Yet, it is clear that these are not without their risks, particularly where anti-money laundering (AML) and counter-terrorist financing (CTF) are concerned.
Legitimate uses for cryptocurrency
Like other new payment methods, virtual currencies have legitimate applications and even major venture capital firms investing in virtual currency start-ups.
Virtual currencies can improve payment efficiency and transaction costs for payments and fund transfers. Bitcoin, for example, is a global currency that avoids exchange fees, is currently processed with lower fees than traditional credit and debit cards, and could potentially benefit existing online payment systems such as Paypal.
Virtual currencies may facilitate micro-payments, allowing businesses to monetise very low-cost goods or services sold online, such as one-off games or music downloads. It allows sales at an appropriately low per/unit cost by avoiding the higher transaction costs associated with traditional credit and debit cards,
What's more, virtual currencies also facilitate international remittances and support financial inclusion in other ways. One example is virtual products and services developed to serve the needs of the underbanked.
Criminals are exploiting cryptocurrencies
Criminals have always been early adopters of technology, and cryptocurrency is undoubtedly no exception. Consequently, cryptocurrency is increasingly becoming involved in almost every criminal activity that matters to AML professionals.
Such activity includes:
- Fraud: Scams are by far the most common type of cryptocurrency-related crime, with fraudsters raking in over $2.6 billion in 2020 alone. The majority of cryptocurrency scams work the same way traditional investment scams or Ponzi schemes do in the fiat world.
- Trafficking: Marketplaces on the dark web use cryptocurrency to facilitate the sale of drugs, unlicensed firearms, stolen data and hacking tools.
- Terrorism: Terrorist organisations have begun soliciting donations using cryptocurrency. They also use cryptocurrency as a way to get around sanctions.
- Extortion: Ransomware activity spiked in 2020, with attackers extorting over $400m (£293m) worth of cryptocurrency.
How is money laundered using cryptocurrency?
Organised criminals have learned to perfect the process of digital money laundering, which typically follows these stages:
Crypto money-laundering stages
- Entry - Criminals buy a basic cryptocurrency, often via an intermediary with clean records and corroborated employment. They then further distance themselves from the purchase by using pseudo-anonymous e-wallets, adopting pseudonyms, and using log-less virtual private networks (VPNs) and blockchain-optimised smartphones.
- Conversion - Once the purchase has been verified, fiat currency is used to place funds to buy primary coins such as Bitcoin. These are then used to purchase alt-coins at an advanced exchange. Certain alt-coins offer an enhanced level of anonymity.
- Masking - Criminals then use mixing services such as Bitmixer to swap primary coin addresses for temporary digital wallet addresses to trick the blockchain and disrupt audit traceability.
- Washing - Next, criminals layer numerous privacy coins, exchanges and digital addresses to effectively cleanse their illicit funds for reintegration into the traditional financial system.
- Withdrawal - Criminals finally withdraw cleansed funds, typically using one of these methods:
- In a process known as burst-out integration, privacy coin holdings are traded for primary coins and then to a basic currency which can be sent to a connected bank account.
- Digital holdings are transferred to a hardware crypto wallet or printout of a QR code which can be sent anywhere in the world.
AML/CTF risks of cryptocurrency
While there are many AML/CTF risks associated with cryptocurrencies and virtual assets, the main ones are:
There are many potential AML/CTF risks associated with cryptocurrencies as highlighted by FATF research:
- Anonymity - anonymous transfers between buyers and sellers enable transactions to take place under the radar. There are no names, no account numbers and no verification checks, with the source of funding never identified. This makes Know Your Customer (KYC) checks a challenge.
- Source/destination of funds - lack of identification and verification (ID and V) checks - with no names, account numbers, checks on the source or destination of funds, or historical records of transactions, there is real potential for abuse
- Cross-border transactions - with a global reach to any jurisdiction (all you need is a mobile phone), the AML/CTF risks are increased. Supervision and enforcement can be more challenging, though not impossible (for example, Silk Road, AlphaBay, Liberty Reserve and Western Express International).
