By Adam McLaughlin, Director of AML Strategy, NICE Actimize
Are cryptocurrency management firms making an even stronger effort than ever to comply with anti-money laundering rules and regulations. Are they seeking full compliance in AML? From my own informal survey of current events and customer buying patterns, the answer appears to be a resounding “yes” – but there is still a long way to go for some. Let’s look at this year’s activities to assess where the strength and some of the weaknesses may lie as crypto firms look to compete in the more mature world of asset management.
We are currently seeing crypto organisations, which may not yet be registered with the Financial Conduct Authority in the UK, making extra effort to ensure full compliance. This extra effort could be in the form of recruiting additional skilled staff or by updating or refreshing their technology. Where there are delays in registering or in compliance overall, is that a significant number of crypto organisations do not have the right controls in place to manage financial crime risks. Unfortunately, this lag could translate to them unwittingly being used by criminals to launder illicit wealth in plain sight.
Let’s take a step back and look at how the events rolled out this year.
The current extension of the temporary relief to crypto organizations is the second change to registration by the Financial Conduct Authority within the past six months. With the original registration deadline set for January 10 of this year, the FCA was unable to assess and register all the organisations which should be registered, due to the overwhelming number of organizations which applied,. The FCA then set up a temporary register for all organisations which submitted an application by the 15th December 2020. This temporary register allowed firms to continue trading until July 8, until they received full registration.
With that deadline passed, the processes were delayed again with the temporary register regime extended until 31st March 2022. One of the reasons for the new extension is because ‘a significantly high number of businesses’, in this case crypto businesses, are not meeting required money laundering laws, with some of them even withdrawing their original applications.
Lacking the Right Controls?
This extension means that any crypto firm who submitted an application before 15th December, and which have not received a registration or rejection from the FCA ,are permitted to continue trading until 31st March 2022, or until the FCA approves or rejects their registration. This could potentially mean that crypto organisations which are not fully compliant with AML legislation could continue trading until the FCA get around to assessing them. Doesn’t see like a great place for the industry to be in, but there is more.
This current situation may not result in what you think. In fact, it will probably result in crypto organisations, which are not yet registered, making extra effort to ensure full compliance. What this latest delay has identified is that a significant number of crypto organisations do not have the right controls in place to manage financial crime risks, meaning they could be unwittingly being used by criminals to launder illicit wealth in plain sight.
Is AML Compliance Out of Reach?
There are a number of potential reasons why some crypto organisations could be finding it difficult to meet FCA and other regulations. These reasons fall into four primary areas, which can be categorized as expertise, training, governance and technology. Let’s look at each of these. In terms of expertise, and that is a big area of concern, some of the organisations, especially the smaller ones may not have employed the correct personnel who understands how to correctly implement and enforce changing AML regulations within their organizations. And aligned to this, there may not be adequate training for staff to inform them of current AML requirements and what they should or should not be doing on an ongoing basis.
Many organisations also show a lack of effective governance, or processes to provide a coherent and effective structure to their AML program, in line with regulatory expectations. This includes effective controls at onboarding, effective ongoing controls to monitor customer activity and effective processes for investigating and reporting suspicious activity or changes in customer risk.
And making enforcement even more difficult, technology, especially compliance technology may not have been considered or priced into operational expenses when some of the crypto organisations started their firms. Some may even be performing manual KYC or manual ongoing monitoring of their customers. An updated technology solution is critical for meeting and managing regulator expectations. Modern AML solutions are faster, they are less prone to human error, and can identify activity or trends much quicker than any human possibly can.
Key Steps to Be taken
For those cryptocurrency firms who may still be lagging, and even those ahead of the curve, the most important first step for any cryptocurrency firm seeking to update its AML compliance strategy is to be sure that the right staff is locked in place. They should be right-skilled on AML and the regulator requirements, and be adept at problem solving .
This team should then examine its governance processes, and put in place an effective, risk-based governance process to ensure there is a fully transparent and auditable program for onboarding, ongoing KYC, screening and ongoing monitoring of customers. Finally, it is important to have the right technology in place to quickly spot suspicious activity and ensure all customer risks are appropriately managed. Thankfully, I am already seeing many cryptocurrency organisations hiring additional staff and approaching technology vendors for solutions in increased numbers, and the industry is continuing its march to full AML regulatory compliance.