Bank bosses can no longer bury their heads in the sand. Virtual currencies such as Bitcoin are becoming mainstream and many traditional banking customers are transacting with cryptocurrency exchanges. The institutions must ensure robust anti-money laundering (AML) and counterterrorist financing (CTF) regimes in this area to avoid deep fines and potential jail time for executives.
Financial firms have started to respond, with a welcome fall in use of high-risk crypto exchanges in 2020. But there is still a woeful compliance gap in thousands of institutions, say experts.
Regulators have their work cut out too. In some areas such as Europe and the US, rule makers are catching up with crypto criminals. But regulatory schemes in other countries still vary widely in maturity and sophistication, allowing launderers and terrorists to exploit gaps.
A report by CipherTrace said even robust regulatory regimes are still inadequate in some areas, such as money laundering through crypto-to-crypto exchanges and privacy coins.
Avoiding High-risk Exchanges
The volume of Bitcoin sent to high-risk exchanges known for money laundering fell from over 4% in 2016 to a record low of just under 1% in 2020, said CipherTrace. The amount received from high-risk exchanges also fell by 59% in 2020.
This is a welcome reaction to previous dramatic rises in use of high-risk exchanges. But the war is far from won.
CipherTrace said its investigators continue to see more centralized, mainstream exchanges receiving illicit funds, often through ‘mixers’ - companies that break crypto transactions into smaller pieces to shield owners’ identities. US exchanges still received $8.4 million worth of Bitcoin directly from criminal addresses in 2020 and sent $41.2 million worth to criminal addresses. These transactions should have been tracked and stopped by AML software, said CipherTrace.
Most criminals do not transact directly through their criminally linked addresses, so these estimates are probably only a small proportion of actual illicit volumes.
Money laundering in cryptos is harder to police than fiat currencies as virtual assets allow instant, pseudonymized transmission of value around the world. 84% of Bitcoin movement between exchanges was cross-border last year, with high percentages going to exchanges with weak know your customer (KYC) controls.
CTF processes cannot make life easier for themselves by filtering out smaller transactions as it only takes a few hundred dollars’ worth of crypto to finance a large terrorist attack.
With over 7,000 virtual currencies in circulation, cryptos continue to be an appealing target for terrorists and money launderers who can constantly look for ways to exploit market complexity without detection.
But law enforcers are undeterred. Thorough investigations, supported by technology such as blockchain analytics, helped foil a long list of money laundering and terrorist financing networks in 2020.
These include the US Department of Justice seizing $2 million in cryptocurrency from terrorist groups, including al-Qaeda and Isis; and French law enforcers arresting 29 suspected Al-Qaeda affiliates who used cryptos.
In January 2020, enforcers issued the first crypto-related legal action against a US-based bank - MY Safra - for failing to vet virtual asset customers fully. In October, enforcers charged executives of BitMex exchange with failing to maintain an adequate AML program under Banking Secrecy Act (BSA) rules. They could face jail sentences and big fines.
In one of the biggest cases against an anonymising service, authorities arrested the boss of mixer Helix for partnering with AlphaBay, which was known for illegal activities.
Ramping Up Regulation
Regulators have been busy beefing up rules in the last year as well.
In June, the Financial Action Task Force (FATF) published a report on virtual asset red flag indicators to help providers apply a risk-based approach to customer due diligence.
The European Union’s 5th Anti-Money Laundering Directive (5AMLD) introduced tough new KYC and transparency requirements for crypto players.
Some Europe-based crypto businesses ceased operations or moved outside the EU, citing the onerous nature of these requirements – even though all the technology they need to comply quickly and cost-effectively is readily available.
The Financial Crimes Enforcement Network (FinCEN) continues to revise and strengthen the BSA to keep up with the rapid adoption of cryptos. In 2019, FinCEN included anonymizing services within the act’s AML and CTF regulations, alongside virtual currency administrators and exchanges.
In December 2020, FinCEN also proposed recording requirements for transactions through wallets not hosted by a financial institution. In 2020, 40% of all bitcoin transactions went to ‘unhosted’ private wallets rather than exchanges. FinCEN also proposed a reduction in the transaction threshold - from $3,000 to $250 - for reporting requirements on international crypto payments. This is expected to add considerably to the regulatory burden for crypto exchanges. FinCEN’s proposals are likely to take effect in the first half of 2021.
Another inherent challenge with cryptos is the large and growing amount locked in decentralized exchanges, making it potentially harder for institutions to conduct due diligence on counterparties. Previously, banks have tried to avoid dealing with cryptos to reduce the compliance burden. But in an online discussion on AML RightSource, Stephen Ryan, founder and chief operating officer of CipherTrace, said this is no longer possible as all institutions now have some customers who transact with crypto providers.
”We encourage institutions to get some data on your clients - when you find out 25% of them are transacting with crypto entities, will you drop those clients?“ he said. ”Instead, you should figure out some crypto strategies.”
Joseph Seibert, group director of Signature Bank, added that banks can work compliantly in the crypto market - if they invest in sufficient human and technological resources. Banks should also collaborate to help each other understand the patterns of crypto transactions, he said.