Posted on

Japan Eyes Regulation of Unregistered Crypto Investment Schemes

Japan’s financial regulator is reportedly looking to close a legal loophole that lets unregistered investment firms solicit funds in cryptocurrencies rather than cash.

According to a report from Sankei Shimbun on Tuesday, Japan’s Financial Service Agency (FSA) is planning revisions to bring such schemes under the country’s Financial Instruments and Exchange Act, although no timeline for the changes was provided.

Currently, the act prohibits unregistered schemes from collecting investments in fiat currencies, but it does not mention cryptocurrencies.

The issue has reportedly received increased focus from the watchdog in the wake of rising incidences of crypto pyramid schemes in the country. Back in November, police in Tokyo arrested eight men alleged to have run such a scheme that collected 7.8 billion yen (almost $69 million) in cryptos from thousands of victims.

The eight were said to have collected most of the payments in bitcoin, as well as another 500 million yen (about $4.40 million) in cash, under the guise of a bogus investment firm called Sener.

Sankei Shimbun cited officials as saying that, if the scam had solicited only cryptocurrency, it’s possible the criminals would not have been caught.

Japan’s FSA has been actively regulating the cryptocurrency space since the shockwave that followed the collapse of the Mt Gox exchange in 2014. Measures have included instigating a licensing scheme for crypto exchanges and scrutinizing exchanges over security and compliance with anti-money laundering rules.

Just yesterday, the agency was reported to be considering approving crypto exchange-traded funds (ETFs). At the same time, it has now apparently dropped plans to approve trading of crypto derivatives on financial exchanges due to concerns the products would encourage speculation.

Bitcoins on keyboard image via Shutterstock 

Posted on

Bitcoin Trader on US Sanctions Blacklist Says He’s Innocent

Mohammad Ghorbaniyan says he’s been wrongfully blacklisted.

An Iranian bitcoin trader, Ghorbaniyan was among the wallet holders whose names and blockchain addresses were added to the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctions list last week.

But in the wake of that event, Ghorbaniyan has told CoinDesk that he was unaware of the origins of his apparently tainted bitcoin, which OFAC said was extorted from more than 200 victims including corporations, hospitals, universities and government agencies that were hit with the SamSam ransomware virus.

Since the listing, Ghorbaniyan said in an exclusive interview with CoinDesk, his Blockchain.info account and Gmail account were both suspended. He admits to converting bitcoin to Iranian rials for both of the individuals listed by the FBI, Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi, over several years, but says he had no reason to suspect them of any wrongdoing.

At the very least, his perspective raises questions about how black markets and grassroots bitcoin adoption overlap, especially in regions with opaque regulatory requirements.

The U.S. Treasury had no comment when reached.

What follows is a transcript of CoinDesk’s interview with Ghorbaniyan, as conducted through a translator.

Q: How did you meet Mansouri and Savandi, the alleged hackers associated with the SamSam ransomware virus?

A: I didn’t know the SamSam criminal activities were associated with the bitcoins I received from these two customers and I’m honestly still not sure if these two people are behind the SamSam crimes.

They used common messenger apps like Telegram and WhatsApp. This is the most common way to buy and sell bitcoin in Iran. They were like any other customer I’ve had over the years.

I do a standard know-your-customer (KYC) procedure. And there’s no reason to be suspicious of my customers once they do KYC.

Q: What was your KYC procedure like?

A: KYC for buying/selling bitcoin in Iran involves a selfie with bank account cards and national ID cards for the person in the selfie, plus a telephone number.

Q: Why did you say that you are unsure if those individuals are behind the SamSam ransomware?

A: In one of their chats with me, they declared that they’ll be selling 50 bitcoins by themselves, and they don’t need an exchanger for that deal. Therefore, I don’t know, there is a possibility that they were exchangers as well.

At any time, if needed, I’m ready to give all data regarding my trades with them to the Iranian cyber police and the cyber police can submit this data to the international authorities for further proceedings.

I’ve never done any criminal activities with these two people and if I knew that any of our customers are associated with criminal activities then I would refrain from doing business with them.

Unfortunately, our names have been declared by the United States Treasury as associated with criminal activities without receiving any contact from the Treasury. We are accused of something we haven’t done! I was not aware of any criminal activities from our customers and I have not committed a crime.

Q: Most regulated exchange businesses in the United States have strict policies for precisely this reason. Even if that is not the requirement in Iran, why don’t you require more information in order to track the capital flows?

A: We are an Iranian exchange and we work under the law of our country, Iran, according to the rules of the Iranian cyber police. We, as exchangers, record all the data about our trades. This includes screenshots from chats and KYC data from our customers. We never violated the laws of our country.

Is there a database declaring the bitcoins that are associated with criminal activity? If I was trying to do criminal activities wouldn’t I be more concerned with hiding my identity? You could find my bank, phone numbers and bitcoin address publicly available on my website! Why should I give out such info if I were to take part in criminal activities? This is enough evidence and arguments to prove I’m innocent of any charges!

