May 03, 2017

Terrorist Use of Virtual Currencies

Containing the Potential Threat

By Zachary K. Goldman, Ellie Maruyama, Elizabeth Rosenberg, Edoardo Saravalle and Julia Solomon-Strauss

Executive Summary

This paper explores the risk that virtual currencies (VCs) may become involved in the financing of terrorism at a significant scale. VCs and associated technologies hold great promise for low cost, high speed, verified transactions that can unite counterparties around the world. For this reason they could appear appealing to terrorist groups (as they are at present to cybercriminals). Currently, however, there is no more than anecdotal evidence that terrorist groups have used virtual currencies to support themselves. Terrorists in the Gaza Strip have used virtual currencies to fund operations, and Islamic State in Iraq and Syria (ISIS) members and supporters have been particularly receptive to the new technology, with recorded uses in Indonesia and the United States.

Most terrorist funding now occurs through traditional methods such as the hawala system, an often informal and cash-based money transfer mechanism, and established financial channels.1 If VCs become sufficiently liquid and easily convertible, however, and if terrorist groups in places such as sub-Saharan Africa, Yemen, and the Horn of Africa obtain the kinds of technical infrastructure needed to support VC activity, then the threat may become more significant.

The task of the law enforcement, intelligence, regulatory, and financial services communities, therefore, must be to prevent terrorist groups from using VCs at scale. The use of VCs by “lone wolf” terrorists—a much bigger potential threat because of the small scales of funding needed to execute an attack—represents the kind of problem in intelligence and digital forensics that law enforcement agencies are well equipped to handle, even if they tax existing resources. 

Attacking terrorists’ use of virtual currency at scale is a challenging task for many stakeholders. New financial technology firms often lack the resources to comply effectively with oversight obligations, while regulators have tended to devote few resources to non-bank institutions. At the same time, different countries have adopted varying approaches to the regulation of virtual currencies, posing an enforcement challenge in a globalized field that requires a unified response. Finally, the privileging of prevention over management of illicit finance risk in the compliance world has created an incentive structure for banks that does not, ironically, push them toward innovative approaches to countering terrorist financing, including via virtual currencies. 

The counterterrorist financing community should adopt three guiding principles that will provide the foundation for policies aimed at countering both the new virtual currency threat and the broader illicit finance danger. First, policy leaders should prioritize the countering of terrorist financing over other kinds of financial crime. Second, the policy and regulatory posture should be oriented toward rewarding and incentivizing innovation. Third, policymakers should emphasize and create a practical basis for strengthening coordination between the public and private sectors on terrorist financing. These approaches form the foundation of an effective response to existing and emerging terrorist financing threats and will balance the burden of regulatory compliance with the policy need to support innovative new virtual currency technologies. 

Introduction

In the past several years, terrorist groups in Gaza have solicited support in Bitcoin; there are isolated reports that ISIS has used the cryptocurrency; and cybercriminals use it and other virtual currencies in a range of circumstances. We cannot yet know whether the uses of virtual currencies by terrorist groups amount to isolated incidents or foretell a broader and more pernicious trend.2 Individual incidents in which lone terrorists or terrorist groups use VCs of course pose a challenge. This is particularly so because the funding requirements for disruptive lone wolf acts of terror are small enough to pose a risk because they may slip through a counterterrorism financing system that struggles to stop small-scale acts of such financing regardless of the medium. But VCs become a strategic threat in the counterterrorism context only when they can compete with cash and other readily available means of financing and achieve “scale,” which in this paper signifies a combination of market capitalization, liquidity, convertibility, and network effects that add up to ease of use. Scaled use of VCs by illicit actors poses a particular challenge and exacerbates the underlying threat posed by criminal or terrorist activity because it makes illicit funding networks harder to disrupt. And the larger the stable funding supply for terrorist groups, the greater the scale at which the groups themselves can operate and the more they can engage in acts of violence. 

