In:Review #77 - 10 November 2024
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on subscribe.
Perspectives
The seismic news this week is of course the re-election of Donald Trump. So in this week’s Perspectives I will offer my thoughts on what Trump's new presidency may mean for the technology and risk landscape.
It’s early days, as Trump will not be inaugurated until 20 January 2025, but when Trump hit the scene in 2017 it marked a notable shift in the global technology and risk landscape, with significant ripple effects felt beyond the US.
In my view, his policies in five areas – cryptocurrencies, cybersecurity, data privacy, trade policies with China, and artificial intelligence (AI) – stand out as having the most potential to impact the wider regulatory and strategic environment:
Cryptocurrencies: Trump is pro-crypto and has pledged to end the current administration’s "anti-crypto crusade", including replacing Securities and Exchange Commission Chair Gary Gensler on "day one".
It is likely that his election will create a more favourable regulatory environment for digital assets in the US, and the US is likely to exercise more influence on compliance standards globally. ?
Cybersecurity: During Trump’s first term, he issued the National Cyber Strategy in 2018, emphasising the protection of federal networks and critical infrastructure. His administration also elevated the US Cyber Command, enhancing its operational capabilities.
In a second term, similar initiatives could be expected, potentially influencing global cybersecurity practices. However, Trump has been critical of NATO spending commitments and it is possible that the US’s approach to international cybersecurity cooperation may shift towards a more unilateral stance, affecting collaborative efforts to combat global cyber threats.
Data Privacy and Surveillance: Trump’s administration’s push to relax data-sharing restrictions for national security raised concerns in the Europe and Asia-Pacific regions, where privacy protections are often stronger. For instance, EU members, governed by the General Data Protection Regulation (GDPR), found themselves at odds with the US over data access and sharing.
Companies operating across regions are likely to experience increased friction during Trump’s second term, as the US guidelines will remain shy of EU standards. This divergence has encouraged data-localisation laws in countries like India, where the government now mandates that companies store sensitive data domestically, and is likely to continue.
Trade and Technology Policy with China: The Trump administration’s tech-related trade restrictions on China had widespread effects, influencing global supply chains and trade dynamics. Many European and Asian tech firms that relied on Chinese manufacturing or supplied components to Chinese giants like Huawei were forced to reconsider their partnerships.
Japan, South Korea, and Taiwan took steps to bolster their semiconductor and electronics industries to decrease reliance on China, in response to the potential volatility of US-China trade relations.
European countries also imposed stricter scrutiny on Chinese investments in critical technology sectors, leading to a redefined approach in cross-border technology alliances.
Trumps re-election is likely to result in a tightening of the existing trade restrictions, particularly relating to processor chips and the hardware for next generation AI.
AI and Automation: The Trump administration's American AI Initiative brought AI to the forefront, inspiring countries worldwide to consider national AI strategies. In response, China, Canada, and several EU countries launched their own AI research programs to compete globally.
Trump has already expressed his intention to dismantle President Biden's AI Executive Order from October 2023, which established comprehensive oversight of AI development. This order mandated safety testing and reporting requirements for advanced AI systems.
The incoming administration is likely to reduce regulatory constraints to foster AI innovation, aiming to position the US as a leader in AI technology. However, a deregulated AI environment may lead to challenges such as increased misinformation, discrimination, and misuse of technology, which could undermine the trustworthiness and safety of AI systems.
In summary, while actual Trump policy remains wait-and-see, the legacy of his first administration strongly suggests the US will adopt a more laissez-faire approach to crypto and AI development, with increased unilateralism and friction in the areas of cybersecurity, trade and technology policy, and data privacy.
One thing is for certain – it’s going to be an interesting four years!
This Week In:Review
Australia
China
Hong Kong
India
Korea
Singapore
Best of the Rest
Australia In:Review
The Reserve Bank of Australia (RBA) has partnered with the Digital Finance Cooperative Research Centre (DFCRC) to consult on wholesale central bank digital currencies (CBDCs) and asset tokenisation, setting a response deadline of 11 December 2023.
As part of "Project Acacia," the RBA seeks industry feedback and participation in trials for tokenisation use cases in 2025. Project Acacia will not only explore wholesale CBDC but also private digital money forms, including tokenised deposits.
In its latest phase, the RBA may pilot a wholesale CBDC (wCBDC) on third-party blockchain networks, resembling Switzerland’s Project Helvetia. Assistant Governor Brad Jones highlights the aim of boosting wholesale market innovation and resilience, particularly in payments, settlements, and cross-border transactions.
