Company News

FATF Aids Industry With List of Red Flags for VASPs, Underscoring Importance of Blockchain Analysis

Last week, FATF released a document for financial regulators and enforcement agents listing several red flags in cryptocurrency transactions and service user profiles that could indicate money laundering, terrorism financing, or other financial crimes. This is an invaluable resource, not just for government stakeholders, but also for financial institutions and cryptocurrency services themselves to get a better understanding of the types of customer activity they should be flagging. We believe this will lead to more effective filing of Suspicious Activity Reports (SARs), successful prosecution of bad actors, and overall improvement in cryptocurrency compliance program effectiveness across the industry.

The document also highlights the importance of blockchain analysis and transaction monitoring technology for both government investigators and compliance professionals, as these solutions help catch many of the red flags listed. Below, we’ll highlight a few of those red flags and discuss tools and tactics for spotting them.

Red flags in cryptocurrency transactions and how blockchain analysis helps identify them

Some of the red flags FATF listed have to do with customer behaviors that aren’t captured on the blockchain, such as information they submit during the Know Your Customer (KYC) and Customer Due Diligence (CDD) processes, or trading activity taking place on a single cryptocurrency platform (i.e. trades made on a single exchange), which is recorded on exchange order books rather than the blockchain itself. Blockchain analysis isn’t useful for those detecting those red flags.

However, many of the red flags cover transactions users make with counterparty addresses not hosted by the service they’re using — for example, a customer funding an exchange with cryptocurrency from a private wallet or another exchange. Blockchain analysis can help identify red flags involving those types of transfers. Below, we lay out examples of some of those red flags and how blockchain analysis enables investigators and compliance professionals to catch them. These examples are not comprehensive and cover just a few of the many red flags FATF lists. We recommend you read the entire document to learn about all of them.

Customer accepts funds suspected as stolen, fraudulent, or associated with criminal entities such as darknet markets and ransomware schemes, or funds from risky services such as mixers that are often associated with illicit activity

The above is actually a combination of several red flags listed in the FATF document, but they all boil down to the same thing: customer exposure to cryptocurrency addresses associated with illicit activity. Blockchain analysis tools like Chainalysis Reactor allow investigators to spot these red flags by viewing the exposure of any address.

In the bottom right-hand corner of the Reactor screenshot above, for example, we see pie charts representing the sending and receiving exposure for a group of addresses controlled by a darknet market vendor known as Etiking. The data shows significant transaction volume with darknet market addresses.

For cryptocurrency businesses and financial institutions, compliance professionals can use transaction monitoring tools like Chainalysis Know Your Transaction (KYT) to get alerts whenever a customer transacts with an address associated with criminal activity or entities.

Above, we see how KYT tags transaction alerts based on the type of counterparty and level of risk it introduces.

Transferring cryptocurrency immediately to multiple cryptocurrency services, especially to services in another jurisdiction the customer has no relation to, or with weak AML/CFT requirements

Transaction monitoring tools like Chainalysis KYT are also useful for catching this red flag, as services headquartered in high-risk jurisdictions are tagged in the software and generate compliance alerts. For investigators, or even compliance professionals who need to take a deep dive into one user’s transaction history, tools like Reactor can also help spot red flags like this one, which hinge on one user making multiple transactions of a specific type within a short time frame.

We see this in the example above, in which we see an exchange customer address that has sent money to three Iran-based cryptocurrency services. From here, a Reactor user could click on “Customer exchange address” to see if that user sent cryptocurrency to these three services in a short time window, thereby meeting the criteria of the red flag.

Structuring cryptocurrency transactions (e.g. exchange or transfer) in small amounts, or in amounts under record-keeping or reporting thresholds, similar to structuring cash transactions.

Structuring, or parceling what would otherwise be a large financial transaction into a series of smaller transactions to avoid scrutiny, can be identified in cryptocurrency in a similar manner to fiat. However, there’s an important distinction between the two when making a risk-based assessment. With cryptocurrency, the threshold for structuring can be in either the native cryptocurrency amount (i.e. 1 BTC) or the native fiat currency into which the tokens will be off-ramped (i.e. $9,999 USD). Tools like Chainalysis Reactor help compliance officers identify any potential structuring activity by letting them toggle between native cryptocurrency amounts and USD fiat amounts as they track the flow of funds.

Depositing cryptocurrency at an exchange and then immediately either:

  • converting it into multiple types of cryptocurrencies, incurring additional transaction fees, without a logical business explanation OR 
  • withdrawing the cryptocurrency from the exchange immediately to a private wallet. This effectively turns the exchange into a mixer. 

Blockchain analysis can provide valuable insights in either of these red flag scenarios. To address the first example of a client converting one type of cryptocurrency into many, compliance professionals can use tools like Chainalysis Reactor and KYT to get a comprehensive view of a client’s total sending and receiving activity for all assets they use. Reactor and KYT users can also address the second example by following funds wherever they go after being moved to the private wallet, ensuring they can report and offboard the client appropriately in the event the next known destination is associated with criminal activity.

The guidance we need

We believe FATF’s list of cryptocurrency service red flags will go a long way towards standardizing how member jurisdictions track illicit activity in cryptocurrency. Furthermore, much like the Monetary Authority of Singapore’s recently released guidance for complying with new cryptocurrency regulations, FATF’s red flags list is a valuable resource for cryptocurrency businesses to use as they build out their compliance programs and designate the types of transactions that would trigger an alert for further action and documentation. We hope that FATF and other regulatory bodies continue to release similar educational resources moving forward.