Cryptocurrencies’ anonymous nature makes them popular, but crypto exchange platforms are still required to collect buyers’ personal data for anti-money laundering (AML) and know your customer (KYC) compliance. In the AML/KYC Tracker, Gemini Chief Compliance Officer Elena Hughes explains how platforms can selectively collect data to ensure user privacy and adhere to regulations.
The obscure nature of cryptocurrency exchanges often raises suspicions of money laundering, especially among those unfamiliar with the space.
Money laundering certainly exists in the world of cryptocurrency, but it is generally concentrated in the hands of a small group of bad actors. Just 1,867 blockchain addresses accounted for 75 percent of all criminally linked cryptocurrency funds last year, for example.
The perception of widespread money laundering on these exchanges is misguided, according to Elena Hughes, chief compliance officer at cryptocurrency exchange Gemini. Exchanges are often, in fact, less tempting to money launderers, in part because of the diligent efforts of many exchanges to monitor customer data and also because of the very attributes of cryptocurrency itself.
“Money launderers seek to exploit weaknesses in any given financial system … whether it’s in traditional finance or cryptocurrency,” Hughes said in an interview with PYMNTS. “But given the unique nature of what cryptocurrency transactions are like and the fact that they leave an investigative trail on the blockchain, in some respects [they’re] less appealing for money launderers.”
A more pressing concern is customer privacy, however, because the anonymous nature of many cryptocurrencies is one of the key attractions for many users. Hughes gave PYMNTS an inside look at how Gemini performs its anti-money laundering (AML)/know your customer (KYC) checks while assuaging these users’ privacy worries.
Cryptocurrency AML/KYC Measures
Hughes explained that AML/KYC compliance at cryptocurrency exchanges typically involves two steps. The first revolves around verifying that customers are who they say they are at the point of entry and are not known bad actors looking to take advantage of the service.
“Fundamentally, the cornerstone of any sort of AML compliance framework is understanding who the customer is,” Hughes said. “It consists of collecting certain identifying information about our customer and verifying them against a variety of vendor lists, or asking a customer to provide documentation, and then screening the customer against a variety of government lists to ensure that we’re not doing business with sanctioned individuals or people that engage in illegal activities.”
Not every money launderer starts off as one, and some attempts at money laundering are made by legitimate customers — either of their own volition or coerced by bribes or intimidation. Catching these attempts behind the scenes requires the second step in the process: diligent transaction monitoring.
“The transaction monitoring that we engage in is based on a variety of topologies that we may glean from illicit activities,” she said. “It is ongoing monitoring of negative news and sanctions screening, and we also avail ourselves of a blockchain analytics vendor so we can see what our customers are doing on the blockchain. These programs are designed to be risk-based rather than absolute [in identifying money laundering], but [potential cases are] being identified in the first instance through a robust risk-assessment process.”
Some customers take issue with cryptocurrency exchanges monitoring their private transactions for compliance reasons, however. It is incumbent on the exchanges themselves to limit the amount of data they gather and maintain constant communication with customers.
Addressing Users’ Privacy Concerns
Hughes said she believes that the key to respecting users’ privacy is to be discerning about which pieces of data crypto exchanges actually need to perform their AML/KYC checks rather than taking as much as they can get. Explaining these needs with exchange customers goes a long way too, as users are much more willing to cooperate if they know what their data is being used for.
“We don’t toss out a blanket request to give us everything about you — we’re actually quite pointed and targeted, and we will adjust it based on what is needed,” she said. “We disclose to our customers exactly what information we collect, how we may share that information, how we retain that information and the guidelines and the robust procedures that we have to ensure that the information is protected. This is both for user safety and security, and also to ensure that we are appropriately complying with our regulatory obligations.”
These privacy regulations can vary widely from country to country, and it is a constant battle for exchanges to ensure their compliance with each nation’s rules. Exchanges can be found liable if their customers’ privacy is compromised, moreover, raising the stakes for exchanges to protect user privacy.
“In the United States and certain European countries, there’s been an adoption of comprehensive regulatory regimes that govern how cryptocurrency firms operate, setting forth a path for how customer information is collected, what information is collected and, more importantly, how it’s retained and stored,” Hughes explained. “Travel rules [are a particular challenge] because the recipient institution may not be located in a jurisdiction that requires them to have the same level of control [as the sender].”
Cryptocurrency exchanges that fail to meet either customer privacy demands or AML/KYC compliance regulations face potential losses on both fronts, through either customer abandonment or regulatory fines. Balancing these competing objectives can be challenging, but the alternative is going out of business.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More