6th January 2021
Automating AML/KYC for Digital Assets
for Digital Assets
The emergent threats of the cryptocurrency landscape have prompted governments and regulators to increase their focus on digital assets: in 2019 the Financial Action Task Force (FATF) extended its KYC-focused Travel Rule to cryptocurrency service providers and, in September 2020, released advisory guidance to member-states on the red flag indicators of money laundering using digital assets. Financial penalties are also being issued: in October 2020, the Financial Crimes Enforcement Network (FINCEN) imposed a $60 million fine on the founder of the Helix and Coin Ninja Bitcoin mixing services for violating AML rules.
Given the risks and the potential for significant penalties, firms that deal with cryptocurrency or offer other types of digital asset services must adapt their KYC process to manage new challenges. In practice, this means integrating technological automation to handle vast amounts of AML data, react to emerging criminal typologies, and continue to deliver compliance.
In principle, the KYC compliance challenge associated with digital assets remains the same as fiat currencies: firms must be able to establish the identities of customers at onboarding, and then monitor and understand their customers’ financial behavior on an ongoing basis. In more detail, conventional KYC involves:
- Customer due diligence: Establishing and verifying customer identities by analyzing information such as names, addresses, dates of birth, biometric inputs, and more. CDD also involves establishing the beneficial ownership of customer entities.
- Transaction monitoring: Firms must scrutinize their customers’ transactional behavior for suspicious activity that could indicate money laundering.
- Screening: Customers that are subject to international sanctions or that are elected to political positions present a greater level of AML risk. KYC measures should involve screening and monitoring measures that detect when customers are subject to sanctions, become politically exposed persons (PEP) or are involved in adverse media stories.
However, the speed with which digital asset transactions take place and the anonymity benefits they offer increase their AML risk and complicate the KYC process. Adding to the complexity of the AML challenge is a lack of understanding of the cryptocurrency space from authorities and financial institutions and the broad regulatory divergence between jurisdictions which allows criminals to exploit blindspots and disparities. FATF’s list of ‘red flag’ digital asset money laundering typologies revealed a range of specific risks including:
- Anonymity: Money launderers often use digital asset services to conceal their identities and conduct transactions anonymously.
- Speed: The speed with which digital asset transactions take place means that criminals can move funds around the world, engage in greater volumes of transaction, and convert between currencies at a speed that often outpaces AML scrutiny.
- Structuring: Criminals can conduct multiple digital asset transactions using multiple accounts to obfuscate the source of illegal funds and introduce them into the legitimate financial system without triggering AML controls and reporting thresholds.
- Money mules: Money launderers may coerce or incentivize third parties to conduct digital asset transactions on their behalf in order to avoid AML controls.
Customer experiences: Beyond addressing the specific risks of digital asset transactions, firms must also consider as a priority the experience of their customers during onboarding and when using their services. The more onerous the AML measures, the more likely it is that customers experience friction at onboarding and throughout the business relationship, and either turn to competitors or retreat from engaging in digital asset services.
To meet the challenge of digital asset AML/KYC compliance without negatively affecting the customer experience, firms must seek to deploy a technological solution. In practice, that means automating the collection and analysis of vast amounts of data from a range of global sources, while building enhanced speed and efficiency into AML measures to reduce administrative friction.
In data-driven digital asset environments, manual KYC is an inadequate response to the threat presented by money laundering typologies. By automating the KYC process, firms can address digital AML compliance risks and optimize customer experiences. Specific advantages of KYC automation include:
Speed and efficiency: Automated KYC enables firms to match the pace of digital asset transactions, performing customer due diligence, transaction monitoring, and screening processes quickly and efficiently. Firms will be able to establish customer identities, categorize them by risk profile, and scrutinize their transactional behavior for suspicious activity before criminals are able to convert illegal funds or move them into the legitimate financial system.
Accuracy and scope: Rather than manually working through sanctions lists and watch lists on an individual basis, automation enables firms to deploy enhanced search tools that deliver more accurate results and reduce costly noise and false positives. Those enhanced KYC tools include dedicated search algorithms and risk databases updated with the latest sanctions and watchlist information so that firms know immediately when a customer’s risk profile changes. Automated KYC technology also means that firms are able to screen against a much broader scope of AML data to ensure access to a suitable depth of relevant information.
Ongoing compliance: With the cryptocurrency landscape evolving rapidly and authorities increasing regulatory penalties, automation allows firms to maintain their compliance performance on an ongoing basis. Smart technology automation facilitates ‘horizon scanning’, helping firms react to upcoming changes in money laundering typology and to the new regulatory standards introduced by global authorities such as the FATF’s Travel Rule and the EU’s Fifth and Sixth Anti Money Laundering Directives.
Whitelisting: By establishing whitelists, firms can pre-verify the AML status of their customers, reducing AML friction and the burden on compliance officers during onboarding. In an automated whitelisting process, customers submit the required KYC information to their digital asset service provider themselves. Firms may then use a combination of automated smart technology and human expertise to approve the information and grant whitelist applications.
FATF member states require financial institutions to put risk-based AML programs in place which means they must deploy KYC measures proportionate to the risk that customers present. The typologies that characterize digital asset money laundering and other types of fintech crimes require firms to move away from the post-analysis of data and instead be proactive about AML, working to detect and prevent money laundering threats, and submit suspicious activity reports to the relevant authorities, quickly.
Accordingly, smart technology, and specifically artificial intelligence and machine learning, should be a crucial component of a pro-active AML program. Artificial intelligence and machine learning systems not only add speed and accuracy to conventional AML processes, but enable firms to harness the vast amount of unstructured electronic data they collect to enhance their KYC performance, reducing administrative noise and false positives, spotting suspicious divergences in customer behavior, and reacting to emerging criminal methodologies and new compliance requirements as quickly as possible.