Crypto laundering - Money laundering through cryptocurrency exchanges

The rise of blockchain technology has facilitated the spread of cryptocurrencies and other types of crypto assets. Secured by cryptographic algorithms and circulated without any need for a central bank authority, cryptocurrencies have disrupted traditional financial systems and are traded widely on exchange platforms in jurisdictions all over the world. However, the disruptive presence of cryptocurrency has also increased the potential for criminals to misuse the technology and conduct crypto laundering, evading conventional anti-money laundering controls. 

In 2019, criminals laundered around $2.8 billion in Bitcoin through cryptocurrency exchanges, an increase of around $1.8 billion from 2018. The crypto laundering trend has prompted a response from global regulators that have moved to bring cryptocurrencies under the scope of existing anti-money laundering regulations or introduced new AML/CFT laws applicable to cryptocurrency service providers. 

In order to detect and prevent crypto laundering, crypto exchange service providers must understand the criminal risks they face, and how to implement a suitable AML/CFT solution to operate in compliance with the relevant jurisdictional regulations. 

How is crypto laundering possible?

Cryptocurrencies represent an attractive option to money launderers because of the anonymity they provide and the speed with which they can be transferred between users via exchanges. 

Money laundering with fiat currencies requires customers to create accounts with banks (and other financial service providers) by submitting personal identifying information – money launderers then use the banks’ infrastructure to conduct transactions, transferring illegal funds into and out of the financial system in an attempt to disguise their origin. By contrast, for crypto laundering, cryptocurrency exchange users do not have to identify themselves to the same extent or use regulated banking infrastructure to move their funds. Cryptocurrency transactions require only the unique addresses of users’ crypto wallets and take place directly between senders and recipients anywhere in the world with no need for scrutiny by a centralized authority or intermediary administration.

Similarly, there is no codified paper trail of cryptocurrency transactions – other than a cryptographically secured record on the blockchain. While cryptocurrency exchange platforms involve a certain level of customer identification and record-keeping, regulatory standards for these platforms are inconsistent and often inadequate, and criminals still benefit from the anonymity and speed associated with the online transfer of funds. 

Since cryptocurrency transactions occur digitally, money launderers can also move larger volumes of illegal funds into and out of the financial system quickly, often outpacing the AML measures put in place by authorities. 

The specific benefits of crypto laundering exchanges for money laundering methodologies are as follows:

• User identities: Cryptocurrency transactions are cryptographically secured and are identifiable only through a user’s exchange account or crypto wallet address. While crypto exchanges and wallet service providers require customers to provide identifying information, it is possible to add additional layers of security to transactions via tumbler and mixing services. 
• Transaction speeds: Cryptocurrency transactions take place quickly and, in some cases, in a matter of seconds, offering money launderers a greater level of efficiency than fiat currencies and the possibility of disguising funds before they are detected by AML controls. 
• Structured deposits: Money launderers may use cryptocurrency exchange services to make multiple structured deposits of illegal funds in amounts that avoid triggering AML reporting thresholds. 

What are the red flags of crypto laundering?

In order to detect and prevent money laundering, cryptocurrency service providers should be vigilant for suspicious transactions and suspicious customer behavior. In 2020, the Financial Action Task Force (FATF) released a report into the methodologies of crypto laundering, which set out the following red flag indicators:

• Transactional behavior: Certain transaction types and patterns of transaction are indicative of money laundering, including multiple transactions in small amounts, transactions that don’t fit a customer’s risk or wealth profile, regular transactions that result in frequent losses, or frequent transactions of fiat to crypto currencies with no obvious business explanation. 
• Customer identity: Issues arising from customer identification measures often indicate attempts to exploit the anonymity benefits of cryptocurrency. Examples of red flag behavior include multiple exchange accounts controlled from the same IP address, discrepancies in identifying documents during account creation, and frequent changes in identifying information. 
• Money muling: Money launderers may seek to get third parties (money mules) to conduct cryptocurrency transactions on their behalf in order to avoid AML controls. Customers that make deposits that are inconsistent with their wealth profile or that are not familiar with the financial products they are using may be being used as money mules.
• Funding sources: Cryptocurrency exchange service providers should scrutinize the sources of cryptocurrency funds for indications that money laundering is taking place. Funds that come from sources linked to illegal activities, darknet sites, sites with inadequate AML controls, and from sites located in countries known to present a high AML risk, may be considered red flags.

AML crypto compliance

While crypto laundering is a relatively new methodology, global regulators have been taking steps to introduce dedicated crypto AML measures. In the EU, for example, the Anti-Money Laundering Directives (AMLD) extend the scope of AML/CFT record-keeping and reporting obligations to cryptocurrency transactions while in Singapore, the MAS Omnibus Act imposes AML/CFT controls on cryptocurrency service providers. In the United States, FINCEN recently set out proposals for dedicated Know Your Customer (KYC) AML measures for cryptocurrency service providers. 

With new regulations on the horizon, crypto exchanges and other financial institutions must consider their compliance approach to cryptocurrency services and the effectiveness of their AML solutions. Following FATF guidance firms should seek to implement a risk-based cryptocurrency AML compliance solution, featuring the following measures and controls: 

• Customer due diligence: Crypto service providers must establish and verify the identity of their customers accurately. In a cryptocurrency service context, it may be necessary to use digital identification methods, including scans of official documentation or biometric IDs such as fingerprints, face, or voice recognition. 
• Transaction monitoring: Firms must be able to monitor customers’ cryptocurrency transactions for suspicious activity and red flags. Given the considerable digital activity associated with crypto transactions, firms should seek to implement automated monitoring technology to capture the necessary data. 
• PEP screening: Politically exposed persons (PEP) pose a greater AML risk than other customers. Cryptocurrency firms should screen their customers regularly to establish their PEP status and inform their AML risk profiles.  
• Sanctions screening: Persons featured on international sanctions lists may use crypto laundering to avoid sanctions measures. Accordingly, crypto service providers must screen their customers against the relevant international sanctions lists.
• Adverse media: Customers that are involved in illegal activities may be the subject of adverse media. Cryptocurrency firms should screen for adverse media on traditional screen and print sources and digital outlets.