The Financial Crimes Enforcement Network (FinCEN) of the U.S. Department of the Treasury has released an advisory to all financial institutions and intermediaries concerning the illicit use of convertible virtual currencies (CVCs), including red flags as well as registration, monitoring and reporting requirements.  This article covers the highlights of this advisory.  This information is important for financial institutions and intermediaries that desire to facilitate the legal use of CVCs and to safeguard the financial system and its legitimate CVC users.

CVCs need to be monitored and illicit activities addressed in the same way a financial institution would handle any fiat currency.  It is important for financial institutions to fully understand CVCs in order to take on the necessary responsibilities.  Responsibilities such as learning how to recognize the risks, red flags and improper uses of CVCs, along with the proper ways of reporting such incidents.

CVCs move quickly, globally and in both small and very large amounts.  Cryptography can be used to increase the anonymity of users, transactions and the origins of the currency.  Under conditions of legitimate use, the speed, security and breadth of CVCs can be beneficial for users.  However, in situations of illicit use, these same characteristics can pose a challenge to the anti-money laundering and countering of financing of terrorism (AML/CFT) policies and measures already in place at financial institutions.

It is important for financial institutions to use the same level of identification, assessment and mitigation in regard to the potential illicit uses of CVCs as with any other currency.

If financial institutions do not extend these risk-identification, regulatory and reporting practices to CVC-related transactions, the financial system and national security will be vulnerable to exploitation.  Legitimate users of CVCs and financial intermediaries will also be left unprotected and at risk for theft or victimization.

The U.S. Department of the Treasury has identified instances where CVCs were exploited for money laundering, terrorism, human and drug trafficking, cyber crime, extortion and other illicit activities.  These crimes often included theft of CVCs from legitimate users and brokers.

To minimize the risk of exploitation by criminal activities involving CVCs, as with any currency, it is important for financial institutions to understand and carefully regulate the full scope of CVC transactions.

It is also important for financial intermediaries to be registered.  Without registration, a legitimate financial intermediary, with the intent of operating aboveboard in all transactions, can experience unintended and severe consequences.

According to the U.S. Department of the Treasury and law enforcement, legitimate but unregistered platforms have been utilized by criminals via the darknet, peer-to-peer (P2P) exchangers, foreign located Money Services Businesses (MSBs) and CVC kiosks.

AREAS  OF CVC RISK

Darket marketplace use can involve several layers of anonymity to facilitate transactions in illegal activities.  CVCs are often utilized in these transactions to provide a further layer of anonymity.  A customer’s use of darknet transaction links can be an indicator of illegal activity with ramifications for financial intermediaries.

Peer-to-peer (P2P) exchangers are those that facilitate currency exchange.  This may include the exchange of different types of virtual currencies or the exchange of fiat currency for virtual currency.

Whether P2P exchangers operate formally or informally, or as a larger entity or individual, they are considered by FinCEN to be operating as MSBs.  If these P2P exchangers are unregistered and their services facilitate illicit activities, whether intended or not, there are potentially serious ramifications and they can be penalized.

Financial institutions also need to be aware of how to detect a P2P exchanger’s funnel account activity masquerading as an individual account holder.

Another risk can come from foreign-located MSBs, transacting all or most of their activity in the United States, that do not adhere to AML/CFT laws.  Risks increase when a foreign-located MSB operates in CVCs and in locations where regulatory enforcement is less stringent.  This perfect storm of lower regulatory enforcement and MSBs focused on illicit currency transactions to move unregulated funds (via CVCs) in and out of the country leaves the financial system and legitimate CVC users vulnerable to criminal activity and money laundering.

CVC kiosks, also known as crypto ATMs, allow customers to exchange cash for CVCs.  Kiosk operators that intend illicit activity may misrepresent their activities to their own financial institutions and may avoid collecting appropriate customer identification.

RED FLAGS

By taking steps to be alert and aware of potential red flags, financial institutions and intermediaries can go a long way towards identifying potential misuses of CVCs.

Some common red flags include the association of a customer’s CVC address with darknet activities, including transactions and links to other addresses and forums related to darknet platforms, as well as obvious attempts to obscure the flow of CVCs through these platforms.

Another red flag is the P2P exchange of fiat currency into virtual currency, where the customer has received incoming currency from multiple sources and has aggregated and exchanged the near total balance for CVCs in one transaction within a short window of time.  Such a transaction might flag an attempt to obscure the sources of the CVCs.

Regarding foreign-located MSBs, red flags can include numerous or repeated CVC transactions with agencies in locations known to have lax regulation enforcement, known to be tax havens and/or that are nowhere near the locations where the customer lives or conducts business.

Additionally, customer transactions that mirror the activity of a currency exchange may flag an attempt by the customer to operate as an unregistered MSB or CVC kiosk.

CVC kiosk activity also raises a red flag when multiple transactions, just below the daily threshold, occur from multiple locations but that are tied to the same user account.

Additional alerts include customer transactions with suspicious or previously red-flagged IP addresses; inconsistencies, overlaps or frequent changes in email addresses associated with customer accounts; customer refusal to provide Know Your Customer (KYC) documentation; use of private networks for CVC-related transactions; funneling of CVC amounts that exceed the customer’s normal transaction levels, with the ultimate conversion to fiat currency; random and immediate CVC currency exchanges back and forth; and multiple below-threshold transactions within a short window of time that result in the balance being moved out of the account.

Financial institutions and intermediaries should also be alerted to potential indicators that a customer is a victim of illicit activity.  These flags include multiple changes of contact information associated with the account; CVC acquisition out of line with a customer’s level of wealth and historical purchasing activity; CVC acquisition or transactions by a customer unfamiliar with CVCs; or numerous transactions made through platforms where the customer does not fit the age profile.

One or more red flags do not necessarily indicate intentional or actual illicit activity.  Red flags need to be pieced together with a look to the customer’s overall profile and detailed transaction history.  It is important that financial institutions and intermediaries have holistic protocols in place for identifying and responding to red flags.  The complexity of this process underscores the necessity for financial service providers to have an in-depth understanding and awareness of best practices concerning CVC monitoring and the addressing of illicit activity.

REPORTING

FinCEN provides procedures for filing forms for Suspicious Activity Reporting (SAR).  Financial institutions and intermediaries need to be aware of their reporting obligations and protocols.  FinCEN has specific reporting instructions related to CVC activities as well as reporting instructions for suspected terrorist activity.

Reporting of suspicious CVC activity needs to include details as specific as possible, including all relevant account identifying information, details of suspicious transactions, as well as related customer transaction history and profile flags.

Through greater awareness of best practices in CVC monitoring, registration, KYC, identification of red flags, and effective reporting, financial institutions and intermediaries will be well positioned to ensure the effectiveness and safety of CVC transactions for the benefit of legitimate users and the integrity of the financial system.

See “Advisory on Illicit Activity Involving Convertible Virtual Currency,” FinCEN Advisory, FIN-2019-A003, May 9, 2019