skip to Main Content

Best Practices for Monitoring Virtual Currency-Related Transactions at Your Bank

Existing FinCEN regulations clearly state that it is the responsibility of all financial institutions to identify and report suspicious activity concerning how criminals and other bad actors exploit CVCs for money laundering, sanctions evasion, and other illicit financing purposes. These requirements apply to all financial institutions, even if those financial institutions do not directly buy, sell, provide custody, or have virtual currency exchanges as customers. However, CipherTrace research has shown that many banks do not know how to properly detect and monitor virtual currency-related transactions.

FinCEN Advisory FIN-2019-A003, “Advisory on Illicit Activity Involving Convertible Virtual Currency (CVC)”, clearly states “Financial institutions should carefully assess and mitigate any potential money laundering, terrorist financing, and other illicit financing risks associated with CVCs” and identifies 36 red flag indicators of abuse of cryptocurrency. FinCEN also notes that “CVC has come to be one of the principal payment and money transmission methods used in online darknet marketplaces that facilitate the cybercrime economy.”

In fact, in the first six months since issuing this guidance in May of 2019, FinCEN received roughly 10,000 convertible virtual currency (CVC) related suspicious activity reports (SARs) from 1,900 entities. Worldwide, the Financial Action Task Force (FATF) reported that institutions (FIs) reported 134,500 Suspicious Transaction Reports related to virtual assets in the last two years.  Suggested:  While VASP reported 134,500 Suspicious Transaction Reports related to virtual assets in the past two years, FIs continue to lead the reporting of suspicious activity involving virtual assets.

Lack of Insight into Virtual Asset-Related Transactions

As more mainstream consumer and institutional investors embrace cryptocurrencies, it becomes increasingly difficult, if not impossible, for traditional FIs to avoid entanglements with the crypto economy.

According to FinCEN, activity involving CVC may be observable by financial institutions specializing in:

  • commerce related to CVC,
  • financial institutions servicing such businesses,
  • or financial institutions with customers actively involved in the use of CVC.

If a bank is unable to accurately determine if their institution is serving virtual asset businesses, or if their customers are transacting in virtual asset-related payments, there is no way for them to comply with their BSA obligations.

FinCEN has made the pervasive nature of virtual currency clear. Banks can claim a Zero Tolerance Policy for cryptocurrencies, but not allow transactions by looking for the word “Bitcoin” or “Cryptocurrency,” the name of a common cryptocurrency exchange or some derivative thereof is not enough to identify all the transactions in your payment networks.

How Not to Monitor for Virtual Currencies in Your Payment Networks

Some financial institutions have built home-grown systems to try to identify cryptocurrency-related accounts. The vast majority of these systems incorporate lists of Cryptocurrency Exchanges and other VASPs from open sources on the web and attempt to do name matching against their customer base, from where funds are coming, and to where they are going.

CipherTrace research has shown that this approach results in many false positives and misses significant, large amounts of funds flows that cannot be discovered by home-grown name matching. In some cases, this approach missed 90% of the actual cryptocurrency-related transactions within a financial institution.

This becomes obvious if you take an exchange like “Gemini,” which is not only associated with the famous exchange run by the Winkelvoss twins, but also with everything from Gemini Middle School in Maine to Gemini the “elite interior and exterior wood coating manufacturer,” Gemini the company “with 40+ years in the construction business,” and numerous other businesses.  One can quickly see how name matching alone can result in a huge number of false positives, wasting time and effort.

Additionally, most open-source lists are incomplete, perhaps covering the top 100 exchanges, leaving out the other 600+ exchanges. Even if customers were transacting with a cryptocurrency exchange you had on the list, many exchanges do not operate business under their popular name. For example, cryptocurrency exchange “Zebitex” does business under the vague name “Digital Service,” while Abra’s legal name is “Plutus Financial Inc.” It’s clear that name matching is not sufficient enough to find all cryptocurrency exchanges, resulting in significant missed exposure.

In fact, CipherTrace research has found that a typical name-based system may entirely miss up to 70% or more of the crypto exchanges out there, and up to 90% of the actual transaction volume.

a typical name-based system may entirely miss up to 70% or more of the crypto exchanges out there, and up to 90% of the actual transaction volume.

