Unit21’s CEO and Co-Founder, Trisha Kothari, hosted a webinar titled, How Crypto Companies Fight Fraud & Stay Compliant in 2021. Joining her was BitPay’s General Counsel and Chief Compliance Officer, Eden Doniger, and Crypto.com’s Chief Compliance Officer, Antonio Alvarez.
BitPay is the world's leading cryptocurrency payment processor, headquartered in Atlanta, Georgia. Crypto.com is a full-service consumer finance company that is looking to harvest the power and innovation of crypto to provide additional value to consumers around the world for their financial needs and to enable them to grow.
What follows is their 60-minute discussion in a Q&A format.
Trisha: Unit 21’s position in the market has given us a unique perspective on the insanely fast-growing ecosystem of crypto, as well as the challenges and approaches that different organizations are facing. We're really excited to have this platform to exchange learnings and best practices.
So, Antonio and Eden, what are the first things that a new crypto company should do from a risk and compliance standpoint, especially if they are not really aware of the risk and compliance operations needs in financial services.
Antonio: I would say that it is very important for them to understand the line between technology and financial services. They're getting into an industry that is rightly called FinTech, and they need to understand how much is Fin and how much is tech in the product. So it’s good to have a compliance officer or legal counsel in the initial design of the processes to understand what licenses they're going to need, what controls, policies or registrations from a regulatory perspective, and how can they tweak their product and their offerings to either lessen that burden or increase it, if they think that there is going to be value for them.
So they need to be very conscious of that, especially people who are coming in with great technology-based ideas, great ideas on how to build a platform. They need to understand that it's not just a platform and that just because they can program it doesn't mean that they can do it.
Eden: One of the things that is most important is coming at it with a compliance-by-design mindset. As you're designing your products and services, compliance should be embedded into the design. The go-to-market (GTM) strategy will be a lot more successful, because most of the customers that you're probably going to want to interact with, depending on what kind of a crypto company you are, are actually going to really care about that in today's day and age.
Second, regulators are going to be much more confident in what you're offering if you can prove that you've done that. And third, and maybe most important, you will have a much better shot at avoiding some seriously bad moments down the road if you just invest in that mindset and the resources needed at the beginning. One of the pitfalls for companies is having a scrappy startup attitude as they get their company going, which is really common. So they might think we can't really prioritize and spend money on a Chief Compliance Officer or an outside counsel right now, so maybe another person can do compliance as their second job. Or can’t the CFO do compliance, after all, they are risk-oriented people? Or they hire new people who are completely inexperienced in compliance in the space. Those are common mistakes that a lot of new companies make and it comes to haunt them down the road.
Antonio: It’s amazing how in those situations they underestimate the requirement. You would never think of building a car without putting seatbelts in it or bumpers. So building a financial product without KYC or without the proper compliance controls is the same as a car without seatbelts.
Trisha: It’s a really good point that compliance is instrumental in defining the GTM for the business product innovation and potential expansion opportunities. I'm curious, with respect to KYC (Know Your Customer) and KYB (Know Your Business), how do you both think it changes for a company dealing with crypto vs. a regular FinTech?
Eden: I think it mostly has to do with two main things, one is that crypto is different, so there's a lot of newer technology and there's a lot of change. Change happens quickly in the space and there are new products, services and features that get rolled out pretty quickly by companies. Each one of those could have its own new regulatory risk or impact that has to be taken into consideration, and there's not necessarily any playbook for that or guidance out there or a framework where you can just turn to an open book and feel like you're confident on exactly what the answer is.
The second thing is that the spotlight in the regulatory world is on crypto right now more than in the general FinTech space. A lot of different regulators are looking at and thinking about this. They’re asking really tough questions and deciding what their role is going to be in the space as a regulator. There's a lot of conflicting regulations, laws and frameworks that may or may not apply. So, in terms of just unpacking all that and planning ahead for what may come — that's a unique challenge facing any crypto company versus just some other kind of fintech.
