WEBVTT 1 00:00:00.240 --> 00:00:03.150 Anna Delaney: Hello, this is the ISMG Editors' Panel. I'm Anna 2 00:00:03.150 --> 00:00:05.850 Delaney. And we have a cryptocurrency special for you 3 00:00:05.880 --> 00:00:09.600 this week. And we are honored to be joined by one of the 4 00:00:09.600 --> 00:00:13.320 brightest and sharpest minds in the crypto sphere, Ari Redbord, 5 00:00:13.380 --> 00:00:16.980 Head of Legal and Government Affairs at TRM Labs, who 6 00:00:16.980 --> 00:00:20.070 formerly served as the US Treasury Department, as a Senior 7 00:00:20.070 --> 00:00:23.340 Advisor to the Deputy Secretary. And of course, my brilliant 8 00:00:23.340 --> 00:00:26.550 colleagues, Tom Field, Senior Vice President of Editorial, and 9 00:00:26.550 --> 00:00:29.880 Matthew Schwartz, Executive Editor of Data Breach Today and 10 00:00:29.880 --> 00:00:32.160 Europe. Welcome to the party, Ari. 11 00:00:32.570 --> 00:00:33.920 Ari Redbord: Hey, thank you so much for having me. Really 12 00:00:33.920 --> 00:00:35.180 looking forward to this conversation. 13 00:00:36.140 --> 00:00:38.450 Anna Delaney: So, Ari, we we have so many crypto questions 14 00:00:38.450 --> 00:00:41.540 for you. But before we get there, we usually begin with 15 00:00:41.540 --> 00:00:44.960 sharing the stories behind our virtual backgrounds. So where 16 00:00:44.960 --> 00:00:45.560 are you today? 17 00:00:46.080 --> 00:00:48.720 Ari Redbord: Terrific. I'm in Cameron Indoor Stadium because 18 00:00:48.960 --> 00:00:53.910 it is time for March Madness. And I am a very proud Duke grad 19 00:00:53.940 --> 00:00:57.810 and big Blue Devil fan. So you asked for a fun background and 20 00:00:57.810 --> 00:01:01.260 this is sort of my happy place. So, really excited to be joining 21 00:01:01.260 --> 00:01:02.490 you from Cameron today. 22 00:01:03.210 --> 00:01:06.240 Anna Delaney: Very, very good. And, Matthew, where are you? 23 00:01:07.860 --> 00:01:12.780 Matthew Schwartz: I am hanging out at the docks. Down in Dundee 24 00:01:12.780 --> 00:01:16.470 Harbour, here in Scotland. We had an unexpected visit this 25 00:01:16.470 --> 00:01:22.710 weekend from the NATO Maritime Group 1, composed of four 26 00:01:22.740 --> 00:01:27.180 vessels, so they were docked in between training exercises, 27 00:01:27.240 --> 00:01:31.200 apparently, so I and a whole bunch of other people in the 28 00:01:31.200 --> 00:01:33.180 city hopped on down for a look. 29 00:01:33.420 --> 00:01:37.650 Anna Delaney: History in the making. Tom, it doesn't look 30 00:01:37.650 --> 00:01:38.940 like a virtual background to me. 31 00:01:39.570 --> 00:01:41.190 Tom Field: It is actual backwards. I am on the 32 00:01:41.190 --> 00:01:44.430 waterfront for what it's worth. I'm in a hotel in Boston. But 33 00:01:44.460 --> 00:01:48.990 the good news is, I am here for a live event. I'm hosting a 34 00:01:48.990 --> 00:01:51.960 roundtable discussion this evening. Looking forward to it. 35 00:01:52.200 --> 00:01:56.850 First one on the East Coast and well over two years. So I'm 36 00:01:56.880 --> 00:02:00.570 happy to be in an actual background with my hotel on the 37 00:02:00.570 --> 00:02:01.440 Boston waterfront. 38 00:02:01.810 --> 00:02:05.920 Anna Delaney: Very good. I am on the waterfront too, by the 39 00:02:05.950 --> 00:02:10.180 London Eye. This is from a recent theater trip. I went to a 40 00:02:10.180 --> 00:02:15.280 production of Cabaret at the infamous Kit-Kat Club. So it was 41 00:02:15.280 --> 00:02:18.490 absolutely brilliant. By the way, thanks for asking, but I 42 00:02:18.490 --> 00:02:20.500 went filming all day. 43 00:02:22.000 --> 00:02:23.140 Ari Redbord: That is a hot ticket. 44 00:02:23.000 --> 00:02:24.350 Anna Delaney: It is a hot ticket. 45 00:02:25.880 --> 00:02:27.560 Ari Redbord: Eddie Redmayne, absolutely. 46 00:02:27.980 --> 00:02:29.720 Anna Delaney: It's pretty awesome. You know this stuff? 47 00:02:29.720 --> 00:02:30.020 Well. 48 00:02:32.000 --> 00:02:34.040 Ari Redbord: You want to talk musical theater? I could do that 49 00:02:34.040 --> 00:02:34.760 for a while too. 50 00:02:35.000 --> 00:02:35.960 Anna Delaney: Yeah. 51 00:02:39.140 --> 00:02:41.780 Tom Field: Ari, you do come with variations. 52 00:02:42.320 --> 00:02:45.050 Ari Redbord: Sports and musical theater, absolutely. 53 00:02:45.660 --> 00:02:48.600 Anna Delaney: Well, Ari, I'm a bit concerned by the lack of 54 00:02:48.600 --> 00:02:51.180 sleep you're probably getting in the moment. I mean, you've been 55 00:02:51.180 --> 00:02:54.540 unstoppable for the last few weeks during the media rounds, 56 00:02:54.570 --> 00:02:56.640 giving interviews. Lots of coffee as well. 57 00:02:58.310 --> 00:02:59.000 Ari Redbord: I should show this. 58 00:03:00.440 --> 00:03:03.020 Anna Delaney: Bit for next, remember that and, of course, 59 00:03:03.020 --> 00:03:06.500 the war in Ukraine and the impact of sanctions. And now 60 00:03:06.710 --> 00:03:10.700 breaking news by executive order on cryptocurrencies, which 61 00:03:10.820 --> 00:03:14.600 perhaps marks the first step toward regulating how digital 62 00:03:14.600 --> 00:03:18.380 currency is traded. So I'd like to start here. What's your 63 00:03:18.380 --> 00:03:21.860 initial take on the EO? What do we need to know? And what are we 64 00:03:21.860 --> 00:03:24.680 likely to see unfold over the next few weeks? 