We’ve been told for some time now to be prepared. That the metaverse is coming.
We’ve seen Mark Zuckerberg excitedly show off his avatar as he presented Meta. And even as Facebook changed its name, seemingly attempting to lead the way in this world changing technology, “owning” the trend is simply impossible for any one entity. It goes against the very core of Web3.0.
Much different to the oligopoly of technology we’ve known, Web3.0 is viewed by some as an empowering reclamation of their own content and data, which has for so long been centralised in Big Tech.
In many ways, Web3.0 takes us back to the original World Wide Web, where anyone can post anything without having to go through intermediaries and without needing authorisation from a central body.
In its essence, Web3.0 is a decentralised, trustless and permissionless token-based economy on the blockchain.
The blockchain is a digital ledger used to record transactions. It’s the technology used by cryptocurrencies (digital currencies used as a medium of exchange through a computer network) and non-fungible tokens, or NFTs (a unique unit of data that uses technology to allow digital content like images, videos and songs to become logged and authenticated on blockchains).
And while crypto markets are growing and maturing and many small businesses are now accepting it as a form of payment, the thing to know about crypto is that it’s not reliant on a central authority, like a government or bank, to uphold or maintain it. We don’t even know who invented it. The founder/s of Bitcoin, the first cryptocurrency launched in 2009, use the pseudonym Satoshi Nakamoto.
It’s likely that soon, many of us will use a digital currency in a virtual world.
There will be many metaverses. Many computer generated, entirely virtual realities to log into and interact with other users in.
Of course it’s exciting to think about how this new technology will revolutionise work and play.
But are we giving enough consideration to the consequences?
For instance, if all you need is a Facebook account to join the metaverse, how will users be protected against fraud and identity theft? How will the user age limit be enforced? And how will younger users be protected from criminals who can easily manipulate them?
While the blockchain is visible and one can have copies of transactions, the identities of the persons behind those transactions are not visible. There’s no way to tell if the source of the currency is legitimate, meaning the metaverse is primed for criminal activity.
Back in the good old days, that is, prior to 2010, money laundering was a highly manual process.
It’s just as we see it in Hollywood. Criminals move the money they make through illegal activity by buying gems, artwork, property, businesses, or boats before converting those assets into cash again.
But before they get to that stage, the money has to be physically moved into a cash-intensive business to combine the dirty and clean cash. It’s then split into smaller amounts and deposited into several accounts including offshore accounts. The rest of the physical cash had to be hidden.
Money laundering in the metaverse can be done in the same way. Only it’s a lot easier, because once criminals turn their cash into non traceable and easily hidden currencies, all it takes is the click of a button over and over again to buy and sell items in the metaverse, producing a long ledger of lightning fast transactions that are impossible for humans to trace.
The absence of the traditional intermediaries in Web3.0 means users don’t need to undergo any prior Know Your Customer (KYC) or anti money laundering (AML) checks or sanctions compliance. While this approach supports a considerably more inclusive kind of financial innovation, policymakers are right to be concerned about how easy it will be to make illicit transactions.
After all, how can you ever ‘Know Your Customer’ if the ‘customer’ is an avatar?
We’ve already seen a rise in crime linked to crypto. According to Chainalysis, a blockchain data analysis platform, “Cryptocurrency-linked crime surged to a record high last year in terms of value, with illegal addresses receiving $14 billion in digital currencies, up 79% from $7.8 billion in 2020.”
What we’re looking at here is huge amounts of money made through illicit means held in crypto that can easily be used in unregulated, fast paced, entirely digital environments like the metaverse.
Furthermore, crypto can now be stored in mixed wallets such as Coinjoin with transactions hidden via anonymous browsers such as Tor so not only can the illegally gained funds be mixed and hidden with legitimate sources, it can also be layered via online entities. It’s a simple step to move from there to integration and then onto illegal activities.
These activities are highly complex, lighting fast and cross multiple borders. All of which is far too difficult for humans to detect using old approaches that worked in the old fashion scenario I described above.
A lot of people will be hurt by cybercrime on Web3.0 without the appropriate policy and technology in place to protect them.
It’s imperative that policy is adapting and advanced technology is put to use in order to tackle these emerging challenges. For instance, artificial intelligence (AI) and machine learning could be used for transaction monitoring and identity verification.
Inter-agency and inter-country information sharing and cooperation will become necessary. Perhaps a more metaverse-friendly version of KYC will need to be developed. Sure, you might only need a Facebook account to create an avatar and enter the metaverse but if you want to buy or sell, KYC and customer due diligence (CDD) are absolutely critical.
It took the banks 13 years to catch up to crypto. We simply cannot afford the same delay on policing of the metaverse. The time to act is now.
About First AML
First AML is an AML technology provider, and the maker of Source, an all-in-one AML platform. Source powers thousands of compliance experts around the globe to reduce the time and cost burden of complex and international entity KYC. Its enterprise-wide, long term approach to the KYC / CDD data lifecycle addresses time and cost challenges while minimising compliance, reputational and security risks.