Virtual Currencies Presentation at ACC's 5th Annual Financial Crimes Conference in Abu Dhabi, United Arab Emirates

  • 4,223 views
Uploaded on

This pioneering seminar attempted to elucidate the rise, purpose, operational intricacies, societal benefits and multiple risks of Bitcoin and the emerging breed of alternative digital currencies. …

This pioneering seminar attempted to elucidate the rise, purpose, operational intricacies, societal benefits and multiple risks of Bitcoin and the emerging breed of alternative digital currencies. For the first time in history, Bitcoin allows individual consumers to make payments and move funds securely, completely outside of the traditional financial system. In recent months, there has been a lot of hype about the risk of virtual currencies, but not much explanation about how they work and what the real risks and also societal benefits are. In this session, regulators, executives and risk managers had the opportunity to learn how Bitcoin and other digital currencies work, what the true risks are and what can be done to both manage the risks and exploit the opportunities.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,223
On Slideshare
0
From Embeds
0
Number of Embeds
9

Actions

Shares
Downloads
52
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Virtual Currencies, Cyber-Payments and Regulatory Compliance by Juan Llanos, CAMS ACC 5th Annual International Conference Abu Dhabi, November 26 , 2013
  • 2. Adult population with NO USE OF formal or semiformal FINANCIAL SERVICES © 2013 JuanLlanos
  • 3. 2/3 of adults (17 million) | 25% of GNP | 40,000 agents © 2013 JuanLlanos
  • 4. M-PESA  Swahili for mobile money © 2013 JuanLlanos
  • 5. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 6. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 7. Think of Bitcoin as a numbered Swiss bank account living on your smartphone. *…+ retail and online purchases can be made with virtually no transaction fees. It's the ultimate bank debit card, except there's no card –or bank for that matter. Robert Berry © 2013 JuanLlanos
  • 8. What is ? Intro Video 1 Intro Video 2 © 2013 JuanLlanos
  • 9. D I G I TA L PAY M E N T S N E T W O R K D I G I TA L M O N E Y PROTOCOL © 2013 JuanLlanos
  • 10. D I G I TA L PAY M E N T S N E T W O R K INSTANTANEOUS SECURE LOW COST GLOBAL TRANSFER OF VALUE
  • 11. D I G I TA L M O N E Y TRANSACTIONS IN “BITCOINS” DOLLAR VALUE  OPEN MARKET COUNTERFEIT-PROOF “ONLINE CASH” TOTAL CAPPED INFLATION-PROOF © 2013 JuanLlanos
  • 12. “bitcoins” SCARCE  Central Banks can’t inflate them DURABLE  they don’t degrade PORTABLE  can be carried and transmitted electronically or as numbers in your head DIVISIBLE  into trillionths VERIFIABLE  through everyone’s block chain EASY TO STORE  paper or electronic FUNGIBLE  each bitcoin is equal DIFFICULT TO COUNTERFEIT  cryptographically impossible Naval Ravikant © 2013 JuanLlanos
  • 13. PROTOCOL APPLICATIONS BEYOND PAYMENTS  SECURE CONTRACTS, ESCROW, TAMPER PROOF VOTING, NOTARY SERVICES, ETC. P L AT F O R M F O R I N N O V AT I O N © 2013 JuanLlanos
  • 14. P L AT F O R M F O R I N N O V AT I O N • Contracts can be entered into, verified, and enforced completely electronically, using any third-party that you care to trust, or by the code itself. For free, within minutes, without possibility of forgery or revocation. • Any competent programmer has an API to cash, payments, escrow, wills, notaries, lotteries, dividends, micropayments, subscriptions, crowdfunding, and more. • While the traditional banks and credit card companies lock down access to their payments infrastructure to a handful of trusted parties, Bitcoin is open to all. Naval Ravikant © 2013 JuanLlanos
  • 15. ECO - SYST E M © 2013 JuanLlanos
  • 16. Ashton Kutcher Kevin Rose Paul Graham Al Gore W i n k l e v o s s Tw i n s N a s s i m N . Ta l e b
  • 17. DISTRIBUTED|DECENTRALIZED CENTRALIZED DISTRIBUTED © 2013 JuanLlanos
  • 18. PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER NO central authority or PEER financial institution in control PEER PEER PEER PEER PEER PEER PEER PEER M ATPEER- E N F O R C E D T R PEERS T H U PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER © 2013 JuanLlanos
  • 19. Payment + identity © 2013 JuanLlanos
