Virtual Currencies,
Cyber-Payments and
Regulatory Compliance
by Juan Llanos, CAMS
ACC 5th Annual International Conference
...
Adult population with NO USE OF formal or semiformal FINANCIAL SERVICES

© 2013 JuanLlanos
2/3 of adults (17 million) | 25% of GNP | 40,000 agents
© 2013 JuanLlanos
M-PESA  Swahili for mobile money

© 2013 JuanLlanos
Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why it’s revolutionary
2. Risk Identification & Mitigation
a...
Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why it’s revolutionary
2. Risk Identification & Mitigation
a...
Think of Bitcoin as a numbered Swiss
bank account living on your
smartphone. *…+ retail and online
purchases can be made w...
What is
?
Intro Video 1
Intro Video 2
© 2013 JuanLlanos
D I G I TA L PAY M E N T S N E T W O R K
D I G I TA L M O N E Y
PROTOCOL
© 2013 JuanLlanos
D I G I TA L PAY M E N T S N E T W O R K

INSTANTANEOUS
SECURE
LOW COST
GLOBAL TRANSFER OF VALUE
D I G I TA L M O N E Y

TRANSACTIONS IN “BITCOINS”
DOLLAR VALUE  OPEN MARKET
COUNTERFEIT-PROOF “ONLINE CASH”
TOTAL CAPPED...
“bitcoins”
SCARCE  Central Banks can’t inflate them
DURABLE  they don’t degrade
PORTABLE  can be carried and transmitte...
PROTOCOL

APPLICATIONS BEYOND PAYMENTS 
SECURE CONTRACTS, ESCROW, TAMPER PROOF VOTING, NOTARY SERVICES, ETC.
P L AT F O R...
P L AT F O R M F O R I N N O V AT I O N
• Contracts can be entered into, verified, and enforced
completely electronically,...
ECO - SYST E M

© 2013 JuanLlanos
Ashton Kutcher

Kevin Rose

Paul Graham

Al Gore

W i n k l e v o s s Tw i n s

N a s s i m N . Ta l e b
DISTRIBUTED|DECENTRALIZED
CENTRALIZED

DISTRIBUTED

© 2013 JuanLlanos
PEER

PEER

PEER
PEER

PEER

PEER
PEER
PEER

PEER

PEER

PEER

PEER

PEER

PEER

PEER

NO central authority or
PEER
financ...
Payment
+ identity

© 2013 JuanLlanos
PAY M E N T & I D E N T I T Y
S E PA R AT E D
CONSUMER PRIVACY PROTECTED
MERCHANTNO CHARGEBACKS / FRAUD
Payment only

© ...
T R A N S PA R E N C Y
Every transaction that has ever
occurred in the history of the bitcoin
economy is publicly viewable...
Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why it’s revolutionary
2. Risk Identification & Mitigation
a...
“ Virtual currencies promise
to benefit commerce on
many levels, from serving
the unbanked to new
financial products. I
ch...
C H A L L E N G ES
R E G U L AT I O N
T R A N S PA R E N C Y/ P R I VA C Y
S P E C U L AT I O N
SECURITY
D I S R U P T I O...
Before March 18, 2013

The Criminal Precedent that Could
Curb Bitcoin’s Enthusiasm

© 2013 JuanLlanos
• ISSUER OF DIGITAL CURRENCY

E-Gold

• a medium of exchange offered over the Internet
• Global acceptance without the nee...
E-Gold
2008-07 Guilty Plea
•
•
•
•

Conspiracy To Launder Monetary Instruments (federal)
Conspiracy To Commit The Offense ...
March 18, 2013
FinCEN Guidance FIN-2013-G001

© 2013 JuanLlanos
FinCEN Guidance FIN-2013-G001
• “Interpretive Guidance”  not new rule-making
• Centralized vs. Decentralized virtual curr...
FinCEN Guidance FIN-2013-G001
• “An administrator or exchanger that (1) accepts and transmits a
convertible virtual curren...
FinCEN Guidance FIN-2013-G001
• Currency definitions:
• REAL CURRENCY  the coin and paper money of the
United States or o...
FinCEN Guidance FIN-2013-G001
• PROBLEM #1  ALL USERS? How does the law apply if one
obtains bitcoins not to purchase goo...
After March 18, 2013

