Banks with crypto services need new anti-money laundering capabilities

The new year kicked off with the news that notable Web3 entrepreneur Kevin Rose fell victim to a phishing scam that saw him lose over $1 million in nonfungible tokens (NFTs).

As mainstream financial institutions begin to offer services related to Web3, crypto and NFTs, they would be custodians of clients’ assets. They must protect their clients from bad actors and identify if client assets have been obtained through illegal activities.

The crypto industry has not made it easy for the Anti-Money Laundering (AML) functions within organizations. The industry has developed innovative constructs, such as cross-chain bridges, mixers and privacy chains, that hackers and crypto thieves can use to cover up stolen assets. Very few technical tools or frameworks can help navigate this rabbit hole.

Regulators have recently cracked down on some crypto platforms, putting pressure on centralized exchanges to remove privacy tokens. In August 2022, Dutch police arrested Tornado Cash developer Alexey Pertsev, and they have been working to monitor transactions through mixers ever since.

While centralized governance is seen as a contradiction to the Web3 ethos, perhaps the pendulum needs to swing the other way before reaching a balanced middle ground that protects users and doesn’t constrain innovation.

And while large institutions and banks must grapple with the technological complexity of Web3 to provide digital asset services to their clients, they can only provide appropriate protection to their clients if they have a robust AML framework in place.

AML frameworks require several capabilities for banks to evaluate and build. These capabilities can be built in-house or achieved by partnering with third-party solutions.

A few vendors in this space include Solidus Labs, Moralis, Cipher Blade, Elliptic, Quantumstamp, TRM Labs, Crystal Chain, and Chainalysis. These companies are focused on providing holistic (full-stack) AML frameworks to banks and financial institutions.

In order for these vendor platforms to provide a holistic approach to AML around digital assets, they need to have different inputs. The seller provides some, while others come from the bank or institution they work with.

Data sources and inputs

Institutions need a lot of data from different sources to effectively identify AML risks. The breadth and depth of data an institution has access to determines the effectiveness of its AML function. Some of the key inputs required for AML and fraud detection are listed below.

The AML policy is often a broad definition of what a company should be aware of. This is generally broken down into rules and thresholds that help implement the policy.

An AML policy could state that all digital assets associated with a sanctioned nation-state like North Korea must be flagged and addressed.

The policy could also require transactions to be flagged if more than 10% of the transaction value can be traced back to a wallet address that contains the proceeds of a known asset theft.

For example, if 1 Bitcoin (BTC) is deposited with a first-line bank and if the source of 0.2 BTC is in a wallet with the proceeds from the Mt. Gox hack, even if there were attempts to hide the source by running it 10 or more hops before reaching the bank, that would raise an AML red flag to alert the bank to this potential risk.

Recent: Death in the metaverse: Web3 aims to provide new answers to old questions

AML platforms use different methods to label wallets and identify the source of transactions. These include consulting third-party intelligence such as government lists (sanctions and other bad actors); web scraping crypto addresses, the darknet, terrorist financing websites or Facebook pages; using common spending heuristics that can identify crypto addresses controlled by the same person; and machine learning techniques such as clustering that can identify cryptocurrency addresses controlled by the same person or group.

Data collected through these techniques is the building block of the fundamental capabilities that AML functions within banks and financial services must create to deal with digital assets.

Portfolio monitoring and screening

Banks will need to carry out proactive monitoring and screening of customer wallets where they can assess whether a wallet has interacted directly or indirectly with illegal actors such as hackers, sanctions, terrorist networks, mixers and so on.

Illustration of assets in a wallet categorized and labeled. Source: elliptical

Once tags are tagged to wallets, AML rules are applied to ensure wallet screening is within risk limits.

Blockchain research

Blockchain research is critical to ensuring that transactions on the network do not involve illegal activity.

An investigation is being conducted on blockchain transactions from the final source to the final destination. Vendor platforms offer functionalities such as filtering by transaction value, number of hops or even the ability to automatically identify on-off ramp transactions as part of an investigation.

Illustration of an elliptical platform that feeds a transaction back to the dark web. Source: elliptical

Platforms provide a pictorial hop chart that shows each hop a digital asset has taken through the network to go from the first to the most recent wallet. Platforms like Elliptic can identify transactions even coming from the dark web.

Multi-asset monitoring

Monitoring risks where multiple tokens are used to launder money on the same blockchain is another critical capability that AML platforms must have. Most layer 1 protocols have different applications that have their own tokens. Illegal transactions can take place with any of these tokens, and monitoring should be broader than just one basic token.

Cross-chain monitoring

Cross-chain transaction monitoring has haunted data analysts and AML experts for some time now. Aside from mixers and dark web transactions, cross-chain transactions are perhaps the most difficult problem to solve. Unlike mixers and dark web transactions, cross-chain asset transfers are commonplace and a real use case that drives interoperability.

Wallets containing assets that have jumped through mixers and the dark web may also be tagged and red flagged as they are immediately considered amber flags from an AML perspective. It would not be possible to mark only a cross-chain transaction as this is essential for interoperability.

AML initiatives around cross-chain transactions have been challenging in the past, as cross-chain bridges can be opaque in how they move assets from one blockchain to another. As a result, Elliptic has come up with a multi-layered approach to solving this problem.

An illustration of how a cross-chain transaction between Polygon and Ethereum is identified as coming from a cryptomixer – a sanctioned entity. Source: elliptical

The simplest scenario is when the bridge provides end-to-end transparency across chains for each transaction, and the AML platform can pick that up from the chains. Where such traceability is not possible due to the nature of the bridge, AML algorithms use time-value matching, where assets that have left one chain and arrived at another are matched based on the time of transfer and the value of the Handover.

The most challenging scenario is when none of these techniques can be used. For example, asset transfers to Ethereum’s Bitcoin Lightning Network can be opaque. In such cases, cross-bridge transactions can be treated like those in mixers and the dark web, and will generally be flagged by the algorithm due to the lack of transparency.

Smart contract screening

Smart contract screening is another critical area to protect decentralized finance (DeFi) users. This is where smart contracts are monitored to ensure there is no unauthorized activity with the smart contracts that institutions should be aware of.

This is perhaps most relevant for hedge funds looking to participate in pools of liquidity in a DeFi solution. For banks, it’s less important right now, as they generally don’t participate directly in DeFi activities. However, as banks get involved in institutional DeFi, contract-level smart screening would become extremely critical.

VASP due diligence

Exchanges are classified as Virtual Assets Service Providers (VASPs). Due diligence will look at the total exposure of the exchange based on all addresses associated with the exchange.

Some AML vendor platforms provide risk exposure based on country of incorporation, Know Your Customer requirements and, in some cases, the state of financial crime programs. Unlike previous capabilities, VASP checks include both on-chain and off-chain data.

Recent: Tel Aviv Stock Exchange’s crypto trading proposal a ‘closed-loop system’

AML and on-chain analytics is a rapidly evolving space. Several platforms are working to solve some of the most complex technology issues that could help institutions protect their clients’ assets. However, this is a work in progress and much remains to be done to have robust AML controls for digital assets.