1. Red Flags for Cryptoasset Prepaid Cards:

a. Moving funds directly from an illicit source to a cryptoasset prepaid card provider:

Monitor the source of funds and apply Enhanced Due Diligence (EDD) to high-risk transactions. (Money Laundering Regulations 2017 (MLRs), Regulation 33)

b. Large incoming transfers from bank accounts to top-up cryptoasset prepaid balances:

Implement transaction monitoring systems to detect and investigate unusual patterns. (FCA Handbook – Financial Crime Guide (FCG), SYSC 6.3)

c. Sudden spurts of high volume and high value spending at a single merchant for no obvious purpose: Apply EDD to high-risk transactions and investigate suspicious patterns. (MLRs, Regulation 33)

d. Mules opening numerous accounts and obtaining prepaid cards using genuine or fake IDs, common addresses, mobile devices, or IP addresses: Implement strong Customer Due Diligence (CDD) and identity verification processes. (MLRs, Regulation 28)

e. Criminals opening accounts at unregulated, non-compliant, or weak KYC or CDD prepaid card providers: Conduct ongoing monitoring and risk assessments of the prepaid card providers. (MLRs, Regulation 18)

f. Fiat funds transferred to cryptoasset prepaid card providers from high-risk countries:

Apply Enhanced Due Diligence (EDD) to high-risk jurisdictions. (MLRs, Regulation 33)

g. Criminals setting up numerous accounts at a single prepaid provider and using multiple cards just below transaction limits: Implement monitoring systems to detect attempts to circumvent transaction limits. (FCA Handbook – Financial Crime Guide (FCG), SYSC 6.3)

h. Criminals topping up stolen fiat debit or credit cards and converting them into cryptocurrencies for further laundering: Monitor for unusual top-up patterns and verify the legitimacy of the source of funds. (MLRs, Regulation 28)

i. Large volumes of inbound fiat wire transfers associated with social engineering frauds:

Investigate unusual patterns and apply EDD to high-risk transactions. (MLRs, Regulation 33)

j. Criminals attempting to convert cryptocurrencies directly into holdings in commodities such as gold and other precious metals: Monitor transactions involving commodities and investigate suspicious patterns.(Proceeds of Crime Act 2002 (POCA), Part 7)

k. Criminals targeting unlicensed or non-compliant providers of prepaid cards:

Conduct ongoing monitoring and risk assessments of prepaid card providers. (MLRs, Regulation 18)

• Red Flags for Legitimate or Stolen Fiat Cards:

a. A customer purchasing a large amount of cryptoassets and making an immediate onward transfer to a dark web carding site: Monitor transactions for connections to dark web sites and apply EDD. (MLRs, Regulation 33)

b. A customer purchasing a large amount of cryptoassets and immediately using the funds to make frequent or high-value purchases at mainstream vendors: Monitor and investigate unusual spending patterns. (FCA Handbook – Financial Crime Guide (FCG), SYSC 6.3)

• Red Flags for Legitimate or Stolen Fiat Cards to Purchase Cryptoassets:

a. A customer making numerous purchases of cryptoassets using prepaid cards with a frequency that can’t be legitimately explained: Implement transaction monitoring systems to detect and investigate unusual patterns. (FCA Handbook – Financial Crime Guide (FCG), SYSC 6.3)

b. The customer using countless different cards to make purchases of cryptoassets: Monitor and investigate the use of multiple cards for potential suspicious activity. (MLRs, Regulation 28)

c. After purchasing cryptoassets using prepaid cards, the customer immediately transfers the cryptoassets to high-risk sites (e.g., dark web markets or sites associated with prostitution or similar activities): Apply Enhanced Due Diligence (EDD) to high-risk transactions and investigate connections to high-risk sites. (MLRs, Regulation 33)

To mitigate the risks associated with these red flags, businesses should implement the following measures:

1. Implement a risk-based approach to Customer Due Diligence (CDD) and ongoing monitoring.
2. Conduct Enhanced Due Diligence (EDD) for high-risk customers and transactions.
3. Train staff to identify and report suspicious activities.
4. Appoint a dedicated Money Laundering Reporting Officer (MLRO).
5. Regularly review and update internal policies, procedures, and risk assessments.

By adhering to the cited regulations and guidelines and implementing robust internal controls and procedures, businesses can prevent, detect, and report suspicious activities related to cryptoasset prepaid cards and fiat cards.