Government should develop Know Your Customer procedures for social media and messaging services and take stronger measures to track cryptocurrency transactions.
While regulators and policymakers dither and try to decide if cryptocurrencies have a future in the economy, early adopters, including terrorists and violent extremists, are exploiting a law enforcement blind spot. The ease by which money laundering and terrorism financing take place with cryptocurrencies and the more dangerous privacy coins are becoming a security threat of our own making through bureaucratic inaction.
The recent indictment of a New York woman accused of sending funds to Hay’at Tahrir al-Sham — designated by the United States and United Nations as a Foreign Terrorist Organization — is newsworthy because it’s the exception, not the rule. But this does not necessarily mean that financing terrorism with cryptocurrencies is itself a rare event. Rather, the few prosecutions that have been announced reflect the limitations of law enforcement’s capabilities in the United States and around the world — a problem that can and should be solved.
The U.S. has only a small group of dedicated law enforcement personnel to track and seize cryptocurrencies used for criminal purposes. Agents responsible are also tasked with investigating all aspects of the misuse of cryptocurrencies ranging from extortion and money laundering to sanctions evasion and terrorism financing. This lack of specific focus broadens the potential for misuse of cryptocurrencies to be undetected, particularly in light of the steady migration by criminals to so-called privacy coins that encrypt wallets — like Monero — and in some cases also the transactions themselves.
Related: CBDCs will lead to absolute government control
In June 2020, my own Counter Extremism Project (CEP) located a notorious pro-ISIS website requesting Monero (XMR) cryptocurrency donations “because it offers more privacy and safety features than Bitcoin.” Months later, a website that supports the National Socialist Order and spreads violent neo-Nazi propaganda requested donations via Monero, and a neo-Nazi chat group on Telegram posted a guide on how to purchase Monero to the dark web. The neo-Nazi accelerationist group The Base, too, has requested cryptocurrency donations in Monero to facilitate training and unspecified equipment.
Though the U.S. has the most advanced capacity to track and seize cryptocurrencies used for criminal purposes, these and other privacy coins present technical hurdles that no country has yet fully overcome. Their encryption technology renders law enforcement largely blind to who holds privacy coins and to what end they are used, and its users know it. The availability of so-called decentralized wallets, shareware downloadable from the internet, outside of cryptocurrency exchanges also provides another layer of anonymity by removing a third party that is responsible for fulfilling customer identification obligations and due diligence procedures.
In May 2022, the Senate Committee on Homeland Security & Governmental Affairs reported that “the IRS has had to develop new partnerships with private companies to attempt to develop a tool or solution for tracing Monero transactions” and that “regulators expressed concern over the use of privacy coins, noting that there is a ‘substantial difference between more transparent cryptocurrency and more opaque transactions.’”
Congress, however, has yet to create new regulatory frameworks or fund the development of new technological tools to the technical hurdles facing law enforcement that would ensure that the terrorism financing risks emanating from such privacy-enhancing, but transparency-reducing technologies are appropriately mitigated.
In addition to blockchain analysis, officials should contemplate standards for behavior-based transaction monitoring and regulatory requirements for the tech industry to cooperate with law enforcement, given the intertwining use of cryptocurrencies, including privacy coins, with social media, messenger services and crowdfunding platforms. These service providers can and should become part of the first line of defense. Still, the tech industry is unlikely to focus on countering the misuse of its services for the financing of terrorism unless motivated by regulation and compelled by liability risks.
Behavior-based monitoring by exchanges focuses on the actions of wallet holders and recognizes patterns that do not fit the usual behavior of users. If such suspicious patterns occur, they are flagged for further inspections to determine whether risks of money laundering, terrorism financing or other financial crimes occur. Exchanges have access to real-time user information that is broader than the information available to traditional financial institutions, which largely rely on information provided by their customers. For this powerful tool to be used more effectively, appropriate regulatory standards should be developed to guide its use by exchanges while adequately protecting user data.
Related: Elizabeth Warren is pushing the Senate to ban your crypto wallet
Stronger regulatory standards for content monitoring and Know Your Customer procedures for social media, messenger services and crowdfunding platforms are needed when these platforms are used for commercial purposes, such as through web shops or crowdfunding campaigns. These internet platforms presently operate purely on their own non-regulated standards, which presents an uneven defensive mechanism across various platforms and generally very low moderation standards.
Noncustodial wallets and exchanges, as the Financial Action Task Force (FATF) advises, should be considered high-risk technology. Therefore, their use outside of exchanges should always be considered as a strong indication of nefarious activity. If exchanges choose not to require users that hold noncustodial wallets to fully disclose their identity during a transaction involving such noncustodial wallets, it would be advisable that these exchanges do not process such transactions.
Ultimately, only through governmental cooperation with industry stakeholders, combined with effective regulatory standards for the tech and fintech industries, can substantial progress be achieved and the risk of cryptocurrencies and privacy coins being used to fund extremism and terrorism be substantially reduced.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.