While VCs have many very important legitimate uses, certain characteristics also make them susceptible to abuse. Many, especially cryptocurrencies, protect or obscure identities, thereby making it more difficult for law enforcement to reveal and track those identities than traditional mechanisms of value transfer. Should terrorists adopt VCs at scale, therefore, it could become much more difficult to track and disrupt them.

A second reason it is important to understand the circumstances in which terrorist groups may wish to use VCs at scale is the global reach of such currencies. With certain virtual currencies, it is possible to transfer money instantly around the world without making use of institutions like banks, which require more transparency and have obligations to report suspicious transactions. Even centralized VCs may be accessible online anywhere in the world, so terrorists and criminals can take advantage of these currencies that have been set up in jurisdictions with less scrutiny. Potentially, such characteristics could effectively build a digital platform on top of established systems that currently allows terrorists, and others, to transfer cash on an international scale. Such an architecture would make it easier for terrorist groups to amass larger amounts of money than has generally been possible previously. 

Finally, the novelty and some particular attributes of VCs, such as decentralization, make them a particular regulatory challenge. Decentralized cryptocurrencies such as Bitcoin lack concentrated repositories of identifying information on account-holders, which law enforcement agencies typically use in financial crimes and counterterrorism investigations, but which are unavailable when dealing with many VCs. A more precise understanding of the threats and risks posed by VCs will help regulators to develop an effective and efficient governance framework to monitor for potential abuse. In turn, a successful framework will ultimately strengthen the global fight against terrorist financing and terrorism as a whole.

In the post-9/11 era, the international community has made significant progress in the struggle against terrorism generally, and in the struggle against terrorist financing specifically. In the counterterrorism context, “following the money” has been a particularly effective component of an overall strategy to degrade the capabilities of terrorist groups.3 One of the most significant victories has been the establishment of a global legal and policy framework—grounded in U.N. Security Council Resolutions, national legislation, and global standards—that, by blocking terrorist groups’ access to the formal financial system, has made it significantly more difficult for them to raise, move, store, and use funds.

The hawala system of person-to-person money transfer, pictured above, allows terrorists to transfer cash on a global scale outside the regulated financial system, escaping anti-money laundering and combating the financing of terrorism oversight. (Institute for Money, Technology and Financial Inclusion/Flickr)

However, recent evolutions in the terrorist threat, including the rise of ISIS and the continued importance of al Qaeda and its affiliates, have led the Financial Action Task Force (FATF), the intergovernmental standard–setting body for combating money laundering, terrorist financing, and other threats to the integrity of the international financial system,4 to note that “further concerted action urgently needs to be taken . . . to combat the financing of . . . serious terrorist threats” that have “globally intensified.” 5 

Specifically, a number of challenges regarding terrorism and its financing remain. First, terrorist groups that control territory pose one of the most difficult strategic challenges that the counterterrorism community faces. When groups control territory, it is easier for them to plan and train without disruption. It is also easier for them to derive financial and material support from the local population (through taxation, extortion, or the extraction of natural resources) without having to rely on transfers of funds from external sources that are inherently more vulnerable to disruption.

A second strategic challenge pertains to individual lone wolf terrorists or cells that lack formal ties to any established group. This dynamic makes it more difficult to anticipate attacks with intelligence, because it is difficult to determine which unaffiliated individuals will perpetrate attacks. And because these attacks are relatively inexpensive to execute, it is more difficult to identify and choke off their sources of support. Terrorists such as those who carried out attacks in Orlando, Florida; San Bernardino, California; or Nice, France do not rely on associations with larger groups that require significant funds to sustain themselves. Therefore, they leave only trace financing “signatures” and are not easy to detect and disrupt under a global framework built for more established and less nimble threats.6 Addressing lone wolf attacks is a significant intelligence challenge for the counterterrorism community. And identifying the ways in which such attackers may use VCs to fund themselves is similarly a significant forensic and intelligence issue that may require the government to invest in new capabilities and to work more closely than it has in the past with private entities.

