Coinbase is exploring plans to set up its own regulated insurance company with the help of broker Aon, sources told CoinDesk.
San Francisco-based cryptocurrency exchange Kraken has raised over $13.5 million in financing on online investment platform BnkToTheFuture.
Kraken has raised $13.5 million from 2264 investors, surpassing its initial target of $10.2 million purportedly due to popular demand. The fundraising campaign of Kraken — which has over four million clients in nearly 200 countries — is the most successful funding round by individual contributors on BnkToTheFuture.
As previously reported, Kraken raised over $6 million in the first day of the campaign from almost 300 investors. On BnkToTheFuture, Kraken describes itself as the only regulated spot and futures cryptocurrency exchange with over $85 billion in trading volume in 2018 alone, making its compound annual growth rate of 387%.
In recent months, Kraken has made some developments in security and international expansion. In late March, the exchange announced that two-factor authentication (2FA) is now mandatory for the exchange’s users. The measure is part of a broader set of changes included in its security features roadmap that spans “into 2020 and beyond,” but which is currently unavailable to the public .
Kraken acquired United Kingdom futures provider Crypto Facilities earlier this year in a move which produced significantly heightened interest in its products. Crypto Facilities, which began operating in 2015, is fully regulated by the U.K.’s Financial Conduct Authority, giving Kraken a major foothold in the European market.
Kraken is currently the 33rd-largest crypto exchange in terms of adjusted trading volume, according to CoinMarketCap. The exchange’s daily trading volume is around $326.3 million, with 74 crypto markets on offer.
The crowdfunding effort is said to have pushed Kraken’s valuation towards $4 billion.
Crypto exchange BitMEX cautions users to follow security best practices and enable two-factor authentication following an increase in attacks on user accounts.
In addition to covering a litany of best practices for user security, the cryptocurrency exchange stressed the importance of using two-factor authentication (2FA) in particular. The report summarizes 2FA as follows:
“2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.”
According to BitMEX, research at Google has shown that virtually all attempts to steal account credentials can be prevented by enabling 2FA. BitMEX concurred that 2FA is the best way to prevent such attacks, and is considering making 2FA authentication mandatory on its platform.
BitMEX also noted that compromised accounts on the exchange are typically associated with weak or reused passwords, hacked emails, or computers infected with malware. Additionally, the exchange discovered some new tactics being deployed in these account hacks, and have updated its policies accordingly.
First, there is no longer an option to disable email notifications about account logins, since hackers were disabling these notifications in order to further hide their tracks. Second, withdrawal requests must now be verified by email, since attackers were making API keys with the hacked accounts, which could be used on their own to authenticate withdrawals.
As previously reported by Cointelegraph, United States-based crypto exchange Kraken made 2FA mandatory for its platform at the end of March. According to Kraken’s announcement, 2FA has been optional on the platform since its inception in 2013. The exchange particularly supports 2FA programs Google Authenticator and YubiKey, as per the announcement.
The Securities Commission Malaysia has registered crypto exchanges Luno Malaysia, Sinegy Technologies and Tokenize Technology for operation.
Crypto exchanges are reportedly required by law to register with the SC, and the recently-approved exchanges will have up to nine months to achieve compliance with the SC’s regulation standards.
In a statement shared with Cointelegraph, Luno stated that the aforementioned three exchanges are the only registered digital asset exchanges to operate in Malaysia. Luno General Manager of Southeast Asia David Low said:
“We’ve been working closely with regulators and banks to complete the groundwork for the buying, selling and storing of cryptocurrencies and digital assets, which we believe are the future of money. Regulation will ultimately bring clarity and protection to consumers, and will ensure that all cryptocurrency businesses have adequate standards in place to protect investors and their funds.”
The SC introduced the Capital Markets and Services (Prescription of Securities) (Digital Currency and Digital Token) Order 2019 on January 15, followed shortly by its revised Guidelines on Recognized Markets on January 31.
