Currently, the global market for cryptocurrency is valued at $1.14 trillion. The growing adoption is strikingly evident in the number of institutional players entering the arena. However, the innovation that has sparked the global rise of crypto has also provided a doorway for criminal exploitation. The speed and anonymity that cryptographic technology provides for the financial world make it harder to filter out bad seeds, thus inviting more regulatory scrutiny.
The recent collapses in major centralized exchanges are a clear illustration of what happens when preventive measures are not taken.
The Financial Action Task Force (FATF) notes that financial institutions should evaluate financial risks when doing business with virtual asset service providers (VASPs) or customers involved in virtual activities (VA).
“It is important that financial institutions apply the risk-based approach properly and do not resort to the wholesale termination or exclusion of customer relationships within the VASP sector without a proper risk assessment.” – FATF
The objective is that growing regulatory clarity in the blockchain industry will continue to provide support for institutional adoption. In the meantime, significant concerns for those involved in the space are apparent; namely, the inherent risks that come along with crypto and how, if possible, to mitigate them.
Latest Guest Post: Decentralized Authentication: A Path Forward to Crypto 2.0
Examining the Risks in Cryptocurrency Transactions
The underlying technology governing cryptocurrencies revolutionized a system that was once limited to the costly time constraints that imbue traditional finance. And while the financial sector has indeed been gifted the delectation of a tamper-proof, secure record of transaction keeping, it doesn’t come without risk.
Exchanges on Jurisdiction
As crypto is not fully regulated and financial institutions do not have all the regulatory requirements that a regular institution has, key factors in client management come into play. For one, exchanges on high-risk jurisdictions pose a substantial threat to the crypto sector. High-risk cryptocurrency exchanges can be characterized by a lack of legal/regulatory compliance and a lack of customer identity verification.
These exchanges might fail in filing suspicious activity reports, in preventing the creation of fraudulent accounts, or in responding to subpoenas. One example is when we see newly issued tokens being used for exchanging large volumes.
In addition, there are risks associated with unregulated centralized crypto exchanges and custodians, as they may or may not be holding users’ assets in segregated accounts and also fail to provide verified proof of reserves. This has been evident in the recent fall of FTX and other centralized exchanges, where the customers’ funds were co-mingled with the exchange’s corporate funds, making it difficult to differentiate and recover them in case of insolvency.
Another major risk that poses a threat to investors involved in crypto is a limited — or lack thereof — of customer requirements on the exchanges. Lack of KYC (Know Your Customer) increases the likelihood of money laundering. Some regulators purport that a lack of KYC could be a compliance violation even for decentralized exchanges.
Furthermore, exchanges should screen their customers against international sanctions and watch lists, politically exposed persons (PEPs), and deploy adverse media screening measures to detect customer involvement in breaking news stories. Most importantly, investors must watch for particular AML red flags that are not uncommon in high-risk exchanges.
AML Red flags
Research regarding crimes involving virtual assets done by the Financial Action Task Force (FATF) aimed to help financial authorities and crypto wallet and exchange firms develop an AML program. The subsequent 2020 report revealed the red flag indicators of money laundering in virtual assets:
- Transaction patterns that are unusual, irregular, or lack an apparent purpose
- Unusual behavior in the sender or recipient profiles
- Dubious source of funds or wealth
- Exaggerated transaction sizes with no logical business justification
- Geographical risks that involve countries with weak virtual asset national measures
- Technological features that increase anonymity such as anonymity-enhanced cryptos
The impact of attacks and manipulation on crypto exchange users can be illustrated by the number of exchange hacks in recent years. In January 2022, popular exchange Crypto.com was targeted, compromising almost 483 customer accounts.
Latest Guest Post: Crypto and the Developing World: Empowering Women through Decentralized Finance
In 2021, almost $8 million was stolen from AscendEX, and BitMart’s BSC hot wallet systems and Ethereum suffered a massive security breach. More recently, South Korean crypto exchange Gdac was hacked for nearly $13 million.
In January, the Biden Administration posted an official blog highlighting its roadmap to mitigate the risks that cryptocurrency faces. It states that the administration has laid out a framework for ensuring safety in the development of digital assets.
“Agencies are using their authorities to ramp up enforcement where appropriate and issue new guidance where needed,” the post reads. The banking agencies issued joint guidance, just this month, on the imperative of separating risky digital assets from the banking system. Agencies across government have launched — or are now developing — public-awareness programs to help consumers understand the risks of buying cryptocurrencies.”
Mitigating Risk via Monitoring and Control
Financial institutions and investors must mitigate risk over their cryptocurrency transactions. A solid risk management solution that includes constant monitoring and control over one’s own digital asset transactions is the cornerstone of protecting digital assets and DA customers. While an individual’s identity remains hidden, their crypto transactions are public and recorded on a blockchain.
The best way to monitor cryptocurrency transactions is via secure and automated systems as opposed to doing it manually. Transaction monitoring platforms and systems automatically detect high-risk transactions, and they must have a customer-focused AML compliance framework in line with the FATF and FinCEN requirements.
In addition, proper training and educational guidance to enable employees to effectively review, identify, and report crypto transactions are crucial. Many regulations today emphasize the importance of such training. Furthermore, utilizing advanced analytical and machine learning will help automate the crypto transaction monitoring process as well as improve the overall accuracy of risk detection.
When working with VASPs, financial institutions should consider and put into action:
- Applying proper KYC protocols that must be followed stringently
- Leveraging on-chain tracking tools to monitor and identify suspicious activities
- Implementing a range of automated AML tools for speedy detection
- Evaluating compliance with regulatory requirements across jurisdictions of business
- Conducting regular digital asset platform audits
- Updating existing policies to include oversight of crypto assets
- Identifying and meeting licensing requirements
Apart from these key risk management procedures, financial institutions can help their customers by providing additional guidance and support in determining their individual needs. For example, appropriate exchange and liquidity solutions that align with their personal goals can be established. Investors are more prone to being victims of digital asset risk when they are not prepared and do not have a proper plan.
Latest Guest Post: Modular Banking: The Next Stage of Evolution for BaaS Infrastructure
[To share your insights with us, please write to sghosh@martechseries.com]