NICE Actimize are providers of real-time, cross-channel fraud prevention, anti-money laundering detection, and trading surveillance solutions. Adam McLaughlin, Director – Global Head of Financial Crime Strategy & AML SME, here shares his insights on understanding and managing the risks of cryptocurrencies in financial services.
Cryptocurrencies have inched one step closer to the mainstream now that digital currencies such as Bitcoin and Ethereum have skyrocketed in value and sparked the interest of the masses. Since the start of the pandemic, we have seen many digital assets outpace the gains of stocks and commodities. This has led to traditional financial institutions and investment houses increasingly exploring the introduction of new virtual asset services or products for their customers.
Cryptocurrencies are so new that most traditional financial services companies do not offer access to the nascent market, with many not considering the indirect exposure they have to cryptocurrencies. Currently, the crypto market is largely serviced by fintech startups and so-called crypto exchanges, also known as virtual asset service providers (VASPs) that provide decentralized banking services such as investment, trading, exchange, purchase and sale of virtual assets. However, concerns about the associated financial crime risks of cryptocurrency use have increasingly been pushed to the front of the agenda. VASPs and financial institutions are still learning how to lessen the risk of facilitating financial crimes for which crypto assets are the tool or laundering method of choice.
The same applies to traditional financial services companies that want to enter the market. JPMorgan Chase and Goldman Sachs are among the banks that have indicated they are considering providing custody services and safe deposit boxes for cryptocurrency investors. Other traditional Financial Institutions are also looking into crypto custody products that will cut the price of existing wallets. Meanwhile, Goldman Sachs has started a Bitcoin futures trading platform.
Even traditional financial institutions which focus on fiat assets and currently don’t provide crypto services see significant opportunity with the emergence and growth in the crypto and blockchain space. As the value and use of crypto assets continues to grow, both traditional financial institutions and VASPs continue to evolve their knowledge and understanding of financial crime risks associated with cryptocurrencies in order to mitigate the risk.
How is Regulation Changing to Adapt to Cryptocurrencies?
Attempts to start regulating the crypto market started as far back as 2017 within the framework of the EU FinTech Action Plan. Following the EU Commission’s instructions directed at European financial supervisory authorities (EBA, EIOPA, ESMA) to examine the applicability of EU financial law to new types of crypto-asset, we now have the European Union’s 5th Money Laundering Directive (5MLD) that extended the EU’s anti-money laundering and counter-terrorism financial rules to VASPs. Once it was adopted and in full force, AMLD5 became a directly applicable law in all EU member states and regulates all issuers and service providers dealing with crypto-assets.
Most recently, the Anti-Money Laundering Act of 2020 marks an important milestone in anti-money laundering regulations as it has significant consequences for affected institutions. The AMLA has numerous provisions, most notably, expanding coverage to institutions with regards to compliance as well as being aware of their liabilities under the law. One aspect of AMLA is the exchange of unconventional items of value, expressly expanding the ambit of the BSA to businesses engaged in the trade of “value that substitutes for currency,” e.g., cryptocurrency.
Building on these new cryptocurrency regulations, In 2020, most EU jurisdictions introduced the obligation for financial intermediaries to exchange customer data when transferring cryptocurrencies on behalf of their clients. Last June, the Financial Action Task Force (FATF) issued new requirements for cryptocurrencies to combat money laundering and terrorism financing. The 37 member countries are expected to adopt these regulatory rules within one year although the pressure on businesses meeting the required standards under the Money Laundering Regulations has been so high that the end date of the Temporary Registrations Regime (TRR) for existing crypto-asset businesses was extended to 2022.
The “travel rule which came into effect around 1996 has not been extended to crypto-assets. Last year, it started to include “virtual assets” in the regulatory framework and introduced the term “virtual asset service provider” (VASP). Now, FinCEN and the Federal Reserve Board have expressed their interest to lower the threshold for the requirement to collect, retain and transmit information on funds and transfer. It requires any VASP to obtain, hold, and transmit originator and beneficiary information when transferring virtual assets to or from another VASP on behalf of their clients.
