Cryptoasset: money laundering and (de)regulation

Eurispes Cybersecurity Observatory – Short Report – Part 1

On the eve of the introduction of the MICA Regulation into European law, it is as necessary as ever to understand the current reality of cryptoassets by looking at what characteristics have made and continue to make them an unregulated and often misunderstood environment by institutions and law enforcement. Decentralized finance, smart contracts, non-fungible tokens will be some of the topics covered by this and subsequent publications; with a close look at national, supranational and international regulatory innovations [1].

Cryptoassets – The instruments not regulated by the Fifth AML Directive

The definition of “virtual currencies” given within the Fifth AML Directive today is vague and at times incomplete: “a representation of digital value that is not issued or guaranteed by a central bank or public agency, is not necessarily linked to a legally established currency, does not possess the legal status of currency or money, but is accepted by individuals and legal entities as a medium of exchange and can be transferred, stored, and exchanged electronically” [2].

The European MICA(Markets in Crypto-Assets) Regulation, which will be introduced to specifically regulate this market, is still a proposal, but will soon be submitted to the European Parliament for a vote. Beyond what are the goals and perspectives of this text, which will be addressed later, it is crucial to turn our attention to one of the major innovations, namely the new definition of cryptoassets.

Thus, a harmonized terminology is finally chosen in the European legislative framework, where until now many different terms have been used to define both the notion of cryptocurrencies and cryptoassets.

Unlike the Fifth Directive, in fact, the MICA Regulation defines cryptoassets (or crypto-assets, in English translation) as “a digital representation of value or rights that can be transferred and stored electronically, using distributed ledger or similar technology.”

This definition focuses on two main points: the nature of value representation and the underlying technology of this type of asset.

Given its breadth, moreover, it may include some categories of activities stillelusive to the scope of European legislation, focusing mainly on the technology used.

Moreover, this system is likely to survive market innovations better, since, under Art. 3 of the Regulations, the European Commission will be empowered to adopt delegated acts to amend each definition as a result of any rapid changes in cryptoasset technology.

Cryptoassets: ICO, DeFi, DAO, NFT

In any case, to understand which instruments in the markets currently fall into the category of cryptoassets, three main types can be identified: utility tokens, investments, and currencies. While the latter is widely known, the implications of using tokens and investments will be analyzed first.

When we talk about cryptoasset investment instruments, we can refer specifically to Initial Coin Offers (ICOs), which are mainly used to raise capital and start a project on a blockchain platform. The increasingly frequent landing of companies traditional, consumers, investors to this type of investment is crucial and potentially revolutionary because it can influence market balances.

And in fact, national governments are beginning to notice that right now many people and entities are exposing themselves to financial instruments that they sometimes do not fully understand.

The only guarantee of cryptocurrencies and cryptoassets in general, in fact, is based on the willingness of individual users to accept and recognize it as a means of exchange. It is often said that cryptocurrencies in general are trustless instruments, because they do not rely on trust in a financial institution, as is otherwise the case with traditional money.

On the contrary, in this sense, we can say that a cryptocurrency is digital trusted, precisely because of the role played by user trust in determining its value.

As for utility tokens, they are often defined as digital cryptocurrency tokens, issued for the purpose of financing the development of the cryptocurrency itself, and which can later be used toPurchase a specific good or service offered by the cryptocurrency issuer. In some cases, they can also be used for unconnected services, since the tie to a specific cryptocurrency is often only occasional and tied to the blockchain on which they operate.

The complexity of the cryptoasset set is appreciated further when analyzing other categories and markets that until now escaped AML regulation; in fact, until now, with the exception of “virtual currencies,” it has never been clarified what falls under the scope of European legislation. And in particular, reference will then be made to Decentralized Finance (DeFi), DAOs and NFTs.

ICO

Building on a concept already addressed, it is currently unclear whether ICOs, which we mentioned earlier, should be considered virtual currencies. Although the acronym literally means “Initial Coin Offering,” they are not always strictly understood as currencies. They are also based on DLT technology, but their emission characteristics have some substantial differences. In fact, while in general a cryptocurrency can be created to facilitate certain transactions, ICOs are tokens (only sometimes intended as coins/payment medium)obtained through the exchange of virtual currencies.

These tokens represent a digital value expressed as a digital identity register; sometimes a voting right, in some cases a right to convert to another fundable currency, or even as an access key to the relevant blockchain platform software.

Therefore, some of these functions could fall under the current European definition of virtual currencies, but many others would escape it, leading to a discrepancy in treatment between financial instruments that are actually very similar.

DeFi

DeFi (Decentralized Finance) has probably been the fastest growing crypto-market in recent years. The tools provided in such a system are intended to facilitate exchanges between market users who do not need a provider or other intermediary, allowing direct exchanges between private users and making it more difficult to control the movement of resources.

This is a sector that saw tremendous growth in the pandemic years, and then declined, yet remained at highs compared to where it started.

