Meet our New Partner, Sentinence – Sanctions & AML Compliance Experience of More Than 30 Years
Sentinence is a global AML and Sanctions compliance boutique advisory firm based in Canada and headed by Angela Chartrand, an AML, and Sanctions professional for over 30 years. We sat down with Angela and learned about her extensive experience, her views on the challenges and pitfalls of sanctions compliance, the latest developments, and the future of sanctions compliance.
We are proud and happy to have won Sentinence as a new partner in our sanctions.io ecosystem. Sentinence is a global AML and Sanctions compliance boutique advisory firm based in Canada and headed by Angela Chartrand, an AML, and Sanctions professional for more than 30 years.
We sat down with Angela and learned about her extensive experience, her views on the challenges and pitfalls of sanctions compliance, the latest developments, and the future of sanctions compliance.
Q: Hi Angela, please tell us a little about your background and how you started Sentinence.
A: Hello Thorsten, I am so excited to have established a partnership with Sanctions.io. I am a huge fan of your technology and the solutions you provide.
To answer your question, I have been in regulatory compliance with an emphasis on AML for over 30 years.
For the first half of my 30+ years, I operated as a consultant to small and mid-size independent mutual fund dealers in Canada. I consulted on such things as; building out AML Programs, Risk Management and Mitigation Policies and Procedures, AML training of investment sales representatives, volunteering on industry working groups with the objective of eliminating as much paper as possible and automating the transmission of buy and sell orders from the distributor to the manufacturer in real-time, as well as real-time money settlement. I have a unique skill set in that as much as I know and understand the regulations and how to apply them in day-to-day operations, I also know and understand how technology can be used and should be used both from a risk mitigation perspective, but also as a better use of human resources.
With the second half of my career, I moved out of the Canada only, investment and securities verticals, and now provide regulatory consultancy and advisory services, with a focus on AML across multiple jurisdictions within the Payments, FINTECH, MSB, Crypto, and Gaming space.
Q: What is Sentinence’s offering, and who are your customers?
A: Sentinence is a Regulatory Compliance Consultancy and Advisory Service Provider. We build out AML Programs, which includes the writing of custom AML Policies, the accompanying procedures, we offer introductions to third-party technology solutions who provide such things as identity verification and confirmation services, sanctions, and pep watchlist screening, transaction monitoring, and compliance case management. We are also engaged in conducting risk assessments and risk assessment reviews, create and/or conduct AML Training, perform compliance and AML audits and effectiveness reviews, as well as provide outsourced compliance support services.
Our clients come from a variety of business models and typically are within the FINTECH, Payments, MSB, Gaming, Cannabis, and of course all things Crypto, verticals. Jurisdictionally, my clients are primarily US based, although I do provide services to both Canada and the UK and even other jurisdictions when requested.
Q: From your perspective, how has Sanctions Compliance developed over the last 30 years?
A: Oh, good question, Thorsten. As I have said, I have been doing this for a long time. I would say that Sanctions Compliance and the technology used to screen against the variety of watchlists available to us was almost kind of ‘quiet’ for many years. Yes of course, if you are a Chief Compliance Officer, you always ensure that you have implemented a Sanctions and PEP watchlist screening program. However, I feel that significant changes to our world within technology and how we conduct business and specifically how we conduct transactions has evolved so significantly in the last 5-10 years that the world of Sanctions Regulations have had to realign and adapt to those changes, not without growing pains for sure
Q: What has changed in the last 5-10 years?
A: I believe so many things have changed. For instance, there aren’t many left in the industry that have the years of experience I do. The interest in Financial Services (old school terminology, I am dating myself) or FINTECH as a career choice is much more than it was when I first entered the industry. For one, there are so many more women in the FINTECH space than there used to be, which of course, is awesome.
When speaking about the changes within Sanctions compliance, I guess I would say a few things stick out for me.
It could be said that Sanctions Regulations and Sanctions Compliance stagnated for many years. We saw some increase in the application of Sanction compliance about 10 years ago but fines related to non-compliance of Sanctions Regulations has been much more a hot topic in the last 5 years, I would say even more so in the last two years.
Additionally, the FINTECH space is growing exponentially. Compliance as a whole has had to think outside the box in order to adapt to all of the new and exciting business models while still meeting the regulatory regulations and obligations. With new verticals of business under the banner of FINTECH comes some very different cultural, risk and operational characteristics. To address those differences requires the ability to create AML policies and procedures, and Sanctions Screening Programs that can effectively and efficiently meet new demands and risks these new business models can cause.