Antonio: The other big difference when it comes to KYC is the expectations from your business partners, your banking partners. They’re always going to look at crypto as a higher risk than FinTech, and they're going to expect stronger controls, especially in knowing your customers. Everybody thinks of crypto as anonymous and it's not — it's pseudo-anonymous. But from a partner perspective, the banks, the sponsor bank, your payment processors, they're not crypto enthusiasts, to say the least. And they don't claim to be crypto experts, so they look at it and say, “Oh crypto is anonymous so your KYC has to be double what anybody else would do,” in order for them to do business with you. So beyond the regulations are expectations of the banking partners who will drive much more structured and much more focused KYC and KYB processes.
Eden: And because of that, there's also a lot more expectation and need for the crypto company to educate their bank partner or their regulator on why you've made a decision that may be a little outside the norm from a compliance program perspective. But there may be a very important reason why you did that and you have to be ready to explain that and even defend that as something reasonable, and something that they are comfortable with. And that can be challenging.
Trisha: That's a really good point but, essentially without a sponsor bank or payment processor, the company can't even really get started. And so it's important that companies do the most that they can in educating their respective audiences about why they made certain decisions.
What I'm curious about, with respect to blockchain analytics tools, is how do you evaluate them? When do you think is the right time to get different blockchain analytics tools?
Antonio: I think that if you're a crypto company, you should get a blockchain tool about a week before you formed the company. You need to start getting used to understanding the blockchain and getting an analytics tool is probably the only way to really understand how the blockchain works. In terms of selecting one, it’s just another vendor, so you need to look at it like any other vendor in terms of what is the pricing, what is the customer support they're going to give you, how important you are to them, and how important they are to you, uptimes, etc.
But also very important is the coins that they support. Different tools out there are built with different approaches and different strategies. Some of them tend to be more focused on law enforcement and they use client information for the good of the community. Others focus more on the security aspects, and they look more into the IP addresses that are in the blockchain or the security around data that comes in the transactions. So you want to have a combination of them.
I would definitely recommend starting with one, probably the easiest one, and then build from there, but it's likely you're going to end up with more than one. Also because you're going to use the blockchain as an API in order to risk rate your processes and transactions from a prevention perspective, but also as an investigative tool. So you want to evaluate the user interface — how easy it is, how intuitive, and how much information they give you upfront, as you're researching specific cases and trying to navigate through a blockchain that can be very confusing. It's like looking for a needle in the haystack and the blockchain is the haystack. It's not a lack of information, sometimes it’s too much information.
Eden: Whatever tool you choose, you're going to have people on your team who really become experts at using the tool. If you think about the general risk & compliance tools that you may be familiar with if you're in a legal or compliance role, they're very intuitive and easy to learn. When it comes to blockchain monitoring and analytics tools, there's more of a learning curve, so it's going to take longer, especially if you're not naturally very technical. And so that's a challenge that takes time. So planning for that is important if you're choosing a tool and also building a team where you're going to have one or more people whose direct responsibilities are to work with that tool.
One of the other things is how important it is to form a close partnership with the company that you choose, so they can help you as often and as much as you need with questions that come up. You should be able to get on the phone with them and have the kind of partnership that we're fortunate we have with our provider. I think all the leading providers out there are like that, which is really nice because maybe four or five years ago, there wasn't nearly as much on the market for crypto compliance tools in general. It was harder to find tools and they weren't that great. They've improved tremendously and there are a lot of options out there and a lot of competition among them. There are a lot of features constantly being put out that are really helpful.
Trisha: Yes, it's really fascinating how the needs and the complexities for blockchain analytics tools are really unique in terms of coin coverage, etc. And, as a company scales, there needs to be more investment into using more of these tools to get more coverage, but also to educate your own team members on how to make the most out of them.
Okay, so shifting gears, I'd love to get your thoughts on this emerging trend of FRAML — of combining fraud and anti-money laundering compliance on one team in the company.
