Angelika Hellweger of Rahman Ravelli outlines the legal issues facing developers whose products are used for criminal activity.
The issue of how the law applies to crypto developers has been subject to increased discussion and debate – much of it driven by events.
The developer of the cryptocurrency mixer Tornado Cash, Alexey Pertsev, was arrested in 2022. His arrest was due to Dutch prosecutors accusing him of involvement in concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies via Tornado Cash.
Pertsev remains in a Dutch prison awaiting trial. His case has highlighted the issue of whether a developer who creates a code should then be prosecuted if it is then used for criminal activity.
The Situation in the UK in relation to criminal law
In the UK, it is possible for a crypto developer to be charged with a crime if their code is used to facilitate illegal activities. For example, if a developer creates and distributes software that is used for money laundering or fraud, they could potentially face criminal charges. Additionally, if a developer is found to have knowingly created or distributed a malicious programme, they could also be held liable under UK law. However, simply creating and distributing legitimate cryptocurrency software would not typically result in criminal charges in the UK.
Criminal activity related to cryptocurrency can generally be prosecuted under existing laws rather than via specific legislation for cryptocurrency. Examples include the Proceeds of Crime Act 2002 (POCA) and the Money Laundering Regulations 2017, (MLR) which make it illegal to engage in money laundering using cryptocurrency. The Computer Misuse Act 1990 also criminalises certain types of malicious hacking and malware distribution, which could apply to a crypto developer if their code is used to facilitate illegal activities.
There have been cases in the UK where individuals have been charged and convicted for cryptocurrency-related crimes under existing laws. To take one example, in 2018 a man was sentenced to five years in prison for operating a Bitcoin mixing service that was used to launder money from criminal activities. Three years later, there was a case where two people were arrested for fraud and money laundering after developing a website to attract people to make investments that they were told would generate huge returns. After receiving payments, the two individuals shut down the website and took the cryptocurrency proceeds with them. They were later tracked down by the police and found to have 90% of the stolen assets on USB sticks.
Defining Crypto Assets
Trades on cryptocurrency exchanges are not regulated in the same way as traditional finance. Yet they are still regulated, although quite loosely.
The MLR require crypto asset service providers to register with the Financial Conduct Authority (FCA). If exchanges do not register but continue to operate, it becomes a criminal offence further to s.19 Financial Services and Marketing Act 2000 (FSMA).
The coming months and years are expected to see more regulation brought in. The Financial Services and Markets Bill (the Bill) was introduced in July 2022 and, subject to reviews and amendments, is projected to come into force in the middle of 2023.
While there is no universal definition of what constitutes a crypto asset or related terms such as digital asset or virtual asset, there is increasing consensus in the UK and abroad regarding the basic elements of such a definition.
The Bill includes a definition of “cryptoasset” for the UK’s financial services regulatory framework as being any cryptographically-secured digital representation of value or contractual rights that:
- Can be transferred, stored or traded electronically, and
- That uses technology supporting the recording or storage of data (which may include distributed ledger technology).
This definition has been drafted so as to capture all current types of cryptoasset. The definition underpins the powers HM Treasury has to specify activities within the Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 (RAO) or to designate activities as part of the Designated Activities Regime (DAR) being legislated for in the Bill. It is similar to the definition of “cryptoasset” used in regulation 14A(3)(a) of the MLR, although the Bill’s definition refers to a wider range of underlying technology.
The Bill’s definition is also very similar to the definition of “cryptoasset” in the EU’s Markets in Cryptoassets legislation (MiCA), and shares some features with the definition of “virtual asset” in the Financial Action Task Force’s recommendations in its International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation. To react to future changes, the Bill’s definition of “cryptoasset” is accompanied by a power to update it by way of secondary legislation.
Law enforcement
Developers need to be aware of the approaches taken by enforcement agencies as well as current (and possible future) law.
The National Crime Agency (NCA) has established the National Cyber Crime Unit (NCCU) Crypto Cell and is set to receive more resources to actively investigate cryptocurrency crime. This may well, depending on the precise nature of the investigations, cause issues for developers of crypto exchanges.
The approach taken so far by the FCA has been variable. A freedom of information request revealed that the FCA did not open any investigations between January 2021 and June 2022 into breaches of money laundering rules by crypto firms – even though January 2021 was when it became responsible for their supervision, with respect to those rules. However, the FCA now appears to be keen to identify and assess those who wish to register with it and is imposing high thresholds for doing so.
The amount of international co-operation between enforcement agencies investigating cryptocurrency is increasing notably. This has been seen in particular with regards to the late-2022 collapse of the FTX crypto exchange.
While the circumstances surrounding FTX’s demise could, arguably, be viewed as exceptional, what has happened in this case does highlight the willingness of law enforcement agencies across the globe to work in tandem. Given the cross-border nature of cryptocurrency exchanges, such co-operation is both vital and necessary.
Developers, therefore, must be aware that if they are seen to be facilitating any form of crime, there could be a number of law enforcement agencies in various jurisdictions that may be prepared to take action.
