Central Bank Digital Currency (CBDC)
Digital representation of fiat currencies issued by a national government. A digital form of central bank money that is different from balances in traditional reserve or settlement accounts.

Centralised Virtual Currency
Has a single administrating authority that controls the system. Value can be fixed by the administrator set against a fiat currency or it can be floating, e.g. ‘Linden dollars’ in the online game Second Life.

Convertible (or open) Virtual Currency
Has an equivalent value in real currency and can be exchanged back-and-forth for real currency, e.g. Bitcoin.

Crypto
Short for Crypto Assets or Cryptocurrency.

Crypto Asset
Digital representation of value or rights which may be transferred and stored electronically, using distributed ledger technology or similar technology.

Cryptocurrency
A math-based, decentralised – convertible – virtual currency that is protected by cryptography, i.e., it incorporates principles of cryptography to implement a distributed, decentralised, secure information economy.

Decentralised Virtual Currency (a.k.a. cryptocurrency)
Distributed, open-source, math-based peer-to-peer virtual currency that has no central administrating authority, and no central monitoring or oversight, e.g. Bitcoin.

Digital currency
A digital representation of either virtual currency (non-fiat) or e-money (fiat) and thus is often used interchangeably with the term “virtual currency”.

E-money
A monetary value, represented by a claim on the issuer, which is:
i. stored on an electronic device
ii. issued upon receipt of funds
iii. accepted as a means of payment by undertakings other than the issuer.

FATF Virtual Asset
A virtual asset is a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies, securities, and other financial assets.

FATF Virtual Asset Service Providers
Any natural or legal person who as a business that conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

• i. exchange between virtual assets and fiat currencies;
• ii. exchange between one or more forms of virtual assets;
• iii. transfer of virtual assets; (conduct a transaction on behalf of another)
• iv. safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
• v. participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Initial Coin Offering (ICO)
A Virtual Asset Service Provider generally used as a means to raise funds for new projects from early backers. The issuer offers a digital asset for sale in exchange for fiat currency or another virtual asset, telling prospective purchasers that the capital raised from the ICO sales will be used to fund development in a project such as a digital platform or new software. Purchasers of the digital asset expect a return on their investment or to participate in a share of the returns provided by the project.

Non-convertible (or closed) virtual currency
Intended to be specific to a particular virtual domain or online world, including the Metaverse. Each Metaverse has its own set of coins used for paying everything, including non-fungible tokens (NFTs) and virtual real estate.

Non-fungible token (NFT)
Unique digital asset built on blockchain technology, used as collectibles rather than as payment or investment instruments. A type of Crypto asset but not considered by FATF as falling under the definition of Virtual Asset. NFTs use the same blockchain technology that powers cryptocurrencies, but they are not a currency.

As blockchain-based tokens NFTs securely map ownership rights to digital assets. These can be objects in virtual worlds or digital artworks, with digitalised characters from sports as an area of growing popularity.

Travel Rule
Originates in FATF Recommendation 16, when implemented in a jurisdiction requires at a minimum that Virtual Asset Service Providers (VASPs) share the information on the identities of the originator and beneficiary whenever the amount transacted is above $1,000. Countries can choose to implement guidance in a way that best suit local crypto industries.

Virtual Currency
A digital representation of value that can be digitally traded and functions as a medium of exchange; and/or a unit of account; and/or a store of value but does not have legal tender status in any jurisdiction. It is not issued nor guaranteed by any jurisdiction and fulfils the above functions only by agreement within the community of users of the virtual currency.

Financial Action Task Force
Recognising the money laundering and terrorist financing implications of virtual assets, FATF adopted changes to its Recommendations in October 2018. An amendment now requires service providers in relation to these products to be regulated for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes. The FATF Glossary was updated to reflect the terms “virtual asset” (VA) and “virtual asset service provider” (VASP). The amended Recommendation 15 requires that VASPs be licensed or registered, and subject to effective systems for monitoring or supervision.

In June 2019, FATF adopted an amended Interpretive Note to Recommendation 15. This further clarified how the requirements should be applied, with particular reference to:
i. application of the risk-based approach to VA activities and VASPs
ii. supervision of VASPs for AML/CFT purposes
iii. licensing or registration
iv. preventive measures, such as customer due diligence, recordkeeping, and suspicious transaction reporting
v. sanctions and other enforcement measures
vi. international co-operation.

The amended Interpretive Note was released alongside publication of Guidance for a Risk-Based Approach for Virtual Assets and Virtual Asset Service Providers. Updated in 2021⁵ to reflect the fast-moving and technologically dynamic nature of this sector, the Guidance offers support on application of the risk-based approach to VAs and VASPs. It is intended to help national authorities in developing regulatory and supervisory responses and to help private sector firms engaging in VA activities to understand their AML/CFT obligations and how to achieve effective compliance.

