Virtual currency is becoming more accessible than ever.
With providing just a little information, purchasing virtual currency can be conducted without being very tech-savvy.
The popularity of virtual currency is continuing to increase with users ranging from everyday consumers to criminals.
Unfortunately, virtual currency is widely popular by criminals for purposes of money laundering, sanctions evasion, and other illicit financing purposes.
The risks of money laundering associated with the use of virtual currencies have increased.
This is due to an increase in the number of virtual currencies available, how they can be transferred and traded anonymously, and their potential for criminal misuse.
Virtual currencies differ from other payment mechanisms because they are global, generally decentralized, and most of them are not regulated by any authority.
Virtual currencies can be used to buy legitimate goods such as electronics and clothing; however, they can also be used to purchase illegal drugs and firearms on the Internet black market.
With the increase in availability, popularity, and criminal use of virtual currency, there come regulations.
Financial Institutions should be aware of the risks and regulations surrounding virtual currency, including the following points:
- As a financial institution, you will need to monitor for suspicious activity involving virtual currency.
- You should always be aware that as a financial institution, you are required to report any transactions over $10,000 in one day to FinCEN and other relevant agencies; this includes both deposits and withdrawals.
- To comply with these obligations, your surveillance systems must have the capability of identifying cash-intensive transactions which could indicate criminal use of virtual currency.
- Monitoring for suspicious activities may include monitoring changes in an individual’s account balances or transaction patterns (e.g., purchasing power, number of transactions, and types or frequency of purchases)
Many financial institutions are required to monitor for suspicious activities involving virtual currency.
FinCEN states that all “financial institutions should establish an anti-money laundering program, which includes components applicable to various services offered by the institution (e.g., physical transportation of currency; acceptance of currency, funds, or other value that substitutes for currency from persons known to be outside the United States; etc.).”
FinCEN has provided an anti-money laundering (AML) guide for financial institutions.
This guide provides examples of suspicious activities involving virtual currency. FinCEN states that these activities can include:
– Excessive account closures result in the person being unable to access their virtual currency holdings or are a sign of nefarious actions by an individual.
Financial institutions should also keep records and copies of transactions for at least five years, and in many cases, they must do so indefinitely. – Large transactions that may be designed to evade reporting requirements.
– Individuals or businesses that have a suspicious activity report filed on them by another financial institution.
– An individual who needs virtual currency software updates to provide access to their currency and wallet (e.g., denial of service type attacks on the website).
Financial institutions should review all of these transactions, which could be indicative of the illegal use of virtual currency.
As the popularity of virtual currency continues to increase, financial institutions should be aware of all regulations surrounding suspicious activity involving virtual currency and how reporting requirements for transactions are handled.
Financial institutions need to have effective surveillance systems in place that can detect cash-intensive activities to keep up with the increased demand.
As technology advances, financial institutions can see a clearer picture of what is taking place within their system, and they need to be aware of events that could potentially lead to suspicious activity.
FinCEN issued a proposed rule which would require recordkeeping, verification, and reporting requirements for certain deposits, withdrawals, exchanges, or other payments or transfers of CVC, by through or to a bank or MSB that involves an unhosted or otherwise covered wallet.
FinCEN, to curb money laundering and terrorist financing, issued a proposal in December 2020 that would require certain cryptocurrency exchanges and wallets to adhere to strict recordkeeping and reporting requirements.
In the proposed regulation, FinCEN defines virtual currency (or “VC”) as any type of digital representation of value that can be digitally traded or transferred.
In trying to fight the illicit use of cryptocurrency, the regulation would require that any “operator” of an “exchange” must ensure that all payments or transactions are properly registered. These include:
– Recordkeeping
– Verification procedures (including knowing your customer)
– Reporting certain information about transactions in VC to FinCEN
The FinCEN proposal is fairly straightforward and doesn’t try to do much more than extend existing anti-money laundering requirements for banks.
These regulations have worked well for traditional financial services, but implementing them within the world of cryptocurrency might prove less simple.
The proposed standard would require all exchanges or other companies trading in cryptocurrency to report on when virtual currency is received, how much was traded, and who the virtual currency was transferred to.
Any transfers of over $10,000 must be reported. This would require any company trading in cryptocurrency via an unhosted wallet or through other means to keep a register of all transactions with customers’ personal information attached.
The new rule will not affect companies holding on to cryptocurrency on behalf of others, or those developing new cryptocurrencies. However, the rule defines “exchangers” as anyone who is involved in transferring virtual currency for any form of consideration.
With the increase in the availability of virtual currency and regulatory changes coming, financial institutions need to consider what they should monitor for suspicious activity involving virtual currency.
Unregistered or Illegal Operating Peer-to-Peer Exchanges
Numerous peer-to-peer exchanges have been set up to allow the buying and selling of virtual currency.
