Compliance has been a big question in the crypto industry for several years as trading firms and those using digital currencies to make and receive payments have come under increasing scrutiny as a potential channel for money laundering and sanctions busting.
That scrutiny, both in the U.S. and worldwide, grew far more intense in February following Russia’s invasion of Ukraine and the intense focus on sanctions that followed.
While that’s certainly enough to make companies shy from dealing with crypto, it doesn’t need to be, said Andrew Fierman, head of sanctions strategy at Chainalysis, a blockchain data platform with deep experience in detecting and deterring illicit transactions.
“What many people don’t really understand is that cryptocurrency is actually incredibly transparent,” said Fierman, who headed up sanctions compliance at Barclays Bank after working with a number of other big banking names, including Société Générale, BNP Paribas and JPMorgan Chase & Co.
Cryptocurrencies operate on publicly accessible, immutable blockchain ledgers — meaning that once information about a transaction is recorded onto one, it cannot be changed or deleted, he said.
“That means that anyone at any time can look up the entire history of transactions using a public block explorer,” Fierman added.
As a result, compliance professionals who know their way around crypto have some advantages over those working in traditional institutions, as they can investigate transactions that might have run into a sanctions exposure or other compliance issue even several hops back.
“This isn’t something that’s as clear in traditional fiat, where a financial institution may only be privy to a singular transaction” that may have been sent through a shell company and before that another financial institution, he said. “They might not have line of sight of the full lifecycle of that transaction, whereas, on the blockchain, we can do that.”
Harder Than It Looks
Of course, like almost anything involving blockchain technology, it isn’t as simple as it sounds. In many ways, explorers are blockchain search engines, and while they are simple to use, the information they give access to is fairly complex.
You may also like: Wirex Says Consumers’ Crypto Concerns Must Be Addressed To Increase Adoption
“The problem is that it’s actually really difficult to read explorers,” Fierman said. “It looks just like a bunch of random numbers and letters, transacting with a bunch of other random numbers and letters. And that doesn’t really mean much to most people” who aren’t very familiar with how blockchains work.
What Chainalysis does, he said, “is map those random numbers and letters — which are cryptocurrency addresses — to their real-world services. That data set then powers investigations and compliance tools for financial institutions, cryptocurrency businesses, and government agencies.”
That, in turn, allows compliance and investigative personnel to “go ahead and flag suspicious activity in real time and do deeper investigations into the flow of funds on the blockchain, especially those where they have exposure to potentially illicit or risky activity.”
Doing that starts with a simple enough, six-step process, he said, beginning with collecting know-your-customer (KYC) data and screening it against sanctions lists and blocking IP addresses sanctioned by agencies like the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC).
That can be made robust with more sophisticated tools, like screening for IP addresses known to be associated with VPN services used to mask the user’s location.
“Of course, continuously monitoring your transactions, continuing to watch the activity that’s flowing through your business is really important,” Fierman said. “So is being able to perform that counterparty due diligence, to understand who your customers are transacting with.” Then there’s screening for Travel Rule violations and finally, of course, correctly reporting suspicious transactions to the right authorities.
Chainalysis has launched two free tools, including a wallet screening application programming interface and blockchain “oracle,” to provide data that provides the basic OFAC sanctioned address-monitoring capabilities.
Over the next few years, requirements are going to become more robust and complex, Fierman said, noting that regulatory and compliance frameworks are under construction in the U.S., EU and elsewhere.
“This is something I’m already seeing from a lot of companies in this space,” Fierman said, adding that they’re starting “to have programs that resemble much closer to what you see in traditional financial institutions.” That includes having things like a KYC team, an anti-money-laundering (AML) team, and sanctions teams to manage their various regulatory expectations from departments such as OFAC and the Treasury Department’s Financial Crimes Enforcement Network, also known as FinCEN, he said.