Despite significant progress in the global counterterrorist financing regime, gaps remain in implementation and coverage. The charitable sector, for example, is still vulnerable to abuse, and unlicensed money transmitters, cash smugglers, and criminal activity of all kinds are a source of support for terrorist groups, both in the United States and abroad.7 Furthermore, the global counterterrorism financing regime is more oriented toward identifying and degrading the ability of organized groups to function than toward the rising threat of independent attacks. When a terrorist in Nice, for example, can kill 86 people simply by renting a truck and driving it through crowds of revelers on Bastille Day, policy leaders must rethink the approach to counterterrorism that has been oriented primarily toward well-defined groups, as al Qaeda was before the 9/11 attacks.

While terrorist groups are not yet using VCs at scale, a key goal of the policy and financial regulatory communities is to prevent that from happening.

Looking specifically at the counterterrorist financing risk for VCs, it does not appear that terrorist groups have yet used these currencies at scale, even while other criminal groups (specifically cybercriminals) have done so. Indeed, the U.S. government’s 2015 “National Terrorist Financing Risk Assessment” cited cash and the banking system as two of the most significant terrorist financing risks that the United States faces.8 The assessment described virtual currencies only as a “potential emerging TF [terrorist financing] threat,”9 and noted that “the possibility exists that terrorist groups may use these new payment systems to transfer funds collected in the United States to terrorist groups and their supporters located outside of the United States.”10 At the same time, the European Banking Authority classified as a high priority risk terrorist use of VC remittance systems and accounts.11 More troubling is the potential for virtual currencies to “democratize” the funding of terrorism, allowing far-flung, disconnected individual donors to participate in TF networks.12 So while terrorist groups are not yet using VCs at scale, a key goal of the policy and financial regulatory communities is to prevent that from happening by adapting measures to better track and prevent this threat. A more forward-leaning posture on financial information sharing and disclosure would benefit all stakeholders involved in addressing terrorists’ use of VCs and illicit financial activity more broadly. 

Terrorist groups have not yet adopted VCs at scale, but cybercriminal networks have. There are several reasons criminal and terrorist groups have behaved differently with respect to the adoption of virtual currencies. One important factor surely is the degree of technological sophistication needed to use such currencies at scale. The criminal enterprises that have made extensive use of VCs are generally engaged in technically complex crimes such as the remote theft and sale of data (or significant narcotics trafficking), and they operate in areas that have at least reasonably well-developed financial and telecommunications infrastructures. 

Many terrorist groups, by contrast, operate in areas with poor infrastructure and low penetration of modern technical and telecommunications tools. This is true, for example, of al Qaeda in the Islamic Maghreb (AQIM) in the Sahel, al Qaeda in the Arabian Peninsula (AQAP) in Yemen, and, in some measure, ISIS in Iraq and Syria. And this dynamic illuminates a major obstacle to the adoption of VCs, even while terrorist groups take advantage of sophisticated technology in non-financial contexts. ISIS’s use of social media to recruit and propagandize13 and Hezbollah’s use of drones stand out as two prominent examples.14 Technologies like drones do not rely on network effects to be useful and can be provided (nearly) off the shelf and ready to use. Similarly, social media is available on the kinds of smartphones and websites that have been commoditized. Virtual currencies, by contrast, are more difficult to create (should a terrorist group try to do so), employ, and maintain. 

Many terrorist groups operate in areas with poor infrastructure and low penetration of modern technical and telecommunications tools.

Of course, not all terrorist groups or their supporters contend with limited Internet access, computing capabilities, or knowledge of sophisticated tactics to evade regulatory detection of electronic money movements. This is one reason for the instances of terrorist groups using VCs, albeit in more limited ways. 

