Risk In:Review #30 - 10 September 2023
Anthony Hope
Risk & Compliance Executive | Fintech Founder & Innovator | Strategic Leader | Expert Speaker
Welcome to Risk In:Review, your weekly newsletter curating the best of the week’s news stories from the crossroads between risk management and technology in Asia Pacific.
Keep updated with the latest news and insights by clicking on?subscribe .
Perspectives
Over the past week two major headlines have caught my attention. First, during the upcoming G20 Summit under India's presidency, sources anticipate the introduction of a common framework on crypto assets. This initiative is intended to align with the Financial Action Task Force's (FATF) directives and is an attempt to harness the potential of crypto while emphasising stability and customer protection. India is planning to play back reports from the International Monetary Fund (IMF) and the Financial Stability Board (FSB), which propose a holistic approach to crypto regulation rather than an outright ban. The focus is on creating robust, adaptable policies that cater to different economic landscapes.
While the role of the G20 should not be understated, achieving consensus on crypto will not be an easy feat, noting the differing regulatory models that have been developed by G20 members, such as Australia, Japan, US, and the EU. President Xi’s absence will likely make consensus easier to achieve, but even so I remain to be convinced that the G20 will set the global benchmark, noting that some of the leaders in the field, i.e. Singapore and Hong Kong, will not be represented.
The second headline relates to the ongoing SGD 1.8 billion money laundering controversy in Singapore, involving several major global banks. Singapore has been affected by several global financial scandals in recent years, such as Malaysia's 1MDB and Germany's Wirecard AG, so I anticipate rapid and firm action by the Monetary Authority of Singapore (MAS). The MAS has worked closely with Singapore’s Police Force on the investigation, and the question is whether this case will prompt a review of Singapore’s existing regulations, or whether the financial institutions involved will be challenged on their implementation of the current regime. With the eyes of the internet on Singapore, it is unlikely the MAS will simply chalk this one up to the proficiency of the criminal gang in avoiding banking controls.
This Week In:Review
Australia
China
Hong Kong
India
Singapore
Best of the Rest
Australia In:Review
The Australian Securities and Investments Commission (ASIC) is increasing its scrutiny on the distribution of "high-risk" over-the-counter derivatives to retail clients, particularly crypto derivatives. In their report titled "Design and Distribution Obligations: Retail OTC Derivatives," ASIC expresses concerns about issuers providing unregulated digital assets alongside regulated ones. This can mislead retail investors into believing that the same consumer protections are in place for both types of assets. This move is in the wake of a lawsuit against the trading platform eToro for alleged breaches in design and distribution related to its CFD offerings. Such breaches have reportedly led to significant losses for retail investors. ASIC's Deputy Chair, Karen Chester, voiced the regulator's concerns about issuers, especially those in crypto derivatives and CFDs, not complying with design and distribution responsibilities. She emphasised ASIC's readiness to take stringent actions against significant failures. CFDs, used mainly for speculative trading and hedging, are contracts that focus on the difference in an asset's value over time. Three years ago, ASIC intervened in the issuance and distribution of such products, introducing measures like restricting the leverage on CFDs for retail clients to 2:1 for crypto.
The Australian Securities and Investment Commission (ASIC) has raised concerns over the sale of high-risk financial betting products to individuals with limited financial knowledge. These products, termed "contracts for difference" (CFDs), allow individuals to speculate on future price movements of assets, like shares or commodities. When used with leverage, small bets can lead to significant gains or losses. For instance, a AUD 5 bet could lead to a AUD 500 gain or a AUD 495 loss. ASIC had previously taken measures in 2020 to limit the leverage on CFDs to 30 times for regular customers after findings showed that 80% of customers lost money. However, higher leverages of up to 300 times were still available to professional investors. In 2021, it was disclosed that some companies were offering high-leverage products to customers who qualified as “professional investors” after completing a questionnaire, thus waiving their consumer rights. Two years ago, ASIC introduced rules mandating financial groups to ensure their products catered to the needs of their target market. ASIC commissioner, Karen Chester, emphasised the importance of these obligations and expressed concerns over mass-market advertising of these high-risk products. Currently, over 60 Australian financial service providers offer such high-risk derivatives to retail clients.
