AML and cryptocurrencies background and threats to ... · AML and cryptocurrencies. 3 Some...

AML and cryptocurrencies –

background and threats to

effective AML

Giles Dixon, CBP

Senior Consultant, Cryptocurrencies,

Financial Services Advisory

Grant Thornton Canada

“The challenges blockchain technology

currently presents for AML professionals…exist

now but are scantly addressed.”

Source: “When two worlds collide”

3AML and cryptocurrencies.

Some background

Although definitions of virtual currency vary depending on source, the definition below can give

us a good idea…

“Virtual currency is a digital representation of value that functions as a medium of

exchange, a unit of account, and/or a store of value*.

Cryptocurrencies like bitcoin are a form of virtual currency that use cryptography and

encryption techniques to regulate the generation of units of the currency and verify the transfer

of funds, operating independently of a central bank.

Although cryptocurrencies operate like currency, they do not have legal tender status. In

Canada, bitcoin is considered closer to a ‘commodity’ in the eyes of certain regulators such as

the OSC and others.

*Source: IRS Notice 2014-21


Where did it all start?

October 31st, 2008, a whitepaper, “Bitcoin: A Peer-to-Peer Electronic Cash System” was posted by an

individual / group of individuals / entity called “Satoshi Nakamoto”. The whitepaper how Bitcoin would work

• Over 9 pages, the word “anonymous” is only mentioned once

• The paper describes a new way of exchanging value without

the need for a trusted third party or intermediary

• “The public can see that someone is sending an amount to

someone else, but without information linking the transaction to

anyone. This is similar to the level of information released by

stock exchanges, where the time and size of individual trades,

the "tape", is made public, but without telling who the parties

were”.

https://bitcoin.org/bitcoin.pdf

Source: “Bitcoin: A Peer-to-Peer Electronic Cash System”

https://bitcoin.org/bitcoin.pdf


Where did it all start?

Satoshi Nakamoto?

The unknown person or people who designed bitcoin and, as part of its implementation,

the first Blockchain.

Or perhaps…


Cryptocurrency - legal or illegal?

Source: Thomson Reuters, October 2017

Recently banned


AML Regulation

Governments around the world are beginning to grapple with the broad range of regulatory challenges presented by the

virtual currency (“VC”) world. A report by the Bank for International Settlements categorizes the measures taken to date as

follows:

a) Imposing restrictions on regulated entities for dealing with virtual currencies;

b) Adopting legislative/regulatory measures, such as the need for exchange platforms dealing with VC to be

subject to regulation as money remitters, or the proposed regulation of VC intermediaries in some jurisdictions

for AML/ATF purposes;

c) Publishing statements cautioning users about risks associated with VC and/or clarifying the position of

authorities with respect to VC; and

d) Monitoring and studying developments.

But that is changing! This year, we have started to see some jurisdictions going public with more firm regulatory

stances on specific areas of the virtual currency world - Australia, Switzerland and Japan are some

examples….but the landscape is still very much developing.


Amendments to Canada’s AML legislation (not yet in force)

In June 2014, Canada published drafts (which were further amended in 2015) to amend its AML/AFT legislation to treat

persons and entities engaged in the business of dealing in VCs as money service businesses (“MSBs”):

Paragraph 5(h) of the Act was replaced by the following:

(h) persons and entities that have a place of business in Canada and that are engaged in the business of providing at

least one of the following services:

• foreign exchange dealing,

• remitting funds or transmitting funds by any means or through any person, entity or electronic funds transfer

network,

• issuing or redeeming money orders, traveller’s cheques or other similar negotiable instruments except for cheques

payable to a named person or entity,

• dealing in virtual currencies, or

• any prescribed service;

Under the same list of services, (h.1) also includes “persons and entities that do not have a place of business in Canada,

that are engaged in the business of providing” …the above listed services.


Effective AML and the challenges of moving from real world to virtual

No AML Regime

Identifying and

assessing riskCounterparties

Monitoring / vetting

crypto transactions

Digital Relationship

Monitoring

Know your customer / know

your digital customer

Investigation

and reporting

AML Defences Need to Evolve


AML Continuum – Points to consider

• Those coming to us are being proactive in getting their AML

regime to a place where it needs to be…but often they do

not have much in place today – it needs to be built rather

than enhanced.

• It is important to understand each organization’s

interpretation on new nomenclature being born in this

industry e.g. verified / un-verified.