The End of Bitcoin as We Know It

© 2013 JuanLlanos
Liberty Reserve
• alternative digital payment network
• “Closed look”  centralized virtual currency (LR
dollars)
• shut d...
Liberty Reserve Indictment
[x] ANONYMITY  product has to dissuade the bad element, never attract it.
• “deliberately attr...
Money transmitters
and their agents are perceived as

HIGH RISK

of

• ABUSE TO CONSUMER
• MONEY LAUNDERING
• TERRORIST FI...
Money Transmitter Regulation (US)
Main Risk Areas Main Statutes and Regs
Anti-Money Laundering
Anti-Terrorism Financing (C...
Money Transmitter Risk Fronts
Operational

Customer
(Sender & Recipient)

MT Risks
Foreign
Counterparty

Agent
(B&M, onlin...
© 2013 JuanLlanos
Customer Risks and Mitigators
RISKS

MITIGATORS

Complicity with agent or foreign
counterparty

Customer acceptance, monit...
Corporate Safeguards*
1. A designated compliance officer + professional team
2. Written policies and procedures + operatio...
Key Elements of a BSA/AML Program
• State Compliance: Licensing, renewal and reporting
procedures // Consumer protection d...
Product Safeguards
•
•
•
•
•
•

Anonymous identification
No value limits
Anonymous funding
No transaction records
Wide geo...
Customer Identification
Non-Face to Face  Card not present standards
DOCUMENTARY  Review an unexpired government-issued ...
Authentication Strength
Multifactor authentication:
•
•
•

Something the user knows (e.g., password, PIN)
Something the us...
Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why it’s revolutionary
2. Risk Identification & Mitigation
a...
“What customers do
speaks so loudly that
I cannot hear what
they’re saying.”
(Paraphrasing Ralph Waldo Emerson)

Customer ...
Machine Learning (AI) Methods
SUPERVISED LEARNING: relies on two labeled classes (good vs. bad)
Goal  Detect known suspic...
Known Suspicious Behaviors
•
•
•
•
•
•
•
•

Structuring (Many-to-one)
High amounts
High frequency
Use of multiple location...
Sample Entity Pair
Concentration
Analysis

© 2013 JuanLlanos
Sample
Geographical
Concentration
(“heat”) Map

© 2013 JuanLlanos
An Analysis of Anonymity in the Bitcoin System - Bitcoin is Not
Anonymous
by Fergal Reid and Martin Harrigan (2011)
Link: ...
• The victim woke up on the morning of 13/06/2011 to find a large portion of
his Bitcoins sent to1KPTdMb6p7H3YCwsyFqrEmKGm...
© 2013 JuanLlanos
Bitcoin
Anonymous
Untraceable
“Invisible to law enforcement and the taxman”

Myths
© 2013 JuanLlanos
Resources

• Bitcoin Educational Resources:

http://www.forbes.com/sites/jonmatonis/2013/05/13/6-new-bitcoin-educationalre...
Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why it’s revolutionary
2. Risk Identification & Mitigation
a...
• Prevention trumps damage control
• Risk MGT  Both reducing downside and
increasing upside
• Simplicity and common sense...
W h at i f … ?

© 2013 JuanLlanos
Adult population with NO USE OF formal or semiformal FINANCIAL SERVICES

© 2013 JuanLlanos
BRAZIL
CUBA
CYPRUS
VENEZUELA
ZIMBABWE
Etc., Etc…
© 2013 JuanLlanos
© 2013 JuanLlanos
Underground Ec o n o my

© 2013 JuanLlanos
“If you haven't heard of
BITCOIN, drop what you're
doing and go research it,
for it is THE MOST
IMPORTANT PROJECT ON
THE P...
Thank you!
Juan Llanos

EVP & Compliance Officer
Unidos Financial Services, Inc.
275 Seventh Ave. - 20th Floor
New York, N...
Virtual Currencies Presentation at ACC's 5th Annual Financial Crimes Conference in Abu Dhabi, United Arab Emirates
Upcoming SlideShare
Loading in...5
×

Virtual Currencies Presentation at ACC's 5th Annual Financial Crimes Conference in Abu Dhabi, United Arab Emirates

12,722

Published on

This pioneering seminar attempted to elucidate the rise, purpose, operational intricacies, societal benefits and multiple risks of Bitcoin and the emerging breed of alternative digital currencies. For the first time in history, Bitcoin allows individual consumers to make payments and move funds securely, completely outside of the traditional financial system. In recent months, there has been a lot of hype about the risk of virtual currencies, but not much explanation about how they work and what the real risks and also societal benefits are. In this session, regulators, executives and risk managers had the opportunity to learn how Bitcoin and other digital currencies work, what the true risks are and what can be done to both manage the risks and exploit the opportunities.

