Join the 7/21 live chat & demo: How to turn KYB & KYC into your competitive advantage

Industry

How do AML regulations apply to crypto exchanges?

If your business operates in the crypto space, it’s critical that you understand the tenets of AML so you can take the requisite steps to meet regulatory requirements.

Table of contents
Share this post
Copied
⚡ Key takeaways
  • In 2019, three financial regulators issued a joint statement formally classifying crypto exchanges as financial institutions subject to AML rules.
  • AML regulations require financial institutions to monitor customer transactions, report suspicious activity, and verify their customers' identities.
  • Crypto exchanges may carry a higher risk of money laundering due to their anonymous and global nature.

For years, cryptocurrency exchanges operated in something of a regulatory no-man’s land. With no laws formally aimed at their regulation, they operated largely of their own accord without concern for regulations typically aimed at more traditional financial institutions like banks.

But all of this changed in 2019, when three financial regulators — the CFTC, SEC, and FinCEN — issued a joint statement formally classifying cryptocurrency exchanges as financial institutions subject to anti-money-laundering (AML) rules established by the Bank Secrecy Act. The statement ushered in an era of renewed regulatory thrust directed at cryptocurrency exchanges.

Before the statement, each regulatory body was forced to rely on its own interpretations of existing statutes, leading to a patchwork of regulations that was difficult to enforce. After the statement was released, they began working more closely together to regulate the space.

In the years since, a number of crypto exchanges have been the target of fines and criminal action due to regulatory violations, including those related to nonexistent or inadequate anti-money laundering policies.

One cryptocurrency derivatives exchange, for example, was forced to pay $100 million in 2021 to settle a number of regulatory violations. Just this year, three of the company’s founders pleaded guilty to violating the Bank Secrecy Act, and were required to pay $10 million in fines each in order to avoid jail time.

With all of this in mind, if your business operates as a cryptocurrency exchange or more broadly in the realm of crypto, it’s critical that you understand the tenets of anti-money laundering law so you can take the requisite steps to meet regulatory requirements.

What is anti-money laundering (AML)?

AML is short for anti-money laundering, which refers to laws and regulations in place specifically to limit the potential for money laundering and other financial crimes such as identity theft and tax evasion.

Generally speaking, AML regulations require financial institutions to monitor customer transactions for suspicious activity which might indicate money laundering or other financial crimes, and to report these transactions in a timely manner. At the same time, they also require financial institutions to verify their customers’ identities through processes known as Know Your Customer (KYC).

The pillars of AML compliance

In order to meet the anti-money laundering requirements established in the Bank Secrecy Act and related laws, financial institutions must implement five pillars of AML:

  1. Designate a compliance officer, who will act as a point person for everything related to AML within your business.
  2. Develop internal policies that allow you to effectively monitor for and report on suspicious activity.
  3. Create a training program for employees that empower them to meet the standards set forth in the Bank Secrecy Act.
  4. Ensure independent testing and auditing of your AML program and policies by accredited third-parties.
  5. Deploy in-depth risk assessment in identifying and verifying the identity of your customers.

Crypto and money laundering

By the very nature of what they are and how they are used, cryptocurrencies may carry a higher risk of money laundering.

Transactions made with cryptocurrencies can have a high degree of anonymity compared to transactions completed with a credit card, debit card, or even cash — all depending on how exactly the transaction is completed. While cryptocurrency exchanges must now monitor accounts for suspicious activity, this was not always the case; and even today, decentralized exchanges (DEXs) are largely exempt from AML regulations, at least for the time being.

Additionally, the global nature of cryptocurrencies brings with it its own risks. Cross-border transactions widen the potential jurisdictions that cases may span, making coordination all the more difficult for regulators. They may also make it possible for politically exposed persons (PEPs), individuals on sanctions lists, and others to skirt monitoring.

For these reasons, criminals have made a habit of leveraging cryptocurrency exchanges for the express purpose of laundering money. According to an analysis conducted by Chainalysis, a blockchain analytics firm, criminals have laundered $33 billion worth of cryptocurrency since 2016. And it’s estimated that $2.8 billion was laundered specifically through legitimate crypto exchanges in 2019.

