This article appears as the "Discussion of the month" topic in AML News and Updates Newsletter - July 2023 edition which can be found here.
Implementing an Anti-Money Laundering (AML) program in the crypto industry presents unique challenges that require careful consideration. Have you ever wondered why?
The truth is that cryptocurrencies are based on the blockchain technology, and crypto entities offering cryptocurrency services have a very different business model than traditional institutions. As a result, is it possible to ask this type of entities to apply traditional AML measures?
The world of cryptocurrencies has witnessed a remarkable surge in adoption during the last few years, with about 8,685 cryptocurrencies in existence as of February 2023 (Source: Statista). This widespread adoption by users can be attributed to several factors including:
☑️ Decentralized transactions: Users of cryptocurrencies can transact without intermediaries, such as traditional financial institutions. Also, there is no centralized authority to control the new issuance of coins. The blockchain is controlled by its users, not by a central authority.
☑️ Speed of transactions: Cryptocurrency transactions can be processed quickly, especially in comparison to traditional banking systems, which may involve intermediaries and multiple verification steps. Cryptocurrencies facilitate near-instantaneous transfer of funds, enabling faster settlement times for transactions.
☑️ Enhanced security: Cryptocurrencies employ advanced cryptographic techniques to secure transactions and user identities. The use of encryption makes it extremely difficult for unauthorized parties to manipulate or counterfeit transactions, providing a higher level of security compared to traditional currency systems.
☑️ Global transactions: Users of the cryptocurrency platform can transact internationally, regardless of geographical boundaries or banking infrastructure.
The misuse of cryptocurrencies
During its early development, the cryptocurrency industry faced vulnerability to criminal exploitation due to perceived anonymity. Criminals saw an opportunity to engage in illicit activities, taking advantage of the decentralized and pseudonymous nature of cryptocurrencies. This allowed them to hide their identities and evade traditional financial oversight.
Developments to prevent the misuse of cryptocurrencies for illegal purposes
Soon after the early adoption and significant increase of cryptocurrencies transactions, the private sector and regulators took action to address these risks and mitigate the misuse of cryptocurrencies for illegal purposes. These included:
🔶 Blockchain Forensics: The development of blockchain forensics improved the ability of investigators and law enforcement to trace and track transactions. Blockchain forensics employ sophisticated techniques to analyze the public ledger, or blockchain where cryptocurrencies operate, and identify patterns, addresses, and transaction flows, making it increasingly difficult for criminals to launder money without leaving a digital trail.
🔶 Regulatory developments: Recognizing the need to mitigate the risks associated with cryptocurrencies, regulatory bodies worldwide have started implementing measures to regulate the crypto industry.
For example, the Financial Action Task Force (FATF) in October 2021 issued an Updated Guidance for a Risk-based approach to Virtual Assets (Crypto Assets) and Virtual Asset Service Providers (Crypto Asset Service Providers).
The guidance aims to assist countries to identify risks related to these activities, take effective measures to mitigate those risks including regulating the sector.
These measures aim to bring the industry in line with traditional financial systems and ensure compliance with anti-money laundering (AML) and counter-terrorism financing (CTF) frameworks. But, is it possible?
Challenges in Implementing Traditional KYC and CDD on Blockchain Technology:
One of the primary requirements imposed on crypto entities by these new regulations is the implementation of robust AML programs.
Although possible, due to the specific characteristics of blockchain technology, implementing an AML program in a crypto asset provider can pose significant challenges such as:
😎 Privacy Concerns: Blockchain technology prioritizes privacy and anonymity, which may conflict with the transparency required by KYC and CDD processes. Striking a balance between privacy and compliance becomes a significant challenge for crypto entities, highlighting the importance of employing innovative solutions.
👓 Decentralization and Pseudonymity: Unlike traditional financial systems, cryptocurrencies operate on decentralized networks where users have control over their private keys and can transact pseudonymously. This decentralized nature makes it challenging to establish a centralized point for collecting and verifying user information, requiring innovative strategies to identity verification.
🙇 User Experience: Traditional KYC and CDD processes can often be time-consuming as they often involve manual document submissions and verification. Incorporating such processes into blockchain-based platforms may hinder user experience. Overcoming this challenge requires striking a delicate balance between regulatory compliance and user-friendly solutions that retain the convenience and speed offered by cryptocurrencies.
