A Guide to Anti-Money Laundering for Crypto Firms

UK Finance Calls for Further Action to Fight “Ransomware Epidemic”

Crypto Latest News

Trade association UK Finance has issued a new report calling for further action from the UK government and regulators to mitigate a “ransomware scourge” that produced over 620 million detected attacks in 2021. The report details growing concerns around cryptocurrencies being used to pay ransomware attackers and includes recommendations for the banking and finance sector. 

Law enforcement agency Europol’s Internet Organized Crime Threat Assessment, published in December 2021, highlighted that ransomware will continue to dominate and proliferate as attackers focus on high-value targets and utilize increasingly sophisticated technology and tactics. 

UK Finance has urged authorities to increase their focus on ransomware criminals by taking aggressive action in the form of sanctions, better reporting processes to improve knowledge of threats, and expanded regulations to cover non-bank entities that facilitate the ransomware business model, including crypto exchanges. In the long term, UK Finance proposes using tighter legislation and standards to provide a sustained approach to managing how cryptocurrencies are used in cyberattacks and fraud. 

The report highlights four key recommendations for the banking and finance sector to combat the rising threat of ransomware including: 

  • Better regulatory standards and rules for use of crypto
  • Greater financial services involvement in legislation
  • Greater financial services involvement in the global ransomware taskforce 
  • Guidelines/principles for dealing with ransomware and the cyber insurance sector

Ransomware and cryptocurrency

The report notes that ransomware attackers often receive payments in cryptocurrency, which are then laundered, before “cashing out” of the crypto ecosystem. This trend is also highlighted in the EU Cybersecurity Agency’s Threat Landscape 2021 report, which identified a particular process ransomware attackers use to launder their crypto profits. First, the crypto is sent through a mixer before being exchanged via “1) a bitcoin exchange for money, 2) a (human) bitcoin trader in exchange for physical money, 3) money laundering services, or 4) used directly as bitcoins”.

In recent months both the Financial Conduct Authority (FCA) and the Treasury have issued significant updates to the UK’s current and proposed crypto regulatory infrastructure. The FCA issued a notice strengthening promotion rules for high-risk and crypto firms, as well as issuing guidance on crypto sanctions evasion. The Treasury later announced a plan to adopt stablecoins as a valid form of payment, as part of a wider plan to boost the UK’s reputation as a hub for regulated digital payment companies.

Next steps

Cybercrime, including ransomware attacks, is not only a threat to individuals but also to corporations and state infrastructure. Data shows that targets remain varied and include hospitals, banks, critical infrastructure, educational institutions, and financial institutions. Criminals will continue to adapt the industries and businesses they focus on based on perceived levels of vulnerability. 

As a result, it is essential that firms boost their cyber defenses and practice cyber hygiene. Strong cybersecurity controls, business continuity, and resiliency plans should be implemented as well as ensuring employees are aware of the sanctions risks associated with processing payments to sanctioned entities on behalf of victims.

AML Crypto Guide

Uncover the essentials of building and scaling a crypto AML program and how to navigate regulatory change.

Download the full guide

Originally published June 1, 2022, updated June 1, 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).