AML Sanctions Screening
One-stop AML Sanctions, PEP and Adverse Media solution for the Crypto Industry
Sanctions & PEP Data API for the Crypto Industry
The Importance of Sanctions & AML Screening for the Crypto Industry
Anti-money laundering regulations do not just apply to banks and other traditional financial institutions – these regulations must also be followed by firms involved with cryptocurrencies.
The crypto industry is required by law to carry out sanctions and AML screenings.
The Office of Foreign Asset Control (OFAC) has made it clear that the crypto industry must, as a top priority, ensure cryptocurrency is not used to evade sanctions.
OFAC is committed to using its authority to counter the use of digital assets for illegal activities. In line with this, the body has expressed that any US person, who engages in crypto transactions, is responsible for confirming that their exchanges do not violate sanctions.
The regulator has already taken steps to act against providers that fail to screen their customers against sanctions and watch lists – and it expects to have more involvement as the industry evolves.
For example, OFAC has:
- Cracked down on crypto transactions involving blocked persons and specially designated nationals (SDNs).
- Identified digital currency addresses known to be tied to these individuals and created a public list, so organisations can more easily screen for this activity.
- Restricted crypto transactions that involve exchanges that indirectly benefit SDNs. So, if an SDN or blocked entity is involved in or benefits from a cryptocurrency transaction taking place, the firm could face serious penalties.
- Criminalised transactions with entities that are 50% or more owned by an SDN.
The property of a blocked person, and any assets that they have an interest in, will continue to be sanctioned regardless of how many times it is transferred away from them. Crypto providers should be alerted to chain hopping, tumblers, and other methods used to obscure the true parties involved in the transaction.
Q: What happens if the crypto address is not linked to a blocked person when the exchange is facilitated?
A: The transaction could be considered a sanctions violation if that address becomes linked to an SDN later. OFAC sanctions are strict – and they expect firms to take steps to identify these individuals, regardless of how much they attempt to evade the system.
Q: What are the consequences of failing to comply with AML regulations?
A: Aside from fines and penalties, government agencies may block individuals from transacting on a platform, or with a particular digital asset, altogether.
Sanctioned Regions and Countries: Real-life scenarios
It is important that organisations understand the sanctions regions that apply, based on the countries they operate in.
Because many nations use sanctions against imports to curb illegal behaviour and prevent the corruption of their financial systems, transactions with these regions should be avoided or closely monitored, depending on how comprehensive the sanctions are.
The Venezuelan Petro
In 2018, a US Executive Order was signed to prevent users from exchanging or dealing with crypto that was issued by, for, or on behalf of the Venezuelan government. This action was driven by the launch of their sovereign digital token, the Petro, which was designed by Maduro’s regime to get around US sanctions.
In 2021 BitPay – a company that enables merchants to accept payments via cryptocurrencies received a fine of almost half a million dollars by OFAC for violating sanctions.
BitPay repeatedly violated sanctions programmes by carrying out transactions from their merchant’s buyers with names, phone numbers,
IP addresses, and other identifying data that indicated they resided in sanctioned jurisdictions.
During their investigation, OFAC determined that BitPay did not do their due diligence to screen the location of their ultimate customers: the buyers that were transacting with the merchants on their platform.
It is important to note that this penalty could have been significantly more severe, but OFAC gave BitPay credit to implement measures that would prevent sanctions violations in the future:
- BitPay must fully block IP addresses that appeared to come from Iran, Syria, North Korea, and Cuba.
- BitPay must launch an ID programme. The company duly launched a new customer identification process, BitPay ID.
- Any merchants who want to process invoices of $3 000 or more must now provide proof of identification to utilise BitPay. Failing to provide the appropriate information blocks transaction.
- BitPay needs to check the physical and email addresses of the merchant’s customers if the data is provided. Should the customer belong to a sanctioned jurisdiction, the invoice cannot be completed.
Q: Is a person in the US violating sanctions when a user in a restricted country validates their transaction on the platform? They can’t control how transactions are validated in the blockchain, so how would they trace and prevent this from happening?
A: There is much complexity involved here, but the key is that cryptocurrency providers must stay ahead of guidance and regulations to prevent fines and penalties.
Protect Your Organization
Aside from the legal requirements, companies that operate in the crypto industry also need to consider how AML Sanctions Screening processes can protect their organisation.
- Reputation damage: Imagine what would happen to a company’s reputation if news came out that it had aided money launderers and terrorists through their platform. This would push sers away and encourage them to take their business elsewhere.
- Insurance implications: Many insurers have previously agreed to pay out claims for ransomware payments – but now they are unwilling to reimburse companies due to the extensive cost of rebuilding the blockchain and recovering lost data. OFAC has identified companies like SamSam, Cryptolocker, and Dridex to be directly associated with malware. As such, any ransomware payments to these firms are strictly prohibited.
Specific Challenges for the Crypto Industry
Fast Transaction Speeds
This presents criminals and money launderers with an opportunity to move significant volumes of illicit funds very quickly.
High Levels of Anonymity
Increased Potential for Structuring
Red Flags: How is Money Laundered Through Cryptocurrencies?
It is estimated that the amount of fraud, theft, and hacks that occurred in the crypto industry totalled more than $1.4B – in the first six months of 2020 alone.
Cryptocurrencies will pose a significant threat to the integrity of financial systems if these issues are not addressed.
To better understand and address the threats, the Financial Action Task Force (FATF) conducted an investigation and put together a report on red flags relating to cryptocurrency money laundering schemes.
Let’s review some of the most prevalent red flags in the crypto industry:
Minimal customer due diligence
Red Flag #2
Red Flag #3
Red Flag #4
Red Flag #5
A user that engages in more transactions than the average person could also be involved with structuring. By deliberately breaking up larger
trades into smaller amounts, criminals can avoid triggering currency transaction reporting thresholds.
This red flag is the same as what would trigger a bank alert when done with cash – making multiple transactions under the $10 000 reporting minimum could indicate illegal activity
Q: What about making several high-value exchanges in a short timeframe?
A: Behaviour like this can also be a red flag, especially when it is done in a regular pattern and the user has long periods with no additional activity afterward. Ransomware cases may look just like this!
Setting up an AML Process
Now that you understand the importance of sanctions screening and AML processes in the crypto industry, let’s get into the best way to set them up. The key is to develop policies and procedures to address red flags and prevent money laundering from occurring.
The first step is to understand the risks your business is exposed to and the applicable regulations that you must comply with. Cryptocurrency service providers are now under the scope of most of the existing AML and counter-terrorist financing regulations, so you must prepare appropriately.
As most of these laws require you to implement a risk-based customer due diligence program and transaction monitoring measures, you should start there. The goal is to develop a process that can identify the money laundering risk that each of your users presents.
To comply with regulations, you must use a risk-based approach. It is the only way to avoid expensive fines and penalties for non-compliance and ensure that you can detect and prevent money laundering risks.
Step 1: Understand the risks your business is exposed to, and the applicable regulations that you must comply with. Cryptocurrency service providers are under the scope of most AML and counter-terrorist financing regulations, so you must prepare appropriately. The goal is to develop a process that can identify the money laundering risk that each of your users presents.
Step 2: Use a risk-based approach to comply with the regulations you identified. This is the only way to avoid expensive fines and penalties for non-compliance and ward off money laundering risks.