In Canada, the Canadian Securities Administrators and the Investment Industry Regulatory Organization of Canada released papers for public feedback on proposed cryptocurrency regulations, to which the major exchange Kraken replied with heavy disagreement and criticism. One of Kraken’s main claims in its reply was that neither cryptocurrencies, nor the agreements between exchanges and users, constituted securities at all.
Addressing critics who claim crypto salaries aren’t viable, Kraken added: “By the way, the employee who took 100% bitcoin in 2012 retired in 2013.”
The firm was responding to Peter Schiff, the CEO of Euro Pacific Capital, who had claimed “there is no way that people are going to work for salaries paid in bitcoin.”
As an aside, Kraken added:
“By the way, the employee who took 100% bitcoin in 2012 retired in 2013.”
Kraken reportedly employs about 800 people. While this figure suggests about 30% of its workforce are being paid in cryptocurrency, there could be some way to go before it is commonplace in the company.
Across the industry, there are some hurdles in place that can stop employers from offering crypto salaries at all. For example, in the United States, workers must be paid to some extent in cash or checks — and it is still unclear in many countries how such earnings should be taxed. Price volatility is another concern, as BTC’s value could rise or fall dramatically in the hours after a salary has been paid.
Last month, a former Kraken employee announced he was suing the firm for $900,000, alleging that the exchange had failed to pay him for his work there.
The month-long sale has already secured almost 70% of its goal in a period of less than 48 hours.
Kraken, which is one of the world’s oldest exchanges, is using Cayman Islands-based platform BnkToTheFuture to offer equity to vetted investors. These, it said in an accompanying marketing email seen by Cointelegraph, can be any Kraken user, subject to a minimum purchase of $1000.
At press time, Kraken had raised just over €6.04 million ($6.76 million) from almost 300 investors, taking it to two-thirds of its total investment goal of €9.13 million ($10.18 million).
The appetite for Kraken’s shares reflects the market optimism currently pervasive within cryptocurrency as bitcoin (BTC) continues its 2019 bull run.
On the BnkToTheFuture listing, Kraken described itself as having over four million clients, while 2018 volumes topped $85 billion.
“We are always looking for ways to democratize access to our equity, allowing more of our valued clients to become valued investors,” officials added in a Twitter post on May 20. The post noted:
“To that end, we partnered with @BankToTheFuture to create an opportunity to invest in Kraken.”
The company has also sought to expand its presence internationally, acquiring United Kingdom futures provider Crypto Facilities earlier this year in a move which produced significantly heightened interest in its products.
Interested parties will be able to consider investing in the equity deal through June 20.
Top fiat-to-crypto exchanges are adopting market surveillance technologies. Of all crypto-to-crypto exchanges, only Binance has one.
While it’s possible to buy top cryptocurrencies like bitcoin (BTC) and ether (ETH) in the over-the-counter (OTC) market, most people will need an exchange in order to buy other altcoins. Exchanges are simply an important component of the system that makes the crypto market tick. Regulators around the world have identified this, which is why regulatory moves have primarily targeted exchanges. Regulators want to be sure that exchanges employ the best security practices as well as measures — Know Your Customer (KYC), Anti-Money Laundering (AML), and Combating the Financing of Terrorism (CFT), for instance — that discourage illicit transactions and improve account/wallet security.
Some exchanges do take their compliance to those measures seriously. For example, in the aftermath of the Binance hack on May 7, when around 7,074 bitcoins (worth $40 million on the day) were stolen, the company’s founder and CEO, Changpeng Zhao, announced that a significant security update will be conducted that will also include an upgrade to the KYC measures:
“We are making significant changes to the API, 2FA, and withdrawal validation areas, which was an area exploited by hackers during this incident. We are improving our risk management, user behavior analysis, and KYC procedures.”
So, let’s break down if such a stance over compliance with measures like KYC, AML and CFT is common among top cryptocurrency exchanges, and how much of an effect they have on the market and its participants.
What are KYC, AML and CFT
Each country has its laws governing KYC, AML and CFT measures. However, these laws do not come with specific standards, mainly because regulators want financial institutions to do all they can to reduce risks.
