The Truth About Money Laundering and Cryptocurrency
Money laundering is one of the most common illicit financial activities in the world. Illegal actors such as drug traffickers, gangs, scammers, hackers, illegal gamblers, as well as various types of “white collar criminals” have a need to launder money. Their goal is to make its origins seem legitimate and render the money usable in the legal economy.
With the rise of cryptocurrencies and the decentralized finance economy, it was inevitable that money laundering activity via blockchain networks would also increase. However, despite a significant amount of media attention on this aspect of cryptocurrency, the facts suggest the amount of money laundering over cryptocurrency networks is insignificant when compared to that taking place via the traditional economy.
In this paper we will discuss what money laundering is, assess the risks of money laundering via cryptocurrency, discuss how it might occur and at what scale. Finally, we discuss what regulatory steps can be taken to prevent money laundering via cryptocurrency and the potential impacts of these measures on minimizing the risk, on ordinary law-abiding citizens utilizing blockchain, on privacy and constitutional rights, on social and economic inclusion, and on innovation in the sector.
Defining Money Laundering
Money laundering is described by the UN as “the conversion or transfer of property, knowing that such property is derived from any offense(s), for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in such offense(s) to evade the legal consequences of his actions” (Overview, n.d.).
The process of money laundering entails 3 key steps: placement, layering, and integration. Placement is the process of moving the funds directly from the crime organization, layering consists of disguising the origins of the fraudulent funds, while integration is making the laundered money available to the criminal organization.
Why It Matters
This issue is important because we all want to live in a society where criminal financial activity is traceable and the law is able to prevent it. This can protect citizens’ from criminal activity. It is also an increasingly commonly held belief that the state should have the absolute right and technical ability to surveil the traditional finance and banking system in order to prevent criminal activity such as money laundering and to retrieve the proceeds of criminal activity.
It also matters because the benefits of cryptocurrency are attractive to many law-abiding citizens who have lost trust in the traditional financial sector and banking sector, and in many cases, the government itself. According to the UN, “the data available show a marked decrease in institutional trust in developed countries. In the United States, trust in the national government has declined from 73 per cent in 1958 to 24 per cent in 2021” (Trust in Public Institutions: Trends and Implications for Economic Security | DISD, 2021).
These benefits of cryptocurrency, in the minds of many advocates, include privacy of financial transactions from oversight by any third parties, whether it be state or corporate. Laws designed to target money laundering are seen by many as a ‘trojan horse’ or a way for governments to roll back this privacy and decentralization the cryptocurrency has offered citizens. This commonly held viewpoint has led to the rise in popularity of privacy centric applications within the cryptocurrency ecosystem designed to maintain privacy.
The problem of money laundering is far from restricted to cryptocurrency, so many believe the regulation on this issue needs to avoid being disproportionately restrictive on the cryptocurrency system. This is especially so because there is a perception that doing so will likely not address the underlying problem of money laundering and may breach important civil rights in the process.
Another issue is that restrictive regulation on cryptocurrency risks simply pushing money laundering activities into a ‘darknet’ style parallel cryptocurrency system using new technology rather than eliminating it completely. A more systemic approach to money laundering regulation may be required that addresses the root causes in the traditional financial system and the criminal and social systems, rather than aggressively targeting cryptocurrency.
Role of Crypto in Global Money Laundering
According to the UN, “the estimated amount of money laundered globally in one year is 2–5% of global GDP, or $800 billion — $2 trillion in current US dollars” (Overview, n.d.). Although reports have shown an increase in money laundering via cryptocurrency, the levels are still not comparable to traditional money laundering. In 2021, money laundering via cryptocurrency accounted for US$ 8.6 billion, and according to the Europol money laundering activity has only been linked to about 0.05% worldwide cryptocurrency transactions. Other sources have put the percentage of money laundering transactions at 0.34%, which is still far below traditional currency levels.
