While virtual assets have revolutionised the financial industry, they have created new opportunities that ‘facilitates’ the process of money laundering, terrorist financing and other criminal activities. Criminals are now able to process cross-border transactions in a rapid way, which means that they can acquire, move and store virtual assets outside a regulated financial institution. Not only is this convenient for them, but it also makes it harder to identity suspicious activities.
Nonetheless, developments in technology imply that regulators also are better equipped to fight illegal activities. To this end, and to assist financial firms, non-financial business and reporting entities, the Financial Action Task Force (FATF) has issued a report that highlights red-flag indicators suggesting criminal activities. These indicators, explored below, point to suspicious virtual assets activities or attempts to evade law enforcement detection.
Excessive use of software offering anonymity
Virtual Assets boasts of the ability to be able to process transactions anonymously. While this is a great safety feature against thefts and data breaches, it means that criminals also have the ability to disguise and store funds. As a financial firm, or any entity, wishing to protect themselves, you must look out for the following:
- Clients using more than one type of VAs, especially those that offer higher anonymity, when processing transactions,
- Clients moving a VA from a public and transparent blockchain to a centralised exchange and then trading it for a privacy coin,
- Clients that function as an unregistered/unlicensed virtual asset service providers on peer-to-peer exchange websites, especially if huge amount of virtual assets of others are involved,
- Clients having no logical business explanations for abnormal volumes of transactional activities,
- Clients using mixing and tumbling services with the intention to obscure the flow of funds,
- Funds from, or saved into, a VA address or a wallet linked to suspicious sources,
- Clients using decentralised/unhosted wallets to physically transport VAs overseas,
- Clients using software to suppress or redact the owner of a domain name,
- Usage of anonymous or encrypted means of communications,
- A large number of seemingly different virtual assets being controlled by the same IP address, or
- Use of ATMs and kiosks, especially when transaction fees are higher
Geographical risks
In many cases, criminals take advantage of jurisdictions that do not have strong regulations/laws or measures related to virtual assets to combat money laundering and other illegal activities. For instance, the countries have not introduced the whole set of preventive measures according to FAFT standards. Thus, firms must be mindful if:
- The client’s funds comes from, or is sent to, an exchange that is not registered in the country where either the customer or exchange is located.
- The client uses a Virtual Asset exchange in, or sends funds to, a high-risk jurisdiction that does not have the proper Anti-Money Laundering and Combating the Financing of Terrorism laws.
- The client sets up offices or moves its offices to countries that have not implemented regulations governing virtual assets or where there is no business rationale to do so.
Irregular transaction patterns
Irregular, unusual or uncommon transaction patterns might indicate that Virtual assets are being used for money laundering and terrorist financing. The signs can be categorised based on new users or all users
New users
- Depositing a large initial down-payment that is inconsistent with the customer profile.
- Funding a large deposit on the day the account is opened and a large amount of this, or the totality, is traded on the same day or the day after.
- Attempting to trade off the entire balance of Virtual Assets or withdrawing and sending it off the platform.
All users
- Using multiple Virtual Assets or accounts without any logical business explanations.
- Conducting frequent and large transfers, by more than one person and from the same IP address, in a specific period of time to the same VA account.
- Small amount of funds coming in from many unrelated wallets that are then being transferred to another wallet.
- Conducting Virtual Assets into fiat currency exchange at a potential loss, without any business explanation and despite transaction fees being high and vice-versa.
Size and frequency of financial operations
The way transactions are processed and the amount of funds involves might also alert firms as to whether criminal activities are involved. Companies must be suspicious if:
- Virtual assets transactions are being structured in small amounts, under the limit of record-keeping or reporting thresholds.
- Making high-value transactions either in short successions, in an irregular pattern or to a newly created or previously inactive account.
- Immediately transferring Virtual assets to multiple service providers that are located in another jurisdiction that is not related to the customer’s residence or where there is no/weak regulations.
- Unnecessarily withdrawing virtual assets, converting them to multiple VAs and transferring it to a private wallet immediately after a deposit.
- Funds suspected as being fraudulent or stolen is being accepted or depositing funds from such suspicious VA addresses.
Suspicious senders or recipients
Irregularities about a customer’s behaviour or profile might alert you as to whether he/she is the sender or recipients of illicit transactions.
Customers’ Profile
Red-flag indicators of a customer’s profile are:
- A client providing credentials/identifications shared by another account.
- Discrepancies between IP addresses that was used to create the account and that to process transactions.
- Customers’ VA address on public forums is associated with illegal activities.
- Customer is known to be previously associated with criminals.
- Customer frequently changing his/her identification information: such as email/IP address or financial information.
- Customer using language in VA message fields that suggest illicit transactions.
- Customer frequently conducting transactions at a loss
Irregular behaviour during account creation
- Creating separate accounts under different names,
- Initiating transactions from non-trusted IP addresses or those that have previously been flagged as suspiscious,
- Trying to open an account frequently within the same service provider from the same IP address,
- Merchants having their Internet domain registrations in a different jurisdiction than that of their establishment.
Source of funds or wealth related to criminal activities
The misuse of virtual assets is linked to criminal activities like illicit trafficking in narcotics and psychotropic substances, fraud, theft and extortion. Below are some indicators hinting that source of funds or wealth that may be related to these activities.
- Processing transactions with VA addresses or bank cards that are connected to known fraud, extortion, or ransomware schemes or illicit websites and the dark web.
- Transactions that originate from or is destined to online gambling services.
- Using one or several credit/debit cards linked to a VA wallet to withdraw large amounts of fiat currency and to purchase virtual assets sourced from cash deposits.
- High deposits into a VA address, with an unknown source of funds and then converting it to fiat currency.
- Insufficient information with regards to the origins and owners of the funds (for example shell companies).
- Funds that are sourced directly from third-party mixing services or wallet tumblers.
- A huge portion of the customer’s funds is derived from investments in virtual assets, ICOs or fraudulent ICOs, etc.
- The source of wealth is disproportionately drawn from virtual assets originating from other virtual asset service providers that lack AML/CFT controls.