Published in: Economy & Finance, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
12,722
On Slideshare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
64
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Virtual Currencies Presentation at ACC's 5th Annual Financial Crimes Conference in Abu Dhabi, United Arab Emirates

  1. 1. Virtual Currencies, Cyber-Payments and Regulatory Compliance by Juan Llanos, CAMS ACC 5th Annual International Conference Abu Dhabi, November 26 , 2013
  2. 2. Adult population with NO USE OF formal or semiformal FINANCIAL SERVICES © 2013 JuanLlanos
  3. 3. 2/3 of adults (17 million) | 25% of GNP | 40,000 agents © 2013 JuanLlanos
  4. 4. M-PESA  Swahili for mobile money © 2013 JuanLlanos
  5. 5. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  6. 6. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  7. 7. Think of Bitcoin as a numbered Swiss bank account living on your smartphone. *…+ retail and online purchases can be made with virtually no transaction fees. It's the ultimate bank debit card, except there's no card –or bank for that matter. Robert Berry © 2013 JuanLlanos
  8. 8. What is ? Intro Video 1 Intro Video 2 © 2013 JuanLlanos
  9. 9. D I G I TA L PAY M E N T S N E T W O R K D I G I TA L M O N E Y PROTOCOL © 2013 JuanLlanos
  10. 10. D I G I TA L PAY M E N T S N E T W O R K INSTANTANEOUS SECURE LOW COST GLOBAL TRANSFER OF VALUE
  11. 11. D I G I TA L M O N E Y TRANSACTIONS IN “BITCOINS” DOLLAR VALUE  OPEN MARKET COUNTERFEIT-PROOF “ONLINE CASH” TOTAL CAPPED INFLATION-PROOF © 2013 JuanLlanos
  12. 12. “bitcoins” SCARCE  Central Banks can’t inflate them DURABLE  they don’t degrade PORTABLE  can be carried and transmitted electronically or as numbers in your head DIVISIBLE  into trillionths VERIFIABLE  through everyone’s block chain EASY TO STORE  paper or electronic FUNGIBLE  each bitcoin is equal DIFFICULT TO COUNTERFEIT  cryptographically impossible Naval Ravikant © 2013 JuanLlanos
  13. 13. PROTOCOL APPLICATIONS BEYOND PAYMENTS  SECURE CONTRACTS, ESCROW, TAMPER PROOF VOTING, NOTARY SERVICES, ETC. P L AT F O R M F O R I N N O V AT I O N © 2013 JuanLlanos
  14. 14. P L AT F O R M F O R I N N O V AT I O N • Contracts can be entered into, verified, and enforced completely electronically, using any third-party that you care to trust, or by the code itself. For free, within minutes, without possibility of forgery or revocation. • Any competent programmer has an API to cash, payments, escrow, wills, notaries, lotteries, dividends, micropayments, subscriptions, crowdfunding, and more. • While the traditional banks and credit card companies lock down access to their payments infrastructure to a handful of trusted parties, Bitcoin is open to all. Naval Ravikant © 2013 JuanLlanos
  15. 15. ECO - SYST E M © 2013 JuanLlanos
  16. 16. Ashton Kutcher Kevin Rose Paul Graham Al Gore W i n k l e v o s s Tw i n s N a s s i m N . Ta l e b
  17. 17. DISTRIBUTED|DECENTRALIZED CENTRALIZED DISTRIBUTED © 2013 JuanLlanos
  18. 18. PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER NO central authority or PEER financial institution in control PEER PEER PEER PEER PEER PEER PEER PEER M ATPEER- E N F O R C E D T R PEERS T H U PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER PEER © 2013 JuanLlanos
  19. 19. Payment + identity © 2013 JuanLlanos
  20. 20. PAY M E N T & I D E N T I T Y S E PA R AT E D CONSUMER PRIVACY PROTECTED MERCHANTNO CHARGEBACKS / FRAUD Payment only © 2013 JuanLlanos
  21. 21. T R A N S PA R E N C Y Every transaction that has ever occurred in the history of the bitcoin economy is publicly viewable in the BLOCK CHAIN. Privacy without anonymity  pseudonymity © 2013 JuanLlanos
  22. 22. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  23. 23. “ Virtual currencies promise to benefit commerce on many levels, from serving the unbanked to new financial products. I challenge our innovators: devise creative solutions to prevent virtual currency a b u s e .” FinCEN Director Jennifer Shasky Calvery © 2013 JuanLlanos
  24. 24. C H A L L E N G ES R E G U L AT I O N T R A N S PA R E N C Y/ P R I VA C Y S P E C U L AT I O N SECURITY D I S R U P T I O N O F S TAT U S Q U O © 2013 JuanLlanos
