9 minute read 15 May 2018
person walking tunnel obscure light

How collaboration can help us make sense of cryptocurrencies

By Hamish Thomas

EY EMEIA Payments Leader and UK Consulting Banking Technology Leader

Transformation leader in payments and open banking. Passionate about technology’s potential to create opportunity and manage risk. Optimistic runner. Film enthusiast.

9 minute read 15 May 2018

Cryptocurrencies (increasingly referred to as crypto assets) have the potential to positively disrupt financial services by increasing the speed and reducing the cost of doing business.

But this can’t happen without coordinated international action to assert some controls and ensure that cryptocurrencies do not become enablers of criminal activity and tax evasion. There is growing urgency to do so as market growth accelerates. Too many people assume that the security of blockchain technology — an almost tamper-proof distributed ledger that underlies cryptocurrencies — ensures the security of the cryptocurrencies themselves. It does not. A crypto exchange is hacked every few months, and in January, Coincheck suffered the largest crypto exchange hack in history, losing $530 million.

Meanwhile, the flood of initial coin offerings (ICOs) raising money invites abuse, and the anonymity of cryptocurrencies means they can facilitate illegal dealing in everything from weapons to drugs to human trafficking. In other words, while the underlying technology might be secure, cryptocurrencies themselves are not intrinsically so. Even if cryptocurrencies were secure, their current incarnation creates risk that can’t be allowed to go unchecked. They enable ease of use, which supports criminal activity.

Asserting regulatory controls won’t be easy. Given the dramatic fluctuations in value, it can be argued that cryptocurrencies are more akin to a commodity than a true currency. Furthermore, their unique architecture and origination from outside the world of traditional finance has left regulators on the back foot.

Mark Carney, Governor of the Bank of England (BoE), emphasized that crypto assets behave quite differently from other currencies — as stores of value, as media of exchange and as units of account. Nevertheless, Carney argues that in order to protect consumers, it’s vital that crypto assets and their associated activities be regulated in a similar manner to other financial activities. Correspondingly, we are starting to see different views from regulators around the soundness and uses of crypto.

Exciting possibilities

Crypto assets — and their underlying distributed ledger technology (DLT) — offer many exciting possibilities. Both governments and industry leaders are keen to ensure that any regulatory moves do not stifle innovation.

For example, Kenyan startup BitPesa is a Bitcoin-based remittance service that aims to reduce friction and fees in transactions by integrating with Kenya’s mobile money system M-Pesa.

Opportunity presented by the technology is also being investigated in trade finance. Under international rule UCP600, once a trade finance agreement is initiated, the commitment to pay is irrevocable no matter what occurs in the chain of events between order and delivery. The weight of bureaucratic requirements for such transactions, including reliance on original documentation, introduces a significant amount of risk and uncertainty. The agreement is vulnerable to exploitation, as well as simple human error. However, the DLT that underpins cryptocurrencies allows for supporting documentation to be attached directly to the financial transaction, which could then then be transferred digitally — without intermediaries.

Interestingly, this distributed ledger technology is taking two forms: “open” and “closed.” An open DLT is a public network that maintains an immutable record of transactions. Anyone can publish a transaction and participate in the network by adhering to a set of published rules. By contrast, some large companies are experimenting with a closed (or “permissioned”) DLT. This creates a private network that maintains a shared record of transactions. The network is accessible only to those who have permission. Transactions are governed by rules that are set and agreed upon by participants. A closed DL shared by banks could offer a simple, cheaper revamp of UPC600 without ripping up international trading norms and practice.

The challenge of security vs. transparency

But before cryptocurrencies can live up to their potential, and for governments to embrace their use, serious risks must be addressed. Many of these risks have their roots in anonymity. Although the path of a cryptocurrency token on the blockchain’s open, decentralized distributed network is transparent for all to see, the actual ownership of that token and what it was used for is not.

This anonymity — a hallmark of cryptocurrencies — is not compatible with current laws and global regulatory trends demanding more transparency and less privacy. Governments want to know who owns assets to guard against money laundering, tax avoidance and other criminal activities. If governments cannot see a transaction, they cannot identify evaded taxes. Between income, sales and border adjustment taxes, there is a lot of government revenue at stake. Even Switzerland has had to relax privacy laws in order to transfer money in and out of the country.

This anonymity also puts large financial institutions in a bind. New laws have been put in place that tighten liability rules for large companies, such as banks and accounting firms, which could impact financial institutions’ willingness to accept or transfer digital currencies. The EU and UK’s anti-money-laundering directives and Criminal Finances Act compel financial institutions to ensure that no transaction they deal with is related to criminal activities. Facilitating criminal activity can now even mean “not confirming” that taxes have been paid on the digital currency being transferred into a bank. Similarly, if the owner of a crypto asset is anonymous, the ability of a financial institution to identify illegal movement of sanctioned assets or activities of people and organizations subject to economic sanctions may be compromised.

Regulatory risk and response

With these risks in mind, it is easy to see how poorly or lightly regulated cryptocurrencies could have disastrous consequences, especially since consumers are accustomed to governments protecting them from financial misuse. Besides leaving consumers open to fraud risk and reducing government coffers, under-regulated cryptocurrencies are being used to fund terrorist activity, human trafficking and other criminal activity.

