Central, Northern & Western Europe (CNWE) is the world’s largest crypto economy. Users and institutions throughout the region received USD 1.3 trillion worth of cryptocurrency in the period July 2021 to June 2022.1 This is due to, among other things, a wide package of regulations, i.e. the Transfer of Funds Regulation (TFR), the AMLD6 directive or Markets in Crypto Assets (MiCA) issued by the EU. Legal regulations force Crypto Asset Service Providers (CASP) to implement appropriate procedures in their financial applications.
In this article, we'll walk you through 3 ways to verify users and their transactions to help you comply with applicable laws.
Why do Crypto Asset Service Providers ensure AML Compliance?
Procedures, internal company policies, employee training, but also the implementation of IT solutions in financial applications. All this to ensure compliance of the company's operations with the applicable law on counteracting money laundering from illegal sources, e.g. criminal activity, corruption, and drug trafficking.
The reason for the spread of security is at least the AMLD 6 directive. Where the provisions on initiators, helpers and instigators of crimes as accomplices were changed, at present, "aiding and abetting" are criminal acts and are punishable, and the so-called "enabling" will also be held accountable.
And the amount of fines increases every year. Almost USD 5 billion2 in fines was imposed on banks and other financial institutions in 2022 for AML infractions, breaching sanctions, and failings in KYC systems. But that's just the tip of the iceberg. The remediation costs and reputational damage can also be high, let alone deletion from the register of regulated activities and loss of concessions or permits.
Unfortunately, security measures are not yet common and strong enough to guarantee full security of users, which can be seen in the sums of laundered funds that are growing year on year.
The 2023 CryptoCrime Report3 prepared by the blockchain analysis company Chainalysis, states that in 2022, the total amount of money laundered via cryptocurrency trading was USD 23.8 billion, an increase of 68% compared with 2021.
Another reason why IT solutions are used to secure financial applications is the need to pass rigorous compliance audits. They verify whether the financial application meets the legal requirements in force in the country (or state, if we are talking about the USA). If violations of the regulations are found, the relevant authorities may withdraw the concession, permits or remove them from the business register.
Therefore, companies operating in the field of virtual currencies must exercise due diligence during user onboarding and transaction processing and remain vigilant throughout the entire payment processing cycle. This is all done to increase the security of user interaction with new technologies, such as IT solutions based on blockchain.
What is the KYC process in crypto services providers?
KYC (Know Your Customer) is the process of verifying a customer's identity before entering into a business relationship with them or providing them with services. The process consists in collecting information about the client in order to confirm their identity, origin of funds, financial goals and risks associated with providing services. As part of KYC, documents such as an ID card, passport, proof of address or information about the customer's sources of income may be required.
To better explain the KYC procedure, let's use the process of creating a new user account on a cryptocurrency exchange.
KYC can be done in many ways. For example, the user will be asked to make a verification transfer for a symbolic amount from their bank account (Highly Automated Identity Verification). This will unequivocally confirm their personal data (name, surname, date of birth, address). Another way is to ask the user to send a photo of their face with the person holding their ID card (Facial Recognition Technology).
Both methods can be combined, which ensures the stronger verification of the user's identity. Their passage can sometimes determine the level of access to the platform, an example of which is the Binance cryptocurrency exchange. The more verification types a user passes, the more access they have to the vast ecosystem of the platform or the larger amounts they can deposit and withdraw from the app.
What is an AML name screening?
The AML name screening process is also part of KYC. It allows crypto services providers to keep track of their clients in terms of prohibited lists, penalties, blacklists, negative media data, and PEP (Politically Exposed Persons).
Name screening consists in checking whether the user's name and surname are on various lists from respected risk and compliance data technology companies, e.g. World-Check, Dow Jones Risk and Compliance. If such a person is on the list, then his onboarding is suspended, and the person is further verified.
Sounds pretty simple. However, the name screening process must be able to cover many different cases, for example:
- verification of names and surnames written in Cyrillic text, Arabic or with intentional errors;
- a large number of returned results due to having a fairly popular surname, e.g. in Great Britain it will be surnames such as Smith, Jones, and Williams;
- continuous verification of users – not only those who are just registering in the application, but also those who have been using it for a long time, in comparison with the constantly changing legal regulations.
What is Know Your Transaction (KYT)?
The KYT procedure is a service for verifying cryptocurrency transactions recorded on a given user's wallet (personal wallet). The user's wallet is examined at 2 levels: direct and indirect. The first one concerns the verified wallet, specifically:
- the amount of the transaction e.g. when transactions exceeding 1000 € occur between CASPs and unhosted wallets belonging to their clients, the CASP is required to confirm whether their client truly possesses or manages the unhosted wallet.
- the frequency of transactions – if there are any irregular changes that are worth noting or investigating.
The second checks which wallets the funds in the verified wallet come from. The account is flagged in the system and is subject to manual verification if there is any connection in the transaction history with:
- Darknet
- Global Sanctions – written in the OFAC sanctions list
- Terrorist and Criminal Entities
- Hacked Accounts
- Phishing and spam
- Mixers
- Ransomware accounts
- Blackmail and Sextortion
How are KYC tools implemented in a company’s app?
Financial applications need to comply with AML regulations. Therefore, companies use one of two solutions. If it is the implementation of a simple function, e.g. checking a qualified signature, then you can consider writing such a function from scratch. However, this approach is becoming less and less common. The reasons for this are a lack of standards for technical requirements, and a lack of harmonization of legal and regulatory requirements around the jurisdictions.
That is why more and more applications simply integrate with ready-made and quite advanced solutions already existing on the market. In reaching for integration, however, it is necessary to properly design and map company processes and the work of experienced programmers.
IT technology in the service of AML
Properly selected IT technologies to ensure compliance with AML policy bring many advantages. Firstly, they increase the scale of collecting and processing data about the user of the financial application. Moreover, they eliminate human error, and thanks to more accurate and compliant verification with current requirements, they raise the quality of risk assessment.
All this affects the security of the financial application and the company itself. This is especially so, since crypto assets operate using a different infrastructure than more traditional asset classes. Any operational due diligence must take account of certain risks that are more prominent within this asset class.
It is also worth noting that the growing number of legal acts and their multiple amendments (e.g. in 2022, the UK amended its regulations on sanctions against Russia about 60 times!)4 make the implementation of automated IT solutions a necessity, especially if the company cares about fast query processing, which has a significant impact on the speed of the application, the user journey, drop-off rates, and general user experience.
Sources:
- The 2022 Geography of Cryptocurrency Report, Chainalysis
- Global anti-money laundering fines surge 50%, Financial Times https://www.ft.com/content/7a4821e6-96f1-475c-ae55-6401e402061f
- The Chainalysis 2023 Crypto Crime Report, Chainalysis The Chainalysis 2023 Crypto Crime Report
- The regulatory landscape and predictions for 2023, Fintech Futures https://www.fintechfutures.com/2023/01/the-regulatory-landscape-and-predictions-for-2023/