Debra Brookes On Crypto Regulations and Blockchain Analytics: Webinar Recap

On Wednesday, August 7, Debra Brookes shared her insights into the current state of crypto regulations in the webinar entitled, Crash Course in US Crypto Regulations, Compliance, and Blockchain Analytics. Brookes drew on her experience leading the New York State Department of Financial Services (NYDFS) as its former deputy virtual currency chief.

Now an advisor at Merkle Science, Brookes discussed not only crypto regulations, but also how blockchain analytics will play an increasingly more important role. Brookes recently shared these insights in an exclusive Q&A published on Merkle Science, and elaborated on them further in this webinar.  

You can watch the seminar on-demand here. 

This article will recap the overview of crypto compliance in the United States that Brookes gave, outline the significance of a compliance program, and discuss what businesses should look for in a compliance solution. 

Crypto Compliance around the United States

Brookes noted that the United States has not passed a comprehensive framework for cryptocurrency since Satoshi first introduced the concept in 2008. Instead, the country has a “patchwork of existing laws, regulations, guidance rules established by the federal agencies.” 

Brookes showcased the extent of this fragmentation by discussing each agency and its particular scope in regulating cryptocurrency.

• The Securities and Exchange Commission - The SEC regulates securities. According to Brookes, the Supreme Court defined what a security is with the case, SEC vs Howey, in 1946. As a result, the “Howey test” is now used to determine whether something, including a digital asset, is a security.
  
  “Under Howey, a transaction is considered an investment contract if: one, if it's an investment of money; two, if there's an expectation of profit from the investment,” Brookes explained.
  
  
• Commodities Futures Trading Commission - Brookes said that the CFTC regulates commodities like wheat, cotton, and rice, as well as futures trading on exchanges of services, rights, and interests.
  
  Brookes explained that the CFTC generally does not oversee digital assets. “Unless the Bitcoin or any virtual currency is used as a derivative, or if there is a fraud or manipulation involving a virtual currency traded in interstate commerce,” she shared.
  
  
• Office of Foreign Assets Control - Brookes briefly touched upon the role of OFAC in administering sanctions to bad actors, such as terrorist organizations, cybercrime groups, or rogue nations. These bad actors often use cryptocurrency to bypass sanctions. 
  
  
• Financial Crimes Enforcement Network - Brookes stated that FinCEN was one of the first federal agencies to offer guidance on cryptocurrency back in 2013. FinCEN mandated that crypto businesses register as a money service business (MSB) if they either accept or transmit virtual currency, or buy or sell virtual currency.
  
  “Guidance is typically non-binding, but you ignore them at your peril,” said Brookes.
  
  
• New York State Department of Financial Services - While limited to the state of New York, the DFS has been particularly influential in leading crypto regulation with its BitLicense regime. Under this regime, entities engaged in virtual currency business activities in New York must obtain a BitLicense and adhere to strict compliance and consumer protection standards.
  
  Brookes noted that the DFS has a$5,000 application fee and an extensive application process, but these measures ultimately give confidence to consumers.
  
  You want to know that if you are dealing with an entity in New York - as a New York resident - that these companies went through a thorough vetting and (...) you should be comfortable enough to do business with that agency, knowing that DFS is overseeing on a daily basis,” said Brookes.

Importance of Crypto Compliance 

Although Brookes noted that compliance, especially in these early “patchwork” stages is often non-binding, there are critical reasons for businesses to still adhere.

• Prevent bad actors from using crypto - Due to the pseudonymous nature of crypto, it is easy for bad actors to commit crime. “Thus, it is so essential that a strong crypto compliance program is needed to prevent bad actors from obtaining and utilizing crypto (…) to engage in some really unfortunate illegal acts,” said Brookes. For businesses, compliance is tantamount to doing their part to stopping terrorism, money laundering, cybercrime, and a host of other illegal activities. 
• Grow without operational risk - Crypto businesses that do not follow local or national regulatory guidance may be subject to punishment that places financial strain on the business, subjects it to more regulatory scrutiny, and threatens the very viability of the business. 
  
  Brookes gave the case of Delaware-based exchange Kraken, which went afoul of OFAC in November 2022 for failure to implement geolocation tools that allowed Iranians to access crypto. 
  
  “As part of the settlement, Kraken did agree to pay a small fine under $400,000 for its violations, and also agreed to invest an additional $100,000 in sanctions and compliance tools,” Brookes shared. Businesses, in short, must follow compliance or risk potentially crippling punishments. 
  
  
• Risk mitigation to thrive in long-term - Brookes was joined by Ryan Berndt, Merkle Science’s account executive in digital asset compliance and analytics. Berndt argued that compliance is necessary for businesses to succeed over the long-term, which calls for the use of blockchain analytics.
  
  “If you imagine a bank, there's no chance that there's going to be a bank or financial institution that does not have any type of AML or transaction monitoring in place for their institution,” he said by way of comparison, arguing that it should be “second nature” for any business in cryptocurrency to have a compliance tool. 

What to Look for in a Compliance Solution 

Blockchain analytics has become its own cottage industry, so much so that it can be difficult to identify the best solutions. Berndt itemized a few key features that businesses concerned with their compliance should look out for in particular when evaluating crypto compliance software and tools: 

• Real-time transaction monitoring - Crypto businesses have traditionally been reactive rather than proactive. For example, they respond to a hack by trying to recover funds, negotiate with the perpetrators, or coordinate a manhunt. Compliance solutions that monitor transactions even just an hour after they take place keep businesses locked into this perspective.
  
  Berndt argues that real-time transaction monitoring is a must. “That way, if there's any suspicious activity… you're quickly able to see that in real time and then open up a case, investigate it further, do whatever you need to do on the compliance and security side,” he said.
  
  
• Continuous screening - Some compliance tools may offer real-time monitoring, but they fall short on another axis: continuous monitoring. This attribute is important due to the ever-shifting nature of crypto: An address that passes monitoring now may not always be clean in the future. For example, criminals may activate a long dormant address to conduct money laundering.
  
  Businesses thus need a tool that conducts continuous screening without any human intervention. Berndt pointed out that this is a feature that Compass, Merkle Science’s tool for compliance, possesses. 
  
  “We will continuously monitor that specific address or customer if you have addresses tied to a customer. So that way you're not having to rescreen every time you need updated information,” he said.
  
  
• Customizability - Digital businesses are often obsessed with scale, so much so that they often offer a one-size-fits-all package for all customers. While that may work for other industries, it does not make sense in cryptocurrency. 
  
  “You don't want a one-size-fits-all solution because there is no crypto business out there or organization out there that is exactly the same in terms of what they need,” said Berndt. 
  
  He thus advised businesses to look for service providers that are open to customizing compliance solutions for customers rather than simply trying to plug them into their standard offering. Berndt added that Merkle Science has customized Compass to meet the varying needs of different businesses. 

Conclusion  

Although the state of crypto regulations in the United States may still be “patchwork,” businesses still need to pursue a serious program of compliance. The businesses who do so will curry public favor by not supporting bad actors, grow faster without the threat of regulatory punishment, and position themselves for long-term growth. 

The best way to implement a serious compliance program is with the aid of a blockchain analytics tool like Compass. Many providers have added so many bells-and-whistles onto the core product that it is hard to distinguish the signal from the noise. Businesses serious about their compliance program should focus on three features: the ability for real-time transaction monitoring, continuous screening, and further customizability. The businesses that find this solution will not only get a tool - they will set a path toward company-wide compliance.