• Also important to understand the fundamentals of different

types of offerings / products / coins available and what

they do / what makes them unique. Bitcoin is just one.

• Understand, for each specific organization, the possible

flows / entry and exit points – different for each.

Challenges / Threats / Points to consider

• Does the organization operate with an ‘unverified’ customer

base? What portion of their business is made up of this type of

customer?

• How easy is it for customers to enter the virtual world?

• Consider the network around the business (and the risk

presented) – e.g. counterparties, franchisees etc.

• Consider why someone would use an ATM vs. an exchange

vs. other forms in to the virtual world e.g. Flexepin.

• What is it about a particular exchange or crypto currency that

means customers use them? E.g. arbitrage? Anonymity? What is

the legitimate business story?

• Need an approach to assessing risk of new technologies as they

emerge – current regulatory requirement very much applies here.

Applying Canada’s AML rules

No AML Regime

Identifying and



crypto transactions


Monitoring



Investigation

and reporting



• Naturally, the pseudo-anonymous nature of crypto makes

knowing your customer a (potential) challenge

• Verified (in the virtual world) does not always mean I know who

my customer is!

• KYC controls not being applied consistently (primarily in the

case of the ATM world) for each customer.

• These organizations have grown quickly, and in some cases

are only now considering their AML programs. Large back

book of ‘un-verified’ customers to understand.

• There is a challenge of compliance capacity.

• The trade off / conflict (in some parts of this industry) between

compliance and commercial is real.


• Understand what “verified” actually means. What

functionality do these customers have? (we’ll explore this some

more shortly)

• How does this translate to being able to know who their

customers are?

• Is there a ‘legacy’ book of un-verified customers and if so,

what controls does the organization have in place to mitigate

against the risk this poses?

• To what extent does the ID documentation collected reflect

the standards expected of ‘similar’ organizations such as MSBs

– this can be challenging in a digital realm.


No AML Regime

Identifying and



crypto transactions


Monitoring



Investigation

and reporting



Customer Base Make Up

Unverified

Verified

Verified

(Higher)

• Cryptocurrency deposits allowed – no

limits

• Cryptocurrency withdrawals - limited

• Many moving to ‘no withdrawals’ model

• Deposits allowed – VC and FIAT (FIAT

limited)

• Withdrawals allowed – VC and FIAT

(limited)

• Some exchanges offer a ‘higher’ level

verification option

• Larger limits allowed on deposits and

withdrawals

Customer Typical functionality allowedTypical % of

customer base

C. 90%

C. 10%

Let’s explore the concept of ‘unverified’ and ‘verified’ a bit further. We have typically seen the

following customer make up at VC exchanges. It is important to note the model described

below differs from exchange to exchange:

Current KYC (needs

enhancement)

• Name

• Email Address

• Country of residence

• Phone number

• All of above

• Proof of address

• Government ID

• All of above

• Government ID

• Social Insurance

Number

• Source of funds



• The list of counterparties at any given VC operator can be

long.

• Exchange A and Exchange B may be in exactly the same

business and dealing with exactly the same coins, but each

have very different controls in place.

• This is important as a number of exchanges provide

services to one another which help them, in turn, provide

service to their customers.

• Many other types of virtual businesses are involved too –

each bring their own challenges from an AML perspective

such as miners and wallet providers, developers.

• Counterparty due diligence is crucial.


• Consider the due diligence that is undertaken on the

counterparty – what has been done, if anything?

• How do the counterparty’s controls compare? Scrutinized?

• Does the counterparty have experience in the industry? In the

crypto world, almost anyone can play.

• Has there been anything in the media which would reflect

negatively on the counterparty?

• Do individuals at the counterparty have a history of

enforcement?

• Where is the counterparty located?

• How is the organization financially? Are they stable?


No AML Regime

Identifying and



crypto transactions


Monitoring



Investigation

and reporting



Let’s consider one example of a counterparty network from the perspective of a crypto

currency exchange.

Crypto

Exchange A

Exchange B

• Buying Exchange A’s coins /

tokens to sell to their customers.

• Exchange offers wallets that

support Exchange A’s coins /

tokens.

Independent Wallet Provider

• Offers wallets that are enabled

to support Exchange A’s coins /

tokens.

Miners

• Mine the coins / tokens that

eventually end up at Exchange

A.

• How have they funded their

operations?

Other Banks?

