News & Insights

Non-fungible Tokens (NFTs) and Money Laundering: Lessons for Compliance Professionals

Most people probably know as much about non-fungible tokens (NFTs) today as they did when the technology first appeared in 2014 — which is to say, not a lot. That’s changing, though, as NFTs become an increasingly popular way to buy and sell digital artwork. Around $2.4 billion worth of NFTs traded in the second quarter of 2021, slightly up from the $2.3 billion sold during the initial NFT art frenzy of the first quarter, according to digital analytics firm DappRadar. Major auction houses and galleries now sell NFT art — Beeple’s $69 million NFT still holds the record — and dozens of online art-selling platforms are sprouting up seeking artists and collectors to join the NFT art craze. 

Keeping up to date with the latest twists and turns posed by crypto-related assets remains critically important for today’s compliance professionals. That means understanding the nature and purpose of NFTs, as well as how to remain aware of the potential for abuses from a compliance perspective.

Appeals and Risks of NFTs

So, what exactly is an NFT, and why should NFT money laundering matter? The underlying technology and programming language used to create NFTs are the same as those used to create cryptocurrencies such as Bitcoin and Ethereum. But that’s about all they have in common. Physical (fiat) money and cryptocurrencies are “fungible,” meaning they can be traded or exchanged for one another. One US dollar is always worth another US dollar; one Bitcoin is always equal to another Bitcoin.

An NFT, on the other hand, is a digital asset with “one-of-a-kind” status. Every NFT created has its very own unique digital signature. However, just like cryptocurrencies, NFTs reside on a blockchain, a distributed public ledger that records transactions. Specifically, NFTs are typically held on the Ethereum blockchain, although other blockchains support them as well.

But why are people spending millions of dollars on something they could easily screenshot or download? The reason is simple: an NFT allows the buyer to own an original, discrete asset. Its built-in authentication serves as proof of ownership. Essentially, NFTs are the digital analogs of physical collector’s items. Instead of acquiring a one-off oil painting, the buyer owns a unique digital version instead.

All kinds of things are turning up as NFTs — from art and GIFs, to videos and sports highlights, designer sneakers, music, and much more. Even tweets count. Twitter co-founder Jack Dorsey sold his first-ever tweet as an NFT for more than $2.9 million.

But a host of legal loose ends cast NFTs in an uncertain light. By their nature, NFTs have already shown themselves to be prone to misuse and fraud. As NFTs gain greater use, compliance professionals are compelled to understand how this new technology works and how as-yet untested tools to combat NFT art money laundering, and anti-fraud measures, are slowly materializing around this new platform.

Current Scenarios

As compliance professionals are becoming increasingly aware, the relative anonymity that NFTs enjoy due to blockchain technology has fostered an environment ripe for money laundering.

Central to the threat is the fact that NFTs are bought and sold using cryptocurrencies, adding further complexity to the task of tracing these transactions. Collectors see opportunities to acquire great art, inadvertently causing a spike in the numbers of people who aren’t tech-savvy creating and trading NFTs.

A few sample scenarios of abuse and scams illustrate the challenges that governmental enforcement bodies and compliance professionals alike are contending with.

Scenario 1: Classic Phishing and Virus Attacks

Phishing schemes and virus attacks can drain users’ digital wallets or online accounts that can store people’s financial details and cryptocurrency wealth. The scale and breadth of these attacks are hard to pin down because decentralization — a defining aspect of the cryptocurrency-fueled marketplace — makes it more difficult to tally or track frauds. Ironically, part of the appeal of NFTs is that these tokens are designed to make it easy to log and track their ownership details and sales on the digital ledger known as the blockchain.

In any event, many scams are simple attempts to falsely obtain credit card information or deploy viruses created to drain users’ digital wallets. In cases such as these, established protocols for email hygiene exist to prevent exploitation by phishing or other attempts to hijack confidential information by relying on common trust and a certain degree of naivete.

Compliance pros are well-acquainted with safeguards, most of which have been propagated throughout enterprises for the last decade or more. Nonetheless, their continued prevalence, these days in the context of NFT misuse, calls heightened attention to the importance of continuing to propagate appropriate corporate email hygiene practices enterprise-wide.

Scenario 2: Identity Fraud

The conditions for identity fraud where NFTs are concerned are openly acknowledged, making  NFT art money laundering a serious problem. Earlier this year, an impostor posing as the street artist Banksy sold $900,000 worth of NFT artworks on the OpenSea platform before the real Banksy learned about the ruse. The artist stepped forward to say he wasn’t involved in the sale at all. (The platform blocked the seller from its site, but the scammer kept the money.)

