Examining the AML Risks and Red Flags of Crypto Exchanges

The cryptocurrency bitcoin has been moving at lightning speed in the financial world since its launch in 2009. The crypto exchanges are growing day by day. Even the most popular banks in the world are now welcoming to cryptoassets. The crypto exchanges also carry some money laundering risks as in other financial sectors, and institutions serving this sector have to protect themselves from these risks.


AML Risks of Crypto Exchanges

The cryptocurrency bitcoin is fairly new and popular at the same time. Crypto exchanges are rapidly becoming important in financial systems, and besides financial systems, most people have been curious and researched these markets. Unfortunately, it is a fact that criminals also appeared on crypto exchanges and took advantage of the system's shortcomings. For this reason, crypto exchanges have become an important field of criminal activity. Since crypto exchanges and cryptocurrencies are a new market, they have many system gaps and are therefore more vulnerable to money laundering risks than other financial systems. There are still serious unanswered questions about ML risks in this sector, and regulators have realized this and have recently begun to take measures for them.


The money laundering risks of cryptocurrencies are believed to be very similar to new financial products and technologies in the market. Crypto exchanges are subject to fraudulent activity, it is not clear how they operate, and uncertainty is increasing as these industries rapidly evolve. When we look at the causes of AML risks in crypto exchanges, it carries the risks brought by technology and some fraud risks, for example;


  • The anonymity of transactions made on crypto exchanges
  • Security vulnerabilities in the systems
  • Malicious software (ransomware)
  • The use of illegal goods and services to pay for terrorist finances


Crypto Exchanges AML Red Flags


As cryptocurrencies are so popular, companies serving crypto exchanges are struggling with AML risks. Due to the lack of oversight and regulation of regulators in the industry, criminals benefit greatly from this sector's gaps. In fact, this situation is such that money launderers are avoiding heavy regulations in banks by converting the money into crypto money to clear the funds they obtained from their crimes. Thus the rate of catches decreases. According to the research, the amount of money laundered through the crypto exchange in 2019 is approximately $ 2.8 billion. The majority of these numbers require knowing and understanding AML red flags for crypto exchanges. The report prepared by the Financial Action Task (FATF) in 2020 aims to help cryptocurrency wallet and exchange companies develop AML programs. The main indicators focused on in the report are as follows:


  • Technological features that increase anonymity
  • Geographical risks
  • Transaction size
  • Transaction patterns
  • Sender or recipient profiles
  • Source of funds


We will explain the definition of these indicators in detail in the rest of our article.


Technological Features That Increase Anonymity

This set of indicators takes advantage of the technology-related inherent features and vulnerabilities that underpin VAs. The following various technological features increase anonymity and add barriers to detecting criminal activity. These factors make VAs attractive to criminals who want to hide or hide their funds. However, the mere presence of these features in an activity does not automatically indicate an illegal operation.


For example, using a hardware or paper wallet can be legitimate as a way to protect VAs from theft. Again, the existence of these indicators should be evaluated in the context of other characteristics about the customer and relationship, or a sound business statement.


Geographical Risks

Money launderers exploit loopholes in AML and move their illegal funds to VASPs in jurisdictions that do not exist or have minimum AML / CFT regulations for Virtual Assets (VA) and Virtual Asset Service Providers (VASP). These jurisdictions may not have a registration regime or may not have expanded their Suspicious Transaction Reports requirements to VAs and VASPs. These regions may not have fully implemented their preventive measures as required by the FATF Standards. In high-risk jurisdictions, risks are associated with the source, destination, and transit jurisdictions of a transaction.


It also relates to the risks associated with a transaction's originator and the beneficiary of funds that may be subject to a high-risk jurisdiction. In addition, it may apply to the customer's nationality, residence, or place of business.


Transaction Size and Frequency

The size and frequency of transactions are also important red flags for crypto exchanges. For example; Structure transfers or clearing transactions at amounts below the record-keeping or reporting thresholds, similar to structuring cash transactions. Making several consecutive high-value transactions for a short period of time, such as a 24-hour period. Terrorist fighters buy weapons using crypto exchanges.


Depositing money into crypto money wallets with detected stolen funds, reducing cryptocurrency transactions to small amounts that do not exceed reporting thresholds. Instant transfer of cryptocurrency deposits to service providers of low regulated jurisdictions. Factors such as instant withdrawal of crypto money deposits that do not have transaction activity can be displayed as red flag indicators.


Transaction Patterns

Another factor shown as a red flag in crypto exchanges is transaction patterns. Some of the red flags mentioned here are Multiple transactions without a commercial explanation, cryptocurrency accounts that do not match the customer profile, frequent large-value crypto transfers from many people to one account within a specified period, small transactions from unrelated accounts drawn for fiat currencies.


The Sender or Recipient Profiles

Some movements of senders and receivers in crypto exchanges are red flags for money laundering. For this reason, the movements of shipments and buyers should be understood in crypto exchanges, and measures should be taken where necessary. Examples of these red flags are Users who frequently try to open an account using the same IP address in order to overcome the limits existing in the crypto exchange. Transactions originating from untrusted addresses or high-risk jurisdictions.


Users who do not accept KYC procedures and information that should be done in exchanges. Inconsistencies in the customers' account IP addresses, the frequent change of personal IP, e-mail, and personal information of the customers. If the same person tries to process with different IPs on the same day, these factors are defined as an indicator of the red flag.


Source of Funds

In crypto exchanges, the source of cryptocurrency funds may be tied to illegal activities. There are some red-flag indicators to recognize this, for example, Funds from platforms with insufficient AML / CFT controls. A single cryptocurrency wallet is tied to multiple bank/credit cards used to withdraw large amounts of money. Higher deposits than normal deposits into cryptocurrency wallets are also withdrawn as fiat currency immediately after this transaction. Customers are not transparent about the source of investor funds. 


In the meantime, you can review our Case Study for Crypto exchanges: AML Compliance For Crypto Exchanges - Case Study.


“Sanction Scanner provided professional solutions that accelerated our compliance processes with the regulations of the regulatory authorities in the gambling industry, while also providing fast solutions, fair price, and safety for our company.”

Carl Henriksson / Ceo at Loistokasino


Regulators Crypto Exchanges' Response to Existing AML Risks


Regulators are aware of the ML risks in crypto exchanges, and as this industry develops, regulators increase their regulations. Financial Action Task Force (FATF) is another institution working for this. FATF member states should implement the relevant measures under the FATF Recommendations by virtual asset service providers (VASP). Countries must identify, assess, and understand the risks of money laundering and terrorist financing arising from VASP activities or operations. All VASPs must be subject to licensing and registration, even if they are natural persons. Authorities must take the necessary regulatory measures to prevent ML offenses in the VASP.


Countries should take action and apply all necessary sanctions to identify natural or legal persons carrying out VASP activities. A country should not implement a separate license or registration system for natural or legal persons already authorized or registered as financial institutions in that country. VASP should be supervised and monitored by a competent authority. These audits should be carried out with risk-based monitoring. Countries should ensure that the original VASP subscriber obtains and stores the necessary information for their CDD and that this information is made available to the competent authorities.


Organizations serving crypto exchanges are required to fulfill their AML and KYC obligations during the customer onboarding process. With our Sanction Scanner AML Screening Software, crypto exchanges can scan their customers for sanctions, PEP, and Adverse media data of more than two hundred countries. You can request a demo for detailed information. Please don't hesitate to contact us.  


                     Let's Fight Together With Financial Crime



Previous Post
Financial Crime Risks of Trade
Next Post
New Normal For KYC Compliance