Blockchain Bites: ASIC finds AI governance failings in financial services, Security Alliance exposes North Korean operatives, Crypto taxation at a crossroads, Coinbase introduces AI agents for on-chain transactions, Reddit calls quits on crypto

ASIC finds AI governance failings in financial services

As the financial services industry embraces artificial intelligence (AI) in the delivery of products and services, a new report from the Australian Securities and Investments Commission (ASIC) highlights a critical governance gap that could have significant implications for both firms and consumers.

The report, titled “Beware the gap: Governance arrangements in the face of AI innovation,” (the Report) provides a comprehensive review of 624 “AI use cases” by 23 Australian financial services and credit licensees, how they identify and mitigate associated consumer risks, and their governance arrangements.

Accelerating AI Adoption

The report reveals that AI adoption among licensees is accelerating rapidly, with a notable increase in the use of more complex and opaque techniques such as generative AI. Most AI use cases are relatively new, with many being less than two years old or still in development. ASIC’s findings are summarised in the figure below, noting that the Report only collected data up to December 2023.

In the case of Generative AI, the Report says it is often used to generate first drafts of materials, or responses to customers in carefully constrained circumstances. Some other notable use cases include:

• supervised learning which is mostly used to predict if a consumer is likely to take out a financial product using explainable models such as logistic regression, or used to derive prices, rates or forecast future series; and
• deep learning models that were mostly used for natural language processing and optical character recognition, primarily when scanning analogue form data to speed up loan, insurance, or other form-heavy business processes.

This rapid adoption underscores the transformative potential of AI in the financial services sector, offering opportunities for enhanced efficiency, improved customer experience, and innovative product offerings.

Governance and risk management gaps

While the Report finds that the way licensees are using AI is mostly cautious – that models were not providing ungoverned outputs or replacing human judgement – it also identifies significant gaps in how licensees manage AI risks, particularly those unique to AI, such as algorithmic bias.

Governance arrangements vary widely among licensees, with some lagging behind in updating their risk management frameworks to reflect the evolving risks and challenges posed by AI. This disparity in governance practices raises concerns about the potential for consumer harm if AI use outpaces the development of adequate governance frameworks.

Consumer Impact

The Report says AI has the potential to amplify existing risks to consumers and introduce new ones, such as bias, discrimination, and the provision of false information. The Report warns that without robust governance arrangements, the rapid adoption of AI could lead to significant consumer harm. This highlights the need for financial services firms to prioritise the development and implementation of comprehensive AI governance frameworks that address these risks.

Recommendations for Licensees

To mitigate these risks, the Report provides several recommendations for licensees:

1. Update governance arrangements: Ensure that governance frameworks lead AI use and are regularly updated to reflect the evolving nature of AI.
2. Consider AI strategy and ethics: Reflect on questions related to AI strategy, ethics, accountability, risk management, and oversight.
3. Enhance risk management: Develop robust risk management practices that address the unique risks posed by AI, including algorithmic bias.

Looking Ahead

As AI increasingly reshapes the financial services landscape, it is imperative for firms to strike a balance between innovation and consumer protection. By proactively addressing the governance gaps identified in the ASIC report, financial services firms can help harness the benefits of AI while safeguarding consumer interests.

For potential clients and industry professionals, staying informed about these developments and understanding the importance of robust AI governance will be crucial in navigating the evolving regulatory landscape and maintaining trust in the financial services sector.

Written by Jake Huang and Steven Pettigrove

Security Alliance exposes North Korean operatives posing as IT workers

The Security Alliance (SEAL), the leading non-profit security research group behind a number of initiatives aimed to enhance security in Web3, has launched a new initiative to combat North Korean operatives posing as IT contractors, attempting to infiltrate blockchain projects and companies.

According to SEAL’s Information Sharing and Analysis Centre (ISAC), IT experts, dispatched by the Democratic People’s Republic of Korea (DPRK), navigate freelance platforms and professional networks with crafted personas to gain contracts and generate foreign revenue—a critical means for the DPRK to circumvent sanctions and fund their weapons program. Their genuine abilities enable operatives to pass technical interviews and gather actual references in order to deceive prospective employers.

The threat of North Korean hackers targeting crypto jobs has been well publicized. Crypto firms are prime targets, not only for revenue generation but also for potential cyber exploits that could expose critical security gaps. While the claim that cryptocurrency is “untraceable” has often been debunked by law enforcement and cybersecurity experts, the pseudo-anonymity and irreversibility of transactions, coupled with the remote nature of these IT roles make the blockchain sector especially attractive to the regime.

According to SEAL-ISAC, the threat poses unique challenges:

To effectively detect when a North Korean IT worker is using fake identities to apply for a job, most companies … need to gather and analyze various types of information to verify [the applicant’s] identity, work history and education, digital footprint, patterns in code comments or documentation, and links to sanctioned entities. Unfortunately, that’s beyond the scope of most companies, even some well-resourced ones…

In response, SEAL-ISAC has launched a tool to assist companies in spotting malicious actors. Leveraging a dedicated threat intelligence feed, SEAL-ISAC compiles shared intelligence about known DPRK tactics and identities, accessible to member companies. Using STIX (Structured Threat Information expression) standards, members can submit and search intelligence on suspect applicants, including fabricated documents and identifiers associated with North Korean operative.

