The rise of Bitcoin and other cryptocurrencies poses new challenges for the fight against money laundering and terrorist financing (AML/CFT). Cryptocurrencies provide their users with the opportunity to make global payments that are beyond the control of financial regulators and security authorities. In addition, there is a growing risk that terrorist financiers may evade state surveillance and tap into new sources of funding.

Recent evidence demonstrates that terrorist groups and their supporters have become increasingly familiar with the new technology. Terrorists use it to launder money or try to find new sources of finance, as a number of recent examples of fundraising by terrorist groups illustrate. We are still at an early stage of the development of this new threat, but the technical capabilities and capacities of terrorist groups close to ISIS or Hamas, for example, are progressing rapidly. For example, there have been several reported cases of terrorist groups using automatic address-generating software for cryptocurrency wallets to call for donations. None of these new addresses, which have not yet received payments, can be found on the blockchain.

Consequently, the long-held assumption that Bitcoin may not be suitable for illegal activities due to traceability or lack of liquidity is put into question. Various technical means are available to cryptocurrency users to conceal financial flows and protect against forensic analysis of the blockchain, such as the use of anonymizing services called ‘mixers’ or ‘tumblers’. Furthermore, cryptocurrencies known as Privacy Coins allow increased technical protection and encryption of the identity of the sender and the recipient of funds.

In mid-2019, governments agreed on a joint response at the level of the Financial Action Task Force (FATF), the international standard setter in the field. The new FATF recommendations are aimed at an effective regulation of crypto exchanges, the crucial interface between the sphere of cryptocurrencies and fiat currencies. AML/CFT standards that apply to traditional financial transactions should, as far as possible, also cover blockchain financial services. Ultimately, the plan is to put an end to anonymous crypto transactions. The Wire Transfer Rule, also called the ‘Travel Rule’, requires states to take precautions to ensure that Virtual Asset Service Providers (VASPs) monitor and share customer data among themselves and with the relevant government authorities.

At present, the crypto industry is faced with the task of finding technological solutions to operationalize these new compliance standards and establish appropriate Know Your Customer (KYC), due diligence and reporting procedures.

Both governments and companies have one year to comply with the new rules. In the European Union, the adoption of the new FATF recommendations coincided with the need to implement the latest EU anti-money laundering directive (AMLD5). In Germany, new legal rules on crypto assets came into force on 1 January 2020. Crypto companies are now obliged to fulfil KYC requirements and report suspicious transactions to the German financial intelligence unit (FIU). Germany and other countries seem to be on the right track to prevent the practice of anonymous crypto transactions, which poses serious security risks. It should be noted, however, that a legal, and yet unregulated crypto payment system still exists. Additional regulation is required, in particular regarding the use of unhosted wallets.

The study makes a number of recommendations aimed at increasing the effectiveness of the agreed measures. Countries like Germany continue to face the difficult task of keeping pace with the high speed at which crypto technology is developing. It is therefore essential to increase the expertise and technical capabilities available to German regulatory authorities. The overlap of responsibilities between various German authorities in the area of AML/CFT should be reduced and ideally eliminated. The relevant functions, including prosecutorial responsibilities, expertise and capacity, should be pooled and integrated where possible.

Regulators must also pay attention to and demand more efforts from crypto companies in terms of regulatory compliance and testing of emerging industry procedures. Both sides should cooperate to find an appropriate way to comply with the new FATF rules. Finally, investigating authorities and VASPs should consult each other and develop typologies and indicators for terrorist financing methodologies and potential asset storage operations in the field of crypto transactions.

Recently, there have been first initiatives at the EU level to harmonize the entire crypto sector more effectively. Germany should actively participate in this, but in the meantime, it should not fail to catch up in the area of AML/CFT and develop its own structures and capacities with regard to cryptocurrencies without waiting for EU regulations to materialize.

© Berlin Risk Ltd. 2020