Mixing Services and Privacy Wallets

Red Flags for Mixing Services and Privacy Wallets

A customer has received a large amount of funds from a mixing service or privacy wallet and cannot provide further evidence of the ultimate source of funds.Mixing services and privacy wallets are often used to obfuscate the source of funds. Inability to provide evidence of the source raises concerns about potential money laundering or other illicit activities. Conduct CDD and closely monitor the customer’s transactions. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

A customer’s account shows frequent transactions to or from a mixing service or privacy wallet in a short amount of time, with only a vague explanation. Frequent transactions with mixing services or privacy wallets may indicate attempts to hide the source or destination of funds, which could be associated with illicit activities. Conduct CDD and closely monitor the customer’s transactions. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

A customer is evasive about their reason for using a mixing service or privacy wallet. Evasiveness about the use of mixing services or privacy wallets may suggest the customer is attempting to conceal the purpose or source of their transactions, possibly due to illicit activities. Conduct CDD and closely monitor the customer’s transactions. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

Red Flags for Token-Based Laundering

A customer wishes to exchange a large volume of newly-issued tokens, very suddenly and without explanation. Sudden and unexplained transactions involving large volumes of newly-issued tokens may indicate attempts to launder proceeds from illegal activities through token sales or trading. Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

The website of the token in question suggests it does not conduct KYC or CDD of investors or have controls in place to protect against ICOs. Lack of KYC and CDD procedures for token investors increases the risk of money laundering, as it allows for anonymous participation in token sales or trading. Conduct CDD on the customer and monitor transactions involving the token closely. Perform EDD if necessary. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

There is little or no information about where the token’s founders are based and what jurisdictions they operate in.Limited information about the token’s founders or the jurisdictions they operate in can make it difficult to assess the legitimacy of the token, increasing the risk of money laundering or other illicit activities.Conduct CDD on the customer and closely monitor transactions involving the token. Perform EDD if necessary. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

The token has not registered as an MSB or securities broker in jurisdictions where this is required.Non-compliance with registration requirements in relevant jurisdictions may indicate that the token’s operators are attempting to avoid regulatory scrutiny, increasing the risk of money laundering or other illicit activities. Conduct CDD on the customer and closely monitor transactions involving the token. Perform EDD if necessary. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

Red Flags for Token Scams

New customers to an exchange demonstrate little or no understanding of cryptocurrencies and indicate they are responding to an ad for a token. Inexperienced customers may be more susceptible to token scams, which could involve fraudulent schemes or tokens associated with money laundering. Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

Defrauded customers may attempt to purchase relatively significant amounts of cryptoassets as a one-off, despite their limited understanding of the technology. Customers who have been defrauded may engage in high-risk transactions, potentially involving tokens associated with money laundering or other illicit activities.Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

The ostensible token may feature on websites or social media, promising huge returns and promises that investors will get rich quickly. Exaggerated promises of returns or wealth could be indicative of a scam, which may also involve money laundering or other illicit activities.Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR. (MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

Red Flags for Stolen Tokens and Stablecoins

A customer is in possession of a large volume of tokens and stablecoins with an obscure explanation for how they were obtained. An unclear explanation for the possession of large volumes of tokens and stablecoins may suggest that they were illicitly obtained, such as through theft or hacking. Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR.(MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

Blockchain analytics indicates that a customer is in possession of tokens and stablecoins that have been exposed to a known exchange hack. Possession of tokens or stablecoins linked to a known hack raises concerns about potential involvement in illicit activities, such as theft or money laundering. Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR.(MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

A customer suddenly begins sending or receiving tokens and stablecoins to or from DEXs frequently, with no real explanation. Frequent transactions with decentralized exchanges (DEXs) without a clear explanation may suggest attempts to launder illicitly obtained tokens or stablecoins. Conduct CDD, closely monitor the customer’s transactions, and educate the customer about potential risks. If the risk is high, perform EDD and consider filing a SAR.(MLRs – Regulation 28 (CDD), Regulation 33 (EDD); POCA – Part 7 (SARs); FCA Handbook – SYSC, PRIN.)

In each case, it’s essential to tailor the preventive measures to the specific red flag, customer, and transaction. Keep in mind that the FCA Handbook’s SYSC and PRIN sections provide overarching guidance on establishing and maintaining systems and controls related to AML/CTF, and these should be considered in conjunction with other specific regulations such as the MLRs and POCA.Remember that the specific requirements and procedures may vary depending on the specific facts and circumstances surrounding each red flag. Tailor these suggested preventive measures to your individual business processes, risk appetite, and regulatory obligations. Maintain a robust AML/CTF compliance program in line with guidance from the FCA and MLRs, and stay informed about any regulatory updates or changes to guidance.