Theft, Ponzi Schemes, & KYC Challenges Rampant in the Crypto Space
Know Your Customer (KYC), which can also be called Know Your Client, is mandatory for banks, money service providers, and cryptocurrency exchanges. KYC allows for a crypto exchange or money service provider (MSP) to identify risk levels of new customers and protect against fraud, theft, and otherwise suspicious or illicit activity. Both traditional stock exchanges such as the Dow Jones and nontraditional money exchanges such as in the crypto space are required to engage in Ongoing Monitoring of their customers.
Risk Profiles (which are identified at the onset of a customer’s relationship with the bank or exchange) are monitored and updated at varying points in a customer’s relationship with the institution (one year, three years, or every time a significant transaction is completed). According to Dow Jones, “[c]ustomer profiles will change over time and firms must conduct ongoing monitoring of their business relationships to ensure risk profiles haven’t changed in a way that would expose the firm to non-compliance and reputational damage.” Know Your Customer (KYC) is standard practice for any compliance program and necessary to ensure clients are who they say they are.
What is Blockchain?
Blockchain is a distributed ledger framework that cryptographically stores data on an open or private network. Blockchain is a technology that aims to transform the backend systems that most businesses run on. It aims to become a lower cost, more efficient way to share information and data between open and private networks.
Blockchain is useful as a tool in new Anti-money laundering solutions for fraud and risk departments across financial institutions. This is because the data that is stored on the framework is immutable. Within a blockchain system, data entries cannot be edited or modified.. Instead, they can only be appended after entering the system. This is particularly useful in AML transaction monitoring because it prevents criminals from trying to mask their transactions to prevent detection. The transactions will always be on the blockchain, no matter what a criminal does to attempt to modify them.
This will help banks save money in the long run. For example, Deutsche bank recently was fined over $700 million in 2017 because of accusations that it helped launder money out of Russia. Earlier this month, USB was fined over $5 billion by French regulators for money laundering and tax evasion. With blockchain technology in place, it would be more difficult for associates to evade the AML process and cause damage to a financial institution’s overall reputation.
An Anti-money laundering solution built on the blockchain could leverage the inherent qualities of the blockchain in order to identify and prevent illicit transactions. If the software used to monitor transactions is an AI with machine learning functionality, it could effectively run through strings of data to determine if money laundering activity is occurring. The reason this would work is because AI will be able to detect patterns in large volumes of data while adapting to changes in criminal activity over time with its machine learning capabilities.
Blockchain for AML Compliance
These tools would automate the transaction monitoring process and make it much more efficient and effective than current processes are today. Plus, if suspicious activity is detected, it could be highlighted, flagged and stopped for further investigation. All this activity would be immutably stored on the blockchain as well.
$1.4bn Stolen by Cyber Criminals as the Cryptocurrency Industry Faces New Round of Compliance/AML Failures
Major cryptocurrency exchanges are on the alert as 2020 brought another round of hacks, thefts, and decimating losses. Despite more stringent regulations being adopted across the European Union (EU), billions of dollars are being lost due to banks and exchanges failing to implement these new compliance hurdles.
EU Enforces Compliance as Fifth Anti-money laundering Directive Shakes Industry
As the EU’s Fifth Anti-money Laundering directive came into force on January 10, 2020, organizations operating in the crypto space are being challenged to update their compliance programs. Most notably, Bitcoin.com notes that the EU law will, “oblige digital asset exchanges as well as providers of crypto payment and custodian services to apply for licenses from the Federal Financial Supervisory Authority (Bafin).”
The Fifth Directive states, “Recent terrorist attacks have brought to light emerging new trends, in particular regarding the way terrorist groups finance and conduct their operations. Certain modern technology services are becoming increasingly popular as alternative financial systems, whereas they remain outside the scope of Union law or benefit from exemptions from legal requirements, which might no longer be justified.”
Major Risks For Non-Compliant Organizations Operating in the Crypto Space
Risks Surrounding Client Anonymity: The Fifth Anti-money Laundering Directive’s 9th section points out that, “anonymity of virtual currencies allows their potential misuse for criminal purposes. The inclusion of providers engaged in exchange services between virtual currencies and fiat currencies and custodian wallet providers will not entirely address the issue of anonymity attached to virtual currency transactions, as a large part of the virtual currency environment will remain anonymous because users can also transact without such providers.” It goes on to note that in order to combat this loophole, “national Financial Intelligence Units (FIUs) should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency.” In the United States, financial institutions are required to identify and report suspicious activity reports (SAPs|.
The Fifth Directive also discusses the idea of self-declaration and that FIUs, “should be able to obtain information allowing them to associate virtual currency addresses to the identity of the owner of virtual currency.” Despite growing regulations, there still exist major challenges which have led to billions in scams, ponzi schemes, digital currency theft and extortion.
PlusToken, WuToken, & KuCoin Just To Name a Few Highlight Need For KYC in Crypto Space
Boxmining, a leading technology and fintech asset media property and FinTech trends outlet states, “Plus Token” was a cryptocurrency Ponzi scheme disguised as a high-yield investment program. Platform administrators closed down the operation in June of 2019. Fraudsters abandoned the scheme by withdrawing over $3 Billion dollars in Cryptocurrencies (Bitcoin, Ethereum, and EOS) and leaving the message “sorry we have run“. This has led to an international manhunt for the platform administrators and creators of Plus Token. Plus token has been blamed for causing Bitcoin prices to fall in 2019 as stolen funds were sold via Bitcoin OTCs.” The need for proper KYC and transaction monitoring is especially apparent in the case of PlusToken.
WuToken Hack: $281M Gone In An Instant
Cryptocurrency exchange KuCoin was instantly decimated with losses of over $281M in 2020. COO Insights reports that, “[o]n September 26, cryptocurrency exchange KuCoin issued a statement that it experienced a ‘security incident’. At that point, some USD 150 million in BTC (bitcoin), ERC-20 (ethereum-based tokens), and other cryptocurrencies were estimated to be stolen.
Over the next couple of days, that amount had grown to USD 280 million, effectively making the KuCoin hack the third-largest crypto hack. Only Coincheck, which suffered a USD 534.8 million hack in 2018, and Mt. Gox, which lost USD 460 million in 2014 to another hack, were ahead in terms of loss.”
Hacks and Ponzi schemes like these are rampant but organizations that build strong compliance programs, including AML risk profiling and KYC and Extended Due Diligence (EDD) processes will face a much less risky foray into the crypto space.
Headquartered in San Diego, California, IDMERIT provides an ecosystem of identity verification solutions designed to help its customers prevent fraud, meet regulatory compliance and deliver frictionless user experiences. The company is committed to the on-going development and delivery of offerings that are more cost-effective and comprehensive than other solution providers. IDMERIT was funded by experts who have been sourcing data on personal and business identities across the globe for over a decade. This access to official and trusted data throughout the world has become increasingly important as companies find themselves completing transactions across borders as a standard course of business. www.idmerit.com