Keeping yourself safe in changing times – Bitcoin and other new initiatives

Taking a break from my self inflicted but very enjoyable compliance-orientated week at the IBA Conference in Tokyo, I chanced upon a very lively seminar discussion on bitcoin and other virtual currencies. The session was certainly entertaining and thought provoking. At times it was also a little unusual in that a prop, in the form of a little black box, took centre stage in the seminar room. We were advised that this box might produce (or 'mine' to use the correct terminology) bitcoins whilst we were debating and we were all eligible for a share of the bounty if that happened. It didn't. You can sense my feeling of scepticism towards this rather new phenomenon.

I wasn't alone. The session provoked both a great divide and a great debate about the merits or otherwise of electronic currency. This was aided by the composition of the panel. We had speakers who were fervent advocates for electronic or virtual currency. Some of these speakers were not lawyers and found themselves encountering expert legal advocates willing to demonstrate their advocacy skills in this particular forum to challenge those who were particularly enthusiastic about the technologies. Equally, there were panellists whose remit was to sound warnings about what they considered to be the myth from the 'dark net'.

This article is not about the bitcoin revolution. Googling will lead to a number of articles which will provide information about this new concept. Instead, it is about risk assessment. For me (not being able to abandon my regulatory subconscious for the duration of the session) the elephant in the room was simply this: as lawyers, what are the risks of any association with something new and untested? We were advised that virtual currencies are largely unregulated and decentralised, thereby allowing access to a form of currency to those who were ordinarily disenfranchised or, depending on your point of view, facilitating illegal activities.

Is the risk that we jump head-in without working through the consequences or, is it the case that, as lawyers, we should be adapting and accommodating such advances in our methods of working? After all, the advocates told us that we felt very similarly about the World Wide Web in 1993 and look where we are now.

These risk issues were not discussed and, to my mind, there are more questions than answers at this stage. Whatever your view on this phenomenon, the fact is that there are both known and unknown concerns, as indeed there would be about any new schemes or initiatives. If we are to believe that virtual currency is the World Wide Web of the early twenty-first century, what should we be doing in terms of compliance and risk management?

My risk-slanted questions to managers and compliance teams within any law firm would be as follows:

• Do you know whether your fee earners are working with clients in circumstances where there is some connection with, or business arising, in respect of these new technologies?

• Does the innovative aspects of these technologies create a ripple on your risk radars?

• What are the risks? Is it that these currencies may be used for illegal purposes, or are inherently risky, and that the firm is placing itself at risk of assisting with money laundering, terrorist finance crimes or other activities of a fraudulent nature? Is it less alarmist than this, and the risk is a more basic one of not understanding the concept of virtual currency which may have widely fluctuating values and therefore not being able to act in a client's best interests and perhaps breaching the conduct requirement to act with competence?

• Have clients expressed an interest in paying your costs in some alternative and virtual way and, if so, what has been the firm's response?

• Does the firm need to take a strategic decision about its policy on this and other new initiatives and does that need to be communicated to relevant colleagues?

• What documentation should be added to the firm's systems and controls?

• Is any training necessary and, if so, how and to whom?

• Have the firm's insurers commented on this?

• How will the managers and compliance team, and in particular the compliance officer for legal practice, monitor and review the risks that have been identified?

tcalvert@oakallsconsultancy.co.uk

www.oakallsconsultancy.co.uk