In addition to the low levels of money laundering occurring via cryptocurrency, research has also highlighted that there are patterns within the networks that are easily identifiable. Based on research conducted over the Ethereum network, Farrugia et al. “have [deduced] that the illicit behavior over the… network at an ‘account level’ may be detected efficiently and effectively via the XGBoost classification model that takes input from past transactions and account properties”. The XGBoost classification model, a machine learning algorithm, can be trained to detect suspicious transactions highlighting the three most important features: “the time difference between the first and last transaction, the total available Ether balance and the minimum value in Ether received by an account…” (Farrugia, 2020).
Research also shows that money laundering via cryptocurrency follows specific patterns globally. According to Chainanalysis, the trends followed are
“Russia’s receipt of a disproportionately large share of darknet market funds, which is mostly due to Hydra… China also stands out for receiving a disproportionate share of funds sent from addresses associated with stolen funds and ransomware. Some of this… associated with Lazarus Group, a cybercriminal syndicate linked to the North Korean government… Finally, the United States is slightly overrepresented in funds received from addresses associated with scams and stolen funds” (Grauer, 2021).
Thus, following and further investigating these patterns of money laundering via cryptocurrency could lead to the prevention of illicit funds being laundered. In addition, the US Treasury Department has released a report addressing NFTs and the emerging digital art space. The report discusses if this new online market presents any money laundering or terrorist funding risks, to which they reported that at this moment they will continue to carefully monitor but not enact any new regulations. The Treasury Department also stated that NFTs and other digital art spaces “…are [still] subject to U.S. criminal anti-money laundering laws under 18 U.S.C. §§ 1956 & 1957” (Toto & Hutman, 2022).
The Government Crackdown on Privacy on Blockchain
Research shows that a large portion of money laundering via cryptocurrency is done through mixer services. These mixers, or tumblers, are used to further improve transaction privacy between the source and the recipient. In an interview, the director of government affairs at the Blockchain Intelligence Group, explained that although mixers obscure the origins of funds they don’t constitute money laundering by traditional definition. However, he does point out mixers do complicate the tracing of illicit funds and many precedent mixers and similar technology have been troubled in the past.
As of May of 2022, the US Treasury Department sanctioned for the first time a mixing service for their alleged role in a money laundering scheme. The US Treasury claims that Blender.io, a cryptocurrency mixing service, was used by the Lazarus Group to conceal illicit funds deriving from the US$ 625 million hack of the Ethereum-linked sidechain Ronin Network.
Additionally, the Treasury Department’s Office of Foreign Assets Control, (OFAC) in an unprecedented move recently sanctioned Tornado Cash’s protocol and smart contracts for the platform’s alleged failure to implement effective controls to prevent money laundering. This decision comes as a major turning point for the Internet and the crypto industry as “…the government targeted a piece of open source software rather than a specific entity”. Co-founder and CEO of Circle, Jeremy Allaire, quickly complied with the Treasury order, but has now called on “industry leaders to establish a privacy-enabling policy framework” and claims that the move raises “extraordinary questions about privacy and security on the Internet” (Carreras, 2022).
Furthermore, the 29-year-old lead developer of Tornado Cash Alexey Pertsev was arrested in Amsterdam in August by the Dutch financial crimes agency FIOD following the US Treasury sanctions.
These unprecedented moves by the US and Dutch governments have left the public confused, and have raised many valid questions about the future of truly decentralized cryptocurrency protocols and open-source code. The crypto community has taken to Twitter to point out the absurdity and double-standards this demonstrates, as seen in the Twitter thread from Ryan Adams of the Bankless. Furthermore a number of crypto and privacy rights advocates recently gathered in protest of the arrest of Petersev in Amsterdam’s main square.
The reply to this thread shown refers to Deutsche Bank (one of the largest European banks) being embroiled in a 20m dollar Russian money-laundering investigation that resulted in no prosecutions. Deutsche Bank is not the first, or the only, bank found guilty of money laundering where high-executives were not prosecuted for their role in the bank’s scheme.
