LAS VEGAS — As a nascent international anti-money laundering (AML) push to ensure global regulation of cryptocurrencies advances, most banks continue to take steps to avoid involvement in related transactions due to the significant financial crime and regulatory risks they pose, according to a panel of experts at a recent industry conference.
Even in the United States, which extended AML obligations to cryptocurrency firms in 2013 via guidance labeling them money transmitters, questions remain regarding oversight of such entities. A part of the challenge is the pace at which the industry is evolving and new products are emerging, panelists said at the 18th Annual AML & Financial Crime Conference held by the Association of Certified Anti-Money Laundering Specialists (ACAMS).
In Washington, D.C. last week, Jay Clayton, the head of the U.S. Securities and Exchange Commission (SEC), declined to tell a congressional panel whether or not Facebook’s Libra would be regulated as a security under his watch. He said he was not ready to make a public statement. The Swiss-based Libra Association, which comprises Facebook and 27 other members, announced in June that it plans to launch and oversee Libra, a cryptocurrency backed by a reserve of currencies, in 2020.
Panelist Sarah Runge, a former U.S. Treasury AML policy official who now is global head of financial crimes compliance regulatory strategy at Credit Suisse, noted that the cryptocurrencuy space “continues to move very, very quickly — Libra is a good example. Looking at the continuing evolution, and the ability for regulations to be iterative and quick in response to changes in risk, that is ultimately what is fundamentally important here.”
FATF Guidance Aimed at “Level Playing Field”
Runge added that in June, the global AML standard-setting body the Financial Action Task Force (FATF) issued binding guidance that “made very clear” that global standards apply to cryptocurrencies. FATF’s push should create a more “level playing field” since global banks operate under stringent regulatory frameworks while cryptocurrencies at present face little oversight, she explained.
“I think this is very important because what we’ve been seeing over the past several years is that while a couple of jurisdictions — the U.S., notably — have defined and regulated this space and enforced (the rules), that hasn’t been the case globally and we’ve seen a lot of jurisdictions dragging their feet when it came to drafting regulations,” she said.
The FATF has finalized its so-called “assessment methodology,” which means that countries’ regulation of cryptocurrencies will be assessed as part of the AML body’s mutual evaluation process, wherein countries critique one another on compliance with global standards. Indeed, FATF’s commitment to require member nations to report back in a year regarding their implementation of crypto-regulations “is the big thing,” Runge said. “Otherwise, what happens is, there is no way to hold countries accountable until the mutual evaluation process, which happens once each decade.”
Panelist Nicole Kitowski, chief risk officer with Associated Bank, agreed, adding that cryptocurrency is “always a moving target” and if a bank is going to assess and mitigate the associated risk “you really need to go all in and dedicate a lot of resources and put a program around it, in order to be dynamic.”
Bank Steps to Keep Crypto Out
Since Associated Bank has chosen not to provide banking services to cryptocurrency firms, its focus is to ensure it “isn’t being used to do the transactions,” Kitowski said. “So, from our perspective, it is just making sure that we’ve got the right firewalls, end-point, and authentication. But also, even doing some keyword searches on transactions that do come through to try to identify perhaps the people that are transacting or doing something they haven’t necessarily told us about during upfront due diligence. So, it’s an ongoing process to ensure we’re trying to identify them,”
For banks like Associated that choose not to be involved with cryptocurrency activity, the goal is to “have controls in place to keep it out to begin with,” said Richard Small, director of financial crimes compliance at BB&T, which also does not serve the cryptocurrency industry.
It can be difficult to know if a customer is buying cryptocurrency, Small added. “I’m not sure if I’m going to see it if they’re writing a check… (and) if someone is using a credit card to buy crypto, maybe we’ll see it, maybe we won’t,” he said, adding, however, that BB&T does do “web crawling” to “look for those that are advertising buying or selling crypto and whether or not they’re offering that money to come in or go out of our bank accounts.”
“That’s where I want to see if I can catch it, but the day-to-day somebody that is using bitcoin to buy a cup of coffee and may have used their bank account with us to buy the bitcoin, I wouldn’t be concerned about that right now,” he said.
Know Your Customer
It is important for banks to educate employees on cryptocurrency and to know and understand their customers’ transactions, said another panelist, Greg Ruppert, senior vice president for Financial Crimes Risk Management with Charles Schwab. He noted that cryptocurrencies have been used by criminals, but that not all transactions are tied to crime.
“Do you really understand what cryptocurrency is? What the various types of cryptocurrencies are? And then how are people using them?” said Ruppert, who previously led the Federal Bureau of Investigation’s cybercrime division. “Who is using it in your customer or client base? And… why are they using it? It comes back to why we do what we do, to know your customer.”