As this cat and mouse (or is it seal and fish?) battle continues, the increasing sophistication and resources backing DPRK IT workers underscore the need for more advanced vetting processes, even with the limitations noted above. With increasing demand for blockchain talent and IT workers, companies may feel pressed to fill roles, inadvertently inviting these “wolves in sheep’s clothing” into the flock of their business. SEAL-ISAC’s new initiative encourages a coordinated, multi-factor approach to identity verification to protect industry participants (and non-blockchain industries as well) from these threats.

Written by Steven Pettigrove, Michael Bacina and Luke Misthos

Disclosure: Piper Alderman is an advisor to the Security Alliance alongside leading blockchain and cyber security lawyers, including Gabriel Shapiro, the Lexpunk coalition, Debevoise & Plimpton LPP, and the policy teams at Paradigm and A16Z Crypto, among many others.

Reddit Redeems all Bitcoin and Ether, calling quits on crypto

On the anniversary of the publishing anniversary of the Bitcoin Whitepaper, leading Internet community website Reddit announced that has liquidated all of its holdings of Bitcoin and Ether. At the same time the holding company of the website reported that it made it’s first quarterly profit in 19 years of operation, but asserted of the contribution of the sale, which made US$7M, was “immaterial” to the US$29.8M profit announced.

Reddit has long been at home for cryptocurrency enthusiasts to discuss matters and share news and blockchain with forums (subreddits) such as r/cryptocurrency having 8.9M members and falling into the top 1% of subreddits.

Regulatory Treatment of Crypto seemingly a factor

The filing seems to have called out the unclear regulatory environment in the US, with Reddit saying:

Any investments by us in cryptocurrencies for treasury purposes are limited to Bitcoin, Ether, and any other cryptocurrency that the SEC, Commodities Futures Trading Commission, or high-ranking members of the staff of such regulatory bodies may, through public statements or guidance, identify as likely not being a security.

and

In some jurisdictions, the application or interpretation of … laws and regulations is not, and in the future may not be, clear.

Accounting treatment of crypto not ideal

The filing also noted that the accounting treatment of crypto assets is not ideal in the US, loading any loss positions into accounts immediately but deferring recognition of gains until a sale has occurred:

cryptocurrencies are currently accounted for as indefinite-lived intangible assets under generally accepted accounting principles in the United States, which means we will recognize decreases in the value of the cryptocurrencies we hold as impairments, but will not recognize any increases in their value until we have sold them. This accounting treatment may adversely affect our operating results in periods where we have recognized an impairment.

Reddit accepted payment in cryptocurrencies in 2013, and deployed blockchain systems in 2020 for a Community Points system, using two ERC-20 tokens, MOON and BRICK. In 2021 they launched a wallet to hold points and collectibles, and in 2022 supported Polgyon based NFT Avatars. But all these have since been phased out, with Bitcoin payments closed in 2019 and Community Points being closed in 2023 when it was announced that “there was no path to scale it broadly across the platform” and that “The regulatory environment has added to scalability limitations”.

The filing also notes that the uncertain regulatory environment, amongst other things “may adversely affect the value of cryptocurrencies we hold, blockchain technology we control, and our ability to buy, sell, accept, and use cryptocurrencies and blockchain technology in the future.”

The specific call-outs to regulatory uncertainty and a hostile regulatory environment impacting the use of this technology is significant, as Reddit users lose out from innovation and efficiency from Reddit being a supporter of a technology which clearly has a lot of interest. As the regulatory environment becomes clearer, and if (a big if) licensing is affordable and efficient, perhaps we will see crypto return to Reddit one day.

Written by Michael Bacina

Crypto taxation at a crossroads

As global regulators sharpen their focus on crypto-assets, jurisdictions are testing a range of tax approaches – from Denmark’s proposal to tax unrealised crypto-asset gains, to less aggressive up-front frameworks that instead propose higher taxes upon realised crypto-asset disposals. These efforts underscore mounting concerns around economic equity, price volatility and regulatory oversight, as crypto’s influence on traditional financial systems continues to grow. Australia’s approach adds another layer, offering a contrasting perspective within the global regulatory landscape.

Italy to increase tax on realised crypto gains

Italy’s proposed budget for 2025 aims to generate around €68 million by enforcing a heightened tax on crypto capital gains, jumping from 26% (which was roughly in line with an Australian taxpayer paying the highest marginal rate on a crypto-asset disposal where they were entitled to the general 50% CGT concession) to a much higher 42%. Italy’s CGT rate for most other CGT assets remains at 26%.

Denmark’s proposal to tax unrealised gains

Denmark’s plans to introduce a novel model by applying an ‘inventory-based’ taxation system on unrealised gains at 42% (this seems to be the magic number for EU countries – perhaps EU legislators are fans of Douglas Adams’ ‘The Hitchhiker’s Guide to the Galaxy’), targeting the annual change in value of crypto holdings. Under this system, investors would pay tax on ‘paper gains’, or gains in value for assets they continue to hold. Denmark argues this approach brings crypto in line with specific financial contracts subject to similar treatment under the ‘lagerprincippet‘ which taxes inventory value changes yearly.

