A UK bank bans crypto, Singapore AML/CFT reform continues, and the outgoing Trump administration further tightens sanctions.
We share our financial crime regulatory highlights from the week of 11 January 2021.
HSBC Stops Transactions with Crypto Providers
HSBC UK, one of the UK’s largest high street banks, is reported to have banned the processing of transactions involving the exchange of cryptocurrencies such as Bitcoin. In an article in the UK newspaper The Times, the bank was revealed to have put the ban in place to mitigate potential Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) risks from handling cryptocurrencies.
In practice, this means that HSBC customers in the UK will not be able to use their debit or credit cards or bank transfer facilities to deposit fiat funds in a digital wallet with a crypto exchange. The bank will also not allow customers to transfer funds generated in crypto trading back into their fiat accounts. The current implication for many cryptocurrency speculators is that they will not be able to take advantage of the current surging prices in the sector to make a fiat profit in the ‘real’ world.
Although no specific cases of cryptocurrency abuse were mentioned, the report suggests that the bank’s primary concern is a general wariness of AML/CTF risk around the nature of activities being undertaken with cryptocurrencies. International standard-setters such as the Financial Action Task Force (FATF) and government agencies in Europe, Asia-Pacific, and the US have all issued warnings and guidelines on the financial crime risks from a range of Virtual Assets (VAs) over the last two years.
Although several banks have shown caution around cryptocurrencies, HSBC has been particularly careful about generating further AM/CTF concerns after facing a US Deferred Prosecution Agreement (DPA) and regulatory monitorship between 2012 and 2017. The bank also faced adverse media in 2020 following the ‘FinCEN Files’ scandal, a leak of Suspicious Activity Reports (SARs) lodged with the US Financial Crimes Enforcement Network (FinCEN), which revealed that the bank, amongst others, had continued to do business with suspect clients after reporting their concerns.
The exposure of the HSBC decision comes as the VA sector in the UK is being subjected to tighter and more focused regulation. Last year, the Financial Conduct Authority (FCA), the UK’s leading financial services regulator, banned the trade of crypto derivatives, a decision that came into effect on 6 January 2021. As of 10 January 2021, Virtual Asset Service Providers (VASPs), including cryptocurrency exchanges, have also been required to register with the FCA under revised AML/CTF regulations. The FCA has recently struck a further note of caution about amateur investment in VAs, issuing a statement on 11 January 2021, that noted that while some VAs might “promise high returns,” this involved “taking very high risks.” The agency further warned that consumers “should be prepared to lose all their money” if they invested in VAs.
At the same time, a renewed regulatory focus and stark warnings do not appear to have punctured the current levels of market interest and asset performance in the sector. While one Bitcoin was worth around £14,500 in the middle of December 2020, it is now (mid-January 2021) nearly double the value, at just over £28,000. Several leading crypto-commentators have seen this resilience in value as a sign that VAs are here to stay, and that negative attitudes from large legacy institutions such as HSBC will put them at commercial risk in the medium to long term. Ran Neuner, co-founder of Onchain Capital and host of CNBC’s ‘Crypto Trader’ show, commented on Twitter that banks would “put themselves out of business” by making similar decisions.
For VASPs in the UK, 2021 thus appears likely to be a critical period. The appetite for VAs is high and apparently growing, but as history has shown, has the potential to collapse. The authorities are also seeking ways to mitigate the risks that VAs potentially bring, and the legacy financial services sector also retains reservations. For VASPs, therefore, the issue now is one of regulatory credibility. Although it might seem superficially appealing to try and wait out the concerns of the industry, the safer and more sustainable option is likely to be recognizing the reality of AML/CTF risks and taking appropriate measures to mitigate them.
Singapore Taking a Preemptive Approach on FinCrime
Last week on 4 January 2021, the Singaporean Parliament passed the Payment Services (Amendment) Bill, which is designed to keep the jurisdiction’s AML/CFT laws aligned to stricter global VASP requirements set by FATF in June 2019. The bill was originally introduced by the Singaporean government on 2 November 2020, as previously outlined in our regulatory highlights from that week.
Under the Payment Services Act (PSA), a payment services provider operating in Singapore is required to hold a license from the financial regulator, the Monetary Authority of Singapore (MAS), and to follow AML/CFT guidelines. However, although the PSA mentions VASPs (or ‘Digital Payment Token’ (DPT) service providers, an equivalent term), uncertainties remained in the original legislation over whether it covered the facilitation of VA trade where there was no direct possession or handling by a VASP based in Singapore. The new bill has therefore broadened the definition to include not only businesses that hold VAs, but those which support VA trades, including when originators and beneficiaries reside in different countries other than Singapore.
Transport Minister Ong Ye Kung, who piloted the legislation through parliament, has said that the changes were needed to reinforce Singapore’s position as a leader in both Financial Technology (FinTech) innovation and AML/CFT controls. Quoted in The Straits Times, Mr. Ong noted that “global standards-setting bodies, regulators and policymakers around the world are focused on addressing these risks,” and that “as a major financial center and fintech hub, Singapore has played an active role in shaping international standards.”
