AML/CFT/CPF endeavors in the crypto space: from blockchain analytics to machine learning

in Proceedings of Artificial Intelligence Governance Ethics and Law (AIGEL) (in press)

Financial applications of distributed ledger technologies (DLTs) generate regulatory concerns. In the crypto sphere, pseudonymity may safeguard privacy and data protection, but lack of identifiability ... [more ▼]

Financial applications of distributed ledger technologies (DLTs) generate regulatory concerns. In the crypto sphere, pseudonymity may safeguard privacy and data protection, but lack of identifiability cripples investigation and enforcement. This challenges the fight against money laundering and the financing of terrorism and proliferation (AML/CFT/CPF). Nonetheless, forensic techniques trace transfers across blockchain ecosystems and provide intelligence to regulated entities. This working paper addresses anomaly detection in the crypto space, the role of machine learning, and the impact of disintermediation. [less ▲]

Distributed Ledger Technologies between Anonymity and Transparency: AML/CFT Regulation of Cryptocurrency Ecosystems in the EU

Doctoral thesis (2023)

The advent of Bitcoin suggested a disintermediated economy to which Internet users can take part directly. The conceptual disruption brought about by this Internet of Money (IoM) mirrors the cross ... [more ▼]

The advent of Bitcoin suggested a disintermediated economy to which Internet users can take part directly. The conceptual disruption brought about by this Internet of Money (IoM) mirrors the cross-industry impacts of blockchain and distributed ledger technologies (DLTs). While related instances of non-centralization thwart the regulatory efforts to establish accountability, in the financial domain further challenges arise from the presence in the IoM of two seemingly opposing traits: anonymity and transparency. Indeed, DLTs are often described as architecturally transparent, but the perceived level of anonymity of cryptocurrency transfers fuels fears of illicit exploitation. This is a primary concern for the framework to prevent the misuse of the financial system for money laundering and the financing of terrorism and proliferation (AML/CFT/CPF), and a top priority both globally and at the European Union level. Nevertheless, the anonymous and transparent features of the IoM are far from clear-cut, and the same is true for its levels of disintermediation and non-centralization. Almost fifteen years after the first Bitcoin transaction, the IoM comprises today a diverse set of socio-technical ecosystems. Building on a preliminary analysis of their phenomenology, this dissertation shows how there is more to their traits of anonymity and transparency than it may seem, and how these features range across a broad spectrum of combinations and degrees. In this context, given implemented trade-offs can be evaluated by referring to techno-legal benchmarks, to be established through socio-technical assessments grounded on teleological interpretation. Valuable insights are drawn to this end from the various models of central bank digital currency. Against this backdrop, this work provides framework-level recommendations for the EU to respond to the two-fold nature of the IoM legitimately and effectively. The methodology cherishes the mutual interaction between regulation and technology when drafting regulation whose compliance can be eased by design. Consistently, it presents the idea of creating a transposition model between red flag indicators and techno-regulatory standards, informed by a preliminary risk-based taxonomy of the trade-offs displayed by IoM ecosystems. It suggests its implementation should be informed by an institutionalized and multi-stakeholder model of co-regulation, known in the literature as polycentric. This approach mitigates the risk of overfitting in a fast-changing environment, while acknowledging specificities in compliance with the risk-based approach that sits at the core of the AML/CFT/CPF regime. [less ▲]

Privacy in Cross-border Digital Currency. A Transatlantic Approach

in Frankfurt Forum on US-European GeoEconomics (2022, September)

As a growing number of countries explore Central Bank Digital Currencies (CBDCs) for the domestic context, multi-country cross-border CBDCs pilots are also proliferating. Cross-border CBDCs could make ... [more ▼]

As a growing number of countries explore Central Bank Digital Currencies (CBDCs) for the domestic context, multi-country cross-border CBDCs pilots are also proliferating. Cross-border CBDCs could make cross-border payments faster, cheaper, and simpler. However, for any cross-border CBDC to unlock these benefits and be widely adopted, it must address key concerns, chief among them risks around privacy and transparency of data. This article illustrates how various technical design choices can affect the privacy and transparency of cross-border CBDCs. For instance, architectural choices about the structure of a cross-border CBDC and representational choices about how transactions are encoded in the underlying software can have far-reaching implications for privacy and transparency—both in a domestic context and for cross-border transactions. Many of the cross-border CBDC pilot studies to date have (understandably) adopted the technical designs provided by enterprise distributed ledger platforms. However, some of these designs make tradeoffs regarding privacy, efficiency, and/or security. Whether these tradeoffs are acceptable is a matter of policy, and requires coordination between different regulators and central banks. In view of these implications—and some of the corresponding tensions that arise—we argue that the US and the EU should work together alongside other partners to create the technological and regulatory environment to enable privacy-preserving cross-border CBDCs. The US and the EU should seize the emergence of CBDCs as an opportunity to finally establish a transatlantic privacy framework, and clarify its interplay with the prevention of money laundering and financing of terrorism (AML/CFT/CPF). More broadly, both should harness the clout of their combined financial systems to develop digital asset regulation and standards with a global reach and democratic values. These regulatory developments would not only streamline regulatory guidelines, but they could also directly impact and ease the technical development of a cross-border CBDC. [less ▲]