I also believe that where technology is today has also played a big role in the changes we have seen in Sanctions Compliance. With technological innovation such as the creation and use of AI and machine learning as well as other cutting-edge tools as it relates to algorithms and predictive analysis, we are just so much more capable of extracting the right information as well as the ability to lower the false positive rates we use to see in the Sanctions Screening process. Technology innovation has allowed us to be more efficient in our Sanctions Screening Programs.
We have also seen more Sanctions awareness and Sanctions related news showing up in our social media news feeds in the last couple of years. Whether that is in the form of advisories from regulators notifying us of additional criteria to be added to our Sanctions screening requirements or that heavy fines have been levied for Sanctions Compliance breaches. It can be said that Sanctions Compliance has become a very hot topic and we must adapt to the changes in the market and develop more robust Sanctions Screening Programs that include sophisticated Sanctions Screening Technology tools.
One of the most significant changes in the industry is that of the adoption of Crypto we have seen in the last couple of years. What once was thought to not last long, has proven to be here for the long haul.
Where there is Crypto there is Blockchain technology. Initially, neither was very well understood, dare I say, by the regulators. When the intention and the power of the blockchain was fully understood that the perceived anonymity of a Crypto transaction and, more importantly, of the wallet holder, was actually not true, we began to see that Sanctions Screening changed to include the screening of crypto wallet addresses. Why? Well, when we think about that initial incorrect thought process around crypto, that it allowed for anonymity, we think personal names or personal information being hidden and that those data points were not available to any ‘compliance program or technology solution. However, technology has provided us a means to track wallet addresses and trace their origins and activity, allowing us to apply sanctions to those wallets involved in illicit or nefarious activity.
Crypto and the corresponding technology has also taught us that the identity of an individual is not so black and white as to only consist of someone’s name, physical address, and date of birth. Each AML expert or Compliance Officer is equipped with that investigator component, part of the investigation process is where you are problem-solving, working with what you have at your disposal to solve the problem. How to solve identity requirements in a world of perceived anonymity is the problem to solve. This is where we can use unique identifiers, such as IP Address, Device ID, Device Type, MAC Address, Operating System, Crypto Wallet Address, openly and easily available through a combination of the Blockchain and other technology tools, which then allows for a profile of an individual, or a form of trackable identity which can be created with the data and information you do have. Know Your Customer and Customer Identity may have previously been defined as, and consisted of, the collection of an individual’s name, physical address, and date of birth; but now we need to identify an individual or group of individuals sometimes without those pieces of information, and we have learned, that it is, in fact, possible to do so, simply in a different way.
So how do we conduct customer due diligence when an individual’s name is unknown? As I referenced above, we can create a ‘customer’ profile based on their personal ‘unique ‘identifiers. Through the use of technology we have the ability to identify and track the IP Address of an individual’s mobile and electronic device at the very moment of transacting. We then know if the individual conducting a transaction is sitting in a coffee shop in Manhattan, New York, or are they sitting in their living room in North Korea, a sanctioned country. To go even further, with the ability to track and trace the IP address the individual is operating from, we can now also identify the actual device they are using; is it a MAC, IPHONE, ANDROID, IPAD, Tablet, etc. . Lastly, through the Blockchain, each crypto transaction and the accompanying crypto wallet address can be easily tracked and traced. With these changes to how we are able to identify someone’s activity, where they are physically located and who or how they are transacting with or through what means are they transacting, we now see that the Regulators have also gained this knowledge and have incorporated these details into their advisories of what they expect reporting entities to capture from their customers, and to maintain these unique identifiers referenced above as a means of building a customer profile, and as the customer’s electronic record, even though more traditional KYC may not be available.
Q: What are the top 3 challenges you see companies facing and struggling with in Sanctions compliance?
A: I don’t know about a specific number of challenges that companies are facing or struggling with in Sanctions compliance, but here are a few that come to mind.
I think the entire industry is coming to the realization of how ‘hot’ the sanctions topic has become. Every time we scroll through our LinkedIn feed for example, we are seeing yet another company has been hit hard with a significant monetary fine for a breach in their Sanctions program or that a Sanctions program was not present at all, or if a Sanctions program did exist, that it was deficient in its methodology. I think many are struggling to adapt to this Sanctions climate change. The learning curve can be challenging to move from what we once knew to be acceptable to what is now required and expected.
