As cryptocurrencies become increasingly popular, they continue to attract extensive financial crime regulations. Custodian wallet providers, issuers, cryptoasset ATMs and crypto exchanges must now register with the Financial Conduct Authority (FCA) and comply with the Money Laundering Regulations. Crypto firms are now obliged to conduct Know-Your-Customer (KYC) checks, monitor suspicious transactions and breaches of financial sanctions and file suspicious activity reports with law enforcement. As the FCA looks to extend the annual financial crime reporting obligations, crypto exchanges and custodian wallet providers may need to revisit and enhance their reporting activities.
While ensuring compliance may seem like a huge task, it presents a chance to go beyond a ‘tick-box approach’ when designing and offering new products and services. Cryptocurrency firms now have an opportunity to give regulators and customers confidence, outshine competition and demonstrate credibility by implementing industry-leading compliance practices.
But an unconventional approach will require investment, specialised resources and innovative thinking. Crypto firms must think carefully about how they engage with the UK regulators, transpose requirements and use technology to create a robust financial crime compliance function.
To be properly prepared for maturing regulations, they must focus on understanding their financial crime risks and building a suitable defence framework.
Understand the direct impact of financial crime risks
It is important that crypto firms understand the features of their products and services and how they may expose them to financial crime risks. It is already half the battle won if they can successfully demonstrate to regulators their understanding of the financial crime typologies and their risk exposure.
eWallets, for example, may have different concerns from a money laundering perspective. The risk of financial crime is higher for an ‘unrestricted access’ eWallet compared with restricted access wallets, which allow only one user and come with two-factor authentication. Similarly, those wallets not restricted to a lower risk jurisdiction or merchant are likely to have a higher risk profile.
Elsewhere, closed-loop cryptocurrencies must be closely monitored, and firms should take stock of the risks associated with different transaction types. For example, crypto to fiat transactions may be riskier than fiat to crypto transactions. The money laundering regulations and the Joint Money Laundering Steering Group guidance for crypto firms provide a comprehensive list of attributes to consider when assessing such risks.
It’s important to identify and keep up-to-date on the typologies indicative of suspicious activity in this space. For instance, customer activity including multiple transactions with wallet addresses on the Office of Foreign Assets Control sanctions list should be a red flag, as might frequent interactions with decentralised exchanges or cryptocurrency mixers or tumblers.
Build a financial crime framework backed by intelligent technology
Once they understand the financial crime risks they might be exposed to, crypto firms should develop relevant systems, controls, policies and procedures to protect themselves. But there are many factors to consider when designing a financial crime framework to match their risks: governance structures, policies, intelligence gathering, monitoring, reporting, training, quality assurance and testing, and record-keeping.
For example, those that deal with customers from high-risk jurisdictions may create a customer risk score by implementing second-line monitoring of customers and beneficiaries to capture relevant location information at onboarding. Others may implement restrictions on customer accounts or transactions until KYC verification checks are completed.
Crypto firms must look to technology to bolster frameworks and accelerate the detection and mitigation of financial crime, and may need to consider making a build-vs-buy decision. Deciding which processes will benefit from what technology requires considerable and careful thinking, but this will bear fruit in the long run. We’re already seeing the FCA using analytics to innovate its regulatory approach and recognising the importance of technology in driving financial crime compliance. And regulators globally view blockchain analytics and screening tools as a critical part of the financial crime framework.
Becoming a trusted crypto market player and building a comprehensive financial crime compliance programme is achievable through quick, yet meticulous action. When done well, the steps outlined above will provide a significant head start to those looking for permanent registration in the UK, and will give regulators confidence in the operations of the more mature players in this market.
To discuss any issues raised in this blog, please get in touch.