Background
While massive, global cyber theft and data breaches (as well as large-scale geopolitical cyber attacks) may capture the headlines, there are many other issues surrounding the future of cryptocurrency. Fraud and cybersecurity activity is necessary for creative destruction in the cryptocurrency marketplace. OODA CEO Matt Devost captured the current climate in the crypto market over the course of many OODA Network conversations this year and last, noting that:
“We needed to wash all the fluff out of the system. And every week we are seeing some sort of mass destruction of a major player in that space. In the cryptocurrency and Web3 areas right now, there is such a flow of ideas, money, and associated fraud – what we are seeing right now is the ‘house burning down.’ It does not mean that we can’t rebuild some of those essential technologies on top of the foundation, which is blockchain.
Web3 and cryptocurrency projects experienced a mass acceleration in 2021 and that continued in 2022. Whether it is a stablecoin or whether it’s one of these blockchain facilitators or cross-chain facilitators. There’s just a tremendous amount of activity there. However, many of these initiatives will have consequential cybersecurity issues in 2022 that impacted public adoption and invite increased regulatory pressure. While Bitcoin, Ethereum, and other technologies allow for true decentralization, there is a middleware ecosystem emerging in the form of marketplaces and exchanges that are based on Web2 technologies that are being deployed without proper consideration for cybersecurity best practices.”
Governmental regulation now looms large over the entire innovation ecosystem that is bitcoin, crypto, digital currency, and, by extension, blockchain technologies. For example, many governments – and the U.S. will follow the lead – will not allow the transfer of bitcoin or digital currencies unless the identity of the recipient wallet is known. This policy has come to be known as Know Your Customer (KVC) verification on anonymous crypto transactions and has the potential to break the anonymity-based model for much of the ecosystem.
Bitcoin, Cryptocurrency, Digital Currency Initiatives, and Blockchain
In preparation for the OODAcon Fireside Chat – Disruptive Futures: Digital Self Sovereignty, Blockchain, and AI with Karl Schroeder and Matt Devost and OODAcon panel on the Future of Money, we explore KYC verification regulation, in the context of these other OODA Loop research questions we have been asking and trying to answer over the course of 2022:
The Libertarian Ethos of the Crypto Community vs. Future Government Involvement and Regulation: Will governments abdicate their role in this emerging ecosystem because they are slow movers/late adopters/fast followers (at best)?
The Balance between Security, Anonymity, and Accountability: We need the ability to track down criminals and child pornographers, and oligarchs if they are using cryptocurrency, but implicit in that tracking ability is that it can be directed at anyone with a coin, a node or blockchain – which is counterintuitive to the entire design and promise of the technology. Is the recently proposed federal regulation enough and what is the current regulatory environment like on this issue?
Overregulation? The ongoing question: will overregulation stifle innovation?
The Need for Speed: Cryptocurrencies include Bitcoin, Ethereum, and 14,000 other cryptocurrencies. The two platforms have always been plagued by the slowness of the network and how hard it is to get things done. Are we on the brink of a wave of major innovation (i.e. the lightning network capabilities) with payments networks for the first time in 50 years?
The Promise of Blockchain Technology Needs to be Decoupled from Cryptocurrency. There is a big difference between what is happening with Ethereum 2 and zero-knowledge off-chain transactions, which are really focused on enterprise applications (whether it’s supply chain or decentralized finance, etc.) The problem is press coverage and marketing groups everything together. Ethereum 2 is enterprise-focused and also focused on mainstream financial markets, as it lowers the cost of financial transactions (like insurance) and creates more transparent markets. What is the promise for business applications and the implication for the IT enterprise strategy?
Is Bitcoin a National Security Risk? OODA CEO Matt Devost asks: “How might Bitcoin be framed as a national security risk?” As national security technologists, here is our take on where the government is likely concerned.
Know Your Customer (KYC) Verification On Anonymous Transactions
The latest developments, innovations, and insights on the issue of KYC verification regulation and innovation:
October 2022
Ugly Bargains Between Banks and Regulators Are Rearing Their Head Again: The “know your customer” and anti-money laundering system imposes constraints on financial access and inhibits liberty and privacy, even though the original security intent was reasonable.
Safe and secure crypto is closer than we think: Blockchain is reinventing financial services, with digital assets and “programmable money” innovations that offer real utility and new approaches for reducing systemic risks. But customers have lost billions of dollars due to cyber hacking, scams, and unregulated products—and if we can’t trust it, we won’t scale it. It’s time to hardwire security into this emerging system. As Congress explores legislation to pave the way for stablecoins and cryptocurrencies, we have an opportunity to design a future that lets us reap the benefits of blockchain while minimizing the risks. The transparency, security, and verified identity enabled by blockchain offers a more effective model for protection against bad actors than centralized legacy anti-money laundering (AML) and “know your customer” (KYC) compliance approaches employed by banks and regulators. That said, we will only build trust if we remove pain points and obstacles to making digital assets more secure, scalable, and useful.
- Binance Case Study
- In August, Binance CEO Hit Back at ‘Weak’ KYC Claims: Binance has the most sophisticated know-your-customer system in the industry, say CEO Changpeng Zhao.
