Just prior to the recent crash, cryptocurrencies reached a combined global market capitalization of $3 trillion, up from approximately $14 billion in early November 2016. These are significant indications that the cryptocurrency market is expanding and growing, much faster than anticipated. However, given the anonymity, velocity, and borderless nature of cryptocurrencies, it also makes them highly vulnerable to potential offenders, who are seeking opportunities to siphon off their illicit funds – particularly across borders.
On the flip side though, the transparent nature of these transactions provides enforcement agencies with mechanisms to trace fund flows and track down the bad actors, as they carry out their investigations. However, crypto firms must still implement preventive and detective controls to ensure safeguard measures are in place to avoid such incidents in the first place. Regulators across the globe have raised concerns around lack of controls to detect illicit funds flowing through crypto firms. As a result, most regulators across the globe are now becoming extremely stringent, imposing hefty penalties on crypto service providers (or virtual asset service providers – VASPs). A recent case in point is a crypto exchange, which was fined $100 million for failure to comply with AML laws.
The risks that crypto firms face are not just limited to money laundering. They are also vulnerable to hacking and identity theft, market manipulation and fraud, cybercrime and ransomware attacks, and other related risks. Such vulnerabilities, if not controlled, can pose a significant threat to consumers, investors, and business partners of the crypto business. They must therefore take affirmative steps to reduce such risks and build long-term sustainable value for all their stakeholders.
For crypto firms to implement such measures is not going to be an easy task, given that they are mostly led by tech entrepreneurs, with limited experience in delivering regulated products / services. Like any other startup enterprise, they are stretched for resources and must ensure they meet their investor’s growth directive. Finally, as technology continues to evolve, new creations of cryptocurrency are likely to increase the difficulties in detecting illicit fund flows.
At the bare bones level, the crypto firms must have a system of internal controls designed to determine customer identity, assess customer risks, detect suspicious transactions and file regulatory reports diligently. Additionally, the financial crime compliance program must include appropriate risk-based procedures to conduct ongoing customer due-diligence. Also, they must not engage, directly or indirectly, with any sanctioned entity or individual, as designated by relevant regulatory authorities.
However, weaknesses have been observed and noted across a wide variety of issues. For instance, the US regulatory authorities have pointed out “AML-related deficiencies identified stem from three primary causes: inadequate customer due diligence, insufficient customer risk identification, and ineffective processes related to suspicious activity monitoring and reporting, including the timeliness and accuracy of regulatory filings”. Further, the ASEAN regulatory authorities identified lapses in the execution of name screening controls, which also included potential regulatory breaches.
Experience from our client engagements indicate most firms still rely on legacy rule-based systems, manual alert disposition models, and word-based due-diligence reports to identify suspicious activities. But with low-cost, high velocity and high volume-based transactions such systems would be ineffective. It’s time for crypto firms to leverage the strength of their technology to combat financial crime. Most leading firms are beginning to rely on AI and ML based models to categorize customers, classify alerts, implement perpetual kyc, or identify suspicious patterns. Some of these models might be at nascent stage but investment over time will help perform at 90% accuracy or even more. Until such performance is reached, it is advisable to let such models complement existing systems and capabilities.
The crypto firms must take affirmative steps to mitigate such risks. These risks are prominent and growing threats not just to the crypto business but to the society and to the economy, as well. The crypto entities must work towards adopting a detailed roadmap of actions that would ensure implementation of appropriate controls and strong governance mechanisms to address some of the long-standing vulnerabilities in their AML/CFT program (Anti-Money Laundering and Countering the financing of terrorism activities).
Once implemented, these actions will make the crypto firms safer and better positioned to develop long-term sustainable trust by preserving and enhancing the efficacy of their systems. As crypto firms and related financial innovations work towards making financial services more equitable through lower costs and easy access, they must also ensure affirmative steps are taken to protect their consumers, investors, and business partners from bad actors.