Technology

The regulatory mood around digital assets in 2022 and beyond

Published

4 months ago

January 8, 2022

admin

By Michael Magrath, Vice President, Global Standards and Regulations, OneSpan

Put simply, digital assets are unique digital representations of financial assets, the ownership of which is registered securely on a blockchain. This includes cryptocurrencies, stablecoins, NFTs and digital asset tokens. With global financial institutions investing in cryptoassets, consumer ownership of cryptocurrency skyrocketing, and cryptocurrency even becoming legal tender in some countries, digital assets are now playing a significant role in the global financial ecosystem.

Like with any emerging technology, regulation in this area has for many years lagged behind the pace of innovation. However, this is now changing as regulators rush to protect investors, fight crime and establish their jurisdictions as fintech hubs. With this in mind, what regulatory changes can we expect key European players – France, Germany and the UK – to make in 2022 and beyond?

Michael Magrath

Confronting the growing role of digital assets in global money laundering

From drug trafficking to ransomware, we cannot ignore the fact that cryptocurrency enables serious organised crime. Crypto allows bad actors to easily receive bribes and ransoms, as well as disseminating the proceeds of their crimes – all without being identified and apprehended. This pressing issue was highlighted by the European Commission’s EU Strategy to Tackle Organised Crime 2021-2025 report published earlier this year. The authors noted that: “only 1% of criminal assets are confiscated. This has been aggravated by the increasing use of financial channels with more limited oversight than the banking sector, such as virtual currencies.”

Given this startling figure, it’s no surprise that EU member states are closely examining the role of digital assets in criminal activity – so, what steps are they taking?

In April this year, the French Ministry of the Economy and Finance published a decree designed to strengthen the country’s existing mechanism for freezing criminal assets. The new decree aims to eliminate the use of anonymous digital assets in illegal activity. At its core is an expansion of the scope of customer due diligence requirements for payment and e-money institutions, and a requirement for digital asset service providers to identify customers before permitting a transaction.

In addition to member states’ individual efforts, the EU’s proposed Regulation of Markets in Crypto-Assets (MiCA) legislation proposes a detailed regulatory framework for digital asset issuers across the bloc. It’s worth noting that the legislation doesn’t apply to central bank digital currencies, issued by states and regulated by central banks, but other cryptocurrencies, including utility tokens and payment tokens do fall within its scope. In the three years since MiCA was first put forward, there remains a lack of clarity in several key areas. Currently, it’s expected that a single licensing regime for cryptoassets will be in place across all member states by 2024.

Outside the EU, the UK Treasury published a consultation on amendments to its 2017 Money Laundering, Terrorist Financing and Transfer of Funds Regulations in July 2021. The amendments seek to implement a Travel Rule for the cross-border transfer of cryptoassets. The Financial Action Task Force’s Travel Rule requires both financial institutions Virtual Asset Service Providers (VASPs) (cryptocurrency exchanges)—to collect personal data including names and account numbers for both senders and recipients in wire transactions exceeding 1,000 USD/EUR. Secondary legislation is expected to be introduced in spring 2022.

Boosting security standards for exchanges and custodians

Money laundering isn’t the only pressing concern and increased scrutiny has been placed on exchanges. Though undoubtedly the most high-profile, the recent Coinbase hack was not the first to successfully target crypto exchanges and custodians. In fact, research shows that an estimated $1.9 billion worth of cryptocurrency was stolen by hackers in 2020. This eyewatering figure demonstrates that the security standards of digital asset exchanges and custodians must be significantly improved to protect investors.

The German Federal Financial Supervisory Authority (BaFin) has established itself as a pioneer in regulating digital assets – and has already taken significant steps to boosting security standards among cryptocurrency exchanges and custodians. Germany was one of the first countries to allow financial institutions to custody cryptoassets. This was classified as a financial service back in January 2020. German law states that all entities seeking to custody cryptoassets, and those engaging in the trade of cryptocurrency, must apply for BaFin authorisation. The German Banking Act considers all crypto custodians and exchanges to be financial institutions, so they must adhere to stringent anti-money laundering rules.

In the UK, the Financial Conduct Authority (FCA) will soon require cryptoasset exchanges and custodians to submit an annual financial crime report. As part of the FCA’s Extension of Annual Financial Crime Reporting Obligation policy, the number of firms required to submit to financial crime reporting is expected to rise from 2,500 to around 7,000. The requirement will go into effect from 30 March 2022.

Though it’s heartening to see increased regulation in this area, custodians and exchanges need to go above and beyond the bare minimum of what is required by law. This is the only way to cultivate lasting consumer trust, which is currently at an all-time low.

