5 categories of virtual asset red flags
Virtual asset red flags can be broken down into five main categories:
1. Transactions and transaction patterns
Traditional FIs monitor customer transactions to identify money laundering activity. They catch criminals who try to circumvent such monitoring by structuring transactions below reporting thresholds, conducting transactions out of pattern or with no apparent reasonable purpose, or sending and receiving funds to and from high-risk jurisdictions.
As the financial services environment evolves, access to virtual assets is becoming more prevalent, and criminals are capitalizing on these technologies to launder funds. They can easily structure virtual asset transactions below reporting thresholds, instantly conduct peer-to-peer (P2P) transactions across borders, quietly transfer funds back and forth between wallets, and swiftly conduct transactions with suspicious wallets, individuals, or protocols.
Like traditional FIs, VASPs must be aware of the transactional red flags indicating potential financial crime and monitor customers and their transactions to mitigate money laundering risk. As virtual asset adoption increases, both traditional FIs and VASPs must continue to implement robust processes to monitor, identify, and report such activities.
2. Anonymity
At a traditional FI, alarms sound if customers attempt to disguise their identities or increase anonymity by not providing personal and due diligence information, by opening an account online from an IP address that does not reflect their actual location, by obscuring beneficial ownership through complex entity structures, or by primarily using cash below the reporting threshold or prepaid asset cards to transact.
Just as anonymity can be attempted at a traditional FI by creating a web of complex ownership, the pseudonymous nature of digital assets offers individuals the opportunity to transact in ways that help disguise identity. VASPs need to be aware of the red flags indicating that customers might be trying to increase anonymity. Such red flags include using privacy coins, mixing and tumbling services, or P2P platforms; transacting with VASPs that have weak due diligence and know your customer (KYC) processes; using darknet IP addresses that allow for anonymity; or purchasing virtual assets with prepaid cards.
Virtual assets have a notoriously inaccurate reputation of being fully anonymous, but they are not, and VASPs can put many controls in place to know their customers. And once those controls are in place, red flags indicating that a transactor might be trying to increase anonymity should trigger proper responses with VASPs just as they would at traditional FIs.
3. Consumer profiles
Irregularities discovered during KYC, customer due diligence (CDD), and enhanced due diligence (EDD) bring into question a customer's true identity and intentions for opening an account. Just as a traditional FI has KYC, CDD, and EDD policies and risk controls in place, compliant VASP providers follow similar policies and controls, including similar strategies during onboarding with documentary and nondocumentary processes. When a customer provides incomplete or insufficient KYC information or declines requests for KYC documents or inquiries regarding the nature of the account and source of funds, that's a red flag.
Of course, the practices at a VASP are attuned to the unique and challenging risks of operating within the virtual asset ecosystem. For example, the Razzlekhan case highlights how VASPs often use nonstandard identification markers such as email service providers, IP address information, web domain registrations and locations, and blockchain transaction history to link customer and transaction risk in order to build a more robust customer risk profile. In fact, by using these nonstandard data sets, VASPs can have more accurate risk profiles and screening compared to traditional FIs that rely heavily on attested information and customer statements.
4. Source of funds
Traditional FIs serve as the on-ramp and off-ramp for fiat currency entering and exiting the virtual asset environment. Individuals are unable to initially use virtual assets without first depositing funds through traditional financial outlets. As such, traditional FIs that inadequately assess a customer's source of funds could allow illicit funds to enter and exit virtual asset environments.
Both traditional FIs and VASPs must obtain information related to their customers' sources of funds to further understand the money laundering risk posed by their customers. In some ways, VASPs can have more visibility into risk. At account opening and throughout the customer relationship, VASPs analyze the customer's source of funds. While the same is expected of traditional FIs, in most cases, the customer's source of funds is primarily only analyzed at account opening and then on an as-needed basis through transaction monitoring.
Slight nuances exist regarding what should be monitored. For example, an individual might fund a new wallet using existing virtual assets on separate protocols. VASPs should be able to identify whether these funds originate from known suspect wallets, exchanges, or protocols. In the virtual asset space, the interplay between analyzing a customer's source of funds and performing transaction monitoring activities in real time is particularly important.
5. Geographic risk
Customers that try to conceal the location from which funds are sent or received are found within both traditional FIs and VASPs. Geographic risk is assessed in a variety of ways, and while it might appear difficult to detect geographic risk from virtual asset activity given the virtual nature of this activity type, this is not the case. A lack of physical jurisdiction that underlies the virtual asset landscape does not equate to unlimited geographic risk, and, on the flip side, an established physical jurisdiction does not equate to zero geographic risk.
Take recent news, for example, where geographic risk is high within a specific physical jurisdiction: the Russian Federation. Many financial sanctions were placed on Russia following its invasion of Ukraine in February 2022. Concerns quickly emerged regarding potential attempts to circumvent international sanctions through the use of virtual assets. However, many of those concerns have so far proven largely unfounded.
VASPs need to be able to detect red flags indicating the potential concealment of geographic risk. These red flags might include a customer's funds originating from (or being sent to) an exchange that is not registered in the jurisdiction where the customer resides or conducts business; a customer using an exchange in a high-risk jurisdiction that lacks AML regulation for virtual asset entities; or a customer establishing or moving office locations to a jurisdiction with no implemented regulations to govern virtual assets.
Clearly, there are many avenues through which VASPs can understand and detect the geographic risk a customer might pose. Much like traditional FIs, VASPs must detect and monitor these risks in order to protect their customer base and their organization.