Eden: I'll start with what the practical realities are. You're starting a new company and you need to step up and spend money on certain things you may not be able to afford or justify right away, like separate people in separate roles. So the default is often going to be that the CFO and the CTO are your natural risk managers in their roles and, therefore, fraud prevention, fraud detection, the fraud program would tend to roll up under them, because they’re the most logical people. So I think the reality is that's often how things start and stay for a while. And it's not that horrible because there are certain things about it that can work, but it really is not the ideal way to set all of that up.
Antonio: The motivation of a Fraud and Compliance Officer or a Risk Officer, who is doing compliance, is to protect the PnL of the company. At the end of the day, it's about reducing fraud losses, not necessarily reducing fraud. And I say that because sometimes the tools that you have in hand are not escape holes. Sometimes you have to let a little bit of the fraud through in order to preserve the good transactions. It's a good economic decision that actually contradicts the compliance goal, which is to ensure that there's no crime, which is a much more conservative approach.
Letting in a few good customers doesn't justify letting one money launderer go through or one terrorist financer. Regulators don't see it that way so you have a much more conservative risk-averse approach when you combine those two roles in one. You're creating a conflict within the role, especially in situations where, if you take the compliance approach, you’re going to damage the PnL. And that's a conversation that a compliance officer has to have with the CEO. When he has it with himself, it becomes very, very hard.
Eden: I think maybe the best solution for that conundrum is, if your company has a culture of compliance first, where your CEO, your CFO and all your other executive teams share the same desire to keep bad actors out no matter what, then they're going to be more inclined to make conservative decisions anyway. They're not going to want to have their reputation and their future at risk because of a few dollars. I think it's all starts there and it'd be very hard to work in a company where the CCO was really at odds with the CFO and the CEO in decisions like this. Then who's the ultimate decision-maker? Who gets the final word? Do you have a risk committee that gets the final word and who's on that risk committee? A lot of it has to do with governance. If you can't have the separation of duties, then you need to have that culture of governance, so that at the end of the day, the person making the ultimate judgment call is really making the right judgment call.
Antonio: At the end of the day, companies work on conflict. The company works well when it's balanced. There are always different groups in the company who are at odds with each other in order to create that balance, and that balance is the culture of the company. It's that ultimate decision-making that is going to dictate how the company makes decisions and what risk appetite culture they have.
Eden: One other thing I would add is simply to embed your CCO, as much as you can, in all aspects of the company. And if you have a Risk Officer, then that person as well. Embedding those people in all the discussions is really important because of their issue-spotting ability when you're moving super fast and you're rolling things out and making decisions quickly. If that person isn't in the room, and can't hear those discussions, and can't speak up and explain what the risk is and what they should do about it, then you know things can happen pretty quickly without them knowing and so it goes back to how you set up the role and the governance.
Trisha: This is clearly a very heated potential discussion within the company, and there's obviously no black and white answer. But there are clearly different incentives for compliance where you have to review every law for fraud or you can really take a risk-based approach on what you want to let through versus not. I think there's a bunch of different cultural aspects and processes that the company can use to make sure that it's not a significant strain if one individual is responsible for it.
Antonio: And Tricia, we have to recognize that there's a lot of overlap. A lot of the tools for fraud use are common to compliance and, from a cost perspective, it makes sense to leverage and work very collaboratively together. We're not saying that it has to be a dichotomy and they have to work against each other. It has to be a very collaborative process regardless.
Trisha: In terms of operationalizing compliance, what do you think about that? What type of people do you hire for crypto companies? It's interesting because the space is so young, so how do you find the right people? How do you evaluate them? And how do you make sure that they're being successful in their role?
Antonio: I would say you have to be very patient. There is a lot of demand out there. There's a lot of need for compliance. And there’s not an abundant supply source, especially because of compliance. People tend to be more risk-averse. So, getting somebody from compliance to venture into crypto is the first hurdle you have to get through to operationalize it. And structuring the rules within compliance is very important because there are many, many different aspects to it.
