The Risks of Failing to Apply AML and KYC Requirements to Cryptocurrency23 May 2022
Cryptocurrency and crypto assets are generally assumed to be attractive to criminals because of the possibility for preserving anonymity and the ease of transmitting funds despite the transparent and traceable design of the blockchain. As such, there is significant risk involved in failing to apply AML and KYC regulations to cryptocurrency.
There have been hundreds of high-profile cryptocurrency-based suspected crimes. The PlusToken scheme, for instance, was a 2019 scam affecting investors in China and South Korea. Another Ponzi scheme recently garnered more attention when Ruja Ignatova, a Bulgarian woman accused of using the scheme to defraud victims out of more than $4bn (£3.2bn), was placed on Interpol’s Most-Wanted List. The variety and creativity of such schemes have, undoubtedly, been notable.
Cryptocurrency: AML Regulations
Effective AML regulations are intended to make laundering schemes riskier and less profitable for their organisers by creating and to create new opportunities for asset tracing.
Regulators, financial institutions and law enforcement agencies combat suspicious activities with a mix of policies including anti-money laundering (AML) and know your customer (KYC). Cryptocurrency AML policies are ultimately designed to minimise highly unfavourable outcomes where criminals successfully convert illegally obtained cryptocurrencies into fiat money and off-ramp it, layer it or obscure it.
The Financial Action Task Force (FATF) sets out the standards for AML laws globally. FATF began publishing some guidance on cryptocurrency AML in 2014, and policymakers in FATF’s member jurisdictions followed suit. The Financial Crimes Enforcement Network (FinCEN), a bureau of the United States Department of the Treasury, the European Commission, and dozens of other regulatory bodies have codified many of FATF’s cryptocurrency AML recommendations.
KYC in the Context of Crypto-Assets
Cryptocurrency KYC refers to the set of identity verification procedures required by law for VASPs; such procedures enable criminal investigators to connect pseudonymous cryptocurrency addresses to real-world entities, individuals and addresses.
In traditional fiat finance, KYC includes ID card validation, face verification and other methods. Additionally, many banks require proof of address, such as a copy of a recent utility bill. In the cryptocurrency industry, however, KYC requirements are less standardised. Most exchanges require new customers to share their legal name, government-issued ID, and up-to-date address information, but this varies according to where the exchange operates and what services they provide.
The Role of VASPs
The burden of enforcing the regulatory requirements for AML and KYC falls primarily on the virtual asset service providers (VASPs). FATF defines this group to include cryptocurrency exchanges, stablecoin issuers, and, on a case-by-case basis, some DeFi protocols and NFT marketplaces.
These businesses apply the regulations by employing compliance officers, requiring KYC checks, and continuously monitoring transactions for suspicious activity.
When suspicious activity is detected, VASPs are required to report it to the relevant agencies, which then use blockchain analysis tools to investigate the flow of funds and link potentially illicit activity to individuals and entities.
Emerging Developments for AML and KYC
On 24 September 2020, the European Commission (EC) published the Digital Finance Package. The package includes Digital Finance and Retail Payments Strategies, as well as legislative proposals on crypto-assets and digital resilience. The Digital Finance Strategy seeks to make Europe’s financial services more digital-friendly and stimulate responsible innovation and competition among financial service providers in the EU.
The rules set out by the EC will additionally allow operators authorised in one Member State to provide their services across the whole EU, i.e. so-called “passporting.”
On 28 October 2021, the FATF released updated guidance for how member jurisdictions should regulate cryptocurrency businesses. FATF clarified that NFT marketplaces, DeFi protocols, and stablecoin providers, depending on the activities they are engaged in, may be obligated to implement KYC procedures.
As cryptocurrencies have expanded and reshaped the global financial network, AML and KYC have become essential to minimising risk in business transactions, protecting users from illicit activity and building trust in cryptocurrency.