Cross-border cryptocurrency compliance · Introduction The volatility surrounding cryptocurrencies...

kpmg.com

AML/ATF fundamentals for virtual currency brokers and exchanges

Cross-border cryptocurrency compliance

© 2019 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 829637

© 2019 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 829637

3Cross-border cryptocurrency compliance

Introduction

The volatility surrounding cryptocurrencies (also known as virtual or digital currencies) has made it difficult for consumers and businesses to understand their worth and their potential risks. With virtual currencies expected to become more prevalent in the coming years, regulators globally must decide how to deal with “nontraditional” trade and payment systems that have emerged through the rise of cryptocurrencies, while at the same time protecting consumers and creating a sound marketplace through the implementation of appropriate regulation.

Cryptocurrencies are considered “legal tender” in a number of countries. However, recent trends indicate that jurisdictions are beginning to outline regulatory frameworks in anticipation of establishing anti–money laundering (AML)/anti–terrorist financing (ATF) regulations or guidelines tailored to virtual currency businesses.

The United States and Canada have made significant progress in defining the AML/ATF program requirements for certain virtual currency businesses—brokers and exchanges in particular. As virtual currency brokers and exchanges (VCB&Es) look to market their products and services cross-border, they have an interest in gaining an understanding of the AML/ATF rules and regulations that apply to them. It is especially important that VCB&Es ensure they understand the AML/ATF requirements at a federal and/or state/provincial level, as applicable. VCB&Es should also look to adopt leading practices and design or update their compliance programs and frameworks accordingly.

The rise in the use of virtual currency has unearthed a unique risk profile for VCB&Es. Money laundering and financial crime can be accomplished by launderers by:

AML/ATF regulations and regulatory guidelines

United StatesIn the U.S., federal regulation of cryptocurrencies is enforced by the Financial Crimes Enforcement Network (FinCEN). In March 2013, FinCEN issued interpretive guidance1 ruling that an “administrator” or “exchanger” of convertible virtual currencies that accepts and transmits a convertible virtual currency, or buys or sells convertible virtual currency in exchange for currency of legal tender or another convertible virtual currency for any reason, is a “money transmitter.”

FinCEN defines money transmitters as a type of money services business (MSB) and, therefore, are subject to the AML and ATF requirements promulgated by the U.S. Bank Secrecy Act (BSA). Under the BSA, financial institutions and nonbank financial institutions have obligations to (i) establish AML programs, (ii) adhere to certain regulatory reporting requirements, and (iii) maintain certain books and records. These regulations would apply to VCB&Es that meet FinCEN’s criteria, barring any exceptions.

1 FIN-2013-G001, “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies,” March 18, 2013

— Utilizing virtual currency providers to facilitate illicit “dark web” transactions

— Circumventing international sanctions

— Circumventing other forms of jurisdictional currency control and taxation

— Engaging in prohibited gambling activity.

As a result, traditional AML methods are not enough to combat illicit activity. Regulators will need to implement regulation tailored to the activities of VCB&Es. On the flip side, VCB&Es will need to make efforts to comply with that regulation, keep abreast of red flags, and be aware of leading industry practices designed to combat money laundering and financial crime.



Key federal regulationIn October 2017, the U.S. Uniform Law Commission (ULC)2 enacted the Uniform Regulation of Virtual-Currency Businesses Act (URVCBA) (“the Act”). The objective of the URVCBA is to provide “a statutory framework for the regulation of companies engaging in virtual-currency business activity.” The guidelines contained within the Act are modeled after certain regulatory guidance including FinCEN’s interpretative guidance.

In March 2018, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) released guidance, issued in the form of frequently asked questions (FAQs),3 which explains that virtual currency transactions will be treated the same as other transactions under OFAC. As a result, U.S. persons will have the same sanctions compliance obligations regardless of whether transactions involve fiat currencies or virtual currencies.