I think many companies may have a Sanctions program in place and have some technology tools in place to conduct sanctions screening, but the deficiencies I have seen are the following: Companies are not monitoring the results of their Sanctions screening process to ensure, for instance, false positives are appropriately vetted to confirm they are real false positives. They are not conducting any kind of testing of the technology solution they use to ensure it is working as it is expected to work, and lastly, they often lack having the right physical human resources in place, whether that be to ensure they have sanctions specific focused staff who hold valuable and targeted Sanctions experience or that their internal or external counsel can adequately address the legalities involved in the duties and responsibilities required in the event of a positive Sanctions hit.”
Q: Can you discuss some of the best practices and standards companies should follow to comply with sanctions laws and regulations?
A: I believe in building a robust Sanctions Program that is customized to the Company’s business model, the geographical location of its customers, and how their customers are expected to use and access the Company’s products and services, in combination with hiring staff who hold valuable Sanctions knowledge and experience combined with a Sanctions Screening Technology solution that is committed to Sanctions Compliance, is paramount to success.
And, no offense, Thorsten, but no matter the technology solution, the technology solution must be audited, and regularly tested, to ensure the technology is performing as expected. You may say, yes of course, Angela, we test our solution here at sanctions.io, which is great, it is what I would hope for, expect even. However, the testing I am speaking of is that your clients should be testing your Sanctions Screening Technology as it relates uniquely and specifically to their business and their customers. Many companies miss this very important aspect of their risk assessment and their effectiveness review process. In the event of a Sanctions breach, it is not the technology provider who will necessarily be held accountable or at least not to the degree a reporting entity will be.
Q: What was the most critical case/project you have had so far? Have you ever had a Sanctions violation case?
A: I work with a variety of lawyers within the space and while specifics of a Sanctions violation case cannot be discussed, the easy answer is yes, it has occurred. Sorting through the legalities involved with a Sanctions Violation or a Sanctions Hit is both stressful and time-sensitive.
Q: How do you see the UBO issue, and what are the best practices you recommend to companies?
A: There is such a disconnect across jurisdictional regulations when it comes to UBO requirements that it is EXTREMELY challenging for reporting entities to keep on top of the requirements, let alone the differences between jurisdictions. We need more work to be done between jurisdictional regulators to streamline access to valid and up-to-date UBO information so reporting entities can meet their regulatory obligations.
I believe ascertaining UBO still requires a lot of manual research, querying the internet, looking for government business registries, cross-checking that information etc. I know there is some technology solutions available, but the conducting of manual investigations is still very much part of the procedure for ascertaining UBO information for many reporting entities. Whenever manual processes exist, it is both time-consuming, cost-deficient, and open to human error, which raises the risk to the entire process and yet it is it is a regulatory requirement, and an extremely important component to a Company’s AML program.
Q: What is the future of sanctions compliance, and what developments can we expect to see in this field?
A: I, unfortunately, am not a fortune teller, although I wish I was (lol). But if what we have seen in the last few months with the US Department of Treasury levying hundreds of thousands of dollars in fines on reporting entities, we know well, like Kraken, and Bittrex for example, I think it is safe to say that now is the time to review your Sanctions Program and take the steps to revise or enhance it.
Your readers can find more information about the dollar values of some of the most recent fines in the US here:
Q: Angela, how do you see the screening software vendors adapt to the upcoming challenges, and what would be your top 3 items you recommend vendors improve on?
A: I think there are some very good Sanctions Screening Technology tools available. I also think the climate change we have seen with Sanctions compliance has raised the bar in an attempt to meet the demand for better tools, to do better in our commitment to doing sanctions screening right. I think Sanctions Screening Software vendors must have their ear to the ground and to ensure they read all of the violations reports from the Department of Treasury because you can learn what is expected from the regulator, what the failures were, and how they could have been avoided and then communicate those details in the discussions you have with your clients. Your clients expect you to be ‘in the know’ as you are providing a service intended to address regulatory obligations, if not you then who?
