This pioneering seminar attempted to elucidate the rise, purpose, operational intricacies, societal benefits and multiple risks of Bitcoin and the emerging breed of alternative digital currencies. For the first time in history, Bitcoin allows individual consumers to make payments and move funds securely, completely outside of the traditional financial system. In recent months, there has been a lot of hype about the risk of virtual currencies, but not much explanation about how they work and what the real risks and also societal benefits are. In this session, regulators, executives and risk managers had the opportunity to learn how Bitcoin and other digital currencies work, what the true risks are and what can be done to both manage the risks and exploit the opportunities.
6. Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why itâs revolutionary
2. Risk Identification & Mitigation
a) Inventory of challenges
b) Mitigating AML risk
c) Customer identification and authentication (deanonymization)
3. SA Detection via Monitoring and Analysis
Leveraging the blockchain
4. Unsolicited (contrarian) advice
Š 2013 JuanLlanos
7. Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why itâs revolutionary
2. Risk Identification & Mitigation
a) Inventory of challenges
b) Mitigating AML risk
c) Customer identification and authentication (deanonymization)
3. SA Detection via Monitoring and Analysis
Leveraging the blockchain
4. Unsolicited (contrarian) advice
Š 2013 JuanLlanos
8. Think of Bitcoin as a numbered Swiss
bank account living on your
smartphone. *âŚ+ retail and online
purchases can be made with virtually no
transaction fees. It's the ultimate bank
debit card, except there's no card âor
bank for that matter.
Robert Berry
Š 2013 JuanLlanos
10. D I G I TA L PAY M E N T S N E T W O R K
D I G I TA L M O N E Y
PROTOCOL
Š 2013 JuanLlanos
11. D I G I TA L PAY M E N T S N E T W O R K
INSTANTANEOUS
SECURE
LOW COST
GLOBAL TRANSFER OF VALUE
12. D I G I TA L M O N E Y
TRANSACTIONS IN âBITCOINSâ
DOLLAR VALUE ď OPEN MARKET
COUNTERFEIT-PROOF âONLINE CASHâ
TOTAL CAPPED ď INFLATION-PROOF
Š 2013 JuanLlanos
13. âbitcoinsâ
SCARCE ď Central Banks canât inflate them
DURABLE ď they donât degrade
PORTABLE ď can be carried and transmitted
electronically or as numbers in your head
DIVISIBLE ď into trillionths
VERIFIABLE ď through everyoneâs block chain
EASY TO STORE ď paper or electronic
FUNGIBLE ď each bitcoin is equal
DIFFICULT TO COUNTERFEIT ď cryptographically
impossible
Naval Ravikant
Š 2013 JuanLlanos
14. PROTOCOL
APPLICATIONS BEYOND PAYMENTS ď
SECURE CONTRACTS, ESCROW, TAMPER PROOF VOTING, NOTARY SERVICES, ETC.
P L AT F O R M F O R I N N O V AT I O N
Š 2013 JuanLlanos
15. P L AT F O R M F O R I N N O V AT I O N
⢠Contracts can be entered into, verified, and enforced
completely electronically, using any third-party that
you care to trust, or by the code itself. For free, within
minutes, without possibility of forgery or revocation.
⢠Any competent programmer has an API to cash,
payments, escrow, wills, notaries, lotteries, dividends,
micropayments, subscriptions, crowdfunding, and
more.
⢠While the traditional banks and credit card companies
lock down access to their payments infrastructure to a
handful of trusted parties, Bitcoin is open to all.
Naval Ravikant
Š 2013 JuanLlanos
21. PAY M E N T & I D E N T I T Y
S E PA R AT E D
CONSUMERď PRIVACY PROTECTED
MERCHANTď NO CHARGEBACKS / FRAUD
Payment only
Š 2013 JuanLlanos
22. T R A N S PA R E N C Y
Every transaction that has ever
occurred in the history of the bitcoin
economy is publicly viewable in the
BLOCK CHAIN.
