The ECB did an investigation into the risks of crypto-currencies (pdf) (which they call virtual currencies — too broad a term in my opinion). FT Alphaville spotted it and pointed out this awesome table of seventy different risks (on page 22 in the pdf). Each one applies to a certain group of people involved or affected by cryptocurrencies. Some of these are exaggerated, some a bit understated, I think a couple are missing and a few are complete nonsense. Here’s my notes with the ‘threat levels’ I think they should be changed to:
Risks to VC users
- User’s computing capacity is abused for the mining benefit of others (A07): Low –> High This really concerns not just ‘users of cryptocurrencies’ but Internet users in general. You don’t have to be a Bitcoin user to have this done to you.
- User suffers loss due to changes made to the VC protocol and other core components (A08): High –> Medium Has this ever happened?
- User is not in a position to identify and assess the risks arising from VCs (A09): Low –> High This chart sets out 35 different risks which VC users face (and I argue they have missed some). Do most users have a good overview of all of them?
- Market participants suffer losses of VC units held in custody by others (A17): Medium –> High Medium? Really? This has happened dozens of times, and is the key complaint by disillusioned cryptocurrency users.
- User suffers loss when VC payment they have made to purchase a good is incorrectly debited from their e-wallet (A24): High –> Medium? I’m not sure what mechanism they are talking about here? Fat-finger by the user? (quite possible but avoidable with some basic precautions) Software failure of wallets?
- User suffers loss as a result of VC prices being manipulated (A41): High –> Low? Is this really a big problem for the average user (except for pump-and-dump in minor altcoins – so-called ‘scamcoins’)? Is it different from or more prevalent than penny stock manipulation? How exactly are prices being or subject to be manipulated?
- User investing in regulated financial instruments (eg derivatives, SPS, CIS) using unregulated VCs suffers unexpected loss (A42): Medium –> ? Why do people use cryptocurrencies to invest in regulated instruments? Regulatory arbitrage, or a misunderstanding of how they are transacting? Does this affect what level of protection they should have? I’m not sure exactly what the ‘unexpected loss’ here is, or how it differs from other investment risks.
- User suffers loss when investing in fraudulent VC investment schemes (A44): Medium –> High Arguably caveat emptor applies to people using cryptocurrencies to gamble and do other forms of speculation that they can’t do lawfully using fiat. However, this has been and will be a big problem – there is an ecosystem of VC-denominated shares (ie in mining ventures) and derivatives (mainly but not exclusively against cryptocurrency prices) which is pretty lawless.
- User suffers loss when investing in fraudulent VC investment schemes (A45): Medium –> High Is this considered Medium because it doesn’t happen much, or because it is considered part of the risk-reward profile of VCs?
- User is exploited by a VC Ponzi scheme (A47): Medium –> Spurious Not sure how this is different from A44?
- Key guessing : Missing –> Medium This does happen when ‘brain wallets’ are used with weak passphrases, or wallet generators have weak random number generation. Worth mentioning as it is different to A11 and often unexpected by users.
- Users are unable to understand the difference between VC held in custody for them by third parties, and personally held by them using a key : Missing –> High This is massively prevalent, and it leads to people making bad decisions about where and how to store their money. Tbf can apply to fiat too (users of money are unable to understand the difference between cash, bank money, and other financial assets).
Risks to VC market participants
- Exchange is operationally unable to fulfil payment obligations denominated in VCs or FCs. (B11): Medium –> High This has been known to happen, to say the least.
- Exchange is not in control of its operation (B11): Medium –> High This too has been known to happen.
- E-wallet provider faces loss should their refund policy be adused to hedge transactions (B13): Medium –> I think they are talking about people getting a ‘free option’ by being able to reverse transactions. I don’t know what it has to do with ‘hedging’ but it is real and basically unavoidable for some providers. A balancing act being being picked off, and alienating newbies by having very strict/onerous refund policies.
- After accepting VC for payment, merchant is not reimbursed (B21): Medium –> Low Basically the counterparty risk of BitPay or similar. I don’t think this is a big deal – BitPay are regulated and have a lot to lose. Similar to the risk of doing business with eBay, PayPal, etc.
- Merchant faces compensation claims from customers if transactions have been wrongly debited (B24): Medium –> Low Like A24 it is a bit nebulous how exactly this is supposed to happen. Besides, ‘facing a claim’ isn’t the same as facing a loss – anyone can claim anything really.
- Scheme governance authority is subject to unexpected civil/criminal liability that brings the VC scheme to a halt (B33): Medium –> High This is massive and has happened several times.
Risks to financial integrity
- Criminals are able to launder the proceeds of crime because the can deposit/transfer VCs anonymously (C01): High –> High
- Criminals are able to launder the proceeds of crime because they can deposit/transfer VCs globally, rapidly and irrevocably (C02): High –> Spurious This is exactly the same as C01.