As per 2012, HSBC Mexico was found guilty of multiple failures to prevent money laundering from 2006 to 2010. According to the evidence uncovered by the “el Dorado Task Force, made up of agents from the US Departments of Justice, Treasury and Homeland Security”, HSBC would turn a blind eye when it came to the origins of illicit funds in exchange for more contact business. Incredulously, the executive in charge of the money laundering division in HSBC Mexico, who failed to implement such controls, now holds a high-ranking position within the Mexican government where his main duty is “to prevent money laundering within the Tax Administration Service” (Rodriguez Reyna, 2020). From this whole fiasco, the Mexican government imposed a $27.5 million fine, while the US government imposed a $1.9 billion fine to HSBC. Although these were the heaviest fines ever imposed on a financial institution, no arrests were made and HSBC Mexico continues to be sanctioned for its failure to “stop” money laundering.
Criticism of this Government crackdown has not been limited to blockchain and privacy advocates, but has now spilled over into the political arena. Rep. Tom Emmer (R-Minn.) has now demanded answers from Treasury Secretary Janet Yellen over the Tornado Cash Sanctions. The OFAC’s decision to ban Tornado Cash has been met with criticism and concerns from the congressman in an open letter over the legitimacy of the decision to issue a blanket ban on a piece of open-source software. Emmer argued that Tornado Cash is a “neutral, open-source, decentralized technology” and called the sanctions a “divergence from previous OFAC precedent” since several of the banned addresses do not belong to a person or entity and are “technological tools” that are not under the control of a centralized party.
As Emmer pointed out:
“These sanctions are unique, however, in that they are not levied against a person or an entity, but against ‘privacy-enabling code.’”
Double Standards in Money Laundering?
The difference between how the US government has chosen to implement its laws when it comes to money laundering is a clear double-standard between traditional financial institutions and DeFi. On one hand, we find immensely powerful banks who don’t adhere to anti-money-laundering laws and regulations, but are only expected to pay a fine and no one is arrested for their blatant role in abetting criminals to break laws. On the other hand, we find people who wrote open-source code to keep online financial transactions private who are currently facing jail time because bad actors used their code.
To draw a parallel between Tornado Cash and the traditional financial sector, this would essentially be like saying that the founders of Deutsche Bank, or of offshore ‘secret’ banks in Switzerland or the Cayman Islands should face prison time simply because some of the actors utilizing their services may be engaged in criminal activity.
The act of sanctioning Tornado Cash users would also essentially amount to sanctioning every bank account of every person who has ever received money from one of these ‘private’ offshore bank accounts. Based on documents such as the Panama Papers it wouldn’t be a large leap to suggest that this list would include a number of politicians of various nations as well as a huge percentage of the wealthy ‘global elites’. As of yet, despite damning evidence contained in the report, there has been little interest from the US or other governments globally to charge anyone as a result of the revelations.
The import of the double-standards and lack of respect for the vital role of privacy evident in the actions of the US Treasury are terrifying to many crypto and privacy advocates. Many believe this demonstrates that only the powerful and well established financial institutions are allowed to have privacy over their financial transactions, while the innovators are harshly sentenced for non-existing crimes. They might rightly ask whether this is evidence of the existence of two separate financial and justice systems — one for the elites and another for everyone else.
Possible Regulatory Steps
Certain regulations have already been adopted towards mitigating the risks of money laundering and other illicit activities. For example, in 2019 the Financial Action Task Force, a global intergovernmental body that initiates anti-money laundering policies, passed a rule formally known as FATF Recommendation #16. This rule, also known as the travel rule, requires “VASPs to exchange information regarding the identities of the originator and beneficiary whenever the amount transacted is above [a certain threshold]” (Sergeenkov, 2022).
The purpose of this regulation is to mitigate risks of money laundering and terrorist financing via cryptocurrency by ensuring that globally cryptocurrency businesses adhere to sanctions and law enforcement can more easily subpoena suspicious data transactions. And as of March 2022, the European Parliament passed new legislation to stop the illicit flow of cryptocurrency into the EU. The new requirements expand upon the previously mentioned travel rule by including transactions from unhosted wallets, no minimum threshold, and the creation of a public register of businesses and services involved in crypto-assets that may present a high risk for money laundering or terrorist financing activties.
