The last issue of Digital Regulator addressed the issue of using cryptocurrencies to evade the sanctions imposed on Russia following its Ukraine invasion and its regulatory consequences. This Digital Regulator considers the illicit use of cryptocurrencies in the broader context, assessing the absolute and relative importance of this phenomena and the ongoing and anticipated regulatory actions that it drives. The picture that emerges after considering sources from blockchain analytic firms, regulatory bodies, analysts, and international constituencies such as the United Nations, is manifold. There is no consensus regarding the proportion of illicit finance supported by cryptofinance. According to Chainalysis, a blockchain analysis firm, the growth of cryptocurrency transactions involving addresses associated to licit activities from 2020 to 2021 has considerably outpaced the growth of such transactions related to illicit activities (by a factor of 7). The decrease in the value of the ratio of illicit over licit crypto-transactions is a trend since 2017 (when measurement began). This outcome also applies to the category ‘money laundering’. The Financial Action Task Force (FATF) commented that such estimates should be regarded as a bare minimum. Considering the estimates of up to seven private sector blockchain analytics and academic studies, the FATF concludes that a consensual figure is not at hand (too many differences). Based on United Nations’ data, the bulk of money laundering/terrorism financing takes place in the fiat world, not in the cryptocurrency space; and this by a factor that may lie well above 100. Regulation is key to keep illicit cryptocurrency transactions and money laundering/terrorism financing in the fiat and cryptocurrency worlds as minimal as possible. The limited adoption of cryptocurrencies largely explains that illicit transactions are pre-eminently carried out in fiat. National and international regulators and policy makers are accelerating their efforts to bring cryptofinance under full anti-money laundering, anti-terrorism financing, and sanctions compliance. The development of Decentralised Finance (DeFi) – principally welcomed, but difficult to control – primarily drives the acceleration.
During the last few weeks, the collapse of algorithmic stablecoin UST has led many regulators to accelerate the effort to regulate cryptocurrencies. In the face of the market sell-off, however, the International Monetary Fund (IMF) and World Bank also emphasise the opportunities of cryptofinance. The Bank for International Settlements (BIS) reported that 81 central banks are exploring Central Bank Digital Currencies (CBDCs), with more than a quarter of them now developing or running concrete pilots. Further, the European Central Bank (ECB) released three distinct options for the privacy of CBDCs. Finally, South Korea is poised to lift the Initial Coin Offering (ICO) ban introduced in 2017.
Assessing the illicit use of cryptocurrencies
In February 2022, Chainalysis released its sixth annual Crypto Crime Report. Following on our last Digital Regulator, which addressed the potential use of cryptocurrencies to evade the economic sanctions imposed on Russia, this Digital Regulator considers the illicit use of cryptocurrencies in the broader context to assess the importance of this phenomena and ongoing and anticipated regulatory actions. The Chainalysis report is not exempt from criticism, particularly regarding the lack of definitional and methodologic transparency, and analysts and regulators consider its conclusions to be very optimistic. However, the Chainalysis report has the advantage of presenting a consistent time series of six years, which is a long period in cryptofinance. We first examine the activities in scope in the report and then summarise the key findings. We focus on DeFi and mention alternative measures of illicit cryptocurrency activities; finally, we review current and anticipated regulatory responses.
- Illicit activities – The Chainalysis report considers the following illicit activities: malware, that is the use of viruses, worms, and trojans to steel cryptos; terrorism financing using crpytos; the outright steeling of crypto funds; scams, namely crypto investment fraud; sanctions evasion trough crypto; ransomware, such as blocking the computer until a sum of cryptos is paid; cybercriminal administrator, that is, addresses attributed to individuals connected to a cybercriminal organisation; fraud shop, for instance fake online shops requesting advance payments; darknet market, offering illicit goods and services against cryptos; and handling of child abuse material. We note that these categories are more comprehensive than a category such as money laundering or terrorism financing and – along other commentators – the lack of transparency and depth regarding these definitions.