  25. 25. Before March 18, 2013 The Criminal Precedent that Could Curb Bitcoin’s Enthusiasm © 2013 JuanLlanos
  26. 26. • ISSUER OF DIGITAL CURRENCY E-Gold • a medium of exchange offered over the Internet • Global acceptance without the need for conversion between national currencies • USED FOR ONLINE COMMERCE AND FOR FUNDS TRANSFERS BETWEEN INDIVIDUALS • FOUR PRIMARY STEPS 1. 2. 3. 4. Opening a digital currency account Converting national currency into “e-gold” to fund the account Using “e-gold” to buy a good or service or transfer funds to another person Exchanging “e-gold” back into national currency • PARTIES NEEDED: • Digital currency exchanges • Merchants or individuals that accepted “e-gold” • ABILITY TO OPERATE ACCOUNTS ANONYMOUSLY • Highly-favored method of payment by operators of “get-rich-quick” scams • ALL TRANSFERS OF “E-GOLD” WERE IRREVOCABLE AND IRREVERSIBLE © 2013 JuanLlanos
  27. 27. E-Gold 2008-07 Guilty Plea • • • • Conspiracy To Launder Monetary Instruments (federal) Conspiracy To Commit The Offense Against The United States (federal) Operating Of Unlicensed Money Transmitting Business (federal) Transmitting Money Without A License (District of Columbia) “ T h e r o o t c a u s e s o f E - G o l d ’s f a i l u r e w e r e d e s i g n flaws in the account creation and provisioning logic that led to the unfortunate consequence of vulnerability to criminal abuse . “ We a c k n o w l e d g e t h a t E - G o l d i s i n d e e d a f i n a n c i a l institution or agency as defined in US law and should b e r e g u l a t e d a s a f i n a n c i a l i n s t i t u t i o n .” Douglas Jackson, E-Gold Founder © 2013 JuanLlanos
  28. 28. March 18, 2013 FinCEN Guidance FIN-2013-G001 © 2013 JuanLlanos
  29. 29. FinCEN Guidance FIN-2013-G001 • “Interpretive Guidance”  not new rule-making • Centralized vs. Decentralized virtual currencies • Virtual Currency Actors: • USER  a person that obtains virtual currency to purchase goods or services. • EXCHANGER  a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency. • ADMINISTRATOR  a person engaged as a business in issuing (putting into circulation) a virtual currency, and who has the authority to redeem (to withdraw from circulation) such virtual currency. © 2013 JuanLlanos
  30. 30. FinCEN Guidance FIN-2013-G001 • “An administrator or exchanger that (1) accepts and transmits a convertible virtual currency or (2) buys or sells convertible virtual currency for any reason is a money transmitter under FinCEN’s regulations *…+” • “Under FinCEN’s regulations, sending “value that substitutes for currency” to another person or to another location constitutes money transmission, unless a limitation to or exemption from the definition applies. This circumstance constitutes transmission to another location, namely from the user’s account at one location (e.g., a user’s real currency account at a bank) to the user’s convertible virtual currency account with the administrator.” • “To the extent that the convertible virtual currency is generally understood as a substitute for real currencies, transmitting the convertible virtual currency at the direction and for the benefit of the user constitutes money transmission on the part of the exchanger.” • “*…+ a person that creates units of convertible virtual currency and sells those units to another person for real currency or its equivalent is engaged in transmission to another location and is a money transmitter. In addition, a person is an exchanger and a money transmitter if the person accepts such de-centralized convertible virtual currency from one person and transmits it to another person as part of the acceptance and transfer of currency, funds, or other value that substitutes for currency.” © 2013 JuanLlanos
  31. 31. FinCEN Guidance FIN-2013-G001 • Currency definitions: • REAL CURRENCY  the coin and paper money of the United States or of any other country that [i] is designated as legal tender and that [ii] circulates and [iii] is customarily used and accepted as a medium of exchange in the country of issuance. • VIRTUAL CURRENCY  medium of exchange that operates like currency in some environments, but does not have all the attributes of real currency; no legal tender status in any jurisdiction. • CONVERTIBLE VIRTUAL CURRENCY  either has an equivalent value in real currency, or acts as a substitute for real currency. © 2013 JuanLlanos