While Denmark’s method may be appropriate for low-frequency traders with fewer assets to assess annually, it raises some liquidity concerns. In a volatile crypto market, taxing unrealised gains risks putting undue strain on investors/traders, who might lack the cash/liquid assets to pay taxes on value increases they haven’t realised (i.e., monetised). The Danish proposal includes liquidity relief options, such as carrybacks and allowances for post-year market drops, but it could still discourage long-term investment by creating unpredictable tax liabilities. Several big industry players have criticised the tax hikes, with Tether CEO Paolo Adroino commenting on X:

How does Australia line up?

In contrast, Australia treats cryptocurrency as an asset that falls under the general definition of property (as opposed to a specific asset that requires specific treatment). Taxes are generally applied when assets are sold, ensuring that investors pay capital gains tax (CGT) on realised gains. This allows investors to manage their tax obligations based on actual profit-taking, thereby reducing the risk of having to sell assets to cover taxes on unrealised gains. However, there are exceptions to this, such as the wrapping and unwrapping of crypto-assets, whereby a taxpayer may incur a large tax bill without converting any of the crypto-assets into fiat currency with which they can pay tax with (an outcome that practitioners often disagree with).

Conclusion

While EU nations’ moves towards aggressive methods and rates of taxation might increase tax revenue, it creates unique challenges in the crypto market. Crypto-assets are historically volatile, and taxing unrealised gains could discourage investment and trap investors who lack the cash to cover tax obligations during market downturns. This may cause investors to sell their holdings or relocate to jurisdictions with more favorable tax policies, impacting market dynamics and affecting the EU’s competitiveness in the blockchain ecosystem.

As nations around the world develop diverse crypto tax frameworks, Australia has the opportunity to observe and adapt. Australia’s own review of crypto-asset taxation remains in the hands of government following the Board of Taxation’s much anticipated and long delayed review. While an open-minded approach to international trends will allow Australian policymakers to refine the country’s tax treatment as needed, ultimately a balanced crypto tax policy that considers investor liquidity, market volatility, and fiscal goals will be key to fostering a sustainable environment for digital assets in Australia.

Written by Steven Pettigrove and Luke Higgins

Coinbase introduces AI agents for on-chain transactions

Coinbase has introduced “Based Agent,” a tool designed to enable crypto users to create their own AI agents with crypto wallets in less than three minutes. Once configured, these AI agents can autonomously handle various onchain tasks, from executing trades to staking and swaps.

“Based Agent” operates as a template tool built with Coinbase’s Software Development Kit (SDK) and integrates technology from OpenAI and Replit. By using the SDK, crypto users can create and manage an AI bot specifically programmed to interact with smart contracts and complete onchain tasks.

According to Coinbase developer Lincoln Murr, the objective is to streamline the process of building custom AI agents, making the setup accessible to all users with basic tools, including API keys from Coinbase and OpenAI, alongside Replit’s forked template.

What can Based Agent do?

Once set up, Based Agent can execute smart contract functions, perform trades, stake tokens, and even register their own base name. This move aligns with Coinbase CEO Brian Armstrong’s advocacy for autonomous AI agents in the crypto ecosystem.

Coinbase’s Vision for AI-Driven Transactions

The platform’s push for AI-driven crypto tools could align with broader predictions for blockchain’s future. Coinbase’s Base protocol head, Jesse Pollak, mentioned Luna—a similar AI agent capable of tipping users autonomously onchain—as an example of how AI agents could deepen engagement in social interactions. Pollak highlights Luna as one of the first AI tools in the space to autonomously handle microtransactions on X.

These developments reflect a broader belief that AI agents could become a significant part of everyday commerce through blockchain integration. The notion of a fully autonomous blockchain landscape underscores the pace of change, as AI and blockchain integration grows.

The question of how AI bots could revolutionize blockchain transactions and beyond was also covered in a recent A16Z podcast on AI bots and memecoins touching on the $GOAT memcoin frenzy where an AI has apparantly been promoting a memecoin, driving it to a near US$1B market capitalisation within 2 weeks of launch.

The Future of AI and Blockchain

Coinbase’s “Based Agent” is quite a bit different to the $GOAT situation and marks a significant step in bridging the gap between AI and crypto operations. It remains to be seen how users take advantage of its potential and what these AI agents will be doing. Will we soon see AI-driven agents dominating the majority of onchain transactions? The implications for speed, scale, and security in blockchain transactions may soon become apparent.

This technological leap also raises new and complex legal and regulatory issues for software developers and platforms who look to offer or deploy AI bots to users, while the potential implications for market integrity could be significant just as the use of algorithms and other automated trading strategies have had significant impacts on traditional markets. If an AI bot makes some bad trades or is tricked into losing the owner’s assets, will we see some kind of claim? For the time being users should adopt a caveat emptor approach to AI agents and not put them in charge of anything they aren’t willing to lose.

Written by Steven Pettigrove, Luke Misthos and Michael Bacina