We talked about the advisory aspect of compliance working with designing products. We'll talk about the operational aspects of compliance - running KYC or filing SARS. There’s the creative investigative side of compliance. There's a very different set of skills. So it's getting somebody in the door who has the basics and understands how compliance works in traditional financial services. And if they have crypto experience even better. They have to have crypto interest, but nobody was born knowing crypto, so you have to teach and develop people on the job. And they have to align more than anything with the culture and the risk appetite of the company. You cannot teach or train an attitude or risk appetite. That’s something very personal, that you need to evaluate as part of the recruitment process.
I always look for people who are more entrepreneurial, who want to take ownership over the role and have responsibility. I don't want to have to tell them what to do or how to do it. They're going to come in, find a problem, figure it out and move through it. And they’ll just let me know how they're moving along. I can help them be successful in their roles rather than walking them through how to be successful in their role, if that makes sense.
Eden: There's a tendency or an inclination when you're looking for new compliance individuals at a crypto company to find and hire people who are really new to compliance. This may be their first professional career move or maybe that they did something completely different, and they're just curious and interested in compliance now. That’s great, it means they have that kind of natural interest, hunger and entrepreneurial spirit, but they might not have sufficient background, and there's a huge learning curve. They may not even have the foundational compliance training that you want. So there is a real risk to hiring that type of person into the role, not that they couldn't be smart, hardworking and do great, but it may be a year or two before you start to see a level of comfort and confidence in them.
On the other hand, you could hire someone who's pretty senior in compliance from a banking world background, and they're so steeped in the traditional way of thinking and operating. It's very predictable and they expect that everything will go a certain way. They don't have enough of an entrepreneurial mindset and it will be very hard for them to change their approach and thinking as they move into this role, even if they think it sounds kind of exciting and intriguing and different.
Maybe they're kind of sick of what they've been doing for years but, at the same time, the learning curve can be really high. So, I think the sweet spot is to find people who have at least a few years of compliance experience at a bank or FinTech, maybe not crypto yet, but they're not brand new at this. They also are still inherently entrepreneurial, inherently hungry for learning new things and thinking outside the box. Probably the most important thing is hiring people who are creative problem-solvers, because every day, something's gonna come in the door that there is no precedent for, and everyone's got to work together quickly to figure out the right risk-based solution.
Trisha: Creative problem solvers, very difficult to find but I completely agree that's really what the bar needs to be set for. This is an incredibly new space where things are moving really quickly. So, moving on to the components of actually operationalizing compliance, Antonio, I'm curious, with respect to Crypto.com's outcomes for NFT's. Can you tell us more about, with NFT's, how the method of attack changed? What are the things that you are thinking about as this new way of moving value is coming into play?
Antonio: This is an incredibly exciting space. It was a fad at the beginning of the year. It's kind of fading away a little bit, although still strong. But it's important to understand what NFT's are and that they are not cryptocurrencies.
Just to set the stage, a cryptocurrency is a digital representation of value, like Bitcoin or Ether is representing some value, a fungible value. NFT’s are non-fungible tokens. They are a digital representation of a very specific asset that has a value, rather than being a representation of value. It's a small distinction, but I think it's very important. So when you're buying and selling NFT's, you are buying or selling assets.
Now what becomes more complex is that NFT's tend to be traded and the people active on NFT tend to be very familiar with crypto. They're using crypto to buy and sell NFT's as well, so you have all the components of an e-commerce transaction, with the components of a crypto transaction, on a space where the assets are actually on the blockchain. So because the assets are on the blockchain, they're fully traceable, and they can be tied to a smart contract that is tracing in the value of those assets. So when it comes to investigations, when it comes to monitoring, it creates an additional dimension for us. We're not only monitoring the users and the behavior of the users, the behavior of the buyer, the behavior of the seller, even the behavior of the creator, who is the artist or the concert company that is creating that NFT to be sold as a primary sell, but we’re also monitoring the buyers and the sellers who are buying and selling in the secondary market.
