Central Banks Consult on Tougher Crypto Asset Oversight

The Basel Committee on Banking Supervision (BCBS) is soliciting comments on “Designing a prudential treatment for crypto assets,” to improve the regulatory oversight by March 2020. The paper says,

“These types of crypto-assets are not legal tender, and are not backed by any government or public authority.”

But while being small in size in comparison to the global financial system, the crypto-assets has the potential to raise financial stability concerns and increase the risks such as money laundering faced by banks.

However, crypto assets are still an “immature” asset class because of the lack of standardization and constant evolution. The committee further raised a warning that certain crypto assets have a high degree of volatility and present risks of liquidity, operational, credit, market, terrorist financing, money laundering, legal and reputational risks for banks.

As such, if banks decided to acquire digital currencies or provide related services, they should apply “a conservative prudential treatment to such exposures.”

Prohibiting from Exposure to crypto-assets & Info on Holdings

For the supervisory review process, the BCBS proposes that banks should have a rigorous process to conduct comprehensive due diligence and risk assessment for crypto-asset exposures.

Banks should also inform their supervisory authorities of actual and any planned crypto-asset exposure, the paper says. They need to assure that they have fully assessed the associated risks and how they mitigated them. If not satisfied, supervisors can take appropriate action.

The committee also proposes that banks should disclose “granular” information on crypto-asset holdings on a quarterly basis. The said,

“Any specified treatment would constitute a minimum standard for internationally-active banks. Jurisdictions would be free to apply additional and/or more conservative measures if warranted. As such, jurisdictions that currently prohibit their banks from having any exposures to crypto assets would be deemed compliant with any potential global prudential standard.”

The closing date for comments is March 13, 2020. The Committee will then decide whether to specify a prudent treatment for crypto-assets, issue a consultation paper detailing the proposals and seek further input from stakeholders.

Read Original/a>
Author: AnTy

StrandHogg Android Vulnerability Can Grab Wallet and Banking Information

StrandHogg has already been used for accessing banking data. The exploit has been documented by security company Promon and seems to affect all Android versions. Since researchers in the security field have been knowing about the StrandHogg proof-of-concept model ever since 2015, the exploit isn’t at all new.

The Dangerous StrandHogg Version Has Been on the Internet for a While

The potentially dangerous StrandHogg version has been propagating all over the internet in the past year, hidden in malware. Promon even made a page with information on it after learning how fast it spreads and how dangerous it can be. What it seems to do is interrupting the way an app flows from the moment of the launch to the one of the welcoming screen appearing. It forces the Android user to give the malware permission before letting the app run. This is what the Marketing and Communication Director at Promon, Lars Lunde Birkeland had to say about it:

“Our researchers focused on describing the vulnerability, as such, but we also collaborated with Lookout Security who contributed some parts by scanning their datasets of malware. They found 36 malicious apps that exploit the flaw. We tested the top 500 most popular apps and all of them are vulnerable.”

More than this, all Android versions, including Android 10, can be affected according to Promon.

Launched on almost any kind of phone with Android, the StrandHogg exploits and hijacks apps and sends the pop-ups that ask to have access to contacts, stored data, and location. After permission is given, the app starts running normally. Birkeland explained how it works:

“The victim clicks on the legit app but instead of being directed to the legit app the malware tricks the device to show a permission pop-up. The victim gives the malware and the attacker the permissions and then you’re redirected to the legit app.”

Researchers have discovered that the Trojan program BankBot in fact used the exploit to ask for permission for intercepting messages, make calls and even lock the phone until a ransom is paid. This has raised many concerns among those who are banking with their phone or are using wallet apps. More than this, the exploit can also present a fake page for logging in with some apps on Android, yet the permissions exploit is the one more widespread.

The Vulnerability is Very Serious

Promon came across the malware when many banks from the Czech Republic started to report that their customers are having money taken from their accounts. This is what the company wrote:

“From here, through its research, Promon was able to identify the malware was being used to exploit a dangerous Android vulnerability. Lookout, a partner of Promon, also confirmed that they have identified 36 malicious apps exploiting the vulnerability. Among them were variants of the BankBot banking trojan observed as early as 2017. While Google has removed the affected apps, to the best of our knowledge, the vulnerability has not yet been fixed for any version of Android (incl. Android 10),” wrote the researchers.”

The name StrandHodd comes from an old tactic used by the Vikings to raid the coast and to kidnap people for ransom.

Read Original/a>
Author: Oana Ularu

Cashaa Will Open USD-based Banking Services for Crypto Companies

A new platform called Cashaa has issued a press release about its new crypto-friendly banking services and added USD bank accounts.

Cashaa’s platform is simple to navigate and it offers a number of services, including “next generation banking.”

The press release explained that it has launched US dollar bank accounts, in partnership with Metropolitan Commercial Bank, for crypto businesses. The service will be available beginning November 25, and from that date, cryptocurrencies and other high-risk businesses will be able to apply for the bank accounts and access the full banking features from countries, except those that are sanctioned.

Janina Lowisz, the co-founder of the platform, shared in the press release that crypto businesses are underserved by traditional banks. The goal of the platform is to create a hassle-free experience for all businesses that are building new technologies and business models.

The press release further explains that to-date, over 800 crypto businesses have registered since the platform’s beta launch last May. The company has also had a busy few months as it sought a quick solution for onboarding genuine businesses. The platform’s current banking services include UK current bank accounts that are limited to 1 billion GBP with Mastercard.

To facilitate a quicker onboarding process and to reduce rejections, the company developed a pre-compliance team. Archit Aggarwal, the Chief Product Officer, shared in the press release that the platform’s automated system and ability to understand crypto businesses has made the company a leader in the European banking space. The products are developed for startups, and since the onboarding compliance team was put together, the onboarding speed has doubled with the platform’s UK regulated partner entities.

The platform’s US accounts will be domiciled in the United States can access ACH and SWIFT without limits. There is a one time setup fee of 250,000 CAS. Customers will also be able to onboard, they’ll have lower transaction fees, and higher limits, risk coverage, and access to customer service to support them.

“}” data-sheets-userformat=”{“2″:13057,”3”:{“1″:0},”11″:3,”12″:0,”15″:”Open Sans”,”16″:11}”>Latest Bitcoin Price News and Crypto Market Updates

Read Original/a>
Author: Silvia A