Why Cryptocurrency Companies are Filing more SARs than Ever
January 9, 2020
Recently, Ken Blanco, the director of the Financial Crimes Enforcement Network (FinCEN) announced that Cryptocurrency companies have filed 7,000 Suspicious Activity Reports (SARs) since May. This is amazing when you consider that since 2013 cryptocurrency firms have filed only 11,000 SARs. This means 63% of SARs have been filed in the last 7 months. Why do crypto companies need to file SARs at all? Some background: In March 2013, FinCEN released guidance on the subject of Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies. This guidance stated that users of cryptocurrency were not money service businesses (MSBs), but administrators and exchangers were. In addition, it said “Accepting and transmitting anything of value that substitutes for currency makes a person a money transmitter under the regulations implementing the BSA,” meaning whether it was virtual currency for fiat or virtual currency for virtual currency, it made no difference, both were considered MSBs. What this means is that every cryptocurrency exchange was a Money Service Business and was going to be regulated as such, including having AML policies and procedures and filing suspicious activity reports to FinCEN to report potentially suspicious behavior. This guidance is pertinent to any exchange or administrator that has
- Locations in the United States
- Customers in the United States
- Offices in the United States
So, why the SARs now? Is there more volume now? No, volume is actually down considerably. IdentityMind works with over 50 exchanges worldwide including some of the largest such as Binance and Bittrex. What we have seen instead is a maturation of entities in the space including:
- Compliance Teams: Companies are hiring experienced anti-money laundering (AML) personnel who also have experience with cryptocurrency, something not available until recently.
- Examiners: We’re now seeing annual examinations done by teams who have audited cryptocurrency firms in the past
- Regulators: Virtual currency isn’t brand, brand new any longer, and regulators are now used to cryptocurrency, exchanges, and how to examine them. They no longer need a primer on what bitcoin is, what an address is, etc…
These groups are actively doing everything they can, and working in conjunction, to prevent bad actors from operating in the space. Technically, cryptocurrency exchanges should report when there’s both potentially suspicious behavior with a cumulative dollar amount above $2,000. In reality, exchanges go above and beyond, reporting potentially suspicious behavior even when the dollar amount doesn’t cross the necessary threshold. Why? Because from what we’ve seen from our clients, their regulators ask them to. Virtual currency has a high potential risk of suspicious activity and they’ve been asked to provide SARs, even if the dollar amount threshold wasn’t met, if they detect suspicious behavior. Speaking with our clients, here are some areas where suspicious activity reports (SARs) are filed:
1. Placement, Layering, & Structuring
The common tropes of potential money laundering
- Too much money (digital or fiat) coming into an address or group of addresses in a short amount of time
- Too much money (digital or fiat) going out of an address or group of addresses in a short amount of time
- Too much money (digital or fiat) going back and forth between an address or group of addresses in a short amount of time
- Change in customer behavior over time
2. Virtual Currency Risk Assessment
Blockchain explorer tools are becoming more proficient and can provide information of customers interacting with, either directly or with 2 or 3 hops
- Dark Markets: Marketplaces where customers can purchase illicit goods and services
- Gambling sites: Unregulated online gambling
- Ponzi schemes: Proceeds of known ponzi schemes such as OneCoin, Plus Token
- Sanctioned addresses: Not just OFAC sanctioned addresses, but addresses connected to them, either sending funds in or receiving funds from
Click here to see IdentityMind’s Virtual Currency Risk Assessment Solution
3. Entity Link Analysis: Digital Identity Risk
IdentityMind’s unique and patented electronic DNA (eDNA) technology alerts our clients to customers that exhibit links that may be considered suspicious. In its simplest form, eDNA may uncover relations to customers that have been blacklisted or offboarded by your risk and compliance operations teams. Based on supervised machine learning scoring it can also unveil complex and hidden relationships and money movement to networks of clients that may be related to nefarious activities such as identity theft rings, mules, etc — relationships that otherwise may go unnoticed.
- Shared attributes with blacklisted or offboarded customers
- Shared attributes across potential and existing customers
- Hidden relationships to networks of nefarious users
- Identify and prevent account origination fraud / account takeovers
Click here to watch a demo of our Identity Graph and how it provides a more accurate view of users and transactions, enabling better business decisions
IdentityMind’s robust transaction monitoring platform alerts clients to the potentially suspicious behavior listed above. In addition, it automatically pre-populates the suspicious activity reports and has push-button filing to FinCEN, something the OCC recently approved. Going forward, FinCEN will expect this number of suspicious activity reports to continue. To start filing less would bring suspicion to the financial institution of what changed. As a Financial Institution, it’s critical to have an automated transaction monitoring platform that enables easy alerting of potentially suspicious behavior, case management to quickly review alerts, and SAR filing to notify FinCEN of potentially suspicious behavior.