Key state regulationOn June 30, 2016, the New York State Department of Financial Services (NYSDFS) issued its final regulation, Part 504, related to the BSA/AML transaction monitoring and the OFAC filtering and screening requirements. The rule defines the essential components of monitoring and filtering programs as required by the NYSDFS.4

In June 2015, the NYSDFS issued BitLicense rules5 that include BSA/AML framework requirements tailored to VCB&Es. The regulation includes guidelines on (i) designating a chief security officer, (ii) records of virtual currency transactions, (iii) identification and verification of account holders, and (iv) AML program minimum requirements.

CanadaKey federal regulationOn June 9, 2018, Canada’s Department of Finance (DoF) published the Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2018 (“Proposed Amendments”). The Proposed Amendments include guidelines for mitigating risks associated with new technologies and business models, and virtual currency businesses are addressed therein.

Similar to the U.S. approach, they propose that persons and entities “dealing in virtual currency” be considered financial entities or other entities deemed to be domestic or foreign MSBs. Once the Proposed Amendments are enacted, these persons and entities would be required to establish AML/ATF compliance programs and register with FINTRAC6 under the Proceeds of Crime Money Laundering and Terrorist Financing Act (PCMLTFA). Traditional banks will be prohibited from opening and maintaining correspondent banking relationships with virtual currency MSBs not registered with FINTRAC.

Prior to the aforementioned Proposed Amendments, no formal guidelines had been published by FINTRAC. The DoF has granted reporting entities7 (REs) 90 days (from June 9, 2018) to review the Proposed Amendments and respond.

2 Established in 1892, provides states with nonpartisan, well-conceived, and well-drafted legislation that brings clarity and stability to critical areas of state statutory law—Uniform Law Commission

3 OFAC Resource Center, OFAC FAQs: Sanctions Compliance, Questions on Virtual Currency, FAQs 559–63.

4 NYSDFS Superintendents Regulations Part 504. In the pertinent part, this regulation imposes significant new responsibilities on New York regulated institutions with respect to BSA, AML, and U.S. economic sanctions laws and regulations.

5 Codified under NYCRR Title 23 Chapter I Part 200

6 Canada’s Financial Intelligence Unit (FIU) responsible for detecting, preventing, and deterring the financing of terrorist activities

7 A reporting entity (RE) is an entity that is subject to the PCMLTFA in Canada.



VCB&E cross-border product and service offerings have the potential to address a lucrative unmet need in the U.S. and Canada for customers looking to access large amounts of liquidity across multiple virtual currency markets. However, expansion into both markets will require organizations to navigate the complexity of a cross-border regulatory environment.

Cross-border implications

Rapid technological innovation and limited “face-to-face” customer interaction are both inherent to the virtual currency industry. In response, over the next several years, both Canada and the U.S. have indicated that they will craft further regulation that balances protecting consumers and allowing for innovation by not saddling VCB&Es with unreasonable regulatory burdens that make it financially impractical to operate.

Successfully navigating this cross-border regulatory challenge will be critical to any VCB&E’s ability to manage:

— Reputational risk resulting from compliance failures

— Virtual currency–specific AML risk factors

— Fraud prevention

— Business continuity.

Instilling a sense of confidence in the legitimacy of VCB&Es among industry stakeholders—regulators, investors, and customers—will be critical in fostering the continued growth and acceptance of virtual currency and VCB&Es more broadly.



In both Canada and the U.S., VCB&Es will be mandated to verify their customer’s identity and monitor customer transactions via robust Know Your Customer (KYC) and Transaction Monitoring and Filtering System (TMS) compliance programs.8 Both compliance program elements are essential in order to adhere to economic sanctions enforcement and suspicious activity detection and reporting requirements.

Implementing AML/ATF compliance programs

8 In accordance with U.S. regulations codified under 31 CFR Chapter X (FinCEN’s Customer Due Diligence Requirements for Financial Institutions) and Canada’s Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2018

9 2017 Drug Enforcement Administration NDTA (In a pertinent part the assessment notes that TCOs are increasingly using virtual currencies due to their anonymizing nature and ease of use.)

