Despite the fact that most organisations across the globe prioritise strict anti-money laundering (AML) procedures, we continue to hear case after case of regulatory breaches.
In this article, we look at cases where organisations (a bank and three crypto exchanges) have either received large fines or had to shut down operations for not complying with regulations. Hopefully, by understanding what went wrong, other businesses can learn how to prevent similar AML breaches from occurring in the future.
FCA Fines Deutsche Bank
In January 2017, the UK’s Financial Conduct Authority (FCA) fined Deutsche Bank for over £163 million. Deutsche Bank actually agreed to settle at Stage 1 of the investigation; therefore, the company received a 30% discount on its penalty. Had it not done so, the company would have had to pay a fine in excess of £229 million.
According to the official report released by the FCA, Deutsche Bank failed to maintain an adequate AML control framework between January 2012 and December 2015. The main infraction was illegal mirror trading. Deutsche Bank’s lack of oversight enabled clients to buy stock in Russia with Rubles and sell the same quantity of shares in London’s market.
This then allowed clients to transfer funds to overseas bank accounts in Cyprus, Estonia, and Latvia. This marked the largest AML financial penalty in the history of FCA (current financial regulatory agency) as well as its predecessor FSA, which was founded in 1985.
Specifically, the report mentions the following compliance issues:
- performed inadequate customer due diligence
- failed to ensure that its front office took responsibility for the CB&S division’s Know Your Customer obligations
- used flawed customer and country risk rating methodologies
- had deficient AML policies and procedures
- had an inadequate AML IT infrastructure
- lacked automated AML systems for detecting suspicious trades
- failed to provide adequate oversight of trades booked in the UK by traders in non-UK jurisdictions
How could this have been prevented?
The FCA specifically listed the fact that Deutsche Bank failed to obtain sufficient customer information as one reason. Without this information, the bank was unable to properly utilise its existing risk assessment process or to provide effective transaction monitoring.
Comparing Cryptocurrency Exchange AML Breaches
There have been a number of cryptocurrency exchange AML violations in recent years. However, not all cases are alike. Here are two examples that demonstrate this contrast.
In July 2017, the United States Financial Crimes Enforcement Network (FinCEN) levied a a $110 million fine on BTC-e. During this same month, the exchange shut down operations. The charges ranged from facilitating dark net drug sales to financing public corruption. BTC-e also processed trades of 300,000 BTC stolen during the infamous Mt. Gox hack.
The only information required to use the exchange was a username, password, and email address. The most egregious part of this case is probably the fact that users openly discussed how to use the Silk Road and conduct criminal activity on BTC-e’s user chat. Even though FinCEN was reportedly trying to make an example out of BTC-e, this AML violation was quite extreme.
While case 1 is a blatant and purposeful non-compliance, there are some instances in which exchanges might not be intentionally facilitating AML violations. In some cases, regulators give exchanges time to meet compliance standards. In March 2018, for example, Japan’s Financial Services Authority (FSA) shut down two exchanges- FSHO and BitStation- for a period of one month each due to insufficient KYC policies. While there was no direct fine, it’s easy to imagine how the profits and reputations were impacted as a result. These exchanges, as with the case of Deutsche Bank, didn’t have the proper technologies and policies in place to remain AML/KYC-compliant.
FSHO was suspended once again in April 2018. Ultimately, the Japanese government denied FSHO’s application to become a licensed exchange. However, it appears that BitStation is operational as of December 2018. From this case, we see that it’s possible for exchanges to follow regulatory guidelines and improve money laundering prevention strategies in order to remain operational. Even if the regulatory climate is highly complex or constantly changing, effective compliance solutions do exist.
Banks and Crypto Exchanges: 5 Tips for AML Compliance
1. Verify the capabilities and overall effectiveness of existing AML strategies. It's possible that your organisation is utilising internal controls that are out-of-date or irrelevant in modern AML compliance.
2. Learn from peers and companies within your specific industry. As mentioned above, for both banks and crypto exchanges, there are a number of cases that have happened in the past which are still relevant for understanding what not to do in the present. There are also a few examples of companies that have developed effective strategies that can serve as models for your own organisation.
3. Consider global trends and precedents. In many instances, policies in one jurisdiction might signify future changes for other locations. Being knowledgeable of these changes and anticipating how they will impact your industry could help your company be better prepared to adapt.
4. Ensure that members within your organisation have received proper AML training. The more people that understand what AML breaches look like, the easier it is to prevent cases altogether.
5. Prevent information silos that make it possible for money laundering to go on unnoticed. Information management systems should emphasise streamlined communication between people and technologies. Through improved inter-organisational connectivity, banks and crypto exchanges can optimise risk assessment of digital identities.
So how can crypto exchanges, specifically, ensure regulatory compliance? One potential answer is through automated AML solutions. SingleSource Crypto-AML provides practical compliance for crypto exchanges via a simple-to-implement API that analyses the source of wallet funds and generates a risk score for each wallet.
The wallet screening engine (WSE) conducts real-time detection of potential scam and fraud wallets, associations with illegal wallets, and sources of funds. Most importantly, the wallet supports a wide range of cryptocurrencies, including ETH, ETC, BTC, BCH, and LTC. Plus, more cryptocurrencies can be added based on customer demand.