Cryptocurrency Fraud , Fraud Management & Cybercrime , Standards, Regulations & Compliance

Bitcoin ATM Firms Seek to Shape Regulations

Sizing Up the Objectives of the Cryptocurrency Compliance Cooperative
Bitcoin ATM Firms Seek to Shape Regulations
(Source: Cryptocurrency Compliance Cooperative)

Bitcoin ATM operators and blockchain analytics firms that recently launched the Cryptocurrency Compliance Cooperative acknowledge one of their goals is to influence regulation of the sector.

See Also: Risk Management Framework: Assessing and Monitoring NIST 800-53 Controls for DoD

"We hope that as regulators and examiners look for experts to help create standards for operating in their jurisdiction [be it state or federal], the [cooperative] is the resource they turn to first," says Seth Sattler, the director of compliance for bitcoin ATM operator DigitalMint, a founding member of this initiative.

Organizers also say they will "focus on federal regulations" from the Financial Crimes Enforcement Network, or FinCEN, and the Office of Foreign Assets Control, or OFAC.

But one observer questions whether the new group's main interest is to forestall stronger cryptocurrency regulations.

"I see many of these consortiums as an effort to … delay or shape as a group any proposed legislation that they feel could impair what they want to do," says Malcolm Harkins, a fellow with the Institute for Critical Infrastructure Technology, a nonpartisan cybersecurity think tank.

"So on one hand this is a good thing, but the real question is whether it's meant to delay regulatory efforts so the players can run fast and loose longer," says Harkins, who also serves as CSO for the security firm Epiphany Systems.

Bolstering Standards

Members of the new cooperative say they will focus on bolstering "currently insufficient" security compliance standards - especially around know-your-customer and anti-money laundering controls. In addition to bitcoin ATM operators DigitalMint and Coinsource, other members include blockchain analytics firms Chainalysis and Elliptic, among others.

In addition, the group says it will develop best practices for financial institutions considering forming bitcoin ATM companies, identify emerging fraud trends for state and federal law enforcement agencies, and develop monitoring methods for cash-to-cryptocurrency companies.

"The nefarious use cases plaguing this industry are well documented by several law enforcement agencies," Sattler says. "While a small number of operators go above and beyond with know-your-customer and anti-money laundering protocols, others in the … industry simply turn a blind eye and are complacent to these bad actors by applying the bare minimum customer protections."

Bitcoin ATMs - numbering as many as 42,000 across the U.S. - have enabled customers to purchase cryptocurrencies using cash since 2014. But some security experts have questioned if they have adequate security measures.

"Unfortunately, many operators feel that merely asking for a cellphone number is enough due diligence to absolve them of their mandated KYC [know-your-customer] requirements," says Bo Oney, executive vice president of operations and head of compliance at Coinsource, a member of the new group. "Such lax provisions provide a safe haven for bad actors to abuse the machines for nefarious purposes."

Lax compliance policies and a history of illicit activity "have long plagued the reputation of bitcoin ATMs," says Caitlin Barnett, director of regulation and compliance at blockchain analytics firm Chainalysis, also a member of the new collaborative. "[This initiative] will build trust in bitcoin ATMs and promote more financial freedom with less risk."

Building Confidence

Alan Konevsky, the chief legal officer and interim CEO for the blockchain firm tZero, which is not a member of the collaborative, says "thoughtful industry-led initiatives" such as this one can help promote further "understanding and confidence" in digital technologies and products.

John Jefferies, the chief financial analyst at the blockchain analytics firm CipherTrace, which is not a member of the consortium, says the larger issue is this: "How do bitcoin ATMs work to make transactions safer for consumers now to solve these know-your-customer and anti-money laundering issues?"

Inadequate Authentication?

Earlier this year, an independent report from the New Jersey State Commission of Investigation determined that nearly 75% of all bitcoin ATM operators with kiosks in the state allowed transactions to proceed with a phone number serving as the sole form of verification. In some instances, no identifying information was required at all, it says.

"Not only did the commission discover wide variability in the precautions operators take - or fail to take - to safeguard against fraud, the inquiry also found inconsistencies among the various companies in how the businesses function [and] the type of information they collect," the report reads.

Without government-sanctioned criteria for operation, New Jersey officials said, business owners set their own rules for transaction amounts, associated fees and PII collection.

"Some of the qualities that make the machines appealing to users … also make them ripe for exploitation and criminal enterprise," state officials warned.

A bill pending in the New Jersey Legislature would address several concerns raised by the report, including licensing for crypto-kiosks.

At the federal level, cryptocurrency ATM operators fall under provisions of the Bank Secrecy Act, which requires financial institutions to assist U.S. agencies in preventing money laundering. The law's "best practice program" calls for using know-your-customer identification and transaction monitoring as well as designating a compliance officer, according to the New York-based Dilendorf Law Firm.

A proposed regulation from FinCEN, a bureau of the Treasury Department, would require domestic cryptocurrency transactions of more than $3,000 to be vetted by additional know-your-customer and anti-money laundering checks, the law firm notes. The regulation would also apply to international transactions as low as $250.

The prosed regulation, scheduled for final action this fall, would amend the "travel rule," which requires reporting of transactions involving more than one financial institution.

Another proposed FinCEN rule - slated for final action by the Treasury Department in November - would require cryptocurrency exchanges to file reports when virtual currency transactions exceeding $10,000 are transferred to nonexchange wallets.


About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.