NFTs and compliance: what to know about this crypto-era commodity

Learn more about non-fungible tokens, why they're appealing to criminals, and how to reduce the risk of money laundering via NFTs.

Table of contents

Money laundering is a process criminals use to obfuscate their source of income. It effectively allows them to “wash” funds by moving them through various channels, which makes it hard to identify where the funds came from.

Unsurprisingly, the move to digital transactions has led to increased money laundering risks — recent data found that cryptocurrency money laundering rose 30% year over year in 2021. It makes sense; the anonymous nature of Bitcoin and other blockchain-based transactions makes it even easier for criminals to obfuscate their funding sources.

At the same time, a report from the U.S. Department of the Treasury notes that high-value art purchases also remain a popular pathway for money laundering, as they allow criminals to convert illicit assets into sources of stable value.

Non-fungible tokens (NFTs) offer the best of both worlds for money laundering efforts: anonymous transactions backed by ownership of unique assets. But what exactly is an NFT? How do criminals carry out money laundering efforts with the digital tokens, and what steps can organizations take to reduce the risk of NFT laundering? We’ll cover these questions and more in this basic primer.

What are NFTs?

You’ve probably heard the term NFT and wondered exactly what it meant. And you’ve probably seen a few definitions of the term that started off simply enough but left you scratching your head.

We’ve got you covered.

Blockchain basics

First let’s talk about blockchain, which is the framework used to sell and purchase NFTs.

Blockchain is a “shared public ledger,” which means all transactions made on a blockchain platform — such as Bitcoin, Ethereum, Dogecoin, etc. — can be viewed by all users of the platform. While the parties involved in the transaction remain anonymous, the transaction itself becomes public record and can’t be changed or eliminated. In effect, it becomes a single “block” in a larger chain, and any attempt to modify a block disrupts the entire chain, making it almost impossible to make alterations after the fact.

Anything can be a block. In many cases, these blocks take the form of cryptocurrencies that traders exchange for real money depending on market value.

Non-fungible fundamentals

Assets can be fungible or non-fungible. Fungible assets are identical to each other and can be traded with no loss in value or change in functionality. One easy example of a fungible asset is a dollar bill. One dollar bill can be exchanged for any other with no loss in value — from a market standpoint, they’re identical.

Non-fungible assets, meanwhile, are unique. Consider the Mona Lisa. While you could exchange the Mona Lisa for another piece of art, it would never be exactly the same. It wouldn’t look the same, and it wouldn’t have the same value. Whether you trade it for another painting from a master artist or a baseball card from someone’s basement, non-fungible assets are inherently unique.

NFTs explained

So what exactly is an NFT? In practice, non-fungible tokens combine the secure and anonymous nature of blockchain with non-fungible assets such as art.

NFTs may take the form of drawings, music, videos, or even Tweets. As a result, they’re often thought of as the future of art collecting; rather than owning physical canvases or carvings, buyers own the rights to the digital asset itself.

This is where it gets weird(er) — since NFT owners don’t actually own the physical thing itself, they can’t prevent people from downloading or screenshotting it. Think of it like owning the Mona Lisa but having it stored in a museum. There’s nothing to stop people from taking pictures of it or buying prints of the original, but when visitors look up the details, you’re listed as the owner.

Although you can’t take physical ownership of an NFT, you can sell it to someone else via blockchain if they’re willing to pay for it — but until that sale happens, you’re listed as the permanent owner of the NFT. While the long-term value of the NFT market remains to be seen, some artists are using the framework to create and sell unique digital artwork online.

Are there any regulations around NFTs?

While the volume and value of NFT transactions are on the rise — one NFT video recently sold for $6.6 million — regulations around these assets are still in their infancy.

In the U.S., for example, no specific regulations exist around NFTs, despite the fact that some platforms are now seeing billion-dollar sales figures each month. Currently, lawmakers are trying to find the best fit for NFTs — it’s likely that rules similar to cryptocurrency regulations will be applied, but given that NFTs aren’t identical to currencies like Bitcoin and Etherium, there will be some differences. It’s almost certain, however, that NFT platforms will eventually be subject to Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations under the Bank Secrecy Act (BSA).

