ACAMS2018: Compliance Models and Cryptocurrency Risks
Information has value, and illegal activity to obtain that information is more prevalent than ever. And with that activity, often funded by cryptocurrency, there comes a sense of urgency to develop a knowledge and understanding around cryptocurrency risks.
At the ACAMS 17th Annual AML & Financial Crime Conference, a panel entitled “Crafting Compliance Models to Mitigate Unique Cryptocurrency Risks,” explored the current state of cryptocurrency and some tactics/strategies to build compliance models for financial institutions.
The panel defined cryptocurrency as a “digital asset designed to work as a medium of exchange that uses strong cryptography to secure financial transactions, control the creation of additional units and verify the transfer of assets.”
Cryptocurrency itself is nothing new. The panel noted it is just another step in our currency evolution, and one many individuals and organizations may not be ready to embrace.
As a decentralized currency, cryptocurrency needs exchangers in order to move money from one location or person to another. Being decentralized and having little to no regulation, blockchain technology provides the means for the money to be moved. The following visual was shared during the panel and illuminated how this process works.
While the use of cryptocurrencies continues to gain popularity among those engaging in online transactions, the panel noted some risks associated with their use, including:
- Decentralized with limited government control or regulation
- Highly volatile
- Anonymity, pseudonymity or lack of transparency
- Affords the ability to transfer large sums with limited supervision
- Users accept financial responsibility for their funds
- Could possibly be used in criminal and illicit activity (such as hacks, ransomware, money laundering, narcotic/human trafficking and more)
And yet for more traditional financial institutions, there are several reasons they currently do not bank on cryptocurrency exchanges, and if they plan to, they must have or develop a compliance model to minimize risks related to:
- the user, a customer that uses virtual currency
- the exchanger, a customer or institution facilitating the exchange of virtual currency for fiat currency
- the administrator, a customer that receives or facilitates fiat currency exchange for newly issued virtual currency.
Users face a challenge in determining the source of the virtual currency in addition to understanding and navigating the dynamic regulatory and technological landscape. The exchanger must deal with the global regulatory and enforcement framework, which can be inconsistent. Additionally, the exchanger needs to develop processes to identify the source of the virtual currency funds, collect and retain customer identity, and deal with a volatile marketplace. Administrators need to navigate much the same as the exchanger, as well as the evolving regulatory framework, a platform that is decentralized and has the ability to move large sums of value.
If financial institutions are looking to onboard virtual currency customers, the panel laid out a few tactics to employ. First, look to existing policies and procedures that may be leveraged to onboard virtual currency customers. Second, certain enhancements may be required such as a specific virtual currency sheet or questionnaire. And third, each institution should ask some questions to understand where they stand regarding virtual currencies, and those could include: which coins/tokens will be supported and will the institution engage in mining currency?
The panel closed by exploring some of the misconceptions around cryptocurrencies, primarily that they are used for nefarious purposes only. But the panel concluded that the continued growth of digital currencies means that financial institutions should understand and develop compliance programs to minimize risks associated with their use.