AML Handbook for Crypto Firms
Claim your practical, hands-on resource for financial compliance professionals working in crypto.
Download my copy todayAs the use of cryptocurrency becomes more widespread, cryptocurrency service providers must deal with a greater range of threats from money launderers that exploit the speed and anonymity associated with the online trade of virtual assets.
To buy and sell cryptocurrencies or virtual assets, users need access to online wallets and exchanges. These services facilitate high volumes of crypto transactions, allowing for the speedy transfer of assets and funds around the world, outside conventional banking and finance systems. That lack of regulatory oversight is attractive to money launderers, who often seek to convert illegal funds into cryptocurrency in order to avoid the AML checks imposed by traditional financial institutions. The scale of the threat is growing: research suggests that around $1 billion was laundered in crypto exchanges in 2018 and around $2.8 billion in 2019.
In response to the risks posed by cryptocurrency, the Financial Action Task Force (FATF) has conducted research into the characteristics of cryptocurrency money laundering. The research drew from previous FATF investigations into crimes involving virtual assets and from over 100 case studies contributed by jurisdictions across the FATF Global Network since 2017.
In 2020, FATF released a report about its findings: Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing. Intended to help both financial authorities and cryptocurrency wallet and exchange firms develop and implement their AML programs, the report set out the following virtual asset red flag indicators of money laundering activity:
While cryptocurrencies represent a new frontier on the money laundering landscape, traditional criminal strategies remain relevant. FATF found that the following types of transactional behavior, involving conventional means of payment, often indicated an attempt to launder money:
FATF case study example: Criminals used phishing to steal KRW 400 million from South Korean victims before exchanging that money for cryptocurrency as a layering method. The criminals then carried out multiple high-value transactions to transfer the funds to a foreign crypto wallet. The funds were ultimately passed through 48 accounts in an attempt to disguise their origin.
In some cases, patterns of unusual cryptocurrency transactions may indicate that money laundering is taking place. These patterns include:
FATF case study example: A securities firm spotted a foreign national making two separate transactions totaling $4.8 million between cryptocurrency accounts, within six minutes of each other, from a wallet hosted in the Cayman Islands. After submitting a suspicious transaction report, the accounts were frozen and the funds were discovered to have been illegally obtained.
Claim your practical, hands-on resource for financial compliance professionals working in crypto.
Download my copy todayThe technology that secures cryptocurrency wallets and exchanges against threats also increases the anonymity of customers using the services to trade and hinders oversight from authorities. Money laundering that exploits the anonymity associated with cryptocurrency services may exhibit the following red flags:
FATF case study example: The darknet P2P market AlphaBay was used to buy and sell a huge range of illegal goods, including drugs, forged documents and firearms. Over 200,000 users and 40,000 vendors conducted over $1 billion worth of transactions using numerous cryptocurrencies between 2015 and 2017 — until the US government took down the AlphaBay servers.
Unusual behavior from senders and recipients of cryptocurrency often serve as red flag indicators of money laundering in the following ways:
Account creation:
CDD irregularities:
Customer profiles:
Money mule behaviors:
FATF case study example: A bank received cryptocurrency assets from a local company, deposited by natural and legal persons, but could not obtain information on the origin of the funds. Upon further scrutiny, the bank found that the cryptocurrency funds were linked to organized crime.
The source of cryptocurrency funds may indicate their connection to illegal activities in the following ways:
FATF case study example: In 2019, the owners of the DeepDotWeb website were found to have been receiving kickbacks in the form of cryptocurrency for referring visitors to illegal darknet marketplaces. Amounting to over $15 million, the kickbacks were moved by DeepDotWeb owners through a series of Bitcoin wallets in an attempt to conceal their origin.
Criminals that move illegal funds around the world often seek to take advantage of jurisdictions with disparities or inadequacies in cryptocurrency regulation. Geographical red flag indicators of money laundering are as follows:
FATF case study example: In 2019, an unlicensed Bitcoin dealer was shut down by US authorities after using a US-based exchange to facilitate crypto trades for over $800,000 in premiums. The dealer then switched his activities to an exchange in Asia, purchasing $3.29 million in Bitcoin between 2015 and 2017 and importing his profits back into the US in small amounts to avoid reporting requirements.
Following FATF guidance and local legislation, crypto exchange AML programs should follow a risk-based model that reflects their threat landscape and regulatory environment. In practice, this means implementing measures to address traditional money laundering methodologies in conjunction with, and where relevant, the specific virtual assets red flag indicators set out by FATF in their report. Accordingly, a cryptocurrency AML compliance program should feature:
Uncover the essentials of building and scaling a crypto AML program and how to navigate regulatory change.
Download the full guideOriginally published 21 September 2020, updated 13 May 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).