Anyone following investment news over the last few years has had a front seat to the swashbuckling fluctuations of cryptocurrencies, principally bitcoin. Persistent coverage in the media has helped propagate a mixture of alarm, bewilderment, and speculative fever.
Away from the public spotlight, however, the meteoric rise of cryptocurrencies has caught governments and the private sector alike off guard when it comes to regulatory, law-enforcement, and corporate oversight. The gulf between crypto as an actively traded global currency and appropriate levels of regulatory oversight is, justifiably, a rapidly growing area of concern.
In the fog of war against cybercrime, corruption, and ransomware attacks, however, the answer may be hiding in plain sight. Perhaps by taking a closer look at the precise nature of bitcoin, among other cryptocurrencies, the solution can be found.
The Importance of Cryptocurrency Risk Management
Cryptocurrency has a distinct advantage over other forms of currency. Cash is too bulky and bank-to-bank transfers are heavily screened these days. As a result, seemingly overnight, the use of crypto for nefarious purposes is becoming nearly commonplace.
Another, more looming concern is “big-game ransomware.” Crypto’s asymmetrical advantage (for now, at least) is periodically thrust into public view every time a major financial breach or ransomware attack comes along with a demand for ransom to be paid in crypto.
The hack of Colonial Pipeline, coupled with a demand that the ransom be paid in bitcoin, demonstrated once again the potentially lethal scenarios threatening US critical infrastructure. The attack also calls attention to the critical importance of robust cryptocurrency risk management. On top of that, crypto is also a significant threat for tax evasion.
All at once, corporate and governmental entities are facing an enormous, ever-changing puzzle, and the dilemma boils down to this:
- Preventing cryptocurrencies from becoming a perennial threat to critical infrastructure systems, large businesses worldwide, and the global financial system at large
- Guardedly accommodating crypto’s protean nature and its growing popularity among the law-abiding population as a currency for legitimate uses
Presently, cryptocurrencies are positioned as the de facto technique for moving assets tied to illegal activities. But it is possible to imagine a resolution of the current state of affairs. Doing so requires setting aside current concepts of cryptocurrency risk management and deconstructing the problem to analyze its constituent components, where the answer will most likely be found.
The use of crypto in ransomware and money laundering schemes is not occurring unchecked, of course. Many state regulatory and law enforcement bodies worldwide have been diligent in exposing cybercrimes and prosecuting offenders, particularly where its use is most concentrated. Case in point: Latin America.
In Mexico, illicit use of crypto is currently a small part of organized crime’s hard-cash laundering activities – estimated at $25 billion a year in Mexico alone. However, it is growing. Bitcoin has become an increasingly popular way to launder money among drug gangs such as the Jalisco New Generation Cartel and the notorious Sinaloa Cartel of captured kingpin Joaquin “El Chapo” Guzman.
But the arrest last year of a human trafficking kingpin at a Caribbean resort in Mexico came about not because of an inside tip but through the bitcoin he is suspected of using to help launder the proceeds of his operations.
Treat the Underlying Disease Rather Than the Symptoms
The US State Department recently announced its Rewards for Justice program, aimed at acquiring actionable information on foreign malicious cyber activity. The program offers bounties up to $10 million for information leading to the identification or location of anyone participating in ransomware attacks against critical US infrastructure at the direction or under the control of a foreign government.
Alongside closely managed bounty programs, an argument can be made that instead of investing an abundance of resources in attempts to thwart ransomware, it might be more productive to focus on the very thing that’s created the problem. Take, for example, phishing. While not eliminated, phishing has been made more difficult today than it was a decade ago, and courts in the US have shown themselves to be sensitive to the occasional imperative for law enforcement to hack into the mobile phone of a criminal suspect when matters of national security are at stake.
Why not adopt a similar approach to cryptocurrencies? What if we had techniques that enable duly authorized state entities, acting within the bounds of the law and bearing judicially obtained warrants, to access the features of the particular cryptocurrency involved so as to mitigate, impede or even halt the commission of a serious crime?
An example of this approach can be seen in the cooperation between law enforcement agencies and mobile phone equipment manufacturers, such as Apple. One solution could be gaining access to specific, coded routines between cryptocurrencies and the blockchain platform, routines that allow bad actors to remain anonymous. The conventional argument is that bitcoin miners and others would create a workaround – and they no doubt would. But then again, this is the nature of the battle we’re fighting.
Beyond Checking Boxes
Choosing the right provider to offer actionable intelligence and support in the complex area of cryptocurrencies and due diligence is paramount. And doing business with the wrong third-party entity places your business at potentially serious risk.
At IntegrityRisk, our CryptoCheck service focuses on a responsive approach to risk management that goes beyond checking boxes and standardized solutions. IntegrityRisk has the knowledge, experience, and access to the right tools to ensure that our clients are making the smartest solutions possible.
Whatever compliance challenges lie ahead, we will be with you every step of the way. Reach out to learn more about how we can help.