Implementing either program in a VCB&E environment presents unique challenges due to the anonymous nature of their users and transactions, both of which potentially increase AML risk. The natural association of virtual currencies and “dark web” activities, gambling, and Initial Coin Offerings (ICOs), pose many challenges. According to the 2017 U.S. Department of Justice Drug Enforcement Administration report National Drug Threat Assessment (NDTA), VCB&Es are emerging as a money-laundering threat that enables transnational criminal organizations (TCOs) to easily transfer illicit proceeds internationally.9

Know Your Customer (KYC)Third-party vendor screeningIn the event that vendor screening is outsourced, any compliance lapse from a third party directly affects the VCB&E that contracted with them. It is the responsibility of VCB&Es to ensure that customer screening performed on their behalf aligns with regulatory requirements and expectations, while at the same time appropriately managing the customer onboarding experience. In this regard, the following questions should be taken into account by VCB&Es:



— Has a process been implemented to manage third-party risks related to the screening process and are these controls adequate to mitigate them?

— Are the third-party vendor(s) that are leveraged for KYC and customer identity verification performing manual customer reviews where automated identity verification fails, and are you aware of what the manual steps entail and how they impact your onboarding process?

— Are you obtaining sufficient Key Performance Indicator (KPI) and Key Risk Indicator (KRI) reports to facilitate appropriate governance and oversight over your screening process?

Sanctions screening In the U.S., OFAC has asserted that it may include specific digital currency addresses associated with blocked persons as identifiers on its List of Specially Designated Nationals (SDN List).10 A “hacker” who is able to infiltrate VCB&E security systems may demand payment in the form of virtual currency. If the hacker’s digital currency address or wallet is on the SDN List, a company’s attempt to recover its information by conducting a transaction with the wallet may constitute a sanctions violation. Therefore, a VCB&E’s interdiction software should incorporate new data points and regulatory procedures to efficiently comply with sanctions requirements in the jurisdiction in which it operates.

Transaction monitoring and filteringThird-party vendor relianceCurrently, third-party vendor tools used to track virtual currency transactions and potentially identify transactional history do not provide solutions for all virtual currency offerings or track “off-chain” transactions.11 VCB&Es will need to understand how to leverage both internal and third-party solutions for identifying and monitoring suspicious transactions.

Transaction monitoring systems Under the BSA and applicable state law(s), VCB&Es are required to maintain a transaction monitoring system that monitors and filters customer transactions for suspicious activity.12 AML detection scenarios aligned with leading market monitoring practices are a critical component of an effective monitoring system. Common examples specific to VCB&Es include transactions from unknown crypto addresses (e.g., dark web) or illegal ICOs. VCB&Es should understand the methodologies that can be leveraged to develop detection scenarios that align to particular risks posed by virtual currency transactions.

Fraud monitoringIn the data-rich environment in which VCB&Es operate, VCB&E should enhance fraud monitoring controls and deploy analytics to better detect and manage fraud in an effort to build greater confidence and trust within their customers. Many VCB&Es use “hot” and “cold” wallets to protect customers from fraud and theft of funds. A hot wallet is online and accessible through a VCB&E’s systems. A cold wallet, on the other hand, is completely offline, which means there is no way for a hacker to steal coins electronically.

Hot wallet systems may not protect against account takeover scenarios. An account takeover happens when a third-party hacker gains unauthorized access to a user’s account. The most popular way for attackers to gain access to an account is less sophisticated than one might think. For example, after obtaining a list of people they want to target, an attacker can troll public password dumps using likely combinations of a person’s name, email, mother’s maiden name, birthday, and other personal information to figure out a way to impersonate that user. The attacker is then able to contact the VCB&E and impersonate a legitimate customer, successfully change VCB&E wallet security settings, and subsequently drain customer funds.

10 OFAC Resource Center—https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/ques_index.aspx, OFAC FAQs: Sanctions Compliance, Questions on Virtual Currency, FAQs 559–63

11 Note that off-chain transactions do not happen on the blockchain and are not available for public analysis. It is possible for even the operators of the exchange itself not to be able to determine who participated in an “off-chain” transaction.

