Cryptocurrency and blockchain: What’s the money laundering risk?

Bitcoin coins on a computer
With close to 2,000 cryptocurrencies such as Bitcoin in circulation, regulating the currency is a key objective of the Fifth Money Laundering Directive

This blog was updated in May 2022.

Cryptocurrencies and blockchains are set to be a key compliance theme of 2019, with the upcoming Fifth Money Laundering Directive setting out to regulate cryptocurrencies. While the first and most common cryptocurrency is Bitcoin, there are now close to 2,000 in existence, with the number continuing to grow. This level of growth causes two core issues; namely that cryptocurrencies are currently unregulated and that they can be used to launder money due to the unique way in which they are traded. In addition, some cryptocurrencies are either fake or are used to fuel financial scams.

A lot of the guidance below is taken from the cryptocurrency module in VinciWorks’ anti-money laundering refresher course.

What are cryptocurrencies?

In cryptocurrency, a network of peers maintains a complete history of all transactions, and the balance of every account using that cryptocurrency. This secure system is known as the blockchain.

The essence of cryptocurrencies are that they rely on a consensus database of maths, secured by strong cryptography that needs immense computer power to add to the digital ledger where the information is stored, known as the blockchain. They are not secured by trust, fingerprints or anything vulnerable to human error, but by millions of computers constantly agreeing with each other.

While there are many different cryptocurrencies, they all work on the same core principles:

  • Cryptocurrency is decentralised and doesn’t rely on any government or regulatory oversight
  • Cryptocurrency relies on being monitored by peer-to-peer control
  • Cryptocurrency is encrypted in a secure string of data

Money laundering through cryptocurrency

Is cryptocurrency used for money laundering?

Cryptoassets can serve as vital links in the money laundering chain. Because cryptocurrency is decentralised, meaning no one person or institution can exercise control over it, it has attracted both popularity and scorn. It has been alleged that criminals can use it to make international payments free from oversight. But the truth is that in order to buy or sell bitcoins on any regulated exchanges, customers are subject to the same level of KYC (Know Your Customer) requirements as they would be at most banks.

Do cryptocurrencies have a high money laundering risk?

Bitcoin addresses can be linked to real identities, including where the money is being deposited or withdrawn from. All transactions using bitcoin are transparent and traceable by anyone. Even if multiple bitcoin addresses are clustered together in an effort to conceal the origin of funds, decoding one address and linking it to a real identity will de-anonymise all of the other addresses. Therefore, in theory, bitcoin is very secure and should not have a higher risk of money laundering than any other form of monetary transactions.

How does cryptocurrency lead to money laundering?

However, some economic bodies have noted some vulnerabilities of cryptocurrencies and alleged that they hold higher money laundering risks than other traditional forms of monetary transactions. The Hong Kong Monetary Authority charged that cryptocurrency is at greater risk of being used for money laundering since bitcoin and other digital currencies don’t require holders to trade under their real name and because they are considered commodities with no monetary backing. Others, such as the US Federal Reserve, point to potential issues with cryptocurrency including that they could be targeted with cyberattacks and that a central-bank-issued digital currency held widely around the globe could be more easily used for money laundering and terrorist financing. 

But these concerns are add odds with other opinions on cryptocurrencies that allege that they are no more, and maybe even less, subject to money-laundering risks than any other form of economic transaction, due among other things to their resilience and the fact that there is no one single point of failure risk as there is in a centralised system.

What is blockchain?

Blockchain allows digital information to be distributed, but not copied. Essentially, it is a new type of digital network. Originally designed for bitcoin, its uses are varied and becoming ever more ingrained in business and our everyday life.

Information held on a blockchain is shared and continually reconciled by an entire network of computers. It isn’t stored in any single location, meaning the records are public and easily verifiable. It can’t be corrupted as it is being simultaneously examined by millions of computers. It can’t be chained because every computer on the network must continually accept every new addition of a block to the chain.

Blockchain − the future of client due diligence?

The often labour intensive multi-step process of customer verification procedures could be revolutionised by blockchain. The technology may enable customers to take photos of their key documents, and once verified by the institution, store the documents on the blockchain, eliminating the need for a customer to present their passport and utility bills at every institution. It can also better enable identity verification procedures, giving people a way to prove their identity securely without the need for government issued documents which are themselves vulnerable to fraud and corruption.

What are the money laundering risks?

While some institutions, such as the Hong Kong Monetary Authority, have warned about bitcoin as being vulnerable to money laundering, others don’t consider it to pose any greater risk than any other commodity, and in fact may be more secure.

The UK’s National Risk Assessment for money laundering said that digital currencies pose the lowest risk for money laundering alongside cash, financial services, banks and accountants. The report stated:

“There are a limited number of case studies upon which any solid conclusions could be drawn that digital currencies are used for money laundering. There are concerns around anonymity, faster payments and ability to provide cross-border remittances and facilitate international trade. These issues are similar to issues identified with many other financial instruments, such as cash and e-money.”

It is worth noting that the Fifth Money Laundering Directive has already been passed and one of its primary drivers is a perceived need to regulate cryptocurrencies.

Feeling confused? We can help you separate fact from fiction and become a cryptocurrency expert

With the explosion of bitcoin the past few years alongside the myriad of opinions and confusion over the risk it does or does not pose to money laundering, the digital currency craze can feel like a maze to navigate. VinciWorks’ suite of Anti-Money Laundering courses feature in-depth, industry-specific modules, including a comprehensive module on cryptocurrencies as well as a version of the AML course that is fully tailored to the cryptocurrency industry.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.