The time has come: VASPs need advanced transaction monitoring
BY Edward Moss
As cryptocurrencies continue to grow exponentially, regulation is starting to follow suit. As such, VASPs and related service providers in this emergent industry are finding themselves under greater scrutiny.
Crackdowns are under way
Late in 2021, a federal court ordered crypto exchange BitMEX to pay $100 million for failing to maintain anti-money laundering protocols (in addition to illegally operating a crypto trading platform). The Financial Crimes Enforcement Network (FinCEN) further charged that the exchange conducted at least $209 million in transactions with “known darknet markets or unregistered money services businesses providing mixing services.”
And most recently, in October 2022, virtual currency exchange Bittrex was on the receiving end of almost $30 million in penalties by OFAC and FinCEN for violating sanctions and anti-money laundering obligations. They were charged with engaging in more than 116,000 illegal transactions totaling around $260 million. According to FinCEN, they failed in two areas: systems and human decision-making.
Bittrex used an ineffective, chiefly manual monitoring system, relying in some cases on as few as two employees with minimal AML training and experience to manually review as many as 20,000 suspicious transactions daily, overloading workers and eliminating any chance of urgency and accuracy. This resulted not only in late SARs, but no reports for extended periods. In fact, according to FinCen, Bittrex failed to file any SARs between February, 2014 and May, 2017, including transactions that touched OFAC-sanctioned regions.
In both the BitMEX and Bittrex cases, a glaring lack of resources, including depth and adequacy of training and lack of personnel, contributed to both AML and sanction downfalls. BitMEX did generate alerts using an automated TMS for human review, but as is common with lower-tech, rules-based systems, the volume was overwhelming and results highly inaccurate.
The regulatory trend is apparent
As regulators increase their scrutiny of VASPs, exchanges must establish controls to manage risk and certify regulatory compliance. Some have chosen to repurpose outdated AML tools specifically designed to monitor suspicious behavior for fiat currencies within financial institutions. This resulted in a series of ineffective, investigative behavioral rules scattered across multiple homegrown or commercially sourced systems. These outdated monitoring methods are not able to keep pace with the explosive crypto volume. Cryptocurrency transaction volume grew to $15.8 trillion from 2020 to 2021…up 567% in just one year.
A multitude of challenges
As this upward trend continues, exchanges with poor or ineffective transaction monitoring ideas face challenges and can be subject to heavy penalties. Those challenges include:
- User anonymity – A prime opening for criminal activity.
- High volumes of false positives — In most cases, conventional monitoring systems get it wrong, leading to excessive cost and wasted time.
- Inflexible rules – Existing TMS rules can’t adapt to the high-tech methods that criminals use.
- Fraud system thresholds — Many high-grade suspicious activities go unnoticed.
- Ongoing monitoring – outdated monitoring systems are not built to detect behavioral changes.
Challenges needn’t overwhelm
Even the FATF has acknowledged the difficulty VASPs might encounter in meeting regulations. In their July 2020 publication, “12 Month Review of Revised FATF Standards – Virtual Assets and VASPs,” they discuss how the private sector has responded by developing new, technical solutions to help make compliance less challenging.
Here are some things to consider when looking for an innovative solutions partner:
- Ask if they allow for the use of machine learning and artificial intelligence (AI) to perform behavioral monitoring as opposed to just heuristic rules.
- Be certain that their TMS of choice delivers fully combined behavioral monitoring across both fiat and blockchain transactional activity rather than just one or the other in isolation.
- Ascertain that the case management platform used for investigations contains a network exploration feature which can aid investigators by providing a deeper understanding of the end-to-end flow of funds.
- Do they deliver a single, consolidated view of fiat and crypto AML risk in one platform? (A single platform housing all investigator workflows increases efficiency and results in a huge cost saving.)
- Be certain the TMS caters to both behavioral and exposure monitoring (including via third party integrations).
- Ask if they have a flexible API that allows for an adaptable build catered exactly to your needs without having to make large and unnecessary investments.
- And, if the platform relies on machine learning/AI, be certain that the TMS platform has strong explainability features for stress-free regulatory audits.
A truly effective VASP monitoring platform should have an open ecosystem to allow seamless, third-party integration to pull in external data sources and take advantage of all supplemental data requirements. It should be able to natively integrate with blockchain analytics providers and Travel Rule data standards, effectively becoming the one central system for monitoring all the primary financial crime risks in your VASP.
Naturally, exchanges might be concerned about the cost of TMS installations and upgrades to meet the new compliance push. Interestingly, advances in higher-tech detection have made these platforms affordable, even for smaller organizations, especially when combined with greatly reduced, in-house investigative costs. Installation of these platforms is relatively quick and certainly worth it to keep VASPs of all sizes off regulatory watch lists…and to avoid those hefty fines.
Transaction monitoring is an absolute necessity for crypto exchanges, not just from a regulatory standpoint, but also for building customer trust and proving legitimacy to the rest of the financial world.