Cryptocurrencies are disrupting financial systems for consumers and businesses alike, with crypto exchanges facilitating transactions between users in jurisdictions worldwide. However, the innovation that has driven the global rise of cryptocurrency has also introduced new risks as criminals exploit the speed and anonymity of cryptographic technology to evade regulatory controls and commit financial crimes such as money laundering and terrorism financing.
Recent geopolitical events have increased the need for crypto exchanges to implement robust anti-money laundering (AML) and counter-financing of terrorism (CFT) screening solutions. Following the Russian invasion of Ukraine on 24 February 2022, Western governments introduced an unprecedented package of economic sanctions against Vladimir Putin’s regime, with severe fines for firms found to be in violation of regulations. The sanctions apply to firms across the financial landscape, including cryptocurrency service providers.
Given the potential for cryptocurrencies to be used to commit cross-border financial crimes, not least the evasion of sanctions, crypto exchanges should understand the importance of AML/CFT client screening as part of their compliance solution, and ensure that they are capable of spotting high risk customers quickly and efficiently.
Crypto Exchange Risks
While traditional financial systems require customers to provide identifying information in order to access products and services, cryptocurrency transactions offer increased levels of anonymity which may enable criminals to evade AML/CFT controls and bypass sanctions. As platforms that facilitate cryptocurrency transactions, crypto exchanges face the following criminal risks:
Since cryptocurrency transactions take place online, users may be able to conceal their identities and evade certain customer due diligence controls. Blockchain technologies also enable criminals to integrate mixing and tumbler services to add further anonymity to their financial activity.
Cryptocurrency transactions take place in seconds, enabling money launderers to move money quickly between accounts in different parts of the world, before extracting it and introducing it into legitimate financial systems.
Crypto exchange users may be able to create multiple accounts within the same platform or with different service providers and structure their transactions in a way that does not trigger AML/CFT controls.
Criminals may coerce or incentivise third parties to set up accounts with crypto exchanges. These ‘money mules’ then perform transactions on behalf of money launderers.
Customer Screening Considerations
The inherent risks of cryptocurrency transactions mean that crypto exchanges should seek to establish the identities of their customers and understand their financial activity. Financial Action Task Force (FATF) AML/CFT guidance requires financial service providers to perform Know Your Customer (KYC) checks to determine the risk that individual customers present – at onboarding and throughout the business relationship. With that in mind, crypto exchanges should implement the following screening processes:
Crypto exchanges must screen their customers against the relevant international sanctions and watch lists, including the UK sanctions list, the OFAC sanctions list, and the UNSC sanctions list. In addition, firms should pay special attention to recently updated Russia sanctions programmes.
Politically Exposed Persons
Elected officials, government employees, and members of the military present a greater AML/CFT risk and may be considered politically exposed persons (PEPs). Accordingly, crypto exchanges should screen to establish whether their customers are PEPs and adjust their risk profiles accordingly.
Changes to customer risk profiles are often revealed in the news media before any confirmation by official sources. With that in mind, it’s important that crypto exchanges deploy adverse media screening measures to detect customer involvement in breaking news stories. In addition, adverse media solutions should cover media in a range of languages and consider nuances such as source credibility and political bias.
Screening Best Practices
To effectively address the risks that cryptocurrency transactions present, crypto exchanges should seek to make their screening process as efficient as possible, minimising false positives without missing genuine AML/CFT alerts. Accordingly, crypto exchanges should build their screening processes around a series of best practices, including:
Crypto exchanges must ensure that the resources they use to screen customer names are updated and accurate. The sanctions landscape can change rapidly so exchanges must ensure they are using the latest versions of sanctions and PEP lists, and checking media sources regularly for breaking stories.
Crypto exchanges should perform suitable due diligence when onboarding customers, to establish their identities and the nature of their financial activity. Ideally, firms should use digital verification techniques to address the anonymity challenges of the blockchain. This includes dual-factor authentication and biometric identification such as fingerprint, voice, and face scans. In some cases, high risk customers should also be subject to enhanced due diligence (EDD).
Since they serve customers from territories worldwide, crypto exchanges must be prepared to deal with a diversity of language systems when screening customers. Ideally, screening measures should be set up to deal with non-Latinate characters such as Arabic or Cyrillic, and to detect regional naming conventions such as the reversal of first names and surnames that occurs in many cultures.
Aliases and Nicknames
Customers may engage with cryptocurrency services using nicknames or aliases, which may confuse name-matching software. Crypto exchanges should work to capture aliases and nicknames as part of the KYC process to better detect positive hits when screening against sanctions lists, PEP lists, and adverse media.
Russia Sanctions: Compliance Update
In response to Russia’s invasion of Ukraine, many Western governments updated their sanctions guidance for cryptocurrency service providers. The UK government has emphasised that crypto exchanges have the same regulatory responsibilities as other financial institutions. On 11 March 2022, the UK’s Financial Conduct Authority, Office of Foreign Sanctions Implementation, and Bank of England issued a joint statement reminding UK cryptoasset firms of their obligation to contribute to the sanctions compliance effort.
The statement encourages crypto exchanges to:
- Update their sanctions compliance controls and technology, including enhancing their blockchain analytics to identify high risk wallets.
- Be aware of sanctions red flags, including high risk jurisdictions, sanctioned wallet addresses, and exchanges with poor financial controls.
- Be aware of cryptocurrency crime methodologies, such as the use of VPNs, and mixing and tumbling services.
Screening customers against sanctions lists, PEP lists and adverse media sources requires crypto exchanges to monitor a vast amount of data. This means implementing screening software that delivers a high degree of adherence to global sanctions lists and PEP lists, and ongoing monitoring of news outlets.
Ripjar’s next generation screening solution is capable of matching names across a spectrum of languages and character sets while maximising true positives and minimising false positives. Similarly, our adverse media technology adds depth to your screening by conducting continuous monitoring of global news stories in over 21 languages, to capture customer risk data as soon as a story breaks.