Tornado cash, what is it? Tornado cash is a cryptocurrency tumbler, a decentralized application built on the Ethereum blockchain that facilitates privacy for its users. It facilitates privacy by pooling the crypto of all its users, mixing them, and send the user different crypto making it almost impossible to trace the origin of the transaction. Blockchains are very transparent, and you can see which wallets make transactions with each other. To use Tornado Cash, you deposit funds into the protocol and claim your deposit minus a fee in your wallet.

On the seventh of august 2022, the Office of Foreign Asset Control (OFAC) placed Tornado Cash on the sanctions list. The protocol would have helped criminals to launder their money. Crypto analyst company Elliptic concluded that 1,5 billion dollars were laundered with Tornado Cash. It is now illegal for US citizens and companies to use the tool.

There is a lot of skepticism about placing Tornado Cash on the sanction list, Tornado Cash is not a company but a DAO (Decentralized Autonomous Organization) – simplified, a protocol that runs without any human interaction. An interesting recent example is that someone made a transaction to Black Rock, the world’s largest investment management firm based in the US, using Tornado Cash. This would imply that BlackRock is unwittingly involved in an illegal transaction.

Does Tornado Cash have any legal value? Yes, if someone lives in an oppressive regime, they might want to increase their privacy. An example demonstrating the legitimate utility of Crypto Mixers occurred when Vitalik Buterin, one of the co-founders of Ethereum, donated funds to Ukraine in support of its conflict against Russia. Consider the significance of privacy for a Russian individual seeking to contribute financially to Ukraine’s cause.

Alexey Pertsev, one of the developers of Tornado Cash, got arrested right after the US placed Tornado Cash on the sanctions list. He is held responsible for laundering over 1,2 billion dollars and might face a 64-month sentence. The controversy in this case is that crypto mixers are not illegal by law, which is why some find the accusation unfair.

In conclusion it all comes back to the question: “How do we provide a high level of privacy while making money laundering impossible?”

Let’s start at the beginning. Initially, the Travel Rule only applied to financial institutions. AMLD4 was adopted to ensure that the Financial Action Task Force (FATF) requirements on wire transfer service providers, and in particular the obligation on payment service providers to accompany transfers of funds with information on the payer and the payee, were applied uniformly throughout the EU. The latest changes introduced in June 2019 in the FATF standards on new technologies, have provided new and similar obligations for crypto-asset service providers, also known as CASPs, to facilitate the traceability of transfers of crypto-assets.

The Travel Rule is established for the purpose of preventing, detecting, and investigating money laundering and terrorist financing. The Travel Rule applies to transfers of funds, in any currency, which are sent or received by a payment service provider, or an intermediary payment service provider established in the EU. It shall also apply to transfers of crypto-assets, including transfers of crypto-assets executed by means of crypto-ATMs, where the CASP, or the intermediary CASP, of either the originator or the beneficiary has its registered office in the EU.

Since the Travel Rule is new in the crypto sector, we will focus on the requirements and implications for CASPs and financial institutions that are engaged in crypto- assets transfers. The Travel Rule requires CASPs to accompany transfers of crypto assets with information on the originators and beneficiaries of those transfers. CASPs are also required to obtain, hold, and share that information with their counterpart on the other end of the crypto assets transfer and make it available to competent authorities on request. The CASP should carry out due diligence of its counterparty. Because the personal data of the transacting parties ‘travels’ with their transfers, the regulation was dubbed the “Travel Rule”. Examples of information that needs to be shared with the counterparty are the name of the originator or beneficiary, blockchain address, address, country, and personal document number.

Interesting to mention is that the FATF recommends that countries adopt a de minimis threshold of 1,000 USD/EUR for Crypto- assets transfers, while keeping in mind that there would be fewer requirements for Crypto-assets transfers below the threshold compared to those above the threshold. The Transfer of Funds Regulation however applies to all transactions regardless of the amount. There is only one exception: A CASP is only required to verify the information on the user of a self-hosted address in the case of a transfer of an amount exceeding EUR 1 000 that is sent or received on behalf of a client of a CASP to or from a self-hosted address.

Of course, every new regulation has its own challenges and implications for the market it will apply to. We would like to name a few:

• Lack of technical resources and extra costs for CASPs: Compliance with the Travel Rule requires implementations and adjustments of the systems that are in place, which will most likely add costs to the business operations.
• Lack of interoperability: CASPs use various protocols and solutions that are not always able to interact with each other, complicating communication, and data exchange.
• Non-uniformity among jurisdictions: countries adopt the Travel Rule based on their own regulations, which may deviate from FATF standards. In particular, jurisdictions may have different de minimis thresholds as mentioned before, varying originator and beneficiary data to be collected and transferred, etc.
• Another industry concern is the so-called ‘Sunrise Issue’. The Travel Rule requirements are enforced at a different pace across jurisdictions. This means that one CASP may be Travel Rule-obligated while its cross-border counterparty may not be.