  32. 32. FinCEN Guidance FIN-2013-G001 • PROBLEM #1  ALL USERS? How does the law apply if one obtains bitcoins not to purchase goods or services? Reasons: 1. speculation that the price of bitcoins will go up 2. simply because one trusts a virtual currency’s stability more than that of a particular “real currency” (think of Argentina or Zimbabwe), or 3. because one wants to make a remittance to a family member overseas. • PROBLEM #2  MINERS? • If mine and buy goods  users • If mine and sell bitcoins  money transmitters. Why? • Not transmitting bitcoins from one party to another (only 2 parties to the transaction) • No consumer to protect and no potential for money laundering • PROBLEM #3  NEW LAW IN THE GUIDANCE? • Definitions of “virtual currency” and “convertible virtual currency”  only in this guidance. © 2013 JuanLlanos
  33. 33. After March 18, 2013 The End of Bitcoin as We Know It © 2013 JuanLlanos
  34. 34. Liberty Reserve • alternative digital payment network • “Closed look”  centralized virtual currency (LR dollars) • shut down and its management indicted and arrested in May 2013. • “the largest money laundering case in U.S. history” • a convenient tool for foreign currency brokers, as it allowed them to bypass local legislation and avoid exchange rate fluctuations • “a shadowy netherworld of cyber-finance” • its realm of anonymity made it a popular hub for fraudsters, hackers and traffickers © 2013 JuanLlanos
  35. 35. Liberty Reserve Indictment [x] ANONYMITY  product has to dissuade the bad element, never attract it. • “deliberately attracting, and maintaining a customer base of criminals by making financial activity on LR anonymous and untraceable.” • “designed so that criminals could effect financial transactions under multiple layers of anonymity and thereby avoid apprehension by law enforcement.” [y] COMPLIANCE  product and operations cannot be in violation of any applicable laws and regulations (the “form” or “paper” side of compliance). • “was not registered as a money transmitting business with FinCEN” • “operated an unlicensed money transmitting business.” [z] SUBSTANCE  what is written in their policy must actually be implemented. Businesses must be run with integrity, responsibility and control. • “intentionally creating, structuring, and operating LR as a criminal business venture, one designed to help criminals conduct illegal transactions and launder the proceeds of their crimes.” • “lying to anti-money laundering authorities in Costa Rica, pretending to shut down LR after learning the company was being investigated by US law enforcement (only to continue operating the business through a set of shell companies)” • “created a system to feign compliance with anti-money laundering procedures, *…+ including a ‘fake’ portal that was manipulated to hide data that LR did not want regulators to see.” © 2013 JuanLlanos
  36. 36. Money transmitters and their agents are perceived as HIGH RISK of • ABUSE TO CONSUMER • MONEY LAUNDERING • TERRORIST FINANCING Money transmission = highly regulated industry © 2013 JuanLlanos
  37. 37. Money Transmitter Regulation (US) Main Risk Areas Main Statutes and Regs Anti-Money Laundering Anti-Terrorism Financing (CFT) Privacy and Information Security Safety and soundness Consumer protection BSA, USA PATRIOT Act, Money Laundering Acts USA PATRIOT Act, OFAC Gramm-Leach-Bliley State (via licensing) State (via licensing) + Dodd-Frank / Regulation E (CFPB) Focus  AML/BSA + State Compliance © 2013 JuanLlanos
  38. 38. Money Transmitter Risk Fronts Operational Customer (Sender & Recipient) MT Risks Foreign Counterparty Agent (B&M, online) © 2013 JuanLlanos
  39. 39. © 2013 JuanLlanos