Terrorist networks and criminal groups also have different financial structures in which they do or may take advantage of virtual currencies. Cybercriminals often use VCs to buy or sell stolen data, for their exploits in online “dark web” markets,15 or for commercial transactions in illegal activities such as drug or weapons trafficking.16 There is less of a need for VCs to be convertible in that context because their users can simply recycle them for the next purchase. Cybercriminals located in Eastern European countries with poor records of law enforcement cooperation with the West can exchange VCs for fiat currencies in unregulated exchanges.17 Cybercriminals also often engage in extensive vetting of other purported criminals who wish to join online forums in which cybercrime activities take place; therefore they have some degree of confidence that their transaction counterparties can be trusted.18 This dynamic stems from the fact that the criminals are often repeat players who depend on the continued operation of the network for their activities.

Terrorist networks, by contrast, have a different “business model.” They often seek to move money from places outside the locations where they operate to the areas in which they plan and from which they launch attacks. Often they use many layers of intermediaries so that donors and ultimate recipients may not be known to one other. Or, in the case of lone wolf attackers, they scrape together funding from a wide range of sources. In either case, terrorists use the funds to buy things they need to sustain the group or to conduct attacks. And because they do so from the general economy, they often would need to reconvert the VCs they receive into fiat currency. This final step introduces both an unnecessary layer of complexity and an increased vulnerability to the disruption of their operations by adding additional actors and entities into the fundraising matrix.

Moreover, the virtual currency that has achieved the greatest market capitalization and penetration—Bitcoin—is only pseudonymous, not fully anonymous, as is commonly and incorrectly understood. The cryptographic addresses of the sender and the recipient of transactions are recorded; although they may not be linked to real-life identities, with enough investigative resources it may be possible to uncover the true identity of senders and recipients of Bitcoin transactions. This of course diminishes the allure of that means of transferring funds to terrorists. Notwithstanding its incomplete anonymity, Bitcoin remains dominant in the space. For example, Monero, a cryptocurrency that is more anonymous than Bitcoin, has a market capitalization of about $340 million; Bitcoin’s market cap is $17 billion.19

But the final—and most important—reason that terrorist groups have not adopted virtual currencies at scale is that these groups, and individual terrorist operatives, have not yet perceived the need to do so. They still find it possible to circumvent global rules governing terrorist financing with sufficient ease and frequency that using VCs is unnecessary. They exploit incomplete implementation of regulatory requirements and global standards at banks, use unlicensed and undersupervised money services businesses (MSBs), or simply cart around cash. As long as these value transfer methods are readily available, there is no great need to invest in new, complicated techniques to transfer value.

Therefore, the crux of the challenge that financial regulators and the counterterrorism community must confront with regard to virtual currency is one of monitoring and prevention: How will they know if and when terrorists begin to use VCs at scale? And how can they design the financial regulatory framework governing VCs to harness the positive uses to which they can be put while preventing them from abuse?

One of the most important factors in the ability of governments and other stakeholders to manage the risks posed by VCs is effective collaboration and communication. Three main categories of actors make up this ecosystem—financial institutions, the regulatory agencies that supervise them, and the law enforcement and intelligence community that target criminals and security threats. 

At present, tension among these constituencies prevents them from optimally monitoring and governing the use of virtual currencies. Fundamentally, law enforcement agencies and bank regulatory agencies have different authorities and use information from the private sector in different ways. They also have different approaches to the terrorist financing challenge. Whereas the mission of law enforcement officials is to halt terrorism, regulators are charged with ensuring that financing does not occur in banks that they supervise. Law enforcement agencies take data that they get from banks (often via the government’s financial intelligence unit, the Financial Crimes Enforcement Network, FinCEN, in the United States), combine it with other intelligence or evidence to improve their understanding of the threat landscape, and engage in further intervention—often a prosecution—to address it.20 Regulatory agencies such as the Federal Reserve Bank or the Office of Comptroller of the Currency (OCC) and state-level regulators such as the New York State Department of Financial Services (NYDFS), by contrast, use information from the private sector to assess compliance with existing rules, and then undertake enforcement actions if necessary. These regulators also use private sector information to inform their view of changes that they or others may need to make to manage risk in the financial sector.

