A new association of solicitors and barristers (aka lawyers) has opened shop in Hong Kong and Singapore to help the crypto industry work out sensible regulations, protections, and law-enforcement mechanisms.
The Crypto Fraud and Asset Recovery Network (CFAAR) was first established in London in 2021. Its expansion was delayed due to Covid-related hassles, but it is now active in Asia as well as New York.
“We deal with fraud and asset recovery in traditional finance,” said Jonathan Crompton, a partner at RPC and one of the Hong Kong chapter’s members. “We want to discuss this and promote best practices within the crypto industry.”
How much fraud?
The group is targeting major financial centers because they are also the primary conduits of illicit funds.
Hong Kong has more than its share. Its position as a gateway in and out of China has made it a traditional conduit of fraudulently reported funds, plus it has a vibrant retail investor market – and therefore a lot of people easy to scam.
The CFAAR lawyers are hesitant to suggest crypto has increased the volumes of fraud, however. “It’s shifted with the technology, but I don’t think the tech is necessarily a multiplier of fraud,” said Calvin Koo, a disputes and investigations lawyer at Kobre & Kim.
- Read more:
- Hong Kong moves to revive retail crypto business
- Crypto as we know it is dead; “blockfin” is just beginning
- Ripple lobbies Korea to change its crypto laws
The lawyers can’t say for certain because it’s difficult to quantify losses in their business. Not every victim reports being defrauded, and law enforcement agencies don’t discuss it. That’s true for TradFi too, but crypto brings extra uncertainty because asset valuations are volatile, there is a great deal of wash trading, and there are even fewer standards for reporting.
For crypto, they use Chainalysis and other industry data sources – which suggest crypot-related hacks have risen, from an annual figure of $1.2 billion reported in June 2021, to $1.9 billion as of June 2022.
Those figures do not include bitcoin or other crypto being used in ransomware attacks.
The CFAAR legal eagles say their group has three priorities.
First is to launch a dialogue with regulators, law enforcement, and the crypto industry. “We want to have an adult conversation to make this work, and build mutual trust,” Crompton said.
For a variety of reasons it is in the industry’s best interest to do so, added Koo: “Gone are the days when crypto exchanges could act with impunity because regulators didn’t know what to do.”
Secondly, CFAAR wants to educate businesses and retail investors about what to do if they suffer a crypto-related fraud. This includes notifying the police, and the FBI should there be a US connection.
Thirdly, the group wants to work with the industry to respond to new regulation and oversight. In the case of Hong Kong, this is an impending amendment to anti-money laws that will change its “Virtual Asset Service Provider” regime – likely to include extending VASP regulation to include retail investors.
Transparency and traceability
One of the conundrums of crypto is to determine just how transparent it is – and therefore how easy or hard it is to trace stolen assets. The blockchain is transparent in that any address reveals its tokens.
But matching an address – a hash – to a company or person can be difficult. There are mixers, services that create complex trades to obfuscate a coin’s provenance. And the relative lack of arrests suggests that the resources required for law enforcement to seize those assets or arrest criminals are too high for most cases.
“The techniques are the same in traditional finance,” Crompton said. “We use the same fraud-asset recovery techniques and legal processes. It’s time consuming, we’re always working to catch up. With crypto, if you use the right software, you can follow the flows almost in real time.”
The goal is to identify a centralized exchange or other third party. If the assets are still there, lawyers can obtain a court injunction where that exchange is domiciled. A court can order the exchange to disclose the wallet owner.
CEX versus DEX
As more centralized exchanges get regulatory licenses and adhere to know-your-customer rules, it is becoming easier to obtain this information, says Koo. A growing body of court cases involving crypto fraud is also creating precedents, particularly in common-law countries.
This brings clarity about how to define crypto. For example, consensus is building that says crypto is property. This development may not please some people in the space who want to think of it as money, but at least this gives courts a better idea of how to proceed with fraud cases.
Decentralized exchanges may be another story: they don’t come with a jurisdiction. “The added complexities with DeFi make it harder to trace funds for regulators, and therefore for lawyers and victims,” Koo said. “DeFi is a challenge.”
But regulators are taking a closer look at the decentralized world, and the Financial Action Taskforce (a group of international regulators focused on preventing money laundering) is keen to develop global standards.
CFAAR wants to find the balance between responsible enforcement and a regulatory environment that remains pro-innovation. Blockchain’s immutability and real-time processing brings advantages that TradFi lacks. AML efforts in TradFi are woeful, with banks able to identify very few illicit funds in their systems.
It would be ironic but also very positive if the crypto community, by working proactively with regulators and law enforcement, created standards that the traditional world could then embrace.