12 For applicable federal regulation(s), see 31 CFR 1022.210 (Anti–Money Laundering Programs for Money Services Businesses); 31 CFR 1022.320 (Reports by Money Services Businesses of Suspicious Transactions); 31 CFR 1022.210 (d)(3) (In a pertinent part requiring training for detection of suspicious activity); For federal regulatory guidance, see BSA/AML Examination Manual for Money Service Businesses (2008) (In a pertinent part providing guidance regarding “Manual Transaction Monitoring” and “Automated Transaction Monitoring”); For example(s) of applicable state law, see NYDFS Part 504 (New York Banking Division Transaction Monitoring and Filtering Program Requirements and Certifications).



https://www.treasury.gov/resource-center/faqs/Sanctions/Pages/ques_index.aspx

Compliance with cross-border AML mandates often requires a substantial investment of both time and budget to meet regulatory thresholds. Covered VCB&Es will need to ensure that their transaction monitoring and filtering programs comply with expanding federal and state regulations for virtual currency. Therefore, it is important for AML/compliance officers to develop a detailed understanding of their processes, controls, as well as the governance framework supporting a robust VCB&E compliance program.

A roadmap to cross-border compliance

When determining how best to move forward, VCB&Es operating across Canada and the U.S. will need to manage the oversight of their AML compliance programs more closely, and will need the requisite resources to efficiently align regulatory requirements with internal strategic, operational, reporting, and compliance goals. Knowing and leveraging current industry leading practices is a critical component of any VCB&E’s roadmap to compliance.

Robust AML risk assessmentCompliance issues may arise when an organization deploys a generic risk assessment, not tailored to the risks associated with its customer base, products, and geographies. The virtual currency environment is rich in quantitative and qualitative data that is readily available, and an effective VCB&E risk assessment should incorporate both. For example, assessing both fiat and virtual currency transaction frequency, volume, and velocity across each customer segmentation line is critical when evaluating the severity of risk, as well as differentiating risk factors across lines of business, and in assessing the direction of risk.



Implementation of a transaction monitoring and filtering system (TMS)The maintenance of a TMS driven by virtual currency–specific customer segmentation and customer risk scoring is essential to achieving cross-border compliance. For VCB&Es, data identification is the critical first step to deploying an effective TMS, and this process must coincide with AML risk identification. A VCB&E must be able to resolve data-specific TMS issues, including:

— What KYC or transactional data is necessary to measure the AML risks?

— Is the data available?

— Where does it reside?

— Is the data complete?

— Is the data reliable?

— How is it extracted, transformed, and loaded into various systems throughout the entire customer transaction lifecycle?

Developing an action plan around these touchpoints is key to the implementation of an effective TMS and its alignment to a robust VCB&E-specific risk assessment.

Comprehensive fraud prevention supported by data analyticsVCB&Es should move beyond a “check-the-box” approach to managing the risks of fraud and misconduct. Instead, they should design, implement, and evaluate proactive practices that have been found to be effective by leading organizations. Many VCB&Es simply wait for customer- or vendor-initiated action to detect fraudsters (e.g., purchased item vendor “chargebacks”). However, companies should proactively leverage data & analytic (D&A) tools that deploy an array of statistical techniques and risk modeling to more effectively and efficiently support fraud prevention and account takeover.

In the data-rich environment of virtual currency, predictive analytic results can also be used continuously to refine fraud prevention models to help better support AML risk mitigation strategies. Robotic process automation and machine learning “bots” are some of the many examples of D&A tools compliance professionals can leverage to enhance the quality and efficiency of their fraud-prevention program. Bots can be deployed to

autonomously conduct customer onboarding due diligence screening via AML customer screening platforms, organize and extract relevant data, and upload results into a case management solution therefore saving compliance analysts valuable time.

