This article by Kristin L. Burnett, LegalEase Solutions, was published on October 28, 2022 on Law.com
As the crypto market continues to be plagued by regulatory uncertainty, legal-compliance ops teams need to be equipping themselves with GRC, BSA/A and wallet monitoring tools to stay ahead of the curve.
Since Bitcoin and Ethereum gained widespread traction in the late 2010s, companies have been exploring ways to enter the growing digital asset market and venture into Web 3.0. As of June 2022, institutions hold 6-7% of Bitcoin’s total supply alone. As inflation and the ongoing pandemic have opened the eyes of investors to the future of finance and the promise of digital assets, institutional investment into Web 3.0 projects and cryptocurrencies such as Ethereum will only grow.
The promise that the crypto and digital assets markets bring, however, comes bundled with uncertainty—especially on the regulatoryfront. Until jurisdictions adopt unified and consistent frameworks that account for the unique facets and features of cryptocurrencies,institutional investors and other market participants must keep abreast of ever-changing, dynamic laws to avoid sanctions and fines.
Institutional investors, exchanges and other organizations looking to get involved in the crypto movement can weather the trade winds with the help of a strong legal-compliance ops team. That is, if the unit uses the right tools to track important regulations and day-to-day violations.
Fortunately, there is a full set of tools and technologies that legal-compliance ops teams can leverage now to help stakeholders stay on top of important regulations and pressing issues. Here are the ones that should be in the arsenal of any legal-compliance ops team confronting crypto regulations.
Governance, Risk and Compliance (GRC) Tools
No company is well-served by blindly wading into regulatory analysis. But that is the risk many organizations face when approaching their governance, risk and compliance (GRC) initiatives. Under the status quo process that drives regulatory review, general counsel assign a lawyer to work with the company’s compliance contacts, risk personnel or a regulatory change management committee to sift through alerts and memos issued by pertinent regulatory bodies and vendors. From there, they manually compile and enter these regulations into the company’s systems and assess which laws organizational stakeholders should prioritize addressing—typically on a SharePoint site.
Unfortunately, the effectiveness of this strategy depends on how centralized an organization’s compliance teams are, as well as how organized and accessible the company’s files are. Since the compliance function is often siloed off from other divisions—especially in large global firms without a centralized compliance and risk team—a legal-compliance ops team must step in and create processes and infrastructures that help decision-makers better collaborate.
GRC tools fix these shortcomings by pairing automation and regulatory tracking in several areas critical to full-fledged GRC strategies. Most GRC programs offer features that allow a legal-compliance ops team to host an organization’s policies and procedures, store and post individual first-line risk assessments, and share enterprise-wide risk assessments. By centralizing these policies and evaluations, legal-compliance ops members can work with associate counsel and compliance associates to vet the defensibility of their internal policies, strategies and responses to crypto-sector developments.
Higher-end tools in this segment go several steps further to automate the traditionally manual process of intaking and synthesizing new regulations. Most tools offering these capabilities conduct an automated, routine search of diverse legislative and regulatory sources for cryptocurrency and blockchain-related rules. Once the tool finds a new regulation, it leverages AI to summarize the rule, highlight key action points with minimal human involvement and flag pertinent company policies and procedures the organization may need to update. This efficient process allows legal and compliance leaders to assess which rules will impact the organization, and how they should amend their policies to avoid sanctions. All, of course, without running the risk of overlooking key global laws or carrying out insufficient, incomplete analysis.
Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Tools
While cryptocurrencies and blockchain-based transactions pride themselves on espousing anonymity, this benefit can complicate the ability of legal and compliance personnel to assess if bad-faith actors are transacting on an institutional asset holder’s platform. True, organizations can leverage some level of control to minimize issues. Not accepting token and asset transfers from non-owned exchanges and platforms, for one, can keep the company’s transactions in a closed-loop system and minimize the ability for unknown parties to leverage an institution’s digital asset storage options. Still, it doesn’t entirely solve the problem of vetting current clients, especially based on the activities of anonymized wallets.
An automated BSA/AML tool can be key for ensuring legal-compliance ops teams and their business colleagues have a reliable, up-to date system for verifying customers using digital asset tools. A robust third-party tool can run automated searches on U.S. Treasury lists of specially-designated nationals and blocked persons to obtain up-to-date search results on every new client. This capability saves legal and compliance teams from manually searching through the U.S. Treasury’s lists of specially designated nationals and blocked persons multiple times to account for changes and updates.
This type of program can also centralize BSA/AML processes—which is important for ensuring a consistent, thorough search process. Within these tools, legal-compliance ops teams can pull lists of sanctioned individuals and companies into their environments. Therefore, during the client onboarding process, an institution’s team will know within a few clicks whether a client’s name will turn up on a sanctions list, Patriot Act search, PEP screening for politically-exposed persons and more without delving through multiple federal databases. In addition, an ideal BSA/AML tool can monitor and pull negative news about a client after onboarding—including the client’s beneficial owners and any new authorized users on the client’s account. With these features, a financial institution can uphold its ongoing duty to monitor any BSA/AML risks involving existing clients, reducing the risk of penalties arising from a disorganized process.
Wallet Monitoring Tools
However, even these features are not enough to ensure compliance; companies engaging in the crypto space must also invest in toptier tools that account for activities in anonymous wallets.
Anonymous wallet-based exchanges and purchases are how users obtain and send out cryptocurrencies. Therefore, institutions must track whether their clients or employees engage in unethical, impermissible or illegal trading. Although it is difficult to identify the owners associated with anonymous crypto wallets, every wallet comes with a trackable, unique address that the public can monitor on each respective crypto project’s digital ledger. Therefore, if parties want to track a wallet user’s Ethereum transactions or Bitcoin exchanges, they can look up the individual’s wallet ID on a website like Etherscan or Blockchain Explorer.
With a specialized wallet monitoring tool, teams can quickly look through thousands of digital ledgers to track and flag the activities of wallets hosted on an institution or company’s platform. These tools commonly follow industry standards in reviewing transactions eight steps back on the blockchain to determine if they involve suspect wallets—and, by extension, bad-faith actors or employees. If the program recognizes that funds coming into an institution-hosted wallet are from an unknown source, compliance personnel from that institution can mark the assets as unavailable to the wallet owner and initiate a deeper inquiry.
Having the right technology and tools in place is critical for keeping up with the lay of the land in crypto and Web 3.0, where the regulatory status quo amounts to a moving target. Armed with the tools above, any legal-compliance ops team can supplement the legal and compliance function and give teams defensible strategies to stay compliant in the ever changing crypto sector.
Kristin L. Burnett is an Advisory Board Member at LegalEase Solutions, LLC.