  • 20. PAY M E N T & I D E N T I T Y S E PA R AT E D CONSUMER PRIVACY PROTECTED MERCHANTNO CHARGEBACKS / FRAUD Payment only © 2013 JuanLlanos
  • 21. T R A N S PA R E N C Y Every transaction that has ever occurred in the history of the bitcoin economy is publicly viewable in the BLOCK CHAIN. Privacy without anonymity  pseudonymity © 2013 JuanLlanos
  • 22. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 23. “ Virtual currencies promise to benefit commerce on many levels, from serving the unbanked to new financial products. I challenge our innovators: devise creative solutions to prevent virtual currency a b u s e .” FinCEN Director Jennifer Shasky Calvery © 2013 JuanLlanos
  • 24. C H A L L E N G ES R E G U L AT I O N T R A N S PA R E N C Y/ P R I VA C Y S P E C U L AT I O N SECURITY D I S R U P T I O N O F S TAT U S Q U O © 2013 JuanLlanos
  • 25. Before March 18, 2013 The Criminal Precedent that Could Curb Bitcoin’s Enthusiasm © 2013 JuanLlanos
  • 26. • ISSUER OF DIGITAL CURRENCY E-Gold • a medium of exchange offered over the Internet • Global acceptance without the need for conversion between national currencies • USED FOR ONLINE COMMERCE AND FOR FUNDS TRANSFERS BETWEEN INDIVIDUALS • FOUR PRIMARY STEPS 1. 2. 3. 4. Opening a digital currency account Converting national currency into “e-gold” to fund the account Using “e-gold” to buy a good or service or transfer funds to another person Exchanging “e-gold” back into national currency • PARTIES NEEDED: • Digital currency exchanges • Merchants or individuals that accepted “e-gold” • ABILITY TO OPERATE ACCOUNTS ANONYMOUSLY • Highly-favored method of payment by operators of “get-rich-quick” scams • ALL TRANSFERS OF “E-GOLD” WERE IRREVOCABLE AND IRREVERSIBLE © 2013 JuanLlanos
  • 27. E-Gold 2008-07 Guilty Plea • • • • Conspiracy To Launder Monetary Instruments (federal) Conspiracy To Commit The Offense Against The United States (federal) Operating Of Unlicensed Money Transmitting Business (federal) Transmitting Money Without A License (District of Columbia) “ T h e r o o t c a u s e s o f E - G o l d ’s f a i l u r e w e r e d e s i g n flaws in the account creation and provisioning logic that led to the unfortunate consequence of vulnerability to criminal abuse . “ We a c k n o w l e d g e t h a t E - G o l d i s i n d e e d a f i n a n c i a l institution or agency as defined in US law and should b e r e g u l a t e d a s a f i n a n c i a l i n s t i t u t i o n .” Douglas Jackson, E-Gold Founder © 2013 JuanLlanos
  • 28. March 18, 2013 FinCEN Guidance FIN-2013-G001 © 2013 JuanLlanos
  • 29. FinCEN Guidance FIN-2013-G001 • “Interpretive Guidance”  not new rule-making • Centralized vs. Decentralized virtual currencies • Virtual Currency Actors: • USER  a person that obtains virtual currency to purchase goods or services. • EXCHANGER  a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency. • ADMINISTRATOR  a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency. © 2013 JuanLlanos
  • 30. FinCEN Guidance FIN-2013-G001 • “An administrator or exchanger that (1) accepts and transmits a convertible virtual currency or (2) buys or sells convertible virtual currency for any reason is a money transmitter under FinCEN’s regulations *…+” • “Under FinCEN’s regulations, sending “value that substitutes for currency” to another person or to another location constitutes money transmission, unless a limitation to or exemption from the definition applies. This circumstance constitutes transmission to another location, namely from the user’s account at one location (e.g., a user’s real currency account at a bank) to the user’s convertible virtual currency account with the administrator.” • “To the extent that the convertible virtual currency is generally understood as a substitute for real currencies, transmitting the convertible virtual currency at the direction and for the benefit of the user constitutes money transmission on the part of the exchanger.” • “*…+ a person that creates units of convertible virtual currency and sells those units to another person for real currency or its equivalent is engaged in transmission to another location and is a money transmitter. In addition, a person is an exchanger and a money transmitter if the person accepts such de-centralized convertible virtual currency from one person and transmits it to another person as part of the acceptance and transfer of currency, funds, or other value that substitutes for currency.” © 2013 JuanLlanos
