The year 2020 witnessed the introduction of new rules and regulations by the United Kingdom for virtual asset service providers. For the first time, a Bitcoin “Mixer” was Penalized by the United States Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) for Violating Anti-Money Laundering Laws. FinCEN had assessed a $60 million fine against Larry Dean Harmon, the founder, administrator, and chief operator of Helix and Coin Ninja, convertible virtual currency “mixers,” or “tumblers,” for violations of the Bank Secrecy Act (BSA). The anti-money laundering landscape also witnessed a shift from documentation-based procedures to electronic evidence. This was as a result of the COVID-19 pandemic.
The year 2021 will likely continue from where the year 2020 stopped with more regulations and enforcement actions. Below are my predictions for 2021 in the AML sector.
Tougher Regulations For Virtual Asset Service Providers
The year 2021 will likely witness the introduction of more rules and regulations for virtual asset service providers, or VASPs, by countries around the world. The United Kingdom and the Cayman Islands have already taken steps in the year 2020 to regulate and attract persons and entities that deal with virtual assets as a business, and we are expecting more countries to follow in this direction in 2021. The United Kingdom, for example, issued new rules on the 10th of January, 2020, mandating existing businesses (operating before 10 January 2020) carrying on crypto asset activity in the United Kingdom to register with the Financial Conduct Authority (FCA) before they begin conducting business. If crypto asset businesses are not registered with the FCA, on 10 January 2021, the business will have to cease trading.
Cryptoasset companies regulated by the FCA following the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, as amended (MLRs), and a person who is an officer, supervisor, and beneficial owner in the business will be subjected to the fit and proper requirements under Regulation 58A. On October 31, 2020, the Ministry of Financial Services of the Cayman Islands Government published that it had commenced a regulatory framework for virtual asset service providers or VASPs. The VASPs legislation supports the supervision of persons and entities involved in providing business services that use or rely on virtual assets on behalf of another person or entity.
Enhanced Supervision Of Dealers In Precious Metals, Precious Stones Or Jewels
The year 2021 may witness the adoption of an appropriate mix of on-site and off-site supervision to assess the effectiveness of the anti-money laundering (AML) compliance program of dealers in precious metals, precious stones or jewels, including a review of their risk management practices. The frequency and intensity of the on-site and off-site AML supervision will depend not only on the intrinsic risk associated with the activity undertaken by dealers in precious metals, precious stones, or jewels but also on the quality and effectiveness of the risk management systems put in place to address such risks. These reforms will be coming at a time when a year-long investigation into the FinCEN files had established that Gold companies are being used by criminal enterprises for wealth movement, storage, and preservation.
Where any weaknesses or deficiencies are identified during the review of the institution’s AML compliance program, supervisory authorities may require a dealer in precious metals, precious stones, or jewels to take timely corrective action or impose a range of sanctions. In practice, a range of sanctions are applied in accordance with the gravity of the situation.
Electronic Verification
The COVID-19 pandemic has forced many reporting entities, including financial institutions and virtual asset service providers (VASPs), to amend their anti-money laundering and counter-terrorism financing (AML/CTF) programs by implementing alternative processes to verify customers’ identities. Reporting entities that only relied on documentation-based procedures now to use electronic/digital identity checks, either on their own or in conjunction with documentary evidence. It is expected that many of these reporting entities will maintain these new measures even after the COVID-19 pandemic and upgrade their anti-money laundering systems and controls to accommodate application programming interfaces (APIs) during the customer onboarding process.
Traditional rule-based Know Your Customer (KYC) technology necessitates significant dependence on manual efforts, particularly in the alert investigation stage, which can be time-consuming, labor-intensive, costly, and error-prone. In order to overcome these considerable and lingering challenges, it has now become imperative that reporting entities leverage new-age smart technology solutions.
KYC API offers a singular source for data and documentation to support due diligence and help financial institutions focus on decision-making rather than time-consuming and repetitive standard research activities. With KYC API, companies can obtain information from a wide swath of sources, including government records, individual records, and governments. These include phone records, credit bureaus, DMV information, arrest records, utilities, court records, and business data, which can be accessed via APIs during the customer onboarding process.
Before using the KYC API of an organization for electronic verification, reporting entities should be satisfied that information supplied by the provider is considered to be sufficiently extensive, reliable, accurate, independent of the customer, and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact that person.
Enhanced Surveillance System
Regulatory actions taken against financial institutions by the FinCEN in the last three years have shown how a number of financial institutions failed to adequately monitor foreign currency-denominated wire transfers conducted through commodities records and retail brokerage records due to weaknesses in monitoring that made it possible for an anonymous third-party residing in a country known for money-laundering risk to transfer external currency into a customer’s commodities account, and for that customer to then transfer these funds to another party in a country known for money-laundering risk, without the financial institutions’ surveillance system reviewing these transactions.
2021 will likely see a large number of financial institutions globally improving their AML surveillance monitoring systems to a modern system that can detect highly suspicious transaction patterns, including possible layering schemes, transactions not commensurate with the business’s purpose, and commingling of funds between two independent check-cashing entities.
For the new monitoring system to be effective, financial institutions must incorporate customer files into their transaction monitoring processes. The type of transaction used by the account is an essential factor in identifying an expected volume of customer activity. This is important because such information is necessary to identify baselines with which to compare actual activity for transaction monitoring.
When a financial institution detects a deviation in a customer’s activity from the anticipated activity identified at account opening, the financial institution should not change the anticipated activity in the account, but rather it should change the customer’s risk rating when the customer has been identified as high risk. Changing the customer’s anticipated activity will undermine the purpose of conducting risk ratings and cause the financial institution to apply insufficient transaction monitoring to accounts it should have identified as high-risk and limit the financial institution’s ability to detect red flags of suspicious activity.
Corporate Transparency And Register Reform
Lack of transparency in shell companies' formation and operation could be a desired characteristic for particular legitimate business activity. Still, it is also a vulnerability that allows anonymity or opaqueness of customer, ownership, or beneficiary structures. This may give rise to significant misuse of the corporate vehicle for illicit purposes. The Government of the United Kingdom has already taken steps in the year 2020 to reform the corporate sector by introducing identity verification into the incorporation and filing processes run by Companies House. Identity verification requires company directors, people with significant control of a company, and individuals filing information. The latest reforms will also require companies to provide full names for shareholders.
At the same time, Companies House will improve the information format by allowing users to view and inspect a full list of shareholders easily. This list will be updated annually at a company's confirmation date. This will be a marked improvement on the present situation where forming a comprehensive picture of current share information requires research through historic filings. The introduction of this facility may require every organization to file a full, one-off shareholder list. Where a person fails to verify, the usual outcome will be that the intended action cannot proceed: i.e., a director’s appointment will not proceed, and a presenter will not be able to file information. Where the failure is suspicious, the information will be shared with the appropriate bodies.
The United Kingdom corporate transparency and register reforms came two days before the International Consortium of Investigative Journalists (ICIJ) and 109 media partners published the results of the 16-month international investigation known as the FinCEN Files, which identified thousands of U.K. shell companies linked to suspicious transactions. We are expecting more countries to introduce corporate transparency and register reforms in 2021. Identity verification checks will improve the reliability of information filed with Companies House, adding confidence that only verified individuals can be listed as directors of a company and dissuade misuse of companies and other legal entities.