65 00:03:25.110 --> 00:03:26.490 Ari Redbord: No, I appreciate the question. And it's really 66 00:03:26.490 --> 00:03:30.420 been an extraordinary couple of weeks, really, in history in the 67 00:03:30.420 --> 00:03:34.140 world, and particularly in the crypto space. So yeah, the 68 00:03:34.140 --> 00:03:36.720 executive order that came out really just a few hours ago, 69 00:03:38.100 --> 00:03:42.030 does a number of things. But I think the real work is yet to 70 00:03:42.030 --> 00:03:48.390 come. The order itself essentially tasks the 71 00:03:48.390 --> 00:03:50.370 interagency and when I talk about the interagency, I'm 72 00:03:50.370 --> 00:03:53.970 talking about sort of all of the executive branch regulators with 73 00:03:53.970 --> 00:03:57.990 doing various things. For example, tasks the Fed with 74 00:03:57.990 --> 00:04:01.320 continuing to study and really understand sort of what it would 75 00:04:01.320 --> 00:04:04.710 mean to the financial system to issue a central bank digital 76 00:04:04.710 --> 00:04:08.190 currency. You know, task the Treasury Department with 77 00:04:08.250 --> 00:04:12.000 producing a study on issues around financial inclusion and 78 00:04:12.000 --> 00:04:14.910 the growth of the crypto economy and what that could potentially 79 00:04:14.910 --> 00:04:18.780 mean. Tasks really law enforcement agencies and 80 00:04:18.780 --> 00:04:22.260 regulators across the United States to get together on issues 81 00:04:22.260 --> 00:04:25.380 around illicit finance and money laundering and national 82 00:04:25.380 --> 00:04:30.480 security. I think the idea is that for years, we've seen sort 83 00:04:30.480 --> 00:04:33.930 of disparate actions from regulators, you know, regulation 84 00:04:33.930 --> 00:04:38.520 by enforcement from, you know, FinCEN and the SEC. We've seen 85 00:04:39.060 --> 00:04:41.940 the Office of Foreign Asset Control (OFAC), which is the US 86 00:04:41.940 --> 00:04:47.700 sanctions regulator, sanction to Russia-based exchanges. We've 87 00:04:47.700 --> 00:04:53.460 seen DOJ stand up cryptocurrency enforcement teams. So a lot has 88 00:04:53.460 --> 00:04:56.910 been done. But I think the idea of this order is to bring those 89 00:04:57.120 --> 00:05:02.160 efforts together in sort of a more cohesive way. One more 90 00:05:02.160 --> 00:05:05.310 major takeaway, and perhaps the really true takeaway here is 91 00:05:05.310 --> 00:05:12.750 really sort of the way that the EO discusses cryptocurrency. You 92 00:05:12.750 --> 00:05:15.390 know, I think a lot of times we hear about the illicit finance 93 00:05:15.390 --> 00:05:19.830 risks, and the systemic risks and stable coin runs. And that's 94 00:05:19.830 --> 00:05:22.770 all in there. But really, there's a lot of time spent on 95 00:05:22.770 --> 00:05:26.400 the power and promise of the technology, and the importance 96 00:05:26.400 --> 00:05:29.730 of the US being a leader in the space, which really sort of if I 97 00:05:29.730 --> 00:05:33.000 have one takeaway from all of this, it's that, hey, we're way 98 00:05:33.000 --> 00:05:36.420 past the age of, hey, maybe we should ban cryptocurrency, or 99 00:05:36.420 --> 00:05:40.950 some version of that, to hey, we should regulate in a coordinated 100 00:05:40.950 --> 00:05:44.130 responsible way. Because there's really great promise to this 101 00:05:44.130 --> 00:05:49.440 technology, if it's harnessed appropriately. And, surprised 102 00:05:49.440 --> 00:05:51.870 might not be entirely appropriate, but I was surprised 103 00:05:52.080 --> 00:05:56.340 about I think the level of thoughtfulness around that point 104 00:05:56.400 --> 00:06:00.150 that this isn't, you know, there aren't just risks and 105 00:06:00.150 --> 00:06:02.910 challenges. But there's also power and promise here. 106 00:06:04.260 --> 00:06:06.690 Anna Delaney: Very interesting. I know you are diving a bit 107 00:06:06.690 --> 00:06:09.540 deeper into some of these themes with Tom later. So looking 108 00:06:09.540 --> 00:06:12.660 forward to that interview. But just quickly, I mean, there's 109 00:06:12.660 --> 00:06:17.160 been talk about the timing of this EO. I know, it's been in 110 00:06:17.160 --> 00:06:19.560 the works for some months. But do you think it's been 111 00:06:19.560 --> 00:06:22.590 accelerated in any way because of events in Ukraine? 112 00:06:22.000 --> 00:06:24.761 Ari Redbord: I don't think so. You know, I think if this was, 113 00:06:24.819 --> 00:06:28.328 you know, a few months or a year ago, or six months or a year 114 00:06:28.386 --> 00:06:31.377 ago, I think we'd be talking about sort of, hey, are 115 00:06:31.435 --> 00:06:34.887 regulators going to be thinking differently about, you know, 116 00:06:34.944 --> 00:06:38.051 regulating in the crypto space because of sanctions or 117 00:06:38.109 --> 00:06:41.503 potential sanctions evasion? I think we're beyond that now, 118 00:06:41.561 --> 00:06:45.243 where you have, I think this EO has been in the works for really 119 00:06:45.300 --> 00:06:48.580 quite some time, and maybe was even put on hold for a few 120 00:06:48.637 --> 00:06:52.032 weeks, just given the situation in Ukraine. But no, I think 121 00:06:52.089 --> 00:06:55.311 that, you know, I think one