In the past decade, financial regulators responsible for supervising banks have imposed significant fines for violations of laws designed to counter illicit finance.21 As described later in this paper, these enforcement actions have inhibited the development of effective public-private collaboration in the governance of VCs, because they have generated a significant amount of uncertainty within banks. Such collaboration is critical to prevent virtual currencies from being abused for illicit purposes at greater scale, particularly by terrorist groups.

Two main trends stand in the way of greater incorporation of VCs into the formal financial system, which would help manage the risks inherent in the near-instantaneous and anonymous global transfer of funds. The first trend in the financial sector is the desire of banks to avoid high compliance-cost business activities, including in jurisdictions with poor regulation and a relatively high occurrence of illicit financial activity or sanctions evasion, or in dealings with high-risk types of clients.22 This trend has led many financial institutions to shed expensive-to-service accounts, correspondent relationships, and clients, and is commonly referred to as “de-risking.”23 Virtual currencies have been caught in this trend. Businesses that deal extensively in VCs have found it difficult to establish relationships with the largest global banks because the businesses are often perceived as relatively risky and therefore too costly to take on.24 As a result, VC businesses have had to conduct their banking operations at smaller financial institutions that do not devote as many resources to compliance as do large global banks, and that are less well regulated than large money center banks. This dynamic, in turn, increases the likelihood that VCs will be used for the conduct of illicit activity at a scale, posing a security threat. 

Businesses that deal extensively in VCs have found it difficult to establish relationships with the largest global banks.

Virtual currency firms are also stepping into lines of business—such as cross-border remittances—that some large global banks are abandoning because of the perceived risk.25 And the anti–money laundering (AML), combating-the-financing-of-terrorism (CFT) and sanctions-compliance system requires companies to establish customer identification programs, screen for sanctions compliance, and establish suspicious activity reporting systems. This rigor may be too expensive for small VC startup companies, which may therefore either collapse before they get off the ground or operate in an unregulated manner, thereby increasing the risk that bad actors may use VCs without detection.

The second broad trend that has made it more difficult to govern virtual currencies is the libertarian ethos that animates many of the individuals and entities involved in the creation and growth of the VC movement.26 For many people, the most attractive dimension of VCs such as Bitcoin is the same one that makes it most difficult to govern—it serves as a store of value, unit of account, and medium of exchange that does not require the involvement of any large centralized government institutions or banks.27 That means these kinds of VCs lack many of the features of national currencies that make them secure and trusted, and it makes them susceptible to abuse by criminals, terrorists, and fraudsters who want their financial transactions to be opaque. It also makes the currency volatile. A recent dispute among developers about one of the technical characteristics of the virtual currency led to a 20 percent decline in the value of Bitcoin over a single weekend.28 Any system of regulation and governance for virtual currencies must contend with the fact that the developers who create many VCs do so in a manner designed to avoid control by centralized institutions of authority. 

So what is the way forward for the governance of virtual currencies? How do policy leaders ensure that terrorist groups do not migrate to them and simultaneously support their innovative contributions to the financial system? Part of the answer requires changes to the current AML regulatory system—reforms to be discussed in greater detail in this paper. Another path is to create incentives for VC businesses themselves to see that preventing abuse is in their commercial interests. This is because a greater number of people will participate in a market in which they have confidence—which, in turn, requires that the public perception of VCs be positive. It also requires ordinary people to feel as though VC exchanges—the gateways between the fiat currency systems and new systems—will protect them against fraud. As described in this paper, this dynamic is what ultimately induced PayPal to develop one of the most sophisticated fraud prevention systems available. Ultimately it is the way in which any disruptive new technology may achieve scale. 

The paper first describes contemporary methods of terrorist financing and the emerging virtual currency marketplace. Against this backdrop, the paper lays out strategies to better monitor terrorist use of VCs and adapt policies and regulations to guard against broader use. It concludes with specific policy recommendations to stakeholders. 

