26 June 2020
As crypto is being embraced more by investorss and consumers alike, as a consequence, it is increasingly becoming both considered and accepted by the traditionally estabilished financial institutions. For example, when customers are utilizing high-risk crypto exchanges, banks are encountering prominent counter-party transaction risks, even more so when these transactions are unable to be identified as to or from a virtual asset entity.
Even though at the end of 2018 FATF (Financial Action Task Force) included VAs (virtual assets) and VASPs (Virtual Asset Service Providers) into the Recommendation that year, VA regulations were stil significantly different in almost every country. In June 2019, FATF tried addressing AML issues by releasing new Guidance protocols which address a Risk-Based Approach to VAs and VASPs. An important point of this Guidance was that global approach was required for effective regulation, supervision, and enforcement of the VASP sector.
The “Travel Rule” for cryptocurrencies, a new regulation that has been the focus amongst VASPs is just one of many new requirements that were recommended by the Guidance. It also set the base for a risk-based framework VASPs should follow, which is very similar - if not the same - as the risk-based approach that the traditional financial institutions are following. This aims to close the gap between the virtual asset sector and the formal financial sector. The “Travel Rule” includes:
- overseeing or supervising VASPs for AML/CFT purposes; - registration and licensing, as well as preventive measures, such as suspicious transaction reporting, recordkeeping and customer due diligence, among others; - international co-operation; amd enforcement measures such as sanctions;
As a result of the Travel Rule framework, all virtual asset activity, including VASPs, was beginning to be subjected to increased regulatory scrutiny as users are seeking fiat on and off ramps and virtual assets are getting regulated as they are more and more intertwined with banks. In June 2020, Office of the Comptroller of the Currency inquired the public opinions as a precursor of formulating cryptocurrency regulations for banks that fall under the jurisdiction of the OCC. Some estimates claim that over $2 billion of processed cryptocurrency-related transfers annually remains undetected by a default large US bank. ACH, swift transfers, wire transfers, credit cards and debit cards, crypto counterparty exposures to all of these must be recognized and analysed by major Financial institutions.
Are Banks at Risk With Virtual Assets? Poor KYC controls: As the virtual asset economy is made safer by new and updated regulations, there are still Virtual Asset Service Providers (VASPs) without sufficient AML control in order to discover and supress money laundering and terrorism financing. It is estimated that more than 50% of these VASPs have weak and insufficient KYC processes. This would allow for criminals and other bad actors to exploit these weak KYC protocols in order to legitimize illegally obtained virtual assets, e.g. through exchanges operating as fiat off-ramps.
These exchanges that serve as direct fiat off-ramps might cause risks exposure to both the receiving user’s, as well as the crypto exchange’s banks. Crypto users trade their crypto via exchange's platform for fiat, which the cryptocurrency exchange’s bank transfers via ACH or wire transfer to the user's bank account. So, the sale of cryptocurrency is actually occurring even though the two banks aren’t directly trading cryptocurrency with each other. The exchange’s AML program must be relied upon by both banks to identify and mitigate risks that might happen from the source of cryptocurrencies being traded.
Virtual assets don't care for borders: In Exchange-to-Exchange transactions in 2019, 74% on average of the bitcoin moved was cross-border. FATF warned that “illicit users of VAs, for example, may take advantage of the global reach and transaction speed that VAs provide as well as of the inadequate regulation or supervision of VA financial activities and providers across jurisdictions, which creates an inconsistent legal and regulatory playing field in the VA ecosystem.” In one jurisdiction, VASPs may offer their services to customers in another jurisdiction where the AML/CFT obligations and oversight are different. If the VASP is located in a jurisdiction with weak or even non-existent AML/CFT controls, legitimate concerns are raised.
New regulations deadlines are short for VASPs In June 2019, FATF has announced a new guidance. They gave twelve months for individual member nations to implement their guidance into local laws before it would report on their progress. In regard to that, FATF stated that: “future developments in virtual asset technology should not create loopholes that terrorists and criminals can exploit. The FATF will evaluate next steps in June 2020.”
But many members haven't yet adopted all of FATF’s new virtual asset guidance properly. Some countries did retain effective introduction of AML regulations, while others proceed without proper controls, thus risking jurisdictional ajudication. New protocols aren't going to appear and be enforced overnight at VASPs just because new regulations were made. There are still AML gaps criminals can exploit as they quickly search to launder ill-gotten crypto-funds for fiat before new regulations are made and enforced. Banks and payment networks don't really notice these cryptocurrency related transactions. This lack of visibility could make them unprepared and thus vulnerable to compliance exposure and fraud.
Steven Mnuchin, FinCEN personnel and Treasury Secretary, recently implied that the US government’s stance on compliance expectations for financial institutions when it comes to cryptocurrency related transactions is on the right course. With regards to the Travel Rule, for example, Kenneth Blanco, the FinCEN Director said on May 13th, 2020, “The United States has long maintained an expectation that financial institutions identify counterparties involved in transactions for a variety of purposes, including AML/CFT and sanctions, even for transactions in virtual currency. Any asset that allows the instant, anonymized transmission of value around the world with no diligence or recordkeeping is a magnet for criminals, including terrorists, money launderers, rogue states, and sanctions evaders.”
Then Blanco also stated in December 2019, “it is important for all financial institutions to ask themselves whether they are reporting such suspicious activity. If the answer is no, they need to reevaluate whether their institutions are exposed to cryptocurrency… If you don’t think you have crypto on your network, look again.” The cryptocurrency risk exposure for banks should be transparent and they should have appropriate measures in place. However, the current state of affairs might signify that the banks cannot do this alone.
Banks must have adequate resuorces and specialized tools to detect exposure to the fast changing, quick and 24/7 crypto global system. In his May 2020 speech, Blanco added, “There is no substitute for the private sector’s visibility into and ability to prevent criminal exploitation of virtual currency products and platforms—particularly those of you who are organizing, developing, and administering these products and platforms. Our work together plays a significant role not just in advancing financial transparency, inclusion, and the development of the future of payment systems, but also in identifying, tracking, and stopping criminals including terrorists and other bad actors from harming others, particularly the most vulnerable.”