thing that this EO certainly 122 00:06:55.369 --> 00:06:58.993 hammers home is the importance of coordination. And that means, 123 00:06:59.051 --> 00:07:02.388 you know, public sector, private sector with international 124 00:07:02.445 --> 00:07:06.070 partners, and that does sort of speak to the moment in terms of 125 00:07:06.127 --> 00:07:09.752 Ukraine, right, like, we have to have private businesses harden 126 00:07:09.810 --> 00:07:13.031 cyber defenses, and also make sure that they have robust 127 00:07:13.089 --> 00:07:16.483 compliance controls to stop sanctions evasion, also to work 128 00:07:16.541 --> 00:07:20.281 closely with law enforcement and regulators. So I think that this 129 00:07:20.338 --> 00:07:23.560 idea of sort of a coordinated approach to crypto is very 130 00:07:23.618 --> 00:07:27.012 applicable to kind of this Russian-Ukraine moment. But I do 131 00:07:27.070 --> 00:07:30.752 not think that this was sort of tweaked or sped up as a reaction 132 00:07:30.809 --> 00:07:31.270 to that. 133 00:07:31.810 --> 00:07:34.630 Anna Delaney: Sure. Thanks, Ari, for your insight. That's great. 134 00:07:34.930 --> 00:07:35.980 Over to you, Tom. 135 00:07:35.000 --> 00:07:38.570 Tom Field: Oh, very good. Ari, glad to have you here. As 136 00:07:38.570 --> 00:07:42.440 excited as I am for March Madness and to be back at live 137 00:07:42.440 --> 00:07:44.870 events, of course we have to talk about what's happening in 138 00:07:44.870 --> 00:07:49.520 Ukraine. What role do you see cryptocurrency playing in this 139 00:07:49.520 --> 00:07:53.120 conflict so far on both sides, whether it's potentially 140 00:07:53.120 --> 00:07:56.810 attempting to evade sanctions or from the other side to raise 141 00:07:56.810 --> 00:07:58.430 capital for defense? 142 00:07:59.050 --> 00:08:00.940 Ari Redbord: Yes, sort of starting with the risks, you 143 00:08:00.940 --> 00:08:04.570 know, I think that it's an interesting question. And I 144 00:08:04.570 --> 00:08:06.700 think the answer is a little bit nuanced. And sort of on the one 145 00:08:06.700 --> 00:08:10.360 hand, you know, look, there's not enough cryptocurrency in the 146 00:08:10.360 --> 00:08:14.980 world, for Putin, or Russia, or the Kremlin, right writ large to 147 00:08:15.040 --> 00:08:18.730 use it to evade sanctions. We're talking about hundreds of 148 00:08:18.730 --> 00:08:23.260 billions of dollars, half a trillion or more in frozen and 149 00:08:23.260 --> 00:08:25.930 blocked, potential frozen and blocked central bank assets. 150 00:08:26.020 --> 00:08:28.600 We're talking about 1.5 trillion in trade. And we haven't even 151 00:08:28.600 --> 00:08:32.050 really gotten to serious sanctions in oil and gas yet. We 152 00:08:32.050 --> 00:08:34.750 haven't seen a full country blocking. I mean, there's a lot 153 00:08:34.750 --> 00:08:37.780 that can happen here. But we are talking about, you know, what 154 00:08:37.780 --> 00:08:40.180 will ultimately become sort of the most draconian sanctions 155 00:08:40.180 --> 00:08:42.610 that we have anywhere or, you know, anywhere in the world, I 156 00:08:42.610 --> 00:08:45.040 think it's also important to really know that there's no room 157 00:08:45.040 --> 00:08:48.550 between the United States and its partners in this either. So 158 00:08:48.550 --> 00:08:50.890 there's no circumventing sanctions through, you know, 159 00:08:50.920 --> 00:08:55.990 through Europe or, you know, other allies. So, the question 160 00:08:55.990 --> 00:09:00.490 really becomes, well, how can crypto be used to evade 161 00:09:00.490 --> 00:09:02.590 sanction? I think the answer is look, you know, on Friday, for 162 00:09:02.590 --> 00:09:05.110 example, there was a laundry list of individuals, Russian 163 00:09:05.110 --> 00:09:11.650 oligarchs, who were sanctioned by OFAC and those individuals 164 00:09:11.680 --> 00:09:14.980 don't need to fund a central bank or a government, they don't 165 00:09:14.980 --> 00:09:19.990 need to, you know, fund a really more and more expensive war. 166 00:09:20.050 --> 00:09:22.600 They just need to kind of try to live the lifestyle to which 167 00:09:22.600 --> 00:09:27.460 they've become accustomed. And they will try to use crypto to 168 00:09:27.460 --> 00:09:32.740 circumvent US sanctions. And I say that because they have a 169 00:09:32.740 --> 00:09:35.980 history of using every kind of money laundering technique to 170 00:09:36.010 --> 00:09:38.680 evade US sanctions. You know, there's a long history of 171 00:09:38.680 --> 00:09:42.580 sanctions in Russia from Crimea to Russian election 172 00:09:42.580 --> 00:09:45.550 interference, and it's kind of the newest iteration of that. I 173 00:09:45.550 --> 00:09:49.900 think crypto will play a small role in sort of how those actors 174 00:09:50.140 --> 00:09:54.370 ultimately are able to attempt to evade sanctions, along with 175 00:09:54.490 --> 00:09:58.750 shell companies and high end art, and, you know, all these 176 00:09:58.750 --> 00:10:01.930 other sort of techniques that Russian actors have used for 177 00:10:01.930 --> 00:10:05.410 years. I'll finish by just saying that, you know, part of 178 00:10:05.410 --> 00:10:08.050 the reason why crypto is not good for sanctions evasion is 179 00:10:08.050 --> 00:10:11.860 because the large