Understanding the risks and red flags of virtual assets

Nicole Mazullo, Katie Renz, Alex Rubin
| 9/14/2022
Understanding the risks and red flags of virtual assets

Identifying red flags can help organizations mitigate the risk that accompanies virtual asset transactions.

Managing the risks of the unknown is similar for fiat and virtual assets, but it is different enough to warrant that organizations update and tailor their programs to address the specific risks that each asset type can present.

For those who work in traditional financial institutions (FIs), virtual assets and the transactions occurring at virtual asset service providers (VASPs) might seem like an enigma. But the indicators of illicit activity are largely similar. Virtual asset transaction red flags mimic the red flags that anti-money laundering (AML) investigators and transaction monitoring systems identify within fiat transactions, and identifying those red flags is key to mitigating risk.

Keep informed
Sign up to receive the latest insights on strengthening your financial crime program.

Defining virtual assets and VASPs

Before exploring such red flags, defining several terms can be useful in understanding this broad and rapidly evolving area.

  • Virtual asset. A virtual asset is "a digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes," and it does not include digital representation of fiat currencies. While the terms "digital asset" and "virtual asset" are often used interchangeably, there are important differences. All virtual assets are digital assets, but not all digital assets are virtual assets. In order to be a virtual asset, a digital asset must carry its own value and be able to be exchanged for another asset.
  • VASP. A virtual asset service provider is a business that provides services such as the exchange of virtual assets and fiat currencies, the exchange of one or more forms of virtual assets, the transfer of virtual assets, the safekeeping or administration of virtual assets, and financial services regarding the sale of a virtual asset.

5 categories of virtual asset red flags

Virtual asset red flags can be broken down into five main categories:

1. Transactions and transaction patterns

Traditional FIs monitor customer transactions to identify money laundering activity. They catch criminals who try to circumvent such monitoring by structuring transactions below reporting thresholds, conducting transactions out of pattern or with no apparent reasonable purpose, or sending and receiving funds to and from high-risk jurisdictions.

As the financial services environment evolves, access to virtual assets is becoming more prevalent, and criminals are capitalizing on these technologies to launder funds. They can easily structure virtual asset transactions below reporting thresholds, instantly conduct peer-to-peer (P2P) transactions across borders, quietly transfer funds back and forth between wallets, and swiftly conduct transactions with suspicious wallets, individuals, or protocols.

Like traditional FIs, VASPs must be aware of the transactional red flags indicating potential financial crime and monitor customers and their transactions to mitigate money laundering risk. As virtual asset adoption increases, both traditional FIs and VASPs must continue to implement robust processes to monitor, identify, and report such activities.

2. Anonymity

At a traditional FI, alarms sound if customers attempt to disguise their identities or increase anonymity by not providing personal and due diligence information, by opening an account online from an IP address that does not reflect their actual location, by obscuring beneficial ownership through complex entity structures, or by primarily using cash below the reporting threshold or prepaid asset cards to transact.

Just as anonymity can be attempted at a traditional FI by creating a web of complex ownership, the pseudonymous nature of digital assets offers individuals the opportunity to transact in ways that help disguise identity. VASPs need to be aware of the red flags indicating that customers might be trying to increase anonymity. Such red flags include using privacy coins, mixing and tumbling services, or P2P platforms; transacting with VASPs that have weak due diligence and know your customer (KYC) processes; using darknet IP addresses that allow for anonymity; or purchasing virtual assets with prepaid cards.

Virtual assets have a notoriously inaccurate reputation of being fully anonymous, but they are not, and VASPs can put many controls in place to know their customers. And once those controls are in place, red flags indicating that a transactor might be trying to increase anonymity should trigger proper responses with VASPs just as they would at traditional FIs.

3. Consumer profiles

Irregularities discovered during KYC, customer due diligence (CDD), and enhanced due diligence (EDD) bring into question a customer's true identity and intentions for opening an account. Just as a traditional FI has KYC, CDD, and EDD policies and risk controls in place, compliant VASP providers follow similar policies and controls, including similar strategies during onboarding with documentary and nondocumentary processes. When a customer provides incomplete or insufficient KYC information or declines requests for KYC documents or inquiries regarding the nature of the account and source of funds, that's a red flag.

Of course, the practices at a VASP are attuned to the unique and challenging risks of operating within the virtual asset ecosystem. For example, the Razzlekhan case highlights how VASPs often use nonstandard identification markers such as email service providers, IP address information, web domain registrations and locations, and blockchain transaction history to link customer and transaction risk in order to build a more robust customer risk profile. In fact, by using these nonstandard data sets, VASPs can have more accurate risk profiles and screening compared to traditional FIs that rely heavily on attested information and customer statements.

4. Source of funds

Traditional FIs serve as the on-ramp and off-ramp for fiat currency entering and exiting the virtual asset environment. Individuals are unable to initially use virtual assets without first depositing funds through traditional financial outlets. As such, traditional FIs that inadequately assess a customer's source of funds could allow illicit funds to enter and exit virtual asset environments.

Both traditional FIs and VASPs must obtain information related to their customers' sources of funds to further understand the money laundering risk posed by their customers. In some ways, VASPs can have more visibility into risk. At account opening and throughout the customer relationship, VASPs analyze the customer's source of funds. While the same is expected of traditional FIs, in most cases, the customer's source of funds is primarily only analyzed at account opening and then on an as-needed basis through transaction monitoring.

Slight nuances exist regarding what should be monitored. For example, an individual might fund a new wallet using existing virtual assets on separate protocols. VASPs should be able to identify whether these funds originate from known suspect wallets, exchanges, or protocols. In the virtual asset space, the interplay between analyzing a customer's source of funds and performing transaction monitoring activities in real time is particularly important.

5. Geographic risk

Customers that try to conceal the location from which funds are sent or received are found within both traditional FIs and VASPs. Geographic risk is assessed in a variety of ways, and while it might appear difficult to detect geographic risk from virtual asset activity given the virtual nature of this activity type, this is not the case. A lack of physical jurisdiction that underlies the virtual asset landscape does not equate to unlimited geographic risk, and, on the flip side, an established physical jurisdiction does not equate to zero geographic risk.

Take recent news, for example, where geographic risk is high within a specific physical jurisdiction: the Russian Federation. Many financial sanctions were placed on Russia following its invasion of Ukraine in February 2022. Concerns quickly emerged regarding potential attempts to circumvent international sanctions through the use of virtual assets. However, many of those concerns have so far proven largely unfounded.

VASPs need to be able to detect red flags indicating the potential concealment of geographic risk. These red flags might include a customer's funds originating from (or being sent to) an exchange that is not registered in the jurisdiction where the customer resides or conducts business; a customer using an exchange in a high-risk jurisdiction that lacks AML regulation for virtual asset entities; or a customer establishing or moving office locations to a jurisdiction with no implemented regulations to govern virtual assets.

Clearly, there are many avenues through which VASPs can understand and detect the geographic risk a customer might pose. Much like traditional FIs, VASPs must detect and monitor these risks in order to protect their customer base and their organization.

Mitigating risk

Many traditional FIs are becoming more interested in providing virtual asset capabilities to their customers, or they are just curious about where to begin when it comes to detecting illicit activity within virtual asset transactions. Understanding the red flags they should be aware of can help traditional FIs detect financial crime, mitigate risk, and strengthen their organizations.