  • 31. FinCEN Guidance FIN-2013-G001 • Currency definitions: • REAL CURRENCY  the coin and paper money of the United States or of any other country that [i] is designated as legal tender and that [ii] circulates and [iii] is customarily used and accepted as a medium of exchange in the country of issuance. • VIRTUAL CURRENCY  medium of exchange that operates like currency in some environments, but does not have all the attributes of real currency; no legal tender status in any jurisdiction. • CONVERTIBLE VIRTUAL CURRENCY  either has an equivalent value in real currency, or acts as a substitute for real currency. © 2013 JuanLlanos
  • 32. FinCEN Guidance FIN-2013-G001 • PROBLEM #1  ALL USERS? How does the law apply if one obtains bitcoins not to purchase goods or services? Reasons: 1. speculation that the price of bitcoins will go up 2. simply because one trusts a virtual currency’s stability more than that of a particular “real currency” (think of Argentina or Zimbabwe), or 3. because one wants to make a remittance to a family member overseas. • PROBLEM #2  MINERS? • If mine and buy goods  users • If mine and sell bitcoins  money transmitters. Why? • Not transmitting bitcoins from one party to another (only 2 parties to the transaction) • No consumer to protect and no potential for money laundering • PROBLEM #3  NEW LAW IN THE GUIDANCE? • Definitions of “virtual currency” and “convertible virtual currency”  only in this guidance. © 2013 JuanLlanos
  • 33. After March 18, 2013 The End of Bitcoin as We Know It © 2013 JuanLlanos
  • 34. Liberty Reserve • alternative digital payment network • “Closed look”  centralized virtual currency (LR dollars) • shut down and its management indicted and arrested in May 2013. • “the largest money laundering case in U.S. history” • a convenient tool for foreign currency brokers, as it allowed them to bypass local legislation and avoid exchange rate fluctuations • “a shadowy netherworld of cyber-finance” • its realm of anonymity made it a popular hub for fraudsters, hackers and traffickers © 2013 JuanLlanos
  • 35. Liberty Reserve Indictment [x] ANONYMITY  product has to dissuade the bad element, never attract it. • “deliberately attracting, and maintaining a customer base of criminals by making financial activity on LR anonymous and untraceable.” • “designed so that criminals could effect financial transactions under multiple layers of anonymity and thereby avoid apprehension by law enforcement.” [y] COMPLIANCE  product and operations cannot be in violation of any applicable laws and regulations (the “form” or “paper” side of compliance). • “was not registered as a money transmitting business with FinCEN” • “operated an unlicensed money transmitting business.” [z] SUBSTANCE  what is written in their policy must actually be implemented. Businesses must be run with integrity, responsibility and control. • “intentionally creating, structuring, and operating LR as a criminal business venture, one designed to help criminals conduct illegal transactions and launder the proceeds of their crimes.” • “lying to anti-money laundering authorities in Costa Rica, pretending to shut down LR after learning the company was being investigated by US law enforcement (only to continue operating the business through a set of shell companies)” • “created a system to feign compliance with anti-money laundering procedures, *…+ including a ‘fake’ portal that was manipulated to hide data that LR did not want regulators to see.” © 2013 JuanLlanos
  • 36. Money transmitters and their agents are perceived as HIGH RISK of • ABUSE TO CONSUMER • MONEY LAUNDERING • TERRORIST FINANCING Money transmission = highly regulated industry © 2013 JuanLlanos
  • 37. Money Transmitter Regulation (US) Main Risk Areas Main Statutes and Regs Anti-Money Laundering Anti-Terrorism Financing (CFT) Privacy and Information Security Safety and soundness Consumer protection BSA, USA PATRIOT Act, Money Laundering Acts USA PATRIOT Act, OFAC Gramm-Leach-Bliley State (via licensing) State (via licensing) + Dodd-Frank / Regulation E (CFPB) Focus  AML/BSA + State Compliance © 2013 JuanLlanos