Towards CBDC-based Machine-to-Machine Payments in Consumer IoT

in Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing (SAC '22) (2022, April)

The technological advancement of the Internet of Things (IoT) is a well-known phenomenon that mainly affects industrial sectors but also consumers in everyday life. The use of Consumer IoT, i.e. CIoT ... [more ▼]

The technological advancement of the Internet of Things (IoT) is a well-known phenomenon that mainly affects industrial sectors but also consumers in everyday life. The use of Consumer IoT, i.e. CIoT, devices is increasing, and they are paving the way for a Machine-to- Machine (M2M) communication that could highly enrich consumer services. In this paper we position ourselves in the narrowing gap between the world of CIoT and the world of money, and we explore the emerging interaction between the payment needs of a M2M Economy and the “new ways of payment”. Indeed, the advent of Dis- tributed Ledger Technology and cryptocurrencies has introduced a tech-oriented dynamism in the monetary and financial sphere. Accordingly, central banks all over the world have started investi- gations into digital fiat money , i.e., “retail” Central Bank Digital Currencies (CBDCs). Against this backdrop, we analyze the inte- gration of retail CBDC models into M2M and CIoT dynamics, while heeding regulation-by-design and compliance-by/through-design methodologies, and we propose a preliminary model of integration between a two-tier retail CBDC architecture and CIoT. [less ▲]

Privacy and Transparency in CBDCs: A Regulation-by-Design AML/CFT Scheme

in Proceedings of the 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) (2021, May)

Central banks and governments all over the world are increasingly exploring digital versions of fiat money, known as retail Central Bank Digital Currencies (CBDCs). Most initiatives rely on Distributed ... [more ▼]

Central banks and governments all over the world are increasingly exploring digital versions of fiat money, known as retail Central Bank Digital Currencies (CBDCs). Most initiatives rely on Distributed Ledger Technologies and are presented as alternatives to physical cash. Consequently, anonymity-related regulatory questions arise in terms of Anti-Money Laundering and Counter-Terrorist Financing compliance. Against this backdrop, this paper provides a techno-legal taxonomy of approaches to balance privacy and transparency in CBDCs without thwarting accountability, but it also underlines cross-sectoral impacts. The contribution heeds regulation-by-design as its core methodological foundation, with Privacy-Enhancing Technologies as the relevant use case. Thus, it highlights that not only technology aids legal purposes, but also that some regulatory requirements ought to be designed into technology for one to reach agreed-upon results and/or standards. [less ▲]

MOATcoin: Exploring Challenges and Legal Implications of Smart Contracts Through a Gamelike DApp Experiment

in CryBlock '20: Proceedings of the 3rd Workshop on Cryptocurrencies and Blockchains for Distributed Systems (2020, September)

In this paper we present MOATcoin, a gamelike experiment that enabled us to practically investigate the open issues related to the governance and legal facets of smart contract based decentralized ... [more ▼]

In this paper we present MOATcoin, a gamelike experiment that enabled us to practically investigate the open issues related to the governance and legal facets of smart contract based decentralized applications. After presenting the MOATcoin system architecture,we first tackle the problems of decentralized governance, its limits and the shift of trust that it entails; then, we explore the possible legal implications of the given scenario and, particularly, the con-sequences of code-written contracts. Finally, we offer taxonomical remarks on the concepts of “token” and “coin” and offer an insight from a regulatory perspective [less ▲]

The Internet of Money between Anonymity and Publicity: Legal Challenges of Distributed Ledger Technologies in the Crypto Financial Landscape

in DC JURIX 2019. Proceedings of the Seventh JURIX 2019 Doctoral Consortium (2020)

This research project focuses on the impacts exerted by the tech schemes behind virtual currencies on the EU framework to prevent the misuse of the financial system and it aims to explore legal challenges ... [more ▼]

This research project focuses on the impacts exerted by the tech schemes behind virtual currencies on the EU framework to prevent the misuse of the financial system and it aims to explore legal challenges posed in the IoM landscape by the double-edged nature of DLTs as both transparency and privacy-oriented. On the one hand, it plans to identify effective legislative and regulatory measures to ensure crypto accountability from an AML/CFT standpoint, as well as to assess the relevant role of pseudonymity. On the other hand, it pursues to discover innovative legal approaches to secure AML/CFT active cooperation in the crypto ecosystem(s), to the end of mitigating anonymity and traceability concerns while respecting both the value of publicity and transparency in the law and the conceptual origin of the crypto economy. [less ▲]