  40. 40. Customer Risks and Mitigators RISKS MITIGATORS Complicity with agent or foreign counterparty Customer acceptance, monitoring and termination protocols Complicity with recipient (or sender) Transaction & behavior monitoring ‘Drip-irrigation’ transfer of illicit funds (O2M recipients, M2O recipient, M2M recipients) Lower identity verification thresholds at origin and destination Intra-company structuring Inter-company structuring (‘smurfing’) Terrorist financing For cards, maximum loadable amounts, expiration date, and limited number of recipients. Redundant identity verification procedures at destination POS training OFAC screening Eventually, intercompany transaction monitoring by highly-professional and secure clearing house. This is the only possible antidote against ‘smurfing’. © 2013 JuanLlanos
  41. 41. Corporate Safeguards* 1. A designated compliance officer + professional team 2. Written policies and procedures + operational controls: • • • Licensing, renewal and reporting procedures (S) Registration, record-keeping and report-filing procedures (F) KY (Know Your…) Subprograms: Acceptance, monitoring, correction and termination • • • • • • • • • KY…Customer KY…Agent KY…Foreign Counterparty KY…Employee KY…Vendor Monitoring, analysis and investigating procedures OFAC compliance program Response to official information requests Privacy and information security protection protocols 3. An on-going training program • Risk & Compliance Committee 4. An independent compliance auditing function * AML Program Elements (Section 352 of the USA PATRIOT Act) © 2013 JuanLlanos
  42. 42. Key Elements of a BSA/AML Program • State Compliance: Licensing, renewal and reporting procedures // Consumer protection disclosures, etc. • Federal Compliance: Registration, record-keeping and report-filing procedures (F) • KY (Know Your…) Subprograms: Acceptance, monitoring, correction and termination (Life-Cycle Management) • • • • • KY…Customer KY…Agent KY…Foreign Correspondent or Counterparty KY…Employee KY…Vendor • SA Detection: Monitoring, analysis and investigating procedures • Information Sharing: Response to information requests • OFAC Compliance Program • Privacy and information security protection protocols (GLBA) © 2013 JuanLlanos
  43. 43. Product Safeguards • • • • • • Anonymous identification No value limits Anonymous funding No transaction records Wide geographical use No usage limits Cash features Anything we do to counter these will mitigate the risk of our product! © 2013 JuanLlanos
  44. 44. Customer Identification Non-Face to Face  Card not present standards DOCUMENTARY  Review an unexpired government-issued form of identification from most customers. • • • • evidence of a customer’s nationality or residence photograph or similar safeguard form a reasonable belief that of the true identity of the customer. E.g.: driver’s license (U.S.) or passport. NON-DOCUMENTARY  Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source • contacting a customer • checking references or obtaining a financial statement © 2013 JuanLlanos
  45. 45. Authentication Strength Multifactor authentication: • • • Something the user knows (e.g., password, PIN) Something the user has (e.g., ATM card, smart card) Something the user is (e.g., biometric feature) Authentication methods: • • • • • • Shared secrets Tokens (smart card, one-time password generating device) Biometrics (fingerprint, face, voice, keystroke recognition) Out-of-band authentication Internet protocol address (IPA) location and geo-location Mutual identification Source: FFIEC © 2013 JuanLlanos
  46. 46. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  47. 47. “What customers do speaks so loudly that I cannot hear what they’re saying.” (Paraphrasing Ralph Waldo Emerson) Customer identification vs. customer knowledge B E H AV I O R A L A N A LY T I C S © 2013 JuanLlanos
  48. 48. Machine Learning (AI) Methods SUPERVISED LEARNING: relies on two labeled classes (good vs. bad) Goal  Detect known suspicious patterns 1. Training set: a. Select dataset with clean and dirty cases. b. Classification algorithm to discriminate between the two classes (finds the rules or conditions) c. Probabilities of class 1 and class 2 assignment 2. Run discrimination method on all future purchases. UNSUPERVISED LEARNING: no class labels Goal  Detect anomalies 1. Takes recent purchase history and summarize in descriptive statistics. 2. Measure whether selected variables exceed a certain threshold. (deviations from the norm) 3. Sounds alarm and records a high score. © 2013 Juan Llanos © 2013 JuanLlanos
