The financial sector continues to revel in the advancement of disruptive technological innovations. Due to the attractive rates and fees, ease of access and account setup, variety of innovative products and services, and improved service quality and product features, financial technology is attracting more customers and investors today. Despite the numerous advantages of these sectoral transformations, it is impossible to deny that the digitization and ease with which the internet has enabled all of us to function effectively in our day-to-day work has also created a space for virtual crimes.
Amidst the pioneering fintech revolution, cryptocurrency has emerged as a modern financial technology that can be used to easily launder money. Despite rapid market fluctuations and an uncertain legal status, cryptocurrency continues to captivate Indian investors, who are undeterred and unbothered by the associated risks of cyber fraud.
This article will explore how the crypto market nurtures a convenient and fertile ground for money laundering activities.
Cryptocurrency and India
The Indian regulatory market has had a hot and cold relationship with cryptocurrency over the years. The RBI, vide Circular DBR.No.BP.BC.104/08.13.102/2017-18 dated April 06, 2018, restricted all crypto transactions. However, in 2020, the Supreme Court effectively struck down the ban. As a result, the RBI stated in Circular DOR. AML.REC 18/14.01.001/2021-22 that banks and financial institutions cannot cite the aforementioned circular to warn their customers against dealing in Virtual Currencies. However, it did state that, “Banks, as well as other entities addressed above, may, however, continue to carry out customer due diligence processes in line with regulations governing standards for Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) and obligations of regulated entities under the Prevention of Money Laundering Act (PMLA), 2002, in addition to ensuring compliance with relevant provisions under the Foreign Exchange Management Act (FEMA) for overseas remittances.”
At present, while the talks of implementing comprehensive legislation governing cryptocurrencies have fizzled out, the Union Budget 2022 brought digital currencies under the tax net. As of 2022, the crypto asset market in India stands at an approximated evaluation of 45,000 Crores and 15 million investors.
However, it is pertinent to note that it is transactions, not investments, in the digital currency that pose an issue. In India, the Enforcement Directorate discovered over 4,000 crores of such illegal cryptocurrency transactions in 2021. As per the 2022 Crypto Crime Report by blockchain data firm Chainalysis, cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021, $6.6 billion in 2020 and $10.9 billion in 2019. Furthermore, the study discovered that at the moment, darknet market sales or ransomware attack profits are virtually derived in cryptocurrency rather than fiat currency, thus significantly contributing to the data.
Money laundering, terror financing, drug dealing, and other criminal activities are all done using cryptocurrency transactions. Although these transactions are recorded on a blockchain and are traceable, criminals use mixers and tumblers to make it difficult for a third party to track them.
The Laundering Mechanism
Eurospider Information Technology AG, “Mixers Tumbler Example,” fig.
For clarity, refer to the above image. Using the OHNE mixer, A sends 20 bitcoins to B, U sends 15 bitcoins to V, and X sends 5 bitcoins to Y. These are single-layer transactions that are simple to trace and identify.
The transaction takes place in a different way in the second image, where the MIT mixer is used. For the sake of brevity, let us consider a single layer of mixer being used. In real life, the number of mixers used is in the thousands. Here, A sends 20 bitcoins to M1, U sends 15 bitcoins to M2 and X sends 5 bitcoins to M3. In the next stage, B receives 20 bitcoins from M2, V receives 15 bitcoins from M1, and Y receives 5 bitcoins from M1. The difference we must notice is that B, V, and Y are receiving the same number of bitcoins as in picture one, but not from A, U and X, respectively. Because there is no information about A sending bitcoins to B, U sending bitcoins to V, or X sending bitcoins to Y, these transactions are not single-layered and are impossible to trace. Hence, making the transaction anonymous.
Criminals use a similar method to send money using cryptocurrencies. Consider the following scenario to gain a better understanding: A, B, C, and Z are cryptocurrency users who keep their coins in their digital wallets. They use the same mixing service to make transactions. A, B, and C are law-abiding citizens, while Z is a criminal involved in drug trafficking. A has to pay X a certain amount of money. X is paid, but the bitcoins he received were deposited by Z, a drug trafficker. When X received the payment, he had no idea that the bitcoins he had were dirty bitcoins and had been used for illegal activities. This is a straightforward explanation of how dirty bitcoins are making their way through the market, paving the way for money laundering.
What can be done?
The International Monetary Fund (IMF) has released a report titled “Global Financial Stability Report” which discusses the following details about how cryptocurrencies should be regulated, considering their increasing market capitalization and the growing exposure of banking and financial systems to crypto assets:
- Implementation of global standards applicable to crypto-assets should be the key focus area of national policies.
- Regulators should identify and control the associated risks of crypto assets, specifically in areas of systemic importance.
- Coordination among national regulators is key for effective enforcement and fewer instances of regulatory arbitrage.
- Data gaps and monitoring of the crypto ecosystem for better policy decisions should be prioritised by the regulators.
