Best practices for monitoring virtual currency-related transactions at your bank
Existing FinCEN regulations clearly state that it is the responsibility of all financial institutions to identify and report suspicious activity related to the exploitation of CVCs by criminals and other malicious actors for money laundering, sanction evasion and other illegal funding purposes. These requirements apply to all financial institutions, even if those financial institutions do not directly buy, sell, hold or have virtual wallets as customers. However, research by CipherTrace has shown that many banks do not know how to properly identify and monitor virtual currency transactions.
FinCEN Advisory FIN-2019-A003, “Advisory on Illicit Activity Involving Convertible Virtual Currency (CVC),” says clearly “Financial institutions should carefully assess and mitigate potential money laundering, terrorist financing and other illegal funding risks associated with CVCs.” and identified 36 warning signs of misuse of A cryptocurrency (or cryptocurrency) is a digital asset that … more. FinCEN also notes that “CVC has become one of the main payment and money transfer methods used in online darknet marketplaces that facilitate the cybercrime economy”.
In fact, in the first six months since these guidelines were published in May 2019, FinCEN received around 10,000 suspicious transaction reports (SARs) related to convertible virtual currency (CVC) from 1,900 companies. Globally, the Financial Action Task Force (FATF) has reported that financial institutions (FIs) have reported 134,500 reports of suspicious transactions involving virtual assets over the past two years. Suggested: During What is a Virtual Asset Service Provider (VASP)? A virtual A … more Over the past two years, 134,500 reports of suspicious virtual asset transactions have been reported. FIs continue to report suspicious activity related to virtual assets.
Lack of insight into virtual asset-related transactions
As more mainstream consumers and institutional investors adopt cryptocurrencies, it is becoming increasingly difficult, if not impossible, for traditional FIs to avoid entanglement in the cryptocurrency.
According to FinCEN, CVC activity can be observed by financial institutions that specialize in:
- Trading with CVC,
- Financial institutions serving such companies
- or financial institutions with customers who are actively involved in using CVC.
If a bank cannot accurately determine whether its institution is conducting virtual asset business or whether its clients are making payments related to virtual assets, it will not be able to meet its BSA obligations.
FinCEN has made the ubiquitous nature of virtual currency clear. Banks can claim a zero tolerance policy on cryptocurrencies but not allow transactions by searching for the word “bitcoin” or “cryptocurrency”, which is the name of a common one A business that enables customers to buy cryptocurrencies or … more or a derivative thereof is insufficient to identify all transactions in your payment networks.
How Not for monitoring virtual currencies in your payment networks
Some financial institutions have developed their own systems to try to identify cryptocurrency-related accounts. The vast majority of these systems hold lists of cryptocurrency exchanges and other VASPs from open sources on the internet and attempt to name-match their customer base of where the funds are coming from and where they are going.
CipherTrace’s research has shown that this approach produces many false positives and misses significant, large amounts of cash flows that cannot be detected by native name matching. In some cases, this approach missed 90% of actual cryptocurrency-related transactions within a financial institution.
This becomes clear when you take an exchange like “Gemini”, which is associated not only with the famous Winkelvoss twins exchange, but also with everything from Gemini Middle School in Maine to Gemini, the “elite Manufacturer of wood coatings for indoor and outdoor use. “Gemini the company“ with 40+ years in the construction industry ”and numerous other companies. It is easy to see that comparing names alone can lead to a large number of false positives, wasting time and effort.
Additionally, most of the open source lists are incomplete and may cover the top 100 exchanges, leaving out the other 600+ exchanges. Even if customers transact with a cryptocurrency exchange that you had on the list, many exchanges do not do business under their popular name. For example, the cryptocurrency exchange “Zebitex” does business under the vague name of “Digital Service” while Abra’s legal name is “Plutus Financial Inc”. It is clear that the name matching is not enough for you to find all the cryptocurrency exchanges, resulting in significant missed risks.
In fact, CipherTrace research has found that a typical name-based system can completely miss up to 70% or more of the crypto exchanges out there and up to 90% of the actual transaction volume.