Privacy without anonymity ď
pseudonymity
Š 2013 JuanLlanos
23. Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why itâs revolutionary
2. Risk Identification & Mitigation
a) Inventory of challenges
b) Mitigating AML risk
c) Customer identification and authentication (deanonymization)
3. SA Detection via Monitoring and Analysis
Leveraging the blockchain
4. Unsolicited (contrarian) advice
Š 2013 JuanLlanos
24. â Virtual currencies promise
to benefit commerce on
many levels, from serving
the unbanked to new
financial products. I
challenge our innovators:
devise creative solutions to
prevent virtual currency
a b u s e .â
FinCEN Director Jennifer Shasky Calvery
Š 2013 JuanLlanos
25. C H A L L E N G ES
R E G U L AT I O N
T R A N S PA R E N C Y/ P R I VA C Y
S P E C U L AT I O N
SECURITY
D I S R U P T I O N O F S TAT U S Q U O
Š 2013 JuanLlanos
26. Before March 18, 2013
The Criminal Precedent that Could
Curb Bitcoinâs Enthusiasm
Š 2013 JuanLlanos
27. ⢠ISSUER OF DIGITAL CURRENCY
E-Gold
⢠a medium of exchange offered over the Internet
⢠Global acceptance without the need for conversion between national
currencies
⢠USED FOR ONLINE COMMERCE AND FOR FUNDS TRANSFERS BETWEEN
INDIVIDUALS
⢠FOUR PRIMARY STEPS
1.
2.
3.
4.
Opening a digital currency account
Converting national currency into âe-goldâ to fund the account
Using âe-goldâ to buy a good or service or transfer funds to another person
Exchanging âe-goldâ back into national currency
⢠PARTIES NEEDED:
⢠Digital currency exchanges
⢠Merchants or individuals that accepted âe-goldâ
⢠ABILITY TO OPERATE ACCOUNTS ANONYMOUSLY
⢠Highly-favored method of payment by operators of âget-rich-quickâ scams
⢠ALL TRANSFERS OF âE-GOLDâ WERE IRREVOCABLE AND IRREVERSIBLE
Š 2013 JuanLlanos
28. E-Gold
2008-07 Guilty Plea
â˘
â˘
â˘
â˘
Conspiracy To Launder Monetary Instruments (federal)
Conspiracy To Commit The Offense Against The United States (federal)
Operating Of Unlicensed Money Transmitting Business (federal)
Transmitting Money Without A License (District of Columbia)
â T h e r o o t c a u s e s o f E - G o l d âs f a i l u r e w e r e d e s i g n
flaws in the account creation and provisioning logic
that led to the unfortunate consequence of
vulnerability to criminal abuse .
â We a c k n o w l e d g e t h a t E - G o l d i s i n d e e d a f i n a n c i a l
institution or agency as defined in US law and should
b e r e g u l a t e d a s a f i n a n c i a l i n s t i t u t i o n .â
Douglas Jackson, E-Gold Founder
Š 2013 JuanLlanos
30. FinCEN Guidance FIN-2013-G001
⢠âInterpretive Guidanceâ ď not new rule-making
⢠Centralized vs. Decentralized virtual currencies
⢠Virtual Currency Actors:
⢠USER ď a person that obtains virtual currency to
purchase goods or services.
⢠EXCHANGER ď a person engaged as a business in the
exchange of virtual currency for real currency, funds, or
other virtual currency.
⢠ADMINISTRATOR ď a person engaged as a business in
issuing (putting into circulation) a virtual currency, and
who has the authority to redeem (to withdraw from
circulation) such virtual currency.
Š 2013 JuanLlanos
31. FinCEN Guidance FIN-2013-G001
⢠âAn administrator or exchanger that (1) accepts and transmits a
convertible virtual currency or (2) buys or sells convertible virtual currency for
any reason is a money transmitter under FinCENâs regulations *âŚ+â
⢠âUnder FinCENâs regulations, sending âvalue that substitutes for currencyâ to
another person or to another location constitutes money transmission,
unless a limitation to or exemption from the definition applies. This
circumstance constitutes transmission to another location, namely from the
userâs account at one location (e.g., a userâs real currency account at a bank) to
the userâs convertible virtual currency account with the administrator.â
⢠âTo the extent that the convertible virtual currency is generally understood as a
substitute for real currencies, transmitting the convertible virtual
currency at the direction and for the benefit of the user constitutes money
transmission on the part of the exchanger.â
⢠â*âŚ+ a person that creates units of convertible virtual currency and sells those
units to another person for real currency or its equivalent is engaged in
transmission to another location and is a money transmitter. In addition, a
person is an exchanger and a money transmitter if the person accepts
such de-centralized convertible virtual currency from one person and transmits it
to another person as part of the acceptance and transfer of currency, funds, or
other value that substitutes for currency.â
Š 2013 JuanLlanos
32. FinCEN Guidance FIN-2013-G001
⢠Currency definitions:
⢠REAL CURRENCY ď the coin and paper money of the
United States or of any other country that [i] is
designated as legal tender and that [ii] circulates and
[iii] is customarily used and accepted as a medium of
exchange in the country of issuance.
