Cryptocurrency is receiving increased attention from regulators worldwide, and this has been met with significant pushback from many within the crypto community. Some in the space are simply against any form of regulation, whereas others have zeroed-in on particular regulatory measures such as anti-money laundering (AML) and know your customer (KYC) screening.
While these regulations may pose challenges for businesses by adding additional cost and operational requirements, they are necessary to protect the cryptocurrency sector and its users from fraud and bad actors.
The Current State of KYC and AML
Before we get into an analysis of whether these procedures and costs are justified, we must describe the current state of AML and KYC. Financial institutions, including banks, brokers/dealers, MSBs, and exchanges, are required to perform checks on their current and potential account holders to assess the risk the client poses to the institution as well as to the financial system at large. In addition, ongoing monitoring of account holders and their financial activities is conducted to ensure accounts are not being used for illegal purposes.
When performing AML checks on current and potential account holders, financial institutions are looking to identify risks related to sanctions, political exposure, and high-risk individuals and entities. Sanctions screening ensures that any individual or entity listed by a sanction body cannot open an account or transact in the financial markets of specific jurisdictions. These sanction lists include the leadership of narcotics trafficking organizations, terrorist groups, and high-ranking political figures in high risk countries. To date, there are approximately 20,000 individuals and entities who are sanctioned by governments around the world. Additionally, to fight the illicit movement of money from bribery or corruption, financial institutions must screen and monitor the activities of politically exposed persons (PEPs), their immediate relatives, and close associates.
They are also required to screen high-risk individuals and entities who are suspected to be involved in financial or business-related crime or terrorism. These risks are defined by the Financial Action Task Force (FATF), an inter-governmental body established to promote effective AML and CFT controls world-wide.
Financial institutions play a key role in detecting financially-motivated criminal activities. These include activities such as organized crime, human and migrant smuggling, sexual exploitation, drug trafficking, corruption, bribery, fraud, counterfeiting, insider trading, arms trafficking, and extortion, as well as many others. Without the assistance of financial businesses, it would be far more difficult for law enforcement to identify these criminal behaviors.
This does not mean that banks, exchanges, and other financial institutions are acting as a police-force. Rather, they are intermediaries monitoring businesses for risks and working directly with law enforcement by passing along information that may lead to legal or regulatory action, if necessary. Financial institutions must ensure that criminal activities do not take place right under their noses. By submitting suspicious activity reports (SARs) to the appropriate regulators, financial institutions are assisting law enforcement in rooting our criminal activities.
The Role of Trust
Ensuring trust and confidence in financial markets has been a key component of the cryptocurrency model since the original Bitcoin white paper. The ability for technology to solve problems, such as double-spending, was a key driver that helped to bring cryptocurrency mainstream. While some controls can be programmed into cryptocurrency software, others require (at least for now) third party monitoring to ensure market participants can trust the system. There have already been cases that demonstrate the need for regulatory oversight. For example, in 2016 Bitcoin Savings and Trust was shut down by regulators, and its operator, Trendon Shavers, was sentenced to prison for operating a Ponzi scheme.
Regulation and Innovation
Many accuse regulatory bodies of stifling innovation. It is not the role of any regulation to encourage innovation, nor is it the role of regulation to stifle it. Regulations are in place to protect individuals and institutions from negligence or malicious behavior. All business must conform to certain regulations as part of the cost of doing business. As an example, restaurants are required to have fire suppression systems which can costs thousands of dollars and be a significant expense to a small restaurant, but are necessary to protect both the staff and customers.
There are two main criticisms of AML and KYC compliance:
- Access to Banking and Remittances. Due to the cost of compliance, financial institutions must take a risk-based approach to screening their clients. Because of the risk of on-boarding a high-risk individual, many institutions take a broad-brush approach to reducing that risk. For example, banks may refuse business to or from individuals or entities in certain high-risk countries (such as Somalia, South Sudan, Yemen, Libya, etc.). This method of screening saves the financial institution considerable money in AML and KYC screening costs with a generally minimal loss in revenue, as these high-risk countries are often not large revenue generators for banks. Unfortunately, this can lead to individuals from these countries being denied essential financial services, such as remittance payments from abroad.
- AML and KYC Costs. The costs and potential fines around AML and KYC are quite large. Financial institutions are spending more and more every year on mitigating the risks associated with anti-money laundering and terrorist financing to avoid these fines.
The Evolution of Compliance
The increasing complexity and number of regulations has spurred tremendous innovation in the last few years. FinTech and RegTech companies are looking at how innovation can mitigate the costs and improve the ease at which regulation can be adhered to. Many of these companies are using advances in AI, data modeling, and machine learning to automate compliance tasks. As these tools gain traction, the overall costs of compliance will decrease and allow for better targeting of AML controls, allowing financial institutions to spend less on compliance while opening their doors to more clients.
Compliance procedures in the fiat currency space have grown slowly over the last 40 years. This has led to a disjointed approach to compliance, often relying on outdated, siloed systems. Cryptocurrency companies have the opportunity to learn from these past mistakes while also harnessing new technologies. A number of RegTech start-ups are taking on these challenges to ease the burden of compliance while simultaneously being more risk averse at a significantly lower cost.
Compliance in the Crypto World
For some companies trying to enter the cryptocurrency industry, implementing the appropriate processes and protections can pose challenges, specifically for organizations that are opening exchanges or other businesses that transact between crypto and fiat currencies.
While blockchain has opened an entirely new world of financial and business offerings, it also has the potential to transform how ID verification and AML/BSA controls are implemented in ways that decrease overall costs and risk exposure. Businesses that are required to follow AML and KYC regulations should look toward emerging RegTech companies that serve both traditional markets and well as those specialized toward cryptocurrency.
For exchanges, ICOs, and other new crypto-businesses, the challenge can seem daunting. These companies manage everything from remote ID verification to global jurisdictional compliance with both AML and securities regulations, and much more. This challenge is made more complex by KYC vendors that offer substandard levels of monitoring and screening. Companies must select a vendor that can demonstrate expertise in sanctions and PEP screening as well as risks unique to the cryptocurrency industry, such as wallet forensics. The right vendor can save significant long-term costs and lower risk. The wrong vendor can leave your business exposed to regulatory audit or review.
Regulations are here to stay. Governments across the globe are continuing to increase and standardize their approach to anti-money laundering and countering the financing of terrorism. As cryptocurrency becomes more mainstream, regulators are going to push to ensure the same protections and monitoring exist for those transactions as they do for traditional, fiat transactions. Cryptocurrency companies are in a unique position, working with regulators globally to establish controls that meet compliance obligations in a more cost-effective manner than what exists for traditional financial markets.
Greg Pinn has a decade of experience leading global best practices in anti-money laundering (AML) and know-your-customer (KYC) industry. Greg currently serves as head of product strategy for iComply and previously ran strategy for World-Check, the world leader in risk-based intelligence data.