This tightening in crypto regulations also occurred in the US. As of March of 2022, President Biden signed an executive order to ensure a responsible development of digital assets. The signed order calls for measures to “mitigate the Illicit Finance and National Security Risks Posed by the Illicit Use of Digital Assets by directing an unprecedented focus of coordinated action across all relevant U.S. Government agencies to mitigate these risks” while continuing to work with allies to ensure a global framework to deter illicit cryptocurrency transactions.
Besides signed regulations, the previously mentioned research has demonstrated that patterns within crypto transactions can be efficiently studied to deduce illicit behavior. In specific, Farrugia et al. conducted numerous tests over the Ethereum network to train the XGBoost classification model, a machine learning algorithm, to efficiently and effectively flag illicit transactions. While research concluded that AI can be successfully used to detect illicit flow of crypto additionally, they also claim that “the proposed approach is conceptually simple and may be adapted to other similar problems” (Farrugia, 2020). Thus, training AI for different crypto networks to detect illicit transactions could potentially be a solution to money laundering without the need of more restrictive regulation. Additionally, since blockchain is immutable the “long arm of on-chain analytics can track [illicit activity] down even years after the fact” (Crypto Stinks, 2022). Meaning that trained AI could revise years worth of transactions to find fraudulent activity and bring charges, since the US statute of limitation for money laundering is 5 years.
It is worth mentioning that prior to the executive order and the tightening of EU crypto regulations, KYC measures were already being implemented globally in most centralized cryptocurrency exchanges. KYC, which stands for Know Your Customer, refers to certain identity and background checks conducted on clients before they are allowed to use a service or platform. KYC can range from government-issued ID checks to facial recognition and would serve to shed the perceived association of cryptocurrency with illicit activity by increasing compliance with government regulations.
Many Decentralized Exchanges (DEX) do not require KYC, however, the liquidity available on these smaller exchanges and lack of fiat on-ramps at present would make it highly impractical to launder significant amounts of money via these networks. Centralized exchanges in general control the on and offramps to fiat currency through the banking sector. However, as of May of 2022, the founders of BitMEX were found guilty of violating the US Bank Secrecy Act. According to prosecution BitMEX, a cryptocurrency exchange and derivative trading platform with headquarters in the Seychelles, failed to implement US anti-money laundering regulations and advertised the lack of these regulations and as well as the lack of KYC.
Further complicating efforts to regulate money laundering either in cryptocurrency or the traditional finance sector is the fact that ‘Tax Havens’ play a major part in money laundering activities globally. Regulations in the US or other nations will likely have limited effect without action to address global banking secrecy laws at the International political and legal level.
Some regulators and commentators have proposed more radical approaches to deterring money laundering via cryptocurrency. These include the banning of mixer services altogether or the restriction of DeFi tools. The effectiveness of these approaches is questionable, since malicious actors would more than likely simply find ways around the restrictions. However, these restrictions and bans could infringe upon Americans’ constitutional rights.
Is Financial Surveillance a Constitutional Infringement?
While the Fourth Amendment protects individuals’ privacy rights, the authorities have found legal loopholes with material turned over to third parties; hence the involvement of banks and other financial institutions in the “third-party doctrine”, which is the “key to the government’s power to gather information from financial intermediaries… without a search warrant or probable cause”. The third-party doctrine explicitly states that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties, assum[img] the risk that the [third party] would reveal to police the [information]” (Volokh, 2022).
The problem as it intersects with cryptocurrency arises when this third-party is cut out through decentralized finance technology, thus restricting the access to private financial records for the government. According to Volokh this pushback from the government against DeFi is a clear struggle of individuals’ rights versus government power; “if the government seeks to stop the creation and distribution of intermediary-less DeFi code, the government would be doing so precisely to bring back the third party — not for the sake of financial necessity… but for ease of surveillance” (Volokh, 2022).