⢠VIRTUAL CURRENCY ď medium of exchange that
operates like currency in some environments, but does
not have all the attributes of real currency; no legal
tender status in any jurisdiction.
⢠CONVERTIBLE VIRTUAL CURRENCY ď either has an
equivalent value in real currency, or acts as a substitute
for real currency.
Š 2013 JuanLlanos
33. FinCEN Guidance FIN-2013-G001
⢠PROBLEM #1 ď ALL USERS? How does the law apply if one
obtains bitcoins not to purchase goods or services? Reasons:
1. speculation that the price of bitcoins will go up
2. simply because one trusts a virtual currencyâs stability more than that of a
particular âreal currencyâ (think of Argentina or Zimbabwe), or
3. because one wants to make a remittance to a family member overseas.
⢠PROBLEM #2 ď MINERS?
⢠If mine and buy goods ď users
⢠If mine and sell bitcoins ď money transmitters. Why?
⢠Not transmitting bitcoins from one party to another (only 2 parties to
the transaction)
⢠No consumer to protect and no potential for money laundering
⢠PROBLEM #3 ď NEW LAW IN THE GUIDANCE?
⢠Definitions of âvirtual currencyâ and âconvertible virtual currencyâ ď only in
this guidance.
Š 2013 JuanLlanos
34. After March 18, 2013
The End of Bitcoin as We Know It
Š 2013 JuanLlanos
35. Liberty Reserve
⢠alternative digital payment network
⢠âClosed lookâ ď centralized virtual currency (LR
dollars)
⢠shut down and its management indicted and
arrested in May 2013.
⢠âthe largest money laundering case in U.S.
historyâ
⢠a convenient tool for foreign currency brokers,
as it allowed them to bypass local legislation
and avoid exchange rate fluctuations
⢠âa shadowy netherworld of cyber-financeâ
⢠its realm of anonymity made it a popular hub
for fraudsters, hackers and traffickers
Š 2013 JuanLlanos
36. Liberty Reserve Indictment
[x] ANONYMITY ď product has to dissuade the bad element, never attract it.
⢠âdeliberately attracting, and maintaining a customer base of criminals by
making financial activity on LR anonymous and untraceable.â
⢠âdesigned so that criminals could effect financial transactions under multiple
layers of anonymity and thereby avoid apprehension by law enforcement.â
[y] COMPLIANCE ď product and operations cannot be in violation of any
applicable laws and regulations (the âformâ or âpaperâ side of compliance).
⢠âwas not registered as a money transmitting business with FinCENâ
⢠âoperated an unlicensed money transmitting business.â
[z] SUBSTANCE ď what is written in their policy must actually be implemented.
Businesses must be run with integrity, responsibility and control.
⢠âintentionally creating, structuring, and operating LR as a criminal business
venture, one designed to help criminals conduct illegal transactions and launder
the proceeds of their crimes.â
⢠âlying to anti-money laundering authorities in Costa Rica, pretending to shut
down LR after learning the company was being investigated by US law
enforcement (only to continue operating the business through a set of shell
companies)â
⢠âcreated a system to feign compliance with anti-money laundering procedures,
*âŚ+ including a âfakeâ portal that was manipulated to hide data that LR did not
want regulators to see.â
Š 2013 JuanLlanos
37. Money transmitters
and their agents are perceived as
HIGH RISK
of
⢠ABUSE TO CONSUMER
⢠MONEY LAUNDERING
⢠TERRORIST FINANCING
Money transmission = highly regulated industry
Š 2013 JuanLlanos
38. Money Transmitter Regulation (US)
Main Risk Areas Main Statutes and Regs
Anti-Money Laundering
Anti-Terrorism Financing (CFT)
Privacy and Information
Security
Safety and soundness
Consumer protection
BSA, USA PATRIOT Act, Money
Laundering Acts
USA PATRIOT Act, OFAC
Gramm-Leach-Bliley
State (via licensing)
State (via licensing) + Dodd-Frank /
Regulation E (CFPB)
Focus ď AML/BSA + State Compliance
Š 2013 JuanLlanos
41. Customer Risks and Mitigators
RISKS
MITIGATORS
Complicity with agent or foreign
counterparty
Customer acceptance, monitoring and
termination protocols
Complicity with recipient (or sender)
Transaction & behavior monitoring
âDrip-irrigationâ transfer of illicit funds
(O2M recipients, M2O recipient, M2M
recipients)
Lower identity verification thresholds
at origin and destination
Intra-company structuring
Inter-company structuring (âsmurfingâ)
Terrorist financing
For cards, maximum loadable amounts,
expiration date, and limited number of
recipients.
