How upcoming virtual asset regulations will affect banks – even those who believe they don’t operate cryptocurrencies
As more mainstream consumers and institutional investors adopt cryptocurrencies, it is becoming increasingly difficult, if not impossible, for traditional financial institutions to avoid entanglement in the crypto economy. For example, banks are exposed to significant counterparty transaction risk when customers interact with high risk crypto exchanges – especially when a bank cannot identify those transactions as or from a virtual asset unit.
Although the Financial Action Task Force (FATF) included Virtual Assets (VAs) and Virtual Asset Service Providers (VASPs) in its recommendation at the end of 2018, the rules for virtual assets still vary widely from country to country. The FATF tried to address all AML loopholes by publishing their new ones Guidelines for a Risk Based Approach for Virtual Assets and Virtual Asset Service Providers in June 2019. The guidelines emphasize the effectiveness of regulation, oversight and enforcement What is a Virtual Asset Service Provider (VASP)? A virtual A … more Sector would require a global approach.
While in particular one of the new regulations – a A cryptocurrency (or cryptocurrency) is a digital asset that … more “Travel Rule” – was the main focus among VASPs, the Travel Rule is just one of many new obligations recommended by the FATF. The guidelines also outlined a risk-based framework for VASPs that carries over the same risk-based approach that is common for formal financial institutions to the virtual asset sector. This contains:
- Monitoring or monitoring of VASPs for AML / CFT purposes;
- Licensing or registration; Preventive measures, such as customer due diligence, records and reports of suspicious transactions, among others;
- Sanctions and other enforcement measures; and international cooperation.
This framework marked the beginning of increased regulatory scrutiny not only for VASPs, but for all virtual asset activities. As banks and cryptocurrency become increasingly intertwined, as users look for fiat on and off the ramps, and regulators pay more attention to the banking sector and its exposure to virtual assets. In June 2020, the Office of the Comptroller of the Currency requested in advance public contributions to draft cryptocurrency rules that will affect banks under the jurisdiction of the OCC. Extensive research by CipherTrace in 2019 uncovered individuals conducting illicit crypto-money service businesses at 8 out of 10 US retail banks. These illegal MSBs are using their bank accounts as a channel for accepting cash payments in exchange for crypto to aid the illegal trade of fiat for crypto. They often do this by simply making a bank transfer or depositing cash with a custodian. Many banks and other regulated financial institutions unwittingly provide a conduit for these illegal transactions. The analysis also found that a typical large U.S. bank processes over $ 2 billion in undetected cryptocurrency-related transfers annually. Financial institutions need to understand their crypto counterparties to credit cards, debit cards, ACH, bank transfers, and fast transfers.
What are the risks of virtual assets for banks?
Bad KYC controls:
While new regulations have helped make the virtual asset economy more secure, some virtual asset providers still lack the appropriate AML controls to successfully detect and contain money laundering and terrorist financing. When reviewing the KYC processes on the top 500 VASPs, CipherTrace found that 57% of these VASPs had weak or porous KYC processes. These weak KYC protocols can be exploited by criminals and other malicious actors to launder illicitly acquired virtual assets via exchanges that act as fiat off ramps.
Exchanges that operate as direct fiat off ramps pose a cryptocurrency risk for both the bank of the crypto exchange and the banks of the receiving user. Exchange customers sell their crypto on the platform of the exchange for Fiat, which is obtained from the account with the Cryptocurrency exchange bank via ACH or wire transfer to their bank account. While the two banks do not trade cryptocurrencies directly with each other, the value sent represents the sale of the cryptocurrency. Both banks must rely on the exchange’s AML program to avoid any risk that may arise from the source of the crypto assets being traded. to be addressed appropriately. Fortunately, 2020 has seen an upward trend towards stronger KYC as previous CipherTrace research in 2019 showed 67% of VASPs had poor KYC – 10% more than this year’s study.
Cross-border nature of virtual assets:
On average, 74% of the Bitcoin is a digital currency (also called cryptocurrency) … more Exchange-to-exchange transactions were postponed across borders in 2019. The FATF warns: “Prohibited users of VAs can, for example, take advantage of the global reach and transaction speed that VAs offer, as well as the inadequate regulation or oversight of VA financial activities and providers in all jurisdictions, creating an inconsistent legal and regulatory playing field in the VA ecosystem creates. ”VASPs based in one jurisdiction may offer their products and services to customers residing in another jurisdiction where they may be subject to different AML / CFT obligations and oversight. This is of concern when the VASP is in a jurisdiction with weak or nonexistent AML / CFT controls.
VASPs don’t have long to apply new regulations
When the FATF announced the new guidelines in June 2019, they set a 12-month time frame before they would report on the progress made by each member state in transposing the guidelines into local law, stating, “Future developments in technology for virtual Assets should not create loopholes that terrorists and criminals can exploit. The FATF will evaluate the next steps in June 2020. “
However, many members have yet to properly adopt all of the FATF’s new virtual asset guidelines, risking jurisdictional arbitrage as some countries maintain effective implementation of AML requirements while others operate without adequate controls. In addition, the creation of new regulations does not automatically mean that new protocols are created or enforced overnight at VASPs. Criminals can take advantage of these AML loopholes in a quick attempt to dump ill-gotten funds in a race for fiat before new regulations are enforced. These cryptocurrency-related transactions often go unnoticed on bank accounts and payment networks. The lack of transparency and unwillingness of banks and other financial institutions makes them vulnerable to fraud and compliance vulnerabilities. A CipherTrace case study of Kunal Kalra – the operator of an unregistered crypto MSB who pleaded guilty to trading up to $ 25 million in cash and crypto for darknet drug traffickers – shows how Kalra ran its unregistered MSB by setting up bank accounts on behalf of others and falsifying transactions with both one of the top five US banks and a smaller regional bank.
Recent statements by FinCEN staff and Treasury Secretary Steven Mnuchin highlight the U.S. government’s stance on the compliance expectations of financial institutions in cryptocurrency-related transactions. With regard to the Travel Rule, for example, FinCEN Director Kenneth Blanco said on May 13, 2020, “The United States has long expected financial institutions to identify counterparties involved in transactions for a variety of purposes, including AML / CFT and sanctions, even for transactions in virtual currency. Any asset that enables the instant, anonymized transfer of value around the world without due diligence or record-keeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanction avoiders. “
In December 2019, Blanco also stated, “It is important for all financial institutions to ask themselves whether they are reporting such suspicious activity. If the answer is no, then you need to reevaluate whether your institutions are exposed to cryptocurrencies … If you think you have no cryptocurrency on your network, look again. “Banks should be able to tell exactly how high your cryptocurrency risk is and whether you have taken appropriate measures. However, since CipherTrace research found that a typical large U.S. bank processes over $ 2 billion in undiscovered cryptocurrency-related payments annually, it is evident that banks cannot do this on their own.
It is imperative that banks use the right tools and resources to adequately identify exposure to the fast-paced, ever-changing 7×24 crypto ecosystem. Blanco added in his May 2020 speech: “There is no substitute for the visibility and ability of the private sector to prevent the criminal exploitation of virtual currency products and platforms – especially for those of you who organize and develop these products and platforms and manage. Our cooperation plays an important role not only in promoting financial transparency, inclusion and development of the future of payment systems, but also in identifying, prosecuting and preventing criminals, including terrorists and other malicious actors, others, especially the most powerful at risk of causing harm. “