Cryptocurrency adoption continues, and it appears that few things can slow it down. Alongside this, crypto crime and money laundering appear to be growing synonymously. However, the adoption of Anti Money Laundering crypto regulations remains slow. This guide looks at where cryptocurrencies lie in the world of money laundering and what businesses can do to detect and prevent crypto money laundering.
The crypto money laundering problem
A projection published by Nasdaq shows that the current Bitcoin adoption rate has been outpacing the internet’s user growth rate. As a result, Bitcoin, the world’s most valuable cryptocurrency, is forecast to hit the billion-user mark nearly two times faster than the internet did.
On the other hand, criminals laundered an estimated $2.8 billion through crypto exchanges in 2019, and the illegal activity continues to this day. Cryptocurrency exchanges are continually used to funnel illicit funds, facilitate tax evasion, and abuse the financial system.
To meet regulatory compliance with AML legislation, cryptocurrency platforms must adhere to Financial law enforcement agencies, such as FinCEN and the Internal Revenue Service (IRS) in America. In order to do this, crypto exchanges must perform an AML compliance strategy, including a thorough Identity Verification (IDV), Customer Due Diligence (CDD), and ongoing monitoring, including transaction monitoring.
Crypto Money Laundering and KYC
These processes form the basis of a rigorous Know Your Customer (KYC) strategy, which is vital when performing ongoing AML processes. KYC solutions exist to bear the burden of compliance with regulatory bodies and prevent financial crime. Part of the KYC process involves verifying the legitimacy of customers’ financial accounts to prevent the storage of illicit funds.
These illicit developments are creating an urgency for tighter AML and KYC requirements that comply with international standards, like the Bank Secrecy Act and FinCEN’s Travel Rule. For more information on the travel rule and crypto money laundering, read The Crypto Travel Rule: The Need for AML Compliance Software.
On July 13, British police announced they had confiscated around $250 million worth of cryptocurrency involved in an ongoing money-laundering operation. This made it one of the largest-ever crypto seizures. It followed a $160 million crypto confiscation made just three weeks prior.
But why is cryptocurrency attractive to criminals?
Compared to traditional financial institutions, cryptocurrencies are decentralized and have low barriers to entry. Their anonymous nature makes them convenient and easy to transfer across international borders, making them a common choice when committing financial crimes.
There is good news, however. Anti-Money Laundering (AML) regulations are becoming more efficient in tackling this issue. Less than 1% of all crypto transactions today are estimated to relate to illegal activity, compared to 35% in 2012. A large part of that decrease has to do with businesses becoming compliant with AML regulations and learning how to spot money laundering crypto red flags.
Crypto Anti-Money Laundering Policies
The Financial Action Task Force (FATF) and the EU now include crypto businesses in their guidelines, along with other traditional financial institutions. This means that European and non-European members alike require crypto businesses to comply with AML standards. Failure to do so could result in fines, sanctions, or jail time.
To know whether your business is affected, check if your country has transposed FATF regulations into its national laws.
Crypto money laundering red flags to look for
Criminals use many strategies to launder their money with cryptocurrency, the most predominant vehicle in the industry are cryptocurrency exchanges. Part of monitoring for AML red flags involves being vigilant against signs of identity theft, as it’s a prevalent method used in financial crimes to launder money. While a single red flag may not be enough to determine criminal activity, several red flags detected in combination should trigger further action.
According to the latest FATF report from 2020, here are five common red flags that crypto businesses need to look out for:
- Unusual transaction patterns
- Geographical risks
- Suspicious user profiles
- Anonymity
- Source of funds
Unusual transaction patterns
Irregular patterns relating to the size, frequency, or type of crypto transactions may be red flags pointing to money laundering activity, including:
- Customers making several high-value transfers within a short amount of time, such as a 24-hr period
- Structuring transaction amounts to fall below reporting thresholds
- Depositing funds into accounts with previously identified stolen currency
- Transferring crypto to service providers located in areas with low regulation standards
- Frequent large-value transfers from multiple accounts into a single account
- Immediate withdrawal of deposits without any transaction history, especially when large sums are emptied from newly opened accounts.