compliant exchanges, sort of the ones we 180 00:10:11.860 --> 00:10:14.650 know the Superbowl advertising exchanges will call them right, 181 00:10:15.310 --> 00:10:19.060 where most of the liquidity is, they have really robust 182 00:10:19.060 --> 00:10:21.070 compliance controls in place. They have policies and 183 00:10:21.070 --> 00:10:23.860 procedures, they have compliance professionals, they file 184 00:10:23.860 --> 00:10:27.820 suspicious activity reports, they use tools like TRM to 185 00:10:27.820 --> 00:10:31.780 monitor transactions and screen wallets. So actors will be 186 00:10:31.780 --> 00:10:36.370 looking to sort of what I would call the illicit underbelly of 187 00:10:36.370 --> 00:10:41.320 sort of larger crypto ecosystem. And those are virtual asset 188 00:10:41.350 --> 00:10:44.590 service providers or exchanges that don't have compliance 189 00:10:44.590 --> 00:10:48.310 controls in place. And, you know, there's a history of this 190 00:10:48.310 --> 00:10:52.510 too. Treasury, about six months ago, designated two Russian 191 00:10:52.510 --> 00:10:55.720 cryptocurrency exchanges for not having compliance controls in 192 00:10:55.720 --> 00:10:59.860 place: Suex and Chatex. And Russian actors will be looking 193 00:10:59.860 --> 00:11:03.190 for sort of what are the next Suexes and Chatexes of the world 194 00:11:03.190 --> 00:11:05.680 that we can launder funds through. And I think you'll also 195 00:11:05.680 --> 00:11:09.730 see those as a target for the US government and, you know, 196 00:11:09.730 --> 00:11:12.250 partners over the course of the next few weeks and months as 197 00:11:12.250 --> 00:11:12.610 well. 198 00:11:13.240 --> 00:11:15.010 Tom Field: Very good. Matt, I know you've got a question as 199 00:11:15.010 --> 00:11:15.310 well. 200 00:11:16.650 --> 00:11:18.720 Matthew Schwartz: Definitely! So much to discuss. Great to have 201 00:11:18.720 --> 00:11:23.100 you here, Ari. And I like to start at least with Russia's 202 00:11:23.100 --> 00:11:28.560 invasion of Ukraine. And as that has been continuing, it seems to 203 00:11:28.560 --> 00:11:31.680 me that it complicates the already ethically fraught 204 00:11:31.710 --> 00:11:36.540 question of to pay or to not pay a ransom. Obviously, we know 205 00:11:36.540 --> 00:11:41.640 this is often a business decision. But I wonder if there 206 00:11:41.640 --> 00:11:44.910 are some additional forces at play now. You have a group like 207 00:11:44.910 --> 00:11:50.370 Conti. We've seen leaks of their Jabber chat logs, discussing all 208 00:11:50.370 --> 00:11:54.210 manner of things. And the group's also come out to say, 209 00:11:54.240 --> 00:11:57.750 initially anyway, after the invasion, anybody who seeks to 210 00:11:57.750 --> 00:12:01.470 undermine Russia using cyber attacks, we will target, we will 211 00:12:01.470 --> 00:12:04.350 target your critical infrastructure. Now that message 212 00:12:04.350 --> 00:12:08.160 was quickly deleted. But it's made me wonder if there aren't 213 00:12:08.190 --> 00:12:11.730 some White House lawyers, redrafting their terms of 214 00:12:11.730 --> 00:12:15.840 engagement on the one hand, and on the other, if you're seeing 215 00:12:15.840 --> 00:12:20.220 to be paying through blockchain analysis. Russian ransomware 216 00:12:20.220 --> 00:12:22.920 group, even if it's not sanctioned. That could be an 217 00:12:22.920 --> 00:12:25.110 uncomfortable place to be at the moment. 218 00:12:25.480 --> 00:12:28.180 Ari Redbord: Yeah, no, I think it speaks probably, maybe 219 00:12:28.180 --> 00:12:31.870 slightly less to sort of whether we need to ban ransom payments 220 00:12:31.870 --> 00:12:34.090 and more to sort of the controls that you really need to have in 221 00:12:34.090 --> 00:12:38.740 place. Now more than ever, I mean, I've been, you know, we 222 00:12:38.770 --> 00:12:40.960 been talking about cryptocurrency compliance, you 223 00:12:40.960 --> 00:12:45.250 know, for years. I think it's sort of like, potentially like a 224 00:12:45.280 --> 00:12:48.280 credibly important moment. And that is the same for sort of any 225 00:12:48.280 --> 00:12:51.040 compliance professionals at a financial institution, or any 226 00:12:51.040 --> 00:12:53.290 business that's going to be potentially paying a ransom. So 227 00:12:53.350 --> 00:12:56.530 what I think that OFAC would say today around sanctions is like, 228 00:12:56.650 --> 00:13:01.840 hey, look, we don't want you to pay a ransom. But if it is a 229 00:13:01.840 --> 00:13:04.720 critical business decision that you need to make, you need to 230 00:13:04.720 --> 00:13:08.080 work closely with law enforcement, you need to, you 231 00:13:08.080 --> 00:13:11.200 know, advise law enforcement at the earliest possible time. And 232 00:13:11.200 --> 00:13:15.520 then you need to ensure that you are not opening yourself up to 233 00:13:15.520 --> 00:13:18.070 sanctions exposure. And I think that, you know, one thing I've 234 00:13:18.070 --> 00:13:21.610 been pretty impressed over the last year is, you know, OFAC, 235 00:13:21.610 --> 00:13:24.280 Treasury writ large has just done a pretty decent job of 236 00:13:24.280 --> 00:13:27.250 pushing guidance out. And obviously, my focus is the 237 00:13:27.250 --> 00:13:29.710 cryptocurrency industry. But this is