- Lack of oversight - suspicious trading activity goes undetected if there are no AML systems. Law enforcement is complex as there is no central administrator and asset seizures are difficult.
- Law enforcement - how can law enforcement work when decentralised virtual currencies operate across different jurisdictions with no central administrator in charge? How can we stop centralised virtual currency systems targeting territories with weak AML/CTF regimes?
FATF crypto money-laundering red flags
In 2020, the Financial Action Task Force (FATF) published a report to help cryptocurrency wallet and exchange companies develop AML programs. The red flags they recommend focussing on are:
- Technological features that increase anonymity - using virtual assets and exchanges with such features can help criminals hide themselves or their funds
- Geographical risks - money launderers can channel funds through jurisdictions that do not exist or have minimum AML rules.
- Transaction size and frequency - for instance, making several high-value transactions for a short period of time or clearing transactions at amounts just below record-keeping or reporting thresholds.
- Transaction patterns - you should look out for multiple transactions without a commercial explanation, frequent large-value crypto transfers from many people to one account within a specified period, cryptocurrency accounts that do not match the customer profile, and small transactions from unrelated accounts drawn for fiat currencies
- Sender or recipient profiles - including users who refuse to comply with KYC procedures, inconsistencies in user IP addresses, or users who frequently change their personal information
- Source of funds - such as a single cryptocurrency wallet connected with multiple bank cards, huge deposits being withdrawn as fiat currency soon afterwards, and customers actively trying to hide the source of investor funds.
5AMLD & crypto money laundering
5AMLD was a gamechanger when it came to preventing cryptocurrency from being used for money laundering. This is because it expressly brings providers of exchange services between virtual currencies and fiat currencies as well as custodian wallet providers into scope.
Both providers were brought within the 'obliged entity' definition introduced under 4AMLD, and new definitions for both custodian wallet providers and virtual currencies were established.
5AMLD also requires EU countries to register such providers. Previously, virtual currency exchange companies and custodian wallet providers were exempt from EU legislation responsibilities to detect suspicious behaviour because they operated outside the regulatory perimeter.
5AMLD has extended the EU's regulatory perimeter to prevent criminal organisations from taking advantage of the pseudo-anonymity of virtual currency-based transactions. Additionally, it serves to strengthen national regulators' supervision of virtual currency users without impeding technical progress.
Crypto money laundering best practices
- Strengthen AML procedures at financial institutions - financial institutions should focus their AML efforts on their interface function (i.e. the trade between themselves and fundamental crypto exchanges), enabling them to better distinguish between typical client behaviour and potential money laundering.
- Monitor transactions - algorithms have been developed for fiat currency to help pick up on behaviours and patterns which are red flags for money laundering, which can also be used for cryptocurrencies and virtual assets.
- Improve regulation - global KYC standards need to be stricter when issuing e-wallets and regulating cryptocurrency exchanges, requiring consensus between key players and complementary regulation.
- Place third-party ID providers under state supervision - doing so would enhance their accountability, particularly regarding data and identity theft incidents.
- Use blockchain as a solution - blockchain's inherent characteristics could help to enable better supervision by allowing further anti-money laundering risk analysis as well as alert and reporting mechanisms into the cryptocurrency system.
The future of EU crypto regulation
The EU is designing new AML rules to ensure full traceability of crypto-asset transfers and detect their possible use for money laundering or terrorism financing.
The European Commission wants to prohibit pseudo-anonymous crypto asset wallets - although many experts believe that is unworkable and unenforceable. But, it may be able to prohibit crypto custodians and exchanges from providing anonymous services.
Want to learn more about Financial Crime?
We've created a comprehensive AML roadmap to help you navigate the compliance landscape, supported by several financial crime prevention courses in our Essentials Library.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.