Comprehensive documentationThe entirety of any VCB&E’s cross-border compliance effort must be supported by comprehensive documentation—setting out compliance elements along with periodic documentation updates as applicable. This includes, but is not limited to, documentation of:

— Policies and procedures that document AML/counterterrorist financing (CTF) regulatory, reporting, and record-keeping obligations as well as pertinent AML/CTF roles and responsibilities, including governance and oversight structures (i.e., mission of any oversight committee(s))

— A risk assessment methodology, and separately, results of the performance of a periodic risk assessment thereof

— Data sources including extractions, transformations, and loading to downstream systems

— Models, rules, scenarios, and transaction monitoring processes

— Independent testing and/or validation exercises performed to assess the design and effectiveness of the AML/CTF program.

VCB&Es seeking to operate across Canadian and U.S. borders must identify what documentation is available in the above areas and then evaluate the purpose and robustness of their documentation relative to each regulatory jurisdiction.

VCB&Es that are able to gain a fulsome understanding of these compliance areas and leverage the specific leading practices above will likely not only put themselves in a better position to comply with applicable reporting obligations required by regulators in both countries but also chart a course for other market participants within this incredibly innovative but fledgling industry.



AML reporting requirements present a logistical challenge for VCB&Es, especially if they have not fully considered the leading practices mentioned above. In both Canada and the U.S., federal regulations require VCB&Es adhere to the same reporting requirements as traditional MSBs dealing solely in fiat currency.

Reporting obligations in the U.S. and Canada While the applicable reporting requirements in the U.S.

and Canada are aligned in many respects, there are key differences that exist between the two jurisdictions (and at the state/provincial level). AML officers and compliance functions need to have an understanding of the requirements and differences in order to ensure their compliance programs are functioning properly and not exposing their companies to unnecessary regulatory risk, including enforcement actions, fines, and penalties, and/or criminal prosecution.13

The table at the right summarizes at a high level the similarities and differences between key AML reporting requirements for MSBs in the U.S. and Canada, and highlights virtual currency–specific record-keeping and reporting requirements.

The AML reporting requirements are applicable to domestic MSBs operating in Canada and the U.S., respectively. In addition, AML/ATF regulatory reporting requirements apply to foreign MSBs (those without a physical presence in the country) that engage in MSB activity in the U.S. Similarly, under the proposed amendments to the regulations under Canada’s PCMLTFA, Canada would impose its regulatory reporting requirements on foreign MSBs offering MSB activity to people located in Canada. Further, these proposed amendments would require these foreign MSBs to register with FINTRAC and comply with the same AML/ATF compliance program requirements as Canadian-based VCB&Es.

13 For example, in July 2017, FinCEN imposed a fine of USD 110 million on BTC-e and USD 12 million on its controlling operator Alexander Vinnik for willful violations of the BSA, including failure to adhere to requirements to register as an MSB, implement an effective AML program, detect suspicious transactions and file suspicious activity reports (SARs), among other requirements.



Requirement Canada U.S.

Sanctions reporting

Under U.S. and Canadian regulations, MSBs are required to file reports in relation to property (including cash) known to be owned or controlled by parties on sanctions or terrorist watch lists.

— In Canada, Terrorist Property Reports (TPRs) must be filed when it is known that property14 is owned or controlled by, or on behalf of, a terrorist or terrorist group.

— In the U.S., entities must report all blocked accounts or property, and rejected transactions, to OFAC.

Virtual currency integration

— To date, Canadian lists of designated and sanctioned individuals and entities do not include digital currency addresses.

— OFAC guidance has referenced the potential inclusion of “digital currency addresses associated with blocked persons” to its SDN List. This would require entities to screen transactions against virtual currency addresses, in addition to names currently on the List.

Currency transaction reporting

MSBs in the U.S. and Canada are required to report large currency (cash) transactions to OFAC and FINTRAC, respectively, within 15 days of the transaction (or transactions).

— In Canada, the reporting threshold is any cash transaction of CAD 10,000 or more.

— A transaction is defined as both a single transaction or series of transactions occurring within a 24-hour period.

— In the U.S., the reporting threshold is any transaction of more than USD 10,000.