So, that creates some dynamic, but we're putting another dimension and it is from the point of view of the NFT itself. Because a lot of NFT's are pieces of art, their value is dictated by demand and supply, and the ability of an actor to raise the demand artificially, in order to launder money is very real. Because of the pseudo-anonymity of the blockchain. it may be an easier space to be able to do that. So when we're developing our investigation or monitoring tools, we have to overlay and track the NFT’s value and the users, not only from the behavior of the user, but also from the point of view of the NFT, as a central part of the investigation and the monitoring rules.
Trisha: Thank you for shedding light on that and I think the most fascinating part is that no one talked about this last year or the beginning of this year, and now it's become such a big space with new vectors of attack to monitor for, which truly underlies how crypto's changing so incredibly fast and you have to keep up with regulations and new vectors of attack very quickly as well.
Antonio: Just to add something about the NFT because we usually monitor a two-party transaction, but you have to think that transaction may have three or four parties. So when I sell an NFT on the secondary market, there's a buyer who makes the payment, but part of that payment goes to the original creator, from a royalties perspective, because anything controlled by the smart contract can drive those royalties for the life of the asset.
Think about it like a song, every time they play it on the radio, the original artist gets a few cents. Every time an NFT is sold on the blockchain, in the marketplace or in different marketplaces connected by the blockchain, the original creator is still getting paid for every transaction, along with the platform that is providing the service, the buyer and the seller. So now you are seeing some of the additional complexity in monitoring when you’re looking at four-party transactions on a regular basis.
Trisha: It's not just something that we typically see that much in the financial ecosystem. The evolution of the space underscores how the need for agility is so fundamentally important, and it's really great that companies like Crypto.com and BitPay are defining what the thinking around this should be like. So, Eden, you work with a lot of different types of merchants. How do you think about merchant risk? How do you incorporate that in your risk monitoring?
Eden: So unlike an exchange, as a payment processor our customers are small, medium and large businesses all over the world. So our KYC/AML program is primarily built around merchant risk and merchant screening. And obviously, with crypto payments, you're more often than not dealing with e-commerce services or financial services, again certain industries where, like NFT's, it attracts crypto vendors.
And I think things are changing a lot. We've seen a lot of adoption in the last year in the more mainstream kind of merchant industries, and we're heading that way where people are looking to spend crypto on more everyday items. Historically it's been more specific kinds of merchant goods and services that have a lot of success with their crypto transactions. So it's shifting but I would say that, just like any other financial services company, we're doing thorough due diligence and Customer Identification. We need to make sure that this merchant that has a website that claims to be offering this service across the world is actually really doing that, and that their crypto transactions that come in are commensurate with what you would expect for what they are selling. That there's not some kind of suspicious disconnect, something that doesn't feel right about that.
A lot of our monitoring program is focused on reviewing that whole stream, the downstream relationship of the goods and services being offered, who's buying them, and why, and how often. So we're able to leverage both our blockchain monitoring tool and Unit 21 tool in combination to look for possible red flags. So I think it's great we have marquee customers that are publicly traded companies where you can have a lot of confidence in them. But there are plenty of companies out there that we've never heard of before they come to us. They're excited to offer the option to pay in crypto. And they really have to show us what is the business case for that, and why is that going to happen, and who's going to be spending crypto with you and why. We need to really understand that.
Trisha: Thank you for shedding light on how specific companies have evolved over the last year. With respect to monitoring, I'd love to learn more about how Unit 21 has been helpful to you since you started working with us.
