Tom Hall on LinkedIn: R Virtual Assets Service Providers National Risk Assessment Update May… (2024)

How can countries understand their money laundering (ML) and terrorist financing (TF) risk exposure to virtual asset (VA) related activities within their jurisdiction?According to the Financial Action Task Force (FATF)'s last implementation update from June 2023, countries are very behind in their compliance with Recommendation 15 on New Technologies that sets out how AML/CFT standards are to be applied to VA related activities, and have largely failed to properly manage or mitigate ML/TF risks across the crypto sector.⛔️78% of the 98 countries assessed in the Update were noncompliant with R15.3. While there has been plenty of discussion and pressure placed on countries to comply with the Travel Rule (the requirement for originator and beneficiary information to be exchanged between VASPs), not enough noise is being made about the need for countries to understand the VA activities happening within their jurisdictions and their potential impact. If countries are not adequately identifying and assessing ML/TF risks associated with VA-related activities, how effective are their regulatory frameworks? A risk-based assessment is the first step countries need to take in order to be able to develop adequate and effective regulatory regimes. A strong Risk Assessment should:1️⃣demonstrate an understanding of the VA-related activities occurring within the country.2️⃣show data on VA-related activities, suspicious activity reports, enforcement actions, etc.3️⃣identify potential ML/TF risks.4️⃣assess or evaluate the identified risks based on their likelihood and potential impact.5️⃣establish a comprehensive jurisdictional strategy to manage and mitigate identified risks, which includes a mitigation plan and the allocation of resources to areas of higher risk.Most countries find it difficult to get past steps 1 and 2 as their biggest challenge is to identify, understand and collect data on VA-related activities.Countries are challenged with:✳️a lack of informationand quantitative data due to the fact that crypto isanew industry,✳️a lack of expertiseand knowledge from risk assessors, and✳️the cross-border natureof crypto activitiesandthe difficulty of identifying whichinternational playersfall within the scope of each jurisdiction.To assist countries with this challenge,VASPnethas developedVASPindex,aspecific tool that helps identify VA activity. Powered by machine learning and AI-driven analytics, VASPindex leverages various data sources to assess risk factors and generate probability scores that service providers offer VA services.Learn more👉https://bit.ly/3szCPE1 XReg Consulting#cryptoregulation #FATF #VASPs #riskassessments #cryptocompliance #NRA

31

The Financial Action Task Force (FATF) sets global standards for combating money laundering, terrorist financing, and the illicit use of virtual assets. On March 28, 2024, it published a report on efforts toward implementing Recommendation 15 (R.15) by FATF members and jurisdictions with significant Virtual Asset Service Provider (VASP) activity. Key takeaways: 🌎 Table: In the report, the FATF assesses each jurisdiction’s risks associated with virtual assets and VASPs, documenting whether there are regulations on VASP registration/licensing and AML/CFT compliance, enforcement actions and supervisory measures taken against VASPs, and implementation of the Travel Rule for VASPs. ☑️ Rating: Based on these indicators, the FATF provides its R.15 compliance rating for each jurisdiction (C=compliant, LC = largely compliant, PC = partially compliant, or NC = non-compliant), which is meant to serve as tools for jurisdictions to gauge their own progress and areas needing improvement📋 Guidance: Jurisdictions are encouraged to assess and address the risks associated with virtual asset transfers, especially with those that have not regulated or banned VASPs. They should also consider classifying VASPs from areas lacking effective licensing or registration as higher risk, based on their own AML/CFT risk assessments.🔒 Challenge: According to the report, while strides have been made, uneven implementation of R.15 underscores the necessity for increased diligence and cooperation to mitigate risks and enhance global financial security.📢 Call to Action: In their press release, the FATF urged jurisdictions and the private sector to reference this table to bolster their regulatory and supervisory frameworks, stressing that achieving comprehensive compliance with R. 15 is crucial for safeguarding the integrity of the global financial system.The press release and report are linked in the first comment. #FATF #VirtualAssets #Compliance #AML #CFT #cryptoregulation #CryptoCompliance #TravelRule

