Cryptocurrency exchanges participate in crypto-fiat exchanges or provide virtual currency wallet custody services. This sector is rated as high-risk since it provides a less regulated channel for the digital transmission, storage, and trading of virtual currency.
As a Cryptocurrency or virtual exchange firm, you are a "regulated entity" if you:
are a platform for exchanging virtual currencies
are a supplier of custodial wallets.
This industry is a potential avenue for money laundering as cash is a valid form of trade and the commodities are easily transportable. Instances such as fraudulent reporting, the misclassification of commodities, or carousel transactions are all trade-based money laundering and make it complex to trace the source of funds or the intent of transactions. This resultingly, enables the profits of crime and other lawful activities to be laundered via these goods, thereby exposing traders to the risks of fraud, bribery, and terrorism financing (TF).
Compliance for cryptocurrency exchanges and wallet service providers starts by registering with national authorities. KYC and beneficial ownership verification are required at the onboarding stage, along with screening for Sanctions and Politically Exposed Persons (PEP). Crypto firms can remain compliant by conducting ongoing reviews of high-value transactions, high-risk customers, high-risk jurisdictions, fiat-to-crypto transfers, transaction monitoring for unusual behaviour, monitoring high-value wallets, and reporting suspicious activities.
Gaps in Compliance
The capacity to convert cash into virtual currencies and profitably trade between numerous virtual currencies enables the integration of illicit funds into the lawful economy. Other considerations, such as the ease of transferring funds for criminal activities or to support terrorism through virtual exchanges, render crypto firms susceptible to AML/CTF compliance violations. Other limiting considerations include the lack of transparency in transactions and ownership structures. As virtual currency transactions exist outside of a traditional monetary system; crypto companies are difficult to control and regulate.
It is expected that cryptocurrency exchanges and wallet providers develop the foundation for a risk-based compliance programme:
Conduct a risk-based evaluation of the company's exposure based on its services and delivery methods, kinds of customers, the countries in which it operates or conducts business, the amount or pattern of its transactions, and its commercial ties.
Establish risk reduction procedures and controls to mitigate risk.
Establish an AML/CTF programme, including customer identification, beneficial ownership, and Sanctions/PEP screening.
Have in place rules and processes for continual monitoring, as required by your regulator.
Implement a risk-based strategy for continual transaction, pattern, and business relationship monitoring.
Maintain your Compliance Program
After establishing your compliance programme, you must implement the necessary mechanisms to verify its implementation. There may be criminal or administrative monetary consequences for noncompliance.
Ongoing compliance requires:
Training employees and assigning a compliance officer.
Conducting customer due diligence (CDD), updating, and validating customer information, continuous CDD and enhanced due diligence (EDD) for suspicious transactions or high-risk persons and nations.
Setting reporting thresholds for transactions when physical/fiat cash is received or paid out.
Submission of suspicious transaction and compliance reports, as well as other regulatory requirements.
Conducting compliance programme reviews at regular intervals.