A combination of a lack of applicable law and a maturing political ecosystem around crypto assets is propelling suitable solutions for the major concerns raised in the past.
Managing Cryptocurrency Financial Risks
The cryptocurrency market is notorious for its lack of regulation and abundance of bad actors and malware. This poses a specific challenge for financial services companies that have to exercise prudent responsibility when considering providing banking services to crypto exchanges or users trading crypto. In addition to taking the appropriate measures and carefully supervising account KYC and AML requirements, financial institutions need more detail on the enhanced due diligence required in specific high-risk cases. The detection approach of the FATF and financial institutions is centred around Risk-Based Analysis, which seeks to use historical data to develop analytical techniques to identify likely ML. As efforts to standardise regulations around cryptocurrency transactions continue, banks and financial institutions must not only follow regulations but also recognise and act on closing gaps.
Increasing compliance monitoring under laws and regulatory guidance is seen as critically valuable in assisting banks to combat cryptocurrency-related money laundering. Training, KYC, effective transaction monitoring, understanding of virtual asset risks and regulations are the foundations that can help banks to adapt to the digital nature of cryptocurrencies. There are a series of checks that can help manage AML risk: Know Your Customer, Know Your Transactions, Know Customer Behavior, and Know Your Partner. All of these could assist financial institutions inadequately identifying and reporting suspicious accounts transactions.
Managing Cryptocurrency Technology Risks
It is impossible to separate the enabling technology and the related technological risks from the cryptocurrency as an asset. The relevance of the underlying blockchain technologies supporting each cryptocurrency inevitably impact the value of the cryptocurrency itself.
Banks and financial institutions need the ability to trace transactions and connections in real-time — and the capacity to assess their levels of risk. The need for an effective compliance program in understanding, managing and mitigating the financial crime risks that cryptocurrency poses is viewed as an extension to the blockchain. Financial institutions need technology that supports the immutable nature of blockchain to trace the origin of cryptocurrencies and thus eliminate money laundering risks.
Coordination between organisations in the financial services sector is the first step to managing the technological risks surrounding crypto. Having the tools to do blockchain analysis is critical. Ensuring the validity of the parties should be a priority for any system that enables crypto transactions. However, this is a multi-faceted process that extends beyond transaction screening to encompass compliance with existing and new regulatory frameworks. All payment processors must comply with the BSA (Banks Secrecy Act) and similar global regulations when operating in other global jurisdictions, and banks must identify any P2P crypto exchangers whether personal or business. This would require putting in some baseline controls for identifying customers as well as tools to report potentially suspicious activity occurring through the financial institution.
Managing Cryptocurrency Emerging Market Risks
With the advent of cryptocurrencies, financial institutions faced a new legal hurdle – clients passing illegitimately acquired money into a series of legitimate trading companies, making the tracing of origins hard. As a result, financial institutions are now faced with a plethora of compliance obligations designed to prevent ML, sanctions-avoidance and terrorist financing, to name a few, with regulatory obligations are getting tighter with each successive law.
Financial institutions may impose restrictions on personal and business accounts that transact with crypto by requiring them to comply with relevant AML/CFT regulations. Such restrictions could include record-keeping and suspicious transaction reporting, model risk management, ongoing CDD/EDD, internal controls and employee screening. Some banks have imposed bans on cryptocurrency transactions going as far as blocking sending or receiving funds from crypto exchanges and placing holds on bank transfers from known crypto platforms.
A Final Word
Banks and FIs need to incorporate regulatory compliance and risk management into their short and long-term business plan and strategy as a matter of necessity. Given the rise of cryptocurrencies and the inherent risks they pose, ensuring the monitoring process is fully standardised is essential to reduce the likelihood that suspicious activity falls through the cracks. It is imperative that banks and financial institutions remain mindful of their legal and reputational risks in the ML space, inclusive of their customers’ overall financial activity and the institution’s own risk profile. There is evidently far more work to be done – and what is certain is that the obligations on financial institutions are set to increase over the coming years.