7

1 Comment

Joint announcement from the Isle of Man FSA and GSC - the regulators are jointly rolling out a new data collection and risk assessment tool in support of AML/CFT supervision of regulated businesses on island. The press release details that "STRIX AML" has been developed in line with FATF recommendations and will "enable supervisors to gain a deeper understanding of AML/CFT risk, and to focus their resources on the firms and sectors that pose the biggest threats".The benefits for industry include making "it easier for firms to provide the required data through a dedicated online portal."Anything that brings some efficiencies to submitting data is welcome in my book! I'm looking forward to seeing what STRIX AML can do!#isleofman #mlro #regulation #technologyCheck out the press release here:

24

🔎 Breaking Study: Financial Crime Compliance Costs Soar to $61B in U.S. & Canada! 🔎LexisNexis® Risk Solutions unveils its latest findings in the "True Cost of Financial Crime Compliance Study" for the U.S. and Canada, revealing a staggering $61 billion annual cost to financial institutions. With 99% of them witnessing a rise in compliance costs, the study conducted by Forrester Consulting underscores a critical industry pivot towards cost efficiency while maintaining regulatory integrity. 💼📈Snapshot:99% see compliance costs rise, striving for cost reduction with 70% prioritizing cuts within the next year.Technology & Labor Costs: The main drivers, especially in compliance and KYC software enhancements.Emerging Threats: Cryptocurrencies and AI technologies are the new frontier for financial crimes.The study stresses the urgent need for a balanced approach between customer experience and compliance, the adoption of new technologies to combat financial crime, and the strategic management of costs through efficient compliance tools and partnerships. 🛠️💡Matt Michaud, Global Head of Financial Crime Compliance at LexisNexis Risk Solutions, emphasizes the critical role of in-house compliance teams and the necessity of leveraging advanced technologies and analytics to stay ahead of cybercriminals' evolving tactics. 🚨🔒#FinancialCrimeCompliance #USandCanada #LexisNexis #ComplianceCosts #CyberSecurity #Cryptocurrency #AI https://lnkd.in/dBzbyBQF

5

Transaction Monitoring: Safeguarding Financial Integrity 🔍Transaction monitoring is a critical process employed to detect and prevent illicit activities such as money laundering, terrorist financing, and fraud.Transaction monitoring involves the continuous surveillance of transactions to identify suspicious activities that may indicate potential risks or violations of regulations. By analyzing patterns, trends, and anomalies in transaction data, institutions can pinpoint unusual behavior and take appropriate action to mitigate risks and ensure compliance.Why is Transaction Monitoring Important?*Compliance: Financial institutions are obligated to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) regulations. Transaction monitoring helps institutions fulfill their regulatory obligations by identifying and reporting suspicious activities to relevant authorities.*Risk Management: Effective transaction monitoring enhances risk management practices by identifying and mitigating potential threats to the institution's financial integrity. By detecting and addressing risks proactively, institutions can safeguard their reputation and protect stakeholders' interests.*Fraud Detection: Transaction monitoring plays a crucial role in detecting and preventing fraudulent activities, such as identity theft, payment card fraud, and account takeover. By identifying suspicious transactions in real-time, institutions can prevent financial losses and protect customers from fraud.*Enhanced Security: Transaction monitoring contributes to the overall security posture of financial institutions by providing insights into emerging threats and vulnerabilities. By leveraging advanced analytics and technology, institutions can strengthen their defense mechanisms and stay ahead of evolving risks.Transaction monitoring involves the automated analysis of vast amounts of transaction data using sophisticated algorithms and machine learning techniques. By applying predefined rules and scenarios, institutions can identify suspicious activities based on predefined parameters such as transaction amount, frequency, and counterparties. Transaction monitoring is an indispensable tool for safeguarding financial integrity, ensuring regulatory compliance, and combating financial crime. By understanding the principles and practices of transaction monitoring, financial institutions can mitigate risks, protect stakeholders, and uphold the integrity of the global financial system.#TransactionMonitoring #AML #FinancialIntegrity #Compliance #FraudDetection #RiskManagement

