No ‘jumping the gun’ in regulating cryptocurrencies

From left, RiskPass AML+Compliance Ltd. co-founder Peter McKiernan, Caribbean Financial Action Task Force Executive Director Dawne Spicer, and Attorney General’s Chambers Anti-Money Laundering Unit head Francis Arana discuss regulatory issues in the cryptocurrency industry. - Photo: Ken Silva

Peter McKiernan, the cofounder of RiskPass AML+Compliance Ltd., stood at his laptop last week at a seminar on anti-money laundering practices for cryptocurrencies, demonstrating to the audience how to transfer cryptocurrencies across borders.

“If I want to send money to Canada, all I have to do is take this hash – my wallet code – and go to my wallet here and go to ‘send money’ to that hash,” he said at the conference, organized by the consulting firm FTS. “And I want to send 0.21 Litecoin and I hit send, and it’s going to say I have a little transaction fee that works out to pennies.”

With a few clicks on his mouse, McKiernan transferred 0.21 units of the cryptocurrency Litecoin – about $15 worth – from his crypto wallet in Cayman to another wallet he owns based in Canada.

“I just transferred value outside the banking system, with no government telling me not to and no one knows I did it because I haven’t told anyone my wallet code,” he said.

Thousands of transactions like the one McKiernan did in less than 30 seconds occur every day. This is alarming financial regulators around the globe, who worry that they will not be able to detect people laundering money, evading taxes, conducting in black-market transactions, violating international sanctions, or skirting other regulations.

Dawne Spicer, the executive director of the Caribbean Financial Action Task Force, likened the current regulatory landscape for cryptocurrencies to years ago when prepaid money cards were invented. Back then, Spicer said that people put large amounts of money on those cards and were able to transfer hundreds of thousands of dollars to each other anonymously. Eventually, regulators forced card companies to limit how much money could be put on cards, and to collect identification when people bought cards.

However, regulators have yet to determine what actions they will push for when it comes to cryptocurrencies.

Cryptocurrency regulations will be a major topic at the upcoming Caribbean Financial Action Task Force (CFATF) meeting in October, but Spicer cautioned that it is unlikely that anything definitive will come out of the meeting. She said that the CFATF has not determined exactly what they should be aiming to regulate.

“Actually, there’s not any consensus on what the name should be,” she said. “The initial thinking is that ‘cryptocurrencies’ is too specific, and virtual currencies is what has been used before. And maybe ‘crypto assets’ is good because ‘crypto assets’ is for the value of any type of asset.”

Cayman is in a similar situation to the rest of the world when it comes to crypto regulation.

Financial Services Minister Tara Rivers said in May that her ministry began considering recommendations created by a Cayman Islands Monetary Authority working group, but Francis Arana, the head of the Attorney General’s Chambers’ anti-money laundering unit, said on Aug. 29 that there is no time line for when anything might be implemented.

“I am not certain, but these things do take a lot of time,” Arana said at a conference on anti-money laundering practices for cryptocurrencies. “I don’t foresee anything this year. If I were to hazard a guess, it would be early next year when you see proposals being circulated.”

The lack of digital asset legislation here is not necessarily because Cayman is dragging its feet, but because there are not any internationally acceptable standards for such a new technology, according to Arana.

“The international community is just starting to discuss this,” he said. “Do you want to jump the gun?” In the meantime, blockchain companies looking to conduct initial coin offerings should adhere to due diligence guidelines that dictate other areas of Cayman’s financial services industry, Spicer recommended.

At the FTS conference, an audience member expressed concern that having to conduct know-your-client checks on every investor would hamper initial coin offerings, which often attract tens of thousands of customers.

In the case of a recent initial coin offering by the Cayman-registered, which raised more than US$4 billion in its initial coin offering, there were likely hundreds of thousands of investors.

Making timely coin purchases is especially important for investors given the volatility of the crypto market, the attendee said. In response, Spicer said it would be wise to follow the general guidelines of identifying the “significant” holders of an initial coin offering.

The same rule-of-thumb applies for the nonprofit sector. McKiernan said that nonprofit organizations accepting cryptocurrency donations need to conduct standard due diligence.

“If you want to accept bitcoin from someone, you have to do the same kind of [know your client] as a bank – proof of whose wallet it came from in order to accept it,” he said. “Then you need to convert to fiat currency, which is a big issue. But there are banks that do that.”

While there are general guidelines for entities issuing initial coin offerings, there is a regulatory lacuna when it comes to tracking coins after they have been sold. Essentially, tokens have become bearer shares – whoever holds them is the owner – said McKiernan.

“The second you get that token, there’s nothing stopping me from moving it to my North Korean buddy. Then if the entity pays a token dividend, they’d be paying the North Korean guy and violating sanctions, and they wouldn’t know they’re doing it,” he said. “So KYC is very weak; it’s only done upon the issuance of the token. You can’t control it after initial sale.”

An audience member said some entities are mitigating this risk by requiring token-holders to present KYC info if they want to access the benefits that the tokens offer.

McKiernan said this is an interesting potential solution, to make it so that “tokens themselves don’t have rights, only people who’ve gone through the [KYC] steps.”