- Key statistics – The Chainalysis report monitors the magnitude of the above-mentioned illicit activities through the crypto-transactions involving addresses associated to these activities. The key finding is that while illicit transactions reached an all-time high in absolute terms in 2021, they scored an all-time low in relative terms. In other words, licit transactions are growing much faster than illicit transactions. This is a trend confirmed since 2017, when measurements began. The total cryptocurrency value received by illicit addresses associated to the above-mentioned activities was estimated to be USD 7.8 billion in 2020 and USD 14 billion in 2021. While the growth in value of illicit transactions from 2020 to 2021 was nearly 80%, the total volume of transactions grew by 567% over the same period. Thus, the value of transactions involving illicit addresses represented only 0.15% of the total transactions value in 2021 (against 0.62% in 2020). The report evidences that stolen funds and investment scams were the categories that grew most year-on-year.
- DeFi under the spotlight – According to the report, DeFi explains to a large extent the growth of illicit activities related to stolen funds and investment scams. More than 35% of the increase in the value of investment scams came from ‘rug pulls’ – involving developers to build an apparently legitimate crypto project, raising crypto-funds and disappearing with it. All rug pulls tracked by Chainalysis but one involved DeFi projects. The report also illustrates that approximately 70% of the funds were stolen from DeFi protocols. In conclusion, DeFi emerges as a space where the growth of overall activity and illicit activities (stolen funds and investments scams) are closely correlated. The low governance standards observable in the DeFi space (the absence of audits in particular) is often quoted as the main reason for this result.
- Alternative estimates – S. Foley, in his seminal paper issued in 2019 and based on data up to 2017, suggested that approximately 25% of bitcoin users were involved in illegal activities and 46% of bitcoin transactions concerned illegal activities. The author used an estimation technique different from the one applied by Chainalysis. Foley did not inspect suspect addresses; he investigated the network and behaviours of the users of cryptocurrencies and applied statistical processes to analyse them and extrapolate the results. To the best of our knowledge, Foley’s research was a unique exercise. Hence, there is a lack of time-series compared to the Chainalysis reports. Foley conducted his research based on data up to 2017. Cryptocurrencies have developed substantially over the last five years, in terms of number, valuation, use cases, and adoption, and 2019 estimates based on 2017 data are likely to be hardly relevant in 2021. The FATF carried out in depth research on the illicit use of cryptocurrencies in the context of the adaption of its anti-money laundering and prevention of terrorism financing guidelines to new technologies such as cryptocurrencies. It relied on multiple sources (data from up to seven blockchain analytic companies) and concluded that the Chainalysis estimates should be considered as bare minimum and the estimates differ too much in terms of scope and methodology to enable reaching a consensus on the actual magnitude of the illicit use of cryptocurrencies associated to money laundering and terrorism financing activities.
- Regulatory response – Data from 2021 showed that the ability of enforcement to combat crypto crime is improving, particularly from the US regulators. Chainalysis recalls the charges filed by the Commodity Futures Trading Commission against crypto investment scams, discredit by the Federal Bureau of Investigation of a ransomware, sanctions by the Office of Foreign Assets Control of two crypto services, and seizure by the Internal Revenue Service of over USD 3.5 billion of cryptocurrencies (all from non-tax investigations). From a regulatory policy perspective, in March, the European Parliament voted to introduce new checks on the identities of those involved in any crypto payment, irrespective of the size of transaction and involvement of hosted or unhosted wallets; moreover, the FATF renewed its determination to get member countries to swiftly implement all approved international rules introduced to prevent the use of crypto-assets for money laundering and terrorist financing purposes. The FATF rules also apply to the DeFi sector. In our Digital Regulator in September 2021, we noted that the effective implementation of the FATF rule on DeFi activities requires a proactive collaboration between the official and private sectors, and reliance on a prudential regulatory approach, rather than an enforcement-based approach built around the concept of centralised intermediaries.
- Mind the proportions – The United Nations recalls that ‘the estimated amount of money laundered globally in one year is 2-5% of the global GDP or USD 800 billion – USD 2 trillion in current US dollars’. The Chainalysis statistics point to a value of USD 14 billion of cryptocurrency-based illicit activities in 2021, of which USD 8.6 billion is attributable to money laundering activities. Even conceding along the FATF that such an estimate is to be considered as a bare minimum and applying a generous multiplier, accordingly, all point to the conclusion that in any event, the bulk of money laundering activities occurs in the fiat environment, not in the cryptocurrency environment, and this by a factor that may lie well above 100.
