Skip to main content
Skip to footer

How banks can apply compliance to crypto transactions

Paula Stelzner

Senior Consultant, CS&I Capital Markets, TCS

You have these already downloaded

We have sent you a copy of the report to your email again.

Industry

Services

Highlights

  • In recent years, there has been a rapid growth in the adoption of cryptocurrencies. This has introduced banks to new challenges in the areas of regulation and risk management. 
  • Banks must work toward reinventing the role of traditional compliance functions in order to keep pace with this growth. 
  • To that end, they must incorporate blockchain technology, e-wallet integration initiatives, and fintech tools in their crypto compliance strategy. 

In this article

Abstract
Introduction
Regulations
Blockchain
E-wallet integration
Fintech tools
Conclusion
Go to top

Abstract

The rapid growth of cryptocurrencies has introduced new challenges for banks.

These challenges particularly relate to regulatory compliance and risk management. Banks are facing additional risks associated with holding their clients’ cryptocurrency assets. Consequently, the role of traditional compliance functions will require reinvention. New technologies such as blockchain have the potential to help banks trace the flow of cryptocurrency funds. Further, identity verification tools can help them prevent cryptocurrency-related fraud. We outline the current financial regulatory environment, identify compliance gaps with relation to cryptocurrency processing, and propose techniques that have the potential to address these gaps. Banks must incorporate these techniques to create a new compliance model that is better equipped to tackle the unique challenges presented by cryptocurrencies.

Introduction

In recent years, cryptocurrencies have emerged as an alternative to traditional financial assets.

Their decentralized nature with and the promise of greater financial freedom, along with lower cost transaction processing features, are attractive to consumers, investors, and financial institutions. However, the use of cryptocurrencies has also highlighted concerns regarding compliance and regulation. The lack of a clear regulatory framework around cryptocurrencies has created uncertainty for banks. They face challenges in integrating these digital assets into their existing financial systems.

Regulatory environment

Over the last two decades, the banking industry has developed a layered transaction processing architecture. 

This has helped lower the risk of illicit activities. Financial transactions move through controlled access points on the SWIFT network, overseen by a consortium of industry experts. The financial services industry has regulated market utilities for clearance and settlement. And financial institutions are required to build robust risk management frameworks, including Anti-money Laundering (AML) and Office of Foreign Asset Control (OFAC) checks that are subject to internal and external regulatory oversight.

A bank’s risk management infrastructure has two goals: to protect clients’ assets and to prevent itself from becoming involved in criminal activities. Banks must prevent illicit funds from entering their systems and avoid delivering funds to criminal enterprises. The combination of financial market infrastructure controls, regulatory reporting requirements, and internal compliance programs has created a trusted transaction processing system capable of handling trillions of dollars in daily transactions. 

In the US, regulatory agencies oversee risk management goals and cryptocurrency regulations. And to that end, crypto transactions are regulated by the US Bank Secrecy Act and the Anti-money Laundering Act of 2020. Government agencies are currently discussing whether to classify cryptocurrencies as commodities or securities. This will determine the regulatory body overseeing them and will affect banking costs related to cryptocurrencies. In addition, the price volatility of cryptocurrencies poses financial risks and affects liquidity markets, with contagion as a risk. And finally, non-bank institutions that custody cryptocurrencies for clients are not mandated to adhere to risk management frameworks, which adds to the overall risk in the crypto market, as do the often-questionable financial statements of such organizations. 

Blockchain for compliance 

Banks must adapt their risk management architecture to handle the unique characteristics of cryptocurrencies.

Understanding blockchain concepts is helpful in addressing these issues. Blockchain is a distributed ledger system with digital assets at unique addresses. Blockchain protocols enable secure communication between these addresses, reflecting debits and credits.  

Crypto owners use an e-wallet to communicate with the blockchain, holding their public or private key pair and initiating transactions to transfer cryptocurrencies to other blockchain addresses. The e-wallet interfaces with blockchain server protocols, and transactions are secured by the owner’s key pair and blockchain security protocols. 

E-wallet integration

Banks must change their architecture through the integration of e-wallets into their legacy infrastructure.

E-wallets have the ability to access cryptocurrencies held on the distributed ledger system. To enable this would require their integration with account management and compliance operations. After the integration, banks will be able to assign e-wallets containing public or private keys to qualified clients. This will give them control over the movement of blockchain assets within their legacy infrastructure.

