'Crime and Cryptocurrency in Australian Courts' by Aaron M Lane and Lisanne Adam in Monash University Law Review (Forthcoming) comments
This article presents the findings of the first empirical study of reported Australian case law involving Bitcoin and other cryptocurrencies between 2009 and 2020. The initial dataset consists of 103 cases, with 59 criminal decisions and 44 other decisions. Focusing on criminal proceedings, the study finds that cryptocurrency has been considered in the context of bail, extradition, restraining orders, trials and sentencing. Significantly, the study finds that the use of cryptocurrency in the commission of an offence is seen by courts as a factor that tends to increase the sophistication or seriousness of the offence – becoming an aggravating factor in sentencing – and leads the court to consider general deterrence above other sentencing purposes.
The authors argue
There is a perception that Bitcoin, and the other cryptocurrencies that followed, are associated with criminal activity. By our count, there are four dimensions to this perception from the literature – which is briefly surveyed here as introductory context for the first study on crime and cryptocurrency in the Australian courts.
First, law enforcement experts claim that Bitcoin is “the currency of choice for cybercriminals” in the commission of ransomware attacks and other forms of theft and extortion in the digital environment. Also in this category, cybercriminals are using cryptocurrency in running fraudulent investment scams. Statistics collected by the Australian Competition and Consumer Commission show that “in 2019, reported losses for cryptocurrency scams exceeded $21.6 million from 1810 reports.” Data reported by Chainalysis puts the global figure at US$7.8 billion.
Second, cryptocurrencies are used to exchange illegal goods and services from ‘dark web’ online marketplaces, such as Silk Road, which exclusively used Bitcoin for the platform’s illicit transactions. Famously, Silk Road’s founder Ross Ulbricht was convicted in the United States and sentenced to life imprisonment for charges relating to his role in the criminal enterprise. The convictions were upheld on appeal notwithstanding that two federal agents were also charged and sentenced for their conduct in the course of the investigation against Ulbricht, including misappropriating Bitcoin into offshore bank accounts. The Ulbricht saga brought into popular consciousness the fact that cryptocurrencies provided a new payment platform for those seeking to illicitly transact with counterparts across borders, pseudonymously. While estimates vary, the most recent industry analysis reports total illicit cryptocurrency transactions at US$14 billion in 2021 – although this equates to just 0.15% of the total volume of cryptocurrency transactions.
Third, Bitcoin has been described as a “criminal's laundromat for cleaning money” that has been earned from illicit enterprises. Of course, money laundering is a serious criminal offence in and of itself. Although, initially, the use of Bitcoin and other cryptocurrencies were not subject to the same regulatory constraints as the use of fiat currency. In 2017, the Federal Minister for Justice and Minister Assisting the Prime Minister for Counter-Terrorism asserted that “it is recognised globally that convertible digital currencies, such as bitcoin, pose significant money laundering and terrorism financing risks because they allow people to move money around the world on a peer-to-peer basis without revealing their identity.” On this basis, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (‘AML CTF Act’) was amended to require Australian cryptocurrency exchanges to comply with Anti- Money Laundering and Counter-Terrorism Financing laws under regulator AUSTRAC’s purview. The stated purpose of the amendments was to “deter criminals from using convertible digital currencies to move illicit funds and avoid detection” and “facilitate the collection of transactional information about exchanges in digital currency for use by law enforcement, intelligence and national security agencies”. At the end of February 2022, AUSTRAC had revoked the registration of seven cryptocurrency exchanges, suspended another, and refused to register a further six exchanges.
Fourth, there are concerns that cryptocurrencies could be used for tax evasion. The Australian Taxation Office has provided guidance on various issues surrounding the tax treatment of cryptocurrency. As with money laundering, the pseudonymous, borderless nature of cryptocurrency transactions — combined with Australia’s tax system of self-assessment — means that the task of tax enforcement is more difficult and provides a greater opportunity for tax evasion. Tax evasion is a crime regardless of the underlying legitimacy of the transaction that gave rise to the taxable event.
As this introduction outlines, it appears that criminal entrepreneurs were among the first to find a use case for cryptocurrencies. It is not surprising, therefore, that law enforcement and regulatory agencies around the world have established digital taskforces focusing on crime and cryptocurrency. Domestically, the Australian Federal Police’s (AFP) Cybercrime Operations Unit and AUSTRAC have primary carriage of these matters among enforcement bodies, in addition to the Australian Cyber Security Centre. State and territory police forces also appear to have developed some capabilities in this area.
Against this background, it was inevitable that criminal cases involving cryptocurrency would come before the Australian courts. However, there is currently no reported data on criminal cases involving cryptocurrency in Australia. The purpose of this article, therefore, is to investigate in what contexts Bitcoin and other cryptocurrencies have been considered in criminal matters before Australian courts and critically analyse of how the use of cryptocurrency has factored into judicial decision making in the context of criminal proceedings. This article will proceed as follows. Section two introduces Bitcoin and cryptocurrencies. Section three explains the study’s methodology and reports the study’s quantitative findings. Section four provides the study’s qualitative findings. Section five will bring the study’s findings into conversation with theoretical perspectives from the law and economics and criminology literatures. Section six concludes.
In Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 - a landmark judgment - the FCA has identified that obligations for Directors under the Australian Financial Services Licence regime include obligations to adequately manage cyber resilience and cybersecurity risks. RA was found to be in breach of the Corporations Act 2001 (Cth).
Rofe J made declarations that RI breached obligations under s 912A(1)(a) by failing to ensure adequate cybersecurity measures were in place and/or adequately implemented across its Authorised Representative, with breach under s 912A(1)(h) by failing to implement adequate cybersecurity and cyber resilience measures and exposing its Authorised Representatives’ clients to an unacceptable level of risk.
He stated
it is not possible to reduce cybersecurity risk to zero, but it is possible to materially reduce cybersecurity risk through adequate cybersecurity documentation and controls to an acceptable level.
noting 'that the relevant risks and controls deployed to address cybersecurity evolve over time' and that 'as cybersecurity risk management is a technical area, the adequacy of risk management must be informed by people with technical expertise in that area'.
AFS Licence holders are required to identify the risks faced in the course of providing financial services, including in relation to cybersecurity and cyber resilience. The holders must have established documentation, controls and risk management systems that are adequate to manage risk across their network.
The 'reasonable standard of performance' is to be assessed by reference to the reasonable person qualified in that area, not the expectations of the general public.