AML

KuCoin agrees to ban New York residents and pay $22 million in settlement

KuCoin users from New York will lose the ability to trade within 30 days and will have their accounts closed within 120 days.

Crypto exchange KuCoin has agreed to pay $22 million to the State of New York and to bar residents of the state from using its platform, according to a stipulation and consent order filed in the New York Supreme Court on Dec. 12.

According to the order, KuCoin admits that it “operates a cryptocurrency trading platform on which users, including users in New York state, can purchase or sell cryptocurrencies which are securities or commodities as defined under the laws of New York state and that Kucoin is not registered as a securities or commodities broker-dealer.” In addition, KuCoin “admits that it represented itself as an ‘exchange’ and was not registered as an exchange pursuant to the laws of New York State.”

KuCoin has agreed to close the accounts of all New York resident users within 120 days and to prevent New York residents from obtaining accounts in the future. In addition, it will restrict access to withdrawals to only within 30 days, leaving the remaining 90 days available for users to withdraw funds.

Read more

More US senators back Elizabeth Warren’s AML bill targeting crypto

The legislation, reintroduced in July, already has the support of several U.S. lawmakers, but critics have suggested it could threaten financial freedom and privacy.

Massachusetts Senator Elizabeth Warren, an outspoken critic of digital assets in the United States government, has announced that five more senators have agreed to cosponsor one of her bills aimed at cracking down on money laundering.

In a Dec. 11 announcement, Senator Warren said Senators Raphael Warnock, Laphonza Butler, Chris Van Hollen, John Hickenlooper and Ben Ray Luján had backed her Digital Asset Anti-Money Laundering Act, reintroduced in July. According to Warren, the legislation specifically targeted illicit uses of crypto assets for money laundering and financing terrorism.

“I’m glad that five new senators are joining the fight to take action, including three members of the Banking Committee,” said Warren. “Our bipartisan bill is the toughest proposal on the table cracking down on crypto’s illicit use and giving regulators more tools in their toolbox.” 

Read more

Innovate some compliance mechanisms, US Treasury official tells DeFi community

Assistant Treasury Secretary Elizabeth Rosenberg said the Treasury was enhancing its regulatory regime and that DeFi should program in some compliance.

The United States Treasury did a risk assessment of decentralized finance (DeFi) and found the sector lacking in several ways, Assistant Treasury Secretary for Terrorist Financing and Financial Crime Elizabeth Rosenberg reminded an audience at the Atlantic Council think tank on April 21. Get ready for more regulation, she said.

Rosenberg was referring to a report released earlier in April by the Treasury that found scammers, money launderers and North Korean hackers benefitting from the lack of Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) compliance in the sector. That report was part of the Treasury’s response to U.S. President Joe Biden’s executive order on the responsible development of digital assets.

The report also found that DeFi was not always very decentralized. “There are generally persons and firms associated with those [DeFi] services to which AML/CFT obligations may already apply,” Rosenberg said. The assessment report established that all DeFi services are liable to comply with the Bank Secrecy Act, including AML/CFT.

“We will assess enhancements to our domestic AML/CFT regulatory regime as applied to DeFi services and monitor responsible innovation of AML/CFT and sanctions compliance tools,” Rosenberg said. She continued:

“I want to offer a specific message to the private sector. ‘DeFi innovation’ should not only occur in the technical, financial domain — there is an enormous need and potential for innovation in compliance mechanisms that could help all players in the digital ecosystem ensure they remain on the right side of the law.”

Rosenberg and her team were freshly back from the Financial Action Task Force (FATF) Virtual Assets Contact Group meeting in Tokyo, she said. The team presented the results of the Treasury’s DeFi risk assessment there as well.

Related: FATF agrees on roadmap or implementation of crypto standards

The timing of Rosenberg’s speech is also notable because the European Parliament passed the Markets in Crypto-Assets legislation a day earlier. The MiCA legislation included provisions for tracing or blocking certain payments using crypto assets. This AML/CFT practice is already used in traditional finance and is known as the “Travel Rule” by the FATF. It was also a key part of the Treasury‘s risk assessment.

