AML & Compliance - Crypto KYC and Transaction Monitoring in the Real World

crypto-kyc

Table of Contents

A licensed financial institution is obliged to maintain oversight on the transactional activity of its users. This is fundamentally one of the core tenets of being licensed. The government body whose job it is to supervise a financial institution is practically in simpler terms allowing the licensee to build products around the system of “money” after thoroughly evaluating what the business will do and how it will ensure that access to moving money is not misused or illicitly used.

With great power comes great responsibility, which is why the barrier to entry to “money” systems of “Financial Technology” is non-negligible as being a regulated business carries massive personal, reputational, professional and ethical risks.

In today’s financial systems, we have not only fiat money systems (i.e. the banking system that is responsible for moving Euros and USD), but also crypto money systems (i.e. blockchain networks where currencies such as Bitcoin are the denomination of value).

A company like ours, Striga, operates at the intersection of these two money systems, obligating us to be able to confidently at any given time demonstrate that we have sufficiently conducted due diligence on every transaction moving through our systems. This means that our regulator, the Financial Intelligence Unit of Estonia has the right to show up on our doorstep at any time to request information about any particular transaction that we have processed and inspect the chain of due diligence conducted on that particular transaction.

Thankfully, for KYC verification crypto companies have sufficient guidelines on what is expected of obligated entities in exercising this due diligence which includes but is not limited to – Blockchain transaction analytics, frequency/velocity based transaction pattern analytics, overall/inbound/outbound limit analytics, source of fund checks, user financial profile analysis etc.

With thousands of transactions moving through the platform each day (sometimes in less than an hour!), it is infeasible to review each transaction manually and the user associated with that transaction manually and automation for a transaction monitoring system is a severely daunting task.

We built ours from the ground up before tools like Flagright existed to help with transaction monitoring and if you’re reading this as a regulated institution we would recommend buying vs. building due to the sheer complexity of the software and ongoing maintenance needed to stay compliant.

Day To Day Crypto KYC And Transaction Monitoring

At Striga, our crypto KYC and AML duties span a wide range of checks but for the purpose of this article, limited to transaction monitoring as a crypto banking firm, the following are the bare minimum must-haves to begin building a compliance program –

Blockchain based transaction monitoring

Unlike fiat money, crypto currencies operate on a publicly available, distributed ledger, meaning all transactional data is free and open for all to ingest.

However, due to the semi-anonymized nature of this data, when money moves in or out of the Striga ecosystem, external third parties that claim to have de-anonymized a majority of public ledger data help perform checks and stop or disallow transactions where needed.

Some notable companies in this space include Chainalysis, Scorechain, Elliptic, Crystal and TRM Labs. Each provider has various pros/cons but can majorly aid the effort in combating money laundering and terrorist financing.

Fiat transaction monitoring

This category can be broken down into two separate classes of common transactions that occur within the traditional financial system. Namely those that happen between banks and those that businesses and/or individuals make via payment schemes such as Visa/MasterCard.

  1. Bank transactions
  2. Payment card transactions

User monitoring

User monitoring is the process of attempting to place consumers or businesses (i.e. those to whom your platform is providing services to), into a bucket of likeliness to do something illicit. This can of course be challenged in numerous ways but individually profiling every single user is simply infeasible and hence a general framework of categorizing and monitoring users is often adopted, as required by law.

This begins with the “KYC” or Know your Customer step where the user is firstly verified to be a real person, a person that is not coerced by a third party to open an account and is a legitimate citizen of whatever country they are from. The law clearly lays out guidelines for the steps to be taken in this process. After the KYC step, the following steps are key consideration towards a robust monitoring system –

Risk Profiling

Each customer within the platform is assigned a risk profile during onboarding. This profile is determined based on factors such as geographic location, occupation, transaction history, and the source of funds.

A high-risk profile may belong to a customer operating in a sanctioned region or engaging in high-value transactions with little clarity about the origin of funds. Risk profiling helps ensure that the due diligence applied to each user is proportional to the risks they present.

Transaction Velocity Monitoring

Monitoring the velocity, or the speed at which transactions occur, is crucial. If a customer begins making high-frequency transactions that deviate from their normal behavior, it may signal suspicious activity.

A user sending multiple high-value transactions in quick succession could be attempting to launder money or evade detection, and such anomalies would trigger a closer review or possibly freeze the account for investigation.

  1. Source of Funds – Understanding where the money is coming from is one of the most critical aspects of user monitoring.

    This is particularly important in crypto transactions, where the decentralized nature of the system allows users to transfer funds without the need for intermediaries like banks. Striga and similar institutions are responsible for validating the source of these funds to prevent illicit actors from leveraging the platform for money laundering or terrorist financing.

  2. Continuous KYC (Know Your Customer) – While customer due diligence is often thought of as an onboarding activity, continuous KYC is essential for maintaining compliance. This means continuously updating customer information, revalidating documents, and ensuring that any changes in the user’s circumstances are reflected in their profile.

    For example, if a user originally had a low-risk profile but later moves to a country with a high risk of money laundering, their risk score should be adjusted accordingly.

  3. Sanctions Screening – Sanctions screening involves checking whether any users or their transaction counterparts are on international watchlists or sanctions lists.

    This process must be automated to ensure real-time compliance with regulatory requirements, especially as users send and receive funds across borders. Any match to a sanctioned entity would require immediate action, often resulting in the freezing of funds and notification to the relevant regulatory body.

In-house Crypto KYC and AML only with Striga

Transaction monitoring in practice is a truly daunting task that requires the involvement of various teams and especially in today’s world, a strong engineering function.

Building a robust system can make or break a business and with the growing advancements in artificial intelligence, illicit money finds new ways to break existing systems, meaning a continuous process of reviewing and upgrading is essential. Becoming a regulated entity and taking on this obligation is therefore a double edged sword – Get it right and potential riches await, get it wrong and potential jail time awaits.

Throughout the course of building Striga, we’ve fortunately focused on compliance first before any business metrics, ensuring profit sustainability to support our long term vision. Stay proactive, not reactive.

Striga Crypto-native Banking as a Service:

Your path to building and launching financial products

Join the financial businesses that use Striga’s cloud platform to delight their customers and launch their own products without the complexities that come when dealing with core banking solutions’ relationships, licensing, compliance and payments methods.

FR
Quitter la version mobile