The integration of e-wallets with the legacy infrastructure will serve many purposes. The main objective is to enable legacy platforms to handle crypto assets in the same way as traditional securities. Further, the integration will allow clients to use the same platforms to manage their crypto and traditional assets, including moving funds and accessing portfolio analysis and reporting. From the banks’ perspective, e-wallet integration will serve several functions: billing clients for crypto assets under custody (AUC), processing crypto assets on existing platforms, providing regulatory reporting for crypto, and processing crypto through AML and OFAC platforms.  

Implementing e-wallet integration requires technology changes across existing platforms. However, compliance poses a challenge as it demands new techniques to prevent illicit money from entering banks due to the anonymity of the blockchain address. Unlike traditional banking, cryptocurrencies on the blockchain are not linked to a specific owner and are not subject to traditional KYC, AML, and OPEC processes.

To mitigate risks, banks must incorporate certain changes.  

Enhance KYC: They must enhance the current know-your-customer (KYC) procedures. This can include adding questions about the source and purpose of clients’ crypto funds during onboarding for digital asset accounts. 

Accept from VASP-verified sources: Banks must only accept cryptocurrencies from approved virtual asset service providers (VASPs) that meet due diligence requirements.  

Apply traditional AML or OFAC screens to crypto: Banks should not allow crypto assets to be integrated into their legacy systems without obtaining information from the client on the source of the funds, even if they are moved to the client’s e-wallet from an unknown address. Once the client provides this source information, it can be run through the traditional AML and OFAC processes as a further check against potential criminal intent. 

How fintech can help

Fintech tools should also form an integral part of crypto compliance.

Banks must avail of third-party services that provide information on specific blockchain wallet addresses. Fintechs use data science tools and techniques to monitor these addresses for suspicious activity and build risk profiles. These tools combine public information research (off-chain) with blockchain data collected using machine learning and visualization tools.

Off-chain public news information and data: Off-chain public data is used to identify wallet addresses associated with various types of online businesses, such as retail payment processors, crypto exchanges, gambling and mining sites, and so on. Public forums and user profiles can reveal information about crypto mixers designed to layer transactions, dark markets, and whale wallets (high-value transaction flow) through web crawling. Also, US government investigations have produced a list of blacklisted wallet addresses. These wallet addresses can then be tagged to specific categories that are designated with a risk rating. 

Blockchain data: Blockchain event monitoring and metrics (hash rates, for example) can be combined with off-chain public information to reveal patterns of transactions associated with illicit activity. Since blockchain protocols assign a unique transaction identifier to each transaction, these identifiers are associated with blockchain addresses, transaction values, and fees paid. Cryptocurrencies use either new (Bitcoin) or reused (Ether) wallet addresses, but algorithms can track asset flow across all addresses. Visualization tools can then identify behavioral patterns among entity categories such as exchanges, payment processors, and dark money pools. By tagging and categorizing these addresses by their on-chain behavior and synthesizing these categories with the off-chain information, banks can arrive at robust risk assessment. 

Fintechs also offer risk assessment as a service to banks, who can integrate the address risk profile into their own risk management infrastructure. This will allow them to evaluate crypto wallet addresses for illicit activity before processing transactions and recording them in their books.  

As crypto markets expand, regulators will require a better understanding of the risks associated with them. With this growth, new fintech tools will continue to evolve. Increased blockchain activity will lead to more data, which over time, will improve the measurement and accuracy of the tools. As investment in blockchain applications grows, so will the anticipation for more accurate tools. 

Conclusion

Banks must chart out a roadmap to effectively manage their cryptocurrency compliance strategy in an evolving regulatory landscape.

To that end, they must keep up with developments in the technology, fintech, and regulatory arenas. They must undertake blockchain and e-wallet integration initiatives as well as capitalize on fintech tools to be compliant and serve their customers better. 

Paula Stelzner
Paula Stelzner is a senior consultant in the CS&I Capital Markets practice at TCS with over 11 years of experience. She has held senior cross-functional roles in the broker-dealer industry.
Read MoreRead More
Write to me
Read More

Related reading

Moving toward a cashless society with crypto payments

White Paper | 15 Aug 2022

Digital Assets – A New Paradigm in Capital Markets

Blog | 29 Dec 2021

Solutions for creating blockchain ecosystems

Podcast | 13 May 2021

Crypto custody services: An opportunity for custodian banks

White Paper | 17 Aug 2022
Swipe Left
Swipe Right

Transformation starts here

Ready to move from enterprise to ecosystem?

Talk to our experts

Find out more

Contact Contact