Joby Carpenter: Analyzing the Threats and Risks Associated with Crypto Assets

Joby Carpenter

ACAMS Today interviewed Joby Carpenter, an ACAMS staff member and authority on crypto assets, illicit finance and emerging threats. Carpenter discussed a range of topics, including his background in the U.K. government, the challenges facing governments throughout the world regarding crypto assets regulation and the ever-evolving threat environment presented by the release of new crypto assets. With nearly 20 years of experience in strategic policymaking, critical thinking and threat and risk analysis within the U.K. government, intelligence and regulatory spaces, he is currently a consultant and a global subject-matter expert for ACAMS in the areas of crypto assets and illicit finance. Before joining ACAMS, Carpenter managed the Financial Conduct Authority’s Strategic Assessment Team in the U.K., where he supervised a group of analysts who conducted high-quality intelligence reporting on money laundering, fraud, market abuse, corruption and other criminal activity taking place within the regulated sector. More recently, Carpenter has authored a number of thought leadership pieces focused on crypto assets, their regulatory framework, the threat environment and crypto asset business models. He has also published articles exploring the value of threat analysis and intelligence sharing.

ACAMS Today (AT): How did your background working with the U.K. government prepare you for your current role at ACAMS? What aspects of your current position do you enjoy the most?

Joby Carpenter (JC): My experience working in roles across intelligence, policy and regulation was centered on identifying, analyzing and explaining financial crime and other national security threats to those required to respond to such issues. The process of threat analysis is well-embedded across the counterterrorism, economic crime and military ecospheres and plays a vital part in allowing the government to dictate its reaction to these issues. Many of the issues considered by the national security community are applicable to anti-money laundering/counter-terrorist financing (AML/CTF) practitioners and decision-makers and this provides me with my greatest satisfaction—enabling ACAMS members to understand the threat, think about it critically, and respond to it appropriately through a range of mitigating measures.

AT: You have a background in crypto assets analysis and regulation. In your opinion, what is the biggest challenge that governments worldwide will have to face when implementing and strengthening their crypto assets regulation?

JC: The problem is twofold. First, the pace of technological change and adoption often outstrips the regulatory and policy response, which has knock-on implications for consumers, market integrity and national security. We saw this in the development of crypto assets which quickly evolved from their early association with Silk Road and illicit activity to an investment vehicle, payment technology and institutionally adopted technology. This has left regulators racing to catch up with the resulting issues raised, including fraud, money laundering and cybercrime.

The second issue is the trade-off between prosperity, investment in technology, and supporting entrepreneurship with inevitable implications for governance, policy and public safety. We see this play out in various ways, be it through crypto assets being the payment mechanism for ransomware attacks or stolen credit cards against the prospect of decentralized finance (DeFi) opening up opportunities to the public or by encouraging financial inclusion.

The regulation requires all parties to be part of the answer—crypto asset providers, traditional finance organizations and law enforcement (LE) must be part of the debate to deliver smart and effective regulation.

AT: What are some of the overarching typologies of money laundering through crypto assets? How can financial institutions (FIs) best screen for red flags when dealing with crypto assets?

JC: I tend to see the abuse of crypto assets to facilitate criminality as a classic case of “old wine, new barrels.” Crypto assets act as an enabler across nearly all crime types, including money laundering, sanctions evasion, market abuse and fraud. It is a requisite for compliance officers to understand their subject and ensure they take account of typologies and red flags while working to protect FIs against criminal abuse.

Let me give an example. Criminals use digital payment platforms to cash-out funds from darknet marketplaces and cybercrime activity. What can be done to identify, report and manage this risk?

Where crypto assets are transferred to digital bank accounts, firms need to ensure that they bring suitable expertise to key posts such as money laundering reporting officers and utilize the latest tools such as digital identity to support customer due diligence processes. Other practical measures include ensuring suspicious activity report filing procedures and quality controls are in place; training staff on the evolving crypto asset compliance landscape, including red flag indicators; and taking a proactive approach to identify where typologies cross over with risk mitigation controls. All of these can help ensure a seamless approach to investigations and reporting to LE.

AT: Describe how the threat environment has changed in the last five to 10 years based on the release of new crypto assets. What advice can you offer to professionals going into risk analysis on how to best screen for threats in this constantly evolving environment?

JC: The threat environment relating to crypto assets has become deeper and broader in nature. There are now multiple ways that crypto assets can be employed, including through crypto asset exchanges and wallet providers to ATM providers, stablecoins, privacy-enhancing techniques, DeFi applications such as non-fungible tokens (NFTs), and central bank digital currencies.

Simply put, the best means of screening and identifying evolving threats is through information and intelligence exchange. Established public-private partnerships have provided this function for retail and wholesale banks to cooperate and share information leading to account shutdowns, investigations, arrests and asset confiscation. Crypto asset providers should reach out to LE and LE must be open-minded about sharing tactical and strategic information with firms.

AT: Has the current situation in Ukraine been a contributing factor to the surge in ransomware attacks? If so, in what way?

JC: It has yet to be conclusively proven that the Ukraine conflict has led to an upsurge in ransomware attacks, although the threat remains high and continues to expand through supply chains contributing to shortages of essential goods exacerbated by geopolitical events. While this should be a cause of deep concern, there are some reasons to be hopeful. In 2022, governments and LE are being more proactive in closing down and, where possible, seizing crypto asset wallets associated with ransomware gangs. Similarly, crypto asset forensic firms are increasingly able to identify, track and trace illicit proceeds often derived from ransomware attacks. Together, all of this makes for a more difficult operating environment for cybercriminals, which may lead them to consider the risk/reward paradigm for such activity.

AT: Are there any other cryptocurrency AML-related issues that you predict will become emerging concerns this year or in the future?

JC: My principal worry is that scams and outright fraud continue to proliferate throughout the industry. We are already seeing a worrying growth in so-called “rug pulls” linked to DeFi, including NFT investments targeted at retail investors. The supposed annual yields linked to stablecoins also concern me. In traditional investments, if something looks too good to be true, then, more often than not, it generally is. I expect to see criminal gangs continue to capitalize on the fear of missing out and public concern about the cost-of-living crisis and lack of technological know-how. Regulators will be looking to address these concerns at a pace to alleviate any risk that widespread fraud could lead to high public harm.

AT: How do you spend your time outside of work?

JC: We are lucky enough to have a little girl just approaching five. She enjoys going to the park, soft play and crafting, so weekends often involve some or all of those activities. When I get some time to myself, I enjoy watching sports—football and cricket—but I’m also getting into baseball, going to the pub with friends, and I enjoy reading and cooking.

Interviewed by: ACAMS Today editorial, ACAMS,

Leave a Reply