The compliance and KYC link between banks, bitcoin and exchanges

By Rachel Crabtree, senior associate, and Michael Carter, director, Alvarez & Marsal Disputes & Investigations

With cryptocurrency vastly on the rise, crypto proponents are pushing for more open financial systems to, in part, serve the under-banked and reduce transaction costs.  

However, as interest and participation increase, banks are no less leery of this maturing industry.

Mass adoption of cryptocurrency by retailers, payment processors, and banks is key to the realization of the advantages cryptocurrencies pose, including speed of transactions, traceability, and transparency.

In this maturing industry, regulatory compliance initiatives are a critical step in bridging these gaps.

In the current underregulated market, cryptocurrency firms taking a proactive stance on regulatory compliance possess distinct advantages that are easily attributable to the industry’s widespread growth and attention.  

The first-movers in establishing effective anti-money laundering (AML), anti-fraud, FCPA, cybersecurity, and CFTC, and related controls are likely to avoid the future pain of regulatory scrutiny.

To be clear, the organizations that successfully navigate regulatory challenges are far less likely to be subject to costly punitive, legal, and remedial enforcement.

Identifying and understanding the compliance linkages between banks, exchanges, and consumers will be a protracted process, but remains important to crypto industry growth.

As evidenced in the past two years, governments are not backing down on regulation, but instead continue to update and develop more comprehensive financial crimes regulations.  

In this span, FinCEN finalized their rules under the Bank Secrecy Act (BSA) requiring the identification and verification of UBOs and parameters for enhanced customer due diligence and issued Geographic Targeting Orders requiring the additional collection and reporting of individuals involved in real estate transactions.  

New York State DFS also issued their Part 504 to address deficiencies in transaction monitoring and watch list filtering programs. These expanded regulations only increase the risks and apprehension of banks in supporting and engaging cryptocurrency exchanges.

Crypto regulation

The U.S. government’s first attempts at regulation in the cryptocurrency industry have been tied to the consideration of crypto-exchanges as MSBs.  FinCEN issued guidance in 2013 requiring the exchange to register with the U.S. Department of Treasury and renew their registration every two years.  

NYDFS took this initiative a step further by creating and issuing a “BitLicense” to crypto-exchanges that meet certain regulatory standards. Once registered and licensed, crypto exchanges can begin establishing banking relationships; however, the perceived and real gaps in risk acceptance are often significant enough that banks are not willing to commit to ongoing relationships.  

Again, the linkage between the parties is directly reliant on crypto exchanges’ (the newcomers) ability to implement effective compliance programs.

In addition to meeting the regulatory standards of an MSB and/or that of their banking partners, crypto exchanges can assure established vendors and retailers of the viability and security of their platforms for use as a common exchange of value.

Top factors

As a market differentiator for this burgeoning industry, effective and efficient compliance programs should also help to stabilize and legitimize cryptocurrency’s purchasing power. From a financial crimes perspective, effective crypto compliance programs would include:

• Utilizing the blockchain to validate customer behaviors in conjunction with information gained through customer due diligence processes
• Consistent blockchain monitoring to detect potentially illicit transactions through connector tracking and plain text (keyword) analysis, as well as digital wallet connections
• Identifying when customers (and their transacting partners) use “tumblers” to conceal sources of funds and maintain anonymity
• Investigating instances when customers may be using a licensed, reputable exchange to move funds from less-compliant crypto platforms back into banks
• Utilizing the ID verification tools readily available in the market to prevent fraud and identity theft
• Implementing the basic cybersecurity principles of firewalls and gateways, security configuration, malware prevention, and access management to protect customer assets and data
• Monitoring potential market manipulation by both customers and employees
• Calibrating transaction alert thresholds to account for the current volatility of cryptocurrency values
• Remain cognizant of potential sanctions avoidance as transactions move through the blockchain and higher-risk jurisdictions
• Following regulatory guidance with regards to more traditional BSA/AML programs, including the basic tenants of prevention, detection, and reporting, specifically, in how MSBs have been addressed by FinCEN

New coin ‘wearing off’?

Currently, cryptocurrencies bask in an aura of intrigue and excitement that has propelled their purchasing power; however, what will ensure their survival once the “new coin smell” has worn off?  From the perspective of compliance effectiveness, the results follow:

• Effective compliance programs may lead more banks to build relationships with crypto exchanges, and provide more “on-ramps” for mass adoption;
• Banking-crypto partnerships would facilitate mass adoption of crypto as an acceptable form of payment among retailers and other vendors;
• Mass adoption may lead to stabilization of volatile crypto values, more avenues for the underbanked to gain access to the larger financial system, and realization of the advantages of blockchain-based currencies.

The KYC factor

The seeds of this compliance linkage are already present, as banks have begun to develop their own blockchain technologies. In 2017, one news organization identified five ways banks were using blockchain technology – including for identification.

Customer Identification and KYC standards are amongst the cornerstones of AML/CFT regulations, and the capabilities of blockchain in “cryptographic protection and its ability to share a constantly updated record with many parties” holds the potential of a standard reporting platform between banks and exchanges.

These technology advantages applied to compliance functions may also mitigate current perceptions of using crypto as a way to subvert sanctions, avoid illicit transaction detection, and preserve anonymity.

In-house blockchain technology may begin to provide the solution of the compliance link between banks and exchanges, though there are new risks that may arise.  

One report recently outlined the concerns of major financial institutions in their employees abusing the crypto system for personal gain – specifically, insider trading.

Another challenge of this linkage would be regulators agreeing on the nature of cryptocurrencies – are they commodities, securities, or, in fact, currency?  

This is important because each designation carries its own regulatory requirements, controls, and compliance standards.

The term “cryptocurrency” appears to identify a clear designation; however, some regulators like CFTC and the SEC hold different opinions.

No venture or innovation is absent of risk or challenge.  

If exchanges can establish a compliance standard that meets or exceeds regulatory expectations, the risk perception for traditional financial institutions and payment processors may ease, and the path to mass adoption will become realized, ultimately fulfilling the vision of cryptocurrency’s potential.

In other words, when cryptos undertake the difficult compliance work up front, the long run rewards to both individual players and the industry at large will be significant.