Redundant identity verification
procedures at destination
POS training
OFAC screening
Eventually, intercompany transaction
monitoring by highly-professional and
secure clearing house. This is the only
possible antidote against âsmurfingâ.
Š 2013 JuanLlanos
42. Corporate Safeguards*
1. A designated compliance officer + professional team
2. Written policies and procedures + operational controls:
â˘
â˘
â˘
Licensing, renewal and reporting procedures (S)
Registration, record-keeping and report-filing procedures (F)
KY (Know YourâŚ) Subprograms: Acceptance, monitoring, correction and
termination
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
KYâŚCustomer
KYâŚAgent
KYâŚForeign Counterparty
KYâŚEmployee
KYâŚVendor
Monitoring, analysis and investigating procedures
OFAC compliance program
Response to official information requests
Privacy and information security protection protocols
3. An on-going training program
â˘
Risk & Compliance Committee
4. An independent compliance auditing function
* AML Program Elements (Section 352 of the USA PATRIOT Act)
Š 2013 JuanLlanos
43. Key Elements of a BSA/AML Program
⢠State Compliance: Licensing, renewal and reporting
procedures // Consumer protection disclosures, etc.
⢠Federal Compliance: Registration, record-keeping and
report-filing procedures (F)
⢠KY (Know YourâŚ) Subprograms: Acceptance, monitoring,
correction and termination (Life-Cycle Management)
â˘
â˘
â˘
â˘
â˘
KYâŚCustomer
KYâŚAgent
KYâŚForeign Correspondent or Counterparty
KYâŚEmployee
KYâŚVendor
⢠SA Detection: Monitoring, analysis and investigating
procedures
⢠Information Sharing: Response to information requests
⢠OFAC Compliance Program
⢠Privacy and information security protection protocols (GLBA)
Š 2013 JuanLlanos
45. Customer Identification
Non-Face to Face ď Card not present standards
DOCUMENTARY ď Review an unexpired government-issued form
of identification from most customers.
â˘
â˘
â˘
â˘
evidence of a customerâs nationality or residence
photograph or similar safeguard
form a reasonable belief that of the true identity of the customer.
E.g.: driverâs license (U.S.) or passport.
NON-DOCUMENTARY ď Independently verifying the customerâs
identity through the comparison of information provided by the
customer with information obtained from a consumer reporting
agency, public database, or other source
⢠contacting a customer
⢠checking references or obtaining a financial statement
Š 2013 JuanLlanos
46. Authentication Strength
Multifactor authentication:
â˘
â˘
â˘
Something the user knows (e.g., password, PIN)
Something the user has (e.g., ATM card, smart card)
Something the user is (e.g., biometric feature)
Authentication methods:
â˘
â˘
â˘
â˘
â˘
â˘
Shared secrets
Tokens (smart card, one-time password generating
device)
Biometrics (fingerprint, face, voice, keystroke
recognition)
Out-of-band authentication
Internet protocol address (IPA) location and geo-location
Mutual identification
Source: FFIEC
Š 2013 JuanLlanos
47. Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why itâs revolutionary
2. Risk Identification & Mitigation
a) Inventory of challenges
b) Mitigating AML risk
c) Customer identification and authentication (deanonymization)
3. SA Detection via Monitoring and Analysis
Leveraging the blockchain
4. Unsolicited (contrarian) advice
Š 2013 JuanLlanos
48. âWhat customers do
speaks so loudly that
I cannot hear what
theyâre saying.â
(Paraphrasing Ralph Waldo Emerson)
Customer identification vs. customer knowledge
B E H AV I O R A L A N A LY T I C S
Š 2013 JuanLlanos
49. Machine Learning (AI) Methods
SUPERVISED LEARNING: relies on two labeled classes (good vs. bad)
Goal ď Detect known suspicious patterns
1. Training set:
a. Select dataset with clean and dirty cases.
b. Classification algorithm to discriminate between the two
classes (finds the rules or conditions)
c. Probabilities of class 1 and class 2 assignment
2. Run discrimination method on all future purchases.
UNSUPERVISED LEARNING: no class labels
Goal ď Detect anomalies
1. Takes recent purchase history and summarize in descriptive
statistics.