The current status of analyses and studies which aimed to assess the role of cryptocurrencies in money laundering, terrorism financing, and illicit activities more broadly, suffers from a lack of methodological consistency, absolute number of analyses, relevant time series, and definitional transparency. There is no consensus around the figures. Nevertheless, a few conclusions seem possible: the bulk of illicit activity takes place in fiat and not in cryptocurrencies (the level of adoption/penetration of cryptocurrencies is key); the proportion of illicit activities performed with cryptocurrencies is relatively small and decreasing over time in relative terms (due to increasing adoption of cryptocurrencies and their regulation). From a regulatory policy perspective, regulators should continue to fight illicit usages and discourage them through appropriate rules and enforcement. The industry should (continue to) cooperate.
Other Noteworthy Developments
The collapse of algorithmic stablecoin UST has led many regulators to accelerate cryptocurrency regulation. In the face of the market sell-off, the IMF and World Bank emphasise the opportunities of cryptofinance.
- Following the collapse of UST, the G7 has called for a swift and comprehensive regulation of crypto assets and has asked the Financial Stability Board (FSB) to advance the swift development and implementation of consistent and comprehensive regulation of crypto-asset issuers and service providers. The FSB stated, in turn, that the regulation and supervision of ‘unbacked’ crypto-assets and ‘stablecoins’ represents a priority. In the US, the Treasury has asked the Congress to pass stablecoin legislation by the end of 2022, and the Securities and Exchange Commission (SEC) has signalled an acceleration of the regulation of stablecoins. In the UK, the authorities have announced plans to regulate and legalise stablecoins, except for the algorithmic stablecoins.
- The IMF noted that people should not abandon cryptocurrencies following the collapse of UST, because crypto markets offer faster service, much lower costs, and promote inclusion. The World Bank emphasised the opportunities and challenges offered by cryptofinance, including stablecoins. Opportunities include the potential for improving the speed and cost of cross-border payments and remittances. Risks relate to financial integrity, consumer and investor protection, financial stability, fair competition, and monetary sovereignty.
The analyses around CBDCs and their implementation have continued to progress, as evidenced by a survey by the BIS, while the ECB tackles the issue of privacy.
- The BIS reported that 81 central banks are exploring CBDCs and more than a quarter of them are now developing or running concrete pilots. This BIS paper updates earlier surveys that asked central banks about their engagement in this area. Additionally, more than two thirds of central banks are likely to issue a retail CBDC in the short or medium term.
- The ECB released three distinct privacy solutions for the digital currency. The first is to limit the access of transaction data to commercial banks and exclude the ECB. Another possibility would allow for more anonymity or simplified checks on low-value transactions, while high-value transactions would be subject to routine restrictions. Lastly, a possibility would be to restrict the visibility of transactions and balances to intermediaries and ECB, at least for low-value/low-risk payments.
- The central bank of Nigeria recorded a higher-than-expected adoption rate for its eNaira and decided to upgrade it so that it may be used across a wider range of items and services. Israel plans the creation of a digital shekel, as all responses to the public consultation indicated support. The Central Bank of Chile has delayed its plans for a CBDC, as more analysis on the benefits and risks is required. Finally, South Korea has allowed the central bank to launch a CBDC in 2023.
Several jurisdictions achieved or announced milestones in building crypto regulatory frameworks. South Korea finally lifted its ICO ban.
- Uzbekistan has expanded its crypto regulations to include definitions of technical terms and determine the main regulatory body for the industry. Cyprus is poised to forerun the EU legislation and regulate crypto assets on its own. Turkey is preparing a draft legislation to regulate crypto exchanges. South Korea is expected to lift the ban on ICO introduced in 2017.
Thanks to regulatory action and the ineluctable adoption of cryptocurrencies, the proportion of illicit cryptocurrency usages has continued to diminish over time. The preferred transaction playing field for perpetrators of money laundering, terrorism financing, and other illicit activities for the foreseeable future will continue to remain the fiat environment, and indissociably, their service providers.