There are over 32 million blockchain wallet users worldwide and, according to the recent research, 68% of the biggest cryptocurrency exchange services allow fiat-to-crypto trading with little or no KYC compliance – with most needing just an email address
The cryptocurrency market has experienced a real rollercoaster over the past year or two – from being valued at a historical high to losing around 80% of its market value. Nevertheless, it looks as though cryptocurrencies are here to stay, at least for some time. There are over 32 million blockchain wallet users worldwide and, according to recent research, 68% of the biggest cryptocurrency exchange services allow fiat-to-crypto trading with little or no KYC compliance – with most needing just an email address. The European Union’s fifth Anti-Money Laundering Directive (5AMLD) is set to change this by bringing fiat-to-cryptocurrency exchange platforms, as well as custodian wallet providers, under the mantle of EU anti-money-laundering (AML) legislation by January 10, 2020. Thereafter, these platforms and providers working in the cryptocurrency market and associated with user anonymity, will face the same challenges as other financial institutions. At the same time, FATF (Financial Action Task Force), the international agency responsible for developing policies combating global money laundering, is set to develop and impose new regulations that pertain to regulating the international use of cryptocurrencies in June 2019.
More companies have to comply with the 5AMLD
Distinctive companies that process cryptocurrencies will have to comply with 5AMLD. The 5AMLD specifies “providers engaged in exchange services between virtual currencies and fiat currencies” and defines fiat currency as coins and banknotes that are designated as legal tender and electronic money of a country accepted as a medium of exchange in the issuing country. Therefore, exchanges providing only crypto-to-crypto exchange services will be exempt. Moreover, 5AMLD stipulates that a “custodian wallet provider” is an entity that provides services to safeguard private cryptographic keys on behalf of its customers to hold, store, and transfer virtual currencies. Such a provider must meet two conditions: the cryptographic key must be held by the provider, and the virtual currency must be held by the user.
ICOs (initial coin offerings) are not obliged entities according to the 5AMLD. Instead, they may voluntary decide to comply with AML/know-your-customer (KYC) rules in order to comply with banks regulation to change crypto to fiat. However, Member States reserve the authority to expand the list of obliged entities by including ICOs in their respective jurisdictions – and some Member States, for example Lithuania, have already proposed legislative amendments to this effect.
So what does the 5AMLD actually mean for exchanges and custodian wallet providers? Quite a lot, to say the least. Not only will they have to comply with the governance-related rules just like traditional regulated financial and credit institutions (stipulating risk assessments, beneficial ownership registers, (enhanced) customer due diligence, screening, reporting, policies, procedures, and supervision). They will also have to comply with procedures, such as registration with the local AML authority of their jurisdiction. This implies that exchanges and custodian wallet providers will be accountable for any breaches of 5AMLD and substantial fines (a maximum fine of at least twice the amount of the benefit derived from the breach or €1 million) could be imposed.
What action should be taken?
To avoid sanctions, exchanges and wallet providers will face the same practical challenges as other obliged entities. Obliged entities are required to be risk-focused in the way they manage their CDD (customer due diligence), CTF (counter-terrorist financing), and AML (anti-money laundering) programs. This means having written procedures, updated CDD information and documentation to verify the identity or ownership of every client, and ability to screen clients and their counterparties. Moreover, exchanges and custodian wallet providers will have to ensure that they have sufficient documentation to verify the UBO (ultimate beneficial owner) of each client, as well as their source of funds and wealth. They will also have to carry out a risk assessment that takes into account the geographical location, frequency, and transaction currency of each client. Some of the familiar key challenges that exchange platforms and custodian wallet providers will face regarding their KYC/AML procedures include:
- Onboarding the client takes too long due to the time spent collecting required KYC documentation.
- Ensuring that the real UBO is identified and verified while complying with the GDPR.
- Ensuring that, in case of a change of UBO, new documentation is collected in reasonable time.
- Ensuring that the internal client database is regularly updated to allow ongoing monitoring of the client’s activities and counterparties.
- Identifying suspicious transactions in a timely manner and reporting them to the local financial intelligence unit.
At Capgemini Invent, we believe that a revision of internal processes makes it easier to tackle new regulations. To keep up with the pace of the changing compliance environment, all obliged entities should focus on key priorities:
- Make sure that internal procedures increase awareness of upcoming KYC regulations at all levels of the company. Evaluate the necessary information to be received and inserted in the internal systems and databases while complying with privacy legislation.
- Review internal CDD procedures to assess potential weaknesses and possibilities in the business processes.
- Review the software used for monitoring and screening clients and their counterparties and consider the implementation of advanced-generation tools, which offer new ways to perform counterparty due diligence such (adverse media searches instead of watchlist screening alone) or customer profiling (machine-learning rather than rule-based engines).
- Review current KYC/AML solutions with a view to replacing them with new cost-reducing software that uses artificial intelligence and machine-learning solutions. This in turn would help reduce the number of false positives in screening or transaction filtering/monitoring.
- Evaluate business processes to combine related operations and avoid duplication across KYC/AML processes using new technologies and enhanced KYC data, and increasing staff competence.
The implementation of new technologies is costly, especially for small/mid-size businesses. Therefore, it is important to keep an eye on emerging innovative technologies, such as blockchain, digital passports, and online client onboarding. Process automatization can help overcome KYC/AML challenges faced by obliged entities and reduce compliance-related costs since manual processes are often not in sync with the required or expected transaction speed. Capgemini Invent has already published several blogs on the various technological solutions, such as robotic process automation, data analytics, e-identification, and KYC platforms, that are currently available.
How can Capgemini Invent support you?
Capgemini Invent has extensive experience of working with various financial and non-financial institutions to assist them with their compliance challenges. Our transformation program would typically include:
- Key controls maturity assessment
- KYC/AML/CTF policy and procedure establishment, review, and/or assessment
- KYC/AML/CTF process review and optimization
- Implementation of new technological tools
- System testing
- Externalizing KYC processes
- Data quality assessment
- AML/CTF training.
Based on your current internal processes and goals, our teams quickly tackle the focus areas and start realizing your roadmap towards regulatory compliance. Our agile way of working guarantees commitment and fast integration in the standing organization.
If you wish to further exchange on this matter and discuss the opportunities for your company, feel free to reach out to us: Rob van Dijk or Povilas Randis.