The European Commission proposed a package of laws this week to combat money laundering and financial crime, including a move to expand money-laundering rules to cryptocurrency. Bringing anti-money-laundering (AML) rules into the digital currency domain is often mentioned as a key component of mitigating ransomware.
Regulations in the European Union and elsewhere involve what's known as the travel rule, an ability to trace the chain of electronic transfers of money. But the current rules only apply to “banknotes and coins, scriptural money and electronic money.” The new regulations would expand that to cryptocurrency and prevent the use of anonymous wallets.
Anonymity is, for obvious reasons, one of the key reasons cryptocurrencies are used in ransomware, though other reasons include the ease of transport across borders. Instituting AML rules would make it more difficult to conduct a ransomware operation from a wallet legally opened within Europe. It would not, however, prevent the operations with wallets out of the jurisdiction.
However, in broad terms, experts see this as a positive step.
"This would disrupt a wide swath of the economy of scale of the dark web," said Tom Kellermann, head of cybersecurity strategy at VMware and a current adviser on the Secret Service's Cyber Investigation's Advisory Board. In addition to protecting politicians, the Secret Service is responsible for investigating crimes against the financial system.
To influence ransomware, Kellermann has proposed amending globally adopted AML rules, eliminating the ability to pick and choose jurisdictions. He said those rules would need to be set by the Bank of International Settlements, a cooperative body of the world's central banks, or by the G7.
The Ransomware Task Force, a multistakeholder group headquartered at the Institute for Security and Technology whose recent, comprehensive proposal to mitigate ransomware is seen by many lawmakers as a policy starting block, suggested AML rules in its report, including deanonymizing know-your-customer laws.
The EU Commission proposal would place the regulatory burdens of traditional financial systems on the cryptocurrency market, treating cryptocurrency more like regular currency.
In the European Union system, laws are proposed at the EU Commission to be voted on by the EU Parliament.
"[O]ur work to close the gaps in our financial system is not yet done," said Valdis Dombrovskis, executive vice president of the European Commission for an economy that works for people, in a statement accompanying the new proposals. "We have made huge strides in recent years and our EU AML rules are now among the toughest in the world. But they now need to be applied consistently and closely supervised to make sure they really bite."
