Current Financial Crimes Enforcement Network (FinCEN) regulations state that it’s the responsibility of all financial service providers to accurately and promptly identify and report any suspicious or potentially fraudulent activity. This activity may be related to how criminals or bad actors exploit convertible virtual currencies or CVCs for engaging in illicit activities such as money laundering and attempts at evading international sanctions.
As clarified in a recent blog post by Ciphertrace:
“[FinCEN’s] requirements apply to all financial institutions, even if [they] do not directly buy, sell, provide custody, or have virtual currency exchanges as customers. However, CipherTrace research has shown that many banks [might] not know how [or simply are not] properly detecting and monitoring virtual currency-related transactions.”
FinCEN Advisory FIN-2019-A003, “Advisory on Illicit Activity Involving Convertible Virtual Currency (CVC)”, notes that financial institutions must “assess and mitigate” illicit activities such as money laundering and terrorist financing. FinCEN has also identified 36 different red flags which could lead to the “abuse of cryptocurrency.”
FinCEN adds that convertible virtual currencies have become a major or significant payment and money transmission method that’s now increasingly being used in online darknet marketplaces that “facilitate the cybercrime economy.”
The CipherTrace team confirms that during the first six months since releasing this guidance in May of last year, FinCEN received around 10,000 CVC related suspicious activity reports (SARs) from 1,900 different entities. Globally, the Financial Action Task Force (FATF) found that financial institutions had reported 134,500 Suspicious Transaction Reports which may have involved virtual currencies (in the past couple years).
According to CipherTrace:
“As more mainstream consumer and institutional investors embrace cryptocurrencies, it becomes increasingly difficult, if not impossible, for traditional financial institutions to avoid entanglements with the crypto economy.”
FinCEN says that banks can claim “a Zero Tolerance Policy for cryptocurrencies.” Transactions won’t be allowed by simply looking for words like “Bitcoin” or “Cryptocurrency,” or by trying to recognize the name of a widely-used virtual asset exchange.
CipherTrace explains that some financial institutions have developed their own systems for identifying crypto-related accounts. But most of these platforms simply use lists of digital currency exchanges and other virtual asset service providers (VASPs) from open sources on the Internet, and then try “do name matching against their customer base, from where funds are coming, and to where they are going,” CipherTrace notes.
The blockchain analysis firm claims:
“[Our] research has shown that this approach results in many false positives and misses significant, large amounts of funds flows that cannot be discovered by home-grown name matching. In some cases, this approach missed 90% of the actual cryptocurrency-related transactions within a financial institution…a typical name-based system may [also] entirely miss up to 70% or more of the crypto exchanges out there.”
Ethereum Classic Labs (ETC Labs), the core developer and organization for the Ethereum Classic (ETC) blockchain, had recently partnered with CipherTrace and Kobre & Kim to uncover the individuals involved in the recent attacks on the Ethereum Classic blockchain.
In July 2020, the US SEC awarded a contract to CipherTrace because it has the “only known” blockchain forensics tool that can track Binance Chain transactions.