On the 9th of February, Sentinels' Head of FC/AML Faisal Islam presented at the ACAMS Cyprus Virtual AFC Forum Seminar. This seminar focused on the risk assessment regarding counter-terrorism financing strategies and money laundering typologies.
For 20 years, ACAMS has held a place of prestige in the fierce battle against financial crime. ACAMS is the largest international membership community and AML certification provider for risk and compliance professionals. ACAMS promotes international standards for preventing money laundering and terrorist financing, and they also provide opportunities for both private and government organisation professionals to collaborate and exchange knowledge and best practices.
At the event on February 9th, one of the founding members and Vice-chairman of the ACAMS Cyprus Chapter, Nassos Paltayian, kicked off the New Money, New Crime, New Risks session by introducing the two speakers: Faisal Islam of Sentinels and his co-presenter, Amber D. Scott, Founder, CEO and Chief AML Ninja of Outlier Solutions, Inc.
"IMF estimates range from 2-5% of GDP globally is related to money laundering, however, estimates for cryptocurrency are lower."
Amber began the presentation with statistics from the recent "Crypto Crime Report 2021", showing that although there is less reported cryptocurrency illicit activities as a percentage of total cryptocurrency activity (between 2%-3%), both the transactions and business are often high risk.
Following this introduction, Faisal walked the event participants through the concept of "new money and old crimes". In a few examples, he showed that although we are dealing with new technologies, some of the crimes have existed for more than a decade. From ransomware to pump-and-dump penny stocks and terrorism financing, cryptocurrency has found a use in hacks and frauds, but the crimes themselves are anything but new.
Another discussed example was Ponzi (investing) schemes which still show higher amounts of money laundered than other hacks and thefts. Although cryptocurrencies have quite innovative AML controls in place, it is still the same financial crime that the traditional institutions deal with regularly.
Financial crime detection and risk mitigation can be especially challenging for VASPs (Virtual Asset Service Providers). One of the reasons is a binary set of information from regulators limiting VASP providers.
The other important challenge for a VASP is the nature of the cryptocurrency. The purpose of privacy-preserving or anonymous coins is to ensure that the sender and receiver are both unknown. Adding a different layer of anonymity, like a hidden transaction amount, makes it even more difficult to track. For example, if the coin is mined and stored inside secure hardware, the coin would be simply untraceable. Bitcoin transactions, on the other hand, are public and easier to track. Therefore, AML attention should switch to new cryptocurrency alternatives.
The number of VASP transactions flowing into the traditional exchange is decreasing. The industry still sees cryptocurrencies as decentralized. But considering how fast the AML law is evolving, expectations are rising and new regulations are being imposed.
An increase in DeFi (decentralized finance) solutions, which are recreating traditional instruments around decentralized architecture, has expectedly resulted in increased DeFi thefts. Although we see more financial crimes in that sphere, the impact on the mainstream users is not as large as with the traditional institutions.
“The early-adopters of the VASP are highly tech-skilled individuals, and the systems are not mainstream. This saves the majority of everyday users from being affected.” - Faisal Islam
To put cryptocurrency threats in contrast with payments and challenger banks, Faisal distinguished two main scenarios:
Hackers are advanced in their methods, creating infrastructures that have all the data they need to connect the dots. Because of the amount of processed data, they check fintechs' weaknesses at scale using sophisticated technologies such as ML (machine learning). What's more, the complexity of data and data sources make it even more difficult for financial institutions to protect their clients from illicit activities. Although the new regulations like PSD2 (Open Banking) encourage data sharing, the industry is struggling with practical implementations. That's why more and more regulatory bodies, as well as the industry itself, need to invest in proper data management and equally, if not more so, sophisticated technology.
As an example of an efficient "dots-connecting" data management, Faisal presented the Sentinels Network Analysis feature. It shows how machine learning can be used to detect suspicious behaviour. Collected and integrated from outside sources, transactional and customer data visualise in groups of clusters bringing to light anomalies. Clusters that appear unconventional may be shaped in an atypical way. Network Analysis often shows suspicious behaviour that could have been missed with traditional transaction monitoring practices. This gives compliance officers the ability to focus their limited attention on specific and high-value cases.