“The reasoning seems to be that if banks get clear guidelines on what constitutes adequate KYC they will never look any further than the minimum requirements,” John Callahan, chief technology officer at Veridium, an identity and access management software company, wrote in Forbes.
Know Your Customer
Know Your Customer, refers to a set of procedures and process that a company employs to confirm the identity of its user or customer. The robustness of KYC procedures varies across companies and jurisdictions. However, KYC fundamentally involves the collection and verification of a customer’s means of identification — including government-issued identity cards, phone numbers, a physical address, an email address and a utility bill, to name a few.
Anti-Money Laundering measures are a set of procedures, laws and regulations created to end income generation practices through illegal activities. Some of them include tax evasion, market manipulation, public fund misappropriation, trade of illicit goods and other activities of this kind.
AML regulations require financial institutions to continuously conduct due-diligence procedures to detect and prevent malicious activities.
The crypto industry has already been cited as facilitating a “rise of a new, high-tech era of virtual money laundering,” with cryptocurrency gambling sites reported by blockchain research house CipherTrace as being a common money laundering tool. In addition, Jamal El-Hindi, the former acting director of the Financial Crimes Enforcement Commission (FinCEN), a part of the United States Department of Treasury, hinted that AML compliance will be fundamental to the stability of crypto exchanges in the coming years:
“We will hold accountable foreign-located money transmitters, including virtual currency exchangers, that do business in the United States when they willfully violate US AML laws.”
Combating the Financing of Terrorism (CFT)
Combating the Financing of Terrorism refers to the set of procedures aimed at investigating, dissecting, discouraging and blocking sources of funding intended for activities that realize religious, ideological or political goals through violence, or its threat thereof, against civilians. These procedures provide law enforcement agencies with an alternative, and potentially effective way to track and block terrorist activities.
Yaya Fanusie, the director of analysis for the U.S. Foundation for Defense of Democracies Center (FDD), earlier in September 2018, told the U.S. Congress that terrorist organizations aren’t using cryptocurrency as a funding vehicle. However, the U.S. House of Representatives, on Sept. 26, passed a bill that would establish a task force to fight the use of cryptocurrencies by terrorist groups.
How crypto exchanges approach KYC, AML and CFT compliance
As stated earlier, the process of regulatory compliance for AML and CFT involves KYC throughout transaction lifecycles. The KYC process is generally divided into four levels, namely:
- Customer acceptance policy (CAP), which is the stage where a company determines and documents the demographics of its desired customers.
- Customer identification program (CIP), which is the stage where the company confirms that the identity of a (potential) customer matches its CAP.
- Continuous monitoring of transactions to ensure regulatory compliance, identification of suspicious activities and risk management.
- Risk management
Based on the information available, it can be examined how exchanges handle these stages. Crypto exchanges will be divided into two groups namely the “fiat-to-crypto” exchanges and “crypto-to-crypto” exchanges. Fiat-to-crypto exchanges are the gates for new fiat money to enter the cryptocurrency market. These exchanges allow users to exchange fiat currencies like dollars for bitcoin, ether or any other supported cryptocurrency. Crypto-to-crypto exchanges, on the other hand, primarily allow users to exchange one cryptocurrency for another.
Fiat-to-crypto exchanges typically perform at least some level of KYC because they deal with fiat money. This forces them to conduct business with banks and other traditional financial institutions, most of whom conduct KYC procedures before doing business with any entities.
Coinbase is a licenced crypto exchange based in the U.S. A full list of the licenses it holds is here. All that the exchange requires to open an account is a full name, an email address and a password. While this means that anyone from anywhere in the world can store, send and receive cryptocurrencies using a basic Coinbase account, ID verification is required to buy and sell cryptocurrency in the 33 countries it supports.