An interesting point in the Guidance is that supervision principles make clear only competent authorities, and not self-regulatory bodies, can act as VASP supervisory or monitoring bodies. Country authorities had the choice of creating a new supervisory body as a competent authority or placing the responsibility with an existing competent authority, the latter approach being more common.

The Financial Crimes Enforcement Network (FinCEN) is responsible for the regulatory framework for Virtual Currencies in the United States and provides formal Guidance and Advisory on the threats posed by virtual currency misuse.

The FinCEN rules define certain businesses or individuals involved with ‘Convertible Virtual Currencies’ (CVCs) as money transmitters, subject to the same registration requirements and range of anti-money laundering measures as other money services businesses, such as AML/CFT program, recordkeeping, and reporting responsibilities.

A 2019 FinCEN Advisory on Illicit Activity Involving Convertible Virtual Currency⁷ was issued to assist financial institutions in identifying and reporting suspicious activity concerning how criminals exploit convertible virtual currencies CVCs for criminal purposes. The coverage was extensive and included money laundering, sanctions evasion, and other illicit financing purposes, particularly involving darknet marketplaces.

In May 2022, the Government of Jersey published a National Risk Overview of Virtual Assets Money Laundering & Terrorist Financing⁹.

The report is a product of the government working with a series of public and private sector stakeholders and experts in the Virtual Asset Service Provider (VASP terminology used in line with FATF) sector on a high-level risk overview of the exposure in Jersey to ML and TF risks stemming from virtual assets and related activities.

Jersey has been progressive in the area of virtual assets and was one of the first jurisdictions globally to enact legislation in 2016 that brought within scope of AML provisions entities that offer exchange services between virtual assets and fiat currencies.

The report concludes that although the VA sector in Jersey is currently small, it is rapidly evolving and with it the risks it presents. Potential risks need to be kept under constant review and the government is proactively taking steps to identify, assess, and understand the ML and TF risks.

There are three different types of CBDC, these vary depending on the technology used:
i. digital central bank tokens that can be used by financial institutions, for example interbank settlements
ii. accounts at the central bank for use by the general public
iii. a digital form of cash that could be used by the general public in retail payments.

Currently only large financial institutions can hold deposits at central banks such as the Bank of England. A CBDC extends this facility to businesses and consumers who can use the process for their everyday payments needs. It exists alongside cash and bank deposits, rather than replacing them.

A CBDC overcomes certain consumer issues associated with a bank, for example the risk of collapse or commercial policy changes. A CBDC is managed by a central bank and therefore has the same security as cash, unlike a decentralised virtual currency, such as Bitcoin, which has no central administrating authority.

The CBDC is not a financial asset in itself but a digital form of a national currency and draws its value from the national physical currency, to which it is pegged at parity.

CBDCs have many benefits but also come with serious concerns, such as the risk of cyber-attack. The process relies upon giving millions of customers access to the central bank.

Many countries have gone beyond proof of concept and launched pilot schemes or full CBDC.

United Kingdom
There are as yet no plans to introduce a CBDC in the UK. In November 2021, the Bank of England issued a statement confirming a 2022 consultation on whether authorities are content to move into a ‘development’ phase which will they believe will span several years, with earliest date for launch of a UK CBDC as the second half of the 2020s decade.

Bahamas
In October 2020, the Central Bank of the Bahamas introduced the Sand Dollar as a digital legal currency equivalent to the traditional Bahamian dollar. Launch followed a successful 2019 pilot on the island and the Sand Dollar became the first ever nationwide CBDC in the world.

Nigeria
The Central Bank of Nigeria launched the eNaira in 2021 following successful pilot and it is predicted to bring multiple benefits. These include an increase in financial inclusion as coverage will expand to anyone with a mobile phone, even if they do not have a bank account. 36 percent of the adult population of Nigeria do not have bank accounts, 38 million people unbanked, and the target is to enable up to 90 percent of population to use the eNaira.

Nigeria is among the key remittance destinations in sub-Saharan Africa, with remittance receipts amounting to $24 billion in 2019. Typically, these payments are made through international money transfer operators with fees up to 5 percent of the transaction value. The eNaira will allow wallet-to-wallet transfers free of charge.

Nigeria has a large informal economy, with little transparency to payments. As a centralised virtual currency, the eNaira is account-based with fully traceable transactions. Widespread eNaira adoption will increase financial inclusion, bring greater transparency to informal payments, and strengthen the tax payment base.

China
In April 2020, China became the first major economy in the world to pilot a digital currency. The pilot for the e-CNY operated in ten regions across China before it was introduced to Olympic Games venues in February 2022. The Games were thought to provide an international centre stage to test the capabilities of the e-CNY.

The central bank, People’s Bank of China (PBoC), was able to test the scalability of e-CNY transactions, an area of technical difficulty which has come under scrutiny and criticism. The rate of maximum predicted transactions per second (TPS) is 300,000, which sounds capable however the private-sector online payment platform Alipay popular in China has a current TPS capability of 544,000. The U.S. initiative for the digital dollar has a potential TPS of to 1.7 million.