Touching on concerns also recently highlighted in the UK (see preceding article), Mr. Ong also highlighted the need to strengthen consumer protections around VAs; VASPs making undeliverable promises would have “to immediately correct or remove the statement,” and would be “subject to enforcement actions” as a result.
Mr. Ong stated that although VASPs are not yet a major component of the financial services sector in the country, the government was also being guided by a precautionary approach because of the speed, complexity, and fluidity of VA development, a principle which the government has also recently been demonstrating in other areas of financial crime risk. On 30 December 2020, for example, MAS issued its annual Terrorism Financing National Risk Assessment for 2020, designed to identify key areas of Terrorist Financing (TF) vulnerability in the Singaporean financial services sector.
Although Singapore has seen relatively few prosecuted cases against TF, the report suggests that the jurisdiction is exposed to significant risks of domestic terrorist fundraising and overseas funds transmission, primarily involving Islamist extremist groups such as Al Qaeda (AQ), Islamic State (IS), and Jemaah Islamiyah (JI). As the report states, Singapore could be at particular risk because of the “relative ease’ with which services could be accessed, “coupled with Singapore’s status as a financial and transport hub and proximity to countries exposed to terrorism activities.”
According to the assessment, money remittance or payment services providers are the most vulnerable parts of the financial system to TF, closely followed by banks, many of which have strong international correspondent relationships. However, the report also notes the rising risk of TF activity through developing sectors such as VASPs and wider FinTech, as well as charities and precious metal and mineral dealing. This judgment follows a report last year from crypto-intelligence firm CipherTrace that identified Singapore as a jurisdiction with a high proportion of VASPs with weak AML/CFT controls.
These developments – a combination of law changes and awareness-raising – are further examples of Singapore’s ongoing government-led campaign to be seen as a hub for both financial and regulatory innovation, in what continues to be a highly competitive region in both regards. Although the financial crime risks generated by VAs or TF vulnerabilities faced by the Singaporean financial system seem relatively modest at present, there can be little doubt how quickly any risk can grow in the right conditions, as indicated by the explosion of cybercrime during the Covid-19 pandemic. For those operating in the Singaporean financial services sector, therefore, the focus needs to be on keeping up with the pace of regulatory change.
The Outgoing Trump Administration Tightens Sanctions
Despite the imminent inauguration of US President-elect Joe Biden on 20 January, the outgoing Trump administration has kept up a high pace of sanctions designations against a plethora of targets in the last two months. According to an analysis by Bloomberg Businessweek, published in December 2020, the Trump administration has designated on average three targets a day during its four-year term.
One of the most surprising changes so far this year has been the re-lisiting of Cuba as a state sponsor of terrorism on 11 January, over five years after President Obama removed the country from the list in May 2015. Announcing the designation, US Secretary of State Mike Pompeo stated that Cuba was being listed for “repeatedly providing support for acts of international terrorism”, protecting Colombian rebel leaders, and helping Venezuelan President Nicolas Maduro to retain power. As a result of the designation, Cuba faces a renewed ban on US economic aid, arms and ‘dual-use’ exports, and US opposition to World Bank and International Monetary Fund (IMF) loans.
Cuba has not been alone, however, and the Trump administration has also recently focused on a number of well-known sanctions targets from the last four years, especially Iran. On 5 January, the US Secretary of the Treasury Steven Mnuchin listed one individual and 16 companies linked to the Iranian metals industry, saying that the sector had become an “important revenue source” for the Iranian leadership, “and financing a range of nefarious activities.”
China has also continued to face US more US actions in recent weeks. One of those metal businesses designated due to links to Iran was a Chinese firm, and on 5 January, President Trump signed an Executive Order (EO) banning the use of, or transactions with, eight Chinese software applications, including AliPay and WeChat Pay, describing them as a “threat to US national security.” This followed a previous EO from 12 November 2020, which banned US citizens and companies from investing in firms with alleged ties to the Chinese military. 35 firms were already on the Pentagon maintained list, and a further nine have been added this January. According to The Wall Street Journal, three major tech giants – Baidu, Alibaba, and Tencent – were considered, but were not added due to pressure from the US Treasury.
Many commentators have seen these moves not only as a natural continuation of administration policy but also an attempt to stymie any early changes to the sanctions regime under President-elect Biden, especially with regard to Iran. Although Biden has been careful about committing the US to rejoining the Joint Comprehensive Plan of Action (JCPOA), also known as ‘the Iran Nuclear Deal’, he has let it be known he would be open to doing so if Iran returned to meeting the deal’s requirements. Reversing these changes will require several months of consultation work, generating early administrative burdens for Biden’s new team. One incoming official told Reuters that “we’ve taken note of these last-minute maneuvers” and that “the transition team is reviewing each one.”
US and other businesses with potential exposure to markets and sectors affected by these designations will thus need to keep a close eye not only on developments up to the 20 January but also the direction of travel indicated by the new administration in the wake of the inauguration. Although most commentators expect the US to continue to use sanctions as a primary tool of coercive diplomacy, there will undoubtedly be a change in tone, with the new President seeking to take a less aggressive international posture. This will probably translate into further revisions to the US sanctions regime as the year progresses, meaning that firms will need to maintain an agile approach to their AML/CTF and sanctions control platforms.