A coherent view has been slow to emerge from the global regulatory community, and until recently crypto has not been “taken seriously.” Regulation has emerged on a country-by-country basis, rather than being coordinated globally.

Interestingly, less democratic countries see crypto as a more immediate threat — specifically to their own central authority over the money supply — and have been quicker to address the absence of regulation. While China was once home to the world’s most active cryptocurrency exchanges, authorities banned these last year and have since moved to block access to platforms that offer exchange-like services. Chinese regulators have been at the forefront of a global push to rein in the frenzy surrounding cryptocurrencies amid concerns over excessive speculation, money laundering, tax evasion and fraud.

The tougher stance is beginning to catch on. In the US, the SEC has launched multiple probes, saying many coin issuers, their lawyers and advisors may have breached its rules. SEC Chair Jay Clayton has said he believes most digital tokens are effectively securities and should be regulated as such. However, Clayton also acknowledges that terminology and definitions in the industry are evolving, the distributed ledger technology has incredible promise for the financial industry, and regulators must be flexible.

In Europe, the European Securities and Markets Authority (ESMA) stresses that ICOs are extremely risky, highly speculative investments that may fall outside the regulated sector. Meanwhile, the European Supervisory Authorities (ESAs) for securities, banking and insurance and pensions said in a joint statement in February that they were “concerned” about an increasing number of people buying “highly risky” virtual currencies without being aware of the risks involved. Since virtual currencies and exchanges used to trade them are not regulated under EU law, the regulators warned that cryptocurrency investors are not protected in the event of an exchange going out of business or a cyber attack.

At an individual market level, the Spanish Tax Authority has sought names and trading information on cryptocurrency buyers as part of an investigation into crypto-enabled tax evasion and money laundering. Requests for trading information have been sent to 60 companies.

The EU joins a number of government authorities in raising concern over cryptocurrencies. South Korea, for instance, introduced measures to tackle speculation in the sector, banning the use of anonymous bank accounts in cryptocurrency trading. And India’s Finance Minister, Arun Jaitley, has said that his government will take measures to “eliminate” the use of cryptocurrencies in “illegitimate activities or as part of the payment system.”

Possible solutions

The current lack of international consensus when regulating cryptocurrencies (or crypto assets) perpetuates the issue of gaps and opportunities to evade regulation and runs against the tide of common reporting standards (CRS), FATCA and intergovernmental data-sharing. What’s needed is a global, unified approach to regulating cryptocurrencies, using new methods adapted for this very novel financial instrument.

In March, International Monetary Fund Managing Director, Christine Lagarde laid out some possibilities. She said the IMF was focused on encouraging countries to develop policies that ensure financial integrity and protect consumers in crypto assets in much the same manner as it has done for the traditional financial sector. Lagarde also claimed the technology behind crypto assets can be used to “fight fire with fire,” e.g., by using DLT to speed up information-sharing between market participants and regulators. This could be used to create registries of standard, verified customer information and help fight cross-border tax evasion.

Another possible way to bring cryptocurrencies into the light, though a bit more radical at this stage, would be for a country to create a central bank digital currency (CBDC). This is essentially today’s currency in digital form. On the plus side, a CBDC would be far superior to alternative digital currencies (ADCs) such as Bitcoin. ADCs do not function well as a store of value: prices are too volatile, defenses against hacking are too weak and their backing is nonexistent. By contrast, central bank money is the quintessential store of value. The distributed ledger technology is the current key competitive advantage ADCs have, and it’s something central banks can and will acquire. Research from EY and Cambridge University shows that 63% of central banks and 69% of other public sector institutions (OPSIs) are experimenting with DLT protocols.

For the moment, however, the cons of a CBDC predominate. A freely available CBDC poses significant technology, security, privacy and legal challenges. Also, the creation of CBDCs would create a discrepancy between “fiat” and “non-fiat” digital currencies. Broadly speaking, consumers are conservative and would naturally be drawn to the former, pushing non-fiat digital currencies even further into the experimental fringes where criminal activity could persist.


Bringing cryptocurrencies into the light will take a multi-pronged effort. Just a few of its thorny challenges include: exchanges and wallets need greater protection against hackers, anonymity must be addressed to curtail criminal activity, the interface between crypto and fiat currencies needs to be regulated to facilitate smoothly functioning markets, and ICOs need to be regulated in line with other securities.

Cryptocurrencies (and the underlying DLT) have enormous potential to positively disrupt financial services by increasing the speed and lowering the cost of doing business. But anonymity and poor security threaten to be disruptive in a negative way; there is a growing global threat to investors specifically and society in general.

To bring cryptocurrencies into the light and ensure they do not become enablers of criminal activity and tax evasion, international bodies and individual governments need to collaborate with financial services to implement a coherent, consistent set of controls.


Learn more on our global insights on the biggest issues facing the financial services industry.

About this article

By Hamish Thomas

EY EMEIA Payments Leader and UK Consulting Banking Technology Leader

Transformation leader in payments and open banking. Passionate about technology’s potential to create opportunity and manage risk. Optimistic runner. Film enthusiast.