These factors have led to a reputation problem for the cryptocurrency industry, with many individuals believing that “only criminals use cryptocurrency.” This attitude, paired with other factors, has almost certainly limited crypto’s adoption — especially amongst institutional investors.

The good news is that the move toward AML compliance can do wonders to rehabilitate crypto’s image and establish it as a legitimate part of the financial system.

AML and KYC solutions for your cryptocurrency exchange

Implementing anti-money laundering and Know Your Customer policies is a requirement for any cryptocurrency exchange operating today. But that doesn’t mean it comes without challenges.

One of the most important challenges that exchanges need to be aware of as they establish their policies is the friction that these policies introduce to their signup process. This friction is what empowers your business to verify users’ identities, ensure they are legitimate users, and deter acts of money laundering and financial crime. But left unchecked, it can also overwhelm potential customers and reduce conversions, especially as many individuals are interested in crypto specifically because of its anonymous nature.

That’s why it’s so important to ensure that the AML software and tools you leverage also give you the freedom to control how much friction is introduced and at which points in the process.

Here at Persona, we’ve developed robust identity verification tools that you can use to meet AML and KYC requirements while also managing friction so that you can optimize for conversions.

Verify your users’ identities with a mix of active, passive, and behavioral signals, depending on the unique circumstances and risk of each signup. Screen your users against sanctions lists, watchlists, adverse media, and other reports to ensure that they can and should have access to your services. Streamline the manual review process when potential suspicious activity occurs. Leverage automation to scale without sacrificing quality or compliance.

Interested in learning more? Start for free or get a demo today.

Frequently asked questions

Who regulates cryptocurrency exchanges?

In the United States, cryptocurrency exchanges fall under the regulatory purview of a number of federal agencies, including:

  • Financial Crimes Enforcement Network (FinCEN)
  • The Commodities Futures Trading Commission (CFTC)
  • The Federal Trade Commission (FTC)
  • The Securities and Exchange Commission (SEC)
  • The Consumer Financial Protection Bureau (CFPB)
  • The Internal Revenue Service (IRS)

Other jurisdictions rely on their own regulatory bodies. In Germany, for example, exchanges are regulated by the Financial Supervisory Authority (BaFin), while in Italy they are regulated by the country’s Ministry of Finance.

What laws establish AML requirements for crypto?

Anti-money laundering regulations vary from country to country. In the United States, arguably the most important of these laws is the Bank Secrecy Act, which essentially laid the foundation for anti-money laundering regulations in the states. Other important US laws related to AML include:

  • The Money Laundering Control Act, which expanded the types of transactions financial institutions are required to report
  • The Annunzio-Wylie Anti-Money Laundering Act, which required banks to implement anti-money laundering prevention practices
  • The USA PATRIOT Act, which ushered in the era of KYC compliance
  • The Anti-Money Laundering Act of 2020, which amends and expands upon the Bank Secrecy Act

Table of contents

For years, cryptocurrency exchanges operated in something of a regulatory no-man’s land. With no laws formally aimed at their regulation, they operated largely of their own accord without concern for regulations typically aimed at more traditional financial institutions like banks.

But all of this changed in 2019, when three financial regulators — the CFTC, SEC, and FinCEN — issued a joint statement formally classifying cryptocurrency exchanges as financial institutions subject to anti-money-laundering (AML) rules established by the Bank Secrecy Act. The statement ushered in an era of renewed regulatory thrust directed at cryptocurrency exchanges.

Before the statement, each regulatory body was forced to rely on its own interpretations of existing statutes, leading to a patchwork of regulations that was difficult to enforce. After the statement was released, they began working more closely together to regulate the space.

In the years since, a number of crypto exchanges have been the target of fines and criminal action due to regulatory violations, including those related to nonexistent or inadequate anti-money laundering policies.

One cryptocurrency derivatives exchange, for example, was forced to pay $100 million in 2021 to settle a number of regulatory violations. Just this year, three of the company’s founders pleaded guilty to violating the Bank Secrecy Act, and were required to pay $10 million in fines each in order to avoid jail time.

With all of this in mind, if your business operates as a cryptocurrency exchange or more broadly in the realm of crypto, it’s critical that you understand the tenets of anti-money laundering law so you can take the requisite steps to meet regulatory requirements.

What is anti-money laundering (AML)?

