|
Operational Risks in Cryptocurrencies
217
Finally, transaction irreversibility exposes banks and cryptocurrency holders to the
risk of cybercrime and hacker attacks on banking networks, customer virtual wallets
or cryptocurrency bank accounts.
A n o n y m i t y a n d R i s k o f F i n a n c i a l C r i m e
Anonymity is one of cryptocurrencies’ most widely cited vulnerabilities, both for oper-
ational risk and particularly for financial crime. There are several aspects of this vul-
nerability that must be explored from the perspective of financial risk, including the
privacy of transaction processing for customers, money laundering and taxation on
accounts. Some of these may result in operational risk losses.
A Bitcoin address, with its pair of public and private keys, is currently the only
requirement to undertake Bitcoin transactions. The Bitcoin address is not registered to a
named individual; only the possession of the private key gives control over the balance
associated with the address. While the complete address history of every Bitcoin is
traceable, the controllers of those addresses are not necessarily easy to identify, making
the transactions anonymous.
However, total anonymity is guaranteed only under certain circumstances, i.e.,
when employing anonymizing software and transacting directly with individuals who
are similarly careful in protecting their identity. In practice, transacting through a web-
site will mean that an individual would, at the very least, leave a digital footprint in
the form of an IP address, which could then be tied to a physical address. The use of
Bitcoin web “wallets” is an example.
You would expect that in the future, when setting up an e-wallet in a financial
institution or when a bank accepts deposits in cryptocurrencies, clients would provide
a tax file number or similar form of identification so that any interest credited to their
accounts in a virtual currency denomination or in fiat currency could be appropriately
considered for taxation purposes. This alone has interesting economic and legal impli-
cations for the so-called anonymity offered when transacting in virtual currencies in
the real economy. The anonymity would exist up to the point the transactions are pro-
cessed from accounts registered to a particular client of the bank. Once an account is
opened, it would have to be linked to the taxation details of the client, thus providing an
identity to transactions in the blockchain, at least related to this portion of a transaction
sequence. This can also be valuable for regulators and cybersecurity agencies tracking
criminal activity and money laundering in virtual currency international exchanges.
There is another risk associated with cryptocurrencies such as Bitcoin that admit
a public blockchain ledger of all transactions and account details in the transactions.
The risk is when banks accidentally or willfully accept Bitcoin deposits that are the
proceeds of crime or have been involved in some criminal activity. The question is
then how to manage the risk that a particular subset of the Bitcoins, held in a bank,
may previously have been used (some transactions ago) in a criminal transaction and
218
RISING OPERATIONAL RISKS
can thus be confiscated under the U.K.’s Proceeds of Crime Act, or the equivalent law
in other countries.
Possible mitigating actions include the adoption and maintenance of a blacklist
of Bitcoin addresses. The bank taking a Bitcoin deposit would be obligated to search
through the history of the deposited Bitcoins and then reject (and possibly report) any
suspicious deposits.
H a n d l i n g o f S e n s i t i v e I n f o r m a t i o n a n d R i s k o f F r a u d
The unique reliance on private keys, coupled with the irreversibility of payments in
cryptocurrencies, means that Bitcoins are potentially susceptible to large operational
risk losses from the following:
■
Fraud and misappropriation of assets: if anyone gains access to a private key, they
can create a transaction message and sign it as if they were the genuine owner,
possibly transferring units of the currency to their own address.
■
Loss due to processing errors: data for addresses may be entered inaccurately.
■
Loss of electronic wallet due to the failure of technical support: in the case of
Bitcoins, the most common storage account is an electronic wallet. The wallet
stores the private/public key pairs for each of the user’s Bitcoin addresses, and
either one may hold a Bitcoin balance. The wallets may be stored on a user’s
computer or a mobile device, but may also be hosted online by a web service. Any
one of these storage solutions may fail.
Risk mitigation techniques for users are similar to some of the classic methods
of cybersecurity and data protection, including cold storage (offline) of digital wallets,
storage on multiple devices, both physical and digital, as well as solid encryption of
private keys, strong passwords and limited online transactions. Signing transactions
offline and using hardware wallets are now increasingly popular solutions to strengthen
cryptocurrency security.
Because there is a finite money supply for currencies such as Bitcoins, losses are
irreversible. Money cannot be accessed once keys are lost, nor can it be regenerated.
When Bitcoins are removed from circulation, the loss is permanent. If there is a large
loss, or many smaller losses, whether from negligence, accidental damage or malicious
or criminal activity, it can permanently affect the Bitcoin money supply.
R i s k E x p o s u r e s A s s o c i a t e d w i t h C r y p t o c u r r e n c i e s
Banks accepting cryptocurrencies also face risks related to four significant exposures:
■
Multiple jurisdictions: legal complexity, tax avoidance, compliance issues
and clarity of interpretations are part of the risks associated with trading
internationally.
Do'stlaringiz bilan baham: |
