Anti-Crypto Crime: We all have the permission to learn!

    With the passage of the EUs 5th 'MLD' (Money laundering Directive) to include VASPs (Virtual Asset Service Providers) / Crypto firms to ID&V and monitor transactions in line with recording and reporting obligations. There has been a rapid need for fellow Anti Financial Crime practitioners and operating model change agents within 'FS' (Financial Service) to upskill and expand their knowledge. That goes way beyond KYC and alert handling. The evolution of NextGen Tech 'DLT' (Distributed Ledger Technology) has generated a flourish 'DeFi' (Decentralised Finance) ecosystem of Crypto / 'VA's (Virtual Assets) that has paved the way for start-up tech firms to facilitate and offer exchange and safe custody of VA's. These VASPs as a start-up industry, is gaining the traction of transaction trust from a user community, as well as many established FS's (like VISA) and many jurisdictional regulators, that now embeds Crypto within the formal financial system.

    A community of knowledge sharers


    Considering current and historical wrongdoing. The inherit risks of borderless Blockchain that in many use-cases, abuses pseudonymisation to disguise identity to circumvent AML controls when storing or transferring dirty value, that facilitates illicit harm to people the environment. The good news is 'Anti Crypto Crime' communities, organisations and technologies are now GLOBALLY popping up, responding, and flourishing by offering brilliant FREE webinars, training sessions that in-turn are Masterclasses of refined and continued academic debate. All that have incredibly esteemed panellists and participants, via forum-chat, as a rich knowledge source.

    It goes without saying, money laundering does not respect boarders, so I for one am grateful for such a global and borderless response from a group of diverse and talented thought leaders. Highlighting the ongoing challenges of the ramp up and adoption of VAs / NFTs (Non-Fungible Tokens) as a credible asset-class. As well as the technologies AKA Crypto RegTechs, that brings the much-needed confidence and integrity to the DeFi and smart contract marketplace, that again is a borderless ecosystem. That presents a new wave of jurisdictional enforcement problems, as well as operational pain points and accountability tensions that need to be ironed out and ratified , as the ecosystem evolves and compliance frameworks mature to meet sound governance expectation.

    Further, these new learnings provide opportunity to be ahead of the curve, with the understanding and application of FATF guidance and the much awaited 'Travel Rule' that is generally cascaded and put into force by sovereign states. As stipulated regulation and legislation, thus deter governmental ignorance, and prevent member states going to grey list during the 'FATF country mutual evaluation' process.

    Sanctions and ramifications of non-compliance

    As we are all too aware Crypto / VAs can sadly be misused for nefarious activities predominantly with the rise of ransomware. COVID has created a work at home culture, that has expanded the cybercriminals attack surface to exploit certain vulnerabilities. Bad actors who have held many firms siege with ransomware for a ransom. Demands of a ransom always being requested via payment of Crypto. It must be noted that the U.S authorities have taken some lead to tackle this problem. OFAC has designated numerous malicious cyber actors under its cyber-related sanctions program. With over 800 VASPs in 80 countries, it is imperative to screen against OFAC watchlist irrespective of jurisdiction.

    If there is any suspicion or evidence that bad 'cyber actors' are extorting ransomware payment may be sanctioned or otherwise have a sanctions nexus. OFAC has designated numerous nefarious cyber actors under its cyber-related sanctions program and other sanctions programs, including cyber criminals and those who facilitate ransomware transactions as a VASP. OFAC has provided clear details for contacting relevant U.S. government agencies -including DEA, FBI, FinCEN and OFAC and has highlighted sanctions risks in on the (US) website. VASP or any entity that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations, therefore putting themselves and the key principles at risk of being placed on the OFAC sanctions list. Which no law-abiding citizen would wish for.

    Plausible justification for Crypto

    Equally, legitimate rationales such as data privacy and humanitarian, like unbanked refugees who have worked hard and need to store value against oppressive regimes or those who got on the Crypto bandwagon early. As traditional and 'CeFi' (centralised finance) and DeFi converge as a trusted and traceable conduit to transfer value globally. Irrespective, if you are currently working for a FS firm that has an all-out ban on VASPs / Crypto firm onboarding. You simply cannot steer away from the complexities and nuanced affiliation that many AML practitioners will have to consider then opine, when met with a segment of Crypto when investigating both source of funds, wealth, and transaction. I very much doubt any bank will offboard Tesla or Elon Musk's interests, who publicly advocates and invests in virtual assets and coins.

    Crypto's SOW

    As this emerging breed of Crypto millionaires become HNWI (High Net Worth Individual) type, they will unequivocally have to demonstrate a credible narrative of how they derived their wealth, as they seek to diversify investment and spender (who would not!), that is SO reliant on traditional finance payment networks to procure luxury and high lifestyle living.

    As this trend accelerates, there is an imperative discipline for rigorous, verified and validated 'SOW' (source of wealth) memo's that can sufficiently prove Crypto wealth, that is not placed or integrated from cyber-criminality or any other predicated offences, as prescribed within EUs 6th MLD. But, from the good investment of the surge of Crypto value, that will need a forensic and plausible audit trail to appease competent authorities and regulators.


    illicit finance, be it proceeds of crime or good value funding wrongdoing like terrorism, unfortunately fuels adverse life changing ramifications, at worst costs lives, as well as conservation and environmental impact. As we all strive to continually improve to be vigilant and be better versions of ourselves. I could not encourage more a wider community of experts or Financial Crime experts to broaden their AML scope within VAs / Crypto. Again, these webinars are FREE and inclusive to all! That affords every AML practitioner, the permission to learn, by getting involved and participating into this evolving, comprehensive and fascinating conversation.

    My view is Crypto is not going away, and compliance is a collective zeal, therefore, should be collaborative, never competitive.

    This is a guest blog written by James Emin in association with Twenty84 and Raw Compliance.

    James Emin is a qualified AML and GDPR compliance Business Analysis and Project Manager. 15 years of experience within Financial Crime, starting as a KYC analyst through to becoming an SME, as a career contractor. Whilst supporting and running change management projects at many leading regulated institutions, was then that he realised technology would be adopting much of the human effort that drove him to be a BA, tech change agent and thought leader. Therefore, he is passionate about nuancing the complexities of illicit value, from storage to borderless transfer and how Fincrime operating models need to be resilient to meet ongoing threats and typologies by using both agile and Value Engineering methodologies to optimise resources. Ranging from Proliferation Finance, FinTech and Regtech which led him to scribe other thesis's.

    He holds an International Diploma in Business Analysis (BCS) and is AgilePM, Prince2, GDPR certified at practitioner level.

    Raw Compliance provides ​a global platform for compliance professionals, and those interested in compliance, to build a global community to develop new skills, learn from experts, collaborate, network and try new initiatives.

    Raw Compliance