Best Practices for Monitoring Virtual Currency-Related Transactions at Your Bank - Ciphertrace

Existing FinCEN regulations clearly state that it is the responsibility of all financial institutions to identify and report suspicious activity concerning how criminals and other bad actors exploit CVCs for money laundering, sanctions evasion, and other illicit financing purposes. These requirements apply to all financial institutions, even if those financial institutions do not directly buy, sell, provide custody, or have virtual currency exchanges as customers. However, CipherTrace research has shown that many banks do not know how to properly detect and monitor virtual currency-related transactions.

FinCEN Advisory FIN-2019-A003, “Advisory on Illicit Activity Involving Convertible Virtual Currency (CVC)”, clearly states “Financial institutions should carefully assess and mitigate any potential money laundering, terrorist financing, and other illicit financing risks associated with CVCs” and identifies 36 red flag indicators of abuse of cryptocurrencyA cryptocurrency (or crypto currency) is a digital asset des... More. FinCEN also notes that “CVC has come to be one of the principal payment and money transmission methods used in online darknet marketplaces that facilitate the cybercrime economy.”

In fact, in the first six months since issuing this guidance in May of 2019, FinCEN received roughly 10,000 convertible virtual currency (CVC) related suspicious activity reports (SARs) from 1,900 entities. Worldwide, the Financial Action Task Force (FATFThe Financial Action Task Force (FATF) is a global money lau... More) reported that institutions (FIs) reported 134,500 Suspicious Transaction Reports related to virtual assets in the last two years.  Suggested:  While VASP reported 134,500 Suspicious Transaction Reports related to virtual assets in the past two years, FIs continue to lead the reporting of suspicious activity involving virtual assets.

Lack of Insight into Virtual Asset-Related Transactions

As more mainstream consumer and institutional investors embrace cryptocurrencies, it becomes increasingly difficult, if not impossible, for traditional FIs to avoid entanglements with the crypto economy.

According to FinCEN, activity involving CVC may be observable by financial institutions specializing in:

• commerce related to CVC,
• financial institutions servicing such businesses,
• or financial institutions with customers actively involved in the use of CVC.

If a bank is unable to accurately determine if their institution is serving virtual assetThe term "virtual asset" refers to any digital representatio... More businesses, or if their customers are transacting in virtual asset-related payments, there is no way for them to comply with their BSA obligations.

FinCEN has made the pervasive nature of virtual currency clear. Banks can claim a Zero Tolerance Policy for cryptocurrencies, but not allow transactions by looking for the word “Bitcoin” or “Cryptocurrency,” the name of a common cryptocurrency exchangeA cryptocurrency exchange is a business that allows customer... More or some derivative thereof is not enough to identify all the transactions in your payment networks.

How Not to Monitor for Virtual Currencies in Your Payment Networks

Some financial institutions have built home-grown systems to try to identify cryptocurrency-related accounts. The vast majority of these systems incorporate lists of Cryptocurrency Exchanges and other VASPs from open sources on the web and attempt to do name matching against their customer base, from where funds are coming, and to where they are going.

CipherTrace research has shown that this approach results in many false positives and misses significant, large amounts of funds flows that cannot be discovered by home-grown name matching. In some cases, this approach missed 90% of the actual cryptocurrency-related transactions within a financial institution.

This becomes obvious if you take an exchange like “Gemini,” which is not only associated with the famous exchange run by the Winkelvoss twins, but also with everything from Gemini Middle School in Maine to Gemini the “elite interior and exterior wood coating manufacturer,” Gemini the company “with 40+ years in the construction business,” and numerous other businesses.  One can quickly see how name matching alone can result in a huge number of false positives, wasting time and effort.

Additionally, most open-source lists are incomplete, perhaps covering the top 100 exchanges, leaving out the other 600+ exchanges. Even if customers were transacting with a cryptocurrency exchange you had on the list, many exchanges do not operate business under their popular name. For example, cryptocurrency exchange “Zebitex” does business under the vague name “Digital Service,” while Abra’s legal nameThe name of the organization as reflected by legal incorpora... More is “Plutus Financial Inc.” It’s clear that name matching is not sufficient enough to find all cryptocurrency exchanges, resulting in significant missed exposure.

