Despite Bitcoin having been created in 2009, and the recent anniversary of the first retail bitcoin transaction, which occurred on May 22 2010 when Laszlo Hanyecz purchased 2 pizzas for 10,000 BTC, there are continued claims that cryptocurrencies are still only for criminals.
In a recent Senate estimates hearing, narrowly focussed questions were asked of Nicole Rose, CEO of AUSTRAC, in relation to the use of DCEs by ransomware groups. Such scrutiny on the use of digital currency exchanges for ransomware, suggests there is still significant education required.
A recent Chainalysis Crypto Crime report noted there are 270 wallet addresses which are connected to 55% of all money laundering.
Todd Lenfield, Australia Country Manager of Chainanalysis, at a recent event, noted that only 11% of those addresses are associated with Australian digital currency exchanges and 0.34% of digital currency transactions are associated with illicit activities… we have seen a dramatic reduction this year.
Due to the traceability of cryptocurrencies, the use of cryptocurrencies for payment of ransomware is illogical. As the Senator pointed out, there has been “research showing that just 199 deposit addresses receive 80 per cent of all funds sent by ransomware addresses in 2020.” We expect that Australian AUSTRAC-registered cryptocurrency exchanges should have processes in place in their transaction monitoring procedure (part of their Anti-Money Laundering and Counter-Terrorism Financing Program) to monitor transactions against blacklisted wallet addresses (such as those used for ransomware).
Also noted in the Senate estimates committee, it has also recently been announced that AUSTRAC may be audited by the Australian National Audit Office (ANAO), which will assess the effectiveness of AUSTRAC’s regulation of DCE providers.
If the audit goes ahead it will examine the way in which AUSTRAC:
- communicates the new registration and reporting requirements to DCE providers;
- administers a Digital Currency Exchange Register;
- assesses and addresses risks to registration and reporting compliance; and
- uses reported information.
The audit will also determine whether AUSTRAC has developed an evaluation framework to assess the effectiveness of the regulatory regime in achieving the policy objective of preventing and detecting crime.
Following such an audit, you may expect the way in which AUSTRAC communicates with the industry may change.