The landscape of cryptocurrency has been rapidly changing in recent years. One of the core tenets of the crypto movement is improving security standards and combatting things like money laundering. Anti-money laundering (AML) has been a focal point and the enforcement of AML sanctions will help change how we view crypto as a whole.
Crypto news has been abuzz with talk about how compliance requirements are changing for global banks, national financial intelligence units, regulated exchanges, and more. The digital market is complex as it is, but what does the future hold for AML regulations?
More Complexities Arising
While the general focus of the public is on crypto prices, many have their eyes on the various complexities that come with the growing digital assets market:
· Regulators are expecting proactive controls as well as clear documentation of all risk-based decisions
· False positives are moving out of the realm of inefficiency and becoming more of a liability than ever before
· Cross-chain, multi-hop laundering that happens across a number of different intermediary wallets is now becoming the norm rather than the exception
· Sanctions evasion tactics are becoming much more advanced, involving seemingly legitimate payment providers, OTC brokers, and any other kind of professional enabler
Organisations are taking action to protect not only themselves but the customers that they serve. Internal and external compliance professionals are making use of a litany of advanced tools that help them uncover potentially hidden risk, allowing them to make defensible, fast, and confident decisions when it comes to virtual asset service providers (VASPs) and other entities.
What is Anti-Money Laundering (AML) in Crypto?
In order to fully understand what all of this means, it helps to know how AML applies within the world of cryptocurrency. AML is essentially a set of controls, regulatory expectations, processes, and laws enacted by financial institutions. These measures are used to not only detect but also prevent the potential movement of criminal funds. In the realm of traditional finance (TradFi), these compliance requirements have been in place for a long time.
When it comes to money laundering in crypto, there are additional challenges and complexities that come with all of the additional data made available compared to TradFi. Laundering within the crypto space often includes several rapid transfers – sometimes hundreds – across assets, blockchains, and wallets. Every move is meant to obscure the origin of those funds.
The goal remains the same as it has always been. Given the decentralised and anonymous nature of crypto, there are even greater challenges for financial institutions and regulatory agencies when it comes to preventing and detecting criminal activities.
Techniques Used in Crypto Laundering
In order to better understand the challenges facing these organisations, it helps to know the plethora of ways that criminals are “beating the system”. There are five techniques, in particular, that agencies are aware of:
Decentralised exchanges and swap protocols. Some decentralised services don’t have comprehensive know-your-customer (KYC) protocols, if they have them at all.
Cashing out and laundering due to low-KYC requirements. Trying to cash out to traditional, fiat currencies through permissive or unregulated platforms makes it tougher to find the trail of laundering.
Mixers and privacy coins. This combination of efforts involves a more complex level of hiding the transaction trail, making it tougher to determine the origin of these funds.
Layering. Layering involves breaking funds into much smaller amounts and then distributing them across dozens or even hundreds of wallets over time.
Cross-chain bridges. This is the process of moving funds across a number of different blockchains in order to break traceability.
More often than not, a few of these methods are used in combination, sometimes in the space of a few minutes. Not only can it potentially obscure the origin of these funds but it can create confusion and frustration among investigators.
We have already seen challenges to the decentralised finance space. Protocol bZx was forced to announce that one of its developers was a victim of a phishing attack. This gave the attacker control of that developer’s wallet as well as the Polygon deployment tool and bZx’s Binance Smart Chain. The result was $55 million USD drained from wallets on the Avalanche, Polygon, and Binance Smart Chain blockchains before any action could be taken. From there, the attacker used a minimum of four cross-chain bridges in order to move all of that stolen crypto over to Ethereum’s blockchain.
What Compliance Teams are Focusing on
Compliance teams and regulatory firms are focusing on a few things when it comes to AML challenges in the digital asset space. All of these help to focus on mitigating and identifying the potential risks involved.
High-risk service interactions. Compliance teams are monitoring the use of wallets, VASPs, or other platforms that are notorious for their poor AML control protocols.
Obfuscation attempts. These efforts attempt to detect crypto laundering behaviour like mixing, breaking large transfers into small pieces, rapid cross-chain transfers, and layering in order to avoid reporting requirements or risk thresholds.
Synthetic identities. Compliance officers are attempting to spot patterns that indicate if users are potentially attempting to bypass KYC obligations.
Use of illicit funds. Regulators and officers are working to identify wallets that move or receive funds from darknet markets, sanctioned entities, scams, or hacks.
The thing to remember about AML in crypto is that it isn’t about following the money. More than anything, it is about understanding the behaviour behind those transactions even when the bad actors involved are attempting to hide it.
Why AML Regulations and Compliance Software are Essential
Traditional finance can take days to settle transactions, making it easier to find potential money laundering trails. In crypto, transactions are done in seconds and are irreversible. That level of speed, combined with built-in anonymity and evolving sophistication on the part of bad actors, makes it challenging. Because of that, having the right AML and compliance software is a must.
Elicit Finance is Changing
The majority of crypto transactions are on the up-and-up, but there will always be bad actors involved. That behaviour won’t go away, so blockchain intelligence and AML software will become even more critical in disrupting and detecting criminal activity before it can move off-chain.
Techniques are More Dynamic
Cross-chain bridges are commonly exploited. The same goes for privacy coins, decentralised exchanges, and behavioural patterns in order to obscure the flow of funds. Many of these activities are completely invisible to legacy monitoring systems. Criminals are also utilising AI in order to scale their attacks.
Proactive Controls
AML compliance regulators are now expecting firms to monitor transactions for red flags, document how risks are managed, and to screen wallets in real-time. Failure to meet these growing expectations can be very costly.
Adapting to a Shifting Landscape
At the end of the day, crypto compliance officers and regulators face evolving challenges all the time. Staying ahead of the curve is part of the territory and finding a way to sniff out potentially elicit activities is a job that never ends.
