Money-laundering risk warning to crypto providers
CRYPTO assets have for a long time caught the eye of criminals and their enablers, exploiting this newly emerging, and therefore lightly regulated, area of financial services.
Crypto assets, however, are certainly on the radar of the regulator locally, and have just been named financial products.
Regulators worldwide are taking a far greater interest in the crypto sector’s compliance in anti-money laundering and combating the financing of terrorism legislation.
A new industry report by Riskscreen identifies the top risks facing crypto asset service providers (Casps). There will be growing regulatory pressure to comply with the best practice as this popular asset class continues to grow.
Worldwide, criminals laundered as much as £6.4 billion (about R122bn) worth of cryptocurrency in 2021, reports blockchain data company Chainalysis. Several billion in crypto assets have been recovered by authorities, but the risk of money laundering remains high.
The Financial Action Task Force (FATF), no stranger to South African shores with the threat of joining its grey list, has put forward crypto asset guidance, with the last update in July last year clarifying virtual assets and licensing of service providers and how the latest FATF standards apply.
Though this is still a work in progress, it goes a long way toward formalising compliance in the sector, and the FATF has gone one step further and said that countries that do not prioritise crypto-asset risks and adopt these standards will likely be greylisted.
The FATF is preparing to conduct annual checks, so this will be an ongoing compliance endeavour – and an important one to help reduce money laundering and terrorist financing risks in time.
The Riskscreen report states: “In theory, one valuable characteristic of blockchains is that they create an accurate and transparent record of the counterparties involved in a transaction.
“However, in practice some providers have enabled customers to transact without fully identifying themselves, ensuring their behaviours are very difficult to track. The fact that all transactions are digital and never face-to-face adds greatly to concerns in this area.”
The innovative and fast-paced nature of crypto assets has unfortunately meant criminals have also noticed and are always looking for new ways to commit crimes.
Riskscreen shared several examples of the money-laundering risks Casps should be on the lookout for:
● Third-party theatrics. Clients who accept payments from unknown third parties or those who operate on behalf of third parties could be at risk, particularly as identities may be obscured in these transactions.
● Anonymous ambitions. Clients working through virtual private networks or using anonymous electronic money services are an obvious risk due to their anonymity.
The same is true where privacyenhancing features are added to crypto transactions. It is also difficult to monitor or identify transactions where the previous or subsequent deal is a peer-to-peer crypto asset transfer.
● Not keeping up with KYC. Multiple small transactions may go under the threshold of Know Your Customer (KYC) requirements, but this can mean crime can creep in, because of neglecting KYC due diligence. It’s always better to know who you are dealing with.
● Crypto miners and high-risk jurisdictions. Clients in high-risk crypto asset mining operations or those based in high-risk jurisdictions have been identified by regulators as posing an “elevated money-laundering risk”.
The dark web is, of course, a cesspool for illicit activity given its unregulated status and is best avoided.
It’s important not only for South Africa as a country to manage money laundering risks and prepare accordingly to avoid greylisting – but for Casps to do the same.
Weaknesses in existing compliance frameworks should be identified as early as possible to avoid falling foul of the regulator, and the recommendations from the FATF need to be properly considered and implemented.
These standards will become locally enforceable, so being ready and compliant as early as possible will only help.