Thieves stole USD 41.3 million from cryptocurrency casino Stake.com , co-founded by Australia's youngest self-made billionaire. The theft was detected by Cyvers, a blockchain security platform, noticing USD 16 million in "suspicious transactions". An additional USD 25.6 million was confirmed by another analyst, ZACHXBT. Stake.com acknowledged the unauthorised transactions but assured users that their funds were safe. The stolen amount came from the casino’s ethereum hot wallet, which facilitates payouts. A representative from Stake.com confirmed the cyberattack on their ethereum wallet but maintained that all user withdrawals are functioning and no customer has faced any losses. They are now collaborating with authorities to recover the stolen funds. Stake.com is distinct from the Australian online sharebroker Stake. Shameela Gonzalez, a director at CyberCX, highlighted that due to their novelty and less stringent regulatory oversight, cryptocurrency exchanges are attractive targets for cybercriminals. Blockchain analysis firm Chainalysis reported thefts totalling USD 3.8 billion from cryptocurrency businesses in the past year. Stake.com , based in Melbourne and co-founded by Ed Craven, is one of the world's leading online casinos. Despite its Australian origin, it doesn't serve Australian users due to local regulations. The company has engaged in significant partnerships and sponsorships, with Craven's fortune estimated at USD 1.1 billion in 2022.
Australian fintech firm Block Earner has announced a new crypto-backed loan product for the Australian market. This move comes despite the company's ongoing legal dispute with the Australian Securities and Investments Commission (ASIC) over allegedly offering financial products without a license. The crypto loan offering lets Australians use cryptocurrency as collateral to borrow cash. Block Earner's initial launch will only allow Bitcoin as collateral and is expected by the end of September. Charlie Karaboga, Block Earner's co-founder, said the loan products are designed conservatively to fit within existing licensing frameworks. However, last November, Block Earner faced legal action from ASIC for supposedly offering crypto-linked fixed-yield earning products without the necessary Australian Financial Services (AFS) license. Despite this, Karaboga is optimistic about regulatory clarity in the future, noting that advancements in places like Singapore, Hong Kong, and the UK might pressure Australia to provide clearer crypto regulations. He also mentioned that while Australia is affluent and its citizens were early crypto adopters, they have become targets for scams. Karaboga remains hopeful, believing that Australian regulators are supportive of crypto innovations. Block Earner's court hearing is set for November, with a verdict expected by January.
China In:Review
China is making rapid strides to become the global leader in artificial intelligence (AI) by 2030, with robust regulations and heavy investment in the technology, alongside significant foreign funding. From August 15, 2023, China's initial AI regulations came into effect, targeting generative AI technology companies offering services to the public. These companies, such as OpenAI, must obtain a license to operate, ensure regular security assessments, register significant algorithms, and confirm user data protection. Moreover, they must curtail "illegal" content generation and align with China's "socialism core values", though the specifics remain ambiguous.
Previously, China introduced regulations for deep-synthesis technology, an AI model generating ultra-realistic and occasionally counterfeit outputs. These regulations require AI providers to watermark AI-generated content, prevent the spread of fake news, and secure permission for utilising personal features like faces in these systems.
In 2022, China began regulating recommendation algorithms, aiming to prevent the propagation of false or harmful content. The regulations also include a state-managed online algorithm registry detailing the algorithms' training and utilisation.
Interestingly, while focussing on AI governance, China is also supporting AI innovation. The nation's AI firms are drawing vast investments, with almost a fifth originating from US sources between 2015-2021. By 2026, China plans to double its AI investment to USD 27 billion.
