Navigating risk and compliance with DLT – where should businesses start?
Marta Lia Requeijo, BVNK’s VP Risk & Compliance & Group MLRO, spoke to industry experts about navigating regulation around DLT and risk mitigation strategies for businesses.
Distributed ledger technology (DLT) and blockchain payments have proven they can solve fundamental problems for businesses, from liquidity and settlement time, to cost and transparency. But bad actors and high-profile scandals involving digital assets have dented industry trust and left businesses unsure about how to engage.
I spoke to three experts in the space at Currency LDN 2023, about the risks, incoming regulation and the controls businesses can put in place to safely harness DLT.
Understanding the risks
The risks of DLT for businesses depend on how you’re using it. As Elsa Madrolle, Chief Revenue Officer at VASPnet said during our discussion: “Are you accepting or sending payments? Are you using it in your treasury as a diversification element? Are you incentivising your employees with digital assets? How a business uses crypto is going to determine the type of risk it's facing.”
For finance teams holding digital assets on their balance sheet for example, there is volatility risk associated with fluctuating prices. The advent of stablecoins pegged to assets like dollars has helped to mitigate this risk. While there are incidences of stablecoins temporarily losing their peg, for the most part major asset-backed stablecoins have proven their stability and utility, making them an attractive option for finance teams making cross-border payments for example.
Many businesses who want to use digital assets as part of their payments strategy, also choose to work with partners who can mitigate volatility risk, for example by collecting cryptocurrency payments on their behalf and settling them in fiat currencies.
It’s worth noting too that volatility risk is relative. As Shelley Schachter-Cahm, crypto compliance expert and former chief compliance officer at a major crypto exchange, said in our discussion: “If you're invested in Turkish Lira, you might have seen 85% inflation this year. Bitcoin looks quite stable in comparison.”
Financial crime risk is real, but context matters
Digital asset payment rails will be used for illicit funds – like cash is, and like all payment rails are.
But the rate of illicit activity on blockchains, as a proportion of total transactions, is lower than it is with fiat rails. Chainalysis for example estimates illicit activity is less than 1% of total on-chain activity.
Financial crime is also often easier to track when it happens on blockchains, because of their transparency. In January this year for example, an anonymous Twitter user mapped out how Lazarus Group, the North Korean hacking group, exploited ETH 41,000, which led to the exchanges involved freezing funds.
As Erica Stanford, a fintech specialist at law firm CMS, said during our discussion: “Law enforcement are grateful when they've got a crypto case because it's easier to track than other assets – there are a host of advanced analytics tools which do this. In terms of evading sanctions or being used to fund terrorism, crypto is actually really difficult to cash out illegally.”
Regulation will build trust and credibility
Regulators around the world are looking to introduce more guardrails around digital assets, clamping down on illicit activity and mitigating money laundering risk across blockchains.
The Financial Action Task Force (FATF) began publishing guidance on cryptocurrency AML in 2014 and today various regulatory bodies have codified their recommendations into law.
New rules are coming into play in Europe this year for example. The so-called 'Crypto Travel Rule’ will mean that in some cases crypto asset service providers and intermediaries have to share information about the payer and the beneficiary.
While there are varying and inconsistent approaches from regulators right now, and regulatory gaps, in the coming months and years we’ll see greater clarity.
As Shelley Schachter-Cahm commented: “This is the year of full suites of regulation coming out. Nations like Abu Dhabi and Dubai have made significant steps, as has the UK with its Financial Services and Markets Bill and Europe with MiCA. Framework regimes like MiCA will be chewed over, tried and tested, we’re seeing the first iteration of many.”
Managing compliance and ‘jurisdiction shopping’
For businesses looking to try out DLT safely, one option is to work with a payment provider that has digital asset expertise, can guide you on compliance considerations, and even act as the regulated party on your behalf.
If you choose to handle digital assets directly, the jurisdiction where you’re regulated is important.
As VASPnet’s Elsa Madrolle explained: “We still unfortunately have the ‘sunrise issue’ – jurisdictions are coming on board with regulation at different times, at different speeds, in different ways… Don't go to the cheapest, easiest jurisdiction to get regulated. Pick a reputable jurisdiction, figure out what your obligations are. For example: does this pull you into becoming a custodian or becoming a payments provider? Then apply your risk-based approach.”
Shelley Schachter-Cahm agreed: “Going for a jurisdiction that is a high-bar attainment, credible jurisdiction is the way to go... if you make the grade in the strictest of jurisdictions, it's a hallmark of quality.”
Harnessing blockchain analytics
While regulators and governments codify new requirements and regulations on managing the inherent risks associated with digital assets, there are proactive steps businesses can take.
Blockchain tools for example are designed to automatically flag risks and risk exposure. They allow companies to monitor transactions and detect addresses related to various categories, from exchanges and gambling services to sanctions, fraud shops and dark web markets – and not just in the transaction your company is exposed to, but several hops backwards or forwards.
Erica Stanford explained: “One of the real benefits of crypto is it's traceable. You have fantastic crypto analytics tools that can show exactly where transactions are coming from and where they're going to.”
You can also work with your payment partners to create bespoke transaction monitoring rules and flags that work for your business’ risk tolerance. And you’ll find that some payment providers, like BVNK, give additional protection with their own layer of machine learning analytics on top.
Assessing counterparty and vendor risk
Choosing suppliers carefully and knowing who you’re dealing with in a transaction is key.
Erica Stanford added: “There are crypto platforms and crypto platforms… some go out of their way to actually look after the assets they're protecting and work with lawyers and regulators and practice safe custody for example, others don’t.”
Shelley Schachter-Cahm agreed: “The most important thing is to make sure that who you deal with in the centralised economy is regulated, or has some hallmark of credibility. And in the decentralised space, make sure you're comfortable and that matches your risk appetite.”
Aside from regulatory licenses, hallmarks of credibility include an experienced risk and compliance team represented at board level, a risk-free balance sheet, regular independent audits and strong operational and information system controls.
Elsa Madrolle added: “Counterparty due diligence was widely ignored in the crypto world, prior to FTX... There were 134 entities owned by FTX and named in the bankruptcy dealings.... Now counterparty diligence is going to become the law, and there are a number of tools that can help businesses to do it effectively.”
Register for free to watch the discussion in full, and other on-demand videos from Currency LDN 2023.