- Yet was hit by a major hack earlier this month:
September 2022
Cryptocurrency and anti-money laundering enforcement: For many decades, the U.S. government has required financial institutions to take steps to help detect and prevent financial crimes including money laundering and terrorist financing. Federal law requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000, identify and assess the risk of customers (Know Your Customer (KYC) rules) and report suspicious activity that might suggest money laundering, tax evasion, or other criminal activities. While Congress has repeatedly sought to enhance the anti-money laundering (AML) laws and penalties, federal regulators have played a critical role in updating and enforcing these regulations as they apply to cryptocurrency businesses. States, meanwhile, have also inserted themselves into this regulatory mix. The overlapping jurisdictions of these government regulators coupled with differing interpretations of AML compliance have triggered confusion and criticism from the cryptocurrency industry.
Why the crypto industry needs to be AML and KYC compliant: Not surprisingly, the World Economic Forum (WEF) is advocating for KYC regulations. In the same report where they lay out their arguments, they provide this useful overview of current regulatory activity:
“A recent DIFC Fintech conference provided some interesting insights into the current situation in terms of regulations and cryptocurrencies, including –
- Some 95% of regulators have a team working on crypto regulations now.
- The crypto industry is lobbying to push for clear regulations, as it sees regulations as a positive development that will skyrocket the industry.
- When global cryptocurrency exchange Binance introduced know-your-customer (KYC) verifications, more than 96% of its customer base complied.
- The SEC imposed approximately $2.35 billion in total monetary penalties against digital asset market participants in 2021.
- Of the 20 SEC enforcement actions in 2021, 65% alleged fraud, 80% alleged unregistered securities offering violation, and 55% alleged both.
The Financial Action Task Force (FATF) recently defined virtual asset service providers to include cryptocurrency exchanges, stable coin issuers, DeFi protocols, and non-fungible tokens (NFT) marketplaces.
This definition helps set the tone for regulation, with laws and directives following. As a result, the current global outlook for crypto regulations is buoyant and developing.
For example, the UK and the US are actively developing regulations to control cryptocurrencies. The UK’s HM Treasury states that: ‘HM Treasury expects financial crime including anti-money laundering requirements will apply to all wallets and issuers and that these will also have to register under AML [anti-money laundering] registration for their activities in relation to all types of crypto-assets.'” (1)
Brazilian SEC is looking to change crypto regulation with a new bill: According to reports, the Brazilian Securities and Exchange Commission is looking to switch up the country’s legal framework for cryptocurrencies. The main concern is that the bill in question does not consider tokens as digital assets or securities, which means that it does not fall under SEC regulation. The Senate only approved the final version of the bill in April 2022. In the approved text of the legislation, “a virtual asset is a digital representation of value that can be traded or transferred electronically, and used for payment or investment purposes.” It also delves into procedures for Know your Customer (KYC) and security methods to prevent money laundering. Non-fungible tokens (NFTs) are not considered securities as per the new and approved bill, while the status of most other tokens is still being decided.
June 2022
The Future of Cyber Conflict: The Market for Global Cyber Surveillance Capabilities: State cyber capabilities are increasingly abiding by the “pay-to-play” model—both US/NATO allies and adversaries can purchase interception and intrusion technologies from private firms for intelligence and surveillance purposes. NSO Group has repeatedly made headlines in 2021 for targeting government entities in cyberspace, but there are many more companies selling similar products that are just as detrimental. These vendors are increasingly looking to foreign governments to hawk their wares, and policymakers have yet to sufficiently recognize or respond to this emerging problem. Any cyber capabilities sold to foreign governments carry a risk: these capabilities could be used against individuals and organizations in allied countries, or even in one’s home country.
This paper profiles these important trends for their practical security impacts, and to enable further research into this topic. The authors suggest that the United States and NATO:
- Create know-your-customer (KYC) policies with companies operating in this space;
- work with arms fairs to limit irresponsible proliferators’ attendance at these events;
- tighten export-control loopholes; and
- name and shame both irresponsible vendors and customers.
March 2022
Executive Order on Ensuring Responsible Development of Digital Assets: “[The] United States has an interest in ensuring that digital asset technologies and the digital payments ecosystem are developed, designed, and implemented in a responsible manner that includes privacy and security in their architecture.”
What Is KYC and Why Does It Matter For Crypto?: KYC measures are now a must for any crypto platform looking to offer services in jurisdictions like the U.S., Australia, and the U.K. as regulators clamp down on anonymous crypto transactions.
Further OODA Loop Resources
Web3 Security: How to Reduce Your Cyber Risk: Web3 technologies would greatly benefit from red teaming. Seemingly great innovations get fielded without sufficient security controls, resulting in impactful incidents.
The Cryptocurrency Revolution: Blockchains, Bitcoin, Ethereum, and Business Use Cases: OODA’s tracking of these and related developments focus on the insights needed by operational decision-makers regardless of business sector or government since these trends will be impacting all of us eventually. We base our insights on a solid foundation and hands-on experience in mining, running nodes, and creating test-bed cryptocurrencies and smart contracts. The principals at OODA are also directly involved in providing cybersecurity and strategic advisory services in the cryptocurrency space and this keeps our research and reporting grounded in the realities of practitioners.
Cryptocurrency Incident Database | OODA LoopOODA has compiled a Web3 incident database based on our research to categorize what compromises are taking place as well as document the cyberattack root causes – tracking over $62 Billion Dollars worth of cryptocurrency-related incidents.
OODAcon 2022
To register for OODAcon, go to: OODAcon 2022 – The Future of Exponential Innovation & Disruption
Stay Informed
It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.
Related Reading:
Explore OODA Research and Analysis
Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop
Decision Intelligence
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
Disruptive/Exponential Technology
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency
Community
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.