much larger than that, 238 00:13:29.830 --> 00:13:33.580 potentially. But really sort of like how you can avoid sanctions 239 00:13:33.580 --> 00:13:37.090 exposure, you know, even in the context of paying a ransom. I 240 00:13:37.090 --> 00:13:40.420 think that sort of like, we just need to continue to, you know, 241 00:13:40.690 --> 00:13:43.060 harden cyber defenses, right. So this doesn't happen in the first 242 00:13:43.060 --> 00:13:45.970 place, which I know is a little naive, but I think there's a lot 243 00:13:45.970 --> 00:13:49.720 that still can be done. And then I think is to ensure that we're 244 00:13:49.720 --> 00:13:52.330 working really closely with law enforcement, if you're, you 245 00:13:52.330 --> 00:13:55.060 know, a lawyer at a large financial institution that's hit 246 00:13:55.060 --> 00:13:58.840 or some other sort of company. I don't know that we're going to 247 00:13:58.840 --> 00:14:01.540 get to the point where we're going to ban the payments 248 00:14:01.540 --> 00:14:04.270 themselves. But I think we could potentially get even further 249 00:14:04.270 --> 00:14:07.870 along in this, like, requirements to bring law 250 00:14:07.870 --> 00:14:11.950 enforcement into the conversation, you know, at the 251 00:14:11.950 --> 00:14:12.640 earliest time. 252 00:14:13.450 --> 00:14:15.100 Tom Field: This question might have been answered in part by 253 00:14:15.100 --> 00:14:17.890 what we hear about the executive order. But my question for you 254 00:14:17.890 --> 00:14:21.640 is, where are you seeing leadership among regulatory 255 00:14:21.670 --> 00:14:25.690 agencies anywhere really, to get a handle on the money laundering 256 00:14:25.690 --> 00:14:28.360 possibilities that come with crypto? 257 00:14:27.870 --> 00:14:30.447 Ari Redbord: Yeah, no. It's a great question. You know, I 258 00:14:30.505 --> 00:14:34.079 think that there's really this misconception, there's sort of 259 00:14:34.137 --> 00:14:37.769 this myth around crypto that it is this unregulated Wild West. 260 00:14:37.828 --> 00:14:41.225 And in the United States, at least, it's not even close to 261 00:14:41.284 --> 00:14:44.740 that, right? It is a highly regulated industry. So when you 262 00:14:44.798 --> 00:14:48.489 talk about leadership, and I'm slightly biased given, you know, 263 00:14:48.547 --> 00:14:52.179 the time I spent there, but I think Treasury has really taken, 264 00:14:52.237 --> 00:14:55.635 you know, a forward leaning role, and has for a long time, 265 00:14:55.693 --> 00:14:59.384 which I think is the key here. You're seeing a lot of agencies, 266 00:14:59.442 --> 00:15:03.074 you know, across the interagency take action and publish white 267 00:15:03.133 --> 00:15:06.765 papers. But what people forget is you go back to even prior to 268 00:15:06.823 --> 00:15:10.455 sort of 2019. And FinCEN has had extensive guidance on what is 269 00:15:10.513 --> 00:15:13.735 expected in the crypto compliance space to stop illicit 270 00:15:13.794 --> 00:15:17.250 activity to stop sanctions evasion. And you know, basically 271 00:15:17.308 --> 00:15:20.882 what they say is that if you're a cryptocurrency business, if 272 00:15:20.940 --> 00:15:24.572 you're an exchange, if you're a broker, if you're a custodian, 273 00:15:24.630 --> 00:15:28.028 you need to have compliance controls in place, you need to 274 00:15:28.086 --> 00:15:31.543 have all those things we just talked about. You are a money 275 00:15:31.601 --> 00:15:35.233 service business for purposes of regulation. So to me, there's 276 00:15:35.291 --> 00:15:38.923 not really like, well, it's the Wild West, or there's all this 277 00:15:38.982 --> 00:15:42.203 ambiguity, like, it's really clear that if you are a US 278 00:15:42.262 --> 00:15:45.425 crypto business or doing business with US persons, you 279 00:15:45.484 --> 00:15:49.174 have to have these controls in place to stop illicit finance to 280 00:15:49.233 --> 00:15:52.806 stop sanctions evasion. So I think to me, I guess that's real 281 00:15:52.864 --> 00:15:56.203 leadership. Now, I think what you're seeing maybe in this 282 00:15:56.262 --> 00:15:59.894 executive order today, is sort of a push by the White House to 283 00:15:59.952 --> 00:16:02.940 say, hey, if Congress isn't going to act, you know, 284 00:16:02.998 --> 00:16:06.630 necessarily on this in the short term, we need to figure out a 285 00:16:06.689 --> 00:16:09.969 way to sort of build out a clearer regulatory framework. 286 00:16:10.027 --> 00:16:13.659 You know, we need to ensure that the OCC and the CFTC, and SEC 287 00:16:13.718 --> 00:16:17.115 and the financial regulators are working together on these 288 00:16:17.174 --> 00:16:20.747 issues, as opposed to sort of just taking action or positions 289 00:16:20.806 --> 00:16:24.144 themselves. And I think that that's great. I will say the 290 00:16:24.203 --> 00:16:27.718 other thing is, I feel like maybe when when a directive like 291 00:16:27.776 --> 00:16:30.764 this is coming from the White House, it says to the 292 00:16:30.822 --> 00:16:34.454 regulators, hey, you have our permission to really take action 293 00:16:34.513 --> 00:16:38.027 potentially, in this space. I think that's particularly true 294 00:16:38.086 --> 00:16:41.190 of the Federal Reserve. You know, the Federal Reserve 295 00:16:41.249 --> 00:16:44.705 published a paper a few months ago on Central Bank, digital 296 00:16:44.764 --> 00:16:48.395 currencies, the digital dollar, and basically said, Hey, we're 297 00:16:48.454 --> 00:16:51.910 not doing anything, unless we get orders from the executive 298 00:16:51.968 --> 00:16:55.483 branch or an act of Congress. Well, this is at least part of 299 00:16:55.542 --> 00:16:59.115 that. Right. This is kind of the executive branch calling the 300 00:16:59.173 --> 00:17:02.571 need to study a central bank digital currency, urgent. You 301 00:17:02.629 --> 00:17:06.320 know, so I think that that is at least a jumping off point to a 302 00:17:06.378 --> 00:17:07.609 broader conversation. 