Antonio: For me, it's been the flexibility of adapting to our needs, especially when we’re in an industry that is so innovative. You have to step back and put your black hat on and think, “If I'm a crook, how am I going to exploit this?” And what are the signs and topologies that I need to start developing against? You have to create the topologies out of pure evil thought and then look at what a traditional monitoring tool can give you. Especially for NFT, I had to research and look at how our auction houses look for these things and what type of tools they use. They are very different from the banks, the financial institutions. Partnering with Unit 21 who can start developing tools, who understands my business and my challenges, and who has a tool that is flexible enough to start introducing those components into the program is wonderful.
Eden: For some time we had our great blockchain monitoring system tool and program, but not the behavioral monitoring side yet. So we chose Unit 21 to get that set up, and what's been really nice is that it's designed to be compatible with the blockchain monitoring tool that we use. And so, it becomes a one-stop-shop where everything is flowing through this one system instead of having to deal with two standalone systems.
We have identified a lot of unique needs that we have as a crypto payment processor, where it would be great if the tool could do this or that, and we’ve found that when you're working with an innovative reg tech company like Unit 21, you get a lot of responsiveness with a nimble approach of “Let's solve this and our other crypto clients will probably like that too!”
So it's like we're a thought leader partner with you as we forge ahead, and enhance our program where it’s as sophisticated as it can be, I'll give you an example. The suspicious activity reporting form for the Financial Crimes Enforcement Network (FinCEN) is not designed for a crypto company. There are plenty of fields that don't quite make sense, but we have to fill it out. And sometimes we want to provide some information and there's no field we can use. So you either can have a very manual kind of approach to solve for that or we can work with Unit 21 to come up with workarounds, for example, how can we automate this a little better? How can we make this work? And I think Unit 21 has been great with that because your mindset is also very innovative.
Trisha: We're really honored to be working with both of you, and it's been a privilege to grow the company with folks who are really pushing what the industry looks like and how compliance really should be a core function within the company. So, thank you both for your kind words. The last question I have is what do you think is the future of regulation and crypto? What advice would you give to companies today when things are changing so rapidly from a regulatory standpoint?
Eden: Be prepared for anything. There's so much that's being developed and figured out, I don't think it is a good plan to go into your compliance program and into your interactions with regulators, full of ego. It's really important to have some humility. You're trying to design something innovative and new, but effective and safe, and there's no such thing as perfection with that, but there are good faith best efforts that are reasonable and defensible. And what we found in our interactions with our regulators is that it’s been a very positive experience to talk through some of those things to explain why we've made decisions we made and what the challenges are and what we're trying to achieve.
There's a lot of credibility with that and I think you've seen some examples in recent years of companies that I think have way too much hubris about it. They’re just are going to do what they're going to do and make a lot of money and not care. And the chickens do come to roost when that's your approach, so that's probably not the best approach to take.
Antonio: I would only add that it's good to put yourself in the shoes of the regulator. These are brand new, innovative technologies that we are learning about and we're in the industry! And here comes a regulator who is examining a number of financial services companies around the country. A few of them are in crypto so they're learning through the process.
Another aspect that is very interesting is the dynamic between the regulator and the legislator, We're seeing more and more where the regulator is learning faster than the legislator because they are day-to-day working with the crypto companies. They understand the technology because they're seeing it, But there is no legislative agenda to support them. There are no laws or statutes because they haven't been updated fast enough, because the legislator is behind. And that creates a lot of that friction and the frustration you see in regulators as well.
Trisha: People often think of the public sector as the regulator but really there's a division between regulators and the legislators. And its important that companies recognize that in order to really start influencing how the government thinks about crypto. So, thank you so much, that was a fantastic program and it seems like we really covered everything.
Here are a few key takeaways for me and fo the broader audience:
You’re not selling socks; you’re really a Fintech company where the “fin” is really important as is the “tech,” and it’s really important to have a compliance by design mentality even before you start the company.It’s really important to hire operations folks who align with the culture and risk appetite of the company as you operationalize your compliance program.It's really important to get creative problem solvers who are entrepreneurial and have some background, but are not stuck in their ways.The space is constantly changing and there are new vectors of attack and new things come up every six months. And it's really important to keep customizability and flexibility at the core, and to keep educating your regulators about how things are changing and how you're approaching it. We have a bunch of questions from the audience. So can you spend a minute sharing your thoughts on the travel rule and the proposal on VCTR for virtual currency?