In 2020, in fact, the global value of this market was estimated to be around $1 billion; in 2021 it peaked at $236 billion and today it hovers around $50 billion [3].

The success of exchange instruments (mainly smart contract [4]) that can be used on the relevant platforms derives from the speed of execution and the absence of intermediaries, unlike what is normally the case with traditional centralized finance; in addition, for users who use it, the underlying blockchain technology is an additional guarantee.

DAO

A DAO (Decentralized Autonomous Organization) is, in reality, more than just software. It is an advanced artificial intelligence that can regulate and operate totally autonomously from human intervention all exchanges made using its code.

DAOs are decentralized because they are built on a blockchain network; there is no vertical or top-down structure based on hierarchies of shareholders, managers, or executives. The exercise of power decision-making within the organization is collective and horizontally regulated according to the operational criteria of the smart contracts being activated and the blockchain itself.

Again, the ability to operate in the absence of traditional intermediaries has determined the success of the instrument. It is difficult to make an accurate estimate of the total value of this market, but it is estimated to have grown from $6 billion in 2021 [ 5] to $21 billion in 2022 [6].

One of the salient features lies in the ability to coordinate a very large number of people, avoiding rigid hierarchical structures and entrusting managerial decisions directly to all users.

Digital and operational decentralization corresponds-clearly-to geographical decentralization. DAOs operate on a network, via blockchain, and the underlying assets are usually cryptocurrencies; the blockchain notoriously does not operate on a territorial basis but is virtually located at every node on the network, potentially all over the world.

In addition, they are called “autonomous” in that the operating rules are based solely on algorithms and smart contracts. Upon the occurrence of the conditions encoded by them, the DAO acts independently and performs the actions expected and encoded by the user for the individual operation.

The distinctiveness of DAOs is appreciated precisely with regard to the latter aspect: the theoretical absence of any human management to whom the decision on a specific management act and the subsequent execution of the same can be delegated.
However, it must be understood that a DAO is autonomous and independent in the way it operates as long as its programming allows; which means that an internal vulnerability (intentional or resulting from error) can be exploited to alter its operation and steal funds from the organization. Therefore, proper design is vital to the success and survival of a DAO.

NFT

NFTs(Non-fungible tokens) are themselves cryptographic assets based on a blockchain; they are infungible because each one is unique on the platform. They are used as identifiers and certificates of ownership with respect to all kinds of assets, from pictures to real estate.

So far, the most successful NFTs are works of art, with the associated and consequent difficulties in the objective attribution of value.

What’s more, their market – like the other cryptomarket – suffers from tremendous volatility, and it is easy for anyone to create new art in the form of NFTs and buy it for themselves for exorbitant prices, giving it a high market value with a self-directed operation; thus providing themselves with an asset with seemingly justified value for subsequent cryptoasset trades.

Turning attention to the existing regulatory framework, the Fifth Directive only superficially addresses the issue of recycling through art transfers. In fact, many traditional works of art can virtually generate similar doubt about the legitimacy of its trade.

The traditional art market also often raises the issue of price volatility and frequent anonymity of buyers, but the changes made by the Fifth Directive to extend the client due diligence to people who buy or act as intermediaries in the art trade (including art galleries and auction houses) is not sufficient to regulate art in the form of NFT.

However, there is currently no definition of what constitutes a work of art under the Fifth Directive, and although some NFTs are currently sold at famous auction houses-Sotheby’s, for example-the vast majority can be found on cryptomarket such as OpenSea; in fact, the directive makes no reference to NFTs or digital art. Indeed, it must be considered that at the time that text was written, the urgency to address these tools did not exist, nor were these tools widespread enough to create a public debate.

The uncertainty affecting the regulation of digital art has so far been a giant gap within the AML/CFT framework in Europe, which can be easily circumvented through cryptoassets, which to date have toBe considered unregulated.

U.S. authorities have found some solutions for ICOs in recent years (treating them as IPOs under federal laws [7]), but NFTs have raised many alarms-primarily from the Treasury Department-for their elusive features to AML controls and their rapid growth in popularity among consumers.

In fact, a different problem from those exposed is embodied in the protection of consumers, who are easily driven to invest in these instruments without probably fully understanding how they work and the risks of capital loss.

In conclusion, the difficult framing and deregulation so far observed in cryptoasset markets on the one hand have complicated for a long time the intervention of state authorities and, on the other hand, have increased the investment risks for individuals and entities, encouraging their use for illicit purposes by criminals, the extent of which will be explored in subsequent publications.

Although the illicit manifestation of cryptoasset use, as will be seen, is strongly in the minority, the exponential increase in use in an unsupervised (and unprotected) context makes knowledge of possible pathologies essential, both for institutional actors and for the audience of potential investors.

Prof. Avv. Roberto De Vita

Avv. Marco Della Bruna

Download the PDF version of the Report here.