For years, cryptocurrency exchanges operated in something of a regulatory no-man’s land. With no laws formally aimed at their regulation, they operated largely of their own accord without concern for regulations typically aimed at more traditional financial institutions like banks.
But all of this changed in 2019, when three financial regulators — the CFTC, SEC, and FinCEN — issued a joint statement formally classifying cryptocurrency exchanges as financial institutions subject to anti-money-laundering (AML) rules established by the Bank Secrecy Act. The statement ushered in an era of renewed regulatory thrust directed at cryptocurrency exchanges.
Before the statement, each regulatory body was forced to rely on its own interpretations of existing statutes, leading to a patchwork of regulations that was difficult to enforce. After the statement was released, they began working more closely together to regulate the space.
In the years since, a number of crypto exchanges have been the target of fines and criminal action due to regulatory violations, including those related to nonexistent or inadequate anti-money laundering policies.
One cryptocurrency derivatives exchange, for example, was forced to pay $100 million in 2021 to settle a number of regulatory violations. Just this year, three of the company’s founders pleaded guilty to violating the Bank Secrecy Act, and were required to pay $10 million in fines each in order to avoid jail time.
With all of this in mind, if your business operates as a cryptocurrency exchange or more broadly in the realm of crypto, it’s critical that you understand the tenets of anti-money laundering law so you can take the requisite steps to meet regulatory requirements.
What is anti-money laundering (AML)?
AML is short for anti-money laundering, which refers to laws and regulations in place specifically to limit the potential for money laundering and other financial crimes such as identity theft and tax evasion.
Generally speaking, AML regulations require financial institutions to monitor customer transactions for suspicious activity which might indicate money laundering or other financial crimes, and to report these transactions in a timely manner. At the same time, they also require financial institutions to verify their customers’ identities through processes known as Know Your Customer (KYC).
The pillars of AML compliance
In order to meet the anti-money laundering requirements established in the Bank Secrecy Act and related laws, financial institutions must implement five pillars of AML:
- Designate a compliance officer, who will act as a point person for everything related to AML within your business.
- Develop internal policies that allow you to effectively monitor for and report on suspicious activity.
- Create a training program for employees that empower them to meet the standards set forth in the Bank Secrecy Act.
- Ensure independent testing and auditing of your AML program and policies by accredited third-parties.
- Deploy in-depth risk assessment in identifying and verifying the identity of your customers.
Crypto and money laundering
By the very nature of what they are and how they are used, cryptocurrencies may carry a higher risk of money laundering.
Transactions made with cryptocurrencies can have a high degree of anonymity compared to transactions completed with a credit card, debit card, or even cash — all depending on how exactly the transaction is completed. While cryptocurrency exchanges must now monitor accounts for suspicious activity, this was not always the case; and even today, decentralized exchanges (DEXs) are largely exempt from AML regulations, at least for the time being.
Additionally, the global nature of cryptocurrencies brings with it its own risks. Cross-border transactions widen the potential jurisdictions that cases may span, making coordination all the more difficult for regulators. They may also make it possible for politically exposed persons (PEPs), individuals on sanctions lists, and others to skirt monitoring.
For these reasons, criminals have made a habit of leveraging cryptocurrency exchanges for the express purpose of laundering money. According to an analysis conducted by Chainalysis, a blockchain analytics firm, criminals have laundered $33 billion worth of cryptocurrency since 2016. And it’s estimated that $2.8 billion was laundered specifically through legitimate crypto exchanges in 2019.
These factors have led to a reputation problem for the cryptocurrency industry, with many individuals believing that “only criminals use cryptocurrency.” This attitude, paired with other factors, has almost certainly limited crypto’s adoption — especially amongst institutional investors.
The good news is that the move toward AML compliance can do wonders to rehabilitate crypto’s image and establish it as a legitimate part of the financial system.
AML and KYC solutions for your cryptocurrency exchange
Implementing anti-money laundering and Know Your Customer policies is a requirement for any cryptocurrency exchange operating today. But that doesn’t mean it comes without challenges.
One of the most important challenges that exchanges need to be aware of as they establish their policies is the friction that these policies introduce to their signup process. This friction is what empowers your business to verify users’ identities, ensure they are legitimate users, and deter acts of money laundering and financial crime. But left unchecked, it can also overwhelm potential customers and reduce conversions, especially as many individuals are interested in crypto specifically because of its anonymous nature.
That’s why it’s so important to ensure that the AML software and tools you leverage also give you the freedom to control how much friction is introduced and at which points in the process.
Here at Persona, we’ve developed robust identity verification tools that you can use to meet AML and KYC requirements while also managing friction so that you can optimize for conversions.
Verify your users’ identities with a mix of active, passive, and behavioral signals, depending on the unique circumstances and risk of each signup. Screen your users against sanctions lists, watchlists, adverse media, and other reports to ensure that they can and should have access to your services. Streamline the manual review process when potential suspicious activity occurs. Leverage automation to scale without sacrificing quality or compliance.