Bill Gates once said, “The future of money is digital currency.”

Warren Buffett, meanwhile, has said “cryptocurrencies will come to a bad end.”


The International Compliance Association (ICA) is a professional membership and awarding body. ICA is the leading global provider of professional, certificated qualifications in anti-money laundering; governance, risk, and compliance; and financial crime prevention. ICA members are recognized globally for their commitment to best compliance practice and an enhanced professional reputation. To find out more, visit the ICA website.

When such esteemed (and profitable) investors have contrasting views about cryptocurrency, it is hard for the rest of us to say if its influence is positive or negative. However, one thing is certain: It is here to stay.

Cryptocurrency is no longer the plaything of criminals or confined to dark corners of the Web. These views are outdated excuses to avoid confronting it. While no one can claim to be an expert, it’s still an area we must try to understand. We shouldn’t judge ourselves too harshly, as it is a complicated topic, but by accepting it and trying to come to grips with what it is—and how it works—we will be better placed to avoid regulatory censure and benefit from it.

This article will illustrate some of the challenges, even mysteries, of cryptocurrency and highlight the importance of everyone in compliance staying on top of it all. We’ll look at what regulators are trying to do, and we will also give you a tip on where to go to study this complex topic further.

Where to start

As the saying goes, you can’t run before you can walk, so in this situation you need to understand the technology before comprehending how it is used. Cryptocurrency, blockchain, distributed ledger technology (DLT)—these are all terms becoming more common as they gain higher levels of adoption. It can be great for compliance (for example, DLT can be used to bring more transparency to business transactions and speed up global commerce), but it also has the potential to be an asset for criminals (the anonymity provided through blockchain can create a haven for bad actors to operate within).

“The fast-evolving blockchain and distributed ledger technologies have the potential to radically change the financial landscape. But, their speed, global reach and above all - anonymity - also attract those who want to escape authorities’ scrutiny.”

Source: Financial Action Task Force

What about for the regulator? This is not as clear cut, as they sit in the middle. Too much regulation stifles growth and adoption at a time when the world is crying out for developments and improvements to how business is done, but too slack an approach allows criminals to run riot and exploit holes in regulation.

The problem for compliance professionals, then, is how to treat this burgeoning technology when we begin to encounter it? It’s really complicated, but that’s OK—we’re all discovering and trying to understand it together. As with all risks, there are threats and there are opportunities. Clearly, we must follow regulatory guidance, but what happens when that evolves or is updated? Equally, what happens when new technology emerges so quickly that regulation can’t keep up? There are so many new products and novel ways of moving value globally that criminals are poised to exploit that regulators have a mighty challenge on their hands to stay abreast. So, let’s take a breath and see how regulators and authorities are attempting to do exactly that.

The FATF’s viewpoint

Bitcoin exploded onto the scene in 2009, immediately catching the attention of the Financial Action Task Force (FATF). The most recent additional guidance was added to their recommendations in 2019. As part of that addition, a 12-month review was planned for June 2020, and a survey of its membership and its broader global network was carried out in March 2020. Thirty-eight FATF members (37 jurisdictions and 1 regional organization) and 16 FATF-style regional body member jurisdictions responded.

Quite often when a new regulation is issued, or guidance is given on a specific topic, there is the temptation to feel its contents are sufficient to cover the need and the issue resolved. However, it is rarely that simple. Regulations are complicated, and the guidance that follows can take multiple iterations to get right. This is especially true in such fast-paced areas as new technology, virtual assets, and cryptocurrency.

ICA crypto takeaways

While the recommendations are being implemented, there is still a long way to go to total adoption and full regulation. The FATF is aiming to bring consistency through its virtual asset service provider frameworks, its recommendations, and its review.

EU takes its first steps

In addition to the recommendations from the FATF, other jurisdictions are coming to terms with how to regulate cryptocurrency. The European Union has found it is hard to set clear and strict rules given the opaque nature of the Internet (anonymity provided by IP addresses, data being moved quickly, locations disguised via a virtual network, etc.). It is proving near impossible to apply sanctions in the world of cyber in the same way as against arms dealers or nuclear proliferation activities.

Nevertheless, the European Union in November 2020 imposed its first cyber-sanctions regime targeting Russian, North Korean, and Chinese actors deemed responsible for cyber-attacks against EU member states. Similarly, the United States has also pursued sanctions and indictments against Russian, North Korean, and Chinese actors. However, attributing blame and guilt in the cyber-sphere often lacks what would otherwise be deemed essential evidence, either because governments don’t have access to incontrovertible proof or because they are unwilling to provide it.

Further, given IP addresses can be altered or hidden, the location of a perpetrator’s address constitutes neither adequate nor necessarily correct evidence of their true location. The easily blurred and untraceable nature of cyber-space will therefore make identifying the complete networks of individuals difficult. Cyber-sanctions may consequently not result in significant asset freezes or have much impact on the financial networks supporting illicit cyber-actors. Thus, it’s unsurprising that it’s taking some time for authorities to come to grips with it all.

What are nation states doing?

The United States has yet to formulate a consistent legal approach to cryptocurrencies, with laws varying from state to state. Federal authorities even differ in their definition of the term: The Financial Crimes Enforcement Network (FinCEN) doesn’t yet consider cryptocurrencies legal tender; in contrast, the Internal Revenue Service (IRS) regards cryptocurrencies as property. Different terms being used for the same thing is just another example of how complicated this area is.

The situation in China is different. Cryptocurrency was initially handled very cautiously there but more recently has received some backing. In 2017, the People’s Bank of China banned initial coin offerings and cryptocurrency exchanges and attempted to root out the industry by making token sales illegal. The biggest exchanges thus ceased trading. This all changed in 2019 when a Chinese court ruled Bitcoin was digital property. Since then there has been a shift in cryptocurrency adoption, with Chinese President Xi Jinping calling for an increase in development efforts on blockchain. There is still some caution, but China is certainly a country with development on its mind.

What can you do? (And why should you do it?)

Why is this all important to you? Well, the adoption of virtual assets, blockchain, and cryptocurrency is rapidly increasing—a recent report by Chainanalysis found that of the 154 countries analyzed, 92 percent had some sort of cryptocurrency activity. The way we work, bank, and live in years to come could well look very different to now, with some of these technologies being used to underpin our basic activities.

In a work environment, and focusing on compliance, it is going to be vital to not just monitor these changes but to take action to ensure you and your business remain compliant. A company that fails to evolve will lag behind, and the same applies to compliance professionals—if you don’t keep yourself up to date, you too will be out of the loop. Educate yourself about the technology; demystify it. If you’re able to understand it and know what you’re dealing with, this will help you to manage risks and leverage value. Remember that it works both ways. If you’re a FinTech, understand how the technology is exposed to risk through its features and usability and find ways to control it.

There is a plethora of information available on virtual assets, crypto, blockchain, and so on, but to stay on top of it all is almost a full-time job. As mentioned at the start, no one is an expert in this area yet, so all we can do is educate ourselves as best we can and then share that knowledge.

Cryptocurrency is confusing—there is little point in pretending otherwise. But through education and sharing knowledge, we are all better able to understand it and adapt to its adoption and continued use. It’s here to stay, so we may as well get on board and enjoy the ride.

The International Compliance Association is a sister company to Compliance Week. Both organizations are under the umbrella of Wilmington plc.