Initial research identified five settlement assets: existing central bank money, wCBDC, deposit tokens, reserve-backed digital currency, and fiat-backed stablecoins. Each model presents trade-offs, e.g. a wCBDC on third-party platforms could improve efficiency but reduce central bank control. Other agencies, including ASIC and APRA, may be involved in Project Acacia's regulatory evaluations.
A 49-year-old man from Yagoona, western Sydney, has been charged following a police investigation into a business email compromise (BEC) fraud scheme allegedly targeting a hospital in Burwood in September 2023. His residence was raided, leading to charges of recklessly handling over AUD 5,000 in crime proceeds. Bail was denied.
The New South Wales Police, through its cybercrime squad, formed Strike Force Millbon to investigate the scheme. Detective Superintendent Matt Craft, head of the cybercrime squad, noted a rise in email fraud targeting major businesses across NSW.
The NSW Police has withheld the hospital's name, citing ongoing investigations. This incident underscores the growing threat of BEC fraud to organisations and the broader community.
China In:Review
Beijing police have dismantled a crypto-based money laundering network implicated in telecom fraud and online gambling, reportedly laundering approximately CNY 800 million.
The operation used overseas cryptocurrency platforms to obscure the source of illicit funds, presenting significant challenges for Chinese authorities in the fight against cybercrime.
This law enforcement milestone coincides with China’s first legal prosecution for wallet key theft, setting a new legal standard for managing virtual assets. In Shanghai, the Xuhui District Procuratorate sentenced individuals involved in unauthorised access to digital wallet private keys, marking China's inaugural case targeting such theft.
The People’s Court in China has sentenced Wang Momou, a former security unit official, to life imprisonment after finding him guilty of espionage. According to a local news report on 08 November 2023, Wang was accused of selling state secrets to foreign agents, allegedly receiving over CNY 1 million in cryptocurrency as payment.
Wang’s involvement in espionage reportedly began after personal financial losses in cryptocurrency investments, which drove him to seek income on online forums. Through these interactions, he was recruited by foreign agents and initially shared minor security information.
After receiving payment for initial disclosures, Wang reportedly shared increasingly sensitive documents. Investigations revealed Wang bypassed security protocols, such as registration and signing procedures, to access and download top-secret documents. Authorities seized numerous high-level documents from his computer during a search.
This case follows China’s recent crackdown on crypto-related crimes, including the extradition of a suspect in a CNY 14 billion crypto scheme in Thailand. In August 2024, Taiwan also convicted individuals for spying for China, with crypto payments involved in both instances.
Hong Kong In:Review
Hong Kong has announced ambitious measures to solidify its role as a global hub for digital assets and AI. Treasury Secretary Christopher Hui, speaking at Hong Kong Fintech Week, revealed plans to offer tax breaks for digital assets, aiming to rejuvenate the city’s fintech sector.
The tax concessions, set for introduction by late 2024, are expected to attract institutional investors. Meanwhile, Financial Secretary Paul Chan underscored the city's commitment to consistent regulatory standards for virtual asset service providers (VASPs) in line with traditional financial firms.
Regulatory developments are accelerating. The Securities and Futures Commission (SFC) plans to expand its licensing, having already approved HKVAX to join OSL and HashKey under Hong Kong’s regulatory regime. By year-end, new regulations will focus on stablecoins, custodians, and over-the-counter trading.
India In:Review
India and Qatar's Financial Intelligence Units (FIUs) met in New Delhi on 4-5 November 2024 to discuss technology systems, partnerships, and virtual digital assets (VDAs) in anti-money laundering and counter-terrorism financing (AML/CFT) initiatives.
The nine-member Qatari delegation, led by Sheikh Ahmed Al Thani, engaged with FIU-IND head Vivek Aggarwal to share expertise and explore future collaboration.
Key discussions focused on India's advanced IT system, FINNET 2.0, praised by FIU-Qatar as one of the most sophisticated systems in use globally for monitoring financial crime. FIU-Qatar showed interest in understanding India’s Private-Private Partnership initiative, which connects private sector entities in the AML/CFT framework, and India's approach to managing virtual digital asset service providers (VDA-SPs).
The meeting also covered India's Alliance of Reporting Entities for AML/CFT (ARIFAC) and effective information-sharing methods, underscoring both nations' commitment to combating financial crimes through technology and strategic partnerships.