Thus, this flags several problems with this approach. First, requiring DeFi to collect users’ data defeats the purpose of DeFi being decentralized and hands-off. Second, the requirement of data collection takes away the voluntary aspect of voluntarily turning over information to third parties stated in the third-party doctrine. Finally, the assumed risk of disclosure was thrust upon the third-party by government mandate. As previously stated, the government pushback against DeFi is not out of concern for the users, but rather an excuse for further infringement upon personal privacy. Thus, such an approach by the Government could potentially be interpreted as limiting the civil liberties and the right to financial privacy for ordinary law-abiding citizens using DeFi, and thus such laws may be challenged in the courts as unconstitutional.
Weighing Pros and Cons of Privacy on Crypto Networks
Overall, cryptocurrency can be, and is used for illicit purposes such as money laundering. However, the rate at which it is used for these purposes is far lower than already occurs with traditional currency. Furthermore, evidence suggests the immutability and traceability of blockchain (outside of privacy protocols) makes it an inefficient means of laundering money.
It has also been argued that it would be a poor use of enforcement resources and far too intrusive to tighten regulation on cryptocurrency for this purpose given the potential consequences for law abiding citizens, privacy, economic inclusion, and innovation in the sector. It is also arguably not technologically feasible since malicious actors will likely continue to find new ways to evade any regulatory measures through new cryptography technology or operating in jurisdictions with more permissive regulations. This phenomenon is known as the Hydra Effect, or Hydra Paradox which has been used to describe the negative outcomes when shutting down torrent sites which come back in more incarnations. For example after the torrent website The Pirate Bay was shut down in December 2014, it reincarnated with hundreds of copies within a week. Since Tornado cash is an open source protocol, it is likely there are already various copies being deployed.
The Bottom Line
Money laundering through crypto is statistically insignificant compared to traditional financial institutions. While crypto is insignificantly being used for illegitimate reasons, worldwide, governmental institutions are trying to further regulate it using money laundering as an excuse. Further regulation of DeFi and crypto has proven to be ineffective towards money laundering, while also infringing upon people’s privacy rights and the core values of decentralization and open source software. While money laundering is still a valid concern when it comes to cryptocurrency, the way global financial institutions and governments have been handling it is ineffective and smacks of double-standards.
This research has led to some suggestions moving forward. First and foremost, industry leaders must come to an agreement and push privacy-enabling policy frameworks to protect the Fourth Amendment. Secondly, legislation must be reviewed and amended to clarify gray areas of cryptocurrency and privacy so that developers and citizens know where they stand. And third, if cryptocurrency is to be scrutinized for its alleged role in enabling money laundering, then all traditional financial institutions and any person who has interacted with private or secret bank accounts should also be scrutinized in the same way for their connection to technology that enables money laundering. Ultimately as a global society we need to decide how we value privacy and transparency, and ensure that the rules are clear and consistent for citizens of all walks. If we decide on full transparency and no privacy, then that decision should have impacts consistently across our financial and banking sector and not be directed disproportionately at the emerging crypto financial sector.
About Standard DAO
Standard DAO is a global community backed by a diversification of real-world assets represented by our native SDA token with the aim of Supercharging, Scaling, and Securing the 3rd generation of the internet.
Carreras, T. (2022, August 9). “A Major Policy Issue”: Circle CEO Criticizes Tornado Cash Sanctions. Crypto Briefing. Retrieved August 12, 2022, from https://cryptobriefing.com/a-major-policy-issue-circle-ceo-criticizes-tornado-cash-sanctions/
Choudhri, Y. (2022, February 3). Report: Money Laundering via Cryptocurrencies up 30% in 2021. Organized Crime and Corruption Reporting Project. Retrieved June 23, 2022, from https://www.occrp.org/en/daily/15898-report-money-laundering-via-cryptocurrencies-up-30-in-2021
Crypto assets: new rules to stop illicit flows in the EU | News. (2022, March 31). European Parliament. Retrieved June 29, 2022, from https://www.europarl.europa.eu/news/en/press-room/20220324IPR26164/crypto-assets-new-rules-to-stop-illicit-flows-in-the-eu
Crypto Stinks. (2022, March 29). Blockworks Newletter. Retrieved June 29, 2022, from https://blockworks.co/newsletter/view/?id=27193620&utm_source=Sailthru&utm_medium=email&utm_campaign=Daily%20NL%20Tuesday%203.29.22&utm_term=Daily%20Newsletter
FACT SHEET: President Biden to Sign Executive Order on Ensuring Responsible Development of Digital Assets. (2022, March 9). The White House. Retrieved June 29, 2022, from https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/09/fact-sheet-president-biden-to-sign-executive-order-on-ensuring-responsible-innovation-in-digital-assets/
Farrugia, S., Ellul, J., & Azzopardi, G. (2020). Detection of illicit accounts over the Ethereum blockchain. Expert Systems with Applications, 150, 113318.
