Skip to Content
Man in a suit signing paperwork.
Article

Cryptocurrency compliance: Is your financial institution ready for added scrutiny?

August 25, 2022 / 4 min read

As cryptocurrency continues to gain wider adoption, regulators are increasing their focus on illegal activity. Is your compliance program tailored for cryptocurrency risk? Here’s how to prepare.

According to CNBC, one in five adults in the United States has invested in, traded, or otherwise used cryptocurrency, and adoption continues to expand. Based on this increase in usage — and following some high-profile money laundering cases involving cryptocurrency — regulators are looking more closely at market participants and how they identify and prevent illegal behavior. Did the banking customer who put money into a cryptocurrency account and withdrew substantially more just happen to invest in crypto at the right time and strike it rich? Or did they engage in something more questionable? Does your institution understand the transactions being made to and from cryptocurrency accounts? Can they be tracked as traditional expected banking behavior?

Compliance risk is increasing for small and midsize banks, credit unions, and community banks that haven’t yet adapted their compliance infrastructure for cryptocurrency, and in many cases monitoring systems need to be adjusted to account for changes in behavior. In extreme cases, failing to meet the enhanced due diligence requirement for anti-money-laundering (AML) and know your customer (KYC) regulations can result in unwanted scrutiny from regulatory authorities and expose institutions to legal action.

Three steps to successful compliance monitoring

A well-executed cryptocurrency compliance program builds on existing AML/KYC requirements. Follow these steps to review and update your compliance program.

1. Review KYC requirements and normal transactional behavior of your customers

The more you know about your customers, the more likely you can face regulatory scrutiny for known risks. Understanding your customer base — who they are, what they do, where their money is coming from, and their transactional patterns — is the foundation of KYC. The requirements were relatively straightforward to meet until cryptocurrency came along. Today, there’s a large population of people typically aged between 18 and 45 representing a wide variety of salary ranges who are buying and selling cryptocurrency. Their investing activities have expanded outside of traditional products such as exchange-traded or mutual funds, and in some cases have produced outsized returns that can challenge even the most sophisticated monitoring algorithms. For example, a customer could have invested $500 in Ethereum seven years ago and the cryptocurrency investment could be worth $250,000 today. If that customer liquidated their account would your compliance program correlate it and justify the transaction to a regulator?

There’s a large population of people typically aged between 18 and 45 representing a wide variety of salary ranges who are buying and selling cryptocurrency.

2. Calibrate your transaction monitoring program for variables associated with cryptocurrency

Is your transaction oversight and monitoring thorough enough to flag unique activity around cryptocurrency? In some institutions, cryptocurrency behaviors are skewing monitoring, resulting in a loss of predictability as to what the customer is doing. Failure to adjust transaction monitoring can expose your organization to new patterns of suspicious behavior and risk of financial penalties for not addressing them. The reality for most institutions is they need to calibrate monitoring programs to stay in compliance. Optimization not only makes bad activity visible, but it can create efficiencies by cutting down on unproductive alerts.

The reality for most institutions is they need to calibrate monitoring programs to stay in compliance.

3. Maintain close oversight and surveillance on new activities

Most of the time, the customer’s cryptocurrency transactions are fine, other times they’re not. To ensure your institution can justify them to regulators, surveillance should be optimized to look for:

Other areas to consider

If your institution is in the early stages of adopting a cryptocurrency compliance program, ask these questions:

Reviewing the soundness of your KYC/AML compliance program will provide peace of mind for all market participants and ensure your financial institution can stand up to regulatory scrutiny. To find out more about our cryptocurrency services, give us a call.

Reviewing the soundness of your KYC/AML compliance program will provide peace of mind for all market participants.

Related Thinking

Business executive standing in front of a conference room table.
September 27, 2022

Overdraft regulation: Risks extend beyond the fines

Article 2 min read
Younger adult using an ATM machine on the street to withdraw money.
July 14, 2021

Right-size your BSA/AML model risk management

Article 1 min read
Picture of a blurry man walking down a corridor with glass railing to his right.
May 6, 2020

Fintech partnership risk: A checklist for financial institutions

Article 5 min read