• Customers have linked their

bank account to Exchange A

and are depositing funds from

their account in exchange for

Exchange A’s coins / tokens.

Protocol Developers

• They maintain the protocol on

which Exchange A’s platform

sits.

• Are they designing the protocol

with ML risks in mind?

Exchange C

• Exchange A is buying liquidity

from Exchange C.

• What controls do they have in

place on their exchange?

MSB

• The MSB is used as an

intermediary to receive virtual

currency, exchange for fiat and

transfer funds to the bank

accounts of other related parties



• The blockchain is (potentially) a tool which can help us

all. Every transaction ever undertaken is recorded and

visible on the network. The challenge is knowing how to

make sense of it all.

• Technologies such as tumblers and mixers have been

seen to be one of the main ways of laundering funds in the

virtual realm.

• Should the focus be on large volumes / large frequency

prioritized over low dollar values?

• Some VC operators are better than others - for the vetting

of cash at B-ATMs are weak. More needs to be done.

• The notion of “ring-fencing” is becoming possible.


• Need to think about the right parameters to apply- do we

need full KYC at $1 or at $500?

• Consider IP address KYC and monitoring.

• The infrastructure is easily there for the monitoring to occur,

these 'fintech' companies are built in a way that using

and monitoring data is part of their DNA.

• Can I decide to facilitate some of your transactions but not

all?

• What about an environment where AML is built in from

the start i.e. blockchain with all required controls and

capability built in from inception - anonymity completely

removed while benefits of the blockchain still exist.


`

No AML Regime

Identifying and



crypto transactions


Monitoring



Investigation

and reporting



Let’s explore further how this plays out in an example scenario – we can quickly start to see

why and where risk exists…

Virtual World

(Exchange or

wallet provider)

Real World

• Dollars deposited at ATM – no

KYC undertaken;

• Exchanged for bitcoin and

deposited in to bitcoin wallet at

an exchange.

• Subsequent VC deposits made

from other exchanges.

2

1

• Customer is unverified.

• All funds sent to verified wallet at

another exchange where customer

has used a false identity.

3

• Funds

withdrawn out

in to banking

system.

4

Illicit Funds



• How do we know who we are dealing with in an on-line

world?

• How much do we need to know?

• Some of the monitoring tools are too expensive for the

more traditionally built AML programs.

• The blockchain monitoring tools available can be helpful –

but they are still learning / building their profiles with

time.

• Easier world for nominees?

• At a more fundamental level, is the capacity there to learn,

understand, and effectively implement virtual monitoring?


• Think of a future where there is ready access to know your

digital footprint in a way never contemplated in the non-

virtual world.

• “Central” ID repositories that sit on the blockchain are

potentially where we are heading.

• Now more than ever we are required to work together

with people who bring the skills and experience needed

to tackle the challenge – whether this be subject matter,

technological, or otherwise.


No AML Regime

Identifying and



crypto transactions


Monitoring



Investigation

and reporting



• No reporting yet of crypto currency transactions by Canadian

players that we are aware of.

• This is being discussed and contemplated.

• Investigations are on the rise by regulators around the

globe. The SEC is increasing scrutiny on ICOs with more

than a dozen companies under investigation in the US.

• Quebec government’s chief data scientist recently

announced opinion on money laundering through

bitcoin.


• Need to build reporting framework.


No AML Regime

Identifying and



crypto transactions


Monitoring



Investigation

and reporting


Where next from here?

• We as AML professionals must embrace the technology for what it is and learn more in

order to better understand its opportunities and threats from an AML perspective;

• More is needed (and understanding will help) to put the right structures in place;

• This falls on us as AML professionals and practitioners, but also those operating in the

industry;

• We should move away from considering the ‘real’ and ‘virtual’ world as two independent

worlds;

• We need to integrate our thinking and approaches otherwise we create opportunities for

illegal funds/owners of those funds to flourish;

• Not a one size fits all approach.

Thank you. Please feel free to get in

touch to discuss further.

Giles Dixon, CBP

Senior Consultant, Cryptocurrencies,

Financial Services Advisory

Grant Thornton Canada

E: [email protected]

Tel: +1 (416) 607 2689

Cell: +1 (647) 676 4671

mailto:[email protected]

Date post:	13-Jun-2020
Category:	Documents
Upload:	others
View:	4 times
Download:	0 times

AML and cryptocurrencies background and threats to ... · AML and cryptocurrencies. 3 Some...

Documents