— A transaction is defined as both a single transaction or multiple transactions involving the same individual within one business day.

Virtual currency integration

— Under proposed amendments to Canadian federal regulations, entities will be required to maintain records of virtual currency transactions in amounts of CAD 10,000 or more.15

— Entities will not be required to report every instance requiring a record.

— Under its BitLicense regulations, state-level regulations in New York require licensed entities to report any virtual currency transaction (i.e., VCTRs) with a value exceeding USD 10,000.16

Electronic funds transfer (EFT) reporting

— MSBs have to report EFTs of CAD 10,000 or more (in either one transaction or two or more transfers totaling CAD 10,000 or more within 24 consecutive hours) to FINTRAC within five business days.

— The BSA only requires banks to maintain records of funds transfer in amounts of USD 3,000 and above.

Suspicious activity

MSBs in the U.S. and Canada are required to file reports relating to suspicious transactions or activity within 30 days of determining that a transaction or activity is suspicious.

Transaction reporting

— In Canada, a Suspicious Transaction Report (STR) must be filed when there are reasonable grounds to suspect that a transaction (attempted or completed) in any amount is related to a money-laundering or a terrorist-financing offense.

— In the U.S., a Suspicious Activity Report (SAR) must be filed in relation to known or suspected violations of law or otherwise suspicious activity.

14 FINTRAC guidance defines property as any type of deed or instrument giving title or right to property, or giving right to money or goods. Proposed amendments to the PCMLTFA is a medium of exchange that allows for value to be held and exchanged.

15 Under this regulation, a transaction is defined as a single transaction only.16 Under this regulation, a virtual currency transaction is defined as a virtual currency-to-virtual currency transaction, or series of

transactions, by one person within a 24-hour period.



Conclusion

While some have posited the possibility of global virtual regulations,17 such a reality does not appear likely in the near term and would require significant effort and cooperation from the international community. Until then, it is critical for VCB&Es to understand the regulations that extend to where they operate, and establish the necessary compliance infrastructure. In the increasingly virtual and borderless world in which we live and which VCB&Es service, the leading practices will help to identify regulatory risk exposure, address current applicable requirements, and help an organization anticipate and adapt to changing regulations.

17 U.S. Department of the Treasury, February 13, 2018: “U.S. Department of the Treasury Under Secretary Sigal Mandelker Speech before the Securities Industry and Financial Markets Association Anti–Money Laundering & Financial Crimes Conference” (https://home.treasury.gov/news/press-release/sm0286)



https://home.treasury.gov/news/press-release/sm0286

Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates or related entities.

kpmg.com/socialmedia

Contact usJohn F. CarusoPrincipal, Risk Strategy & ComplianceKPMG LLP (U.S.)T: 212-954-6831 E: [email protected]

Peter ArmstrongPartner, Advisory ServicesKPMG LLP (Canada)T: 416-777-8011 E: [email protected]

Janice MensahExecutive Director, Forensic ServicesKPMG LLP (Canada)T: 416-777-3365 E: [email protected]

Ladi AjayiManager, Forensic ServicesKPMG LLP (U.S.)T: 212-739-6761 E: [email protected]

David ColantonioSpecialist, Forensic ServicesKPMG LLP (Canada)T: 416-777-8990 E: [email protected]

Authors also include:

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.

© 2019 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in the U.S.A. The KPMG name and logo are registered trademarks or trademarks of KPMG International. NDPPS 829637

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the particular situation.


mailto:johncaruso%40kpmg.com?subject=

mailto:pearmstrong%40kpmg.ca?subject=

mailto:[email protected]



http://www.linkedin.com/company/kpmg-us

https://twitter.com/kpmg_us

http://www.youtube.com/user/KPMGMediaChannel

https://instagram.com/kpmgus

https://www.facebook.com/KPMGUS/

Cross-border cryptocurrency compliance · Introduction The volatility surrounding cryptocurrencies...

Documents

Transcript of Cross-border cryptocurrency compliance · Introduction The volatility surrounding cryptocurrencies...