Biba Homsy: "In the world of virtual assets, you need to constantly rethink the basics"

The founder of the Luxembourg Blockchain Association and director of OpenVASP, an anti-money-laundering governance association for transaction monitoring, talks to us about the intersection between virtual assets and crime.

Posted Friday, March 19th 2021
Biba Homsy: "In the world of virtual assets, you need to constantly rethink the basics"

Leaders League: Could you summarise the current reality of virtual assets?

Biba Homsy: By contrast with fiat currencies such as the dollar, the euro and the pound sterling, the expression “virtual asset” refers, according to the Financial Action Task Force on Money Laundering (FATF), to any digital representation of value that can be digitally traded, transferred or used for payment. It does not include the digital representation of fiat currencies.

Virtual assets are not only limited to cryptocurrency but encompass a digital representation of any type of asset as opposed to currency, such as crypto-assets, tokens, digital coins, blockchain-based assets, or DLT-registered securities.

The high-wire exercise is to focus on whether the term is used as a means of payment, a part of a collective scheme, an obligation towards an entity, an underlying asset, a property, or a proceed. Most of these virtual assets will use an underlying blockchain technology, or some other distributed ledger technology (DLT). In the world of virtual assets, you need to constantly rethink the basics to ascertain what you have in your hand.

Distributed ledger technology has a proven track record of more than 10 years and is used in many areas: the financial sector, energy trading, supply chains, anti-counterfeiting, healthcare, and online voting, to name a few.


What are the criminal uses of virtual assets?

The technologies underlying virtual assets, such as blockchain, hashgraphs or directed acyclic graphs, are game-changers. We see a lack of harmonised regulation across the globe for this technology. When combined with additional technologies such as deep analytics or AI, they allow for speed, global reach and anonymity that can be open to abuse.

The WannaCry attack is a good example of combination of several technologies for criminal uses. First, computers are infected with a virus allied with a ransom demand to decrypt the files. The ransom payment is directed to a bitcoin wallet; then bitcoin are converted via multiple transactions into other virtual assets, some with pseudo-anonymity, some with full anonymity, to end up in a another bitcoin wallet held by a service provider, to ultimately be converted into fiat currencies.


What legal tools are available to fight against criminal activities in this area?

The G20 and the FATF have called several times for action to be taken by countries in terms of anti-money laundering (AML) and counter-terrorism. On June 21 2019, FATF issued guidance whereby countries were strongly recommended to implement a mandatory compliance framework for Virtual Asset Service Providers (VASPs), which refers to a professional, regardless of whether it is a natural or legal person, conducting specific activities or operations related to virtual assets.

FATF has strong and urgent expectations for countries to implement requirements for VASPs in their domestic legislation, such as ensuring a strong compliance and control framework in place, identification of clients and their ultimate beneficial owners. Transactions must follow the so-called Travel Rule or reporting of any suspicious activity and transactions.

While some countries, such as the USA and Switzerland, have already implemented these recommendations, for other countries it raises complexities in aligning with their current laws and regulations, such as the EU’s AMLD5 (Fifth Anti-Money Laundering Directive). Such recommendations are confined to the AML and counter-terrorism spaces; VASPs may also fall under other legislation such as market abuse regulation or cyber-security regulation.