Nate Chastain, head of product for OpenSea, subsequently explained that the platform is taking measures to curb fraud. “We take fraud very seriously at OpenSea and mobilize around removing this content from the platform as soon as we become aware of it,” he said. Chastain said the platform is planning to implement a duplicate image detection system, which could identify when scammers try to sell copies of works already online elsewhere.

Scenario 3: Forgeries

A well-known example of identity fraud involves Mike Winkelmann, the artist better known as Beeple. A major auction house sold Beeple’s $69 million NFT, titled ‘Everydays: The First 5000 Days,’ which still holds the record as the most expensive NFT sold to date.

Subsequent to the release of “Everydays,” Beeple’s NFT was targeted by a digital artist known as Monsieur Personne, who said he created matching copies of Beeple’s record-setting NFT and tricked several NFT platforms into thinking the pieces came from Beeple. Some sites put these copycat pieces up for sale before the ruse became known and offers to buy the fakes were blocked by the sites.

Bad actors looking to “clean” dirty money, theoretically could, for example, generate an anonymous NFT, list it for sale on the blockchain, purchase it from himself/herself using an anonymous, unregulated digital wallet with illicit funds, then realize the money as legitimate funds from the sale of the artwork

What Can Be Learned

Under the current conditions in the art world, anti-money laundering compliance is not uncommon. Most large auction houses have anti-money laundering policies in place. But what is missing, for example, is sufficient due diligence over the ultimate beneficiaries of purchases.

Are NFTs antiquities or artworks?

US anti-money laundering laws have recently been expanded to apply in some instances to dealers of antiquities and artistic works. A key — and as yet unanswered — question is whether these laws will extend to NFTs representing rights in antiquities and artistic works.

Since traditional financial institutions such as banks and money transmitters are heavily regulated by the government to prevent money laundering, many money launderers have historically resorted to trading valuable art and antiquities to avoid detection. This is especially true because the fair price of a piece of art or antiquity is hard to determine and easy to inflate, and there is often heightened privacy surrounding such transactions.

To address these concerns, the US government recently enacted several anti-money laundering provisions in the omnibus National Defense Authorization Act (NDAA), which came into effect in January 2021. The NDAA includes updates and reforms to several anti-money laundering laws, including the Bank Secrecy Act (BSA), the Anti-Money Laundering Act (AMLA), and the newly enacted Corporate Transparency Act (CTA).

What is Art?

The art trade is treated somewhat differently by these new laws, with various agencies in the US Government currently being tasked with assessing how the trade facilitates money laundering and terrorist financing.

This assessment includes: exploring whether regulations should be limited only to high-value art; whether there is a need to identify beneficial purchasers of art, intermediaries, and dealers; and how this new regime can be deployed in criminal, tax, and regulatory investigations. It is likely that federal regulations due to be published by 1 January 2022 will shed additional light on these questions, but for now, the art industry remains in a state of uncertainty.

Are NFTs Digital Currency?

Like virtual currencies, NFTs are cryptographic tokens and arguably could be used to facilitate money laundering. The explicit goal of the NDAA is to prevent the laundering of illicit funds, and authorities could argue that applying AML requirements to NFTs would further this goal. Whether NFTs end up being treated more like cryptocurrency than artwork or antiquities hinges, to a great extent, on whether the NDAA may still apply.

Looking Ahead: Working with a Trusted Compliance Partner

The road ahead for compliance professionals contending with the prospect of NFTs as a substantive threat in terms of money laundering will no doubt include expanding the scope of legal and jurisdictional applications of existing and potentially new laws. These might include:

  • Compliance professionals consulting with traditional art dealers and auction houses to determine which laws (e.g., cybersecurity, securities) may be applicable
  • Consultations with cybersecurity insurance providers to consider policies aimed at stolen digital artworks
  • Employing blockchain analytics by expanding existing monitoring of wallets to include those involved in theft of NFTs
  • Creation of a registry of stolen or fraudulently purchased NFTs (like existing databases maintained by FBI, Interpol, the Art Loss Register)

There’s no question that compliance professionals contending with the anti-money laundering ramifications of NFTs find themselves in novel, legally uncharted waters for now. There is a dearth of definitive answers regarding what types of regulations that should or could apply to marketplaces, private sellers, or auction houses.

The current environment of confusion poses high risks for compliance professionals. The absence of sufficient guidance means that NFTs as an asset class must be regarded as an area ripe for abuse.

You need to select a provider who can arm you with the strategies and technology necessary when new risk paradigms emerge. IntegrityRisk has the knowledge, experience, and access to the right tools to ensure that our clients are making the smartest solutions possible.

Contact us to find out how we can work with your enterprise to ensure secure, reliable risk management solutions.