China has plans for cross-border testing of e-CNY for use beyond the domestic market. It is working with the Bank of International Settlements and countries such as Hong Kong and the United Arab Emirates.

In conclusion, the IMF Managing Director recently stated: If CBDCs are designed prudently, they can potentially offer more resilience, more safety, greater availability, and lower costs than private forms of digital money.

Case study: Crypto proceeds of crime auction

In 2019, UK police officers had a case dealing with the proceeds of crime in the form of cryptocurrencies. Traditional proceeds of crime such as houses, cars and jewellery are regularly sold at auction to realise funds which are then subject to forfeiture. In this case, cryptocurrencies in the form of Bitcoin, Ripple and Ether had been seized from the former TalkTalk hacker Elliot Gunton who had received them as payments for selling hacking services and stolen personal details online.

This first ever UK-based auction of cryptocurrencies ran for 24 hours, with bidders vetted to ensure only ethical buyers participated. With bids made from across the world including Brazil, Australia and Singapore, the auction raised £240,000.

Case studies: Fraudulent Crypto Schemes
Eastern Metal Securities

In the first case¹² , the fraudster ran an investment scheme that induced victims to purchase shares in the scheme called Eastern Metal Securities using cryptocurrency such as Bitcoin and others. Roger Nils-Jonas Karlsson promised victims extremely high returns tied to the price of gold. Funds provided by victims were transferred to Karlsson’s personal bank accounts and use to finance a high spending lifestyle.

In July 2021, Karlsson was convicted of securities fraud, wire fraud and money laundering charges that defrauded thousands of victims of more than $16 million.

My Big Coin

In this case¹³ the fraudster founded a fraudulent cryptocurrency and virtual payment services company based in the U.S. Randall Crater marketed a fraudulent digital currency called My Big Coin to investors with false representations on the nature and value of the coins. He claimed that My Big Coin was a valid form of crypto, backed by $300 million in gold and other assets, and he had a partnership with Mastercard. This was entirely false and Crater misappropriated over $6 million of investor funds which he used for his own personal gain, spending hundreds of thousands of dollars on high value items such as art and antiques.

In July 2022, Crater was convicted of wire fraud, money-laundering and operating an unlicensed money transmitting business that defrauded investors of more than $6 million.

Case studies: Crypto Thefts
UK: James Parker

In the first case¹⁴ , four UK offenders were convicted in 2022 of fraudulently obtaining and laundering Bitcoin and other cryptocurrency worth tens of millions of pounds from an Australia-based cryptocurrency exchange. A fraudster identified and then exploited a loophole on a cryptocurrency trading platform which allowed him to dishonestly obtain credits. He passed this information on to others, who also exploited the weakness. The initial fraudster, James Parker, dishonestly obtained crypto assets worth £15 million from his trading account, his associates acting under his guidance dishonestly withdrew £2.7 million and £1.7million from their accounts. The stolen cryptocurrency was converted into cash and then laundered through various foreign based online accounts.

Parker died before the trial took place. His associates were found guilty of fraud and money laundering.

US: Bitfinex

The second case involves theft of cryptocurrency on an extremely large scale. Hackers had been inside the servers of Bitfinex, a virtual currency exchange, for weeks before attempting an attack. They watched users on the cryptocurrency exchange buy and sell Bitcoins, and studied the commands that controlled the security system, looking for vulnerabilities that were then exploited.

The 2016 hack of Bitfinex netted the thieves virtual currency that at 2022 figures is valued at approximately $4.5 billion. The large-scale investigation by numerous law enforcement bodies has so far seized over $3.6 billion in cryptocurrency linked to the hack. At the height of Bitcoin value in 2021 the stolen Bitcoins would have been worth more than $8 billion, making this case the largest theft in history.

Two individuals linked to the wallets that received stolen Bitcoin were arrested in 2022¹⁵ for conspiracy to launder $4.5 Billion in stolen cryptocurrency and face trial.

Great Chatwell Academy of Learning (GCAL) are the trusted provider of personal and corporate training and development for financial crime compliance and risk management professionals.

GCAL courses are tailored to match the work-based learning outcomes of individuals and businesses, and each course is unique, offering a blend of current regulatory technical guidance and practical-based experiential learning including the use of case study analysis and interactive exercises.

And, we are delighted to be back in the classroom! We are of course continuing to provide online learning, but we are equally excited to be delivering in-person sessions.

Contact Lee for more details and to schedule your training at: lee.byrne@greatchatwellacademy.com

GCAL now offers a full consultancy risk management service, and we are currently engaged by a wide variety of regulated and non-regulated businesses to provide help and guidance on a range of operational risk and compliance challenges.

If we can help, please do not hesitate to contact me or any other member of our team at: info@greatchatwellacademy.com.