15. September 2021

What this year's Basel AML Index says about money laundering threats from cryptocurrencies

Basel AML Index section on virtual assets

The Basel AML Index 10th Edition explore four aspects hindering the global fight against money laundering and terrorist financing (ML/TF). The first element crunched Financial Action Task Force (FATF) data on how jurisdictions are responding to money laundering threats related to virtual assets. The answer: not well at all. Excerpt from the full report:

The use of virtual assets such as cryptocurrencies is exploding – for legitimate as well as illicit purposes.

In January 2021, there were an estimated 106 million cryptocurrency users globally. Data on how any of these may be using cryptocurrencies for criminal purposes, including to launder stolen money, is however scarce. According to a 2021 report by blockchain analysis firm Chainalysis, of the estimated USD 21.4 billion in cryptocurrency transactions in 2019, criminal activity represented around 2.1 percent (USD 450 million).

Cryptocurrencies have unique characteristics, many of which are very positive, including for example the potential to improve financial inclusion. Yet their borderless nature and existence outside the formal financial system also make them a tempting option for criminals to conceal proceeds of corruption and other crimes, evade tax or fund terrorism.

Mitigating ML / TF threats from virtual assets – FATF Recommendation 15

In 2018, in an effort to motivate jurisdictions to take action to prevent virtual assets becoming a threat to global financial stability, the FATF revised its Recommendation 15 on virtual assets and virtual asset service providers (VASPs). Finalised amendments, an Interpretive Note and accompanying Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers followed in 2019.

In essence, the revised Recommendation requires among other things:

  • Jurisdiction must apply a risk-based approach to AML / CFT risks associated with virtual assets.
  • VASPs should be licensed/registered, and subject to adequate regulation and supervision.
  • VASPS must conduct customer due diligence on one-off transactions over USD/ EUR 1,000, and submit suspicious activity reports where needed.
  • VASPs should obtain information about the originator and beneficiary of transfers and make it available to competent authorities (the so-called "travel rule").

The FATF defines the term “virtual asset” as any “digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes”. This does not include digital representations of fiat currencies or other financial assets included elsewhere in its Recommendations.

VASPs include natural or legal persons that offer services such as exchanging between virtual assets and fiat currencies, exchanging between different forms of virtual assets, transferring virtual assets, safekeeping or administering virtual assets, or providing other financial services relating to virtual assets.

How are jurisdictions doing at mitigating their risks of money laundering using virtual assets?

In July 2020 and July 2021, the FATF issued the first and second reports on the results of 12-month reviews on the revised standard.

It is still early days, as the final version of the revised Recommendation 15 was only issued in June 2019. However, initial signs are not encouraging.

  • Of the 27 jurisdictions assessed or reassessed for technical compliance with the new R.15 from June 2020 to June 2021, 19 downgraded their scores. Five jurisdictions retained the same scores and only three managed to improve.
  • The average compliance score for R.15 across all jurisdictions assessed with the latest (fourth-round) FATF methodology decreased from 70% to 60%.
  • Of the 10 jurisdictions assessed with Mutual Evaluation Reports, none was rated as being compliant. Two jurisdictions were non-compliant (score of 0), 5 were partially compliant (score of 1 out of 3) and 3 were largely compliant (score of 2 out of 3).

Is there a risk of “regulator shopping” in the virtual assets sector?

Yes. The consequences of individual failings by jurisdictions in implementing effective AML / CFT requirements on VASPs could be serious.

The reason is simple and visible in regular money laundering schemes too: criminals wishing to abuse virtual assets for illicit purposes can simply switch from jurisdictions with a strong regulatory framework to one in which regulations are weak and not enforced. This risk is exacerbated by the hyper-global nature of virtual assets.

A lack of coordinated and concerted global action may therefore result in some jurisdictions becoming safe havens for illicit activity using virtual assets.

This challenge has been recognised by the European Commission’s June 2021 package of proposals to tackle ML / TF, which includes an ambitious plan to harmonise AML / CFT legislation in relation to VASPs across all EU jurisdictions. This is a positive move, but without similar efforts among other jurisdictions and regional bodies, it is likely that the illicit activity will simply move to locations with fewer or no controls.

What are the biggest issues to fix, and how can jurisdictions with upcoming FATF assessments obtain a better evaluation?

The FATF’s second review of trends with regard to the implementation of the revised R.15 indicated progress in certain areas, including with respect to transposing the new requirements into domestic legislation, submitting suspicious activity reports and establishing supervisory regimes.

Significant gaps however remain, in particular in the following areas:

  • Weak implementation of the “travel rule”, meaning that information on the originators and beneficiaries of cryptocurrency transactions is not being obtained or made available to competent authorities.
  • Sluggish action by jurisdictions in implementing AML / CFT obligations in the virtual assets sector, with infrequent examinations or sanctioning.
  • Generally, a lack of knowledge and expertise among supervisory/regulatory bodies in the field of virtual assets, reducing their ability to oversee and guide VASPs.

What data is available to assess ML / TF risks relating to virtual assets?

The new and fast-evolving nature of the virtual assets sector means that reliable data relevant to evaluating money laundering risks is not widely available.

Regular market data on virtual assets, such as the use of cryptocurrencies and the location of cryptocurrency mining centres, are largely collected and analysed by blockchain analytic companies such as Chainalysis, CipherTrace, Coinfirm, Elliptic, Merkle Science, Scorechain, TRM Labs.2

However, the differences in methodologies, analytical techniques and tools, along with the proprietary nature of the data, mean that comparability is difficult. The data also tend to focus on a select few cryptocurrencies only and are therefore not sufficiently comprehensive for this purpose.

A prerequisite for evaluating risks of ML / TF relating to virtual assets is understanding geographical trends in their use and regulation.

We therefore suggest that the FATF assessment of jurisdictions’ compliance with R.15 remains the most reliable source of data on ML / TF risks relating to virtual assets. It also has the virtue of enabling comparisons across jurisdictions and measurement of progress over time.

Learn more