I met with the Iranian cyber police last weekend to talk about next steps. I hope the U.S. makes things right and takes my name off that list.

Before accusing people of criminal activities, the Treasury must notify the international police to request data and explanations from the Iranian police, which would have come to us. We could have stopped this misunderstanding and wrong accusations.

Tehran statue image via Shutterstock

Posted on

Crypto Exchanges Should Take a Hard Look at IP Address-Masking Services

Richard Malish is General Counsel at NICE Actimize where he counsels on global anti-money laundering, fraud, trading compliance and banking regulatory matters.


The New York Attorney General (“NY AG”) recently issued a report on its fact-finding enquiries to multiple virtual currency trading platforms believed to be operating in New York. One of its many interesting findings was how virtual private networks (“VPNs”) may permit market manipulation.

VPNs are a critical tool for privacy-minded cryptocurrency traders, as well as the only method for some traders to access these markets in countries such as China. Based on the NY AG’s report, should crypto exchanges assume that VPN access is no longer permissible?

Not necessarily, but they need to look at the issue in the broader context of their overall compliance program.

Stepping back, the NY AG’s focus on VPNs was in the context of the effectiveness of access controls to ensure fairness and integrity and protect customers. Access controls start with basic Know Your Customer (“KYC”) processes to confirm a new customer’s identity.

While eight of the trading platforms which responded to the enquiry required customers to submit various forms of personal information and government-issued identification before trading, Bitfinex requires little more than an email address to trade between exchanges (as opposed to withdrawing/depositing fiat currency). Tidex, which states that it prohibits users from the United States and is currently filing with the Financial Crimes Enforcement Network (FinCEN) to become a money services business, requires only a name, email address and phone number.

A common additional access control for online businesses is to monitor IP addresses of users to determine their approximate geographic location and track suspicious behavior coming from a particular computer connection. For example, transactions in multiple accounts coming from one IP address may be suspicious. Simultaneous access from IP addresses which are not in proximity could be a sign of fraud or a cyberattack.

IP addresses can also be masked using VPNs which route connectivity through a third-party network. This permits an individual to feign residency in a different jurisdiction or open several accounts and pretend that they are not related. Companies which block VPN access, such as Netflix and Hulu, most likely are screening access against a known list of VPN servers. These controls are not fool-proof since VPN services often change server IP addresses to stay one step ahead (as those using VPN to access Facebook or crypto exchanges from China, where unlicensed VPNs are illegal, can validate).

While most of the exchanges that responded to the NY AG reported that they monitor access by IP address, only two claimed to limit VPN access. The two exchanges, Bitstamp and Poloniex (now a part of Circle), have both withdrawn from various jurisdictions due to regulatory issues.

Wash trading

In addition to making sure that IP addresses from New York are not provided access to unauthorized exchanges, the NY AG raised concern that crypto exchanges which neither require documentation to execute a trade nor take active measures to block access via VPN may not be able to address manipulative or abusive trading activity.

For example, one individual may open up two accounts and engage in wash trades, which occur when traders buy and sell the same asset repeatedly to create the false appearance of market activity to move prices.

Unfortunately, wash trades are believed to be common in crypto markets because exchanges are ranked based on trading volume.

One report estimates over 7 of the top 10 exchanges engage in excessive wash trading from 12x to over 100x their true volume, and one is believed to inflate its trading 4,400x.

Money laundering

VPN access can also pose risks from an anti-money laundering perspective. Virtual currency exchangers have been subject to the Bank Secrecy Act’s anti-money laundering requirements since as early as 2011. Failure to comply with KYC requirements can result in large penalties, such as the $700,000 fine assessed by FinCEN against Ripple Labs in 2015.

The Office of Foreign Assets Control (OFAC) has also stated that it will treat digital currencies the same as fiat currencies, and sanctions violations carry strict liability which does not require intent to violate the law to be proven.

FinCEN has been focused on IP addresses mentioned in suspicious activity reports (SARs) for many years. In 2014 the agency reported that an investigation of IP addresses mentioned in SARs found 975 hits for possible Tor network addresses, corresponding to reports totaling nearly $24 million in likely fraudulent activity.

However, before the advent of cryptocurrencies, it was unlikely that FinCEN would expect the filing of a SAR just because of the use of different VPN addresses. Some banks have restricted VPN access to websites, but policies differ between firms.

New rules unlikely, but…

It will be interesting to see if the purely online nature of cryptocurrencies, and perhaps the growth of digital banks, will result in heightened U.S. regulatory scrutiny of VPNs. It appears unlikely that prescriptive federal VPN rules will be passed any time soon given the conservative approach taken by regulators such as the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) on more fundamental issues related to cryptocurrency.