  • 38. Money Transmitter Risk Fronts Operational Customer (Sender & Recipient) MT Risks Foreign Counterparty Agent (B&M, online) © 2013 JuanLlanos
  • 39. © 2013 JuanLlanos
  • 40. Customer Risks and Mitigators RISKS MITIGATORS Complicity with agent or foreign counterparty Customer acceptance, monitoring and termination protocols Complicity with recipient (or sender) Transaction & behavior monitoring ‘Drip-irrigation’ transfer of illicit funds (O2M recipients, M2O recipient, M2M recipients) Lower identity verification thresholds at origin and destination Intra-company structuring Inter-company structuring (‘smurfing’) Terrorist financing For cards, maximum loadable amounts, expiration date, and limited number of recipients. Redundant identity verification procedures at destination POS training OFAC screening Eventually, intercompany transaction monitoring by highly-professional and secure clearing house. This is the only possible antidote against ‘smurfing’. © 2013 JuanLlanos
  • 41. Corporate Safeguards* 1. A designated compliance officer + professional team 2. Written policies and procedures + operational controls: • • • Licensing, renewal and reporting procedures (S) Registration, record-keeping and report-filing procedures (F) KY (Know Your…) Subprograms: Acceptance, monitoring, correction and termination • • • • • • • • • KY…Customer KY…Agent KY…Foreign Counterparty KY…Employee KY…Vendor Monitoring, analysis and investigating procedures OFAC compliance program Response to official information requests Privacy and information security protection protocols 3. An on-going training program • Risk & Compliance Committee 4. An independent compliance auditing function * AML Program Elements (Section 352 of the USA PATRIOT Act) © 2013 JuanLlanos
  • 42. Key Elements of a BSA/AML Program • State Compliance: Licensing, renewal and reporting procedures // Consumer protection disclosures, etc. • Federal Compliance: Registration, record-keeping and report-filing procedures (F) • KY (Know Your…) Subprograms: Acceptance, monitoring, correction and termination (Life-Cycle Management) • • • • • KY…Customer KY…Agent KY…Foreign Correspondent or Counterparty KY…Employee KY…Vendor • SA Detection: Monitoring, analysis and investigating procedures • Information Sharing: Response to information requests • OFAC Compliance Program • Privacy and information security protection protocols (GLBA) © 2013 JuanLlanos
  • 43. Product Safeguards • • • • • • Anonymous identification No value limits Anonymous funding No transaction records Wide geographical use No usage limits Cash features Anything we do to counter these will mitigate the risk of our product! © 2013 JuanLlanos
  • 44. Customer Identification Non-Face to Face  Card not present standards DOCUMENTARY  Review an unexpired government-issued form of identification from most customers. • • • • evidence of a customer’s nationality or residence photograph or similar safeguard form a reasonable belief that of the true identity of the customer. E.g.: driver’s license (U.S.) or passport. NON-DOCUMENTARY  Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source • contacting a customer • checking references or obtaining a financial statement © 2013 JuanLlanos
  • 45. Authentication Strength Multifactor authentication: • • • Something the user knows (e.g., password, PIN) Something the user has (e.g., ATM card, smart card) Something the user is (e.g., biometric feature) Authentication methods: • • • • • • Shared secrets Tokens (smart card, one-time password generating device) Biometrics (fingerprint, face, voice, keystroke recognition) Out-of-band authentication Internet protocol address (IPA) location and geo-location Mutual identification Source: FFIEC © 2013 JuanLlanos
  • 46. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 47. “What customers do speaks so loudly that I cannot hear what they’re saying.” (Paraphrasing Ralph Waldo Emerson) Customer identification vs. customer knowledge B E H AV I O R A L A N A LY T I C S © 2013 JuanLlanos