Magazine: US enforcement agencies are turning up the heat on crypto-related crime

Top 7 legal and compliance jobs in the crypto market

Explore essential skills for top legal and compliance jobs in the crypto market.

Cryptocurrencies are a rapidly growing market that is changing how people invest, buy and sell goods and services, and transfer money. However, with the growth of this market comes an increasing need for legal and regulatory compliance, particularly concerning issues such as money laundering, fraud and data protection.

As a result, there is a demand in the cryptocurrency sector for legal and compliance specialists. The positions listed below are just a few examples of the various legal and compliance positions available in the cryptocurrency sector. Each one is crucial to ensuring that the market functions fairly, openly and lawfully.

Compliance officer

A compliance officer in the crypto market is responsible for ensuring that the company complies with all relevant laws and regulations, including Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements. 

Knowing the relevant laws and regulations, having strong analytical and problem-solving abilities, and having the capacity to effectively interact with internal and external stakeholders are all necessary qualifications for this position.

Legal counsel

A legal counsel in the crypto market provides legal advice and support to the company on a range of legal issues, including regulatory compliance, contracts, intellectual property, and data protection.

Legal counsels in the crypto world require unique skills due to the complex and evolving nature of the cryptocurrency market. This also entails technological and legal skills. Legal counsels need to know the rules and legislation that apply to cryptocurrencies and other digital assets, as well as the underlying technologies like blockchain and smart contracts. Additionally, they must be able to handle the dynamic regulatory environment of the cryptocurrency business.

They must also have exceptional analytical and problem-solving abilities to decipher complicated legal and technical data, giving clients clear and succinct advice. Additionally, legal counsels must have strong communication and negotiation skills to represent clients effectively in legal proceedings or negotiations.

Compliance analyst

A compliance analyst in the crypto market is responsible for monitoring the company’s compliance with regulatory requirements, conducting risk assessments, and developing and implementing compliance policies and procedures.

Skills required for this role include strong analytical and problem-solving skills, knowledge of relevant laws and regulations, and the ability to work independently and as part of a team.

KYC/AML analyst

A KYC/AML analyst checks consumers to ensure they adhere to AML and KYC standards in the crypto market. KYC/AML analysts in the crypto market require attention to detail, knowledge of regulations, risk assessment, investigative skills, data analysis, and communication skills to ensure compliance with Anti-Money Laundering and Know Your Customer requirements.

Related: What is KYC, and why do crypto exchanges require it?

Regulatory affairs manager

A regulatory affairs manager in the crypto market is responsible for monitoring regulatory developments, analyzing the impact on the company and developing strategies to ensure compliance. 

Regulatory affairs managers in the crypto industry require skills such as adeptness with compliance frameworks, knowledge of regulatory policies, proficiency in navigating legal requirements and the ability to develop strategic solutions to meet regulatory obligations.

Chief compliance officer

The chief compliance officer in the crypto market is responsible for overseeing the company’s compliance function, ensuring that the company complies with all relevant laws and regulations, and developing and implementing compliance policies and procedures.

Related: How are metaverse assets taxed?

Chief compliance officers in the crypto market require skills such as leadership, stakeholder management, strategic planning, risk assessment, and adeptness with compliance frameworks and regulatory policies to ensure effective compliance management and risk mitigation.

Data protection officer

A data protection officer in the crypto market is responsible for ensuring that the company complies with data protection laws and regulations, such as the General Data Protection Regulation (GDPR).

Data protection officers in the crypto industry require advanced knowledge of privacy regulations, expertise in data governance, proficiency in implementing security protocols, and the ability to ensure data confidentiality, integrity and availability.

Banks with crypto services require new Anti-Money Laundering capabilities

Large financial institutions are getting involved in digital assets by investing capital, time and effort into on-chain analytics solutions.

The new year began with the news that notable Web3 entrepreneur Kevin Rose fell victim to a phishing scam in which he lost over $1 million worth of nonfungible tokens (NFTs). 

As mainstream financial institutions begin to provide services related to Web3, crypto and NFTs, they would be custodians of client assets. They must protect their clients from bad actors and identify whether client assets have been obtained through illicit activities.

