How Does AML Apply to Crypto? [With Examples]

Learn all about crypto compliance, AML regulations, new Travel Rule updates, and what kind of measures are now required for VASPs.

The decentralized nature of cryptocurrencies, unfortunately, has created decent opportunities for money laundering and other financial crimes, including terrorism financing. However, more and more legislative changes are coming after shocking events like Binance putting a green light on proxies of the terrorist group. They were often based in sanctioned regions and used cryptocurrencies to convert digital assets into cash, cleaning the dirty money. 

To combat such criminal activities, legislative changes needed to happen, and they did. Many jurisdictions passed changes in Anti-Money Laundering (AML) laws, enacting stricter AML legislation to prevent money laundering through cryptocurrency exchanges and custodian services. In 2019, major financial regulators, such as the Financial Crimes Enforcement Network (FinCEN) and Commodity Futures Trading Commission (CFTC), issued a joint statement classifying crypto companies as financial institutions — which meant the same AML rules that were established by the Bank Secrecy Act (BSA). 

Such changes required a collaborative effort between crypto platforms to find a unified approach to compliance in order to regulate this industry and avoid misinterpretation. However, as a very user-centric industry where identities sometimes want to be protected, some crypto players still fear that complying with AML regulations means more complicated transactions and extra friction to the end-user experience. 

What Does Anti-Money Laundering (AML) Mean for Crypto?

Anti-Money Laundering (AML) for cryptocurrencies refers to laws, regulations, and policies designed to prevent criminals from fraud and various financial crimes, such as converting illegally obtained cryptocurrencies into cash.

In general, AML compliance requires crypto companies and other financial institutions to verify customers’ identities through processes known as Know Your Customer (KYC). More importantly, AML regulations mean that all regulated entities must monitor transactions for suspicious activities, flag AML risks, and report suspicious activities to relative authorities. 

Why are AML Processes Vital for the Crypto Sector?

AML procedures enhance the reliability and security of transactions on crypto platforms, underscoring their critical importance.  By protecting users through more stringent requirements, like the Travel Rule, crypto players are now on the same level as standard financial institutions in the sense that they stabilize the whole market and adhere to global AML standards by preventing non-compliance, such as sanctions violations. 

AML measures are vital in this industry also due to cryptocurrencies and their nature. Due to the accessibility of digital assets and overall financial inclusion, over the years, crypto has proved to be a “reliable” channel for illicit activities. The low-cost crypto transactions also make them appealing for crime. Using crypto, fraudsters might try to move illicit funds with minimal digital footprints, making the detection challenging.

Companies new to crypto exchanges often have incomplete AML processes and lack proper specialists or AI-powered RegTech solutions in their internal AML programs. What’s more, the lack of clarity in the AML frameworks around reporting requirements, particularly in cross-border transactions, results in AML compliance breaches. However, some experts speculate that sectors like DeFi will be regulated as well. This is linked to the goal of helping private companies and governments to actually detect and prevent illicit activities. 

Is there Actual Money Laundering in the Crypto Industry?

According to Chainalysis’ report, criminals laundered $8.6 billion in cryptocurrency in 2021, marking a 30% increase from the previous year. A large portion of this big number consisted of different crypto transfers being funneled into a small number of services — all for money laundering purposes. 

Crypto firms face similar money laundering techniques as standard banks, such as using money mules or structuring to hide illicit funds. But the challenges don’t end here. Small crypto platforms typically can’t afford to hire a whole in-house compliance staff or need specific compliance officers who are skilled in the crypto field. To detect money laundering and achieve AML compliance in the crypto industry, companies can automate certain tasks in their AML programs using AML software, saving both time and resources.

Reasons Why Crypto Transactions Have a Higher Risk of Money Laundering

The Financial Action Task Force (FATF) first released a report illustrating the AML risks in the industry back in 2014. It highlighted the key factors that make crypto exchanges more susceptible to money laundering. 

This was primarily due to some exchanges allowing anonymous transactions, along with other concerns such as:

  • The lack of cohesion in AML rules for crypto, slow adoption of these standards and no communication between crypto businesses. 
  • The lack of AML measures that can lead to politically exposed persons (PEPs), sanctioned entities, and others to evade monitoring.
  • A high volume of cross-border transactions, which are harder to trace in cases of illicit activity.
  • The easy accessibility and ability to move assets using multiple crypto wallets. 
  • Increased tumbling risks due to crypto’s ability to be divided into smaller amounts and multiple transactions. 
  • The lack of regulations and the high degree of subjectivity in valuing NFTs have also made them useful for money launderers.
  • Blockchain’s nature of not having to verify the actual identity of the user, only their wallet’s address.

For example, a bad actor can use dirty money to purchase coins on a crypto exchange platform. Then, they can transfer these virtual assets between wallets and exchanges to hide their origin. Finally, they can use the exchange to convert their crypto into fiat currency and clean the illicit funds. 

Since such transactions are typically marked by non-face-to-face customer interactions, this also opens doors for anonymous funding opportunities. For example, standard cash funding or third-party funding that doesn’t properly identify the money’s true source.  