  • 48. Machine Learning (AI) Methods SUPERVISED LEARNING: relies on two labeled classes (good vs. bad) Goal  Detect known suspicious patterns 1. Training set: a. Select dataset with clean and dirty cases. b. Classification algorithm to discriminate between the two classes (finds the rules or conditions) c. Probabilities of class 1 and class 2 assignment 2. Run discrimination method on all future purchases. UNSUPERVISED LEARNING: no class labels Goal  Detect anomalies 1. Takes recent purchase history and summarize in descriptive statistics. 2. Measure whether selected variables exceed a certain threshold. (deviations from the norm) 3. Sounds alarm and records a high score. © 2013 Juan Llanos © 2013 JuanLlanos
  • 49. Known Suspicious Behaviors • • • • • • • • Structuring (Many-to-one) High amounts High frequency Use of multiple locations Use of multiple identities Use of untrusted device Values just below threshold Immediate withdrawals © 2013 JuanLlanos
  • 50. Sample Entity Pair Concentration Analysis © 2013 JuanLlanos
  • 51. Sample Geographical Concentration (“heat”) Map © 2013 JuanLlanos
  • 52. An Analysis of Anonymity in the Bitcoin System - Bitcoin is Not Anonymous by Fergal Reid and Martin Harrigan (2011) Link: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html • The entire history of Bitcoin transactions is publicly available. • “Using an appropriate network representation, it is possible to associate many public-keys with each other, and with external identifying information.” • “Large centralized services such as the exchanges and wallet services are capable of identifying and tracking considerable portions of user activity.” © 2013 JuanLlanos
  • 53. • The victim woke up on the morning of 13/06/2011 to find a large portion of his Bitcoins sent to1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg. • The alleged theft occurred on 13/06/2011 at 16:52:23 UTC shortly after somebody broke into the victim's Slush pool account and changed the payout address to 15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f. • The Bitcoins rightfully belong to1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG. © 2013 JuanLlanos
  • 54. © 2013 JuanLlanos
  • 55. Bitcoin Anonymous Untraceable “Invisible to law enforcement and the taxman” Myths © 2013 JuanLlanos
  • 56. Resources • Bitcoin Educational Resources: http://www.forbes.com/sites/jonmatonis/2013/05/13/6-new-bitcoin-educationalresources/ • Bitcoin Education Project (Udemy): https://www.udemy.com/bitcoin-or-how-ilearned-to-stop-worrying-and-love-crypto/ • Bitcoin Primer for Policymakers: http://mercatus.org/sites/default/files/Brito_BitcoinPrimer_embargoed.pdf • Bitcoin Wiki: https://en.bitcoin.it/wiki/Main_Page • Cato Unbound-The Private Digital Economy: http://www.catounbound.org/issues/july-2013/private-digital-economy • • • • CoinDesk: http://www.coindesk.com/ Contrarian Compliance: http://contrariancompliance.com/ Let’s Talk Bitcoin: http://letstalkbitcoin.com/ Khan Academy Bitcoin Series: https://www.khanacademy.org/economics-financedomain/core-finance/money-and-banking/bitcoin/v/bitcoin-what-is-it • We Use Coins: https://www.weusecoins.com/en/ © 2013 JuanLlanos
  • 57. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  • 58. • Prevention trumps damage control • Risk MGT  Both reducing downside and increasing upside • Simplicity and common sense • Train for behavior change, not theoretical knowledge • Form-substance continuum  substance • Letter-spirit continuum  focus on spirit (underlying purpose and values) facilitates • Operational synergies (leveraging tech) • Compliance without compromising performance • Flexibility and sustainability © 2013 JuanLlanos
  • 59. W h at i f … ? © 2013 JuanLlanos
  • 60. Adult population with NO USE OF formal or semiformal FINANCIAL SERVICES © 2013 JuanLlanos
  • 61. BRAZIL CUBA CYPRUS VENEZUELA ZIMBABWE Etc., Etc… © 2013 JuanLlanos
  • 62. © 2013 JuanLlanos
  • 63. Underground Ec o n o my © 2013 JuanLlanos
  • 64. “If you haven't heard of BITCOIN, drop what you're doing and go research it, for it is THE MOST IMPORTANT PROJECT ON THE PLANET.” Erik Voorhees
  • 65. Thank you! Juan Llanos EVP & Compliance Officer Unidos Financial Services, Inc. 275 Seventh Ave. - 20th Floor New York, NY 10001 Direct: (646) 485-2264 Mobile: (646) 201-6217 Email: jllanos@unidosfinancial.com LinkedIn: www.linkedin.com/in/juanllanos Twitter: @JuanLlanos Blog: contrariancompliance.com © 2013 Juan Llanos