Five Things Compliance and Fraud Professionals Need to Know about Crime in Crypto
December 1st, 2022
As the blockchain industry matures, cryptocurrencies are becoming a legitimate asset class that’s getting the attention of traditional financial institutions (FIs) that want to become part of this new economy and expand their revenue streams.
These institutions come to Chainalysis to get advice on how to engage with crypto. What’s the main reasons behind a hesitation to enter the space? Lack of regulatory clarity and not having the tools needed to mitigate the risk associated with offering crypto.
Dipping toes into the infinite ocean of blockchain can be overwhelming. The good news is that, with the right tools, financial institutions can leverage the transparency of the blockchains to identify, investigate and mitigate cryptocurrency fraud easier than in traditional finance.
But it’s essential that financial crime professionals understand cryptocurrency to ensure the safe adoption of crypto services for their financial institution. Here are the five basic principles that will guide the beginning of every financial fraud professional’s journey to understanding crypto.
1. Blockchains are totally transparent, thus crypto crime is easier to follow than crimes in traditional finance
This one seems counterintuitive, but it’s true. One of the main misconceptions about crypto is that it’s private, therefore facilitates crime. It’s important to note that in 2021, the estimated value of illicit activity on the blockchain was $14 billion dollars, reaching an all-time high in value. However, this amount represents less than 1% of all crypto transactions.
While it’s true that crypto transactions have a layer of privacy, the blockchain is completely transparent. If someone looks up a crypto address in a blockchain explorer, they can see a full history of transactions for this particular address.
Furthermore, regulated crypto and traditional finance companies must comply with AML and KYC standards that make it easier to uncover the identities behind crypto transactions. Whenever financial criminals need to cash out illicit proceeds, they use off-ramps: crypto exchanges that can convert crypto into fiat currencies. These crypto services are required to have KYC and AML policies to maintain compliance. With the right tools, fraud professionals can:
- Follow the funds throughout the blockchain
- Identify the crypto off-ramp services
- Work with the appropriate authorities to identify criminals
If FIs use the right tools, then identifying fraud quickly in crypto transactions is a straightforward process.
2. Crypto education is the first step to implementing an efficient risk-based approach for new crypto offerings
Compliance and fraud professionals cannot protect their companies from unknown risks. And implementing the same risk approach as fiat transactions could be counterproductive for their financial institution. Teams need to have a deep understanding of the typologies of crypto crime, red flags, and how to monitor transactions to investigate suspicious activities in the blockchains.
To get up to speed fast, there are a lot of recommendations from regulators to guide a risk-based approach for crypto offerings. In addition, there are also high-quality crypto fundamentals certifications built specifically for compliance teams to arm them with the knowledge they need to understand blockchain technology and develop a crypto compliance program that adapts to their company’s business model.
One best practice is to be proactive, get involved with associations in the crypto space, and seek direct guidance from regulatory authorities. This allows the team to make informed decisions and confidently implement a risk-based approach that identifies fraud faster.
Compliance cannot be thought of as a one-time measure—it’s a holistic and ongoing process that needs to continuously monitor customers’ behaviors, minimizing risk at every stage. That’s particularly important when thinking about crypto compliance programs, as funds can be moved to different jurisdictions much faster than through traditional rails.
Compliance professionals need to think outside the box and implement specific analyses to determine the best approach for their business when developing a crypto custom program. This includes identifying the licenses needed to operate to assure the company is complying with regulatory requirements, keeping up with the regulatory developments, and providing ongoing education about crypto. These are key factors for success.
3. A good offense is the best defense. Investing in proper upfront due diligence helps mitigate potential fraud
Risk assessment and due diligence of the crypto environment rely on good data about illicit activity methods. But it’s also highly linked with building crypto capacity and education inside fraud teams. Compliance professionals need the knowledge to:
- Make a proper assessment
- Study the regulatory frameworks
- Connect with outside counsel and regulators to stay informed and prevent fraud from happening on their platforms
When considering how to begin offering crypto solutions, financial institutions cannot afford to skip proper due diligence. Extensive research needs to be done on the:
- Crypto assets that the business wants to offer
- Counterparties they will interact with
- Clients that will be engaging with their services
It’s best practice to get expert legal opinion from outside counsel. The compliance team needs to understand crypto and regulations and do a thorough evaluation of the:
- Assets the company would support
- Market liquidity
- Risk involved with being considered a commodity
- Risk of crypto vendor companies, etc.
Implementing a custody business model would also add complexity to the due diligence, especially if the company is considering the custody of its own funds. The research list is long, and it’s highly dependent on the model.
4. Collaboration between the crypto industry, traditional financial institutions, and law enforcement is key in combating fraud
When combating crime, we’re all in this together, especially in crypto. As the ecosystem matures, we hear more success stories of public and private sectors joining forces to combat crypto crime. For instance, in early 2022, Chainalysis tools helped the German Police to shut down the operations of the world’s largest darkweb site by revenue, the Russia-based Hydra Market. This kind of example highlights how collaborative effort successfully works to keep the ecosystem safe. It shows that combating crypto crime is possible when providers and law enforcement work together.
As the regulatory environment is still murky, crypto companies have been self-regulating to avoid future scrutiny. In many cases, crypto companies are even meeting a higher compliance standard than companies in traditional finance and are more than willing to comply with regulations and cooperate with authorities.
It’s vital to highlight that even while the regulations around crypto are still being written, authorities across the globe like FATF, FINCEN, The European Council, FinTRAC, MAS, and others have published guidance on how to deal with cryptocurrencies.
In addition, given the growth of the blockchain ecosystem, authorities are paying closer attention to the space and increasing the number of cryptocurrency addresses attached to sanctioned individuals and entities. It’s key for compliance professionals to proactively reach out to regulators to ensure their policies comply with regulatory requirements, but also to make sure that the regulation makes sense for the industry and its users.
5. These tools are available to make the journey into crypto easier
We’ve covered crucial steps that can help FIs build an AML and compliance program for cryptocurrencies. But the right technologies are the secret ingredient to implementing a successful, scalable program. The appropriate tools give teams the time and the capacity to follow established risk protocols in a consistent manner.
KYC, AML, and any compliance policy are living processes that can easily become unmanageable. FIs that are thinking about jumping on crypto without considering the right tech stack early in the process are setting themselves up for failure.
With so many companies offering crypto compliance solutions, compliance teams need to do their due diligence on the providers.
The right partners will:
- Make the journey much easier for the team
- Help operationalize compliance AML programs
- Build workflows for information sharing
- Allow the company to share the same data and language as the regulators
- Set the ground for scalability
Take time to find the right partner to ensure your crypto program meets regulatory requirements and reduces risk.
Cryptocurrency as a revenue stream
If your financial institution is looking to get a piece of the pay of the crypto market, invest time and resources upfront in compliance and fraud prevention. This ensures you have the appropriate training and tools to create the policies and processes that will help mitigate potential risks and protect your reputation, company, and users. Putting compliance at the center of your crypto strategy is key to the success of the business.
Reach out if you want to learn more about how Chainalysis and NICE Actimize can help you to safely engage with cryptocurrency.
Disclaimer: The content in this article is not formal legal advice on which compliance actions to take. The questions, examples, and workflows are intended to help the reader think about how to make risk judgments in this space – not as formal guidance on what policies should be adopted.