For compliance in a general sense not solely for Sanctions Screening solutions, I also think software vendors should either have in-house regulatory expertise or engage with someone like myself to provide the much-needed regulatory knowledge and experience necessary to assist you in maintaining your compliance commitment with your clients.
Q: At the end, a more personal question: Can you share some of your hobbies or interests – what do you enjoy other than AML and Sanctions stuff?
A: I love to cook, and I have a love for black-and-white photography. I am a grandmother of one beautiful granddaughter who is the light in my life and keeps me grounded in what sometimes feels like a crazy world of compliance.
Q: Thank you very much, Angela, for your time and for sharing your rich experience. Where can people learn more about Sentinence and your services?
A: You can always engage with me on LinkedIn, I am always active there. You can visit my website, or email me directly at [email protected].
Sentinence and Sanctions.io see great benefit in working together and especially see the benefit for our clients. Sentinence and Sanctions.io have entered into a referral partnership agreement which will provide any client referred to either of our businesses a special discount on the cost of their services.
Thorsten is Co-founder & CEO of sanctions.io. He has worked for more than 15 years in the tech industry with focus on bringing ideas to life, and building great teams and products. At sanctions.io he is mainly responsible for Business Development, Growth and Strategy.
What is Proof of Reserves, and Why is it Important?
by Joel Agbo –
Table of Contents
- What is Proof of Reserves?
- Why is Proof of Reserves Important?
- How Does a Proof of Reserves Audit Work?
- Profiling Custodial Institutions using Proof of Reserves Tools
Key Takeaways:
-
Proof of Reserves (PoR) lets you verify that your exchange or any other custodial financial platform is truly in the custody of the assets you deposit.
-
Proof of Reserves was introduced as a response to the widespread mismanagement of user funds by centralized exchanges and derivatives trading platforms.
-
One way of verifying Proof of Reserves involves using the Merkle tree technology to collate the institution’s holdings and match them to user accounts to enable account owners to get a view of the account history.
-
CoinGecko has rolled out a Proof of Reserves feature to enable users to view available exchange reserves data in one place.
Centralized exchanges are providing customers with facilities to verify the state of the assets held on their platform. Through this, customers are able to ascertain that the institution truly holds these assets with an equal or excess reserve to back the deposits, ensuring that customers will always be able to withdraw their holdings. This process is made possible through the Proof of Reserves (PoR) system.
Also, did you know that CoinGecko now has Reserve Data on Centralized Crypto Exchanges?
You can jump straight into our guide, or read on to find out what exactly is Proof of Reserves and how it works.
What is Proof of Reserves (PoR)?
Proof of Reserves is a statement outlining the holdings of a custodial financial institution, such as centralized exchanges.
PoR demonstrates an institution / exchange’s ability to honor withdrawals from its platform at all times. Broadly, it consists of two parts – a current record of customers’ token deposits (known as liabilities), and a pool of tokens held within a set of exchange addresses (also known as assets). As a custodial financial institution, centralized exchanges are not supposed to be utilizing customers’ funds for other purposes, thus both assets and liabilities should match.
While there are multiple ways that Proof of Reserve can be achieved, the blockchain industry has devised an on-chain, trust-minimized way to record such proofs on-chain, and verifiable by anyone. In effect, an exchange can presents a report of assets in the institution’s custody and map these assets to individual accounts, and store part of this information on-chain. This way, individual users, or any interested 3rd party, can actually verify that the institution actually holds the specific assets that match specific account balances, without actually revealing the identity of the users.
Contemporary Proof of Reserves facilities simplifies the custody verification process through a one-click process that enables users to access the audit records and obtain proof that their institution holds the correct amount of assets. Exchanges like Kraken have already made this facility available to their users.
Why is Proof of Reserves Important?
Binance exchange’s CEO Changpeng Zhao, on November 6, 2022, raised an issue on the state of the second largest cryptocurrency trading platform – FTX. Events trailing this revealed long-running mismanagement of funds under the exchange’s custody. While users’ account balances show records of their assets, these assets were non-existent as the exchange had engaged in certain activities that resulted in a loss of users’ funds.
In an event that turned tragic, users’ withdrawal requests stalled as the exchange was unable to honor asset withdrawal requests, with some estimates pegging the shortfall at close to $10 billion. The ripple effects from the FTX collapse predictably impacted other exchanges, where some were also revealed to be utilizing customers’ tokens for other purposes, triggering mass panic, and further calls for full transparency in exchange reserves.
