AML Guide for the Cryptocurrency Industry

The New Risks posed by Crypto

As cryptocurrency continues to evolve, it is clear that it has given rise to a new way for criminals to use technology for money laundering and terrorist financing. Since currency exchanges happen virtually and anonymously, it is very easy for them to cover their tracks - creating an appealing opportunity for them to transfer illicit funds. 

Cryptocurrency also has created new ways to fund terrorism since transferring laundered funds across borders is now as simple as the click of a button. It is also very cheap to transfer funds internationally, making it an appealing alternative for criminals over the traditional banking system.

To combat this growing problem, regulators around the world are tightening restrictions and implementing regulations to ensure anti-money laundering procedures are in place as required. A robust AML program allows organizations to prevent and detect illegal activities and reduce the occurrence of financial crimes.

Understanding AML Regulations

In 2019, the Financial Action Task Force, or FATF, issued guidance regarding AML regulations for virtual asset providers. They require that they apply a risk-based approach and implement an AML process, just like any other financial institution is required to do. 

The goal of these regulations is to encourage transparency within the virtual transaction world and minimize the ability of criminals to use cryptocurrency exchanges for money laundering and terrorist financing. 

Here are some of the operational aspects that crypto and fintech companies must implement to remain compliant with AML regulations:

‍

‍

Registration Requirements

Companies in this industry are required to register with the applicable regulatory authority such as the FCA, the Financial Conduct Authority, in the UK. These organizations are subject to all of the anti-money laundering directives published by the authorities in the European Union. 

In the US, cryptocurrency exchanges are governed by FinCEN, so firms that operate in the country must register with them. They must also comply with all of the laws detailed in the Bank Secrecy Act.  

Customer Identification Programs

Cryptocurrency exchanges and virtual wallet providers must implement a customer identification program, or CIP, that allows them to verify a customer's identity. They must obtain information such as their name, address, date of birth, and other relevant data to certify that they are who they say they are.  

Transaction Monitoring

Like banks and other financial institutions, fintech companies must have an ongoing process in place to monitor transactions. This will allow them to identify and report suspicious activity to the appropriate authorities. 

Similarly, a currency transaction report – CTR - must be filed for any transaction that exceeds $10,000. If it appears that a customer is trying to avoid this reporting by making subsequent withdrawals just under the threshold, a suspicious activity report should be filed as well.  

FATF also requires that virtual asset providers collect, store, and report information on any transaction exceeding $1,000 by a single individual in a day.

Implementing a KYC Process

A know your customer process, commonly shortened to KYC, is one of the most important foundations for a successful AML program. Crypto companies must verify and collect a customer's personal identifiable information (PII) just like any other financial institution is required to.

This includes their complete legal name, address, and date of birth. The information that is collected should be verified against government-issued documentation like a driver's license or passport. 

Once you have verified their identity, fintech companies must perform PEP and sanction screenings to gain a better understanding of each client's level of risk.

A PEP is a politically exposed person who either holds public office or can influence the general public. Due to their status, these individuals pose a greater risk of corruption and money laundering. 

Sanctions screenings will verify that somebody is not a known terrorist and confirm that they are not banned from conducting certain types of financial transactions in your country.

Virtual Assets and the Risk-Based Approach

Based on the information collected in the know your customer process, cryptocurrency exchanges and virtual wallet providers must implement a risk-based approach when it comes to AML procedures. 

They should be able to identify which individuals pose a higher risk for involvement in financial crimes and illegal activities, and as a result, have additional monitoring and verification measures applied to them. 

The same manner of thinking should be reflected in riskier transactions. Tools and technology should be put into place to flag suspicious activity or unusual transactions that could indicate the occurrence of money laundering or terrorist financing.

The Future of AML for Crypto

There is no doubt that the growth in virtual currencies is going to continue, and the AML legislation surrounding it will continue to adapt as well. Failure to comply with any of the regulations discussed above could lead to significant fines, penalties, and other sanctions that would pose as a major detriment to a fintech cryptocurrency organization. 

For crypto companies to reach a level of mass adoption that allows their business to take off, there needs to be a fundamental trust built with both customers and regulatory authorities. Implementing AML frameworks can help minimize their risk of financial crime and encourage the general public to feel that they are working with a legitimate business.  

Know your customer procedures and other due diligence measures demonstrate trustworthiness and will encourage further growth in the sector. At the same time, verifying the identity of users and relying on a risk-based approach will also help to separate criminals from legitimate customers.


Photo by Viktor Forgacs on Unsplash