Authorities in Andhra Pradesh, India, have launched an investigation into a cryptocurrency scam that has defrauded nearly 320 residents, resulting in collective losses exceeding INR 23 crore (approximately USD 2.8 million).
The scheme, which promised a fixed monthly return of 10% on investments of INR 1 lakh (USD 1,200), targeted investors from diverse backgrounds, including businesspeople, traders, and government employees.
The alleged orchestrator, Ramanjaneyulu of Anantapur district, initially gained investor trust through an organic herbal business before promoting the crypto scheme. Ramanjaneyulu reportedly leveraged popular crypto platforms like Binance and OKX, which bolstered the scheme’s perceived legitimacy.
Many victims invested significant amounts, with some taking loans to participate. For example, businessman Siva Reddy reportedly invested USD 11,120, while another investor contributed USD 9,500.
Despite mounting complaints, authorities had yet to file a formal case, highlighting challenges in addressing crypto-related fraud. This case follows other high-profile scams in India, such as a recent instance in Maharashtra, where two siblings lost over INR 1 crore (USD 120,000) in a similar fraudulent scheme involving family members.
Korea In:Review
South Korea’s Gyeonggi Southern Provincial Police Agency has uncovered a USD 1.6 million cryptocurrency scam involving a Bitcoin miner rental scheme.
The scam, orchestrated by suspect "Mr. K" and his associates, used a call center with 1,980 fake SIM cards registered under foreigners' names to lure victims with promises of high-yield returns. The group even offered "free trial" periods to gain victims' trust, collecting between USD 2,143 and USD 214,200 from each of the 50 victims.
The scam unraveled after the group mistakenly contacted a detective from the police's Mobile Criminal Investigation Unit in April 2024, who then traced the operation back to its Incheon headquarters.
This led to the arrest of 81 individuals involved, with nine charged with fraud under the Specific Economic Crimes Punishment Act, and others facing charges under telecommunications and privacy laws.
South Korea has initiated a pilot project to explore the use of central bank digital currencies (CBDCs) for distributing education and welfare vouchers, aiming to overcome limitations in the current voucher system.
The Ministry of Science and ICT, the Financial Services Commission (FSC), and the Bank of Korea recently signed a memorandum of understanding (MOU) to collaborate on the project.
The CBDC pilot will test deposit tokens as a streamlined alternative to traditional voucher methods, addressing existing challenges such as high transaction fees, slow processing times, and fraud risks.
By utilising CBDCs, the government envisions a more secure, efficient, and user-friendly approach to distributing benefits for education, culture, and welfare.
This pilot is part of South Korea's broader effort to innovate within the digital finance space, focusing on enhancing security and efficiency for welfare-related financial transactions.
South Korea’s financial regulator is set to make a final decision on allowing corporate cryptocurrency investments in December 2024, following the first meeting of the newly formed Virtual Assets Commission on 6 November.
The move, anticipated by major South Korean firms ready to invest in digital assets like Bitcoin and Ethereum, has been delayed multiple times pending the commission's input.
The commission’s initial discussions have raised optimism among industry insiders, with many expecting a positive outcome that could double South Korea's crypto market capitalisation.
However, there is internal debate: some members advocate for approval, noting that the United States, the EU, and Japan permit corporate crypto investments, while others urge caution due to concerns about market volatility and potential money laundering.
Currently, South Korean regulations require individual investors to have “real-name” bank accounts linked to their crypto wallets. Several voices in the commission are pushing to extend this to corporations, arguing it would provide stability and enhance the market's legitimacy.
Industry insiders and crypto enthusiasts express hope that South Korea will take this progressive step, positioning itself more firmly in line with global trends in corporate crypto adoption.
Singapore In:Review
The Banque de France (BdF) and the Monetary Authority of Singapore (MAS) have concluded a pioneering joint experiment in post-quantum cryptography (PQC), marking a significant step toward safeguarding cross-continental digital communications.
This initiative tested quantum-resistant cryptographic algorithms for signing and encrypting emails, aiming to future-proof electronic communication security while remaining compatible with current internet standards and technologies.
The project aligns with recommendations from France's ANSSI and the US National Institute of Standards and Technology (NIST). By combining existing cryptographic algorithms with post-quantum algorithms, the initiative aims to counteract potential threats posed by quantum computing without compromising compatibility with current systems.
Denis Beau, BdF's first deputy governor, highlighted the bank's commitment to post-quantum security, expressing confidence in their preparedness for resilient inter-institutional communications.