🔐 Technical Complexity: Cryptocurrencies operate on complex technical infrastructure, such as blockchain networks, cryptographic protocols, and decentralized systems. The technical intricacies of these technologies can make it difficult for crypto providers to translate AML requirements into practical implementation steps that align with their unique operational processes and technical infrastructure.
🔎 Lack of Industry Standardization: As the cryptocurrency industry is still relatively young, there is a lack of standardized AML practices and frameworks specifically tailored to cryptocurrencies. This absence of industry-wide standards can lead to confusion and uncertainty for crypto providers, making it challenging for them to navigate the AML landscape effectively.
🌍 Cross-Border Considerations: Cryptocurrencies operate across national borders, and AML regulations can vary significantly from one jurisdiction to another. Crypto providers often need to comply with multiple sets of AML requirements, each with its own unique characteristics, legal interpretations, and reporting obligations. Understanding and adhering to these different regulatory frameworks can be a complex task, especially for global crypto entities.
Practical Considerations for Crypto Providers
Crypto providers face unique risks in terms of money laundering and illicit activities due to the characteristics of the cryptocurrency industry. Despite the fact that crypto providers operate in a very different business model, it is possible to establish an effective AML program, by considering and implementing the following practical measures:
⚡️ Understand the Regulatory Requirements:
Understand what is required by the national law for crypto asset providers.
Consider the regulator’s guidance on AML and KYC requirements .
Stay informed about any updates or changes in the regulatory landscape and adapt your AML program accordingly.
Keep in mind that different regulators may have different requirements for crypto providers. Usually, this requires the assistance of a specialized consultant or a lawyer who is familiar with the different regulations.
⚡️ Risk-Based Approach:
Conduct a comprehensive business-wide (otherwise known as firm-wide) risk assessment.
During the risk assessment, take into account the specific risks associated with the crypto industry.
Prioritize the highest-risk areas, including the risks related to anonymous transactions, privacy coins, and peer-to-peer transactions.
⚡️ Enhanced Due Diligence (EDD):
Understand what is required by the AML law and the regulator’s requirements for EDD.
Conduct enhanced screening to high risk customers to ensure that all risks are identified.
Implement enhanced CDD procedures to verify the identities of customers.
Obtain additional information beyond the basic KYC requirements to ensure a thorough understanding of the customer's activities and sources of funds and wealth.
Ensure that you have effectively identified and mitigated all the associated risks in accordance with the regulator’s guidance.
⚡️ Transaction Monitoring and Suspicious Activity Reporting:
Utilize robust transaction monitoring systems to detect and analyze suspicious activities.
Implement real-time monitoring and analysis of transactions.
Establish clear protocols for reporting suspicious transactions to relevant authorities promptly.
Implement transaction monitoring systems that can handle the unique characteristics of cryptocurrencies and identify patterns indicative of suspicious activity.
Consider implementing AI tools such as machine learning to effectively detect suspicious transactions or transactions that may indicate the necessity for a change in the risk classifications of customers.
⚡️ Know Your Transaction (KYT):
Implement a "Know Your Transaction" framework to monitor the origin and destination of funds, as well as the associated risks.
Leverage blockchain analytics tools and services to trace the flow of funds and identify high-risk transactions.
Keep in mind that regulators across various jurisdictions may have different requirements for KYT tools that are acceptable.
⚡️ Collaboration and Information Sharing:
Foster collaboration with other crypto providers, financial institutions, and regulatory authorities to share information and intelligence on emerging AML risks and typologies if this is allowed by the regulatory authority.
Participate in industry forums and working groups dedicated to combating financial crimes in the crypto space.
⚡️ Training and Awareness:
Conduct regular AML training programs for employees to enhance their understanding of AML risks, regulatory obligations, and best practices.
Ensure employees are well-informed about the specific risks associated with cryptocurrencies and equipped with the necessary knowledge to identify and report suspicious activities.
⚡️ Compliance Programs Audits:
Regularly review and assess the effectiveness of your AML program through internal audits or external assessments.
Continuously monitor and reassess the effectiveness of your AML program in light of emerging risks and regulatory developments.
Stay informed about the evolving nature of crypto-related illicit activities and adjust your AML controls accordingly.
Taking into consideration the unique features of blockchain, the technology behind crypto, it is challenging to implement the same exact AML measures that are applicable to traditional financial institutions. However, we expect to see more global efforts and more innovative solutions to effectively mitigate the risk of abuse of the sector for criminal purposes.