领英推荐
Sina Weibo, a leading Chinese social media app with over 258 million daily users, has deleted 80 influencer accounts, with a combined following of 8 million, for promoting cryptocurrency activities, in line with official Chinese regulations. This move comes in response to allegations that these accounts violated eight regulations encompassing areas like telecommunications, finance, banking, and online marketing, among others, due to their cryptocurrency promotions. Weibo's actions are not isolated; since the enforcement of China's cryptocurrency prohibition in September 2021, the platform has consistently eliminated crypto-related accounts. Notably, in August 2022, the Cyberspace Administration of China removed a staggering 12,000 influencer accounts from both Weibo and Baidu that were associated with cryptocurrencies, erasing 51,000 related promotional posts. The administration's intent behind these actions is to safeguard citizens' property and encourage proper investment practices while cautioning against the pitfalls of cryptocurrency trading. Reinforcing its commitment to regulatory compliance, Weibo has stated its ongoing resolve to combat illicit securities activities on its platform. From this year, China has intensified its clampdown on private crypto activities, driven by concerns such as capital flight, money laundering, and the ambition to support its state-led cryptocurrency initiatives.
Digital assets are now legally recognised as property in China, as stated by a report from the People’s Court of China. This decision places China alongside other jurisdictions acknowledging the property rights of digital assets. The country had previously prohibited digital asset transactions in 2021, with the People’s Bank of China highlighting risks including money laundering and fraud. Nevertheless, this recent shift suggests a growing acceptance of digital assets within the nation. Conversely, Hong Kong, a special administrative region of China, has capitalised on the mainland's ban, positioning itself as a global hub for digital assets. This has seen an influx of state-backed Chinese banks into Hong Kong to support international firms, leading to speculation that Hong Kong might serve as China’s testing ground for digital asset regulations. Globally, the definition of digital assets as legal property has been a matter of contention. For instance, the US Internal Revenue Service has treated Bitcoin as property since 2014, implying capital gains tax implications. In 2022, the UK High Court recognised digital assets as property. Yet, the term 'property' can vary contextually, and with numerous digital assets available, each could require a unique legal distinction. However, the overall trend is clear: more jurisdictions are deeming digital assets as legal property.
Hong Kong In:Review
Hong Kong is advancing with the second phase of technical testing for China's digital yuan, widening its scope to include more banks in the region. The Hong Kong Monetary Authority (HKMA) and the People's Bank of China have already wrapped up preliminary technical examinations for cross-border payments using the digital currency. The ongoing second phase is inspecting the functionality of the digital yuan wallet's top-up capability via the Faster Payment System (FPS). Introduced in 2018 by the HKMA, the FPS enables cross-bank transfers in both Hong Kong dollars and Chinese yuan using just the recipient's phone number or email. The FPS witnessed a surge in its operations, with transactions in the second quarter rising to HKD 1 billion, a significant leap from HKD 669.6 million the previous year. The digital yuan, or e-CNY, is poised to offer a robust and innovative solution for cross-border retail spending for both territories. The overarching goal is to augment the efficiency and user experience in cross-border payments, fostering integration within the Greater Bay Area. Meanwhile, Hong Kong is also making strides to position itself as a global cryptocurrency hub, with fresh regulations for crypto and licensing for exchanges, enhancing the development of Web3 in the region.
