Addressing the AML risks of cryptocurrencies
With the recent explosion in cryptocurrencies, from the early beginnings of Bitcoin back in 2009 through to J.P. Morgan testing their own digital coins for institutional clients in 2019, there still remains serious unanswered questions about the money laundering risks they bring to banks, consumers and regulators.
Ciphertrace’s ‘Q2 2019 Cryptocurrency Anti-Money Laundering Report’ make some stark revelations. It claims that theft, scams and other forms of misappropriation of funds “from cryptocurrency users and exchanges netted criminals and fraudsters approximately $4.26 billion in aggregate.” With the emergent growth of any financial services industry there often comes the risk of both data security breaches and more serious crime. Despite their robust security claims, cryptocurrencies and blockchain aren’t immune as there will also be miscreants who will want to abuse the system.
The cryptocurrency, blockchain tracing and security solution provider, Ciphertrace therefore adds: “The dynamic evolution of cryptocurrency related business activities presents increased anti-money laundering (AML) risks to compliance departments at banks globally.” A September 2019 report by advisory and consulting firm EY, ‘Cryptocurrencies: AML due diligence requirements from a Swiss banking perspective’ concurs with this view. However, in its introduction it reveals that many banks remain wary of offering their clients the opportunity to open crypto-banks accounts.
EY also finds that “while some banks are still hesitant, others are already onboarding cryptocurrency clients under the condition that strict legal and regulatory requirements are fully complied with.” In essence the report accepts that cryptocurrencies, which have to date existed outside of the regulated financial system, are challenging for banks. Consequently, it says that their growing market size adoption has “given rise to new risks and opened new means by which undetected criminal activity can be facilitated.”
The report adds: “There is a risk that cryptocurrencies could be misused for money laundering and terrorist financing. The vulnerabilities relate primarily to the difficulty of identifying the beneficial owners of cryptocurrencies in individual wallets. Therefore, banks have to perform strict due diligence processes before accepting new clients.”
Few innocent investor protections
Dr Stephen Castell, an independent FinTech consultant, admits that there are few innocent investor protections to fall back on: “This is essentially the case worldwide today, and it looks like it will continue that way for the foreseeable future.”
He reminds us that there is a need to keep everything in perspective, suggesting that “the actual, and potential, total global ‘crypto’ business for banks and other financial institutions is tiny – in the less than 1% area.” So, with the increased anti-money laundering (AML) risks associated with blockchains and cryptocurrencies, he believes it’s right for the compliance departments of banks to proceed cautiously, if at all.
Stopping money laundering
Brian Robinson, J.D., Senior Managing Advisor at Innovative Regulatory Risk Advisors, comments: “The traditional activities used to launder money (Placement, Layering and Integration) are basically the same, but the method to deploy them has changed. I have listed some of the methods used to launder money using crypto:
- Money service businesses that utilize virtual currencies
- Online video gaming payment portals
- Securities trading using virtual currency
- Reusable debit cards
- Investor conspiracies with bad actors
- Virtual theft and hacking
- PEP bribery and Initial Coin Offerings (ICOs)
He says that it may be impossible to stop money laundering just using technology. However, despite this claim he believes that technologies such as blockchain applications “will enhance the ability of law enforcement and regulators to investigate, enforce and develop more sound regulations and practices to protect the public.”
In essence, while some banks are exploring blockchain and cryptocurrencies as a potential market opportunity, they don’t quite yet fit into the traditional regulatory frameworks created by the world’s jurisdictions. One such regulatory framework, for example, would be the European Union’s second Payment Services Directive (PSD2). Another would be the 5th Anti-Money Laundering Directive (5AMLD), which effectively brings the EU in line with cryptocurrency measures introduced in the United States several years ago.
Robinson adds that New York State’s Department of Financial Services “has led the way in the development of key regulations to help reduce risks around banks dealing with cryptos.” The State requires anyone involved in virtual currency business activity to have a BitLicense in accordance with the New York Codes Rules and Regulations (NYCRR) 23, 200.3(a).
Even social media giants such as Facebook are finding the cryptocurrency landscape challenging, and much of this is because of the need to comply with traditional KYC and AML regulations. Its cryptocurrency, Libra, is facing a number of hurdles to the extent that payments giant PayPal has dropped out of the project. The company first joined it in June 2019, but regulators have been highly critical of it, to the extent that PayPal has decided to focus on its core business. It nevertheless confirms that it is supportive of Libra’s aspirations.
Castell comments: “If Facebook, or anyone, is purporting to promote to the general public anything that is a digital asset, coin, or investment instrument, they will naturally fall under AML and KYC international regulatory requirements – and also, increasingly, GDPR strictures”.
So, no matter who you are, KYC and AML regulations are fundamental to modern payments systems. Robinson admits that while Facebook and other large institutions are planning to roll out their own digital coins, the basis upon which they will be able to operate will be the current laws and regulations that “guide AML and KYC processes, and these will always be critical to the success or failure of those products.” Something therefore has to change to achieve regulatory compliance.