The crypto industry hasn’t made it easy for Anti-Money Laundering (AML) functions within organizations. The sector has innovated constructs like cross-chain bridges, mixers and privacy chains, which hackers and crypto thieves can use to obfuscate stolen assets. Very few technical tools or frameworks can help navigate this rabbit hole.

Regulators have recently come down hard on some crypto platforms, pressuring centralized exchanges to delist privacy tokens. In August 2022, Dutch police arrested Tornado Cash developer Alexey Pertsev, and they have worked on controlling transactions through mixers since then.

While centralized governance is considered antithetical to the Web3 ethos, the pendulum may have to swing in the other direction before reaching a balanced middle ground that protects users and doesn’t curtail innovation.

And while large institutions and banks have to grapple with the technological complexities of Web3 to provide digital assets services to their clients, they will only be able to provide suitable customer protection if they have a robust AML framework.

AML frameworks will need several capabilities that banks must evaluate and build. These capabilities could be built in-house or achieved by collaborating with third-party solutions.

A few vendors in this space are Solidus Labs, Moralis, Cipher Blade, Elliptic, Quantumstamp, TRM Labs, Crystal Chain and Chainalysis. These firms are focused on delivering holistic (full-stack) AML frameworks to banks and financial institutions.

For these vendor platforms to deliver a holistic approach to AML around digital assets, they must have several inputs. The vendor provides several of these, while others are sourced from the bank or institution they work with.

Data sources and inputs

Institutions need a ton of data from varied sources to effectively identify AML risks. The breadth and depth of data an institution can access will decide the effectiveness of its AML function. Some of the key inputs needed for AML and fraud detection are below.

The AML policy is often a broad definition of what a firm should watch for. This is generally broken down into rules and thresholds that will help implement the policy. 

An AML policy could state that all digital assets linked to a sanctioned nation-state like North Korea must be flagged and addressed.

The policy could also provide that transactions would be flagged if more than 10% of the transaction value could be traced back to a wallet address that contains the proceeds of a known theft of assets.

For instance, if 1 Bitcoin (BTC) is sent for custody with a tier-one bank, and if 0.2 BTC had its source in a wallet containing the proceeds of the Mt. Gox hack, even if attempts had been made to hide the source by running it through 10 or more hops before reaching the bank, that would raise an AML red flag to alert the bank to this potential risk.

Recent: Death in the metaverse: Web3 aims to offer new answers to old questions

AML platforms use several methods to label wallets and identify the source of transactions. These include consulting third-party intelligence such as government lists (sanctions and other bad actors); web scraping crypto addresses, the darknet, terrorist financing websites or Facebook pages; employing common spend heuristics that can identify crypto addresses controlled by the same person; and machine learning techniques like clustering that can identify cryptocurrency addresses controlled by the same person or group.

Data gathered through these techniques are the building block to the fundamental capabilities AML functions within banks and financial services institutions must create to deal with digital assets.

Wallet monitoring and screening

Banks will need to perform proactive monitoring and screening of customer wallets, wherein they can assess whether a wallet has interacted directly or indirectly with illicit actors like hackers, sanctions, terrorist networks, mixers and so on.

Illustration of assets in a wallet categorized and labeled. Source: Elliptic

Once labels are tagged to wallets, AML rules are applied to ensure the wallet screening is within the risk limits.

Blockchain investigation

Blockchain investigation is critical to ensure transactions happening on the network do not involve any illicit activities.

An investigation is performed on blockchain transactions from ultimate source to ultimate destination. Vendor platforms offer functionalities such as filtering on transaction value, number of hops or even the ability to identify on-off ramp transactions as part of an investigation automatically.

Illustration of Elliptic platform tracing a transaction back to the dark web. Source: Elliptic

Platforms offer a pictorial hop chart showing every single hop a digital asset has taken through the network to get from the first to the most recent wallet. Platforms like Elliptic can identify transactions that even stem from the dark web.

Multiasset monitoring

Monitoring risk where multiple tokens are used to launder money on the same blockchain is another critical capability that AML platforms must have. Most layer 1 protocols have several applications that have their own tokens. Illicit transactions could happen using any of these tokens, and monitoring must be broader than just one base token.