What are the AML Requirements for Crypto?

After the FATF’s guidance on first published guidance on AML compliance for the crypto sector in 2014, policymakers in the  FATF member countries took action as well. This included global compliance watchdogs like the European Commission, FinCEN, and others who added FATF’s crypto AML recommendations to their own frameworks.

Since the industry’s reputation wasn’t at its finest, and crypto had already stuck a negative label to its name, AML requirements got stricter. In 2019, the FATF intensified its AML efforts and presented the report “Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers.” Additionally, the FATF addressed new risks and market developments, including DeFi, stablecoins, P2P transactions, and NFTs. 

Currently, cryptocurrency exchanges, stablecoin issuers, and some DeFi protocols or NFT marketplaces fall into the virtual asset service provider (VASP) category. All companies that are considered to be VASPs should use KYC checks and transaction monitoring to ensure compliance with AML requirements. 

Related: 40 Recommendations of the FATF — Overview

The Definition of a VASP According to the FATF

According to the FATF, a VASP, or a virtual asset service provider, can be an individual or a legal entity involved in various activities, such as:

  • Transferring virtual assets.
  • Exchanging virtual assets and fiat currencies.
  • Converting virtual assets between different forms.
  • Safeguarding or managing virtual assets or instruments that provide comprehensive control over them.
  • Participating in and facilitating financial services related to the sale of virtual assets or an issuer’s offer.

A key feature of digital assets is their use of decentralized digital ledgers to record ownership and transactions. However, not all digital asset entities, such as individual miners, qualify as VASPs under the FATF’s recommendations. A single miner typically lacks the characteristics required for VASP classification.

As per the Travel Rule, all VASPs must collect and transfer customer information when conducting transactions with digital currencies. This applies to transactions above a certain threshold. Additionally, VASPs must screen the counterparty customer for sanctions and perform customer due diligence (CDD) on the counterparty VASP.

The Meaning of the Crypto Travel Rule in AML Compliance 

Many crypto exchanges have already used AML processes in the past to identify and screen their customers for sanctions both during onboarding and to ensure ongoing due diligence. However, the Crypto Travel Rule now mandates institutions to receive and screen the counterparty VASP’s customer information for sanctions and conduct due diligence on the counterparty VASP. 

To achieve sanctions compliance, crypto companies often use automation in order to:

The goal of this AML compliance requirement is to help crypto companies establish safer business relationships and decide whether to accept or deny the transaction. 

What are the General Pillars of AML Compliance?

The Bank Secrecy Act (BSA) requires financial institutions to develop AML programs to combat illicit activities. In the UK, the Money Laundering Regulations (MLRS) and in the US, the Anti-Money Laundering Act of 2020 aid companies in establishing comprehensive AML programs with standard guidelines. 

These include five pillars of AML compliance, which recommend companies to:

  1. Appoint a compliance officer to oversee all AML-related processes.
  2. Establish internal policies enabling effective monitoring and reporting of suspicious activities.
  3. Implement a comprehensive training program to educate employees on AML compliance and regulatory changes. 
  4. Arrange for independent testing and auditing of the company’s AML program.
  5. Conduct a thorough AML risk assessment to identify and verify customer identities aligned with their updated risk profiles.

Related: What is a Risk-Based Approach to AML?

What is the KYC Process in Crypto?

The KYC process is part of an AML compliance program. It can be structured into three main steps: 

  1. Customer Identification Program (CIP). It involves verifying the client’s identity with reliable information like legal name, date of birth, and address, often using documents like driver’s licenses or passports.
  2. Customer Due Diligence (CDD). It helps assess the risk of new clients or business relationships, usually based on more in-depth background checks.
  3. Ongoing monitoring. This step means regularly checking customer risk profiles and their transactions for any signs of criminal activity. If suspicious activity is found, VASPs must file a Suspicious Activity Report (SAR) and file it with relevant law enforcement agencies.

As crypto exchanges and virtual currency transactions become more mainstream, it’s simply crucial for crypto exchanges and all VASPs to verify transaction beneficiaries. Therefore, automated KYC measures like document verification, selfie checks, or address verification are mandatory to customize the onboarding flow and comply with regulatory requirements. 

And What About the User Experience With All These KYC/AML Measures?

Since AML compliance mandates crypto exchanges to conduct ID verification checks, which might require additional checks like uploading documents for address verification or reverification purposes, it’s become standard practice. However, some crypto users fear that such measures can lengthen transaction times and, naturally, decrease anonymity. 

To avoid unnecessary friction from the end-user’s perspective, crypto players and all VASPs should choose customizable AML tools that can be tailored to user risk profiles and specific use case scenarios. 

Since joining G2, iDenfy was labeled as the best KYC, and now AML software and RegTech solutions provider, helping blockchain platforms and a bunch of other sectors increase conversions without compromising on fraud prevention. However, practice is always better than plain theory. So, we’re more than keen to discuss your priorities and industry specifics over a short call.

Book your free demo for a hands-on experience of our AML, KYC, and KYB hub. 

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.