Proof of Reserves was introduced in response to this. Prior to these events, the majority of cryptocurrency investors had always entrusted custodial institutions with the safety of their assets without pushing overly hard for transparency, or performing verification to ensure that reserves were actually being maintained. This implicit trust has now been shattered, and the industry is now collectively pushing forward to hold custodial institutions to be more transparent and accountable for customers’ tokens.
Implementing Proof of Reserves will offer certain benefits to custodial platforms and their users.
For users, it will:
Provide a means to verify proper custody of assets
The primary goal of Proof of Reserves is to enable customers to verify the assets held by their institutions. Investors can use these applications to track changes made to their individual accounts to get a better view of how their funds are handled over time and demand clarity of each action from their institution.
Allow due diligence to be conducted on custodial platforms
Before setting up an account on a trading platform or any cryptocurrency institution, it is advised to carry out preliminary research on the institution, including its financial dealings and overall integrity. Proof of Reserves tools are a great way to start. With this concept developing fast, investors will be provided with the tools to obtain relevant data on how specific institutions custody their client assets, and do their own research before committing assets to an institution.
Doing this will reduce the chances of investors losing their assets to unfortunate events resulting from poor management of users’ funds by a custodial institution. Investors can also modify or withdraw their investments to minimize losses, in the event that they feel that the platform’s custody practices have become too risky over time.
Present hands-on transaction records
As already explained, Proof of Reserves applications present an institution’s finances in a transparent manner. When done well, platform users can track their personal dealings. Users can view their own activities and make informed decisions and verify that transactions are recorded accurately.
For custodial institutions, it will:
Provides a means to regain and maintain users’ trust
Investors are fast losing trust in custodial institutions. The shadiness discovered in recent events is increasing the fear index for investors using custodial institutions for trading or other financial activities.
Reputable institutions can regain this lost trust by developing good Proof of Reserves facilities and making them available to their customers.
Serves as a source of truth
Regardless of how much effort is being put into ensuring the accuracy of an exchange’s internal record-keeping systems, it is still possible for errors to occur, or even worse loopholes that can be exploited by malicious actors. However, if these were recorded and verifiable on-chain, the hope is that more pairs of eyes will be scrutinizing the records for accuracy.
How Does a Proof of Reserves Audit Work?
Custodial institutions in the cryptocurrency space hold the assets of their customers in a hot wallet from which they serve withdrawal requests from users. Institutions then set apart a cold wallet for safe storage of a portion of users’ deposits. Users obtain a wallet address to make deposits. When deposits are made, they are moved between the hot and cold wallets. Customers of custodial financial platforms are not in total custody of their assets, as the institutions keep the private keys to these addresses.
Details of assets held by the institution can be partly obtained by tracing details of transactions involving their hot and cold wallets.
However, this only presents an aggregated view of the total assets in custody, but doesn’t give a hint of which users own what portion of the total assets in custody. A Proof of Reserves audit makes a deeper study to collate the total assets held by the institution and prove that the users a portion of these assets. This process utilizes the Merkle Tree.
What is a Merkle Tree?
The Merkle Tree is an approach to data structuring that upholds the verifiability of stored data and simplifies attempts to access these data. The Merkle tree is designed to partition related data in such a way that they can be accessed individually without going through each individual branch of data. As rightly named, the Merkle tree contains distinct data grouped into autonomous branches but connected to a single root; this is known as the Merkle root.
The Merkle root is the single point of connection for the data branches and ensures that the right information is stored in each of the data branches. It provides a single point of verification for the whole data tree. It also provides a uniform protection system for stored data, ensuring that data stored in the branches cannot be manipulated or damaged.
Merkle Trees are already the main data management method and core component for blockchains, used to keep track of the constantly growing data set generated by users of the network. As each block added to the chain is identified with a hash, the Merkle tree provides a storage and identification system that stores the data according to their hash, instead of a whole chain. Data in the block can hence be verified using the block’s hash and eliminates the need to compute the whole blocks in the network. Learn more about the blockchain and how it manages data
In that sense, a Proof of Reserve records a mini Merkle Tree of an exchange’s assets and liabilities on-chain. To verify the records, an auditor starts by taking a periodic record of an institution’s asset in custody and arranging the individual data in the record using a Merkle Tree.