Cross-chain monitoring

Cross-chain transaction monitoring has come to haunt data analysts and AML experts for a while. Apart from mixers and dark web transactions, cross-chain transactions are perhaps the hardest problem to solve. Unlike mixers and dark web transactions, cross-chain asset transfers are commonplace and a genuine use case that drives interoperability.

Also, wallets that hold assets that hopped through mixers and the dark web can be labeled and red-flagged, as these are considered amber flags from an AML perspective straightaway. It wouldn’t be possible just to flag a cross-chain transaction, as it is fundamental to interoperability.

AML initiatives around cross-chain transactions in the past have been a challenge as cross-chain bridges can be opaque in the way they move assets from one blockchain to another. As a result, Elliptic has come up with a multitiered approach to solving this problem.

An illustration of how a cross-chain transaction between Polygon and Ethereum is identified as having its source with a crypto mixer — a sanctioned entity. Source: Elliptic

The simplest scenario is when the bridge provides end-to-end transparency across chains for every transaction, and the AML platform can pick that up from the chains. Where such traceability is not possible due to the nature of the bridge, AML algorithms use time value matching, where assets that left a chain and arrived at another are matched using the time of transfer and the value of the transfer.

The most challenging scenario is where none of those techniques can be used. For instance, asset transfers to the Bitcoin Lightning Network from Ethereum can be opaque. In such cases, cross-bridge transactions can be treated like those into mixers and the dark web, and will generally be flagged by the algorithm due to the lack of transparency.

Smart contract screening 

Smart contract screening is another crucial area to protect decentralized finance (DeFi) users. Here, smart contracts are checked to ensure there are no illicit activities with the smart contracts that institutions must be aware of.

This is perhaps most relevant for hedge funds wanting to participate in liquidity pools in a DeFi solution. It is less important for banks at this point, as they generally do not participate directly in DeFi activities. However, as banks get involved with institutional DeFi, smart contract-level screening would become extremely critical.

VASP due diligence

Exchanges are classed as Virtual assets service providers (VASPs). Due diligence will look at the exchange’s overall exposure based on all addresses associated with the exchange.

Some AML vendor platforms provide a view of risk based on the country of incorporation, Know Your Customer requirements and, in some cases, the state of financial crime programs. Unlike previous capabilities, VASP checks involve both on-chain and off-chain data.

Recent: Tel Aviv Stock Exchange’s crypto trading proposal a ‘closed-loop system’

AML and on-chain analytics is a fast-evolving space. Several platforms are working toward solving some of the most complex technology problems that would help institutions safeguard their client assets. Yet, this is a work in progress, and much needs to be done to have robust AML controls for digital assets.

India subjects crypto transactions to Anti-Money Laundering law

The operators must store the transactions’ data for ten years and pass it to regulators on demand.

While there’s nothing new in imposing Anti-Money Laundering (AML) standards on crypto, it is only now that the Indian government has decided to notify all interested parties of the obligation to comply with the national AML law.

On March 7, The Gazette of India published a notification from the Ministry of Finance, subjecting a range of crypto transactions to the Prevention of Money-Laundering Act (PLMA) 2002 — namely the exchange, transfers, safekeeping and administration of virtual assets. Financial services related to an issuer’s offer and sale of virtual assets also fall under the PMLA.

The notification doesn’t provide many details, but the PMLA obliges financial institutions to maintain a record of all transactions for the last ten years, provide these records to officials if demanded, and verify the identity of all the clients.

Published as regulators worldwide are tightening AML standards for crypto, the notification will complicate the life of crypto companies in India. And it already has not been too comfortable in recent years. From March 2022, according to amended tax rules, digital assets holdings and transfers are subject to a 30% tax.

Related: India explores offline functionality of CBDCs — RBI executive director

​​Trading volume on major cryptocurrency exchanges across India dropped by 70% within 10 days of the new tax policy, and almost 90% over the next three months. The rigid tax policy drove crypto traders to offshore exchanges and forced budding crypto projects to move outside India.

