CipherTrace Q3 2019 Cryptocurrency Anti-Money Laundering Report: Two-Thirds of the Top 120 Cryptocurrency Exchanges Have Weak KYC
Trend or Anomaly? Lowest Quarterly Crypto Asset Thefts and Scams in Two Years
CipherTrace, the leading cryptocurrency and blockchain intelligence firm, released its Q3 2019 Cryptocurrency Anti-Money Laundering (AML) Report. Highlights of the report address cryptocurrency regulation, nefarious actors within the ecosystem, impending legislation, international trends and prevailing sentiments. Of particular note, CipherTrace conducted a first-ever comprehensive investigation of cryptocurrency exchange Know Your Customer (KYC) procedures and found that two-thirds (roughly 65 percent) of the top 120 exchanges lack strong KYC policies.
“has been conducting examinations that include compliance with the funds’ Travel Rule since 2014.”
On June 21, 2019, the Financial Action Task Force (FATF), an intergovernmental organization that standardizes global legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats, released “Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers.” In this Q3 Crypto AML Report, CipherTrace reveals that, with only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of exchanges are not equipped to handle basic KYC, let alone comply with the stringent new funds “Travel Rule” included in the updated FATF guidance.
The research results revealed that the lion’s share—more than two-thirds—of exchanges do not have good KYC. The breakdown of the ratings shown in Figure 1 are as follows:
- Weak – These exchanges allowed CipherTrace researchers to withdraw at least .25 BTC daily with very little to no KYC.
- Porous – These exchanges require some sort of ID verification process.
- Good – These exchanges require a very strenuous KYC process, which takes several steps to complete before the researchers were able to make a deposit or withdrawal. They not only require the ID process but also proof of address. Some require a phone call or video chat to complete the KYC process.
The FATF funds Travel Rule requires VASPs to securely transmit (and store) sender and receiver personally identifiable information (PII) with any cryptocurrency transaction valued at or exceeding USD/EUR 1,000. Consequently, stringent KYC is necessary to meet the Travel Rule’s base requirements.
Nations that fail to enforce FATF guidelines are often subject to political ostracization, financial sanctions, and are added to a FATF blacklist, which documents countries that it judges “to be non-cooperative in the global fight against money laundering and terrorist financing.” The U.S. has maintained a similar Travel Rule through the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) since 1996. Recently, Kenneth Blanco, FinCEN Director, explained that his organization “has been conducting examinations that include compliance with the funds’ Travel Rule since 2014.”
“(The Travel Rule) is the most commonly cited violation with regard to money service businesses engaged in virtual currencies,” said Blanco.
The Travel Rule has proven particularly problematic for ‘privacy coins,’ whose primary use case, to obfuscate money transmitter data, seemingly contrasts with the information sharing required for compliance. In expectation of regulatory crackdown, many exchanges have pre-emptively removed privacy coin listings. However, 32 percent of exchanges, including those determined to have weak or porous KYC, still have privacy coins listed.
In its report, CipherTrace explains how exchanges and cryptocurrency developers have grappled with the privacy dilemma. Although the report does punctuate a concern for privacy coins that have no compliance strategy, CipherTrace affirms that recent reports of the death of privacy coins have been greatly exaggerated. In fact, many of the top privacy coin developers have already released statements (outlined in the report) on how they could comply with the Travel Rule.
Other Trends Involving Virtual Assets
Outside of the significant KYC research findings and the Travel Rule, the CipherTrace Q3 CAML report discusses this quarter’s top stories related to cryptocurrency crime. After two years of large, high-profile exchange hacks and exit scams, there has been a significant reduction in cryptocurrency crime. Still, even with the lowest quarterly cryptocurrency thefts and scams in two years, 2019 still experienced a massive spate of crypto crimes—more than $4.4 billion to date.
While CipherTrace has no hard data to explain the Q3 dropoff —except for potentially the anomalous nature of the QuadrigaCX and PlusToken frauds skewing the numbers in previous quarters—one possible explanation is that government regulation of the industry is having a positive impact. CipherTrace had previously speculated that the shift from outright thefts to exit scams and other frauds perpetrated by insiders indicated that crypto exchanges had begun to adequately invest in hardening their IT infrastructures. This is because criminals, as they are wont to do, follow the path of least resistance.
CipherTrace cites maturing and sophisticated terrorist and criminal syndicates as partially responsible for the global regulatory clamp-down on cryptocurrency. Terrorists, other criminal organizations and their supporters and sympathizers are constantly looking for new ways to raise and transfer funds without detection or tracking by law enforcement. As regulators continue to stifle resources for criminal cryptocurrency use, terrorists are using more sophisticated methods to secure funding and launder money for operations and attacks.