India In:Review
During the upcoming G20 Summit under India's presidency, sources anticipate the introduction of a common framework on crypto assets. This framework will align with the Financial Action Task Force (FATF) anti-money laundering and counter-terrorist financing standards. The proposed regulations aim to guide investors in harnessing the benefits of crypto assets while ensuring their security, consumer protection, financial stability, and promoting international cooperation. This move comes in response to the rising trend of 'cryptoisation', where cryptocurrencies replace domestic currency, potentially bypassing capital control restrictions. As part of its G20 Presidency, India has prepared a note on the financial and regulatory implications of crypto assets to aid global leaders in their discussions. This note summarises reports submitted by the International Monetary Fund (IMF) and Financial Stability Board (FSB). The IMF report examines the economic and financial implications, while the FSB focuses on regulatory aspects. A coordinated policy and regulatory framework are being developed to address the full range of associated risks, especially for emerging market and developing economies. The G20, representing major global economies, will be pivotal in shaping the future of cryptocurrency regulations, ensuring they are implemented consistently worldwide. Furthermore, the G20 agenda will also address strengthening Multilateral Development Banks, aiming for enhanced capital adequacy, and promoting financial inclusion.
The Enforcement Directorate (ED) has identified five firms implicated in a money laundering scheme that funnelled funds from Dubai to India via cryptocurrency. The modus operandi involved purchasing properties in Dubai with cryptocurrency and subsequently transferring the assets to India, effectively obfuscating the paper trail. Senior ED officials disclosed during their investigation that these firms had played a role in the illegal movement of funds. The laundered money was obtained by companies associated with this syndicate from assets in Dubai, which were then invested into Dubai's real estate market. These firms collaborated with foreign exchange dealers and travel agents, acquiring data from numerous passports, which facilitated their illicit operations. To reintroduce the crypto assets into the Indian financial system, they were disguised as travel remittances, a method that concealed the illicit nature of the transactions from unsuspecting account holders. One of the implicated companies, Zanmai Labs Pvt. Ltd., operating under the name WazirX, is currently under close examination. Historically, such laundered funds were invested in Indian real estate through gold trading. However, the trend has shifted towards investing in Dubai due to tighter restrictions on large transactions in countries like the US.
Singapore In:Review
The Monetary Authority of Singapore (MAS) has responded to a criticism published in the Financial Times, which expressed concerns over the lack of oversight on cryptocurrency adoption in Singapore. The MAS clarified that, contrary to the claim, no businesses had qualified under its FinTech Regulatory Sandbox as cryptocurrency payment providers. The authority also highlighted that Singapore does not possess a "crypto sandbox" but a fintech sandbox to support diverse fintech experiments. While the critique pointed out Singapore's decision to allow crypto companies to access its Fast and Secure Transfers (FAST) interbank system, MAS explained that any business with a legitimate bank account, including those from the crypto realm, can use the FAST system, which deals exclusively with fiat currencies. Additionally, MAS refuted the association between rising malware scam cases and cryptocurrencies, emphasising that these scams mainly occur in the fiat economy. The regulator is proactive in its approach to counter money laundering, granting operational licenses only to crypto businesses with strong Anti-Money Laundering controls. As a result, Singapore will soon implement some of the world's most stringent regulations concerning retail access to cryptocurrencies. The president-elect and former MAS Chair, Tharman Shanmugaratnam, has previously flagged cryptocurrencies as high-risk investments.
A Singapore resident, listed as director, secretary, and shareholder for 185 companies, has drawn attention, especially after some of these companies were associated with three money laundering suspects arrested recently. Experts deem it implausible for a single person to be involved with such a number of companies, raising suspicions about potential foul play. All agents submitting applications for foreigners without a Singpass are obligated to perform due diligence checks on their client’s wealth origins. JJ, the resident in question, was previously associated with 224 companies, but a third of these have been terminated. Of the remaining companies, nine list Su Haijin, Su Baolin, and Vang Shuiming, who are among the arrested suspects, as a director or shareholder. JJ claims to be a victim, having never received any financial benefits from his associations. Although JJ denies any wrongdoing, stating that he provides legitimate secretarial services, experts argue that holding such vast directorial roles is a "red flag", potentially facilitating complex money trails that are difficult to trace. In response, Acra, the local business registry, is considering amending the Companies Act and Acra Act to limit the directorships one can hold, aiming to enhance oversight and prevent misuse.
