How can financial institutions adapt their KYC procedures to help identify cryptocurrency risk?

A court in the Netherlands recently ordered forfeiture of 2,532 bitcoins worth $33 million from a couple convicted of money laundering offences. The prosecution had reportedly shown how the couple purchased with cash, bitcoins from individuals and entities they had met in Dark Web marketplaces and allowed the trades to be unreported (to tax authorities) and the identities of the individuals to remain anonymous. This should serve as a reminder to banks and other financial institutions (FIs), that hold client money that cryptocurrency is still actively being used by criminals to launder the proceeds of crime.

In this article we highlight two key financial crime risks that FIs may be exposed to if they do not consider the possibility of cryptocurrency trading in their KYC (know your customer) processes.

Questions at onboarding

The KYC process during the onboarding of new customers and subsequent periodic reviews of those customers, provides an opportunity for FIs to gather information that can be used to help determine a number of factors such as creditworthiness and financial crime risk profile. It’s important that those managing risk, particularly financial crime risk have as much relevant information as is possible in order to make an informed, risk-adjusted decision.

However not all FIs ask questions about the cryptocurrency activities of their customers. This creates a risk that the FI misses information which could impact the financial crime risk profile of that customer, and increases the risk that the FI is used in connection with money laundering.

Two related risks are worth highlighting:

  1. Banked cash deposits could be derived from cryptocurrency previously associated with criminal activity Cryptocurrency, for example bitcoin, is often used for illegal purposes, whether it be trading of illicit goods on Dark Web market internet sites or to convert cryptocurrency gained through illegal activities into cash, as in the Netherlands case. The history of many cryptocurrencies can be traced and any suspicious origins identified – bitcoin for example, is one example of a cryptocurrency where there are relatively mature, commercially-available solutions that can be deployed to help identify its heritage. When an individual who trades in a cryptocurrency then decides to sell it and convert it to fiat currency, at some stage that cash is likely to be deposited into a bank account. If the FI has not asked the question as part of its initial or ongoing KYC process, it would have no way of knowing if a deposit could have been derived from the proceeds of a cryptocurrency transaction, where the cryptocurrency itself was historically associated with criminal activity.

  2. Banked cash deposits could be derived from cryptocurrency that has a current or historical connection to a sanctioned individual The technology that underpins the rapid growth of cryptocurrency trading enables transactions to be conducted on a person to person basis, relatively anonymously and instantaneously. These transactions are unlikely to be monitored or conducted in a regulated environment. For anyone subject to sanctions, whether named as a sanctioned individual or simply living in a sanctioned country such as Iran, cryptocurrency could provide a way of transacting in an undetected manner. FIs are exposed to the risk that deposits could be derived from cryptocurrency transactions where the cryptocurrency was historically associated with a sanctioned individual or jurisdiction.

Three quick actions an FI can take now

KYC procedures should be revised to enable the FI to gather some additional information at onboarding or during any subsequent review – at a minimum, they should establish if their customer trades or transacts in cryptocurrency and if so, gather sufficient information to accurately assess any financial crime risk. Not asking the question should not be an option.

Policies and procedures should be revisited and amended where necessary – it is important that if crypto related risk factors are identified, the FI has policies and procedures in place to help ensure an effective response – for example, if a customer makes a large cash deposit derived from a crypto transaction – what steps would the FI then take?

Awareness of cryptocurrency and the risks associated with it should be raised and some basic training given to those tasked with the role of assessing financial crime risk. Most importantly, everyone within the FI should be aware of the fact that cryptocurrencies can help facilitate crimes such as money laundering, sanctions and tax evasion.

Get unlimited access to all Global Banking Regulation Review content