The EU Travel Rule shall apply as of the 30th of December 2024. In the meantime, the crypto market will be working hard on implementing the Travel Rule within its business.

Something to look out for is that by 1 July 2026, the Commission of the EU shall issue a report assessing the risks posed by transfers to or from self-hosted addresses or entities not established in the EU, as well as the need for specific measures to mitigate those risks, and propose, if appropriate, amendments to the Transfer of Funds Regulation.

The ECB has several reasons for developing a CBDC. They want to reduce reliance on private money. Money put into circulation by the central bank is what we call public money. These are physical banknotes and coins. Private money is money put into circulation by commercial banks. This is money you can access online. With current technological developments and their adoption, cash is becoming increasingly obsolete. The ECB wants to avoid becoming completely dependent on private money because it has a number of downsides.

The Austrian school of economics questioned monetary policy as early as the 19th century. Monetary policy would cause fluctuations in the business cycle. Ideas from the Austrian school have been adopted in the most famous crypto: Bitcoin.

In short, Bitcoin is the largest cryptocurrency in market size. Bitcoin is an alternative payment currency and therefore offers competition with the euro. Friedrich Hayek an economist from the movement of the Austrian school of economics states in a report “Choice in Currency,” that people should be able to choose which currency they want to pay with. As a result, the best currency will be used the most. The ECB sees the increase in the adoption of cryptocurrencies as a threat and would like to have more control over payments itself. By innovating the euro, people would regain confidence in the euro. An example of a possible advantage is that payments could go directly between parties (peer-to-peer), like the possibilities that Bitcoin offers. This means there is no third party to whom you must pay transaction fees. This should make cross-border payments cheaper.

Through the CBDC, the ECB can properly track financial traffic. The ECB would be able to track the financial behavior of individuals. To use the CBDC, users must follow an onboarding process like opening a bank account. In doing so, they provide personal data. Governments have indirect visibility into the data at the ECB. In other words, the financial behavior of individuals may become visible to the government. This creates privacy concerns. For the CBDC to be a success, the ECB needs to ensure the privacy of the people using the CBDC. Studies suggest that people will use a CBDC only if it offers good privacy. Privacy is a basic human right, and it helps against unjust power abuse. But to what extent should we allow privacy within the CBDC process without blurring compliance requirements.

The offline CBDC should provide more privacy for lower transactions. This involves limiting the amount and number of transactions. This should make it less attractive for criminals to abuse the digital euro.

For the online CBDC, the current plan is to screen transaction data in the same way as the regular banking system does. The transaction monitoring will be done by Payment Service Providers, most likely commercial banks. Only the most necessary data will then be shared with the ECB, and this will be done pseudo anonymously. This means that not the individual’s data will be sent, but for example only his/her account number.

Not only Europe is developing a CBDC. Other countries are looking into the possibilities as well. China is working on the Digital Yuan, which they see as an additional tool for monitoring and controlling citizen behavior. Strangely enough, they are offering the same possibilities as the ECB is planning with the Digital Euro. According to a press release of the Central bank of China, the digital yuan would be anonymous for small transactions and monitored according to legal requirements for larger amounts. Again, the data would not be shared with governments, only where required by law. China is trying to get citizens to use the CBDC, but less than 20% actually do so. It seems that the people who created a wallet did so to participate in the lotteries offered when creating an account and not to use the CBDC.

China is trying to get its citizens to use the E-yuan because the CBDC could be programmable. This means that the government can attach conditions to the money. This means that the government could potentially only allow people to spend the CBDC for certain spending purposes. For example, the government can stipulate that their citizens cannot buy more than one airline ticket. This way of financial control is the biggest dream of an authoritarian superstate. Europe says it will not make the digital euro programmable and wants to establish this by law.

Is programmability always bad? This can be debated. Programmability can also protect individuals. For example, a gambling addict could gamble only a limited portion of his income, or an alcoholic could buy limited liquor. People in debt can also be helped by using part of their income immediately to pay off debts. However, this does raise the question of whether this is not the responsibility of the individual rather than the government.

The government could also have an interest in programmable money. They could send grants directly from the government to the allocation for which the grant is intended. Thus, subsidies could not be used for other purposes. In addition, taxes could be paid directly to the government.