In Singapore, court documents have highlighted a potentially wider network of suspects related to the ten individuals arrested in a SGD1.8 billion money laundering case. Several of these suspects have ties to organised crime groups overseas, engaged in online gambling, scam operations, and unlawful moneylending. After the initial arrests on 15 August, a subsequent raid took place on 01 September, uncovering previously hidden assets. Two individuals, Suspect X and Subject Y, have been identified. Subject Y, revealed as Wang Baosen's cousin, is implicated in laundering money from illegal remote gambling. Assets valued at over USD 18 million related to Wang's case have been seized. Additionally, the Singapore Police Force is investigating Subject Y's overseas connections and have seized assets worth over SGD 100 million. The Straits Times reported on Wang Baosen's ties to the Hongli gambling syndicate in Cambodia and his involvement with the Hongli300 online gambling website. Wang Baosen had a connection to Wang Bingang, a Sentosa Golf Club member, who is now of interest in the money laundering investigation. Suspect X's identity remains undisclosed, but he has significant assets linked to him, with over SGD 260 million seized by police. The probe reveals vast networks spanning across countries, with links to large-scale illegal operations and significant assets.
Best of the Rest In:Review
SkyCity announced to the NZX that the Department of Internal Affairs (DIA) has been informed of an application to suspend its casino operator’s licence for roughly 10 days. This suspension could impact SkyCity Casino Management’s licences for casinos in Auckland, Hamilton, and Queenstown. The Gambling Commission will decide whether to suspend the licence. This move comes after a former customer's complaint, who gambled from August 2017 to February 2021. SkyCity is alleged to have breached its Auckland host responsibility programme, failing to detect prolonged play. SkyCity intends to cooperate fully. John Sneyd from DIA highlighted an investigation into SkyCity’s harm minimisation practices in gambling. The investigation indicates SkyCity may have violated harm-minimisation obligations, specifically its policies on continuous play. The DIA emphasises its commitment to harm minimisation and ensuring that gambling in New Zealand is run by trustworthy operators. The Problem Gambling Foundation stresses the importance of monitoring prolonged gamblers, noting a higher risk of addiction after three continuous hours of gambling. Since the announcement, SkyCity shares have fallen, currently priced at NZD 2.10
Scammers are increasingly exploiting hidden links on social platforms, such as Discord, to deceive users and potentially drain their crypto wallets. On 4 September, Web3 security firm Pocket Universe highlighted how malevolent actors could conceal harmful links within text on Discord, a feature available on various platforms for some time. Christian Seifert, a researcher at Web3 security company Forta Network, indicated that hyperlink deception has been a tactic since the internet's inception. Seifert emphasised that both platforms and users need to implement protective measures. While Discord displays a link's genuine destination after clicking, it also allows users to "trust" a domain, which can be exploited by hackers. Seifert suggested Discord prohibit deceptive text links. Hugh Brooks, director of security operations at blockchain security firm CertiK, reiterated that both users and platforms must remain vigilant. He recommended users cross-reference web addresses with recognised phishing databases and use browser extensions like HTTPS Everywhere and ad blockers like uBlock. Furthermore, Brooks advised platforms to enhance security by allowing message receipt from trusted contacts only, citing Meta’s “Facebook Protect” as an example. He concluded by emphasising the continuous need for platforms to prioritise security and promote user vigilance.
The Financial Supervisory Commission (FSC) of Taiwan, the Republic of China, is set to release its "Guiding Principles for the Management of Virtual Asset Platforms and Trading Businesses (VASP)" by the end of September, as reported by a local news source. These guidelines come in contrast to mainland China's outright ban on cryptocurrency trading and mining. The principles outlined by the FSC will focus on robust virtual asset management, a mechanism for listing and delisting assets, and the clear demarcation of platform and customer assets. Companies must ensure transparency in transactions, fortify contract creation and advertising practices, handle complaints efficiently, and establish robust information security measures. Furthermore, companies are expected to abide by anti-money laundering (AML) laws and counter-terrorism financing provisions. Foreign virtual asset operators must register with the FSC to operate in Taiwan. In March 2023, Taiwan's government designated the FSC as the official regulatory authority for cryptocurrencies, drawing inspiration from regulations in the European Union, Singapore, and Japan. Post China's 2021 crypto clampdown, Taiwan saw a surge in cryptocurrency activities, leading to the nation's stricter stance. The forthcoming regulations aim to provide clarity, a stark difference from the US SEC's ambiguous stance on cryptocurrency.
