Richard Malish is General Counsel at NICE Actimize where he counsels on global anti-money laundering, fraud, trading compliance and banking regulatory matters.
The New York Attorney General (“NY AG”) recently issued a report on its fact-finding enquiries to multiple virtual currency trading platforms believed to be operating in New York. One of its many interesting findings was how virtual private networks (“VPNs”) may permit market manipulation.
VPNs are a critical tool for privacy-minded cryptocurrency traders, as well as the only method for some traders to access these markets in countries such as China. Based on the NY AG’s report, should crypto exchanges assume that VPN access is no longer permissible?
Not necessarily, but they need to look at the issue in the broader context of their overall compliance program.
Stepping back, the NY AG’s focus on VPNs was in the context of the effectiveness of access controls to ensure fairness and integrity and protect customers. Access controls start with basic Know Your Customer (“KYC”) processes to confirm a new customer’s identity.
While eight of the trading platforms which responded to the enquiry required customers to submit various forms of personal information and government-issued identification before trading, Bitfinex requires little more than an email address to trade between exchanges (as opposed to withdrawing/depositing fiat currency). Tidex, which states that it prohibits users from the United States and is currently filing with the Financial Crimes Enforcement Network (FinCEN) to become a money services business, requires only a name, email address and phone number.
A common additional access control for online businesses is to monitor IP addresses of users to determine their approximate geographic location and track suspicious behavior coming from a particular computer connection. For example, transactions in multiple accounts coming from one IP address may be suspicious.