For its KYC, Coinbase chose Jumio’s digital identity solution Netverify in an attempt to be regulatory compliant while still delivering a smooth customer experience. In a bid to further mollify regulators, the company hired former New York Stock Exchange executive Peter Elkins to build the Coinbase Trade Surveillance Program, an initiative to monitor the markets with the aim to weed out bad actors.
Also licensed by the U.S. government, Gemini, unlike Coinbase, conducts KYC before allowing anyone to use its platform. On its user agreement page, Gemini states at least 13 regulations — including FinCEN, AML and CTF regulations — to which the users of its platform must be compliant. The exchange was launched in 2014 by brothers Cameron and Tyler Winklevoss.
At the start of the second quarter of 2018, a few months before Coinbase’s trade surveillance reports surfaced, Gemini partnered with U.S.-based stock exchange Nasdaq, which is one of the two largest exchanges in the world, for the deployment of Nasdaq’s SMARTS Market Surveillance technology to track market manipulations and fraudulent trades. The surveillance moves from both Gemini and Coinbase put them in the third stage of the KYC process.
Bitstamp requires ID and address verification before users can start trading on the platform. In the wake of surged interest in bitcoin, the exchange partnered with Onfido in February 2018, a digital identity verification provider, to handle its KYC to the end in order to make the customer onboarding process frictionless. Bitstamp was originally founded in Slovenia in 2011, but moved to the United Kingdom in 2013, and then to Luxembourg in 2016.
On Nov. 5, Bitstamp chose Cinnober’s crypto trading system for its exchange. Cinnober claims that its trading solution is built for regulatory compliance. The solution also employs Irisium’s market surveillance technology for risk management. Cinnober boasts a list of customers, including the NYSE, the London Stock Exchange, Euronext, and the Johannesburg Stock Exchange, to name a few.
Developed by fintech company iFinex, Bitfinex allows crypto users to open an account and immediately deposit, trade and withdraw crypto without identity verification. However, verification of a phone number, a residential address, two forms of government-issued ID and a bank statement is required to deposit and trade fiat currencies.
Earlier in the year, Bitfinex employed Irisium’s market surveillance technology to detect fraudulent behavior on its exchange. Bitfinex is based in Hong Kong.
Bittrex requires ID verification before allowing users to deposit, trade or withdraw cryptocurrencies. However, other than having a user agreement page that says its operations comply with KYC, AML and CTF policies — as does every other exchange — it is unknown if the exchange employs a market surveillance technology or plans to do so.
Kraken launched following two years of product development and beta testing, making it one of the oldest crypto exchanges. It has five tiers of verification (tier 0 to 4) requirements, depending on users’ intent to use their account. Kraken founder Jesse Powell decided to build the exchange after seeing the struggles of the then-largest — but now defunct — crypto exchange Mt. Gox.
Unlike Gemini and Coinbase, Kraken doesn’t appear to have any publicized surveillance program. All that is known comes from a Kraken blog post that was issued in response to the New York attorney general’s questionnaire. The company said:
“We currently employ nearly 200 people (more than 25% of the company) in compliance-related functions. As of Q1 2018, we are processing more than 1 law enforcement request per day, seven days a week.”
At the end of the second quarter of this year, a Bloomberg report called out irregularities involving certain tether trades on the Kraken exchange. John Griffin, a professor of finance at the University of Texas, told Bloomberg that the irregularities noticed are “suggestive of wash trading.” This technique is sometimes employed by traders, who act as both seller and buyer in a given transaction, to give a false impression of supply and demand. This act in itself is illegal. Kraken discredited the content of the report in a blog post. “It’s not clear what harm could come from wash trading of a pegged asset against its peg,” Kraken wrote.
Binance, being a pure cryptocurrency exchange, isn’t as exposed to regulations. Therefore, it allows withdrawals of up to 2 BTC per day without any form of ID verification. For withdrawals up to 100 BTC per day, it requires photo ID verification.
OKEx, which partially allows fiat trades, has three levels of verification. Level 1 users have a transaction limit of $10,000 per order or $2,000 for fiat trades, and are required to provide a government-issued ID during verification. Its level 2 allows for trades over $10,000, and requires document verification. Level 3 is for trades above $200,000 and involves video verification.