Faisal and Amber presented a compelling case for risk and compliance experts to better battle financial crime with more advanced technologies. Only through an advanced approach will financial institutions be able to compete against increasingly tech-savvy criminals.
To learn more about Sentinels and our approach to AML, please go to
Sentinels (‘us’, ‘we’, ‘ our’’) is dedicated to protect the confidentiality and privacy of your personal data and information entrusted to us. This Privacy Statement provides an overview of our standard data processing activities and sets forth your rights in relation to the processing of your personal data.
Slimmer AI Sentinels B.V. a limited liability company incorporated under the laws of the Netherlands, Chamber of Commerce number 82155313, having its registered office at The Rock Atoomweg 6-B 9743 AK Groningen (‘Sentinels’).
We are responsible for processing your personal data in accordance with the European General Data Protection Regulation (‘Data Protection Regulation’).
We have appointed a Data Protection Officer (DPO) for you to contact if you have any questions or concerns about this Privacy Statement and/or your rights set forth in this statement. Please contact us at firstname.lastname@example.org.
This Privacy Statement provides information about collecting, storing and processing of your personal data that you disclose to us when you use our services.
The type of personal information we collect may depend on how you interact with us and our platform and which services you choose to use. Generally, we collect, store and use the following personal information: name, surname, job title, company, business type, and email address.
When you choose to use our services, you agree to provide us with most of the personal data when you:
We process your personal data in accordance with the provisions of Data Protection Regulation. We will only use and process your personal data we obtain in the context of commercial relationship. We intend to use and process your personal data under the following conditions:
In case we rely on consent as a legal basis for processing your personal data, please note that you have the right to withdraw your consent at any time by contacting at email@example.com. However, please consider that withdrawing the consent may affect the legal basis of processing of your data, hence we may not be able to provide certain products or services to you. If this is the case, you will be advised accordingly at the time you withdraw your consent.
We are committed to maintaining organizational and technical security measures to protect the personal data we hold about you. We have implemented a set of controls and relevant policies and procedures to prevent the personal data we hold about you from being accidentally or deliberately compromised.
Your personal data is stored in accordance with the provisions of the contractual agreements and/or applicable statutory obligations. We maintain adequate retention policies and procedures so that your personal data are deleted after a reasonable and prescribed time. The data will not be stored longer than is strictly necessary to achieve the purposes for which the data have been collected.
Data collected via the website will be retained until users unsubscribe (after which a new consent will be requested)
We do not transfer your personal data to third parties unless it is mandatory by law or court order, in order to protect the rights of the parties involved in the performance of the agreement or if you give your consent to do so.
Cookies are files with a small amount of data, which may include an anonymous unique identifier. We use functional cookies that are essential for technical operations necessary for the users’ navigation on the platform. These cookies also support the website security and basic functionality.
You can set your browser in order not to accept cookies. However, in certain cases, some of our website features may not function as expected.
For more information regarding the cookies in use can be found in our Cookies Policy.
You have the right (under the certain circumstances and subject to the exceptions), pursuant to Data Protection Act to:
You can exercise any of the above-specified data protection rights, by contacting us at: firstname.lastname@example.org.
Should you have any questions or concerns about this privacy statement or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: email@example.com.
However, if you feel we haven't addressed your concern in a satisfactory manner, you have the right to contact the Data Protection Authority.
Address: PO Box 93374, 2509 AJ DEN HAAG
Telephone: +31 70 888 85 00
Privacy Statement Version
This Privacy Statement was last modified on September 1, 2021.
We reserve the right to update or change our Privacy Statement at any time and you should check this Privacy Statement periodically. Your continued use of the service after we post any modifications to this Statement will constitute your acknowledgement of the modifications and your consent to abide and be bound by the modified Privacy Statement.
If we make any material changes to this Privacy Statement, we will notify you either through the email address you have provided us or by placing a notice on our website.