Antonio: The travel rule - we're talking about the differentiation between the legislator and the regulator. It’s one of those where, especially in the U.S., the regulator, which is FinCEN, is looking at it and saying, “I have a law that says that you have to comply.” So I don't have an option, I have to comply. Yet, in an industry where there are so many challenges to comply with the travel rule, and so many questions are unanswered, how do you tackle a transaction with a DeFi wallet or a noncustodial wallet? There's nothing in the law that talks about that or makes any type of reference to it because it's new technology that wasn’t conceived in 1996, when the travel rule was passed.
There are so many of these challenges that, as an industry, we need to work with the regulator to bridge the gap to the legislation, because that's what they're working with - legislation that is outdated, but they have no choice but to implement it.
So without getting into all the nitty-gritty of the challenges with the travel rule, the VCTR itself is an option. I think it's an alternative. We see countries like Canada just implementing VCTRs for transactions over $10,000. It puts more of the onus on the government because that's who you're giving the data to rather than your counterpart on the transaction, and I'm just wondering at this point, “Are the regulators in those countries ready to receive that data and do what it takes with that data to make it effective?”
But we are preparing and we're getting ready to start filing VCTRs in places like Canada, implementing the travel rule in places that are really driving the requirement like Singapore. So you just have to be abreast of everything that's happening and come to the regulator with humility, saying, “I understand this is a requirement. This is how my risk assessment is. I'm trying my best in my environment with my innovation, and this is how I'm complying with it.” And you hope you find a common ground and have a collaborative relationship with them.
Eden: At Bitpay, we undertook a travel rule solution in-house a couple of years ago after analyzing it for a long time. And in discussions with our regulators, it wasn't something we really felt that we were sure we should have to do at that point, but it was more of, “This is where everything's headed. This is right around the corner, one way or the other.” And that's back to the idea of the industry is changing so much, and there's so much of a focus on innovation, with compliance wrapped around it, in the space we're in. So we made that business decision to adopt a solution that our regulators would be pleased with a little earlier on.
I do think to Antonio's point, for companies that are struggling and are trying to figure out what to do about it, I guess my advice would be don't wait much longer. This is all happening. The finer details of what it's going to need and how it's going to work are still being figured out but I think it's inevitable. And so it won't go over well, if you're not ready when the time comes, if you're just so far behind in getting your solution figured out and implemented. It does take a lot of time to put one in place and to figure out what's going to be right for your company, so just plan ahead.
Trisha: Thank you for sharing your thoughts on this. We only have time for one last question, so I'm going to combine two questions from the audience. What is one trend in terms of fraud that you recommend people look out for and one red flag to watch out for?
Antonio: For us, it's no different from traditional finance when it comes to fraud and scams. I mean you do have the ransomware that’s more particular to crypto. Although it's not necessarily new, it's just that they're using crypto as a ransom instead of Western Union or instead of another financial service. But social engineering account takeovers, extortions — the trends are not that different in the crypto environment than in the FinTech or remittance or e-commerce world.
Eden: Overall you're seeing a lot of the usual attempts to get people roped into some kind of “get rich quick” scheme. You know that Twitter fraud and hack that happened a year ago? Impersonating celebrities and trying to gain people's trust? Again social engineering is an age-old technique right now in the world of security and fraud. But at the same time, I think the average person out there doesn't really understand crypto that well yet. And I think they’ll fall victim to crypto-related fraud more easily if they're not educated about it. So consumer awareness and knowledge is critical to avoiding those things. But I think from the perspective of a company like Crypto.com or Bitpay, we're on the lookout for a whole litany of fraud at all times. I don't know that one stands out more than another.