HitBTC doesn’t perform any form of ID verification at account opening. Users can deposit and trade crypto without going through any KYC procedures. However, the exchange advises users to verify their identity by sending in the usual KYC documents, including bank documents, to its compliance department via email to “avoid eventual verification procedure in the future.” Users have taken to a number of social media channels to complain that HitBTC allegedly limited their accounts, with the exchange operator asking them to verify their identities.
Huobi doesn’t appear to require any KYC documents before allowing users to trade, but it does have an ID verification section in the settings area of a user’s account. It appears to only enforce KYC when users reach a certain account usage limit. In addition, Huobi has different withdrawal limits for verified and unverified users.
Bibox allows users to trade up to 2 BTC per day without any form of KYC verification. For trades up to 20 BTC per day, it requires a passport verification. On its website, Bibox advises users who want a higher limit to reach out to its support team via email. All that is required to deposit funds and start trading with Bibox are account security measures, including SMS and Google authentication.
Should crypto exchanges take KYC seriously?
Put simply, similar to fiat-to-crypto exchanges, the top crypto-to-crypto exchanges, as determined by their 30-day volume on CoinMarketCap, have some sort of KYC policy that they enforce at different stages. However, many of them haven’t been proactive about compliance.
“To gain respect and empathy from regulators, crypto exchanges need to be proactive about compliance,” Tony Mackay, who recently launched the Kryptos-X exchange, said. He went on:
“At the minimum, you want to get the on-boarding stage right, even if the crypto market is currently under-regulated. You also want to ensure that your user registration system can detect and deter criminal activities, using the expertise of best-in-class KYC/AML providers.”
Also, unlike their fiat-to-crypto counterparts, crypto-to-crypto exchanges — except for Binance — haven’t been reported as monitoring or tracking transactions to detect market manipulation or fraudulent behaviors.
In October, Binance partnered with Chainalysis, a compliance and investigation company catering to the cryptocurrency space. As part of the partnership, Chainalysis did a global roll-out of its compliance solution, which has a Know Your Transaction (KYT) feature. KYT is a real-time transaction monitoring solution for cryptocurrencies. U.S. agencies — including the IRS and FBI — are using Chainalysis’ solution to track cryptocurrency transactions.
Is it worth playing by the rules?
A recent report from P.A.ID Strategies, a payments and identity security consulting firm, found that the majority of crypto exchanges “lack sufficient background checks.”
It also claims that exchanges, at best, take a reactive approach to being compliant. Only a few have set up a system for monitoring behaviors and appear prepared to deal with regulators despite the under-regulation of the industry.
A recent emerging trend in the crypto space has been that of exchanges closing their offices in highly regulated jurisdictions and setting up shop in jurisdictions — such as Malta — where the local laws are “crypto friendly.” Binance and OKEx are the most notable examples.
For some crypto firms compliance is a double-edged sword in that on one side, firms ensure that no illicit activity is conducted on their platforms, while potentially compromising on the notion of decentralization on the other side.
In June 2019, new Financial Action Task Force (FATF) guidelines will be imposed that govern AML and CFT activities. The announcement from February states:
“Countries should ensure that VASPs [virtual asset service providers] are subject to adequate regulation and supervision or monitoring for AML/CFT and are effectively implementing the relevant FATF Recommendations, to mitigate money laundering and terrorist financing risks emerging from virtual assets. VASPs should be subject to effective systems for monitoring and ensuring compliance with national AML/CFT requirements.”
There are many who disagree with the tightening of controls, saying that, first of all, it would be difficult to set up domestic regulatory bodies, and in the meantime, companies may suffer as they will become overburden by reporting.
It is also not always possible to know the identity of the beneficiary, whom the destination wallet belongs to and what type of a wallet it is, according to Chainalysis. The company states that it would be more beneficial to collect wallet addresses of bad actors instead of user’s personal information.