2. Measure whether selected variables exceed a certain threshold.
(deviations from the norm)
3. Sounds alarm and records a high score.
Š 2013 Juan Llanos
Š 2013 JuanLlanos
53. An Analysis of Anonymity in the Bitcoin System - Bitcoin is Not
Anonymous
by Fergal Reid and Martin Harrigan (2011)
Link: http://anonymity-in-bitcoin.blogspot.com/2011/07/bitcoin-is-not-anonymous.html
⢠The entire history of Bitcoin transactions is
publicly available.
⢠âUsing an appropriate network representation,
it is possible to associate many public-keys
with each other, and with external identifying
information.â
⢠âLarge centralized services such as the
exchanges and wallet services are capable of
identifying and tracking considerable portions
of user activity.â
Š 2013 JuanLlanos
54. ⢠The victim woke up on the morning of 13/06/2011 to find a large portion of
his Bitcoins sent to1KPTdMb6p7H3YCwsyFqrEmKGmsHqe1Q3jg.
⢠The alleged theft occurred on 13/06/2011 at 16:52:23 UTC shortly after
somebody broke into the victim's Slush pool account and changed the payout
address to 15iUDqk6nLmav3B1xUHPQivDpfMruVsu9f.
⢠The Bitcoins rightfully belong to1J18yk7D353z3gRVcdbS7PV5Q8h5w6oWWG.
Š 2013 JuanLlanos
57. Resources
⢠Bitcoin Educational Resources:
http://www.forbes.com/sites/jonmatonis/2013/05/13/6-new-bitcoin-educationalresources/
⢠Bitcoin Education Project (Udemy): https://www.udemy.com/bitcoin-or-how-ilearned-to-stop-worrying-and-love-crypto/
⢠Bitcoin Primer for Policymakers:
http://mercatus.org/sites/default/files/Brito_BitcoinPrimer_embargoed.pdf
⢠Bitcoin Wiki: https://en.bitcoin.it/wiki/Main_Page
⢠Cato Unbound-The Private Digital Economy: http://www.catounbound.org/issues/july-2013/private-digital-economy
â˘
â˘
â˘
â˘
CoinDesk: http://www.coindesk.com/
Contrarian Compliance: http://contrariancompliance.com/
Letâs Talk Bitcoin: http://letstalkbitcoin.com/
Khan Academy Bitcoin Series: https://www.khanacademy.org/economics-financedomain/core-finance/money-and-banking/bitcoin/v/bitcoin-what-is-it
⢠We Use Coins: https://www.weusecoins.com/en/
Š 2013 JuanLlanos
58. Agenda
1. Bitcoin & Math-Based Currencies
What Bitcoin is and why itâs revolutionary
2. Risk Identification & Mitigation
a) Inventory of challenges
b) Mitigating AML risk
c) Customer identification and authentication (deanonymization)
3. SA Detection via Monitoring and Analysis
Leveraging the blockchain
4. Unsolicited (contrarian) advice
Š 2013 JuanLlanos
59. ⢠Prevention trumps damage control
⢠Risk MGT ď Both reducing downside and
increasing upside
⢠Simplicity and common sense
⢠Train for behavior change, not theoretical
knowledge
⢠Form-substance continuum ď substance
⢠Letter-spirit continuum ď focus on spirit
(underlying purpose and values) facilitates
⢠Operational synergies (leveraging tech)
⢠Compliance without compromising performance
⢠Flexibility and sustainability
Š 2013 JuanLlanos
65. âIf you haven't heard of
BITCOIN, drop what you're
doing and go research it,
for it is THE MOST
IMPORTANT PROJECT ON
THE PLANET.â
Erik Voorhees
66. Thank you!
Juan Llanos
EVP & Compliance Officer
Unidos Financial Services, Inc.
275 Seventh Ave. - 20th Floor
New York, NY 10001
Direct: (646) 485-2264
Mobile: (646) 201-6217
Email: jllanos@unidosfinancial.com
LinkedIn: www.linkedin.com/in/juanllanos
Twitter: @JuanLlanos
Blog: contrariancompliance.com
Š 2013 Juan Llanos