- What is AML in cryptocurrency?
- Why cryptocurrency is considered a money laundering tool
- How KYC is conducted
- Crypto Travel Rule
- Blacklists Project
- How AML verification is implemented in practice
- How do they check addresses for being or not being clean?
- Why users use mixers to clean coins
Anti-money laundering (AML) is an anti-money laundering procedure that was first adopted for fiat currencies and then for cryptocurrencies. To combat the financing of criminal activity, regulators have enacted strict anti-money laundering (AML) laws to minimize the risks. And it should be noted that the presumption of innocence does not work here.
AML for cryptocurrencies are laws, rules and policies enacted to prevent criminals from turning illegally obtained cryptocurrency into cash.
The Financial Action Task Force (FATF) sets global standards for anti-money laundering legislation.
AML for cryptocurrencies are laws, rules and policies enacted to prevent criminals from turning illegally obtained cryptocurrency into cash. Source wikipedia.
In 2014, the FATF published guidance on combating cryptocurrency money laundering, and policymakers in FATF member states responded quickly. FinCEN, the European Commission, and dozens of other regulatory organizations have legally codified most of FATF’s anti-cryptocurrency money laundering recommendations.
The ultimate actions to comply with the laws and regulations fell to virtual asset service providers (VASPs): cryptocurrency exchanges, Stablecoin issuers and, in each case, certain DeFi protocols and NFT trading platforms. VASP compliance officers must conduct “know your customer” (KYC) checks and regularly monitor for suspicious activity to thwart transactions that may be linked to money laundering and terrorist financing.
VASPs must also report suspicious activity to the appropriate regulators and agencies, which then analyze the flow of funds and track illicit activity by real-world identifiers using a variety of tools, including blockchain analysis. Meanwhile, if the FATF suspects poor enforcement of the edicts, lawsuits are filed and fines are imposed to the extent that it is easier for cryptocurrency-related organizations to block user accounts than to investigate the purity of their assets.
In June 2014, the FATF articulated the main factors that make cryptocurrency attractive for illegal transactions:
- Anonymity. Inside the blockchain, users do not appear in any way. Their identities can only be revealed at the withdrawal stage, provided that a KYC procedure is implemented.
- Cross-borderness. Cryptocurrency knows no borders, which means there are problems of different jurisdictions for one transaction.
- Decentralization. There is no single supervisory center, and for the FATF this is tantamount to anarchy.
KYC is a mandatory procedure for obtaining personal customer data. These include:
- physical and legal name;
- date of birth;
- copies of documents (driving license, passport, etc.);
- documents of legal entities, etc.
This involves having a Customer Due Diligence (CDD), which is a risk assessment for new customers or business relationships. Financial service providers assign risk ratings to accounts based on background checks, customer surveys and customer transaction history reviews.
It is mandatory for cryptocurrency institutions to conduct continuous monitoring, that is, continually checking transactions for signs of criminal activity. If suspicious activity is detected, VASPs must file reports with FinCEN or other appropriate law enforcement agencies.
Chainanalysis published the Crypto Crime Report summarizing the year 2021. According to their research, in 2021, cybercriminals laundered $8.6 billion in cryptocurrency.
Since 2017, cybercriminals have laundered more than $33 billion in cryptocurrency, with much of that amount moving to centralized exchanges over time. By comparison, the UN Office on Drugs and Crime estimates that between $800 billion and $2 trillion in paper currency is laundered each year – 5 percent of global GDP. In 2021, money laundering accounted for just 0.05% of all cryptocurrency transactions.
So, we can conclude that cryptocurrency is not the most popular means of money laundering. However, reports about blocked accounts appear all the time.
Crypto Travel for crypto assets mandates that VASPs send, receive and authorize a customer’s personal information along with a cryptocurrency transaction that exceeds a certain threshold.
Cryptocurrency companies in many countries must conduct additional compliance checks, reporting and information exchanges related to transactions over $1,000. Many exchanges follow AML/CTF processes to identify and screen their customers for sanctions as part of customer due diligence. This prevents sanctioned users from directly initiating transactions. Yet, the FATF requires cryptocurrency organizations to obtain and authorize verification of VASP counterparty customer information and conduct due diligence on the VASP counterparty. With this information, VASPs can accept or reject a transaction.