Kraken argues against proposed regulation of crypto by Canadian securities entities.
Canadian exchange Kraken has published a paper arguing against proposed regulation of crypto assets by the Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC). The exchange shared its comments in an official twitter post on May 16.
Kraken says that the proposed framework considers the contractual arrangement between an exchange and an exchange user as a security. Kraken denies that these contracts constitute securities:
“…most reputable exchanges operate as custodians or bailees. As such, the assets are legally owned by the customer and not the Exchange operator. This means, critically, that the customer’s interest is not derived from the underlying asset — it IS the underlying asset. The application of a securities law framework, accordingly, is both unnecessary and inappropriate to this structure.”
The authors listed the following four contract stipulations as necessary conditions for the claim that exchange users indeed own their crypto assets and that these assets therefore fall outside of securities law:
“1. Contractual terms indicating that the relationship is in the nature of a custodial relationship; 2. Customer has the right to dispose of the assets at any time by transferring them off of the Exchange; 3. Contractual terms governing escheatment of the underlying asset; 4. With respect to bank accounts holding customer funds, titling of the bank account as a “for the benefit of” (FBO) or “custodial” account, or similar wording.”
Kraken also addresses a number of security risks that concern regulators by stating that a laissez-faire approach will serve the exchange space better than implementing hands-on regulatory policies:
“Without the cudgel of regulation, Exchanges are developing proof-of-reserve techniques, obtaining SOC certifications and enhancing their security and internal controls. As more Exchanges embrace these features, the competitive expectations for all of the Exchanges increase — for the better.”
In the United States, several members of congress have recently reintroduced the Token Taxonomy Act, which seeks to exclude cryptocurrencies from security regulations. The proposed bill is a revamped version of one introduced in 2018. It would act as an amendment to the Securities Act of 1933 and the Securities Act of 1934.
TokenAnalyst estimates that capital outflows from major crypto exchanges have exceeded inflows by ~$622 million over the past 5 days.
Blockchain data provider TokenAnalyst estimates that capital outflows from major crypto exchanges have exceeded inflows by ~$622 million over the past five days, Bloomberg reported on May 15.
London-based TokenAnalyst has reportedly based its figure on an analysis of withdrawals and capital inflows on multiple crypto trading platforms — including Bitfinex, BitMEX, Binance and Kraken.
While bitcoin (BTC) continues to rally and hit multi-month highs, Bloomberg’s report also makes the claim that its strong price performance may in part be inflated by recent capital flight from investors unsettled by the spate of controversies affecting crypto exchange Bitfinex and affiliated USD stablecoin issuer Tether.
As reported, the New York Attorney General’s office (NY OAG) has recently accused Bitfinex of having lost $850 million in user deposits, and secretly covering up the shortfall using funds from Tether — the latter of which has itself come under renewed criticism for being backed only 74% by USD reserves. Both companies have rebuffed the allegations and have contested the NY OAG’s injunction order.
Bloomberg further cites TokenAnalyst’s data, which reportedly reveals that Bitfinex has had net outflows of over $1.7 billion in bitcoin and ether (ETH) since April 26 — the date of the NY OAG’s court filings. It also claims that bitcoin traded at a premium of as high as 6% in the controversy’s fallout — even as other coins saw losses given tether’s (USDT) prevalence as an intermediary asset throughout markets.
John Griffin — a finance professor at the University of Texas at Austin — told Bloomberg that “since Tether is insufficiently backed, it means that some of the reserves backing customer assets on exchanges are likely insufficient.” He thus noted that:
“Smart customers will not custody their funds on exchanges and pull their crypto off exchanges. This could put further upward pressure on Bitcoin prices as one would rather take fake money and exchange it to Bitcoin.”
As previously reported, Professor Griffin was one of the co-authors of a high-profile study of tether’s alleged role in manipulative market practices, publishing a paper in June 2018 that claimed tether was being “used to provide price support and manipulate cryptocurrency prices” — artificially deflating the price of bitcoin to maximize short-term returns on futures contracts.