As of today the NY AG report ostensibly is only a platform to educate the public and provide a number of questions that consumers should ask to protect themselves when considering various exchanges. Although three of the four exchanges which failed to respond to the inquiry, Binance, Gate.io, and Kraken, were reported to the New York State Department of Financial Services (DFS) for potential violation of the state’s virtual currency regulations, it is unclear whether the NY AG report will encourage the DFS or other regulators to force digital currency exchanges to prohibit VPNs.

Rather, cryptocurrency exchanges will most likely be forced to reckon with VPN access as part of any regulatory or law enforcement actions for market manipulation, which could come any day. The DFS in February 2018 already reminded virtual currency businesses to implement measures to deter market manipulation.

And the U.S. Department of Justice (DOJ) has reportedly been working with the CFTC on a criminal probe of possible market manipulation in crypto markets since at least the summer. The CFTC proved that it takes market manipulation related to cryptocurrency seriously as early as 2015 when it settled wash trade charges against TeraExchange for the fairly innocuous offense of reporting one test bitcoin swap transaction as a real transaction.

Conclusion

Cryptocurrency exchanges operating in the U.S. or doing business with customers in the U.S. should promptly review their policies for verifying and monitoring authorized access.

If your business desires to continue to permit masked VPN addresses, the decision should be made in consideration of other controls and the damage that market manipulation or anti-money laundering charges would have on your firm’s business. For example, facial recognition access controls might be considered as an alternative method to prevent one person trading across several accounts.

However, if your exchange currently permits users to open multiple accounts, has no market manipulation policy or is actively encouraging market manipulation to increase your market cap rankings, VPN may only be a footnote in your eventual enforcement action.

Mask image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Bitcoin Trader Pleads Guilty Over Unlicensed Exchange Business

A 21-year-old bitcoin trader from California has pleaded guilty to operating an unlicensed money transmission business and now faces a maximum of five years in prison.

According to a news release issued Monday by the Attorney’s Office of the Southern District of California, the trader, Jacob Burrell Campos, admitted as part of a plea deal that he had operated a bitcoin exchange without registering the business with the Financial Crimes Enforcement Network (FinCEN).

Furthermore, Burrell had no anti-money laundering or know-your-customer procedures in place.

“Unlicensed money transmitting businesses, especially those operating at or near the border, pose a serious threat to the integrity of the U.S. banking system, and provide an ‘open door’ for criminals to utilize such businesses to launder the proceeds of their illicit activities,” said U.S. Attorney Adam Braverman in the report.

Burrell reportedly sold hundreds of thousands of dollars in bitcoin to over 1,000 customers throughout the U.S. from January 2015 to April of 2016. He initially bought bitcoin through a regulated crypto exchange in the U.S., but later shifted to a Hong Kong-based exchange after his U.S. account was closed over suspicious transactions.

From March 2015 to April 2017, he bought bitcoins worth $3.29 million from the Hong Kong exchange in separate transactions, the report says.

Burrell has now agreed to forfeit a total of $823,357 to the U.S. and will be sentenced in February of next year.

Braverman said:

“The Department of Justice will continue to investigate and prosecute all individuals and businesses that seek to evade the licensing and anti-money laundering requirements under federal law.”

Bitcoin and gavel image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Judge Orders Trading Firm, CEO to Pay $2.5 Million in Bitcoin Ponzi Case

The Commodity Futures Trading Commission has won a legal battle against a New York resident and his company for running a Ponzi scheme centered around bitcoin.

Between 2014 and early 2016, Gelfman Blueprint, Inc. (GBI) and its CEO Nicholas Gelfman ran a scheme wherein they successfully solicited $600,000 from 80 customers, claiming that customers would earn money through the company’s proprietary trading algorithm.

Instead, client funds were used to repay previous clients, thereby perpetuating the scheme with the newly-accrued money. This was the first anti-fraud enforcement action that the CFTC brought related to bitcoin, according to statements.

On Thursday, a federal judge ruled in favor of the CFTC, ordering Gelfman and GBI to pay $2.5 million in penalties and restitution.

In a statement, CFTC director of enforcement James McDonald said that “this case marks yet another victory for the [CFTC] in the virtual currency enforcement arena.”

He added:

“As this string of cases shows, the CFTC is determined to identify bad actors in these virtual currency markets and hold them accountable. I’m grateful to the members of Enforcement’s Virtual Currency Task Force for their tireless work on these matters.”

The court specifically ordered GBI to pay $555,000 and Gelfman to pay $492,000 in restitution to clients, as well as $1.85 million and $177,000 in penalties, respectively. The court also imposed permanent trading and registration bans on the two.

That being said, the CFTC noted in its release that the scheme’s victims may not recover any of their lost funds as it is possible Gelfman and GBI will not have sufficient liquidity to pay the restitution or penalties.

Justice statue image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.