Crypto regulations impacting most financial institutions
Despite crypto regulations still varying from country to country, there is a clear global trend towards regulation of the crypto space, with important repercussions for financial institutions.
In the EU, to mitigate the risks related to the anonymity of cryptocurrency exchanges and wallet providers, AMLD 5 requires member states to bring cryptocurrency into their national AML regimes as of January 2020. In the US, FinCEN holds financial institutions responsible for identifying and reporting suspicious activity concerning how bad actors exploit virtual currencies for money laundering, sanctions evasion, and other illicit financing purposes.
Hidden risk and growing exposure
Most importantly, as the worlds of traditional finance and crypto become increasingly intertwined, these requirements impact all financial institutions, even those which do not directly buy, sell, provide custody, or have established virtual currency exchanges as customers. This exposure is primarily driven by customers seeking fiat for crypto off-ramps. Extensive research by CipherTrace uncovered individuals operating illicit crypto money service businesses (MSBs) at eight out of 10 US retail banks [Q4 2019 Crypto AML Report].
These illegal MSBs use their bank accounts as conduits for accepting cash payments in exchange for crypto to support the illicit fiat for crypto trade, with preferred methods of exchange being simple wire transfers and walkup cash deposits. As a result, many banks may unwittingly be processing illegal transactions—for example, CipherTrace also discovered that a typical large US bank processes over $2 billion annually in undetected cryptocurrency-related transfers [Q4 2019 Crypto AML Report].
Financial institutions therefore need to understand their crypto counterparty exposure to credit cards, debit cards, ACH, wire, and SWIFT transfers.
Legitimate virtual asset service providers remain a risk
While new regulations have helped to make the virtual asset economy safer, some virtual asset service providers (VASPs) continue to lack the proper AML and KYC controls to successfully detect and mitigate money laundering and terrorism financing. By analyzing and probing the Know Your Customer (KYC) processes of over 800 VASPs in over 80 countries, CipherTrace has found that 56% of VASPs globally had weak or porous KYC processes [Geographic Risk Report: KYC By Jurisdiction]. These deficient protocols can be exploited by criminals and other bad actors to launder ill-gotten virtual assets through exchanges operating as fiat off-ramps.
Exchanges operating as direct fiat off-ramps create cryptocurrency risk exposure to both the crypto exchange’s bank and receiving user’s banks. Exchange customers sell their crypto on the exchange’s platform for traditional currencies, which is sent to their bank account from the account at the cryptocurrency exchange’s bank via ACH or wire transfer. While the two banks aren’t directly trading cryptocurrency with each other, the value being sent represents the sale of cryptocurrency. Both banks must rely on the virtual currency exchange’s AML program to adequately address any risk that may arise from the source of crypto assets being traded.
FinCEN tells banks to monitor crypto-related transactions
Many banks still find themselves ill-equipped to identify and monitor cryptocurrency-related payments. Apart from the standard AML and KYC procedures a financial institution might have in place, it is imperative for banks to understand their cryptocurrency laundering risk exposure and provide proper crypto-related training to the appropriate staff. Banks currently have a number of advanced tools and methods for risk management and AML/CTF compliance for conventional payments, but are left exposed to risk when it comes to virtual currencies that use traditional payment systems.
CipherTrace uses its expertise in blockchain, cryptocurrency and crypto AML to give banks the tools and training they need to combat these compliance risks. In a key-note address at the virtual 2020 ACAMS Las Vegas Conference, FinCEN Director Kenneth Blanco clarified a long-standing confusion banks have had regarding their exposure to cryptocurrencies, stating: “To be clear, exchanges are not the only ones with crypto risk exposure. These risks are not unique to money services businesses or virtual currency exchangers; banks must be thinking about their crypto exposure as well. These are areas your examiners, and FinCEN, will ask you about when assessing the effectiveness of your AML program.”
As more mainstream consumer and institutional investors embrace cryptocurrencies, it becomes increasingly difficult, if not impossible, for traditional financial institutions to avoid entanglements with the crypto economy. Financial institutions must take action to safeguard themselves from regulatory action, writes John Jefferies, Chief Financial Analyst at CipherTrace in this guest blog