The metaverse, financial crime and reality

For something that is not real - at least in the traditional sense of the word – the metaverse has captured the imaginations of many.

Make no mistake, the metaverse is quite rightly being touted as the next generation of the internet - a Web 3.0 high-tech, three-dimensional and immersive experience in which individuals are represented by personal avatars. It is forecast to attract billions of users and generate trillions of dollars by 2030.

Yet the metaverse is not a single entity. There are already many decentralised metaverses – most focused on leisure and gaming diversions. There has, however, been a recent proliferation of virtual worlds geared towards investment opportunities, in which individuals can bid on and buy metaverse items (including property and land), usually using cryptoassets linked to a blockchain. This innovative step forward in asset investment is however set to exacerbate what are very much  “real world’’ problems – money laundering and other forms of financial crime.

Platform

Nobody would suggest that the metaverse was created for the purpose of committing criminal acts. It is, however, the perfect platform for disguising the proceeds of crime. he metaverse has no central authority and no way of holding people to account. Enforcing compliance with anti-money laundering, Know Your Customer and Customer Due Diligence (KYC and CDD) protocols maybe a priority - at least to the majority - in the real-world financial sector. But in the metaverse – and with many of its associated crypto exchanges -  verifying customer identity and assessing risk before opening an account has not even made it onto the priority agenda.

For many Web 3.0 enthusiasts, the central selling point of transacting in the metaverse is the freedom from governmental and bank control. Yet such a climate sets the scene for financial misconduct. Indeed, any money launderer (or anyone else seeking to make illegal financial gains) is likely to emboldened by what the metaverse has to offer, namely an ability to maintain anonymity by hiding behind an avatar and / or concealing the origins of funds in digital wallets.

Ironically, the blockchain is supposed to provide visibility and access to transactional data / history. But this is of limited value to regulators if the identity of the people conducting those transactions is hidden. From the perspective of the law enforcement agencies and regulators, the decentralisation of the metaverse and its anonymity mean that people can do anything with little or no accountability. In this virtual financial services world, it can be impossible to identify the actual individual involved and the source of the currency being used. In short, the existing real-world rules  are difficult to apply effectively in the virtual space. It is little surprise that phishing scams, identity fraud and theft are rife there.

Compliance

Such activity, it should be emphasised, is on the radar of the authorities. Set to be implemented in 2024, the EU’s Markets in Crypto Assets (MiCA) regulation proposal draws cryptoassets, cryptoasset issuers and cryptoasset service providers (CASPs) into a regulatory framework for the first time. The intention is to better protect consumers’ wallets and introduce liability if investors’ cryptoassets are lost through  criminal activity. But commentators say that the regulation falls short, particularly in relation to large CASPs which, it is argued, should be subject to greater supervision and stricter requirements if the regulation is to have any meaningful impact on the sector.

At present, we are at a metaverse crossroads where regulation meets innovation and we must tread carefully to ensure that striving for the former does not stifle the latter. It is set to be an awkward balancing act, especially when there are still discrepancies to navigate. In the US, for example, constitutional laws traditionally defer to individual state laws, which may well impede any response to metaverse-based financial crime. And on a more general level, there is the question of how jurisdiction regarding the metaverse will be determined in practice. Clarity will be needed regarding whether this will depend on – to give just some possibilities -  a criminal’s location when committing the offence, their nationality or the location of the assets and / or victim targeted.

Controls

It has been suggested that the best course of action would be to build controls and safeguards into Web 3.0 which would thwart criminals before they can commit a crime. This would, however, require regulators and Web 3.0 technologists to find a common ground and collaborate. Furthermore, lawmakers are notoriously poor at recognising and addressing issues involving technology before they happen - and criminal activity in the metaverse is already on the rise.

To take a positive view, payment systems that incorporate advanced technology, such as artificial intelligence and machine learning, into their KYC and CDD measures will prevail. Real-time screening of new users’ details, transaction monitoring that can enhance identity verification, and improving the quality and traceability of actionable data and insights constantly generated by the blockchain can and will help build a comprehensive picture of what is a fast-evolving threat landscape.

But for now, those using the metaverse for illegality remain one step ahead of those looking to “clean it up’’. The speed and effectiveness of any efforts to play catch-up will be of vital importance.