26th January 2021
Transaction Monitoring for Cryptocurrencies
What You Need To Know
The potential threat that cryptocurrencies pose to the financial system is significant: in the first five months of 2020 alone, research suggests that cryptocurrency thefts, hacks, and fraud amounted to around $1.36 billion – one of the highest levels on record. To manage that disruptive effect, regulators around the world have imposed new compliance rules to ensure that cryptocurrency service providers, or any institution that deals with crypto, are able to detect and prevent threats and ensure that the authorities are made aware of emergent criminal methodologies.
As a foundation of effective AML, the transaction monitoring process requires firms to scrutinize their customers’ transactional behavior in order to spot attempts to commit crimes such as money laundering. Since criminals may be able to exploit the anonymity and speed of cryptocurrency services to conceal their identities and move funds quickly between accounts, transaction monitoring becomes both more important and more challenging.
To address that challenge, firms should understand how to adapt and shape their AML transaction monitoring process to deal with the emergent risks of cryptocurrency services and ensure that they are able to achieve ongoing compliance in a changing regulatory landscape.
Cryptocurrency money laundering methodologies are similar to other types of cybercrime in the sense that they pose a new set of AML risks that complicate the transaction monitoring process. The specific challenges of cryptocurrency transaction monitoring include:
- Customer anonymity: Cryptocurrency transactions may be carried out anonymously, allowing high-risk customers to evade standard monitoring measures in order to transfer illegal funds.
- Transaction speed: Cryptocurrency transactions can take place in a matter of seconds, allowing money launderers to move large volumes of illegal funds around quickly and stay ahead of transaction monitoring measures.
- Structuring potential: Money launderers may easily structure multiple cryptocurrency transactions, transforming illegal funds in a manner that does not trigger reporting thresholds or AML monitoring alerts.
- Use of money mules: An extension of the anonymity benefits associated with crypto transactions, criminals may engage third-party individuals to act as money mules that conduct transactions on their behalf and so avoid attracting the attention of transaction monitoring measures.
Adding to the complexity of crypto transaction monitoring is the unfamiliarity of legislators, regulators, banks, and financial institutions, with the crypto-financial space. Cryptocurrency technologies are relatively new and are evolving constantly: that pace of changes means that national authorities have to work hard to adapt to a new risk landscape while at an international level there is broad regulatory divergence.
In 2020, the Financial Action Task Force (FATF) released guidance on the characteristics of cryptocurrency money laundering schemes, drawing on internal investigations and from case studies of member-states. The publication, Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing, set out a series of red flag indicators intended to help firms calibrate their cryptocurrency transaction monitoring measures and better respond to the new risk landscape. The red flag indicators of cryptocurrency money laundering include:
- Transactional behavior: Unusual cryptocurrency transaction types such as high frequencies of transaction in a short period of time or the rapid deposit and withdrawal of funds into a recently opened account.
- Geographical risks: Transactions that move cryptocurrency into or out of high-risk countries or jurisdictions or that send currency to exchange in a country other than the one in which the customer is resident.
- Structured transactions: Multiple cryptocurrency transactions that are deliberately structured in amounts that do not trigger reporting thresholds.
- Anonymous transactions: Criminals seeking to exploit the anonymity of cryptocurrencies may use privacy coins, trade on unlicensed exchanged sites, or use proxies to make trades. Criminals may also seek to anonymously control multiple cryptocurrency wallets from the same IP address.
- Inadequate CDD: Cryptocurrency transactions involving accounts that have inadequate customer due diligence or involving customers that have denied or evaded requests to provide identifying information.
Money-muling: Elderly and financially vulnerable customers or customers that seem unfamiliar with cryptocurrency technology may be being used as mules to carry out transactions on behalf of money launderers.
After revisions to the FATF Recommendations between 2018 and 2019, new guidance was issued on cryptocurrency service providers, bringing them under the scope of existing AML/CFT compliance regulations. Under their new obligations, cryptocurrency firms are required to deploy risk-based transaction monitoring measures that capture the money laundering risk that their customers present.
In practice, that means firms should perform risk assessments of their customers and put ongoing Know Your Customer (KYC) measures in place to ensure that assessment remains accurate. KYC is another foundation of conventional AML transaction monitoring and holds the same importance in a crypto context, helping firms understand who a customer is, their financial history, and their risk profile.
With that in mind, key compliance considerations for cryptocurrency transaction monitoring include:
Customer due diligence: Crypto service providers should build their risk profiles and transaction monitoring measures on accurate CDD. In practice, this means acquiring verifiable digital credentials from customers including official documentation such as passports or driving licenses or even biometric identifiers such as fingerprint or face recognition.
Screening and monitoring: Cryptocurrency service providers should inform their transaction monitoring process by screening and monitoring for a variety of crucial risk data including their customers’ PEP status, involvement in adverse media stories, and presence on relevant international sanctions or watch lists.
Smart technology: Transaction monitoring in the crypto space involves the collection and analysis of vast amounts of data that would be impossible to process manually. In order to manage that requirement, firms should integrate a range of automated smart AML tools to add speed to the transaction monitoring process, enhance accuracy, and ensure that suspicious activity is detected and reported to the authorities in a timely manner.