A typical name-based system can completely miss up to 70% or more of the crypto exchanges and up to 90% of the actual transaction volume.
CipherTrace analysts work daily to determine the fiat payment capabilities of every Virtual Asset Service Provider (VASP) worldwide. While extremely sophisticated, it provides data that is critical for the accurate identification and mapping of VASP activities by bank customers.
How criminals launder crypto across banks
A common example of crypto laundering a bank might face is criminal revenue from the dark market. Typically, a drug dealer sends the cryptocurrency obtained from darknet narcotics purchases to the cryptocurrency address of a P2P exchanger. The P2P exchanger uses its virtual asset account with a high-risk cryptocurrency exchange to convert the cryptocurrency into USD in order to “clean” or legitimize the currency. The USD is then transferred under fictitious company names from the High-Risk Cryptocurrency Exchange to the bank accounts of the P2P exchanger. The P2P exchanger hides the true nature of the funds when it sends the USD back to the drug dealer’s fictional business account as either a till check, wire transfer, or ACH transfer. Without the right tools, many banks would have no idea that these funds came from a high-risk cryptocurrency exchange, much less from the proceeds of illicit drug sales.
Read our case studies to see real-life examples of criminals laundering crypto through banks, credit unions, and other financial institutions: https://ciphertrace.com/risk-mitigation-for-banks-unlicensed-bitcoin-atm-case-study/
CipherTrace Armada: Cryptanalysis and Compliance for Financial Institutions
- CipherTrace Armada enables financial institutions to identify customers who are transacting with CVCs and unregistered crypto MSBs who may be attempting to evade supervision and failing to implement appropriate AML controls.
- CipherTrace Armada enables financial institutions to monitor remittances, ACH and credit card transactions to identify customers involved in CVC transactions and easily integrates with existing AML compliance systems.
- CipherTrace Armada provides risk assessment information from counterparty bank accounts in connection with risky or criminal CVC business so that financial institutions can investigate suspicious customer accounts and meet FinCEN’s obligations.
Which indicators of cryptocurrency abuse should be reported
Coupled with a bank’s current AML software, CipherTrace Armada can help financial institutions identify unregistered MSB activity and suspicious virtual currency purchases, transfers, and transactions as detailed in FinCEN Advisory’s Red Flag Indicators of the Abuse of Virtual Currencies .
The following indicators apply to banks:
Unregistered or illegally operated P2P exchangers
- A customer receives multiple cash deposits or transfers from different jurisdictions, branches of a financial institution, or individual and uses those funds shortly thereafter to purchase virtual currency.
- A customer receives a series of deposits from different sources, which represent almost identical total transfers to a well-known virtual currency exchange platform within a short period of time.
- The customer’s contact information is linked to a known CVC A peer-to-peer (P2P) exchange behaves like a match maker or au … more Platform advertising exchange services.
Unregistered MSBs based abroad
- A customer transfers or receives funds, including through traditional banking systems, to or from an unregistered foreign CVC exchange or other MSB without reference to where the customer lives or does business.
- A customer is using a CVC exchanger or overseas MSB in a high risk jurisdiction that has no or known poor AML / CFT regulations for CVC companies, including inadequate KYC or customer due diligence.
- A customer directs a large number of CVC transactions to CVC companies in jurisdictions reputed to be tax havens.
- A customer who has not identified themselves as a money sender or registered with FinCEN appears to be using the liquidity provided by the exchange to execute a large number of counter-transactions, which may indicate that the customer is acting as an unregistered MSB.
Unregistered or illegally operated CVC kiosks
- A customer operates several CVC kiosks at locations with a relatively high crime rate.
Other potentially illegal activities
- A customer significantly older than the average age of the platform users opens an account and makes a large number of transactions, suggesting their potential role as a CVC money mule or victim of the financial exploitation of the elderly.
- A customer has limited knowledge of CVC despite engaging in CVC transactions or activities, which may indicate a victim of fraud.
- A customer purchases large amounts of CVC that are unoccupied by available assets or that match their historical financial profile, which may indicate money laundering, a money mule, or a victim of fraud.
Read the full FinCEN advice:
Learn more about the CipherTrace Armada