Here’s how an auditor creates the Proof of Reserves for a custodial institution.
How a Proof of Reserves Audit is Conducted
First, the auditor or auditing firm takes a snapshot of balances held by the institution and arranges these balances using the Merkle tree system. The pieces of custodial data for the institution are organized into a unified tree of data, branched into partitions, and identified using hash codes.
The auditor obtains the Merkle Root of the data tree; the single point of connection between data in the tree. The individual account that contributed these assets can be identified through their unique signatures.
To verify these individual contributors, the auditor matches the digital signatures to the records on the Merkle tree and verifies that the reported balances of the individual are at least equal to that obtained from the Merkle tree.
Changes to the individual balances are easily detected on the Merkle tree and it creates a sharp shift in the data structure. Through this, it will be impossible for institutions to tamper with users’ balances and go undetected.
While this can be done manually and painstakingly, the auditor or the institution can also proceed to develop an interface for users to verify the custody of their assets using their digital signatures which can be their exchange IDs.
However there are limits to even this system. Mainly, the Merkle tree only matches the snapshot at that specific point in time, and as the reserve balance changes, it will require a newly updated Merkle tree to reflect the change.
Profiling Custodial Institutions using Reserve Data Tools
Now that you’re familiar with the concept of Proof of Reserves, you are ready to dive deeper and perform your own research on different centralized platforms. In the aftermath of FTX’s downfall, various Proof of Reserves tools have quickly emerged, each one offering cryptocurrency investors a way to track the assets or the financial activities of their institutions where it concerns collective funds owned by their different users.
CoinGecko’s Reserve Data
You can go to CoinGecko’s Crypto Exchanges page, and look for the column titled Reserve Data. In this column,you’ll see exchanges labeled as Available or Unavailable.
Available means that certain reserve information is available for users to perform due diligence.
Unavailable means that reserve information is not available on CoinGecko.
If you want to view Binance’s reserve data, click Binance to enter the exchange’s page, where you’ll see the option to look into their Exchange Reserves.
Once you’re inside, you’ll be able to see the exchange reserve data sourced by the CoinGecko team. This data is aggregated from sources including Nansen and DeFiLlama, as well as the exchanges themselves if it has been published.
Do note that while CoinGecko recognizes Proof of Reserves as an important data point for transparency, it is not currently linked to the Trust Score as it is a fairly new priority item for many exchanges, and subsequently penalizing exchanges for not having one at this stage could be an unfair methodology.
However, CoinGecko’s plan is to find a good representation where Proof of Reserves can be applied to the exchange’s Trust Score, so that only exchanges that have made attempts to prove solvency will have a good score.
Nansen’s Asset/Net Worth Dashboard
Here’s how to obtain and track your exchange’s finances using Nansen’s Asset/Net worth dashboard.
Nansen’s Asset/Net worth application tracks wallet activity in real-time. Using its technology, you can view institutional and individual wallet balances across selected chains and explore other specific data that can help estimate the effect of your institutions’ activities on your finances.
-
Visit the Nansen Asset tracking application. You can connect your wallet to track your individual wallet and access the Analytics page for your wallet.
-
On the homepage are listed certain popular custodial cryptocurrency exchanges. Click on the desired institution to view wallet balances across over 40 blockchain networks.
The launch page shows the total amount contained in the exchange’s wallet and how they are divided based on the assets held. In this instance, we used Kucoin Exchange. A recorded $2.6 billion worth of customers’ crypto assets is held by the exchange at the time of this writing. Subsequent information shows how these holdings are distributed.
-
Click the desired network to view assets held on the network. We selected the Tron blockchain, in the image above. About 62% of the assets in the custody of the exchange on the Tron blockchain are held in USDT. You can obtain this data for other chains by clicking the chain.
-
Explore other data by clicking the Analytics tab or by clicking View Full Analytics. Data from the analytics page shows how the exchanges’ assets and asset values have increased over time. You can also obtain the exchange’s wallet addresses and track activities using the chain’s explorer. Here’s a detailed guide on how to use Ethereum’s explorer – Etherscan.
-
For institutions not listed, you can attempt to track their portfolio by obtaining the cold wallet address and searching through the Nansen application for their records. Enter the address on the input box at the top corner of the platform
Conclusion: What’s next?
