with co-author Kevin Corbett
Company X is bidding on a major industrial contract in an emerging market, a piece of business that could catapult it to a record year. The Sales Vice President leading the proposal team is energized to deliver a win and reap the bonus and quick promotion to follow.
But it’s not looking good for the bid. At least that’s what a government official told the VP at a recent charity event. The official was willing to take a fresh look at the matter, especially if he had an extra incentive to do so. The Sales VP wanted this deal to happen, both for his own benefit and that of the company. This VP was going to make it happen.
“One more thing, my friend,” said the official. “Kindly make it in Bitcoins!”
Bribes reach the hands of public officials through many routes, from cash payments and excess commissions to charitable contributions, sponsorships and lavish travel. The emergence of Bitcoin and other cryptocurrencies brings another option into the mix.
Blockchain, the distributed ledger technology that underpins these currencies, is a mechanism for exchanging value and transaction information online without an intermediary. As such, it has the potential to disrupt virtually every industry.
With disruption comes risks and uncertainties. Companies engaged in cross-border commerce are uncertain about how the use of Bitcoin and other cryptocurrencies may heighten the risk of noncompliance with the Foreign Corrupt Practices Act (FCPA) and other anti-fraud and anti-corruption regulations. As companies contemplate the possibility of using cryptocurrencies, it is important to consider what risks may arise and what controls might be needed to keep an aspiring but misguided employee, such as our hypothetical VP, from successfully executing a payoff without being caught.
Both the sales VP and the government official have a role in setting up the Bitcoin bribe. Here is a possible sequence:
The vehicle for value transfer cryptocurrencies provide is paradoxically both anonymous and transparent. Bitcoin transactions are permanently recorded and traceable. At the same time, some online exchanges do not require verifiable personal information to purchase Bitcoins. For example, Dark Wallet was launched in 2014 as a Bitcoin application to protest users’ identities and was described by its founder as “money-laundering software.” On some cryptocurrency platforms, users are able to utilize fake names and addresses, making it harder to identify the individuals or entities behind the payments. The VP, therefore, might recognize the benefits of utilizing a cryptocurrency platform that offers him anonymity so that he increases his chances of not getting caught while making the aforementioned bribe. Additionally, Bitcoin mixing (putting one’s coins into a larger pool with coins from other sources) scrubs the linkability and traceability from them, making it harder to track specific payments entering the mixing service to payments exiting it. A user may also opt to use newer protocols such as Zcash, a cryptocurrency that utilizes zero-knowledge proof constructions to mask the identity of users.
How could a company uncover the VP’s payment to the government official? A typical investigation would involve combing books and records for round-dollar or one-time-vendor payments. But what would be the mitigating control to identify a cryptocurrency transaction? Could the transaction go undetected?
Another problem with cryptocurrencies is that their online networks are vulnerable to hackers. For example, in August 2016, some US$65 million in Bitcoins were stolen from the Hong Kong-based Bitfinex exchange platform. Therefore, a legitimate entity could potentially obtain Bitcoins in a presumably above-board transaction from a fraudster who stole Bitcoins through a hack. That transaction might then be traced back to a payment for some illegal activity, and exchanges could commence to blacklist the legitimate entity for engaging with the fraudster.
Regulators in the United States, Europe and around the world have begun to take action to prevent companies and individuals from utilizing cryptocurrencies to launder money or conduct other illegal activity. First, governments have started to establish legal frameworks for regulation of cryptocurrency usage. For example, in the United States, the Financial Crimes and Enforcement Network (FinCEN) stated in 2013 that “digital currency firms need to comply with the same anti-money laundering rules as other financial institutions, including monitoring customers and reporting suspicious activity to the government.” Additionally, governments around the world have made numerous arrests for Bitcoin-related money-laundering involvement. Intelligence and justice agencies are employing increasingly advanced technology to identify the users behind illicit cryptocurrency activity. These advanced technologies, combined with traditional investigative techniques, helped the U.S. Justice Department identify the Bitcoin wallet of Ross Ulbricht, who was arrested for running Silk Road, an online drug bazaar.
However, some countries have yet to form coherent policies toward cryptocurrencies, and regulation on this topic is still a mixed bag worldwide.
Given the increasing regulation of cryptocurrencies and the risks presented by usage of this technology, companies need to take proactive steps to ensure that cryptocurrencies are not being used for bribes and other illicit activities. Here are some steps companies can take to ensure the legality of their cryptocurrency activities:
Cryptocurrencies, and the scams and schemes they can potentially spawn, represent new forms of business opportunity and risk. The first chapters of their story are just now being written. If the variety and pace of developments to date are any indication, the activity in this field is only likely to accelerate. By understanding digital currency and carefully planning for the emergence of new cryptocurrency applications, companies can be better prepared for the emerging era of digital commerce and an overeager VP who may try to use this technology to conduct illegal activity.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Anthony Campanelli is a Deloitte Risk and Financial Advisory partner with Deloitte Financial Advisory Services LLP, specializing in forensics, corporate investigations and financial crime detection and prevention.