303 00:17:07.030 --> 00:17:09.160 Tom Field: Good. Matthew, your witness. 304 00:17:11.020 --> 00:17:12.520 Ari Redbord: I am the prosecutor, guys. 305 00:17:13.900 --> 00:17:16.150 Matthew Schwartz: I was gonna say, that's not the vibe we're 306 00:17:16.150 --> 00:17:23.740 going for here. Could you speak a bit more, if you would, about 307 00:17:23.740 --> 00:17:27.970 the latest FinCEN guidance? I think it's interesting that 308 00:17:27.970 --> 00:17:31.690 they've been a bit more detailed, when they're speaking 309 00:17:31.690 --> 00:17:35.770 to, I am not going to get their terminology, right, but the 310 00:17:35.770 --> 00:17:39.730 money moving businesses, about what ransomware looks like, and 311 00:17:39.730 --> 00:17:44.200 when you need to inform them. And that's a lead into, does 312 00:17:44.200 --> 00:17:46.810 this help firms such as yourself, get better 313 00:17:46.810 --> 00:17:52.180 intelligence on what is going on from a not legal perspective? 314 00:17:52.330 --> 00:17:53.950 Ari Redbord: Look, I think FinCEN has done a really good 315 00:17:53.950 --> 00:17:58.210 job over the course of the last, you know, couple of years on 316 00:17:58.210 --> 00:18:00.970 really kind of pushing out as much advisories and guidances as 317 00:18:00.970 --> 00:18:04.990 they can to the private sector. We even saw yesterday, I believe 318 00:18:04.990 --> 00:18:08.170 it's yesterday, I've my days are like, you know, completely 319 00:18:08.170 --> 00:18:10.930 combined with each other at this point. But, yesterday FinCEN put 320 00:18:10.930 --> 00:18:14.290 out some guidance on what are red flags for Russia's sanctions 321 00:18:14.290 --> 00:18:18.460 evasion. And they were very, very helpful. You know, 322 00:18:18.460 --> 00:18:20.860 obviously, again, my focus is in the crypto space, and they spoke 323 00:18:20.860 --> 00:18:23.470 directly to cryptocurrency businesses and said, hey, you 324 00:18:23.470 --> 00:18:26.530 know, if you're seeing IP address from, you know, Russia, 325 00:18:26.530 --> 00:18:31.390 from Ukraine, from Belarus from, you know, countries like Iran 326 00:18:31.390 --> 00:18:35.170 and North Korea, you know, you need to be especially careful 327 00:18:35.170 --> 00:18:39.250 and, you know, enumerated a bunch of other red flags as 328 00:18:39.250 --> 00:18:42.070 well. But this is just an example. And I felt like it was 329 00:18:42.070 --> 00:18:44.680 a pretty nimble example, you know, like, this is stuff that 330 00:18:44.680 --> 00:18:47.470 is really top of mind. This has been going on for just a week or 331 00:18:47.470 --> 00:18:50.770 so. And FinCEN comes out with red flags to industry. I think 332 00:18:50.770 --> 00:18:53.650 it's really the same on ransomware. I think that that 333 00:18:53.650 --> 00:18:56.920 FinCEN has done a pretty good job. And I think what I think is 334 00:18:56.950 --> 00:18:59.950 relatively new over the last, you know, five or eight years, 335 00:19:00.190 --> 00:19:03.760 is this idea that we should be constantly engaging the private 336 00:19:03.760 --> 00:19:06.100 sector. And I think it's this acknowledgement that the private 337 00:19:06.100 --> 00:19:07.960 sector is such an important piece of this because look, I 338 00:19:07.960 --> 00:19:11.350 mean, Matt, to your question, the private sector are the 339 00:19:11.350 --> 00:19:13.660 victims in these in these attacks and the ransomware 340 00:19:13.660 --> 00:19:17.470 attacks and you know, you need to work really closely with them 341 00:19:17.470 --> 00:19:20.080 to get the information that you need, you know, ensure they're 342 00:19:20.080 --> 00:19:22.780 filing the right SARs, because it's not just filing SARs, it's 343 00:19:22.780 --> 00:19:24.730 what you put in them. The meat that you put in them that's so 344 00:19:24.730 --> 00:19:29.260 important. So I think we've been seeing a really good job from 345 00:19:29.260 --> 00:19:31.720 FinCEN over the last few years about pushing out advisories and 346 00:19:31.720 --> 00:19:33.310 guidance and the same could be said of OFAC. 347 00:19:34.770 --> 00:19:36.720 Matthew Schwartz: Fantastic. So building on the AML and I know 348 00:19:36.720 --> 00:19:41.070 your customer guidance and requirements and just continuing 349 00:19:41.070 --> 00:19:42.810 to hone in I suppose. That's great they've got that 350 00:19:42.810 --> 00:19:43.230 foundation. 