Speed Read: Natasha Reurts provides an overview of a European Commission report published in late June 2017 on the assessment of money laundering and terrorist financing risks for virtual currencies and crowdfunding platforms, and queries whether there is a sufficient basis for greater regulation in this area.

In the financial crime space, cryptocurrency and crowdfunding are buzzwords du jour - yet what actually is known about the money laundering and terrorist financing risk associated with each? In January 2016, a Europol report concluded that the use of Bitcoin by terrorist organisations to finance their activities could not be confirmed.[1] Moreover, in March 2015 HM Treasury found, referring to a 2014 NCA assessment on the nature and scale of threat posed by virtual currencies, “little evidence to indicate use by established money laundering specialists or that digital currencies played a role in terrorist financing.”[2] More recently, on 4 July 2017, the European Commission released a supranational assessment of the risks of money laundering and terrorist financing for various financial and non-financial sector products.[3] The report assesses the threat level of traditional financial sector products such as payment services, life insurance, mortgages, business loans as well as virtual currencies and crowdfunding. Additionally, it considers the threat and vulnerability level of non-financial products such as high value goods. Interesting observations are made on the money laundering threat posed by virtual currencies, the best known of which is Bitcoin, as well as crowdfunding platforms.

Virtual Currency

According to FATF, decentralised virtual or “crypto” currencies have received attention as not only a new method of payment but a potential new criminal tool for terrorist financiers and money launderers to move and store criminal funds.[4] FATF identified the potential anti money laundering (“AML”) and counter terrorist financing (“CTF”) risks of anonymity, lack of a centralised oversight body, global reach and the complex infrastructures as the basis for the cause for concern.[5] The money laundering risk is said to materialise when criminals or terrorist financiers use virtual currency to transfer goods or funds anonymously.[6]

Threat

In relation to the specific terrorist financing threat, the 2017 European Commission report notes that there are few examples of terrorism being funded by way of virtual currencies. There is, however, a sustained interest in using virtual currency to finance terrorism. That said, the report identifies certain features which make the use of virtual currencies less attractive, namely the cost, high level of technical expertise required and the fact that virtual currencies are a relatively nascent technology, with constant updates and improvements in the area making their use not as stable as other forms of funding. The Commission concludes by regarding the level of terrorist financing threat as “moderately significant” (level 2) on a scale of 1 – 4, just above a “lowly significant” threat.

Similarly, with respect to virtual currencies and the money laundering threat, the Commission report notes the ease with which organised criminal groups can use virtual currencies to launder monies anonymously with the added benefit of not having to worry about the transaction trail.[7] Inconsistent with the hype surrounding virtual currency threats, the Commission finds that virtual currency laundering cases are quite rare and few investigations into the risk scenario have been completed. As with the terrorist financing threat, the money laundering threat posed by virtual currencies, such as Bitcoin, is said to be “moderately significant” (level 2).

Vulnerability

The perceived vulnerability level, however, is considerably greater. In its report, the Commission notes that the vulnerability level for cryptocurrency relative to money laundering and terrorist financing is “significant/very significant’ (level 3/4).[8] This assessment is based on a lack of EU regulation and monitoring in the area, an inability to report suspicious activities to financial intelligence units and the inherent features of anonymity, cross border reach and structural complexities.

Crowdfunding

Crowdfunding is a practice of funding a project or venture, personal or otherwise, by making an open call to the public to raise the funds online. It is, in effect, a form of alternative finance. As with virtual currencies, the perceived money laundering and terrorism financing threat associated with crowdfunding platforms is based on the anonymity offered by the online presence and the worldwide reach of these platforms. Further, the ease of using a crowdfunding platform is said to make it prone to abuse.

An example of such abuse involves use of a platform to crowdfund a fake company that is in fact owned by a criminal group. The backer of the initiative might receive the illegitimate funds which become legitimately disguised by the crowdfunding transaction. At this point, the funds can be more easily integrated into the financial system. Crowdfunding is also susceptible to abuse by terrorist financiers as demonstrated by evidence of campaigns seeking backers for fictitious charitable initiatives abroad or the use of fake individuals backing a fake company (i.e. purchasing fake equity) or project. The money is then removed from the platform and transferred for illegal activities.

