The rapid growth of cryptocurrencies has introduced new challenges for banks.
These challenges particularly relate to regulatory compliance and risk management. Banks are facing additional risks associated with holding their clients’ cryptocurrency assets. Consequently, the role of traditional compliance functions will require reinvention. New technologies such as blockchain have the potential to help banks trace the flow of cryptocurrency funds. Further, identity verification tools can help them prevent cryptocurrency-related fraud. We outline the current financial regulatory environment, identify compliance gaps with relation to cryptocurrency processing, and propose techniques that have the potential to address these gaps. Banks must incorporate these techniques to create a new compliance model that is better equipped to tackle the unique challenges presented by cryptocurrencies.
In recent years, cryptocurrencies have emerged as an alternative to traditional financial assets.
Their decentralized nature with and the promise of greater financial freedom, along with lower cost transaction processing features, are attractive to consumers, investors, and financial institutions. However, the use of cryptocurrencies has also highlighted concerns regarding compliance and regulation. The lack of a clear regulatory framework around cryptocurrencies has created uncertainty for banks. They face challenges in integrating these digital assets into their existing financial systems.
Over the last two decades, the banking industry has developed a layered transaction processing architecture.
This has helped lower the risk of illicit activities. Financial transactions move through controlled access points on the SWIFT network, overseen by a consortium of industry experts. The financial services industry has regulated market utilities for clearance and settlement. And financial institutions are required to build robust risk management frameworks, including Anti-money Laundering (AML) and Office of Foreign Asset Control (OFAC) checks that are subject to internal and external regulatory oversight.
A bank’s risk management infrastructure has two goals: to protect clients’ assets and to prevent itself from becoming involved in criminal activities. Banks must prevent illicit funds from entering their systems and avoid delivering funds to criminal enterprises. The combination of financial market infrastructure controls, regulatory reporting requirements, and internal compliance programs has created a trusted transaction processing system capable of handling trillions of dollars in daily transactions.
In the US, regulatory agencies oversee risk management goals and cryptocurrency regulations. And to that end, crypto transactions are regulated by the US Bank Secrecy Act and the Anti-money Laundering Act of 2020. Government agencies are currently discussing whether to classify cryptocurrencies as commodities or securities. This will determine the regulatory body overseeing them and will affect banking costs related to cryptocurrencies. In addition, the price volatility of cryptocurrencies poses financial risks and affects liquidity markets, with contagion as a risk. And finally, non-bank institutions that custody cryptocurrencies for clients are not mandated to adhere to risk management frameworks, which adds to the overall risk in the crypto market, as do the often-questionable financial statements of such organizations.
Blockchain for compliance
Banks must adapt their risk management architecture to handle the unique characteristics of cryptocurrencies.
Understanding blockchain concepts is helpful in addressing these issues. Blockchain is a distributed ledger system with digital assets at unique addresses. Blockchain protocols enable secure communication between these addresses, reflecting debits and credits.
Crypto owners use an e-wallet to communicate with the blockchain, holding their public or private key pair and initiating transactions to transfer cryptocurrencies to other blockchain addresses. The e-wallet interfaces with blockchain server protocols, and transactions are secured by the owner’s key pair and blockchain security protocols.
How fintech can help
Fintech tools should also form an integral part of crypto compliance.
Banks must avail of third-party services that provide information on specific blockchain wallet addresses. Fintechs use data science tools and techniques to monitor these addresses for suspicious activity and build risk profiles. These tools combine public information research (off-chain) with blockchain data collected using machine learning and visualization tools.
Off-chain public news information and data: Off-chain public data is used to identify wallet addresses associated with various types of online businesses, such as retail payment processors, crypto exchanges, gambling and mining sites, and so on. Public forums and user profiles can reveal information about crypto mixers designed to layer transactions, dark markets, and whale wallets (high-value transaction flow) through web crawling. Also, US government investigations have produced a list of blacklisted wallet addresses. These wallet addresses can then be tagged to specific categories that are designated with a risk rating.
Blockchain data: Blockchain event monitoring and metrics (hash rates, for example) can be combined with off-chain public information to reveal patterns of transactions associated with illicit activity. Since blockchain protocols assign a unique transaction identifier to each transaction, these identifiers are associated with blockchain addresses, transaction values, and fees paid. Cryptocurrencies use either new (Bitcoin) or reused (Ether) wallet addresses, but algorithms can track asset flow across all addresses. Visualization tools can then identify behavioral patterns among entity categories such as exchanges, payment processors, and dark money pools. By tagging and categorizing these addresses by their on-chain behavior and synthesizing these categories with the off-chain information, banks can arrive at robust risk assessment.
Fintechs also offer risk assessment as a service to banks, who can integrate the address risk profile into their own risk management infrastructure. This will allow them to evaluate crypto wallet addresses for illicit activity before processing transactions and recording them in their books.
As crypto markets expand, regulators will require a better understanding of the risks associated with them. With this growth, new fintech tools will continue to evolve. Increased blockchain activity will lead to more data, which over time, will improve the measurement and accuracy of the tools. As investment in blockchain applications grows, so will the anticipation for more accurate tools.
Banks must chart out a roadmap to effectively manage their cryptocurrency compliance strategy in an evolving regulatory landscape.
To that end, they must keep up with developments in the technology, fintech, and regulatory arenas. They must undertake blockchain and e-wallet integration initiatives as well as capitalize on fintech tools to be compliant and serve their customers better.