What are AML and CTF Regulations?

Anti-money laundering (AML) and counter-terrorism financing (CTF) regulations exist to prevent criminal activity within the financial system. The Financial Action Task Force, FATF, requires that businesses have procedures in place to prevent money laundering and terrorism financing – and these checks must be completed any time a new business relationship is established.

The KYC process involves collecting information on a potential customer, such as their name, date of birth, and proof of address, to validate their identity. Organizations must perform sanctions lists and PEP screenings to ensure that the people they are establishing a relationship with are not prohibited from conducting business in their country.

What is Cryptocurrency?

For something to be considered a currency, it has to be dividable, portable, recognizable, and durable.

When you think of the cash or credit that we use daily, you are thinking of a fiat currency. These currencies are backed by the full faith and credit of the government that issues it and is generally controlled by a national bank. The government has the authority to regulate how much currency is in circulation and can insure deposits in the case of bank failures.

A cryptocurrency is quite different – it is not controlled by a central authority and exists as a digital currency that is created and managed by blockchain technology. Blockchain uses advanced encryption to independently verify every transaction that occurs, thus promoting increased security, safety, and anonymity.

Bitcoin is generally considered to be the first and most widely used cryptocurrency in the world.

Implications for Cryptocurrency Businesses

As cryptocurrency began to experience rapid growth, so did the concern that it would be used as a conduit for money laundering and terrorist financing. Since transactions can be completed anonymously, criminal organizations have the opportunity to use this to their advantage.

Similarly, since cryptocurrency grew so quickly it developed without an underlying framework for fulfilling AML obligations – making it the first choice for those who wished to carry out illegal activities.

A report issued by CipherTrace found that by the third quarter of 2019, cryptocurrency-related fraud and scams exceeded a staggering $4.4 billion. This caught the attention of regulators, and they quickly moved to put regulations in place to prevent this.

The travel rule requires cryptocurrency firms to verify consumer identities, identify the original parties involved in transactions over $3,000, and relay that information to any existing counterparties. This rule has technically been in place since 2013, but the Financial Crimes Enforcement Network (FinCen) issued a notice in late 2019 stating that they would be strictly enforcing it.

Before this, many cryptocurrency businesses argued that digital currencies were not classified as money and therefore the travel rule did not apply to them.

In June of 2019, the Financial Action Task Force took this a step further and issued recommendations for cryptocurrency regulations and how they could implement a risk-based approach to monitor virtual assets. These new guidelines require that virtual asset service providers, or cryptocurrency businesses, apply KYC procedures just like any other financial institution must.

The goal of these guidelines is to keep funds related to terrorism and other crimes away from the cryptocurrency industry, as well as to ensure that virtual asset transactions are transparent.

AML and CTF Regulations for Cryptocurrencies

The primary obligation of AML compliance programs in the cryptocurrency space is to follow a risk-based approach to conducting business with individuals. The process must be seamless from start to finish and be run by a qualified compliance officer to achieve this goal. Failure to do so will result in serious fines and sanctions.

In addition to the threat of fines, failure to establish KYC and AML processes will prevent cryptocurrencies from gaining widespread acceptance and appreciating in value. Major banks and legitimate businesses will not be willing to accept cryptocurrency unless it is regulated like traditional currencies.

Businesses involved with cryptocurrencies need to put procedures in place to determine which customers are allowed to use their platforms, and in what amounts. The exchange that facilitates the trading of cryptocurrency must confirm that a potential customer meets these requirements and must also continuously monitor transactions so that they can report suspicious activity.

Examples of KYC Processes in Cryptocurrency Businesses

Although cryptocurrency businesses grew so rapidly that they did not develop foundations initially for a structured KYC process, these organizations have had to adapt to make sure that they are established. This has been primarily driven by regulatory requirements, but also because of things like cybersecurity.

In May of 2019, hackers stole about $40 million worth of bitcoins from Binance. This security breach led their founder and CEO to announce that they would update security and significantly enhance their KYC measures.

In general, cryptocurrency AML procedures involve a customer acceptance policy, a customer identification program, continuous transaction monitoring, and risk management protocols to identify and report suspicious activity.

Kraken is a bitcoin exchange platform that incorporates several tiers into its verification system. The verification requirements change depending on what users intend to use their account for, and certain tiers require additional proof of identity like a valid ID. All membership tiers require the confirmation of information like name, birth date, and physical address.

Coinbase is another cryptocurrency exchange that has successfully implemented KYC procedures into their onboarding process. To open an account, you only need your full name and an email, but if you want to buy or sell bitcoins, you must take further steps to verify your identity. Coinbase is utilizing a digital identity solution through Jumio that allows them to meet regulatory obligations while still providing a seamless experience for their customers. They even hired a former New York Stock Exchange executive to build their trade surveillance program.

BitMEX announced in August 2020 that it is rolling out a new KYC program at the end of the month and requires all users to submit their personal information to the exchange by February 2021.