Offering clarity on licensing and consumer protection for financial institutions

With the value of digital assets soaring, it’s no surprise that banks and financial institutions are keen get involved by creating exchange traded products linked to cryptocurrencies. Essentially, crypto exchange traded funds (ETFs) are securities that track the price of a cryptocurrency, like Bitcoin or Ether, but can be bought and sold on a regular stock exchange.

As interest in such products continues to grow, there are increasing calls for more to be done to clarify how banks and financial institutions are allowed to license the purchase of cryptoassets.

Both Germany and France have approved the sale of exchange traded products linked to cryptocurrencies. In fact, just last month, Europe’s first UCITs-compliant bitcoin ETF was listed on the Paris stock exchange. It’s the first product of its kind to be made available to retail and institutional investors across the EU.

It was a desire to protect retail investors from the high volatility of cryptocurrency markets that led the UK government to ban ETFs of crypto products back in 2020. Given that many countries, including Germany, France and most recently the US, have approved exchange traded products linked to cryptocurrencies, the UK’s cautious position makes it an outlier in this area. And considering that retail investors can legally trade ETFs of volatile commodities like gold and oil, many have branded the UK’s outright ban as heavy-handed and disproportionate.

Overall, it’s clear that there’s a palpable sense of urgency among regulators to create a fair and enduring legislative framework governing digital assets. In 2022, we can expect regulation to increase in both complexity and rigour. To ensure that this brings stability, protects investors, and doesn’t stifle innovation, key industry players should collaborate with regulators, rather than resisting external oversight.

To discover more about the regulation of digital assets, download OneSpan’s Global Financial Regulatory Report here.

Up Next

Predictions for financial fraud in 2022

Don't Miss

Why robotics is reshaping the world of RPA and IA

Technology

UK Organisations turn to artificial intelligence to fight sophisticated cyberattacks

Published

3 days ago

May 20, 2022

admin

New research by cybersecurity expert Mimecast finds that email attacks are becoming more frequent and sophisticated

More and more companies in the UK are using artificial intelligence (AI) and machine learning (ML) to fend off increasingly sophisticated cyber-attacks, according to new research from cybersecurity specialist Mimecast. The research finds that 40% of UK organisations are already using AI or ML in their organisations’ cybersecurity programme, with 30% planning to do so within the next 12 months.

The use of advanced technologies such as AI and ML is in direct response to the growing sophistication of cyberattacks that UK businesses are experiencing. 53% believe that increasingly sophisticated attacks will be their biggest email security challenge in 2022, leading to 80% believing it is at least likely their organisation will suffer a negative business impact from an email-borne attack this year.

Growing threat landscape

The research shows that email remains the largest threat vector for UK businesses, with 71% of respondents reporting an increase in the volume of email threats their organisation has faced in the last 12 months. This includes phishing with malicious links or attachments (56%), impersonation fraud or Business Email Compromise (53%), and malicious insiders (43%). However, it isn’t just email attacks that are on the rise, as 90% of UK businesses experienced at least one spoofing attack that uses a lookalike web domain or a clone of their organisation’s website in the last 12 months. The average UK company has experienced 11 of these attacks.

On top of this, employees are also presenting organisations with a very real threat to their cybersecurity. The survey identifies that IT decision makers have relatively low confidence in their colleagues’ cyber awareness , believing that there is a risk of an employee making a serious security risk due to oversharing company information on social media (84%), poor password hygeine (80%), using personal email (80%), or using cloud storage and other shadow IT functionality (81%). When an employee does full victim to an attack, it frequently results in more widespread consequences. 85% of respondents say threats have spread from one infected user to other members of the organisation.

AI to the rescue

To overcome this growing threat landscape, more and more UK organisations are turning to advanced technologies to strengthen their cybersecurity position. The 40% of UK organisations that are already using AI as part of their cybersecurity strategy are already seeing a number of benefits, including increased accuracy in terms of threat detection (54%), reduced human error within cybersecurity team (51%), and reduced workload/working hours for cybersecurity team (45%).

Despite these very real benefits, there is the very real danger that many UK organisations will miss out due to a lack of budget dedicated to cybersecurity. The research highlights a clear discrepancy between the amount IT decision makers believe should be spent on cyber resilience and how much budget is actually allocated by business leaders. IT decision makers in the UK believe that 16% of their IT budget should be allocated to cyber, but at the moment they see less than 12% allocated. Missing out on new technology innovations such as AI is identified as the most likely consequence (49%) for organisations where the cybersecurity budget is not as high as respondents believe it should be.