In countries like Japan, meanwhile, NFTs likely fall under article 2.1 of the country’s Financial Instruments and Exchange Act if money or assets that are defined as “distribution of profits” are provided to the holder of an NFT, but the definition is still evolving.

Put simply, while NFT regulations are still in development, businesses should expect to see them sooner rather than later as this market evolves.

What are the money laundering risks of NFTs?

There are two characteristics of NTFs that make them especially appealing to criminals looking to launder funds: Anonymity and value.

First up: anonymity. While the nature of blockchain makes it possible for everyone on the network to “see” the value of a transaction and confirm that the transaction is completed, blockchain platforms provide no details about the buyers or sellers unless these parties choose to disclose this information. This adds to the overall security of blockchain — customers can carry out transactions with confidence since there’s virtually no chance of data being tampered with or deleted, so they don’t have to worry that their personal details are at risk of being exposed.

For ordinary users, this is comforting. For money launderers, it’s ideal. Not only are their transactions effectively immutable, meaning refunds can’t be issued and transactions can’t be voided, but no one has any idea where the funds used in these transactions are coming from or how they’ve been obtained. As a result, NFTs make it possible for criminals to purchase digital art or other assets using funds obtained via illegal actions with no one the wiser.

Value is also a challenge. In the world of physical high-value art, appraisals are often conducted to determine a fair market value for the item being purchased. If anonymous buyers are willing to pay far more than the item is worth, it may be a sign of money laundering. With NFTs, meanwhile, the volatile nature of the market makes it almost impossible to determine the token’s fair market value, in turn creating a challenge for regulators looking to establish clear indicators of money laundering.

How can businesses reduce these money laundering risks?

With regulation on the horizon and money laundering on the rise, companies are well-served by taking steps to mitigate NFT risk.

Some potential protective measures include:

Identity verification

Ensuring that customers are who they say they are is a critical component of reducing NFT money laundering risk. This starts with identity verification tools that help confirm the identity of potential buyers or sellers by evaluating provided information and documents against government databases and money laundering watchlists.

Once customers are verified, two-factor authentication can help protect accounts. For example, businesses that facilitate NFT transactions or handle funds from these transactions might use one-time SMS messages, authenticator apps, USB keys, or biometrics such as fingerprints in addition to usernames and passwords.

KYC/AML compliance

While KYC and AML regulations don’t apply to NFTs yet, it’s worth proactively applying these approaches to blockchain and NFT transactions to both help reduce the risk of money laundering and other financial crimes — and help you get ahead of the compliance curve.

AML programs are build on five pillars: designating a compliance officer, developing internal policies, creating an employee training program, conducting third-party audits, and deploying risk-based procedures for conducting customer due diligence. KYC compliance, which falls under the umbrella of AML typically involves three main risk-based approaches: a customer identification program (CIP), customer due diligence (CDD) processes, and continuous transaction monitoring.

At the same time, businesses must still be mindful of the customer experience. Security measures that significantly increase the time and effort required to create an account or perform an action can lead to frustration and potential customer loss.  As a result, it’s critical for businesses to leverage progressive risk segmentation to find the right balance between fraud prevention and conversion.

Navigating NFTs

While the future of NFTs is uncertain, it’s safe to say these digital assets represent real money laundering risk. To help reduce the likelihood that criminals will use NFTs to conceal financial crime, it’s worth taking proactive steps to verify customers without impacting the speed and simplicity of the digital transaction process.

Looking to navigate the new world of NFTs? See how Persona can help.

Frequently asked questions

No items found.

Continue reading

Continue reading

What is KYB, and why does it matter?

What is KYB, and why does it matter?

If you work with other companies, you may be required to implement KYB verification. Learn more.

Decentralized exchanges and KYC

Decentralized exchanges and KYC

It's important for decentralized exchanges to get ready for KYC and AML regulations now so they will be prepared if and when they find themselves subject to the rules.

5 best practices for securing health data

5 best practices for securing health data

Healthcare organizations must prioritize data security to protect patient information and ensure regulatory compliance. Learn how.

Ready to get started?

Get in touch or start exploring Persona today.