13

🗃️ 𝗘𝘂𝗥𝗲𝗖𝗔 is the EBA's Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) database. Its legal basis is Article 9a(1) and (3) of the EBA Regulation. 🚨 EuReCA contains information on "material weaknesses", i.e. serious deficiencies in the policies, procedures and governance arrangements of individual financial institutions that make them vulnerable to money laundering and terrorist financing (ML/TF). It also contains information on the measures that supervisors have imposed on these institutions to address these deficiencies. 🔒 The EBA has been working on a revised version of the Data Protection Impact Assessment (DPIA) on EuReCA. Here are some of the key points described in the document:𝘿𝙖𝙩𝙖 𝙘𝙤𝙡𝙡𝙚𝙘𝙩𝙞𝙤𝙣 𝙖𝙣𝙙 𝙨𝙝𝙖𝙧𝙞𝙣𝙜: Users submit and request information based on their assigned reporting authority, such as AML/CFT authorities, supervisors including the European Central Bank (ECB) and the Single Resolution Board.Security safeguards: Security measures are in place to prevent data corruption and ensure secure data transmission during the various stages of collection and sharing.𝘿𝙖𝙩𝙖 𝙘𝙤𝙡𝙡𝙚𝙘𝙩𝙞𝙤𝙣 𝙞𝙣𝙩𝙚𝙧𝙛𝙖𝙘𝙚: The data collection interface is used by designated contacts in each reporting authority. It has a predefined structure with specific fields for users to enter data. The interface is manually operated by the users.𝙄𝙏 𝙙𝙤𝙘𝙪𝙢𝙚𝙣𝙩 𝙖𝙣𝙙 𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙥𝙤𝙡𝙞𝙘𝙮: The process includes an IT document called "DPIA Controls vs. Requirements" and the EBA Security Policy, which should be read in conjunction with the applicable Information Security Framework.𝘿𝙖𝙩𝙖 𝙋𝙧𝙤𝙩𝙚𝙘𝙩𝙞𝙤𝙣 𝙄𝙢𝙥𝙖𝙘𝙩 𝘼𝙨𝙨𝙚𝙨𝙨𝙢𝙚𝙣𝙩 (𝘿𝙋𝙄𝘼): The DPIA is a process to identify and assess the risks of a project or system, in particular with regard to privacy and personal data protection. This summary is part of this assessment for the mentioned central database.⚠️ According to EBA, “EuReCA will act as an early warning tool, which will help competent authorities to act before ML/TF risk crystallise”.

2

The U.S. Department of the Treasury just published their 2024 National Money Laundering Risk Assessment: https://lnkd.in/gNdtAmBYHere are the highlights from the section on Virtual Assets.---With my opinions 😎 1. Virtual Asset Service Providers (VASPs) operating in the US are failing to implement and maintain sufficient AML/CFT controls consistent with the BSA guidelines. ---This could be resolved by the BSA enforcement agencies directly communicating their requirements to VASPs, including changes in the law or regulations. A simple government-produced compliance playbook would solve these issues. ---VASPs must prioritize hiring competent employees to build and operate compliance departments.2. Inconsistent international AML/CFT obligations for VASPs with only a partial presence in the US and/or offshore employees.---These VASPs tend not to comply with the US due to complications in supervision structure and unclear jurisdictional enforcement. ---Moving forward, VASPs operating in the US in any capacity must fully comply to US guidelines or they risk shut down of US operations and/or a law suit -- Binance is a prominent example of this. 3. Obfuscation tools such as anonymity-enhancing cryptocurrencies (AECs) and mixers make it close to impossible to trace transactions.---AECs and mixers are designed to enhance privacy since blockchain addresses are public and pseudonymous. As with any open technology, privacy tools can be used by well-intentioned people and illicit actors.---A conversion from crypto to fiat in the future would reveal the post-mixing origins of the funds and require IRS transparency reporting. ---VASPs will no longer support AECs (like Monero) and may not accept the transfer of mixed assets to their platform. Some VASPs already disallow mixed assets depending on how recently they were mixed. 4. Disintermediation via the transferring of assets from VASPs to unhosted (self-custodial) wallets. ---A fundamental concept of cryptoassets is to take ownership of your assets. This is akin towithdrawing cash at an ATM and placing cash in your wallet, or any location you choose. Self-custody will likely not be infringed on due to property rights in the US.---VASPs can easily trace the transactions sent out of their platform using blockchain analytics tools. These reports are, or will be, shared with enforcement agencies. 5. DeFi (decentralized finance) services qualifying as MSBs often do not comply with BSA requirements. ---DeFi platforms and Decentralized exchanges (DEXs) run solely on code and do not utilize any centralized AML/CFT tools. While this is not ideal, it opens an enormous opportunity for a robust zero-knowledge AML solution. ---DEXs only allow the exchange between cryptoassets and not the conversion into fiat currency, meaning there is less risk for the government's issued currency.