- Converting crypto deposits into numerous currencies with a high amount of incurred fees, even exchanging at a loss
- Converting substantial sums of fiat currency into crypto without a reasonable business premise
Geographical risks
Criminals involved in money laundering exploit countries with weak regulations involving digital assets. So be on the lookout for:
- Crypto funds are transferred to exchanges or service providers located in regions with inadequate or non-existent AML regulations
- Customers sending or receive funds from exchanges located in other countries than the one the customer lives or operates in
- Customers that establish business addresses in countries that do not have Suspicious Activity Reports up to FATF standards
Anonymity
Cryptocurrency uses advanced technology to ensure that users and exchanges are secure from data breaches. However, this also makes it difficult for regulators to detect fraudulent activity or which cryptocurrency transactions might contain illicit funds. Still, there are red-flag indicators that can lead investigators in the right direction:
- Customers who move funds from public blockchains to exchanges where the funds are immediately converted into privacy coins
- Unlicensed customers who act as crypto service providers
- Users who regularly conduct high-value transactions on peer-to-peer (P2P) crypto exchanges, especially unlicensed ones
- Frequent or high-volume transactions on platforms that offer crypto mixing services to disguise the origin of the funds
- Customers who frequently conduct high-value transactions on platforms that fail to comply with international standards of know-your-customer (KYC) or customer due diligence (CDD) procedures
- Multiple transactions involving crypto ATMs, often located in areas with known financial crime risks
- Usage of proxies or other services intended to disguise IP addresses and domain names when registering for an exchange
Suspicious user behavior
Businesses should intercept customers with insufficient or forged identification documents at the KYC stage. In addition, there are different types of suspicious behavior that companies should mark as money laundering activities and red flags:
- Transactions originating from untrustworthy IP addresses or domains that differ from the country the customer operates or resides in
- Multiple crypto wallets that are controlled by the same IP address
- Regular use of cryptocurrencies linked to fraudulent behavior or Ponzi schemes
- Customers who often change their contact and identification information
- Customers using multiple IP addresses to conduct transactions or access crypto platforms
- Customers who often transact with the same senders or receivers, resulting in significant gains or losses, could be flagged as illicit addresses
- Senders who do not possess a working understanding of cryptocurrency (including but not limited to the elderly) yet still conduct regular or high-value transactions
- Customers making substantial cryptocurrency purchases beyond their established financial means
Source of funds
Funding sources can identify many money-laundering operations. For example, any of the following should raise a red flag:
- Funds involving accounts linked to known illicit actors and illegitimate operations such as fraud, ransomware, extortion, darknet markets, or illegal gambling sites
- Crypto wallets connected to several credit cards that withdraw sizeable sums of fiat currency
- Funds sourced from initial coin offerings (ICOs) that may be fraudulent, third-party mixing services, or platforms that do not comply with AML standards
- Substantial deposits that are converted directly into privacy coins or withdrawn into a different fiat currency
How can Crypto Exchanges Apply Crypto Money Laundering Knowledge?
What’s next once your business is familiar with the various Anti-Money Laundering (AML) red flags?
Prevention is better than a cure. Suppose a compliant exchange has implemented an appropriate risk-based approach. In that case, it’s already on the path to addressing money laundering threats by using a FATF-recommended methodology.
Additionally, any crypto business compliance program should include the following features:
- A robust CDD process to identify customers and assign them to their associated risk categories
- Sanctions screening to ensure conformity with updated lists regarding international sanctions and politically exposed persons (PEPs)
- Adverse media monitoring of customers who feature in negative news reports
- A powerful AI suspicious behavior detection engine to root out bad actors
- Cutting-edge biometric identification screening
- Advanced linguistic and phonetic-based KYC/AML checks
ComplyCube’s cloud SaaS platform can help Crypto businesses automate these AML and KYC workflows. It includes a flexible set of tools and APIs to address the issues listed above and offers customers a frictionless experience that builds user trust.
With cryptocurrency’s continued rise, the opportunity for criminals to misuse it will grow as well. Therefore, crypto businesses must implement a state-of-the-art KYC platform capable of handling the user verification process to shift focus back to their core business.
