Virtual Meets Reality

Senior compliance expert, Cindy Leblanc, discusses areas the BSA risk assessments and monitoring programs should consider when handling virtual currency transactions.

Cindy LeBlanc – Senior Compliance Advisor

With all of the recent chatter about virtual currency, Compliance Officers and BSA Officers may be wondering if their risk assessments and monitoring programs are covering all of the areas required.

According to FinCEN, Convertible Virtual Currency, or CVC’s, have been used to “facilitate criminal activity such as human trafficking, child exploitation, fraud, extortion, cybercrime, drug trafficking, money laundering, terrorist financing, and to support rogue regimes and facilitate sanctions evasion.”  Some of the areas that the criminal mind has determined to manipulate are: darknet marketplaces, P2P exchangers, foreign located MSBs and CVC kiosks.  With the very nature of virtual currency there is higher risk.  Where there is higher risk involved with these transactions related to virtual currency, adequate due diligence must be performed. 

When banking those active in virtual currency, you need to understand what your customer or member is actually doing.   You will need to determine whether they are acting as a user, exchanger or administrator in dealing with virtual currency.  If your member or customer is one whose business is involved in purchases and sales of virtual currency they may be an exchanger. An exchanger is defined as: “… a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency.”  If you determine your customer or member is an exchanger, then you need to adjust risk rating this account to moderate or high depending upon their activity with virtual currency. For example, you could look at it in the same way as a business with large volumes of cash.  You would rate this a higher risk until you are comfortable with the type of transactions that would be expected for this type of business.

Back in December 20, 2020, FinCEN issued a Notice of Proposed Rule Making (NPRM) which defined CVCs along with legal tender digital assets (LTDA) as types of monetary instruments.   The comment period for this NPRM was extended, but recently closed on March 1, 2021.  This proposed rule sets forth new reporting requirements for specific CVC or LTDA transactions similar to the existing currency transaction reports (CTRs). It also addresses new reporting requirements similar to the travel rule requirements for funds transfers and transmittal of funds.

Countries around the U.S. are focusing on the tracking and monitoring of virtual currency as well. FinCEN appears to be following in the footsteps of Canada’s FINTRAC (Financial Transactions and Reports Analysis Centre). FINTRAC has issued a list of Virtual Currency Money Laundering and Terrorist Financing Indicators that you may find helpful as you monitor virtual currency in your institution.  I have listed a few of those below for your reference.

  • There is no possibility to sell the investment or to exit the project to recover the invested funds.
  • A series of complicated transfers of funds to multiple addresses or wallets that seems to be an attempt to hide the source and intended use of the funds.
  • Transactions take place at the same time of day. Transfers from fiat to virtual currency and virtual currency to fiat.
  • High volume and frequency of transfers between different types of virtual currencies.
  • Client provides an anonymous email address obtained through an encrypted email service.
  • Funds are deposited or withdrawn from a virtual currency address or wallet with direct and indirect exposure links to known suspicious sources, including darknet marketplaces, mixing/tumbling services, questionable gambling sites, illegal activities (for example,  ransomware) and/or theft reports.
  • The virtual currency’s funds originated from an over the counter trade broker that advertises its services as privacy-oriented/anonymous.
  • Virtual currency address has links or hops from a wallet address that has appeared on online platforms indicating support for violent extremism or radicalization (including social media, ads on fundraising sites, sites on Tor or messaging sites).
  • The source of funds used for the purchase of large amounts of virtual currencies is unknown.
  • The email address used in the transaction is linked to advertisements for the sale of virtual currencies on peer to peer exchange platforms. These advertisements may suggest that the client is buying and selling virtual currency on a commercial scale through a business as a non-registered money services business.

Financial institutions should implement robust monitoring of customers and members that are involved with virtual currency transactions.  Understanding your customer’s or member’s business as well as the types of transactions will assist in mitigating the risks that can occur with CVC and LTDA transactions.

For our clients, you can always reach out to one of the Temenos Compliance Advisors if you have additional questions.  If you are not a client, we invite you to reach out to one of us about our Compliance Advisory services.

Filed under:

Cindy LeBlanc – Senior Compliance Advisor