FTX crypto-exchange chief Sam Bankman Fried said this week that he favors regulation using blacklists or blocklists, a model in which people are free to trade as long as there are no explicit sanctions for doing so. That is different from whitelists or allowlists, where people are prohibited by default from trading unless explicitly granted permission.
“We need fast, reliable lists of addresses associated with illicit finance,” said the CEO. The “Possible Industry Standards for Digital Assets” document on the FTX website argues that the use of allowlists would be a huge burden on innovation and trading, which “freezes out the economically disadvantaged.” On the other hand, the exchange noted that simply allowing all transfers would open the floodgates to financial crime. Blacklists, on the other hand, provide a much healthier balance between the two.
But in reality, such an implementation is very complicated; besides, it does not preclude quite legitimate addresses from ending up on such a list. In blockchain, crypto addresses are not equal to users. Stolen funds can be transferred through an almost infinite number of addresses, and it is virtually impossible to know who owns each address. This puts exchanges in the difficult task of constantly tracking down addresses associated with illegal funds and blacklisting them accordingly.
Manual verification of all accounts and transactions was once done by banks. Though often done selectively, AML procedures are implemented and enforced by dedicated departments. In blockchain, this approach is not possible due to its digital existence.
Centralized crypto exchanges develop their own criteria of the “unreliability” of wallets, used for building algorithms of data acquisition and analysis. BigData technologies, neural networks, etc. are used. Often, even exchanges themselves do not know on what basis the program put a ”black spot” on a wallet.
Most often, algorithms enumerate transactions, taking into account transferred amounts and wallet characteristics. This can be presented as a graph.
For example, algorithms can consider the following:
- Statistical parameters of outliers specific to fraudulent transactions.
- Graph analysis to identify patterns.
- Temporal analysis of transactions.
- Clustering of user behavior and formation of behavioral patterns.
In the end, if a transaction involves an address that has already been flagged on the darknet, the other party also gets tagged. You do not have to be a money launderer or a gun dealer to get your account blocked. As they say, nothing personal, just FATF compliance.
The flip side of the coin is the very fact that the exchange accepts your wallet. If that has happened, then you are the owner of a “clean” asset. But since verification is ongoing, careless transactions into an unverified wallet can bring you really big problems.
Cryptocurrency owners can independently check incoming assets for being clean, and the counterparty’s wallet for belonging to the sanctions lists. It is enough to use verification services, such as AMLBot.
However, if you have already received “dirty” money, it is dangerous to enter an exchange with it. In general, on centralized exchanges, which are recognized at the state level (like Binance), if AML check shows more than 75% risk, the account will be blocked with a high probability. Outbound coins from such exchanges show about 20-25% risk. For exchanges in states where the cryptocurrency market is not yet as tightly controlled as in Europe or America, the outbound cleanness may be at 50%. But in any case one ill-considered transaction, even without your knowledge, can lead to unfortunate consequences.
A classic mixer does not clean coins completely and can be tracked by algorithms. The program is based on simply mixing fractions of cryptocurrency and randomly distributing them among participants. Modern AML services can easily detect such links.
Much more reliable is a mixer, which guarantees sending coins received from the exchange (i.e., having low risk) from another address. Frequent generation of new wallets with addresses unrelated to users, as well as distribution of “clean” coins from exchanges guarantees loss of connection between a client’s wallet and bitcoin sent to the mixer. Even the most advanced self-learning algorithm, built on a neural network, cannot recognize broken links.
Contrary to popular belief, the bitcoin mixer is not a tool for criminals to launder money. Today’s reality is that quite law-abiding users have to use such services, as accidentally receiving tagged bitcoins or transferring to an address from a sanctions list leads to financial losses.
States themselves have launched a witch hunt, often without looking into the details or considering the presumption of innocence. “Black spots” are handed out algorithmically and it is impossible to prove anything in such a situation. Therefore, using a mixer is only a show of common sense and protection of one’s assets.