In 2014, JPMorgan Chase Bank, N.A. admitted to violating the Bank Secrecy Act. The bank had failed to report dubious transactions which were connected to fraudster Bernard Madoff’s Ponzi scheme.
The Financial Crimes Enforcement Network (FinCEN) fined JPMorgan $461 million.
Then, in 2016, FinCEN went after Gibraltar Private Bank for knowingly violating federal anti-money laundering rules (i.e. the Bank Secrecy Act). Gibraltar’s negligence had allowed a billion-dollar Ponzi scheme controlled by attorney Scott Rothstein to flourish.
FinCEN handed Gibraltar a $4 million civil money penalty.
Noticing a pattern here?
And, more importantly, what do these enforcement actions involving traditional banks have to do with your cryptocurrency business?
Past patterns form future trends:
FinCEN has a history of targeting financial institutions and their AML departments for failing to report unusual activity. Whether you’re a crypto or a traditional financial institution is immaterial to FinCEN.
The Secret to Surviving FinCEN’s Scrutiny: KYC Compliance
Some people have already deemed 2018 “the year of regulations” for the industry. Several governments have started enforcing KYC requirements for cryptocurrency companies. So if you haven’t started prioritizing KYC compliance, regulators are catching up to you.
If you think KYC compliance is as easy as recording customer information, you’re mistaken. KYC processes require that financial institutions:
- Verify Customers’ Identities: In order to verify a customer’s identity, you need more than a name, phone number, or email address. Any John Doe can obtain a person’s name and email address. Your business must rely on data that is specific enough to protect your customer’s identity from criminals.
- Monitor Customer Activity: Don’t assume that a law-abiding customer will always be a law-abiding customer. Madoff and Rothstein (who we mentioned earlier) weren’t always fraudsters. If JPMorgan and Gibraltar had carefully monitored the behavior of these criminals, they could have reported their illegal activities sooner.Remember too that SARs are mandated for “suspicious and/or unusual activity,” a burden that is arguably much lower than, say, “criminal activity” or “fraudulent activity.”
Make KYC processes a big part of your cryptocurrency business’s compliance strategy. If (or when) FinCEN comes knocking at your door, you’ll be able to attest to the financial dealings of your customers, not just their name, rank, and serial number.
Revisit Red Flag Routines Often
So your cryptocurrency company has revamped its KYC compliance. Great! That’s just step one. Now it’s time to revisit the protocols you have in place for the discovery (and handling) of red flags in your transaction records. We can break these protocols down into two steps.
Step 1: Identifying
Recall that Bernard Madoff and Scott Rothstein made illegal profits by orchestrating Ponzi schemes. Ponzi schemes are a common example of fraudulent financial dealings, and they’re not limited to fiat money.
The crypto-Ponzi scheme run by BitConnect is proof of this fact. BitConnect was a startup which promised high-value returns to its investors in 2017. Several cryptocurrency authorities accused the company of running a Ponzi scheme while its cryptocurrency exchange was open for business.
Then, at the start of 2018, the company shut down its exchange after much scrutiny from regulators. The BitConnect tokens investors had purchased lost much of their value shortly afterward.
Why are we telling you this?
Because FinCEN expects you to be on the lookout for transactions which resemble these and other fraudulent schemes. Just last year alone, cryptocurrency cybercrime cost consumers more than $225 million. Some portion of these losses could have been avoided had cryptocurrency companies spent more time trying to identify the fraudulent activity which was occurring right under their noses.
Take note of the buying behaviors of your customers. If you don’t, you risk being held responsible for their involvement in fraudulent schemes.
Step 2: Reporting
We’re not going to pull any punches: If you don’t report potential fraudulent financial schemes to the government, you may face civil or criminal charges.
As a financial institution, you should be prepared to identify and report fraudulent financial schemes. If cryptocurrency companies don’t rise to the occasion, the industry stands to lose a lot of trust from both consumers and regulators.
Criminals don’t take any days off. Neither should your compliance team. If your team is serious about compliance, you have to take some preventative measures.
Start by investing in some cryptocurrency compliance tools. From blockchain explorers to screening tools to phone verification services, there are already many sophisticated and effective tools on the market to ward off the illicit actors and impress FinCEN and law enforcement.
The screening tools may prove especially helpful to businesses tracking suspicious activity across the blockchain or the world for that matter. These tools also screen customer information against compliance watchlists and can alert you of possible red flags. There are even some free screening tools on the market, though the pricier options tend to offer more contextual and detailed results.
SMS phone verification services are another standout here. Standard SMS verification is not acceptable proof of identity. Phone verification services, however, help businesses add extra levels of security against identity theft.
Regardless of which tools you use or what your budget is, the important thing is that you remain vigilant. Anticipate illicit activities before your business is compromised by staying one step ahead of the bad guys.
Be Prepared To Weather The Storm
Will FinCEN come knocking at your door tomorrow? No. But will FinCEN expect the cryptocurrency industry to report suspicious and/or unusual activity, including financial schemes that seem too good to be true? Absolutely.
It’s often said that the best defense is a strong offense. Compliance is no different. With a strong KYC compliance strategy, up-to-date red flag routine, and enough vigilance, you’ll be as prepared as possible.
Of course, if there is any doubt about the fitness of your compliance program, contact BitAML for a consult.