding to launder money or finance terrorism is rare notwithstanding their perceived vulnerabilities, one might ask rhetorically what is the purpose of regulating in these areas? Regulation ought to be proportionate and necessary. The counter argument, of course, is that regulators who are on notice of the vulnerabilities of cryptocurrencies and crowdfunding ought to prevent abuse before it happens instead of having to play regulatory “catch up”.
Arguably, the regulation question is even more important in light of recent events, namely allegations raised by the US Justice Department in July 2017 that more than $4 billion in Bitcoin was laundered through the BTC-e exchange. Currently, cryptocurrencies are not regulated in the UK. One challenge to regulation is the lack of public sector knowledge and constant development and upgrading of cryptocurrency capabilities. It is hard to regulate something that is constantly evolving. If regulation is to be introduced, collaboration and consultation between state and cryptocurrency providers is necessary.
Associated with the above, there would appear to be an information shortfall when it comes to cryptocurrency and crowdfunding. The basis of the conclusions formed in the European Commission’s report were the result of a three-tiered risk assessment - a supranational risk assessment, national EU member state risk assessment and sectoral risk assessment. Interestingly, however, the risk assessment performed by the Commission was of relatively narrow focus in that it only looked at threats and vulnerabilities of particular financial and non-financial sector products. It did not specifically assess the impact and consequences (e.g. physical, social, environment, economic and structural consequences) of such products and, rather, considered that the consequences for each and every product were “significant”. A question arises as to whether it is right to simply assume that the consequences and impact of using relatively new products like virtual currencies and crowdfunding platforms are just as significant as the impact and consequences of acquiring a business loan. Simply put, there is potentially an information deficit when it comes to these new financial sector products.
Lastly, in the absence of evidence of widespread use of crowdfunding and cryptocurrencies to fund terrorism and launder the proceeds of crime, the Commission’s assessment that the vulnerabilities presented by crowdfunding and cryptocurrencies as “significant” or “very significant” – a finding consistent with the hype surrounding the products – presents a regulation challenge. On a macro level, it is up for debate – is perceived threat and vulnerability a sufficient basis for developing comprehensive regulation of crowdfunding and cryptocurrencies now or is more evidence of their actual exploitation required? In short, if the AML/CTF threats and vulnerabilities were axes on a graph and mapped according to the level ascribed by the Commission, where on the graph would the need for comprehensive regulation trigger?