6

In 2019, the Financial Action Task Force (FATF) extended its AML and CFT measures to virtual assets and virtual asset service providers to prevent misuse by criminals or terrorists. Last week, the FATF produced a report examining the implementation of these standards. The report found that jurisdictions struggle to implement simple requirements such as conducting risk assessments, enacting legislation and supervisory inspections. Of the 151 jurisdictions surveyed, more than half have not taken any steps to implement the travel rule, leaving loopholes for criminals to exploit. In response, firms must ensure they have the proper screening and compliance technologies in place to combat wider market risks. Read more on the news, here: https://bit.ly/44s3YGb #Compliance #FinancialServices #Fintech #FinancialCrime

22

🧵 Key Points from CBUAE Report on Risks Related to Virtual Assets and Virtual Asset Providers 🚀🔒 The Central Bank of the United Arab Emirates released a comprehensive guidance report for Licensed Financial Institutions (LFIs) on risks associated withLicensed Financial Institutions are encouraged to thoroughly assess risks associated with virtual assets, including money laundering, illegal financing, fraud, operational risks, and reputational risks.The report emphasizes implementing robust risk management frameworks, including effective governance, policies, procedures, and controls specific to virtual assets.Institutions are advised to perform comprehensive due diligence on virtual asset providers (VAPs) before establishing relationships. It includes evaluating compliance with AML/CFT regulations, security measures, financial soundness, and adherence to consumer protection standards.The report highlights the significance of ongoing monitoring of VAPs to ensure their continued compliance with regulatory requirements and the detection of any suspicious activities or risks.Customer awareness and education are crucial. Institutions should provide clear information to customers about the risks associated with virtual assets, including potential losses, volatility, and lack of regulatory protections.Reporting obligations are stressed upon. Licensed Financial Institutions should establish robust processes for reporting suspicious transactions related to virtual assets in line with AML/CFT regulations and local regulatory authorities' requirements.Cybersecurity and information security measures are critical. LFIs should implement strong controls to protect customer data, secure virtual assets, and guard against unauthorized access or fraudulent activities.The report concludes by urging institutions to maintain an adaptable approach, keep up with technological advancements, and regularly update their risk management practices to address emerging risks.🔒💡 Central Bank's guidance provides a valuable framework for Licensed Financial Institutions (LFIs) operating in the UAE, promoting responsible participation in the virtual asset ecosystem. The full document: https://lnkd.in/dekc9ARg

2

💰 Money Laundering and Terrorist Financing Risks in the World of Virtual Assets 🕵️♂️🌍Money laundering and terrorist financing risks in the world of virtual assets are a complex and evolving challenge. Moneyval members are at various stages in implementing Recommendation 15, with many requiring major or moderate improvements. The level of progress varies among countries.📊When it comes to the risk assessment of virtual assets (VAs) and Virtual Asset Service Providers (VASPs), it often starts with creating an inventory of registered entities in the jurisdiction. However, accurately determining the materiality of the sector is a challenge faced by members.🌐Different entities in the virtual asset sector pose varying levels of risk. Factors such as the nature of their products, services, customer base, geographical reach, business models, and the strength of their compliance programs all influence the level of risk they present. In more advanced jurisdictions, the risk analysis also takes into account the results of supervisory actions.💻The use of technology in identifying and assessing risks in this sector is considered a good practice. Some countries have invested in blockchain risk evaluation tools and provided training to supervisors in blockchain analysis to better understand and mitigate risks.🔒Licensing, registration, and regulation of VASPs remain challenging. This is mainly due to the capacity of the designated supervisor to fully comprehend the risks and unique aspects of the sector. Distinguishing between registration and regulation is essential, as some less reputable firms may use registration as a sign of legitimacy, and customers may not grasp the difference between the two.💼MONEYVAL members report difficulties in detecting unlicensed or unregistered VASPs in practice. When it comes to supervising the VASP sector, most members are still in the early stages of implementation. Not all supervisors have the necessary resources in terms of staffing and knowledge, and the risk-based approach is rarely tailored to sector-specific assessments.

39

2 Comments