The full report is available online.

Download PDF

Endnotes

  1. For a similar definition of hawala, see:  “Letter dated 4 September 2012 from the Chair of the Security Council Committee pursuant to resolution 1988 (2011) addressed to the President of the Security Council,” (United Nations Security Council, September 5, 2012), http://www.securitycouncilreport.org/atf/cf/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D/s_2012_683.pdf, 15.
  2. The terms used in this paper to describe types of emerging financial technology have contested definitions. There is no single commonly agreed-upon definition of a “virtual currency.” But the definition used by the Financial Action Task Force (FATF) has perhaps the broadest adherence. The FATF describes a virtual currency as “a digital representation of value that can be digitally traded and functions as (1) a medium of exchange and/or (2) a unit of account and/or (3) a store of value, but does not have legal tender status (i.e., when tendered to a creditor, is a valid and legal offer of payment) in any jurisdiction.” A virtual currency, according to the FATF, fulfills its functions “by agreement within the community of users of the virtual currency.”  FATF does not use the term “digital currency,” in order to avoid confusion with virtual currencies and with “e-money,” which refers to fiat currency being transferred through electronic means. See “Virtual Currencies: Key Definitions and Potential AML/CFT Risks” (FATF/OECD, June 2014), 4, http://www.fatf-gafi.org/media/fatf/documents/reports/Virtual-currency-key-definitions-and-potential-aml-cft-risks.pdf. Domestically, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) defines virtual currency as having many characteristics of real currency but as lacking legal tender status in any jurisdiction. See FinCEN’s memo “Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies,” March 18, 2013, https://www.fincen.gov/resources/statutes-regulations/guidance/application-fincens-regulations-persons-administering. The IRS, which has a tax policy for virtual currency, defines it as “a digital representation of value that functions as a medium of exchange, a unit of account, and/or a store of value.” In some instances, it functions like real currency, but it does not have legal tender status in any jurisdiction. See Internal Revenue Service, “IRS Virtual Currency Guidance,” April 14, 2014, https://www.irs.gov/irb/2014-16_IRB/ar12.html. The Commodity Futures Trading Commission, which also regulates virtual currencies, uses but does not quote the FATF’s definition. Both the FATF and FinCEN definitions differ from that of the European Central Bank in 2012, which was limited to centralized virtual currencies (issued and controlled by a group of developers). See “Virtual Currency Schemes” (European Central Bank, October 2012), 6, https://www.ecb.europa.eu/pub/pdf/other/virtualcurrencyschemes201210en.pdf. This paper will apply the specific parameters that the FATF lays out to define a virtual currency and avoid using the term “digital currency” for the sake of clarity. Furthermore, this paper also analyzes “cryptocurrencies,” a subset of virtual currencies that uses cryptographic techniques for security, including to verify currency ownership and transactions made using the currency. A new payment technology, by contrast to virtual currencies and the systems that enable them, leverages technology to facilitate banking or financial transactions between people using currency.
  3. Stuart Levey, Under Secretary, Terrorism and Financial Intelligence, Department of the Treasury, testimony to the Subcommittee on Oversight and Investigations, Financial Services Committee, U.S. House of Representatives, July 11, 2006, 1–2. http://financialservices.house.gov/media/pdf/071106sl.pdf.