AML is short for anti-money laundering, which refers to laws and regulations in place specifically to limit the potential for money laundering and other financial crimes such as identity theft and tax evasion.

Generally speaking, AML regulations require financial institutions to monitor customer transactions for suspicious activity which might indicate money laundering or other financial crimes, and to report these transactions in a timely manner. At the same time, they also require financial institutions to verify their customers’ identities through processes known as Know Your Customer (KYC).

The pillars of AML compliance

In order to meet the anti-money laundering requirements established in the Bank Secrecy Act and related laws, financial institutions must implement five pillars of AML:

  1. Designate a compliance officer, who will act as a point person for everything related to AML within your business.
  2. Develop internal policies that allow you to effectively monitor for and report on suspicious activity.
  3. Create a training program for employees that empower them to meet the standards set forth in the Bank Secrecy Act.
  4. Ensure independent testing and auditing of your AML program and policies by accredited third-parties.
  5. Deploy in-depth risk assessment in identifying and verifying the identity of your customers.

Crypto and money laundering

By the very nature of what they are and how they are used, cryptocurrencies may carry a higher risk of money laundering.

Transactions made with cryptocurrencies can have a high degree of anonymity compared to transactions completed with a credit card, debit card, or even cash — all depending on how exactly the transaction is completed. While cryptocurrency exchanges must now monitor accounts for suspicious activity, this was not always the case; and even today, decentralized exchanges (DEXs) are largely exempt from AML regulations, at least for the time being.

Additionally, the global nature of cryptocurrencies brings with it its own risks. Cross-border transactions widen the potential jurisdictions that cases may span, making coordination all the more difficult for regulators. They may also make it possible for politically exposed persons (PEPs), individuals on sanctions lists, and others to skirt monitoring.

For these reasons, criminals have made a habit of leveraging cryptocurrency exchanges for the express purpose of laundering money. According to an analysis conducted by Chainalysis, a blockchain analytics firm, criminals have laundered $33 billion worth of cryptocurrency since 2016. And it’s estimated that $2.8 billion was laundered specifically through legitimate crypto exchanges in 2019.

These factors have led to a reputation problem for the cryptocurrency industry, with many individuals believing that “only criminals use cryptocurrency.” This attitude, paired with other factors, has almost certainly limited crypto’s adoption — especially amongst institutional investors.

The good news is that the move toward AML compliance can do wonders to rehabilitate crypto’s image and establish it as a legitimate part of the financial system.

AML and KYC solutions for your cryptocurrency exchange

Implementing anti-money laundering and Know Your Customer policies is a requirement for any cryptocurrency exchange operating today. But that doesn’t mean it comes without challenges.

One of the most important challenges that exchanges need to be aware of as they establish their policies is the friction that these policies introduce to their signup process. This friction is what empowers your business to verify users’ identities, ensure they are legitimate users, and deter acts of money laundering and financial crime. But left unchecked, it can also overwhelm potential customers and reduce conversions, especially as many individuals are interested in crypto specifically because of its anonymous nature.

That’s why it’s so important to ensure that the AML software and tools you leverage also give you the freedom to control how much friction is introduced and at which points in the process.

Here at Persona, we’ve developed robust identity verification tools that you can use to meet AML and KYC requirements while also managing friction so that you can optimize for conversions.

Verify your users’ identities with a mix of active, passive, and behavioral signals, depending on the unique circumstances and risk of each signup. Screen your users against sanctions lists, watchlists, adverse media, and other reports to ensure that they can and should have access to your services. Streamline the manual review process when potential suspicious activity occurs. Leverage automation to scale without sacrificing quality or compliance.

Interested in learning more? Start for free or get a demo today.

Continue reading

Continue reading

Why does KYC matter for fintech companies?
Industry

Why does KYC matter for fintech companies?

Whether you offer a lending product or investing service, if you're a fintech company, you need to comply with KYC regulations.

Why automated adverse media screening is essential for AML
Industry

Why automated adverse media screening is essential for AML

Negative news checks are an essential but complex process. Protect your business from reputational risk with an automated screening solution.

AML tools: What to look for in AML software
Industry

AML tools: What to look for in AML software

Learn about the different features you may want to look for as you build your AML toolkit.

Ready to get started?

Get in touch or start exploring Persona today.