CipherTrace analysts, on a daily basis, work to determine the fiat payment capabilities of every Virtual Asset Service Provider (VASP) in the world.  Though extremely challenging, it provides data that is crucial for accurately detecting and matching VASP activity by bank customers.

How Criminals Launder Crypto Through Banks

A common example of crypto laundering a bank could face involves criminal proceeds procured from the dark market. Typically, a Drug Trafficker sends the cryptocurrency he receives from darknet narcotic purchases to a P2P Exchanger’s cryptocurrency address. The P2P Exchanger uses his virtual asset account at a High-Risk Cryptocurrency Exchange to convert the cryptocurrency into USD in order to “clean” or legitimize the currency. The USD is then wired from the High-Risk Cryptocurrency Exchange to the P2P Exchanger’s bank accounts under fictitious business names. The P2P Exchanger conceals the true nature of the funds when he sends the USD back to the Drug Trafficker’s fictitious business account as either a cashier’s check, wire, or ACH transfer. Without the proper tools, many banks would have no idea that these funds are from a high-risk cryptocurrency exchange, let alone the proceeds from illicit drug sales.

Read our case studies to learn real world examples of criminals laundering crypto through banks, credit unions, and other financial institutions:

CipherTrace Armada: Crypto Analytics & Compliance for Financial Institutions

  • CipherTrace Armada enables financial institutions to identify customers transacting with CVCs and unregistered crypto MSBs that may be attempting to evade supervision and fail to implement appropriate AML controls.
  • CipherTrace Armada allows financial institutions to monitor wire transfers, ACH and credit card transactions to identify customers involved in CVC transactions and is easily integrated into legacy AML compliance systems.
  • CipherTrace Armada provide risk rating information of counterparty bank accounts associated with risky or criminal CVC businesses, allowing financial institutions to investigate suspicious customer accounts and comply with FinCEN obligations.

What Indicators of the Abuse of Cryptocurrency to Report

In conjunction with a bank’s current AML software, CipherTrace Armada can help Financial Institutions identify unregistered MSB activity and suspicious virtual currency purchases, transfers, and transactions as listed in the FinCEN Advisory’s Red Flag Indicators of the Abuse of Virtual Currencies.

The following indicators apply to banks:

  • Unregistered or Illicitly Operating P2P Exchangers

    • A customer receives multiple cash deposits or wires from disparate jurisdictions, branches of a financial institution, or persons and shortly thereafter uses such funds to acquire virtual currency.
    • A customer receives a series of deposits from disparate sources that, in aggregate, amount to nearly identical aggregate funds transfers to a known virtual currency exchange platform within a short period of time.
    • Customer’s contact information is connected to a known CVC P2P exchange platform advertising exchange services.
  • Unregistered Foreign-Located MSBs

    • A customer transfers or receives funds, including through traditional banking systems, to or from an unregistered foreign CVC exchange or other MSB with no relation to where the customer lives or conducts business.
    • A customer utilizes a CVC exchanger or foreign-located MSB in a high-risk jurisdiction lacking, or known to have inadequate AML/CFT regulations for CVC entities, including inadequate KYC or customer due diligence measures.
    • A customer directs large numbers of CVC transactions to CVC entities in jurisdictions with reputations for being tax havens.
    • A customer that has not identified itself, or registered with FinCEN, as a money transmitter appears to be using the liquidity provided by the exchange to execute large numbers of offsetting transactions, which may indicate that the customer is acting as an unregistered MSB.
  • Unregistered or Illicitly Operating CVC Kiosks

    • A customer operates multiple CVC kiosks in locations that have a relatively high incidence of criminal activity.
  • Other Potentially Illicit Activity

    • A customer significantly older than the average age of platform users opens an account and engages in large numbers of transactions, suggesting their potential role as a CVC money mule or a victim of elder financial exploitation.
    • A customer shows limited knowledge of CVC despite engagement in CVC transactions or activity, which may indicate a victim of a scam.
    • A customer purchases large amounts of CVC not substantiated by available wealth or consistent with his or her historical financial profile, which may indicate money laundering, a money mule, or a victim of a scam.
Back To Top