Both BdF and MAS see potential applications of PQC in financial systems, including payment networks, to reinforce cybersecurity within the financial sector.
MAS Deputy Managing Director Jacqueline Loh noted the urgent shift in cybersecurity strategies, stressing that financial institutions prepared for quantum threats will be better positioned to maintain public trust in digital financial services.
In response to escalating money laundering (ML) threats, Singapore has announced a comprehensive "National Anti-Money Laundering (AML) Strategy," published jointly by the Ministry of Finance, Ministry of Home Affairs, and the Monetary Authority of Singapore (MAS) on 30 October 2024.
The strategy includes a "whole-of-government data-sharing interface" named the National AML Verification Interface for Government Agencies Threat Evaluation (NAVIGATE), enabling seamless screening across agencies for ML risk assessments.
The strategy’s three pillars — "Prevent," "Detect," and "Enforce" — focus on deterring criminal misuse of financial systems, identifying illicit flows, and taking robust enforcement actions. Key initiatives include establishing an AML sensemaking workgroup led by the Ministry of Home Affairs and Singapore Police Force to oversee policy and capability development.
NAVIGATE will enhance inter-agency ML assessments, while the newly formed AML Case Coordination and Collaboration Network (AC3N) will replace the 2018-established Inter-Agency Suspicious Transaction Report Analytics Taskforce (ISTRA) to coordinate ML cases with expanded membership and oversight.
A noteworthy element, the "COSMIC" platform, co-developed by MAS and major banks, enables structured information-sharing among banks, facilitating global data analytics and AML/TF (terrorism financing) detection.
Additionally, Singapore plans legal reforms to enhance international ML cooperation, including amendments to the Mutual Assistance in Criminal Matters Act by early 2025.
Singapore is reinforcing its position as a global leader in Web3 and tokenisation, with the Monetary Authority of Singapore (MAS) unveiling significant progress at the Layer One Summit.
MAS Deputy Managing Director Leong Sing Chiong highlighted successes from Project Guardian, an initiative exploring tokenisation of real-world assets (RWA) such as foreign exchange (ForEx) and on-chain funds.
The project, which included collaborations with Chainlink, UBS, ANZ, and Ant International, demonstrated that tokenisation can streamline processes like fund subscriptions and payments, reducing operational risks and costs through automation.
Chiong noted tokenisation’s potential to enable real-time, 24/7 transactions, envisioning a world where corporate treasuries can operate seamlessly across global markets. A key barrier, however, remains scalability.
To address this, MAS has introduced a standardised, “non-prescriptive” framework to enhance interoperability and reduce adoption costs across international markets. Financial giants like HSBC, Citibank, and JPMorgan have joined the MAS Layer One Chain to further tokenisation goals.
The MAS also announced a Singapore Dollar (SGD) Testnet within its central bank digital currency (CBDC) program, allowing institutions to use on-chain fiat for automated asset sales. This aligns with MAS's strategy to make Singapore a hub for tokenised assets, pushing forward standards that could reshape the global financial landscape.
Best of the Rest In:Review
Mac users in the cryptocurrency industry are under targeted attack by North Korean hackers, specifically the BlueNoroff subgroup linked to the Lazarus Group, according to a recent report from cybersecurity firm SentinelOne.
Named "Hidden Risk," this malware campaign has been active since April 2023, primarily using phishing tactics disguised as crypto-related news and investment insights.
Hackers lure victims through emails containing links to malicious applications masquerading as PDF documents. Posing as reputable figures in the crypto industry, these emails promote topics such as "Hidden Risk Behind New Surge of Bitcoin Price" and "Altcoin Season 2.0-The Hidden Gems to Watch."
Upon opening, these applications download a decoy PDF while installing a backdoor to the user’s device.
Technical evidence links Hidden Risk to BlueNoroff, part of North Korea's Reconnaissance General Bureau, as well as other targeted campaigns previously detected by firms like ESET and Jamf. BlueNoroff has also utilized legitimate tools, such as Apple Developer IDs and domains from NameCheap, to bypass security measures and evade spam filters.
This campaign highlights the evolving tactics of North Korean cyber groups, as they shift operations to avoid law enforcement detection. SentinelOne warns that BlueNoroff’s ability to hijack Apple developer accounts remains a major security concern, enabling the group to bypass Mac security features and execute persistent attacks on cryptocurrency firms.
I hope you find Risk In:Review informative and helpful.