The rise of digital assets has brought new opportunities for investment and innovation, but it’s also introduced new challenges in the fight against financial crime. While it’s important to note that the majority of crypto companies operate legitimately and most cryptocurrency transactions are lawful, the relative anonymity of these assets has also attracted criminal elements.
In the UK, the National Crime Agency’s National Assessment Centre estimates that over £1 billion of illicit cash is transferred overseas through cryptocurrencies, with hundreds of millions being laundered. As crypto gains popularity and becomes more mainstream, financial institutions continue to grapple with the complexities of developing effective anti-money laundering (AML) and risk management frameworks to prevent bad actors from exploiting their systems.
As the lines between traditional finance and the crypto world become increasingly blurred, criminals are discovering new ways to exploit digital payments. Pseudonymity in cryptocurrencies means that while transactions are recorded on a public ledger using technologies like the blockchain, the identities behind these transactions are represented by a string of characters rather than a real name. This can make it more difficult to trace the source of funds and identify individuals behind such activity.
On-chain vs. off-chain
Blockchain technology offers a unique level of relative transparency, with every transaction recorded on an immutable ledger accessible to anyone. This on-chain data provides an opportunity for enhanced risk management, compliance, and AML efforts, as transactions can be traced and analysed more meticulously than with traditional fiat currencies.
However, off-chain data poses challenges for compliance teams. When digital assets are exchanged with fiat currencies outside the blockchain, the trail becomes less easily accessible, particularly when exchanges or platforms facilitate these conversions. It’s worth noting that most cryptocurrency transactions are for legitimate purposes, such as investment, trading, and payments. Even so, the challenges posed by off-chain data and the pseudonymous nature of cryptocurrencies cannot be ignored.
As the crypto industry continues to grow, so does the sophistication of criminal activity. Criminal actors are leveraging crypto’s unique characteristics in increasingly complex ways to carry out illegal activities, such as ransomware attacks and money mule schemes. In money mule schemes, individuals are recruited to act as intermediaries for money transfers, often unknowingly. The mules receive the funds in their cryptocurrency wallet and then transfer those funds to other wallets or convert them to fiat currency, which obscures the trail of the illicit proceeds being washed.
“Chain peeling”, which involves breaking up a large amount of cryptocurrency into smaller transactions and distributing them across multiple wallets, presents another avenue for money laundering. This technique is often used in conjunction with methods, such as mixing services or privacy coins, making it harder to trace the original source.
Criminals often seek out non-compliant or unlicensed exchanges that can be exploited with little obstruction when moving between fiat and crypto assets. The semi-anonymous nature of most cryptocurrencies, combined with the lack of Know Your Customer (KYC) or Customer Due Diligence (CDD) requirements on these platforms, can enable criminal operations.
The risks of direct and indirect exposure
Financial institutions face risks from both direct and indirect exposure to crypto assets. Direct exposure involves engaging directly with an entity involved in illicit activities. For example, when a crypto exchange unknowingly facilitates the laundering of funds from a ransomware attack. Indirect exposure, on the other hand, involves engaging with customers who are involved in criminal activity elsewhere, even if the financial institution is not directly involved in the illicit activity itself. For instance, if a bank provides a loan to an individual who uses the funds to purchase cryptocurrency that is later revealed to be linked to a sanctioned entity, the bank has indirect exposure to the associated risk through its customer’s actions.
The consequences for any organization found to have engaged with criminals or sanctioned entities can be severe. In 2023, Moody’s Grid entity screening database reported a 114% increase in sanctions evasion events versus 2022, which itself saw a 71.5% increase over the previous year. This increase illustrates how insufficient transaction monitoring can result in allowing people in high-risk jurisdictions and those subject to sanctions to engage in virtual currency transactions that put businesses at risk of compliance breaches and reputational harm.
The power of blockchain analytics
To effectively counter the threat of illicit use of crypto, organisations need tools that provide essential visibility into the blockchain and allow for the evaluation of crypto transactions and wallets at scale and in real time. This is where blockchain analytics comes in.
Blockchain analytics involves analysing, identifying, and clustering data on the blockchain to identify and help prevent illicit activities such as money laundering and fraud. By combining on-chain data with advanced analytics, organisations can identify the risk associated with a given customer’s source of funds or gain insights into an ultimate beneficiary.
Crypto wallet screening offers real-time risk profiles, while transaction screening allows for the visualisation and tracing of crypto fund flows. Crypto investigation software enables organisations to visualise the flow of funds and gather meaningful evidence, essential for defending against complex criminal schemes.
The road ahead
The convergence of cybercrime and cryptocurrency presents challenges for financial institutions, but with the right tools, these challenges can be met. By harnessing the power of blockchain analytics, a more resilient and secure financial system can be built – one that embraces the benefits of digital assets while reducing the risks posed by criminal actors.
As governments around the world establish agencies to ramp up sanctions inspections and enforcement, organisations must establish or review their risk and compliance frameworks to understand risk exposure and prepare to mitigate it.
The road ahead requires a proactive and adaptive approach. As the complexities of the crypto nexus are navigated, one thing is clear: compliance must keep pace with innovation. Only by leveraging on-chain analysis with robust KYC/AML procedures can the promise of digital assets be realised while the financial system is safeguarded.