- Criminals/terrorists use the VC remittance systems and accounts for financing purposes (C03): High –> Spurious This is basically the same as C01 and C02 – criminals can pay each other secretly. Not sure why the fact that it’s ‘financing’ makes a difference.
- Criminals/terrorists disguise the origins of criminal proceeds, undermining the ability of enforcement to obtain evidence and recover criminal assets. (C04): High –> Spurious Ok. Central banks and governments would like to know where everyone’s money is going. Fair enough. This is why the crime of ‘money laundering’, which might be considered a victimless crime, part of other crime but not a crime in itself, or lawful behavior functionally indistinguishable from completely innocuous acts, exists. Now, cryptocurrencies endanger that to a certain extent. This could be a very bad thing, especially for some online crime like child pornography or extortion where the money is the weak link in concealing the identities of the perpetrators. Nonetheless, it is somewhat exaggerated to have 4 very very similar risks, all ‘High’. Note that the inclusion of terrorists in this risk is pretty sketchy – terrorists don’t usually have ‘proceeds’, and aren’t often subject to asset recoveries.
- Market participants are controlled by criminals, terrorists or related organizations (C05): High –> High This is a real risk. If organized crime aren’t already involved in Bitcoin enterprises then they should be. (Undoubtedly the same mythical terrorists who allegedly fund themselves through DVD piracy and cigarette smuggling are also involved in this stuff. [hmm])
- Criminal uses VC exchanges to trade illegal commodities and abuse regulated financial sector at point of entry (C11): High –> Spurious A bit like C01, C02, C03 and C04. Criminals can pay each other secretly. When they change the crypto into fiat, no-one knows where it might have come from. This isn’t a threat to the financial system, it’s a threat to AML.
- Restorative justice of victims of crime is hindered by criminal using VCs to avoid seizure of assets, confiscation and financial sanctions (C12): High –> Spurious Those pesky criminals! Not only do they steal and cheat, afterwards they try to conceal the money they got rather than hand it back.
- Criminal can use VCs for anonymous extortions (C13 ): High –> High This is massive. It will enable lots and lots of extortion which was previously hard to do undetected, from corporate DDoS to blackmail of individuals over stolen or blagged intimate photos etc. Cryptocurrencies are the final link in a chain that includes email, TOR, etc. Basically there are two parts to VC payments for criminals – criminals paying each other, essentially ‘digi-cash’, and criminals being able to receive payments from non-criminals anonymously, which is a game-changer.
- Criminal organisations can use VCs to settle internal or inter-organizational payments (C14): High –> Spurious ‘Criminals can pay each other secretly.’
- Hacking of VC software, wallets or exchanges allows a criminal to implicate others in the criminal activity they commit. (C16): Medium –> Low Not really different to botnets/rootkits, hacking email accounts or stealing WiFi, and arguably more difficult.
- Criminals, terrorist financiers and even entire jurisdictions are able to avoid seizure of assets, confiscation, embargoes and financial sanctions (incl. those imposed by IGOs) (C17): Medium –> ? A redundant part (criminals can pay each other secretly!) and a sinister part (we should be able to outlaw whole countries from the money system). Only one country ever tries to do this, and whether or not it’s a good idea is debatable.
- Tax evaders are able to obtain income in VCs, outside monitored FC payment systems (C19): Medium –> High This is a massive use case of cryptocurrencies as a cash substitute.
Risks to fiat currency payment system providers
- FC payment systems which don’t use VC face competition from VC systems because users don’t understand the drawbacks of unregulated VC. : Missing –> High This might sound sarcastic, but I think it’s the biggest risk for FC payment systems. It could be easy for people to start using Bitcoin instead of Western Union, without having a good notion of what support/guarantees they are getting from WU that might justify a higher fee. Of course fiat-based payment systems also fear disruption because they want to collect monopoly rents, so perhaps they need to make those benefits more obvious and better value.
Risks to regulatory authorities
- Should VCs gain widespread acceptance, central bank as issuer or FC can no longer steer the economy, as the impact of its monetary measure becomes difficult to predict. (E31): Low –> Ha ha, not funny Joseph Cotterill spotted this one. Perhaps this is a low (rather than existential) risk for the ECB because it’s not considered very likely to happen? The Portugese youth unemployment rate will remain safely steered to an optimal 58%. Joking aside, this is pretty spurious – it applies equally to all other forms of private balance sheet creation such as most derivatives, and bubbles in housing and other assets. CBs don’t have to control all of these – they just have to be able to measure them to understand the relationship with those things they do control. Cryptocurrencies are in fact surprisingly easy to measure – confidence in the system relies on knowning exactly how many coin there are.