  4. “Who We Are,” FATF, http://www.fatf-gafi.org/about/. 
  5. “Consolidated FATF Strategy on Combatting Terrorist Financing” (FATF, February 19, 2016), 1, http://www.fatf-gafi.org/media/fatf/documents/reports/FATF-Terrorist-Financing-Strategy.pdf.
  6. James Freis, Tom Keatinge, Troels Oerting, and Karen Walter, “Trends in Counter Terrorist Financing: Panel Summary,” SIBOS 2016 in Review (SWIFT: October 2016), 4.
  7. “2015 National Terrorist Financing Risk Assessment”(Department of the Treasury, June 2015), 3, https://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Terrorist%20Financing%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf.
  8. Ibid., 47.
  9. Ibid., 56, 57.
  10. Ibid., 58.
  11. “EBA Opinion on ‘Virtual Currencies,’” EBA/Op/2014/08 (European Banking Authority, July 4, 2014), 33, https://www.eba.europa.eu/documents/10180/657547/EBA-Op-2014-08+Opinion+on+Virtual+Currencies.pdf. 
  12. Liana Rosen (specialist in international crime and narcotics, foreign affairs, Defense and Trade Division of the Congressional Research Service), “Task Force on Anti-Terrorism and Proliferation Financing Briefing” (United States Congress, March 3, 2017). Discussion with author. 
  13. Brendan I. Koerner, “#jihad: Why ISIS Is Winning the Social Media War,” Wired, April 2016, https://www.wired.com/2016/03/isis-winning-social-media-war-heres-beat/.
  14. Nicholas Blanford, “How Off-the-Shelf Drones Are Changing War in Syria and Lebanon,” Christian Science Monitor, August 16, 2016, http://www.csmonitor.com/World/Middle-East/2016/0816/How-off-the-shelf-drones-are-changing-war-in-Syria-and-Lebanon. 
  15. Andy Greenberg, “New Dark-Web Market Is Selling Zero-Day Exploits to Hackers,” Wired, April 17, 2015, https://www.wired.com/2015/04/therealdeal-zero-day-exploits/; Lillian Ablon, Martin C. Libicki, and Andrea A. Golay, “Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar” (RAND, 2014), 11–12, http://www.rand.org/content/dam/rand/pubs/research_reports/RR600/RR610/RAND_RR610.pdf.
  16. “Combining an anonymous interface with traceless payments in the digital currency bitcoin, the site allowed thousands of drug dealers and nearly 1 million eager worldwide customers to find each other—and their drugs of choice—in the familiar realm of ecommerce,” quoted from Joshuah Bearman and Tomer Hanuka, “The Untold Story of Silk Road, Part 1,” Wired, May 2015, https://www.wired.com/2015/04/silk-road-1/. See also “Part 2: The Fall,” Wired, June 2015, https://www.wired.com/2015/05/silk-road-2/; Thomas Fox-Brewster, “Life after Evolution: Meet the Dark Web Drug and Gun Entrepreneurs Succeeding Solo,” Forbes, April 9, 2015, https://www.forbes.com/sites/thomasbrewster/2015/04/09/drug-and-gun-vendors-thriving-on-their-own/#6574c57535f6. 
  17. Ransomware, in which cybercriminals encrypt a victim’s files and decrypt those files only after receipt of a ransom, generally paid in Bitcoin, is a notable exception.
  18. Ablon, Libicki, and Golay, “Markets for Cybercrime Tools and Stolen Data,” 15.
  19. “Bitcoin,” CryptoCurrency Market Capitalizations , https://coinmarketcap.com/currencies/bitcoin/; “Monero,” CryptoCurrency Market Capitalizations, https://coinmarketcap.com/currencies/monero/. 
  20. See “FinCEN Awards Recognize Partnership between Law Enforcement and Financial Institutions to Fight Financial Crime,” Financial Crimes Enforcement Network, May 10, 2016, https://www.fincen.gov/news/news-releases/fincen-awards-recognize-partnership-between-law-enforcement-and-financial. 
  21. Government Accountability Office, Financial Institutions: Fines, Penalties, and Forfeitures for Violations of Financial Crimes and Sanctions Requirements, GAO-16-297, March 22, 2016, 11, http://www.gao.gov/assets/680/675987.pdf. 