These exchanges currently do not fall under any regulation, making them tough to identify and monitor for suspicious activity.
If an exchange is registered with FinCEN, it would be required to comply with the new rule which would allow financial institutions to identify these exchanges.
Some of the most significant changes that will come from the new regulation would be in regards to the AML/KYC monitoring required for companies operating with virtual currency.
Failure to comply with the regulations could lead to the suspension of account access and/or a fine for each non-compliance incident.
The proposed changes would help financial institutions like banks be proactive in AML/KYC compliance when it comes to cryptocurrencies, but they may not do much to encourage previously unregulated companies operating in the cryptocurrency space to become compliant.
Banks need to be careful because the customers might not meet their requirements. They should make sure that the customer has a good credit score and that they are not doing something illegal like money laundering.
To counteract these suspicions, financial institutions should look for customers who receive many cash deposits or wires shortly after utilizing virtual currency to purchase it.
Check for unusual transactions, especially if they are in the same pattern as deposits from various sources that, when combined, equal to or exceed aggregated funds transfers to a known virtual currency exchange.
Keep an eye out for phone numbers or email addresses that are linked to a recognized virtual currency P2P exchange platform.
In general, financial institutions should keep an eye out for prolonged transactions with CVC-focused MSBs to determine whether they are possible P2P exchangers.
Unregistered Foreign-Located MSBs
Foreign-located MSBs, like P2P exchangers, may exchange fiat currency and CVCs (convertible virtual currency).
In general, foreign MSBs attempt to avoid regulatory scrutiny by operating in countries that lack or have limited AML/CFT laws regulating the use of virtual currency.
Consider monitoring for clients or members who send or receive funds to or from an unregistered foreign CVC exchange or other MSB with no connection to the consumer’s location or business.
Furthermore, utilizing a CVC exchanger or a foreign-located MSB in a high-risk jurisdiction without AML/CFT rules for CVC entities might be an indication of illegal virtual currency behavior.
Monitor for CVC activities with CVC entities in jurisdictions known to be tax-havens. Unregistered foreign-located MSBs can exacerbate money laundering risks in general.
Unregistered or Illicitly Operating CVC Kiosks
The machines that facilitate cash and virtual currency transactions are known as CVC kiosks, which resemble ATMs or e-terminals that may be used to exchange cash and virtual currency.
In general, CVC kiosks enable money transmission between a CVC exchange and a customer’s wallet, as well as functioning as CVC exchanges.
Financial institutions should keep an eye on their customers or members who run several CVC kiosks in high-crime areas.
Keep an eye on frequent transactions from various clients or members coming into and exiting the same CVC wallet address but not conducting as a known CVC exchange.
CVC kiosks can be used for illicit acts including structuring transactions below the CTR threshold, and they may be operated in a way that goes around BSA requirements.
Cash transactions may also be made through these kiosks, so monitor for cash-in and cash-out activity.
CVC kiosks provide users with the option to set up a temporary CVC wallet address without providing identification.
Financial institutions should look out for frequent use of this option as there is potential for money laundering or other illegal activity happening.
The operation of an MSB is defined in 31 CFR 1010.100(ff). A “money transmitter” or “money service business (MSBs)” includes any person that provides money transmission services or any other person engaged in the transfer of funds.
The risks that are associated with financial institutions in the CVC industry are as follows:
Know Your Customer (KYC) and Customer Identification Program (CIP) requirements do not account for virtual currency activity, leaving many institutions unsure of how to identify and verify beneficial owners involved with virtual currency.
Virtual currency exchangers are not classified as MSBs or money transmitters, so many of the CIP and AML requirements ( customer due diligence, identification, reporting) do not apply.
Virtual currency exchangers have been known to have poor KYC standards, where some will accept cash without any type of identification or documentation. This creates vulnerability for employees who rely on client due diligence programs and risk-based initiatives alone to ensure the legality of transactions.
Virtual currency exchangers utilize anti-money laundering and BSA software without the ability to include CVC within their AML reports. Without this ability, financial institutions are unable to monitor for potentially suspicious activity when using virtual currency as a form of payment.
Virtual currency exchangers do not always have access to the latest software that is compliant with BSA and AML requirements due to “open-source” platforms.
Virtual currency exchangers may not have the ability to identify users or report suspicious activity under existing KYC or CIP procedures. Financial institutions should be aware of these limitations and be prepared for situations where transactions are not being reported.
Due to the open-source software, virtual currency exchangers are not creating and maintaining a custom program tailored specifically for MSBs or financial institutions under BSA or CIP requirements.
Virtual currency exchangers may be utilizing third-party virtual currency wallet services that can be risky to rely on due to the risk of losing user funds, stolen wallets (similar to a username and password), mismanagement, or hacking. Financial institutions should understand these risks before allowing virtual currency wallet services as a payment option.
