Blockchain Bites: AUSTRAC online redesign: the suggestion box is now open; Salvadoran opposition clenched fist in anger at new Bitcoin law; Ransomware: report now, pay later
AUSTRAC online redesign: the suggestion box is now open
Registered Digital Currency Exchange Offices (DCEs) often have to report and interact with AUSTRAC, and have undoubtedly formed opinions on what could be done differently or better. AUSTRAC is now giving everyone the chance to have their say and use it to improve (over the next 4 years).
AUSTRAC is embarking on a systems transformation program over the next 4 years that will replace AUSTRAC Online. The much loved / hated AUSTRAC Company Profile Form has recently been replaced by a web form (which is a big step in the right direction).
The new system is designed to be user-friendly with improved reporting capability and self-service options.
AUSTRAC is currently in the discovery phase of its improvement program and is focused on understanding by regulated entities how they can change, do better, or do things differently – to enable those entities to engage and to report more easily to AUSTRAC, and to meet the AML / CTF Obligations.
If you want to participate, send an email [email protected] with your comments and contact details. If you would like your anti-money laundering program to be reviewed, or if you would like to take a look at how you handle reports as part of this feedback, we can help, too.
Salvadoran opposition clenched fist angry at new Bitcoin law
It’s not just US regulators who are divided when it comes to the regulatory treatment of digital assets. Just over a week ago, the President of El Salvador, Nayib Bukele, made history when his proposal to declare Bitcoin legal tender was approved by the Congress of El Salvador. This week, Jamie Guevara, deputy leader of the Salvadoran opposition party, took a stand to oppose the legislation, joining a group of Salvadoran citizens to bring a lawsuit claiming that the ‘Bitcoin law’ of El Salvador is unconstitutional.
As one disgruntled citizen put it to El Mundo, a Spanish newspaper:
I am bringing an unconstitutionality lawsuit against the decree issued by the Bitcoin law to be a decree without legality, without foundation, without considering the importance and the harmful effects that such a law will cause to this country.
This perspective contrasts with the Salvadoran president who asserts that the purpose of Bitcoin laws is to promote financial flexibility and freedom, to: “bring financial inclusion, investment, tourism, innovation and economic development for (their) country“.
At the Miami Bitcoin 2021 conference, Bukele described his legislative proposal as a way to âdesign a country for the futureâ. He used his Twitter account to Note that if only 1% of the world’s bitcoin were transferred to El Salvador as a result of this new law, it would be equivalent to a quarter of El Salvador’s annual economic output.
El Salvador has an unfortunate history of corruption and the government does not enjoy a high level of trust. This can be seen in the speech of unimpressed citizens who say that âThe Bitcoin Law is about looting people’s pockets, it’s tax exempt (and) they want to force us to trade.”
Since the law only applies to businesses and not to individuals, it remains to be seen how this lawsuit will evolve. On the other hand, forcing companies to use an electronic transfer system that requires an investment in computer hardware poses serious problems. Credit cards and online payments are voluntary and can be demanded by customers, but legal tender must be accepted by businesses under the Bitcoin law, which means businesses will need to find a way to accept Bitcoin. .
The issue of the 6 billion remittances per year is thankfully simpler, as Bitcoin already provides an inexpensive transfer system for moving value globally.
Ransomware: report now, pay later
After the wave of talk that followed the Colonial Pipeline cyberattack, it’s no surprise that tackling cybercrime is a priority. More recently, Australian Home Affairs Minister Karen Andrews considered a Labor Party proposal to require ransomware victims to report before paying a ransom.
The idea of ââmandatory notification is not new and has been recommended by various international authorities. Citing recent cyberattacks against JBS food, Nine Entertainment and Uniting Care Queensland, Shadow Deputy Minister for Cyber ââSecurity Tim Watts said: âIt’s time for us to see some real action.
Watts earlier this week introduced the private member’s bill, the Ransomware Payments Bill, which seeks to require businesses and government agencies to notify the Australian Cyber ââSecurity Center (ACSC) before paying any ransom demand. Watt’s call to action was echoed in the explanatory memorandum citing suggestions that âthe cost to the Australian economy from ransomware attacks in 2019 alone was in the order of $ 1 billion.The bill curiously defines “ransomware payments” in the same way as “ransom,” so we will stick to the traditional definition in our reports.
If passed, the bill requires notice to be provided to the CCAA as soon as possible with details such as:
- the identity of the attacker or information that the entity knows about the identity of the attacker (including information about the alleged identity of the attacker);
- a description of the ransomware attack, including:
- all payment methods for the sought ransom, and if digital currency is involved, the wallet from which the attacker requested payment of the ransom;
- the amount of the ransom payment; and
- any indicator of compromise known to the entity (which is defined as “technical evidence left by an attacker that indicates the identity or methods of an attacker).
Failure to comply could result in a civil penalty of 1,000 penalty units (currently $ 222,000), a hefty fine when a business may already be reeling from a cyber attack.
The need to report first, act later has similarities to the mandatory data breach notification system that has been in place since early 2018. Similarities in the existing policy in this area have gained popularity with comments that the bill will likely be rolled out soon. Watts added that:
Such a program would provide a political basis for a coordinated government response to the ransomware threat, providing actionable threat intelligence to inform law enforcement, diplomacy and offensive cyber operations.
Innovation Australia reports that the opposition put this issue at the top of the list for debate when Parliament returned in August.
In the meantime, the CCAA recommends that companies do not pay a ransom because there is no guarantee that the payment will result in the repair of the affected devices. Payments can also make businesses more vulnerable to future attacks. The Australian Cyber ââSecurity Center has published a Guide to Ransomware Prevention and Protection as well as an Emergency Response Guide available here.
Despite all the headlines about the digital currency involved in the ransomware attacks, the US Department of Justice tracked and recovered (with help from the FBI) ââa substantial portion of the ransom paid in the pipeline attack. colonial, because digital currency on public blockchains is almost fully traceable, and is one of the worst possible methods of laundering money or receiving ransomware payments.