In February 2023, Indian authorities again demonstrated their tough stance on cryptocurrencies with a preemptive ban on crypto advertising and sponsorships in the local women’s cricket league. This followed a previous ban for the men’s cricket Premier League, introduced back in 2022.

In 2023, while celebrating India’s first presidency of the G20, the country’s Finance Minister, Nirmala Sitharaman, urged international efforts to regulate crypto. She called for a coordinated effort “for building and understanding the macro-financial implications,” which could be used to reform crypto regulation globally.

Coinbase CEO hints its new layer-2 network could include AML measures

Brian Armstrong said centralized firms have a responsibility to monitor transactions and carry out Anti-Money Laundering checks.

Coinbase CEO Brian Armstrong has hinted that the firm’s new layer-2 blockchain network Base may be subjected to transaction monitoring and Anti-Money Laundering measures at launch.

In an interview with Joe Weisenthal on Bloomberg Radio on March 6, Armstrong acknowledged that Base has some centralized components today, adding that “it will be more and more decentralized over time.”

However, he then suggested that there will be transaction monitoring and AML requirements for users of the new layer-2 network.

He suggested that Coinbase will have a responsibility in terms of transaction monitoring in the early days, adding:

“I think that the centralized actors are the ones that are probably going to have the most responsibility to avoid money laundering issues and having transaction monitoring programs and things like that.”

Armstrong’s comments were also highlighted up by decentralization advocate Chris Blec in a Twitter post on March 7.

Base is an Ethereum layer-2 network that offers a secure, low-cost, developer-friendly way for users to build decentralized apps, according to Coinbase.

It is being developed with the “OP Stack” used by Optimism, which will enable high-speed transactions on Ethereum. Base was unveiled on Feb. 23 and is currently in the testnet phase. Coinbase has yet to provide a mainnet launch date but it is expected in Q2, 2023.

Blec previously warned about Coinbase’s latest layer-2 offering in a blog post released in late February, five days after the firm announced Base.

He said that layer-2 infrastructure was quite centralized because they use “sequencers,” which are “nodes that construct and execute L2 blocks while transmitting users’ actions from L2 to L1.”

Coinbase, a licensed money transmitter, will be operating the sole sequencer for Base. This raised the question of whether Base would also legally require Know Your Customer (KYC) requirements, making it the first-ever L2 to do so.

Related: L2 is crucial to Ethereum decentralization, censorship resistance, says researcher

Coinbase hasn’t confirmed or denied whether Base would be implementing KYC and AML measures. Blec commented:

“Isn’t it ironic that ‘DeFi’ is heading toward being controlled by the entities that it was originally supposed to be battling?”

However, the crypto community and Ethereum advocates have said Base was a “massive confidence vote” for Ethereum.

Cointelegraph reached out to Coinbase for comment but had not received a response by the time of publication.

FATF agrees on roadmap for implementation of crypto standards

Part of the FATF’s “Travel Rule” includes recommendations that financial institutions obtain information on the originators and beneficiaries of certain crypto transactions.

The Financial Action Task Force, or FATF, has reported that its delegates have come to an agreement on an action plan “to drive timely global implementation” of global standards on cryptocurrencies.

In a Feb. 24 publication, the FATF says the plenary for the financial watchdog — consisting of delegates from more than 200 jurisdictions — met in Paris and reached a consensus on a roadmap aimed at strengthening the “implementation of FATF Standards on virtual assets and virtual asset service providers.” The task force says that in 2024, it will report on how FATF members have moved forward on implementing the crypto standards, including regulation and supervision of VASPs.

“The lack of regulation of virtual assets in many countries creates opportunities that criminals and terrorist financiers exploit,” says the report. “Since the FATF strengthened its Recommendation 15 in October 2018 to address virtual assets and virtual asset service providers, many countries have failed to implement these revised requirements, including the ‘travel rule’ which requires obtaining, holding and transmitting originator and beneficiary information relating to virtual assets transactions.”

Part of the FATF’s “Travel Rule” includes recommendations that VASPs, financial institutions and regulated entities in member jurisdictions obtain information on the originators and beneficiaries of certain digital currency transactions. As of April 2022, the financial watchdog reported that many countries were not in compliance with its Combating the Financing of Terrorism and Anti-Money Laundering standards.

