Banks with crypto services require new anti-money laundering features

The new year began with the news that notable Web3 founder Kevin Rose fell victim to a phishing scam in which he lost over $1 million worth of non-fungible tokens (NFTs).

As mainstream financial institutions begin to offer services related to Web3, crypto and NFTs, they will be custodians of client funds. They must protect their clients from bad actors and identify whether the client’s assets have been obtained through illegal activities.

The crypto industry has not made it easy for anti-money laundering (AML) functions in organizations. The sector has innovative constructions such as cross-chain bridges, mixers and privacy chains, which hackers and crypto thieves can use to hide stolen assets. Very few technical tools or frameworks can help you navigate this rabbit hole.

Regulators have recently come down hard on some crypto platforms, pushing centralized exchanges to remove privacy tokens. In August 2022, Dutch police arrested Tornado Cash developer Alexey Pertsev, and they have been working to control transactions through mixers since then.

While centralized governance is considered antithetical to the Web3 ethos, the pendulum may need to swing in the other direction before reaching a balanced middle ground that protects users and does not limit innovation.

And while large institutions and banks must contend with the technological complexity of Web3 to provide digital asset services to their customers, they will only be able to provide adequate customer protection if they have a robust AML framework in place.

AML frameworks will need more capacities that banks will need to evaluate and build. These capabilities can be built in-house or achieved by partnering with third-party solutions.

A few vendors in this space are Solidus Labs, Moralis, Cipher Blade, Elliptic, Quantumstamp, TRM Labs, Crystal Chain, and Chainalysis. These firms are focused on delivering comprehensive (full-stack) AML frameworks to banks and financial institutions.

In order for these provider platforms to deliver a holistic approach to AML around digital assets, they must have multiple inputs. The supplier supplies several of these, while others are collected from the bank or institution they work with.

Data sources and inputs

Institutions need a wealth of data from various sources to effectively identify AML risks. The breadth and depth of data an institution can access will determine the effectiveness of the AML function. Some of the key inputs needed for AML and fraud detection are below.

The AML policy is often a broad definition of what a firm should look for. This is generally broken down into rules and thresholds that will help implement the policy.

An AML policy may state that all digital assets linked to a sanctioned nation-state such as North Korea must be flagged and addressed.

The policy may also state that transactions will be flagged if more than 10% of the transaction value can be traced back to a wallet address that contains the proceeds of a known theft of assets.

For example, if 1 Bitcoin (BTC) is sent to custody at a tier-1 bank, and if 0.2 BTC had its source in a wallet containing the proceeds of Mt. Gox hack, even if attempts were made to hide the source by running it through 10 or more hops before it reaches the bank, it will raise a red flag for AML to alert the bank to this potential risk.

Recent: Death in the metaverse: Web3 aims to offer new answers to old questions

AML platforms use several methods to mark wallets and identify the source of transactions. These include consulting third-party intelligence such as government lists (sanctions and other bad actors); web scraping of crypto addresses, darknet, terrorist financing websites or Facebook pages; using common spending heuristics that can identify crypto addresses controlled by the same person; and machine learning techniques such as clustering that can identify cryptocurrency addresses controlled by the same person or group.

Data collected through these techniques is the building block of the fundamental capabilities AML functions in banks and financial institutions must create to manage digital assets.

Wallet monitoring and screening

Banks must perform proactive monitoring and screening of customer wallets, where they can assess whether a wallet has interacted directly or indirectly with illegal actors such as hackers, sanctions, terrorist networks, mixers and so on.

When labels are tagged to wallets, AML rules are used to ensure that wallet screening is within risk limits.

Blockchain research

Blockchain investigation is essential to ensure that transactions occurring on the network do not involve illegal activities.

An examination is performed on blockchain transactions from the final source to the final destination. Provider platforms offer functionalities such as filtering on transaction value, number of hops or even the ability to identify on-/off-ramp transactions as part of an investigation automatically.

Platforms offer a hop chart that shows each and every hop a digital asset has taken through the network to get from the first to the newest wallet. Platforms like Elliptic can identify transactions that even originate from the dark web.

Multiasset monitoring

Monitoring risks where multiple tokens are used to launder money on the same blockchain is another critical function that AML platforms must have. Most layer 1 protocols have multiple applications that have their own tokens. Illegal transactions can occur using any of these tokens, and monitoring must be broader than just one base token.

Monitoring across chains

Cross-chain transaction monitoring has come to haunt data analysts and AML experts for some time. Aside from mixers and dark web transactions, cross-chain transactions are perhaps the most difficult problem to solve. Unlike mixers and dark web transactions, asset transfers across chains are common and a real use case that drives interoperability.

Also, wallets containing assets that jumped through mixers and the dark web can be flagged and red-flagged, as these are immediately considered yellow flags from an AML perspective. It would not be possible to simply flag a transaction across chains, as it is fundamental to interoperability.

AML initiatives around cross-chain transactions have previously been a challenge as cross-chain bridges can be opaque in the way they move assets from one blockchain to another. As a result, Elliptic has come up with a multi-layered approach to solve this problem.

The simplest scenario is when the bridge provides end-to-end cross-chain transparency for each transaction, and the AML platform can pick it up from the chains. Where such traceability is not possible due to the nature of the bridge, AML algorithms use time-value matching, where assets that left one chain and entered another are matched using the time of transfer and the value of the transfer.

The most challenging scenario is where none of these techniques can be used. For example, asset transfers to the Bitcoin Lightning Network from Ethereum can be opaque. In such cases, cross-bridge transactions can be treated like those in mixers and the dark web, and will generally be flagged by the algorithm due to the lack of transparency.

Smart contract screening

Smart contract screening is another important area for protecting decentralized finance (DeFi) users. Here, smart contracts are checked to ensure that there are no illegal activities with the smart contracts that institutions must be aware of.

This is perhaps most relevant for hedge funds that want to participate in liquidity pools in a DeFi solution. It is less important for the banks at this point, as they usually do not directly participate in DeFi activities. However, as banks become involved in institutional DeFi, smart screening at the contract level will become extremely critical.

VASP due diligence

Exchanges are classified as Virtual Assets Service Providers (VASPs). Due diligence will look at the stock exchange’s overall exposure based on all addresses linked to the stock exchange.

Some AML provider platforms provide an overview of risk based on country of incorporation, Know Your Customer requirements and, in some cases, the state of financial crime programs. Unlike previous features, VASP checks involve both on-chain and off-chain data.

Recent: Tel Aviv Stock Exchange Proposal for Crypto Trading a “Closed-Loop System”

AML and chain analysis is a rapidly developing area. Several platforms are working to solve some of the most complex technology problems that will help institutions protect their client funds. Nevertheless, this is a work in progress and much needs to be done to have robust AML controls for digital assets.