The International Monetary Fund (IMF) and the Financial Stability Board (FSB) have co-authored a report advising against overarching bans on cryptocurrencies. The report emphasises that blanket bans on crypto activities are costly, difficult to enforce, and can lead to the relocation of these activities to other regions, posing “spillover” threats. Such bans are not simplistic solutions; instead, they should be based on a thorough evaluation of money laundering, terrorist financing risks, and other significant concerns like capital outflows. The report, entitled "IMF-FSB Synthesis Paper: Policies for Crypto-Assets", will be presented at the upcoming G20 Summit in India. It suggests a comprehensive regulatory framework to mitigate both macroeconomic and financial stability risks. This framework should focus on preserving monetary sovereignty, enhancing monetary policy structures, managing capital flow volatility, and providing clear crypto-asset tax regulations. With countries like the UK, US, Hong Kong, Dubai, and European Union members progressing on crypto regulation, the report aims to help shape global standards, especially after the substantial disturbances in the crypto sector last year. The document encourages a coordinated and adaptable approach to crypto policy implementation, recognising that emerging markets might require more tailored measures.
Crypto fraudsters are targeting MetaMask users by employing government-owned website URLs to deceive individuals and access their crypto assets. These scams have centred on redirecting unsuspecting users to counterfeit websites which then request access to their MetaMask wallets. Investigations by Cointelegraph have identified several government websites from countries including India, Nigeria, Egypt, and Brazil being exploited for these scams. Users lured by these deceptive links are redirected to a fake version of the official "MetaMask.io " URL. If users bypass Microsoft Defender's phishing warning, they are presented with a site mirroring the genuine MetaMask platform. These counterfeit sites entice users to connect their MetaMask wallets, granting the scammers total control over the wallet's contents. MetaMask's security team is working to integrate detection measures to counteract these attacks. They have also urged users not to share their Secret Recover Phrase and advised those compromised to establish a new seed recovery phrase on a secure device. It's worth noting that earlier in April, MetaMask refuted claims of an exploit which allegedly resulted in the theft of 5,000 ETH, clarifying the breach was not specific to MetaMask.
JPMorgan Chase & Co. is venturing into blockchain-based digital deposit tokens with the aim of improving cross-border payments. Deposit tokens digitally signify deposits held in commercial banks, using blockchain to expedite transactions, potentially cutting costs. However, JPMorgan's initiative still requires regulatory approval. This deposit token is distinct from JPM Coin, the bank's dollar-backed stablecoin meant for bank transfers. While JPM Coin is for intra-bank transactions, the deposit token is tailored for inter-bank transfers and is ideal for settling trades with tokenised securities on blockchain. Both are built to align with JPMorgan's compliance systems. Having launched the JPM Coin in 2019, JPMorgan later speculated that deposit tokens could fit into the decentralised finance (defi) realm. In June, the bank partnered with major Indian banks, introducing a blockchain platform for dollar transactions in India. They also expanded JPM Coin to include euro transactions. Despite JPMorgan's blockchain efforts, CEO Jamie Dimon remains sceptical of cryptocurrencies, labelling Bitcoin as a "hyped-up hoax".
I hope you find Risk In:Review informative and helpful.?
Keep updated with the latest news and insights by clicking on?subscribe . or?follow ?me on LinkedIn.
Anthony ?