Related: AML and KYC: A catalyst for mainstream crypto adoption

Japan, South Korea and Singapore have been among the countries seemingly most willing to implement regulations in accordance with the Travel Rule. Some nations, including Iran and North Korea, have reportedly been placed on the FATF’s “grey list” for monitoring suspicious financial activity.

ShapeShift responds to Sen. Warren’s comments to ‘set the record straight’

Switzerland-based crypto platform claimed Warren made “mistakes” in comments at a recent senate hearing and encouraged her to “constructively engage” with its community.

Non-custodial crypto platform ShapeShift refuted United States Senator Elizabeth Warren’s claims of “illicit financing,” suggesting that she used the platform as a scapegoat to “push” her latest crypto bill, according to a recent statement.

ShapeShift stated in a tweet on Feb. 19 that Warren made “mistakes” in her “analysis” of the platform at a recent senate banking committee hearing entitled, Crypto Crash: Why Financial System Safeguards are Needed for Digital Assets, on Feb. 14.

In a follow-up tweet, ShapeShift denied Warren’s comments regarding its involvement with “illicit financing,” stating it “never handles user funds” and has no ability to “facilitate this.”

This comes after Warren suggested at the senate hearing that ShapeShift had ulterior motives for restructuring itself as a DeFi platform in July 2021.

Warren suggested that the restructure was to encourage people to “launder” money on the platform.

Shapeshift also clarified that it is “not an exchange,” elaborating that it is an open-source crypto dashboard that “connects users” to different protocols and platforms.

It added that it cares about the “same things” as Warren, citing “user safety” and “access to innovation” as a mutual focus.

ShapeShift encouraged Warren and others to “constructively engage” in the topic of financial freedom and innovation with its community, sharing a link to its discussion forum.

This comes only a day after Erik Vorhees, CEO of ShapeShift, took to his personal Twitter on Feb. 18, stating that he is looking forward to Warren “submitting a proposal” to the Shapeshift DAO governance process, in response to her criticism of the platform.

Related: US Sen. Elizabeth Warren says crypto will ruin economy — Community responds

Warren has been a vocal crypto skeptic in recent times, having made comments in an interview on Jan. 25, suggesting that the United States Securities and Exchange Commission (SEC) should “double down” on its crypto enforcement efforts, as the crypto industry is scared for what’s to come next.

She claimed that the previous SEC administration “essentially gave the green light” to open up a cryptocurrency market “full of junk tokens, unregistered securities, rug pulls, Ponzi schemes, pump and dumps, money laundering and sanctions evasions.”

Cointelegraph reached out to ShapeShift for comment but did not receive a response by publication.

South Korea to deploy cryptocurrency tracking system in 2023

The “Virtual Currency Tracking System” will be used to monitor transaction history, extract information related to transactions and check the source of funds before and after remittance.

The Ministry of Justice in South Korea announced plans to introduce a crypto-tracking system to counter money laundering initiatives and recover funds linked to criminal activities.

The “Virtual Currency Tracking System” will be used to monitor transaction history, extract information related to transactions and check the source of funds before and after remittance, according to local media outlet khgames.

While the system is slated to be deployed in the first half of 2023, the South Korean ministry shared plans to develop an independent tracking and analysis system in the second half of the year. A rough translation of the ministry’s statement reads:

“In response to the sophistication of crime, we will improve the forensic infrastructure (infrastructure). We will build a criminal justice system that meets international standards (global standards).”

The South Korean police previously established an agreement with five local crypto exchanges to cooperate in criminal investigations and ultimately create a safe trading environment for crypto investors.

Related: South Korean prosecutors request arrest warrant for Bithumb owner: Report

The South Korean Supreme Court ruled that crypto exchange Bithumb must pay damages to investors over a 1.5-hour service outage on Nov. 12, 2017.

The finalized ruling from the supreme court ordered damages ranging from as little as $6 to around $6,400 be paid to the 132 investors involved.

“The burden or the cost of technological failures should be shouldered by the service operator, not [the] service users who pay commission for the service,” the court stated.