The OCC’s new banking risks report mentions “virtual currency” twice.

In context, the risks the report identifies are not as dire as they might seem at first blush.

The first mention is:

Banks and other businesses continue to receive extortion demands to be paid in virtual currency in exchange for preventing or stopping distributed denial of service attacks or for the decrypting or return of proprietary information.

The report cites a McAfee study finding that ransomware samples are one the rise. As we have noted before, cryptocurrencies are not a but-for cause of these attacks. Rather, threats like ransomware depend on poor cybersecurity, which has nothing to do with digital currencies.

The second mention of “virtual currency” in the report reads in its entirety:

New platforms and technologies, such as virtual currencies, enable anonymity for cyber criminals, including terrorists and other groups seeking to transfer and launder money globally. These methods not only pose substantial challenges for compliance with the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) laws and regulations, but also help cyber criminals raise funds to pay for physical and cyber attacks.

It’s interesting that “virtual currency” is used as an example of a broader set of “new platforms and technologies” about which the report is warning. To our knowledge, there is no evidence that cryptocurrency has been used by terrorist groups to ‘pay for physical attacks.’ Cryptocurrencies are also not as anonymous as many believe. A better example for this broader set of these enabling technologies might be prepaid cards.