351 00:19:43.000 --> 00:19:44.470 Ari Redbord: Yeah. You know, like if you're a compliance 352 00:19:44.470 --> 00:19:46.810 officer, this stuff is catnip, right? I mean, like, all you 353 00:19:46.810 --> 00:19:50.080 want is your regulator to tell you what you should be looking 354 00:19:50.080 --> 00:19:53.800 for. And it's so incredibly helpful. And I think regulators 355 00:19:53.800 --> 00:19:55.870 haven't always been this way. But I think at Treasury, there's 356 00:19:55.870 --> 00:19:59.380 been a specific impetus and I can tell you specifically when I 357 00:19:59.380 --> 00:20:01.600 was at Treasury We talked about this all the time is the 358 00:20:01.600 --> 00:20:05.410 importance to continue to push out advisories and guidance and 359 00:20:05.740 --> 00:20:11.170 FAQs. You know, OFAC put out this great brochure that was 360 00:20:11.170 --> 00:20:15.520 even like had great sort of production value, I want to say 361 00:20:15.520 --> 00:20:19.420 it was like October, on what cryptocurrency businesses can do 362 00:20:19.570 --> 00:20:21.820 to mitigate the threat of sanctions exposure? And it's 363 00:20:21.820 --> 00:20:25.240 like, yes, I mean, part of this is marketing, right? Like you 364 00:20:25.240 --> 00:20:28.360 need to reach out to folks to tell them sort of what to do and 365 00:20:28.360 --> 00:20:31.480 what you expect. And it's been pretty impressive. 366 00:20:33.610 --> 00:20:36.730 Anna Delaney: Ari, revisiting the role of cryptocurrency in 367 00:20:36.730 --> 00:20:39.910 the Ukraine-Russia war, I mean, they seen the likes of Binance, 368 00:20:39.940 --> 00:20:43.450 Coinbase working to block transactions made by sanctioned 369 00:20:43.450 --> 00:20:47.410 individuals. But if we just look back at the short history of 370 00:20:47.440 --> 00:20:51.730 cryptocurrencies, the ethos behind them was neutrality. Do 371 00:20:51.730 --> 00:20:55.030 you think the war marks the end of the sort of spirit of 372 00:20:55.090 --> 00:20:55.840 neutrality? 373 00:20:56.290 --> 00:20:57.880 Ari Redbord: No, I think quite the opposite. I mean, like, I 374 00:20:57.880 --> 00:20:59.950 think what I didn't get into, Tom had a two part question. I 375 00:20:59.950 --> 00:21:04.870 think I only answered one part. I think what we've also seen is 376 00:21:05.110 --> 00:21:07.300 arguably like the most meaningful use case for 377 00:21:07.300 --> 00:21:11.380 cryptocurrency that we've ever seen in the Ukraine context. And 378 00:21:11.380 --> 00:21:14.500 to me, that speaks exactly to the democratization of Finance 379 00:21:14.500 --> 00:21:17.950 too, you know, this cross border value transfer at the speed of 380 00:21:17.950 --> 00:21:23.650 the Internet for good. And, you know, and it's not just crypto, 381 00:21:23.650 --> 00:21:26.860 it's social media, and the information age and all this new 382 00:21:26.860 --> 00:21:29.440 technology, right? Like, I think even I don't remember who it 383 00:21:29.440 --> 00:21:32.230 was, but a Ukrainian official the other day called Twitter, an 384 00:21:32.230 --> 00:21:34.510 important part of their war effort. I mean, that's just 385 00:21:34.810 --> 00:21:37.480 astounding, and you talking about, you know, 15 million or 386 00:21:37.480 --> 00:21:40.480 more dollars raised in cryptocurrency to buy, you know, 387 00:21:40.480 --> 00:21:44.020 weapons, but also, you know, for medical supplies and things. I 388 00:21:44.020 --> 00:21:47.440 mean, that's pretty awesome. And it's been able to be done very 389 00:21:47.440 --> 00:21:49.330 quickly, because of the nature of crypto and the sort of 390 00:21:49.330 --> 00:21:52.090 decentralized piece of that. So no, I'd say that sort of the 391 00:21:52.090 --> 00:21:55.300 ethos is very, very much alive. But I think what's also 392 00:21:55.300 --> 00:21:59.680 important is that when you have a giant, decentralized, 393 00:21:59.980 --> 00:22:04.420 democratic financial system, that you also build, that the 394 00:22:04.600 --> 00:22:08.800 AML, the anti-sanctions evasion, that is fundamental 395 00:22:08.800 --> 00:22:13.330 infrastructure for this to work. And I think that's also really, 396 00:22:13.330 --> 00:22:15.820 really important. So on the one hand, you want that open 397 00:22:15.820 --> 00:22:18.970 democratic system, but on the other hand, you really need the 398 00:22:18.970 --> 00:22:24.340 tools in place to mitigate these risks. Just look, I mean, in the 399 00:22:24.340 --> 00:22:27.970 age of the internet, you know, a hack meant the loss of, you 400 00:22:27.970 --> 00:22:32.170 know, usernames and passwords. In the age of crypto, you're 401 00:22:32.170 --> 00:22:34.630 talking about the loss of life savings, or closing a small 402 00:22:34.630 --> 00:22:37.330 business, potentially, you know, it's bank robbery at the speed 403 00:22:37.330 --> 00:22:40.240 of the Internet. So, as important as everyone in the 404 00:22:40.240 --> 00:22:43.840 space wants this kind of open system, where there's a lack of 405 00:22:43.840 --> 00:22:48.400 regulation, or lack of, you know, tools. Nobody wants that. 406 00:22:48.730 --> 00:22:50.890 And I think it's really important at the end of the day 407 00:22:50.890 --> 00:22:53.350 to kind of know that, like, we're all building the trust 408 00:22:53.350 --> 00:22:56.830 layer. And that's just part of this kind of overall crypto 409 00:22:56.830 --> 00:22:57.430 ecosystem. 