The need to curb financial crime risks of virtual currencies

22 June 2020 8 min. read

Cryptocurrencies have demonstrated that they are not a futuristic statement anymore. With over 17 million Bitcoins in circulation today, cryptos are ambitious and are being accepted internationally as payment methods for airline tickets, groceries and even to transfer funds via WhatsApp.

With China that is ready to ship its CBDC (Central Bank Digital Currency) and with JP Morgan introducing its own digital token for real-world users, European financial institutions must hurry up to invest in improving their AML/CFT policies and IT development if they wish to keep up with the pace of the market. Paula Petty, a Senior Consultant at Synechron in the Netherlands, outlines the case for change. 

The legitimate use of virtual assets

Virtual Assets, as defined by the Financial Action Task Force (FATF), is a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes, including both virtual – to – virtual and virtual – to – fiat transactions, financial activities or operations. 

A lot has been said about virtual assets, especially the fundamental qualities that have made them so radical: the freedom from middlemen and regulatory oversight. But the technology behind the virtual assets, blockchain, has been buzzing for some time and is coming close to maturity – and now has its chance to truly shine.

The need to curb financial crime risks of virtual currencies

Blockchain is a decentralized system that stands between all permitted parties and exists without the need of an intermediary. In blockchain we have the settlement of smart-contracts, which is a computer protocol intended to digitally facilitate and enforce the negotiation of a contract between the parties. More so, smart contracts define the rules and penalties in the same way that a traditional contract does, but automatically enforce those obligations. And that is why the innovation has gain traction in the traditional financial system.

According to a January 2019 report by the Bank for International Settlements (BIS), at least 40 Central Banks around the world are currently, or soon will be, researching and experimenting with central bank digital currency. The cryptos have attracted much interest within the central banking community for its potential to address long-standing challenges such as financial inclusion, payments efficiency, payment system operational and cyber resilience. 

In the commercial banks side, the technology also attracted attention. By eliminating the need for a third-party intermediary, buyer and seller can interact directly, while their exchange is recorded on the blockchain ledger. Consequently, the institutions can offer what every client wants: speed and reduced costs.

For example, clients that want to move huge sums of money would traditionally need to do so via wire transfer, a process that could take hours or even days. Besides, in international transfers, changes in currency exchange rates during the long times could end up adding to customers’ costs. With blockchain, the money transactions could be happening nearly instantaneously on the coin’s ledger, which can make the idea of digital currencies more palatable to its typically risk-averse corporate customers. 

The potential AML/CFT risk in virtual currencies

Virtual currencies are potentially vulnerable to money laundering and terrorist financing abuse for many reasons. First, they may allow greater anonymity than traditional non-cash payment methods. Virtual currency systems are generally characterized by non-face-to-face customer relationships and may permit anonymous funding.

By design, the decentralized ledger does not require or generate historical records of transactions that are necessarily associated with the real-world identity. There is no central oversight body, and no AML software currently available to monitor and identify suspicious transaction patterns and trace the person responsible.

Virtual currencies commonly rely on complex infrastructures that involve several entities, often spread across several countries, to transfer funds or execute payments. This segmentation of services means that the responsibility for AML/CFT compliance and supervision/enforcement may be unclear

And finally, Initial Coin Offerings (ICOs), following the same steps as the stock markets, are generally a means to raise funds for new projects from early backers, but are also another activity that present ML/TF risks, including fraud and market manipulation risks. Some ICOs are related to or involved in “gaming tokens,” and can be used to obfuscate transaction flows between an in-game token and its exchange for or transfer to a cryptocurrency.

Financial services institutions need to curb financial crime risks, not only to mitigate their own risks but also to protect society.”
– Paula Petty, Synechron

AML regulatory framework for virtual assets

In May 2018, the European Union Parliament, extended the AML/CFT rules to virtual currencies (5th AML Directive) and in June 2019, FATF issued a guidance to further assist supervision authorities and financial institutions in complying with their AML/CFT obligations. In the Netherland and in the UK, from the 10th of January 2020, all firms carrying on certain cryptoassets activities, will have to implement the full AML/CFT preventive measures for this product including customer due diligence, record-keeping, suspicious transaction reporting, and screening all transactions for compliance with targeted financial sanctions. 

FATF also outlines the need for financial institutions that onboard corporate clients that accept cryptocurrencies as means of payment, such as Microsoft and PayPal, to understand the ML/FT risks associated and take appropriate mitigating measures to address them in their risk-based principle of AML management. 

In this matter, a few risk alerts should pop up to the AML officers regarding the crypto clients, such as the compliance with the “Travel Rule” from FATF, that requires cryptocurrency exchanges to share sender and receiver information similar to bank wire transfers or SWIFT messaging to all transactions over a $1,000 threshold. Also, some services known as anonymity enhanced cryptocurrencies (AEC) or mixers and tumblers that may further obfuscate transactions or undermine the ability of the institution to implement CDD measures, must be identified as a red flag. Also, any product that evolves the exchange from crypto to fiat money and vice versa must be considered as a high ML/TF risk by the traditional financial institutions.

Therefore, all the players must perform an accurate assessment of its inherent and residual risks and improve their policies & procedures and IT infrastructure to make sure that clients that accept cryptocurrencies have their AML obligations implemented. For example, by being able to reject a transaction if the sender’s identity or purported beneficiary’s identity data fails sanctions or other blocking tests by the receiving virtual assets service provider.


Considering that only Bitcoin itself has a market value of $147 billion there is no doubt that cryptos must be on the radar of the European financial institutions. While some commercial banks are still hesitant, others are already onboarding cryptocurrency clients under the condition that strict legal and regulatory requirements are fully complied with.

Now is the time for the traditional financial institutions to modernize and keep up with the banking services provided by a new generation of online and mobile banks such as Revolut, Wirex, Bankera, and Bitwala that are willing to experiment and cater to the needs of crypto businesses and users. 

The AML/CFT regulations will be published soon, and it is vital that the institutions understand the pros and cons of the cryptos and be able to provide some explanation and granularity on the categorization of their individual risks. Not only to mitigate the risks to the institutions but also to protect society.