The recent wave of misappropriation of funds by custodial financial platforms puts the crypto space in a pitiable state. But notwithstanding, the introduction of Proof of Reserves is a silver lining, a key positive development from the tragic events. The industry is collectively pushing centralized exchanges to provide greater transparency, while users may finally have tools to verify and hold exchanges accountable in the near future.
Industry players can also utilize tools like those outlined above to ensure the safety and availability of the funds, establishing a process that could help make the crypto space safer for investors. On the part of the users, this is important. Even as you conduct your personal research and invest in your favorite cryptocurrency projects, also endeavor to demand more transparency from your institutions and verify the safety of your funds, especially if you’re a user of a centralized financial system.
Ultimately for users who are already familiar with public-private keys, the best way to keep your funds safe is to retain full custody of your assets. This is achievable by keeping your funds in your personal wallets instead of exchanges. As much as possible, users should utilize cold / hardware wallets to store funds not actively in use.
For custodial institutions, the importance of handling users’ funds with integrity and high-level carefulness cannot be overemphasized. But now, more than ever, there is a need to also show users how care is being applied and allow them to verify claims about how their funds are being managed.
There is also increased conversation around the need for regulation to prevent future bank runs by institutions like what occurred in November 2022.
As a standard, always apply caution and do your own research before investing in cryptocurrency.
US Treasury Adds to Tornado Cash Sanctions With North Korea WMD Allegations
Nov 8, 2022 at 3:01 p.m. ESTOFAC first added Tornado Cash to its sanctions list in August.
The U.S. Treasury Department is “redesignating” Tornado Cash as a sanctioned entity, overtly alleging that North Korea has used the crypto mixing service to support its weapons of mass destruction (WMD) program.
The Treasury Department’s Office of Foreign Asset Control (OFAC) said Tuesday it would delist and redesignate the privacy tool, which pools transactions to obfuscate senders and recipients, on allegations that North Korea has laundered over $100 million worth of crypto through Tornado Cash to support its WMD program, including the development of ballistic missiles. The sanctions watchdog first designated Tornado Cash in August of this year.
“This action is part of the United States’ ongoing efforts to limit the DPRK’s ability to advance its unlawful weapons of mass destruction (WMD) and ballistic missile programs that threaten regional stability and follows numerous recent DPRK ballistic missile launches, which are in clear violation of multiple United Nations (UN) Security Council resolutions,” a Treasury press release said.
North Korea has fired a number of its missiles in recent months, prompting panic in Japan and South Korea, as the missiles flew in their general direction, though no missile hit land.
In addition to Tornado Cash, OFAC sanctioned North Korea’s national flag airline, Air Koryo, and two individuals the watchdog said helped North Korea transfer missile parts into the country.
In a statement, Treasury Undersecretary for Terrorism and Financial Intelligence Brian Nelson said, “today’s sanctions action targets two key nodes of the DPRK’s weapons programs: its increasing reliance on illicit activities, including cybercrime, to generate revenue, and its ability to procure and transport goods in support of weapons of mass destruction and ballistic missile programs.”
‘Entity’ designation
OFAC also published a new frequently-asked-question to address longstanding questions about who, exactly, was being added to its Specially-Designated Nationals (SDN) list. Much of the crypto industry has argued that Tornado Cash and its wallet addresses are software, not a person or entity, and so OFAC should not be able to designate the mixer as a sanctioned entity.
Lawsuits funded by Coinbase and Coin Center included this argument, as well as alleging that the Tornado Cash designation was overly sweeping and hurt Americans who had funds locked on the platform. OFAC previously published guidance for U.S. persons, detailing a process they could take on to try and recover their funds by applying for a specific license.
In its new FAQ, Treasury pushed back against this argument, saying an entity could be “a partnership, association … or other organization.”
Tornado Cash is an entity under the definition created by the executive orders overseeing sanctions, OFAC said. The organizational structure includes both Tornado Cash’s founders and developers, as well as the decentralized autonomous organization (DAO) that votes on new features.
“Tornado Cash uses computer code known as ‘smart contracts’ to implement its governance structure, provide mixing services, offer financial incentives for users, increase its user base, and facilitate the financial gain of its users and developers,” OFAC said.
The watchdog noted that Tornado Cash’s founders, DAO members and users were not sanctioned “at this time.”
UPDATE (Nov. 8, 2022, 20:20 UTC): Adds additional context.