Venezuela launched the Petro in 2018, this CBDC would be backed by commodities such as oil, gold and diamonds. Therefore, its value would be much more stable than the bolivar, Venezuela’s currency, which is subject to hyperinflation. Despite the government’s effort, adoption of the Petro remained limited. After a corruption scandal involving the mismanagement of the underlying commodities, Venezuela decided to stop the CBDC project.

A CBDC was also introduced in Nigeria: the eNaira. The population shows little interest. The government is trying to encourage the eNaira by placing restrictions on cash, among other stimulants. In the Bahamas, the Sand Dollar is also not a success despite all the incentives offered by the government.

We can conclude that for the innovative digital euro to be a success, the ECB will have to be able to safeguard the privacy of its users. More importantly, convince the public that their data is safe with the ECB. Global examples show that there is little interest in a CBDC. The most common argument against this is privacy concerns. Overall, the question remains: how do we meet the compliance requirements without citizens sacrificing their privacy?

In this article, by CBDC, we mean retail CBDC.

We look back with great pride on today’s FinCrime & Surveillance summit event of standard chartered. We are grateful that we were allowed to present at this very well organized event.

For those who wish to see the presentation or for those who missed it, the presentation is available HERE!

If you have any further questions or would like to continue the conversation on the topics covered, please don’t hesitate to reach out to us. We’re here to answer your questions and engage in discussion.

Peterengering@compliancechamps.com

+31625212287

Additionally, for those interested in deepening their knowledge, we invite you to enroll in our programme Certified Compliance Professional in Cryptocurrency Financial Crimes which is an 11 hour elearning in and covers amongst others Financial Economic Crime with Crypto. You can find more information and sign up via this LINK. Please use the code C9014FAC for a 10 % discount.

Please follow us via LinkedIn if you want to be kept up to date regarding crypto and Financial Economic Crime.

The average price of non-fungible tokens sales dropped to a stunning $293 according to Chainalysis. In May 2022 the average was $3,894. This means, a decrease of 92%! Even worse, 69,795 of the total of 73,257 collections that are available are now worth worthless (0 $) based on the report “Dead NFTs: The Evolving Landscape of the NFT market” by dappGambl.

But what exactly is an NFT? NFT stands for non-fungible token. It is a certificate of ownership or a digital contract that is stored on a blockchain that refers to a digital media object. One of the most famous NFTs is a drawing of a bored ape. If you don’t know anything about NFTs, you might think that a drawing of a monkey wouldn’t be a very popular investment. However, the most expensive NFT of a bored ape was sold for 3.4 million US dollars.

Besides the bored ape, the media object of an NFT can be anything. It can be music, a video, digital art, or even a tweet. This NFT consists of a unique sequence of letters and numbers, also known as a cryptographic ‘hash’. The data in an NFT includes information about the digital object’s creator, transaction history, and more. An NFT is not replaceable, it is a unique and one-of-a-kind media object. You can compare it to a digital version of an old-fashioned trading card. But instead of trading cards, NFTs are data packets on a blockchain that point to a media object.

However, the popularity surrounding investing in NFTs does not mean it is also a good investment. Around 23 million people own an NFT that is now worthless. This is a reality check for the crypto and NFT community. Especially because stories about investors who became rich overnight are so well-known, it might be difficult for some individuals to realize the market is full of potential losses.

In addition, multiple sources have already indicated that NFTs can be used for wash trading (where the buyer and seller of an NFT is the same person) and money laundering. Do you want to know more about NFTs and the Financial Economic Crime risks? Please find more information on our website with a Podcast on how to Launder Money with NFTs (in Dutch) or our training The basics of NFTs for FEC analysts. For more information about Financial Economic Crime with crypto please see our 11 hour eLearning.

The opinion of Compliance Champs and Gert-Jan van Scherpenzeel is that the NFT market for digital pictures will not reach the same peak as it has in 2021 and that more investor protection is needed to prevent vulnerable groups from buying NFTs. However, we still see a large future in the technology of NFTs which are sometimes not known to the larger audience. Some examples of other NFTs that we believe have a good use-case:

✅ Dynamic NFTs, where data is added to the original NFT whenever updates are available. A good example is the maintenance history of a car (Alfa Romeo Tonale SUV);

✅ Free NFTs linked to events such as Formula 1 (example of McLaren Racing);

✅ Phygitals, which allows you to link physical objects (like sports prizes, art and clothes) to a ‘digital twin’ with an NFC chip that provides you with proof of authenticity (example of clothes of Wov Labs);

✅ Proof of attendance, where users will essentially scan a QR code at events they attend to receive an NFT memento for that event in the online community;

✅ Customer loyalty programs on the blockchain by Starbucks;

✅ Access to limited edition music albums and a pilot from Spotify.