George, B. (2022, January 19). What Is KYC and Why Does It Matter For Crypto? CoinDesk. Retrieved June 29, 2022, from https://www.coindesk.com/learn/what-is-kyc-and-why-does-it-matter-for-crypto/
Grauer, K. (2021, February 16). The 2021 Crypto Crime Report Everything you need to know about ransomware, darknet markets, and more. Chainalysis. Retrieved June 23, 2022, from https://go.chainalysis.com/rs/503-FAP-074/images/Chainalysis-Crypto-Crime-2021.pdf
Overview. (n.d.). UNODC. Retrieved June 23, 2022, from https://www.unodc.org/unodc/en/money-laundering/overview.html
Pahuja, R. (2022, February 10). Tax Havens vs Major Economies — Who Is More Important for Crypto? Coin Crunch India. Retrieved July 8, 2022, from https://coincrunch.in/2022/02/10/tax-havens-vs-major-economies-who-is-more-important-for-crypto/
Post, K. (2022, May 20). BitMEX founder Arthur Hayes avoids jail time, sentenced to six months of home detention. The Block. Retrieved July 14, 2022, from https://www.theblock.co/linked/148053/bitmex-arthur-hayes-doj-sentence
Reynolds, S. (2022, January 21). Is Tornado Cash Complicit in Laundering Crypto? It’s Complicated, Says Former DEA Agent. CoinDesk. Retrieved June 23, 2022, from https://www.coindesk.com/business/2022/01/21/is-tornado-cash-complicit-in-laundering-stolen-crypto-its-complicated-says-former-law-enforcement-agent/
Rodriguez Reyna, I. (2020, October 9). HSBC: Dirty Money and White Collars. InSight Crime. Retrieved August 17, 2022, from https://insightcrime.org/news/analysis/hsbc-dirty-money-white-collars/
Sergeenkov, A. (2022, May 26). What’s the Crypto Travel Rule Explained: FATF Guidance and Its Implications. CoinDesk. Retrieved June 29, 2022, from https://www.coindesk.com/learn/whats-the-crypto-travel-rule-and-what-does-it-mean-for-you/
Toto, C. S., & Hutman, A. R. (2022, February 10). Department of Treasury Study Addresses NFTs, Online Platforms and the Emerging Digital Art Space. Internet & Social Media Law Blog. Retrieved June 28, 2022, from https://www.internetandtechnologylaw.com/treasury-nfts-online-platforms-digital-art/
Trust in public institutions: Trends and implications for economic security | DISD. (2021, July 20). the United Nations. Retrieved July 8, 2022, from https://www.un.org/development/desa/dspd/2021/07/trust-public-institutions/
Volokh, E. (2022, January 13). DeFi Gives Financial Privacy — Will Regulation Take It Away? Future. Retrieved June 30, 2022, from https://future.com/defi-gives-financial-privacy-will-regulation-take-it-away/
Wagner, C., Hernandez, O., Strack, B., Peterson, M., & Yang, J. (2022, May 6). US Treasury Sanctions First Crypto Mixing Service Following Record Hack. Blockworks. Retrieved June 23, 2022, from https://blockworks.co/us-treasury-sanctions-first-crypto-mixing-service-following-record-hack/