The report also discusses how stablecoins and decentralized finance pose a significant risk to the crypto market and the overall economy if they are not properly regulated and supervised by issuers.
- Regulations should be proportionate to the risk and in line with those of global stablecoins.
- Coordination is a must, to implement requisite recommendations in the areas of acute risks, enhanced disclosure, independent audit of reserves, and fit and proper rules for network administrators and issuers.
The report also discusses the importance of managing macro-financial risks through:
- Enactment of de-dollarization policies, including enhancing monetary policy credibility.
- Formulating a sound fiscal position with effective legal and regulatory measures and implementing central bank digital currencies
- Reconsidering Capital Flow Restrictions with respect to their effectiveness, supervision, and enforcement
However, according to the report, cryptoization would make finance more cost-effective, quick, and accessible.
There is also an intergovernmental organisation known as the Financial Action Task Force, which is constantly updating its recommendations to maintain legal, regulatory, and operational methods for combating money laundering, terrorism financing, proliferation, and other threats to the integrity of the international financial system. The Financial Action Task Force (FATF) recently released a compliance framework recommending that all anti-money laundering rules that traditional financial systems follow be applied to stable coins, cryptocurrency, and virtual asset service providers. Even though identifying the source of such funds and keeping track of who is the beneficiary of such funds is difficult, countries are still being encouraged to develop provisions that provide for due diligence, record keeping, and the reporting of suspicious transactions.
The Legislative Way Forward for India
At present, there is no comprehensive legislative framework to govern fintech advancements encompassing blockchain and cryptocurrencies. At best, the present regulatory framework is a patchy, cross-networked arrangement that demands careful deliberations in alignment with the evolving technological innovations in the sector.
The Information Technology Act, 2000:
While the legislation successfully addresses issues like identity theft, hacking, and ransomware and provides a means to tackle the issue of extraterritorial jurisdiction, it is safe to conclude that the serpentine considerations of blockchain cannot be comprehended and addressed by the Act.
The Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering Rules, 2005
The offences listed in Parts A, B and C of the PMLA Schedule attract the penalties enumerated under the Act.
Part A categorises offences under: Indian Penal Code, Narcotics Drugs and Psychotropic Substances Act, Prevention of Corruption Act, Antiquities and Art Treasures Act, Copyright Act, Trademark Act, Wildlife Protection Act, and Information Technology Act.
Part B enlists offences under Part A with a valuation of Rs 1 crore or more.
Part C exclusively deals with trans-border crimes.
Recently, the Enforcement Directorate attached proceeds of crimes amounting to Rs 135 crores in 7 cases in which the usage of cryptocurrency for money laundering activities was flagged by the authorities.
However, it is pertinent to note that the offences recognised under the respective parts of the schedule only comprise the offences under the current framework of legislation, which is at present not equipped to regulate any segment of cryptocurrency transactions and digital currency operations in the country.
Foreign Exchange Management Act, 1999
Even though the Act specifies procedures to conduct cross-border and foreign exchange transactions, it fails to identify the role of technology as an instrumental enabler of such transactions at present. However, it is interesting to note that it empowers the RBI to establish a regulatory framework to address the same.
The Payment and Settlement Systems Act, 2007
The PSS Act was enacted with the objective of establishing a regulatory framework for banks and ancillary financial institutions, designating RBI as the nodal authority. Section 4 of the Act states that no payment system shall operate in India without the prior due authorization of the RBI.
Apart from the above-mentioned legislation, regulators like SEBI, Ministry of Electronics and Information Technology (MeitY), Insurance Regulatory and Development Authority of India (IRDAI), and Ministry of Corporate Affairs (MCA) have also undertaken initiatives to implement specialised guidelines. While these regulations deal with the contemporary issues of payments, digital lending and global remittances, none of them has managed to find a concrete ground for effectively supervising and regulating cryptocurrency transactions backed by blockchain in the current volatile ecosystem.
At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Furthermore, initiatives should be taken to ensure transparency of such transactions, establish secure authentication transactions for the exchanges and tighten the legislative noose on cyber security systems in the country. Additionally, establishing a centralised statutory body and local self-regulatory bodies across the sovereign, and implementing an extensive centralised framework is also imperative. The current scheme of criminal activities in virtual space transcends geographical boundaries, hence it is crucial for global policymakers to implement mechanisms to ensure coordination and collaboration by institutionalising inter-governmental bodies.
 ‘The Current Landscape Of The Fintech Industry – Fintech Crimes’ (Fintech Crimes, 2022) <https://fintechcrimes.com/the-landscape-of-fintech-in-year-2020/> accessed 9 February 2022.
 ‘Global Financial Stability Report’ (2021) <https://www.imf.org/en/Publications/GFSR/Issues/2021/10/12/global-financial-stability-report-october-2021> accessed 11 February 2022.
 ‘VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS’ (2021) <https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf> accessed 11 February 2022.
At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Further, initiatives should be undertaken to ensure transparency of such transactions, establish secure authentication transactions of the exchanges and tighten the legislative noose on cyber security systems in the country.