Global Money Laundering Watchdog Says Crypto Monitoring Regime Is Unchanged
Nov 8, 2022 at 4:14 a.m. ESTThe Financial Action Task Force responded to a report that it is preparing to conduct annual compliance checks, saying it has not changed the way it monitors crypto assets or the process for adding countries to its “gray list.”
The Financial Action Task Force said it has not changed the way it monitors digital assets after Al Jazeera reported the intergovernmental organization for tacking money laundering and financing of terrorism is getting ready to “conduct annual checks to ensure countries are enforcing anti-money laundering and terrorist financing rules on crypto providers.”
The FATF declined to comment on “speculation in media reports,” but it told CoinDesk that it has not changed the “manner or frequency of its assessments” of virtual assets defined under Recommendation R.15. All countries must prioritize the swift and effective implementation of crypto regulations to make sure they aren’t misused by criminals, it said.
“This Recommendation continues to be assessed and rated as part of countries’ mutual evaluation or follow up reports,” the FATF press team said in an email to CoinDesk.
Since 2018, the international body has looked to define virtual assets and service providers in order to apply guidelines for anti-money laundering (AML) and combatting the financing of terrorism (CFT) to the crypto industry. In 2021, it published updated guidance for virtual asset service providers. Earlier this year, it said nearly half of the world’s jurisdictions still weren’t requiring crypto service providers to identify their customers properly.
Overall, implementation of FATF standards to regulate crypto “remains extremely poor,” it said in the email. It also has not changed the process by which it adds countries to the gray list for increased monitoring. Its annual check is a “Targeted Update” that provides an overall picture of global compliance, but countries are not rated or re-rated through the process.
“Implementation of R.15 continues to be a priority for the FATF, and the FATF will continue to explore and take action as necessary to promote compliance,” it said.
The Journey to Relaunch and Rebirth
RELAUNCH of SENTINENCE WEBSITE
The time has finally come!
I am happy to announce the official relaunch of the Sentinence website.
It has been a long time coming and the efforts of my colleague and friend Frank Leccese over at idottech is much appreciated. He brought to life my vision; and will continue to be involved in adding new features and functionality to the website as Sentinence continues to grow as a company.
When I thought about relaunching the Sentinence website it was with the intent of breathing new life into a rather somewhat dull, relatively dated and unused website. It was time to ‘redecorate’ like you would do to your living space.
The “redecorating” process became so much more. It became a journey of reflecting on the path that led me to where I am today. To analyze what I had originally envisioned when creating Sentinence and whether I had detoured or lost sight of all the reasons I wanted to create Sentinence in the first place.
The short answer is No; I did not lose sight of my objectives for creating Sentinence. After almost seven years Sentinence is still standing; as a viable and successful business. My colleagues, peers and clients are a testament that my objectives were attainable and realized.
I did not go off track or detour from my original path, but I have remained comfortable. There is nothing wrong with being comfortable. It is a very safe place to be. Some may say that being comfortable in business is something to be grateful and thankful for, and make no mistake I definitely am. But this journey of relaunching Sentinence has been much more about a rebirth.
It is now time to say, “Where do I want to go now”. It is time to not just be comfortable. It is time to grow the business, expand the service offering and step out of that comfort zone.
I can’t give away any of the details of what I have planned for this coming year ahead, but it will be exciting and not so comfortable.
Regardless of what new things lie ahead for Sentinence, there is something to be said about the foundation already built. To continue to be committed to bringing to my clients only the best service, the best policies, and procedures and best in class technology solutions to meet all their needs.
Here is to the new Sentinence website and to what lies ahead!
Sentiently Yours! Angela
OCC Puts Hold on Fair Access Rule
WASHINGTON — The Office of the Comptroller of the Currency (OCC) today announced it has paused publication of its rule to ensure large banks provide all customers fair access to their services.
The agency proposed the rule in November 2020 to codify more than a decade of OCC guidance stating that banks should conduct risk assessments of individual customers, rather than make broad-based decisions affecting whole categories or classes of customers, when providing access to services, capital, and credit.
Pausing publication of the rule in the Federal Register will allow the next confirmed Comptroller of the Currency to review the final rule and the public comments the OCC received, as part of an orderly transition.
The OCC’s long-standing supervisory guidance stating that banks should avoid termination of broad categories of customers without assessing individual customer risk remains in effect.