Deep Dive: Cracking Down On Cryptocurrency Exchange Cybercrime With AML/KYC Compliance

Cryptocurrency is one of the fastest-moving industries in the digital world, with a market that was valued at $1.03 billion in 2019 and is projected to reach $1.4 billion by 2024 at a compound annual growth rate (CAGR) of 6.18 percent. Bitcoin is one of the most famous names in the cryptocurrency space, accounting for $6 billion in daily transactions among 153 million registered user addresses.

The currency is well-known for its massive value fluctuations, as a single bitcoin cost just 9 cents in 2010, $313.92 in 2015 and a staggering $13,421.44 in 2018 before sharply decreasing to $3,869.47 in 2019. Thousands of other cryptocurrencies began circulating on crypto exchanges in recent years, such as Ethereum, Monero and Ripple, many of which leverage blockchain technology to serve as a transaction database.

These various cryptocurrencies are also widely known for their role in cybercrime, whether it’s via direct theft or laundering ill-gotten funds from other schemes. Cryptocurrency-related crimes totaled $4.3 billion in 2019, a larger sum than in 2017 and 2018 combined. The same year saw $2.8 billion in laundered money flow through cryptocurrency exchanges, up from $1 billion in 2018.

Government regulators and cryptocurrency exchanges are frantically looking for ways to regulate and prevent the laundering of stolen money through cryptocurrencies, with some methods showing more promise than others. The following Deep Dive explores how cybercriminals leverage cryptocurrency exchanges for money laundering and how government agencies are cracking down on exchanges that let launderers run amok.

How Money Launderers Exploit Cryptocurrency

Cryptocurrencies are popular for transactions in which users desire anonymity — such as when purchasing illicit drugs or adult material — and it is this same anonymity that makes them popular for money laundering. All transactions are logged into the blockchain, but these are typically made under pseudonyms or usernames that are difficult to link to actual identities. This lack of identity information is compounded by the weak KYC procedures of many cryptocurrency exchanges, with a recent study finding that 56 percent of all exchanges lacked sufficient KYC processes, many of which did so on purpose to avoid complying with AML regulations. Most of these poorly protected exchanges are located in Russia, the U.K. or the U.S., but some countries, like Seychelles and Singapore, lack KYC procedures on a large majority of their exchanges, making them hotbeds for money laundering and other cybercrimes.

Financial regulators, financial intelligence units and many cryptocurrency exchanges are expressing growing concern about the increased use of cryptocurrencies for committing cybercrimes. Seventy percent of respondents in a recent survey said that criminal activity was a top concern for professionals in the global cryptocurrency and financial industries, with this activity taking a variety of forms. Respondents were most concerned about money laundering (84 percent), with 79 percent concerned about the use of cryptocurrency to fund terrorist groups and 76 percent worried about its use in funding human trafficking. There was a notable gulf in opinion when it came to perceptions of cryptocurrencies’ risks, however: 63 percent of banks and 56 percent of governments felt cryptocurrencies pose a significant cybercrime risk, as opposed to only 9 percent of cryptocurrency industry professionals.

This gap in opinion means that any improvement in cryptocurrency exchanges’ AML/KYC procedures will likely come about through regulatory orders rather than a reliance on exchanges taking the initiative for themselves.

Enforcing AML/KYC Compliance At Cryptocurrency Exchanges

World governments have already taken a number of steps to curb money laundering by requiring cryptocurrency exchanges to bring their KYC processes in line with those of other FIs. The Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury, announced in November 2019 that it would begin strictly enforcing the “travel rule” for cryptocurrency exchanges. This rule forces exchanges to verify customers’ true identities as well as identify any senders and recipients of cryptocurrency transfers worth $3,000 or more. It was originally put into place in 2013, but was only intermittently enforced over the next six years, letting many cryptocurrency exchanges continue their old KYC-less practices with impunity.

The U.S. government worked to curb cryptocurrency exchanges’ lax AML procedures in the same year, following the example set by other financial regulatory agencies around the world. FinCEN charged the owner of a privately owned exchange with violating the Bank Secrecy Act by failing to report more than 150 transactions that were each worth more than $10,000, all of which required a currency transaction report to be sent to the Treasury. The owner of the exchange was required to pay a $35,000 fine and was prohibited from ever running a money transmission service again, sending a firm warning to other cryptocurrency exchanges about the consequences of failing to comply with AML and KYC requirements.

Cryptocurrency exchanges are therefore taking their AML/KYC compliance more seriously, and are even partnering with third parties to help root out potential money launderers. Exchanges wishing to provide a secure customer experience and avoid punishment from federal authorities would do well to follow this example.