The FCA's crypto marketing rules have brought cryptoassets into the spotlight. Crypto, by nature, poses money laundering risks that need monitoring.
Businesses have embraced virtual currencies to diversify investments and disrupt legacy systems. Yet, these are not without risks, particularly when it comes to anti-money laundering (AML) and counter-terrorist financing (CTF).
Legitimate uses for cryptocurrency
In today's digital economy, cryptocurrency streamlines global payments, offering a swift and cost-effective means for cross-border transactions.
Many online retailers accept cryptocurrencies, which can be used for online purchases. Cryptocurrencies provide privacy and security benefits and represent a viable investment asset class, diversifying portfolios and offering the potential for significant returns.
Virtual currencies can improve payment efficiency and transaction costs for payments and fund transfers. Bitcoin, for example, is a global currency that avoids exchange fees.
With low transaction costs, Bitcoin provides an affordable and efficient means of cross-border payments, reducing the reliance on costly intermediaries.
Beyond finance, blockchain technology, which underpins cryptoassets, has been harnessed for supply chain management, ensuring product transparency and authenticity.
Additionally, cryptoassets have facilitated the creation of decentralised applications (DApps) in fields like healthcare, where patient data can be securely managed, and in the gaming industry, allowing for unique in-game assets and economies.
The FCA & crypto marketing rules
The FCA has introduced some tough rules that are designed to make the marketing of cryptoasset products clearer and more accurate. These rules include banning incentives like referral bonuses, the inclusion of risk warnings and allowing for a cooling-off period.
The aim of these rules is mainly to protect consumers from the high risk associated with cryptoassets and should be applied wherever a firm is based globally. The penalty for firms that continue to promote cryptoassets without complying with these rules includes unlimited fines and/or up to 2 years imprisonment.
Criminals are exploiting cryptocurrencies
Criminals have always been early adopters of technology, and cryptocurrency is undoubtedly no exception. Consequently, cryptocurrency has increasingly become involved in almost every criminal activity that matters to AML professionals.
Such activity includes:
- Extortion: There's been an upward trend in ransomware payments. By June 2023, threat actors extorted $175.8m more than the previous year, earning $449m.
- Fraud: Scams are by far the most common type of cryptocurrency-related crime, with fraudsters raking in over $1 billion in the first six months of 2023 alone. However, crypto scams are on the decline - this is 77% less than the previous year.
- Trafficking: Marketplaces on the dark web use cryptocurrency to facilitate the sale of drugs, unlicensed firearms, stolen data and hacking tools.
- Terrorism: Terrorist organisations solicit donations using cryptocurrency. They also use cryptocurrency as a way to get around sanctions.
How is money laundered using cryptocurrency?
Organised criminals have learned to perfect the process of digital money laundering, which typically follows these stages:
- Entry - Criminals buy a basic cryptocurrency, often via an intermediary with clean records and corroborated employment. They then further distance themselves from the purchase by using pseudo-anonymous e-wallets, adopting pseudonyms, and using log-less virtual private networks (VPNs) and blockchain-optimised smartphones.
- Conversion - Once the purchase has been verified, fiat currency is used to place funds to buy primary coins such as Bitcoin. These funds are then used to purchase alt-coins at an advanced exchange. Certain alt-coins offer an enhanced level of anonymity.
- Masking - Next, criminals then use mixing services such as Bitmixer to swap primary coin addresses for temporary digital wallet addresses to trick the blockchain and disrupt audit traceability.
- Washing - Next, criminals layer numerous privacy coins, exchanges and digital addresses to effectively cleanse their illicit funds for reintegration into the traditional financial system.
- Withdrawal - Criminals finally withdraw cleansed funds, typically using one of these methods:
- In a process known as burst-out integration, privacy coin holdings are traded for primary coins and then converted to a basic currency, which can be sent to a connected bank account.
- Digital holdings are transferred to a hardware crypto wallet or printout of a QR code which can be sent anywhere in the world.