In fact, CipherTrace research has found that a typical name-based system may entirely miss up to 70% or more of the crypto exchanges out there, and up to 90% of the actual transaction volume.

a typical name-based system may entirely miss up to 70% or more of the crypto exchanges out there, and up to 90% of the actual transaction volume.

CipherTrace analysts, on a daily basis, work to determine the fiat payment capabilities of every Virtual Asset Service Provider (VASP)A Virtual Asset Service Provider (VASP) is defined by the Fi... More in the world.  Though extremely challenging, it provides data that is crucial for accurately detecting and matching VASP activity by bank customers.

How Criminals Launder Crypto Through Banks

A common example of crypto laundering a bank could face involves criminalA Criminal is an individual or group who has been convicted ... More proceeds procured from the dark marketA Dark Market is a commercial website that operates via dark... More. Typically, a Drug Trafficker sends the cryptocurrency he receives from darknet narcotic purchases to a P2P Exchanger’s cryptocurrency addressIn a cryptocurrency context, an address is a cryptographic k... More. The P2P Exchanger uses his virtual asset account at a High-Risk Cryptocurrency Exchange to convert the cryptocurrency into USD in order to “clean” or legitimize the currency. The USD is then wired from the High-Risk Cryptocurrency Exchange to the P2P Exchanger’s bank accounts under fictitious business names. The P2P Exchanger conceals the true nature of the funds when he sends the USD back to the Drug Trafficker’s fictitious business account as either a cashier’s check, wire, or ACH transfer. Without the proper tools, many banks would have no idea that these funds are from a high-risk cryptocurrency exchange, let alone the proceeds from illicit drug sales.

Read our case studies to learn real world examples of criminals laundering crypto through banks, credit unions, and other financial institutions: https://ciphertrace.com/risk-mitigation-for-banks-unlicensed-bitcoin-atm-case-study/

What Indicators of the Abuse of Cryptocurrency to Report

In conjunction with a bank’s current AML software, CipherTrace Armada can help Financial Institutions identify unregistered MSB activity and suspicious virtual currency purchases, transfers, and transactions as listed in the FinCEN Advisory’s Red Flag Indicators of the Abuse of Virtual Currencies.

The following indicators apply to banks:

• Unregistered or Illicitly Operating P2P Exchangers

  • A customer receives multiple cash deposits or wires from disparate jurisdictions, branches of a financial institution, or persons and shortly thereafter uses such funds to acquire virtual currency.
  • A customer receives a series of deposits from disparate sources that, in aggregate, amount to nearly identical aggregate funds transfers to a known virtual currency exchange platform within a short period of time.
  • Customer’s contact information is connected to a known CVC P2P exchangeA Peer-to-Peer (P2P) exchange acts like a match-maker or auc... More platform advertising exchange servicesGeneral services, including non-profits, forums and news sit... More.

• Unregistered Foreign-Located MSBs

  • A customer transfers or receives funds, including through traditional banking systems, to or from an unregistered foreign CVC exchange or other MSB with no relation to where the customer lives or conducts business.
  • A customer utilizes a CVC exchanger or foreign-located MSB in a high-risk jurisdiction lacking, or known to have inadequate AML/CFT regulations for CVC entities, including inadequate KYC or customer due diligence measures.
  • A customer directs large numbers of CVC transactions to CVC entities in jurisdictions with reputations for being tax havens.
  • A customer that has not identified itself, or registered with FinCEN, as a money transmitter appears to be using the liquidity provided by the exchange to execute large numbers of offsetting transactions, which may indicate that the customer is acting as an unregistered MSB.

• Unregistered or Illicitly Operating CVC Kiosks

  • A customer operates multiple CVC kiosks in locations that have a relatively high incidence of criminal activity.

• Other Potentially Illicit Activity

  • A customer significantly older than the average age of platform users opens an account and engages in large numbers of transactions, suggesting their potential role as a CVC money mule or a victim of elder financial exploitation.
  • A customer shows limited knowledge of CVC despite engagement in CVC transactions or activity, which may indicate a victim of a scam.
  • A customer purchases large amounts of CVC not substantiated by available wealth or consistent with his or her historical financial profile, which may indicate money laundering, a money mule, or a victim of a scam.

Read the Full FinCEN Advisory:

https://www.fincen.gov/sites/default/files/advisory/2019-05-10/FinCEN%20Advisory%20CVC%20FINAL%20508.pdf

Learn about CipherTrace Armada

https://ciphertrace.com/armada