  22. Paul Taylor, “How Banks Can Avoid the De-Risking Trap,” American Banker, July 19, 2016, https://www.americanbanker.com/opinion/how-banks-can-avoid-the-de-risking-trap. 
  23. For examples of this trend, see Rob Barry and Rachel Louise Ensign, “Cautious Banks Hinder Charity Financing,” The Wall Street Journal, March 30, 2016, https://www.wsj.com/articles/cautious-banks-hinder-charity-financing-1459349551; Rob Barry and Rachel Louise Ensign, “Losing Count: U.S. Terror Rules Drive Money Underground,” The Wall Street Journal, March 30, 2016, https://www.wsj.com/articles/losing-count-u-s-terror-rules-drive-money-underground-1459349211; Lanier Saperstein and Geoffrey Sant, “Account Closed: How Bank ‘De-Risking’ Hurts Legitimate Customers,” The Wall Street Journal, August 12, 2015, https://www.wsj.com/articles/account-closed-how-bank-de-risking-hurts-legitimate-customers-1439419093. Federal financial supervisors recently released a paper that attempted to assuage the concerns of banks about this trend. See Office of the Comptroller of the Currency, Department of the Treasury, “Risk Management Guidance on Periodic Reevaluation of Foreign Correspondent Banking,” October 5, 2016, https://www.occ.gov/news-issuances/bulletins/2016/bulletin-2016-32.html. 
  24. Virtual currency professional conversation with author, 2016; Pratin Vallabhaneni, David Fauvre, and Andrew Shipe, “Overcoming Obstacles to Banking Virtual Currency Businesses,” Coin Center, May 2016, 4–6, https://coincenter.org/wp-content/uploads/2016/05/banking-obstacles.pdf; Paul Vigna and Michael J. Casey, The Age of Cryptocurrency: How Bitcoin and Digital Money Are Challenging the Global Economic Order (New York: St Martin’s Press, 2015), 117.
  25. Luis Buenaventura, “There’s a $500 Billion Remittance Market, and Bitcoin Startups Want In on It,” Quartz, September 11, 2016, https://qz.com/775159/theres-a-500-billion-remittance-market-and-bitcoin-startups-want-in-on-it/; Swati Pandey, “Australian Bank Exit from Remittances Sends Money Transfers Underground,” Reuters, February 25, 2016, http://www.reuters.com/article/australia-remittances-banks-idUSL3N1632JD; Jamila Trindle, “Bank Crackdown Threatens Remittances to Somalia,” Foreign Policy, January 30, 2015, http://foreignpolicy.com/2015/01/30/bank-crackdown-threatens-remittances-to-somalia/. 
  26. Vigna and Casey, The Age of Cryptocurrency, 160.
  27. Mark Garrison, “Regulation May Be Coming for Bitcoin,” Marketplace, September 18, 2015, https://www.marketplace.org/2015/09/18/tech/regulation-may-be-coming-bitcoin. 
  28. Paul Vigna, “Bitcoin Price Plunges on Fears of a Currency Split,” The Wall Street Journal, March 19, 2017, https://www.wsj.com/articles/bitcoin-price-plunges-on-fears-of-a-currency-split-1489949541. 
  • Zachary K. Goldman

    Adjunct Senior Fellow, Energy, Economics and Security Program

    Zachary K. Goldman is an adjunct senior fellow with the Energy, Economics and Security Program at the Center for a New American Security. Mr. Goldman also serves as ...

  • Ellie Maruyama

    Research Associate, Energy, Economics and Security Program

    Ellie Maruyama is a Research Associate in the Energy, Economics and Security Program at the Center for a New American Security (CNAS). Prior to joining CNAS, Ms. Maruyama work...

  • Elizabeth Rosenberg

    Senior Fellow and Director, Energy, Economics and Security Program

    Elizabeth Rosenberg is a Senior Fellow and Director of the Energy, Economics and Security Program at the Center for a New American Security. In this capacity, she publishes an...

  • Edoardo Saravalle

    Energy, Economics, & Security

    Edoardo Saravalle is a Joseph S. Nye, Jr. Research Intern for the Energy, Economics, and Security Program at the Center for a New American Security (CNAS). At CNAS his work fo...

  • Julia Solomon-Strauss

View All Reports View All Articles & Multimedia