Elaine Lee, AI expert at Mimecast, said: “There is no doubt that cyberattacks are becoming more frequent, as UK businesses adjust to the world of hybrid work. On top of this increase in frequency, we are also seeing a rise in the sophistication of attacks. This is creating a perfect storm and making it more difficult than ever for organisations to keep their businesses secure. With this in mind, it is no surprise to see so many organisations turn to advanced technologies such as AI to bolster their cybersecurity defences. AI solutions can help businesses to automate security processes, ensuring they are better able to fend off attacks, as well as providing their security experts with more time to focus on high-level analyses that require human interaction.”

Lee continued: “Organisations that have yet to invest in AI technologies as part of their cybersecurity strategy should do so. Cyberattacks are going to continue to be a major threat to UK businesses and these businesses need to respond accordingly with sufficient budget. A successful cyberattack has the potential to cause serious ramifications for a business, including both financial and reputational damage. Now is the time to take this threat seriously and get prepared.”

Technology

Addressing the talent gap within cybersecurity

Published

3 days ago

May 20, 2022

admin

By Merlin Piscitelli, Chief Revenue Officer, EMEA at Datasite

Rising geopolitical tensions and increasingly sophisticated cyberwarfare tactics have meant that cybersecurity threats are now more prevalent than ever. In current times, the number of cybersecurity attacks are increasing in volume and intensity on a global scale and if a company is not properly equipped to deal with this reality, it could directly impact their survival.

Recently, some sections of businesses were compromised, taken offline, and employee accounts within key microchip and electronic powerhouses were exposed due to cyber-attacks. Most alarmingly, some of these attacks were perpetrated by the same hacking extortion group.

As digitalisation continues to increase throughout the world, and events like Russia’s invasion of Ukraine take place, it is now more important than ever to focus on combatting cyber-crime. The industry understands this, as record levels of investments have been pouring into the sector to advance our capabilities within the field.

The cybersecurity surge

Within the last 12 months, the cybersecurity sector has seen major growth with now almost 2,000 firms active within the UK providing cyber security products and services. In 2021 the UK cybersecurity industry contributed £5.3 billion to the economy, an increase of about a third from 2020, and cybersecurity firms have raised more than £1 billion external investments in 84 deals. It’s therefore fair to say that the acceleration towards digitalisation caused by the pandemic has meant businesses have had to increase their cybersecurity efforts, leading to increasing demands within the sector.

Merlin Piscitelli

As the industry finds new solutions to combat cyber-attacks, cybercriminals are continuing to explore new tactics to ensnare victims. This has resulted in higher demands for those skilled within the industry. Now, with over 2.5 million cybersecurity jobs available and the war for talent rapidly gaining momentum, it’s clear that pressure is increasing.

Cybersecurity and data protection is a strategic investment and a highly specialised endeavor. It can be more cost-effective (especially for small and medium size firms) to outsource this responsibility and partner with a vendor to design and implement solutions. Business leaders will need to ensure they are working with a reputable partner that can offer the best level of protection and technical expertise to fit organisational needs.

The talent gap

While demands are currently high, the supply isn’t there to match. In the UK, the cybersecurity talent pool has fallen short by around 10,000 people a year, and in the previous 12 months, the UK’s cyber skills shortage rose by more than a third. As a result, cybersecurity is now the most sought-after tech skill in the UK.

With more than half, 54%, of UK CEOs believing cybersecurity presents the best opportunity for TMT dealmaking over the next year, demand will rapidly outstrip supply of expertise unless there is a rapid change within the industry.

Championing the workforce

Businesses have had various strategies when looking into combatting this issue. When asked what the main drivers of recent and future cross-border technology acquisitions are, one-third of UK M&A professionals surveyed cited access to skilled/specialised talent.

Investing in your workforce is the tried and tested way of mitigating against cyber-attacks and managing risk. Having access to the necessary resources to protect your digital ecosystem and build momentum by upskilling individuals already working in the tech space, along with attracting new talent, will be crucial to tackling the current professional shortfall.

Furthermore, bringing diversity and inclusivity into the process will help truly overcome the war for talent, as businesses will need to acknowledge the correlation between the skills shortage and the lack of inclusivity needed to diversify the sector.

Ultimately, addressing the current skills gap within cybersecurity will require combined efforts from businesses, academia and governments. Championing students to take an active interest cybersecurity and go through the necessary training to develop the skills needed in the industry will go long way in evening out the playing field.

It is only by investing in developing cybersecurity talent that will we have enough people with the expertise required to protect organisations digital ecosystems as the threat landscape becomes more diverse.