Just before the recent crash, cryptocurrencies reached a combined global market capitalization of $3 trillion, up from around $14 billion at the start of November 2016. These are significant indications that the cryptocurrency market is growing and is growing much faster than expected. However, given the anonymity, speed and borderless nature of cryptocurrencies, this also makes them highly vulnerable to would-be offenders, who seek opportunities to siphon off their illicit funds – especially across borders. .
On the other hand, however, the transparent nature of these transactions provides law enforcement agencies with mechanisms to trace the flow of funds and hunt down bad actors, as they conduct their investigations. However, crypto businesses should still implement preventative and detective controls to ensure safeguards are in place to prevent such incidents in the first place. Regulators around the world have raised concerns about the lack of controls to detect illicit funds flowing through crypto firms. As a result, most regulators around the world are now becoming extremely strict, imposing heavy penalties on crypto service providers (or Virtual Asset Service Providers – VASPs). A recent example is a crypto exchange, which was fined $100 million for failing to comply with AML laws.
The risks that crypto businesses face are not just limited to money laundering. They are also vulnerable to hacking and identity theft, market manipulation and fraud, cybercrime and ransomware attacks, and other related risks. Such vulnerabilities, if left unchecked, can pose a significant threat to consumers, investors, and business partners in the crypto industry. They must therefore take positive steps to reduce these risks and create long-term sustainable value for all their stakeholders.
For crypto companies, implementing such measures will not be an easy task, given that they are mostly driven by tech entrepreneurs, with limited experience in providing regulated products/services. Like any other start-up company, they are strapped for resources and need to ensure that they meet their investor’s growth directive. Finally, as technology continues to evolve, new cryptocurrency creations are likely to increase the difficulties of detecting illicit funds flows.
At a basic level, crypto businesses must have a system of internal controls designed to determine customer identities, assess customer risk, detect suspicious transactions, and file regulatory reports diligently. Additionally, the financial crime compliance program should include appropriate risk-based procedures for performing ongoing customer due diligence. Additionally, they must not engage, directly or indirectly, with any sanctioned entity or individual, as designated by the relevant regulatory authorities.
However, weaknesses were observed and noted in a wide variety of questions. For example, U.S. regulators have pointed out that “identified anti-money laundering deficiencies stem from three primary causes: inadequate customer due diligence, insufficient identification of customer risks and inefficient processes related to monitoring and reporting suspicious activity, including the timeliness and accuracy of regulations. deposits”. In addition, ASEAN regulatory authorities identified shortcomings in the execution of name-selection checks, which also included potential regulatory violations.
Experience from our client engagements indicates that most companies still rely on legacy rules-based systems, manual alert disposition templates, and word-based due diligence reports to identify suspicious activity. But with low-cost, high-speed, and high-volume transactions, such systems would be inefficient. It’s time for crypto firms to leverage the power of their technology to fight financial crime. Most large companies are starting to rely on AI and ML-based models to categorize customers, classify alerts, implement perpetual kyc, or identify suspicious patterns. Some of these models might be at a nascent stage, but the investment over time will help them run with 90% or better accuracy. Until such performance is achieved, it is advisable to let these models complement existing systems and capabilities.
Crypto businesses need to take positive steps to mitigate these risks. These risks are significant and growing threats not only to the crypto industry, but also to society and the economy. Crypto entities should strive to adopt a detailed roadmap of actions that would ensure appropriate controls and robust governance mechanisms are in place to address some of the long-standing vulnerabilities in their AML/CFT program. against money laundering and the fight against the financing of terrorist activities). ).
Once implemented, these actions will make crypto businesses more secure and better positioned to develop long-term, sustainable trust by preserving and improving the efficiency of their systems. As crypto companies and related financial innovations strive to make financial services fairer through lower costs and easy access, they must also ensure that positive steps are taken to protect their consumers, investors and business partners from malicious actors.
The author is Managing Partner, EntityVector.