Virtual currency exchangers may not be able to accurately verify customer identities when opening new accounts due to the inability to “knowing” the customer.
Virtual currency exchangers may not have a standardized process for reporting suspicious activity or patterns of transactions that may be considered illegal under existing state and federal laws.
Financial institutions are encouraged to work with virtual currency exchangers on creating a reportable action plan, which would include suspicious activity report (SAR) filing procedures.
Virtual currency exchangers may not have documentation to respond to requests for information from law enforcement or financial institution regulators, due to the nature of open-source software and anonymous transactions.
These non-compliant companies must be made aware of their obligation under federal and state laws, as applicable (such as FinCEN registration), and their responsibility to provide information or records in response to formal requests.
Virtual currency exchangers may be unable to calculate the risk associated with virtual currency transactions, which could have a significant effect on transaction monitoring systems (such as OFAC), thus creating potential compliance gaps.
Virtual Currencies fail to meet any of the definitions of “currency” as outlined in the United States Code and lack all the fundamental attributes that underpin a currency.
Virtual currencies are not backed by any sovereign government, do not have legal tender status in any jurisdiction, and are subject to little or no regulation.
In addition, there is very limited information available on virtual currency schemes, including their management, financial condition, a credit risk profile to the extent they may pose credit or other risks to financial institutions and other aspects of their operations.
As such, virtual currencies are risky products:
Virtual currency schemes have an unclear connection to any underlying commodity and lack transparency.
They require its user to rely on its non-existent authority to redeem it for legal tender or other currencies and its ability to anonymously transfer virtual currency schemes.
Virtual currencies contain most of the same risks as traditional non-cash payment methods, including credit and liquidity risk.
Virtual currencies are highly subject to price volatility, including due to the absence of temporary controls that may be imposed by a central monetary authority during periods of financial stress.
Virtual currency schemes are subject to little or no regulation and have attracted criminals, including drug traffickers, money launderers, and other illegal actors who avoid traditional financial systems by using virtual currencies.
The extent to which virtual currencies can be used anonymously to conduct illicit activities and launder the proceeds from illegal activities.
Virtual currency exchangers must comply with any applicable laws such as Bank Secrecy Act/anti-money laundering (BSA/AML) requirements, Know Your Customer (KYC) requirements, Anti-Terrorist Financing (ATF) requirements, and Office of Foreign Asset Control (OFAC) screening procedures.
Other Potentially Illicit Activity
Certain signs might assist in identifying suspect virtual currency purchases, transfers, and transactions.
If you were to monitor for customers or members who are exchanging different types of CVCs and they go below a level that is considered suspicious, this could be a problem.
Additionally, monitor for customers or members who appear to have limited knowledge of virtual currency, yet have transaction activity that includes CVC transactions.
Consider people who are old and have a lot of credit card transactions.
It’s not suspicious if a user has an IP address that matches the one they use to conduct transactions.
However, if their IP address does not match, it is cause for concern because someone else might be using their data and committing crimes with it.
If a consumer puts money into an account or makes a CVC address that is significantly higher than normal and then changes it to legal tender, this may be suspicious activity related to virtual money.
How do I mitigate the risks of virtual currency?
Virtual currency use is on the rise. More and more banks are looking for ways to accept it, but many don’t know how to mitigate the risks associated with virtual currencies such as Bitcoin.
Financial compliance experts have a solution: outsourcing your financial compliance needs to an expert agency can help you mitigate those risks.
These companies will take care of all regulatory requirements so that you can focus on running your business in a compliant way without having to hire additional staff or spend time learning about regulations.
Outsourcing financial compliance helps ensure that no one at your institution has any involvement with virtual currency transactions which could lead to reputational risk, legal liability, and other consequences if something goes wrong.
What should you do if you come across suspicious behavior regarding virtual currency?
Financial institutions that detect this sort of conduct should evaluate their SAR filing procedures.
A financial institution must file a SAR if it knows, suspects, or has reason to believe that funds have been obtained through unlawful activity.
In addition, any effort to conceal funds from unlawful activities is also reported in the SAR.
As a result, it’s critical to detect virtual currency usage by your client or member as part of your institution’s BSA/AML program.
Conclusion
As of today, regulators have been guiding banks but they do not have a clear direction on how to regulate virtual currencies.
There has been an increase in prosecutions for money laundering with virtual currency, which all should be aware of and understand their exposure.
The good news is that financial institutions are taking the right steps by monitoring accounts and transactions involving bitcoin exchanges or other types of virtual currency.
They need to be aware of the types of transactions that could be suspicious, including but not limited to transfers involving large amounts of money and multiple accounts.
Regarding virtual currency exchange platforms, banks should know if they have adequate controls in place over their operations to reduce the risk of money laundering or terrorist financing being conducted through them.