410 00:22:58.860 --> 00:23:01.530 Anna Delaney: Fascinating, Ari, thank you very much. Well, just 411 00:23:01.530 --> 00:23:04.440 quickly, at the end, without a doubt, Ari, you are fine 412 00:23:04.440 --> 00:23:07.980 commentator and educator in all things crypto, legal and 413 00:23:07.980 --> 00:23:12.150 government affairs, it is true. But you also post regularly on 414 00:23:12.240 --> 00:23:16.410 sport, hence your background. And so this inspired my final 415 00:23:16.410 --> 00:23:20.040 question. What parallels can we draw between sport and 416 00:23:20.040 --> 00:23:20.940 cybersecurity? 417 00:23:21.440 --> 00:23:24.830 Ari Redbord: Awesome, absolutely. So I'm at Duke 418 00:23:24.830 --> 00:23:27.410 today, as you can see, in Cameron Indoor Stadium, and 419 00:23:28.220 --> 00:23:32.540 Coach K, Mike Krzyzewski, who is arguably I wouldn't even think 420 00:23:32.540 --> 00:23:35.540 arguably, the greatest coach, you know, in the history of 421 00:23:35.540 --> 00:23:38.240 sports, the winningest basketball coach, you know, 422 00:23:38.270 --> 00:23:42.470 multiple gold medals, NCA championships, he talks all the 423 00:23:42.470 --> 00:23:47.300 time about teamwork and great teams. And he uses the analogy 424 00:23:47.300 --> 00:23:51.350 of a fist. And what Coach K has always said to his team is that, 425 00:23:51.410 --> 00:23:54.740 you know, you take your sort of five players on the court, and, 426 00:23:54.770 --> 00:23:59.240 you know, if you hit someone with that open hand, you know, 427 00:23:59.240 --> 00:24:02.600 it's very weak. But when you bring those those together as a 428 00:24:02.600 --> 00:24:06.950 team, that's where your strength lies. And I would say it's true, 429 00:24:06.950 --> 00:24:09.500 also, from my experience, you know, working in law 430 00:24:09.500 --> 00:24:13.010 enforcement, and, you know, really across the interagency. 431 00:24:13.160 --> 00:24:16.220 When great teams are put together to address these 432 00:24:16.220 --> 00:24:19.400 problems, public sector and private sector, that's when you 433 00:24:19.400 --> 00:24:23.060 have the most impact. And, you know, I think we see that in a 434 00:24:23.060 --> 00:24:26.360 bunch of recent sort of cryptocurrency actions, and we 435 00:24:26.360 --> 00:24:28.460 definitely see it in context of all really what we're talking 436 00:24:28.460 --> 00:24:31.610 about today. You even see it in this EO, right. This EO is a 437 00:24:31.610 --> 00:24:35.960 call for folks to come together and build a regulatory framework 438 00:24:36.110 --> 00:24:38.570 and to sort of stop being the fingers and start being the 439 00:24:38.570 --> 00:24:41.510 fist. So that's my sports analogy for today. 440 00:24:41.639 --> 00:24:44.159 Anna Delaney: Love that. Love that. Tom. What's yours? 441 00:24:44.870 --> 00:24:47.690 Tom Field: I'm gonna quote from a quote that's attributed to 442 00:24:47.720 --> 00:24:52.490 former UCLA basketball great, John Wooden, who says that, if 443 00:24:52.490 --> 00:24:57.680 you fail to prepare, then you prepare to fail. I think it's 444 00:24:57.680 --> 00:24:59.150 very appropriate to cybersecurity. 445 00:24:59.990 --> 00:25:02.630 Ari Redbord: Very well said. Yeah. And the second greatest 446 00:25:02.630 --> 00:25:04.070 basketball coach of all time, likely. 447 00:25:05.180 --> 00:25:08.630 Tom Field: We may continue this conversation. 448 00:25:06.606 --> 00:25:11.790 Ari Redbord: He's fabulous. 449 00:25:11.450 --> 00:25:14.000 Anna Delaney: Matt, do you have a quote for us? I don't. 450 00:25:15.020 --> 00:25:17.810 Matthew Schwartz: I didn't get the basketball quotation memo, 451 00:25:17.810 --> 00:25:23.330 I'm afraid. But what I was thinking is just so many 452 00:25:23.330 --> 00:25:26.720 different ways to come out this, but I was thinking just of the 453 00:25:26.750 --> 00:25:29.930 heptathlon. One of these events where you have to do everything 454 00:25:29.930 --> 00:25:36.770 extremely well over, you know, a diverse set of requirements, if 455 00:25:36.770 --> 00:25:38.630 you will. And it just seemed like a good metaphor to me for 456 00:25:38.630 --> 00:25:43.070 cybersecurity. Does it work for the group, the individual, you 457 00:25:43.070 --> 00:25:45.680 got to work with me here a little bit, but just that need 458 00:25:45.680 --> 00:25:50.060 to not fall down on any given front, but to train in depth for 459 00:25:50.060 --> 00:25:53.090 all of them if you're going to be overall successful. 460 00:25:53.750 --> 00:25:56.510 Anna Delaney: Great. And I'll just state the obvious. Studying 461 00:25:56.510 --> 00:26:00.800 your enemy, you know, analyzing the opponents, their tactics and 462 00:26:01.100 --> 00:26:04.940 maybe nullifying them and using them to your advantage. So, we 463 00:26:04.940 --> 00:26:08.450 could we could have a whole session on this, can't we? But, 464 00:26:08.450 --> 00:26:11.960 Ari, we've taken up your time. Thank you very much for being 465 00:26:11.960 --> 00:26:14.300 with us. It's been brilliant. Thank you so much for your 466 00:26:14.300 --> 00:26:14.660 insight. 467 00:26:15.200 --> 00:26:16.370 Ari Redbord: Thank you so much for having me. 468 00:26:17.150 --> 00:26:19.670 Anna Delaney: And Tom and Matt, as always, thank you very much. 469 00:26:19.700 --> 00:26:23.750 Thank you, audience for watching. Until next time,