Introduction
As mainstream financial institutions start offering services associated with Web3, crypto, and NFTs, they are taking on the responsibility of safeguarding customer assets from nefarious actors and verifying that customer assets were not obtained through illegal activities. To do this, large financial institutions are investing resources such as capital, time, and energy into on-chain analytics and anti-money laundering solutions.
Regulators have recently taken a strong stance against certain crypto platforms, urging centralized exchanges to stop offering privacy tokens. Anti-Money Laundering (AML) functions within organizations have faced numerous challenges due to the crypto industry. Constructs such as cross-chain bridges, mixers, and privacy chains have been created, allowing cybercriminals and crypto thieves to conceal stolen assets. Few technical tools are available to help combat this issue. Regulators have recently taken action against certain crypto platforms, compelling centralized exchanges to delist privacy tokens.
In August 2022, Dutch police arrested Alexey Pertsev, the developer of Tornado Cash, and since then they have been working to regulate transactions through mixers. Although centralized governance is typically seen as being at odds with the principles of Web3, it may be necessary to reach a balanced middle ground that safeguards users and nurtures innovation before the pendulum can swing back in the other direction.
Banks and financial institutions are challenged with providing digital asset services to their customers while navigating the technological complexities of Web3. To guarantee suitable protection for their customers, a reliable Anti-Money Laundering (AML) framework must be in place.
To assess and develop this capability, institutions can either build it internally or gain assistance from third-party solutions. Vendors such as Solidus Labs, Moralis, Cipher Blade, Elliptic, Quantumstamp, TRM Labs, Crystal Chain and Chainalysis provide holistic AML frameworks to banks and financial institutions. For these platforms to be successful in delivering comprehensive AML for digital assets, data sources and inputs must be used. While some are supplied by the vendor, others must be sourced from the bank or institution.
Institutions require a vast array of data from multiple sources to accurately detect AML risks. The capacity to access data of sufficient breadth and depth can determine the success of a firm’s AML functions. An AML policy typically consists of a broad definition of what the firm should be wary of. This is broken down into rules and thresholds to ensure the policy is enforced. For instance, a policy may stipulate that all digital assets linked to a sanctioned nation-state such as North Korea must be flagged and addressed. Furthermore, transactions may be flagged if more than 10% of the transaction value can be traced back to a wallet address that contains the proceeds of a known theft of assets.
AML Platforms Strengthen Security Through Enhanced Wallet Labelling and Transaction Tracking
Anti-money laundering (AML) platforms are increasingly employing a multitude of methods to label wallets and pinpoint the origins of transactions. Such methods include leveraging third-party intelligence, such as government lists of sanctioned individuals and other potential financial criminals, as well as web scraping crypto addresses from the darknet, terrorist financing websites, and even Facebook pages. Additionally, common spend heuristics can be used to identify crypto addresses controlled by the same individual, while machine learning techniques, such as clustering, can detect cryptocurrency addresses managed by the same person or group.
The Need for Active Monitoring to Combat Illicit Entities
Financial institutions must engage in active monitoring and scrutiny of customer wallets to determine if they have interacted directly or indirectly with illicit entities such as hackers, sanctioned persons, terrorist networks, ‘mixers’ and the like.
Investigating blockchain transactions is essential to ensure they are not associated with any illegal activities. Companies such as Elliptic provide platforms which enable users to trace the path of a digital asset from its origin to its most recent wallet.
Using features such as transaction value filtering, number of hops identification, and on-off ramp transaction recognition, investigations can be conducted more easily and efficiently. Elliptic’s platform even offers a visual chart of all the jumps taken by a digital asset throughout the network and can identify transactions originating from the dark web.
AML Platforms Must Adapt to Monitor Risk Across Multiple Tokens on Layer 1 Protocols
AML platforms must have the capability to detect and monitor risk when multiple tokens are used for money laundering on the same blockchain. Layer 1 protocols often have multiple applications that use their own individual tokens. This means that criminals could potentially carry out illicit transactions using any of those tokens, so monitoring must extend beyond the base token.
Multi-Tiered Solution to Monitor Cross-Chain Transactions for AML Compliance
AML experts and data analysts have been attempting to tackle the difficult challenge of monitoring cross-chain transactions for some time. While mixers and transactions on the dark web pose their own problems, cross-chain asset transfers are a common use case and have a legitimate purpose in enabling interoperability. Differentiating a cross-chain transfer from an illicit one can be difficult, as wallets containing assets from mixers and the dark web can be immediately identified as red flags. The opacity of cross-chain bridges has made it difficult for AML initiatives to keep track of these transactions in the past. To address this problem, Elliptic has employed a multi-tiered approach.
An illustration of how a cross-chain transaction between Polygon and Ethereum is identified as having its source with a crypto mixer — a sanctioned entity. Source: Elliptic
When it comes to Anti-Money Laundering (AML) platforms, bridge technologies can either provide full transparency or result in complete opacity. In the first instance, bridges that offer end-to-end transparency for each transaction can be tracked by the AML platform. Where this kind of traceability is not possible due to the nature of the bridge, AML algorithms rely on time value matching to monitor asset transfers between chains.
The most challenging are cross-bridge transactions between networks like Bitcoin Lightning Network and Ethereum for they can be opaque, making it more difficult to identify and monitor. In such cases, transactions may be treated similarly to those that involve mixers or the dark web and can often be flagged by algorithms due to the lack of transparency.
Smart Contract Audits: Essential for Protecting Users of DeFi PlatformsÂ
Smart contract audits have become an essential part of safeguarding users of decentralized finance (DeFi). By screening smart contracts, investigators can detect any potential illegal activities and alert institutions to those risks.
This is particularly pertinent for hedge funds that are looking to join liquidity pools in a DeFi platform, it is much less of a concern for banks at this point, since they do not usually take part in DeFi projects. However, as banks get more involved with institutional DeFi, the need for screening at the smart contract level would become extremely crucial in the future.
VASP Risk Monitoring and Cryptocurrency Due Diligence for Financial Institution
Exchanges are classified as providers of Virtual Assets Services (VASPs). When conducting due diligence, the overall exposure of the exchange is evaluated in accordance with all of the addresses connected to the exchange. Some AML (Anti-Money Laundering) vendor platforms offer a risk-related assessment based on the country of incorporation, the Know Your Customer requirements, and the status of the financial crime programs in some cases. Unlike prior capabilities, VASP checks necessitate both on-chain and off-chain data.
The area of AML and on-chain analytics is rapidly evolving. Several platforms are striving to address some of the most complex technological problems in order to help institutions protect their clients’ assets. However, there is still much to be done in order to establish strong AML controls for digital assets.
In a Nutshell
As the field of anti-money laundering (AML) and on-chain analytics progresses, numerous platforms are being developed to find solutions for the intricate technological difficulties that institutions face when trying to secure their customers’ wealth.
And despite the remarkable progress that has been made in this area, further advancement is needed to ensure strong AML protocols are in effect for digital assets in the foreseeable future.
English