AML/CTF risks of cryptocurrency
While there are many AML/CTF risks associated with cryptocurrencies and virtual assets, the main ones are:
- Anonymity - anonymous transfers between buyers and sellers enable transactions to take place under the radar. There are no names, account numbers or verification checks, and the source of funding is never identified. This makes Know Your Customer (KYC) checks a challenge.
- Source/destination of funds - lack of identification and verification (ID and V) checks - with no names, account numbers, checks on the source or destination of funds, or historical records of transactions, there is real potential for abuse
- Cross-border transactions - with a global reach to any jurisdiction (all you need is a mobile phone), the AML/CTF risks are increased. Supervision and enforcement can be more challenging, though not impossible (for example, Silk Road, AlphaBay, Liberty Reserve and Western Express International).
- Lack of oversight - suspicious trading activity goes undetected if there are no AML systems. Law enforcement is complex as there is no central administrator, and asset seizures are difficult.
- Law enforcement - how can law enforcement work when decentralised virtual currencies operate across different jurisdictions with no central administrator in charge? How can we stop centralised virtual currency systems from targeting territories with weak AML/CTF regimes?
FATF crypto money laundering red flags
In 2020, the Financial Action Task Force (FATF) published a report to help cryptocurrency wallet and exchange companies develop AML programmes. The red flags they recommend focussing on are:
- Technological features that increase anonymity - using virtual assets and exchanges with such features can help criminals hide themselves or their funds
- Geographical risks - money launderers can channel funds through jurisdictions that do not exist or have minimum AML rules.
- Transaction size and frequency - for instance, making several high-value transactions for a short period of time or clearing transactions at amounts just below record-keeping or reporting thresholds.
- Transaction patterns - you should look out for multiple transactions without a commercial explanation, frequent large-value crypto transfers from many people to one account within a specified period, cryptocurrency accounts that do not match the customer profile, and small transactions from unrelated accounts drawn for fiat currencies
- Sender or recipient profiles - including users who refuse to comply with KYC procedures, inconsistencies in user IP addresses, or users who frequently change their personal information
- Source of funds - such as a single cryptocurrency wallet connected with multiple bank cards, huge deposits being withdrawn as fiat currency soon afterwards, and customers actively trying to hide the source of investor funds.
Cryptocurrency money laundering best practices
- Strengthen AML procedures at financial institutions - financial institutions should focus their AML efforts on their interface function (i.e. the trade between themselves and fundamental crypto exchanges), enabling them to better distinguish between typical client behaviour and potential money laundering.
- Monitor transactions - algorithms have been developed for fiat currency to help detect behaviours and patterns which are red flags for money laundering. These can also be used for cryptocurrencies and virtual assets.
- Improve regulation - global KYC standards need to be stricter when issuing e-wallets and regulating cryptocurrency exchanges, requiring consensus between key players and complementary regulation.
- Place third-party ID providers under state supervision - doing so would enhance their accountability, particularly regarding data and identity theft incidents.
- Use blockchain as a solution - blockchain's inherent characteristics could help to enable better supervision by allowing further anti-money laundering risk analysis, as well as alert and reporting mechanisms in the cryptocurrency system.
5MLD: what is it, and how does it impact cryptocurrency trade?
The 5th Anti-Money Laundering Directive (5MLD) marked a significant step in regulating the cryptocurrency sector within the European Union (EU). The EU adopted 5MLD in April 2018 to further strengthen the response against money laundering and terrorism financing and it was incorporated into legislation by member states as of January 2020.
5MLD includes specific provisions targeting cryptocurrency exchanges and wallet providers, requiring them to comply with AML measures. These businesses must now conduct customer due diligence, report suspicious transactions, and implement robust anti-money laundering controls, bringing them in line with traditional financial institutions.
Want to learn more about Financial Crime?
We've created a comprehensive AML roadmap to help you navigate the compliance landscape, supported by several financial crime prevention courses in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.