ACAMS Cyprus Virtual AFC Forum – Recap

About ACAMS

For 20 years, ACAMS has held a place of prestige in the fierce battle against financial crime. ACAMS is the largest international membership community and AML certification provider for risk and compliance professionals. ACAMS promotes international standards for preventing money laundering and terrorist financing, and they also provide opportunities for both private and government organisation professionals to collaborate and exchange knowledge and best practices.

Introduction to the subject

At the event on February 9th, one of the founding members and Vice-chairman of the ACAMS Cyprus Chapter, Nassos Paltayian, kicked off the New Money, New Crime, New Risks session by introducing the two speakers: Faisal Islam of Sentinels and his co-presenter, Amber D. Scott, Founder, CEO and Chief AML Ninja of Outlier Solutions, Inc.

"IMF estimates range from 2-5% of GDP globally is related to money laundering, however, estimates for cryptocurrency are lower."

Amber began the presentation with statistics from the recent "Crypto Crime Report 2021", showing that although there is less reported cryptocurrency illicit activities as a percentage of total cryptocurrency activity (between 2%-3%), both the transactions and business are often high risk.

Following this introduction, Faisal walked the event participants through the concept of "new money and old crimes". In a few examples, he showed that although we are dealing with new technologies, some of the crimes have existed for more than a decade. From ransomware to pump-and-dump penny stocks and terrorism financing, cryptocurrency has found a use in hacks and frauds, but the crimes themselves are anything but new.

Another discussed example was Ponzi (investing) schemes which still show higher amounts of money laundered than other hacks and thefts. Although cryptocurrencies have quite innovative AML controls in place, it is still the same financial crime that the traditional institutions deal with regularly.

Future of AML with new money - VASP

Financial crime detection and risk mitigation can be especially challenging for VASPs (Virtual Asset Service Providers). One of the reasons is a binary set of information from regulators limiting VASP providers.

The other important challenge for a VASP is the nature of the cryptocurrency. The purpose of privacy-preserving or anonymous coins is to ensure that the sender and receiver are both unknown. Adding a different layer of anonymity, like a hidden transaction amount, makes it even more difficult to track. For example, if the coin is mined and stored inside secure hardware, the coin would be simply untraceable. Bitcoin transactions, on the other hand, are public and easier to track. Therefore, AML attention should switch to new cryptocurrency alternatives.

The number of VASP transactions flowing into the traditional exchange is decreasing. The industry still sees cryptocurrencies as decentralized. But considering how fast the AML law is evolving, expectations are rising and new regulations are being imposed.

An increase in DeFi (decentralized finance) solutions, which are recreating traditional instruments around decentralized architecture, has expectedly resulted in increased DeFi thefts. Although we see more financial crimes in that sphere, the impact on the mainstream users is not as large as with the traditional institutions.

“The early-adopters of the VASP are highly tech-skilled individuals, and the systems are not mainstream. This saves the majority of everyday users from being affected.” - Faisal Islam

Cryptocurrency threats vs fintech threats

To put cryptocurrency threats in contrast with payments and challenger banks, Faisal distinguished two main scenarios:

• Due to a closed transaction graph, fintechs are wholly liable for their transactions.
• Customers are engaging in large-scale cross-border transactions with a variety of payment methods that generate a large amount of heterogeneous data.

Hackers are advanced in their methods, creating infrastructures that have all the data they need to connect the dots. Because of the amount of processed data, they check fintechs' weaknesses at scale using sophisticated technologies such as ML (machine learning). What's more, the complexity of data and data sources make it even more difficult for financial institutions to protect their clients from illicit activities. Although the new regulations like PSD2 (Open Banking) encourage data sharing, the industry is struggling with practical implementations. That's why more and more regulatory bodies, as well as the industry itself, need to invest in proper data management and equally, if not more so, sophisticated technology.

The Network Analysis example

As an example of an efficient "dots-connecting" data management, Faisal presented the Sentinels Network Analysis feature. It shows how machine learning can be used to detect suspicious behaviour. Collected and integrated from outside sources, transactional and customer data visualise in groups of clusters bringing to light anomalies. Clusters that appear unconventional may be shaped in an atypical way. Network Analysis often shows suspicious behaviour that could have been missed with traditional transaction monitoring practices. This gives compliance officers the ability to focus their limited attention on specific and high-value cases.

Conclusion

Faisal and Amber presented a compelling case for risk and compliance experts to better battle financial crime with more advanced technologies. Only through an advanced approach will financial institutions be able to compete against increasingly tech-savvy criminals.