Threat

Although the Commission report identifies that crowdfunding occurs in every EU member state, different levels of crowdfunding activities occur within each, with the UK, Germany and France hosting the most platforms. Depending on the business model adopted to establish the crowdfunding platform, the EU’s AML and CTF framework does not automatically apply to crowdfunding.[9]

Although the Commission cites open-source information reiterating the use of crowdfunding platforms in recent terror attacks, it notes that the amounts in question were relatively small and broader incidents of use are limited. Whilst the intent to misuse platforms exists, the use of crowdfunding platforms is said to be neither financially viable nor secure for terrorist financiers. This conclusion is supported by the contention that crowdfunding is not an attractive tool to filter large sums of money as it necessarily requires a number of ‘funders’ which is time consuming and requires planning. This acts as a deterrent for terrorist groups looking for an avenue to raise or funnel funds. The Commission considers the terrorist financing threat in relation to crowdfunding as “moderately significant” (level 2).

Interestingly, in relation to the money laundering risk in crowdfunding platforms, it said that there “is little to no evidence of indicators that criminals have used it to launder proceeds of crime.”[10] In assessing the money laundering threat to crowdfunding as “lowly – moderately significant” (level 1/2) the report notes that use of these platforms to launder ill-gotten gains is costly, time consuming and requires expertise.[11]

Vulnerability

Again, however, there is a slight disconnect between the threat level and perceived vulnerability of crowdfunding platforms. Risk exposure or vulnerability is said to be “significant” (level 3).[12] Factors that inform this position include a lack of harmonised controls and horizontal legal framework to deal with crowdfunding.

Analysis

The Commission’s recent findings are noteworthy in several respects. First, if the Commission considers that use of cryptocurrency and crowdfunding to launder money or finance terrorism is rare notwithstanding their perceived vulnerabilities, one might ask rhetorically what is the purpose of regulating in these areas? Regulation ought to be proportionate and necessary. The counter argument, of course, is that regulators who are on notice of the vulnerabilities of cryptocurrencies and crowdfunding ought to prevent abuse before it happens instead of having to play regulatory “catch up”.

Arguably, the regulation question is even more important in light of recent events, namely allegations raised by the US Justice Department in July 2017 that more than $4 billion in Bitcoin was laundered through the BTC-e exchange. Currently, cryptocurrencies are not regulated in the UK. One challenge to regulation is the lack of public sector knowledge and constant development and upgrading of cryptocurrency capabilities. It is hard to regulate something that is constantly evolving. If regulation is to be introduced, collaboration and consultation between state and cryptocurrency providers is necessary.

Associated with the above, there would appear to be an information shortfall when it comes to cryptocurrency and crowdfunding. The basis of the conclusions formed in the European Commission’s report were the result of a three-tiered risk assessment - a supranational risk assessment, national EU member state risk assessment and sectoral risk assessment. Interestingly, however, the risk assessment performed by the Commission was of relatively narrow focus in that it only looked at threats and vulnerabilities of particular financial and non-financial sector products. It did not specifically assess the impact and consequences (e.g. physical, social, environment, economic and structural consequences) of such products and, rather, considered that the consequences for each and every product were “significant”.[13] A question arises as to whether it is right to simply assume that the consequences and impact of using relatively new products like virtual currencies and crowdfunding platforms are just as significant as the impact and consequences of acquiring a business loan. Simply put, there is potentially an information deficit when it comes to these new financial sector products.

Lastly, in the absence of evidence of widespread use of crowdfunding and cryptocurrencies to fund terrorism and launder the proceeds of crime, the Commission’s assessment that the vulnerabilities presented by crowdfunding and cryptocurrencies as “significant” or “very significant” – a finding consistent with the hype surrounding the products – presents a regulation challenge. On a macro level, it is up for debate – is perceived threat and vulnerability a sufficient basis for developing comprehensive regulation of crowdfunding and cryptocurrencies now or is more evidence of their actual exploitation required? In short, if the AML/CTF threats and vulnerabilities were axes on a graph and mapped according to the level ascribed by the Commission, where on the graph would the need for comprehensive regulation trigger?

A copy of the European Commission’s report published in June 2017 can be found here: http://europeanmemoranda.cabinetoffice.gov.uk/files/2017/07/10977-17-ADD-2.pdf