Crypto AML Regulations: Global Approaches

As cryptocurrencies become increasingly mainstream, regulators, the media and policymakers are paying more attention to the financial crime risks associated with them. But what are the biggest compliance challenges crypto firms face, and what does a best practice AML program look like? This guide is designed to serve as a practical, hands-on resource for financial compliance professionals working in the crypto industry. It covers the essentials of building and scaling a crypto AML program, how to navigate regulatory change, and the emerging use cases — and threats — compliance teams should look out for.

The Important Role of Cryptocurrency

Cryptocurrencies are one of the most dynamic, fast-changing and innovative parts of the financial services landscape. All innovation comes with risks, however, and many policymakers have identified anti-money laundering compliance and controls as one of the biggest crypto vulnerabilities.

What Is AML in Cryptocurrency?

Many of the best practices around anti-money laundering (AML) crypto compliance are consistent with those in other financial services firms. A risk-based approach remains central, and a comprehensive risk assessment is a foundational step in this process. Revisiting risk assessments periodically is also critical — especially considering the current rate of regulatory change.

The money laundering typologies crypto firms must manage are also broadly similar to other financial institutions — money muling, for example, is a threat common to all firms. One of the primary additional risks above and beyond fiat currency-based typologies concerns tactics used by criminals to anonymize their operations. This includes off-chain transactions.

One issue where the compliance challenges are arguably greater for crypto firms is personnel. Many experienced compliance professionals have higher salary expectations than smaller, fast-growing crypto firms can support, and these firms lack the structure and processes offered by bigger organizations. In addition, our State of Financial Crime 2022 survey showed that, while most compliance teams sought to hire from banking, regulatory and FinTech backgrounds, 68% of crypto exchanges cited other crypto firms as their preferred hiring background. This could create limitations — not only will the hiring pool be limited, but firms will risk a “group think” approach. A well-rounded compliance team will draw on a range of perspectives.

Whatever role in the AML team they hold, relationship building is key for compliance officers in crypto firms. This is especially important for anyone interfacing with regulators but matters internally too. As crypto firms scale, compliance teams will have to navigate potential conflicts of interest and handle communicating with stakeholders who may prize growth ahead of the firm’s regulatory responsibilities.

Technology decisions are among the most critical and do not come with a set of “one size fits all” answers. Do firms build in-house or outsource to specialist providers? Mindful of the importance of automation for sustaining rapid growth, many crypto firms opt to outsource. Specific areas where specialist expertise is beneficial include onboarding and identity verification, customer screening and monitoring and transaction risk management. Firms that scale rapidly without automated screening and monitoring tools face a number of risks, including onboarding customers without completing adequate diligence and having a high volume of alerts that must be remediated manually. Ultimately, such lapses will be noticed by regulatory authorities.

Finally, crypto compliance teams need to understand their firms’ expansion plans in order to assess their regulatory implications. If these relate to a new coin or product launch, have the compliance implications been fully assessed at the design stage? If a firm is entering a new market, does it have a local presence that can support relationship development?