Cryptocurrency (crypto) is defined as a decentralized digital currency intended to be used in buying or selling goods and services. Crypto can come in many forms. The purpose of this blog is to extend the conversation from my previous blog, Cryptocurrency: The go-to guide, and explore the risks to your institution and to the larger regulatory landscape.
As the utilization of cryptocurrency increases, so do risks to the financial services industry. The risks may be detrimental to company fraud losses and regulatory compliance. Fortunately, the Anti-Money Laundering Act of 2020 (AMLA 2020) explicitly requires the Bank Secrecy Act (BSA) to be applied to crypto. More specifically, crypto exchanges are being considered as money service businesses (MSBs) meaning crypto exchanges must follow:
- The travel rule
- All other BSA regulations including –
- Customer Due Diligence (CDD),
- Suspicious Activity Reports (SARs), and
- Cash Threshold Reports (CTRs)
How this is going to be fully applied by regulators has yet to be determined. However, many measures can be applied today by the financial services industry to ensure compliance when regulatory direction is published.
Risks to the financial services industry
Change isn’t possible without risk.
The risk in the widespread adoption of crypto is that poor AML and fraud practices are heavily present in the crypto exchange market. The reasons are multifold:
- Enhanced Due Diligence (EDD) is not required on crypto exchanges or ATMs at this time.
- Regulators have established guidance within AMLA 2020 to require crypto exchanges to operate as MSBs, however, cryptos do not fit neatly into the current regulatory framework. Moreover, crypto exchanges/ATMs being categorized as MSBs allow for anonymous transactions of up to $1,000. Meaning, unless these customers exceed $1,000 at a single crypto exchange the only personal identification information collected is limited to a phone number or email address. This allows illicit funds (i.e., smurfing/traditional money laundering practices) to easily move through the blockchain with total anonymity
- Crypto exchanges do not fit neatly in the definitions of a MSB because they are more like a financial institution in the way they operate. This is due to fiat currency, a government-issued currency that is not backed by a commodity such as the U.S. Dollar, being transferred to a new type of digital currency rather than fiat to fiat.
- Financial compliance professionals and crypto ATMs/exchanges, generally speaking, have limited understanding of each other. This leads to facilitation and unintentional overlooking of typical financial crime trends within the industry. Crypto operators are not incentivized to monitor and report AML and fraud practices which means profit is often prioritized over compliance.
- Lack of FinCEN enforcement of crypto exchanges/ATMs
Illicit crypto funds are not only flowing in the U.S. The U.S. Department of Treasury is beginning to crackdown especially with the release of the Suex OTC sanctions addition, part of a broader process of restricting crimes in the crypto universe overall.
Risks to crypto consumers
The risks to the consumers of crypto are also especially high. Crypto is highly volatile, intangible, exists on a non-regulated 24-hour stock market, and is uninsured by any authority. All of which appeal to criminal/illegitimate purposes.
Trending schemes and scams facilitated by crypto
- Smurfing
- Money-laundering through crypto exchanges/ATMs
- Romance scams
- Fake investment scams (i.e. initial coin offerings)
- Crypto used to purchase on the black market
- Human trafficking, organ trafficking, and adult services
- Art and antiquities money laundering including NFTs
- Crypto pump and dump
- Fake crypto exchanges
- Blackmailing scams
- Phishing, smishing, and vishing
- Ransomware
How to mitigate the risks
To prevent the facilitation of illicit funds through crypto exchanges and ATMs, as well as to assist law enforcement, there are several detection and compliance strategies that can be employed.
The first method of mitigation is screening your customers, whether business or personal, for sanctions (as required by law). Special attention should always be paid to sanctioned and high-risk countries. On top of sanctions screening, full due diligence should be done on all clients that are onboarded to the institution. Full due diligence includes:
- Conducting full KYC/KYB
- Collecting beneficial ownership for businesses (including parent and intermediary companies)
- Conducting risk analysis on public records
- Monitoring transactional activity (especially within the blockchain)
- Adverse media screening
All these tactics, from onboarding to investigations, can proactively aid in discovering potential risks in your organization allowing you to aid law enforcement and prevent losses to your P+L. CLEAR® investigative solutions can assist with many of these items in one fell swoop. CLEAR ID Confirm and Risk Inform quickly discern whether a customer has high financial risk by detecting criminal records, sanctions, liens, judgments, and overall identity verification. Adverse Media can assist in monitoring the high-risk customers for any media presence that may affect the customer relationship, illegitimate money facilitation, and reputation of the organization.
As mentioned above, one of the issues with crypto is the lack of education within the regulatory space. Educational opportunities are available through many different services. Likewise, the regulatory component of crypto can be attained by investing in yearly learnings of the BSA/AML and fraud regulations.
Investing in regulatory intelligence tools like Thomson Reuters Regulatory Intelligence will keep your organization up to date on all crypto regulation changes and advisories as they come forward from the U.S. regulatory authorities.
Lastly, organizations investigating illicit fund use and fraud will benefit from blockchain forensics tools, attribution tools, and link analysis. Through attribution, the exchange or ATM involved can be identified saving your business time and money.
Currently, crypto regulations are ill-defined, but future legislation aims to resolve that. However, getting ahead of the regulations and enforcement will help strengthen your compliance program and help stop illicit funds from flowing through the blockchain. There are currently crypto compliance working groups being formed to combat crime happening throughout the crypto space. Specifically, crypto ATM providers, exchanges, law enforcement, and suppliers of tools are coming together to form the Cryptocurrency Compliance Cooperative to fight the illicit use of crypto.
The goal of crypto compliance is to impede the funneling of funds to terrorist organizations. It will take cooperation from key players in financial regulation to achieve this.