  49. 49. Known Suspicious Behaviors • • • • • • • • Structuring (Many-to-one) High amounts High frequency Use of multiple locations Use of multiple identities Use of untrusted device Values just below threshold Immediate withdrawals © 2013 JuanLlanos
  50. 50. Sample Entity Pair Concentration Analysis © 2013 JuanLlanos
  51. 51. Sample Geographical Concentration (“heat”) Map © 2013 JuanLlanos
  52. 52. An Analysis of Anonymity in the Bitcoin System - Bitcoin is Not Anonymous by Fergal Reid and Martin Harrigan (2011) Link: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html • The entire history of Bitcoin transactions is publicly available. • “Using an appropriate network representation, it is possible to associate many public-keys with each other, and with external identifying information.” • “Large centralized services such as the exchanges and wallet services are capable of identifying and tracking considerable portions of user activity.” © 2013 JuanLlanos
  53. 53. • The victim woke up on the morning of 13/06/2011 to find a large portion of his Bitcoins sent to1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg. • The alleged theft occurred on 13/06/2011 at 16:52:23 UTC shortly after somebody broke into the victim's Slush pool account and changed the payout address to 15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f. • The Bitcoins rightfully belong to1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG. © 2013 JuanLlanos
  54. 54. © 2013 JuanLlanos
  55. 55. Bitcoin Anonymous Untraceable “Invisible to law enforcement and the taxman” Myths © 2013 JuanLlanos
  56. 56. Resources • Bitcoin Educational Resources: http://www.forbes.com/sites/jonmatonis/2013/05/13/6-new-bitcoin-educationalresources/ • Bitcoin Education Project (Udemy): https://www.udemy.com/bitcoin-or-how-ilearned-to-stop-worrying-and-love-crypto/ • Bitcoin Primer for Policymakers: http://mercatus.org/sites/default/files/Brito_BitcoinPrimer_embargoed.pdf • Bitcoin Wiki: https://en.bitcoin.it/wiki/Main_Page • Cato Unbound-The Private Digital Economy: http://www.catounbound.org/issues/july-2013/private-digital-economy • • • • CoinDesk: http://www.coindesk.com/ Contrarian Compliance: http://contrariancompliance.com/ Let’s Talk Bitcoin: http://letstalkbitcoin.com/ Khan Academy Bitcoin Series: https://www.khanacademy.org/economics-financedomain/core-finance/money-and-banking/bitcoin/v/bitcoin-what-is-it • We Use Coins: https://www.weusecoins.com/en/ © 2013 JuanLlanos
  57. 57. Agenda 1. Bitcoin & Math-Based Currencies What Bitcoin is and why it’s revolutionary 2. Risk Identification & Mitigation a) Inventory of challenges b) Mitigating AML risk c) Customer identification and authentication (deanonymization) 3. SA Detection via Monitoring and Analysis Leveraging the blockchain 4. Unsolicited (contrarian) advice © 2013 JuanLlanos
  58. 58. • Prevention trumps damage control • Risk MGT  Both reducing downside and increasing upside • Simplicity and common sense • Train for behavior change, not theoretical knowledge • Form-substance continuum  substance • Letter-spirit continuum  focus on spirit (underlying purpose and values) facilitates • Operational synergies (leveraging tech) • Compliance without compromising performance • Flexibility and sustainability © 2013 JuanLlanos
  59. 59. W h at i f … ? © 2013 JuanLlanos
  60. 60. Adult population with NO USE OF formal or semiformal FINANCIAL SERVICES © 2013 JuanLlanos
  61. 61. BRAZIL CUBA CYPRUS VENEZUELA ZIMBABWE Etc., Etc… © 2013 JuanLlanos
  62. 62. © 2013 JuanLlanos
  63. 63. Underground Ec o n o my © 2013 JuanLlanos
  64. 64. “If you haven't heard of BITCOIN, drop what you're doing and go research it, for it is THE MOST IMPORTANT PROJECT ON THE PLANET.” Erik Voorhees
  65. 65. Thank you! Juan Llanos EVP & Compliance Officer Unidos Financial Services, Inc. 275 Seventh Ave. - 20th Floor New York, NY 10001 Direct: (646) 485-2264 Mobile: (646) 201-6217 Email: jllanos@unidosfinancial.com LinkedIn: www.linkedin.com/in/juanllanos Twitter: @JuanLlanos Blog: contrariancompliance.com © 2013 Juan Llanos
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×