December 5, 2023
Learn how criminal enterprises use cryptocurrency to operate outside the regulated financial sector.
Digital currencies, commonly referred to as ‘crypto’ and ‘cryptocurrency,’ have seen a significant increase in value and acceptance over the last five years.
While many users are drawn to the decentralized ethos of crypto, organised criminal groups and individual offenders are taking advantage of the borderless nature of digital currencies to conduct serious crimes, including money laundering, terrorism financing, scams, and tax evasion.
This guide will help you understand digital currencies and how criminals use the technology to operate outside the traditional financial sector. You will learn about the current regulatory landscape, common and emerging digital currency crimes and how to monitor for suspicious.
Digital currency is a system of money that only exists in digital rather than physical form. Most people refer to digital currency as ‘crypto’ or ‘cryptocurrency’. One reason people love crypto is that it is a decentralized medium of exchange, meaning there is no central authority, like the U.S. Dollar or the Euro, that oversees its value. Additionally, users are drawn to crypto as it is stored in digital wallets rather than physical, allowing them to send or receive payments from any location.
Blockchain is the technology that enables crypto to exist. It is a type of database or ledger that can be shared and synchronised across multiple sites, reducing the chance of cyber-attacks and financial fraud. Blockchain stores data in blocks that are then linked together and secured using cryptography, a mathematical and computational practice of encoding and decoding data, to allow only the sender and intended recipient of the message to view its contents.
Digital currencies will change every aspect of how we transact and do business with each other over the next five years.
Eighty-three countries are already experimenting with or implementing Central Bank Digital Currencies (CBDCs), representing 90% of global GDP.
China reportedly has already disbursed over $5.3 billion of its new digital yuan as of June 2021.
Until recently, attempts to regulate the crypto industry have been limited and ineffective. However, rapid growth and a subsequent market downturn have reignited calls for the sector to operate within a regulated system. Many in the crypto industry now realise the importance of proactively working with regulators and legislators to build trust and protect legitimate users from illicit activities.
While the regulatory landscape is slowly but surely beginning to change for the better, there is currently no unified global approach. Many countries are divided and view crypto as a strategic priority or a threat that needs to be actively controlled. According to the World Economic Forum, governments must collaborate to avoid ‘regulatory arbitrage’ and promote a globally coordinated set of standards. In addition, policymakers need to work with the crypto industry to understand the economic impacts that specific regulatory models could create.
In the US, cryptocurrency regulation still varies considerably between states; however, progress is being made at a federal level. In July 2022, a framework was delivered to President Biden outlining an interagency approach to addressing risks, harnessing potential benefits, and setting standards for how digital assets are used and transacted.
There are currently no laws in Australia that have been implemented to regulate cryptocurrency. Instead, the only formal monitoring of cryptocurrency activity in Australia is in relation to Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF). In 2021, The Australian Securities & Investments Commission (ASIC) released INFO 225 Crypto-assets (INFO 225) to provide regulatory guidance to businesses involved with cryptocurrency or cryptocurrency-adjacent services.
China has banned all cryptocurrency-related activity, including transactions, mining, and offshore exchanges which provide services to Chinese citizens. The Chinese government sees crypto as a volatile investment and believes it can be easily used to launder money. In addition to China, Egypt, Iraq, Qatar, Oman, Morocco, Algeria, Tunisia, and Bangladesh have all banned cryptocurrency.
The European Union has agreed to bring cryptocurrency under a regulatory framework for the first time. The Markets in Crypto-Assets (MiCA) proposal gives issuers of crypto assets and providers of related services a “passport” to serve clients across the EU from a single base while meeting capital and consumer protection rules. Cryptocurrency exchanges must also adhere to the strict requirements of 6AMLD (the EU anti-money laundering directive). As of September 2021, cryptocurrencies were worth about $2.1 trillion, doubling their value YTD, with bitcoin worth nearly $900 billion.
Assets committed (or locked) in DeFi protocols grew over 300% in the year prior to 26 September 2021 to about $82.6 billion, according to DeFi Pulse.
Still, they represent a tiny fraction of the world’s financial assets of some $316 trillion, with lots of opportunities for expansive growth.
A recent report revealed that cryptocurrency-based crime hit an all-time high in 2021. Criminal abuse of cryptocurrency not only impacts future adoption and attracts scrutiny from governments but also directly targets innocent users.
The increased use of cryptocurrency for various financial activities has created opportunities for criminals to operate outside the traditional financial sector. However, the public nature of most digital currency transaction data does allow law enforcement to identify, target and disrupt criminal activities using digital currencies.
Cybercrimes involving cryptocurrencies totalled about $1.9 billion across the world in 2020, according to CipherTrace, while ransomware payments in 1H21 already exceeded the 2020 total. In the last three years, $5.2 billion has been paid out in ransomware.
Money laundering is one of the most common cryptocurrency crimes. The anonymity of the blockchain, lack of central authority, and limited regulations can all be exploited to conceal the illegitimate origins of illicit funds and convert them into cash for bank deposits. Money laundering in cryptocurrency follows the same three-stage process as cash-based money laundering – placement, layering, and integration.
Placement involves the illicit funds being placed into the financial system and converted to digital currency. These illegal funds can be placed through methods such as financial institutions, exchanges, shops, and casinos. The next stage, layering, allows the illicit funds to be distanced from the original source to create a difficult path to decode. This can be done through exchanges, converting one cryptocurrency into another, or moving holdings across borders. Finally, integration allows the illicit funds to be reintroduced back into the economy via purchasing goods or services or the traditional financial system.
What to look out for: This crime can be indicated through the inability to explain the source of the funds, providing low-quality documentation, and requesting higher limits than what aligns with their occupation.
Some terrorist groups have been known to fund terrorist activity using digital currency donations and crowdfunding, where small amounts are received from a large group of individuals. In 2019, several terrorist groups used social media to request bitcoin donations to finance terrorism campaigns, misleading donors into believing such transactions were anonymous and untraceable.
What to look out for: Extremist ideologies and religious beliefs advertised on social media.
In 2021, Australia lost over $300 million to scams and received 10,412 reports of digital currency scams, equating to over $129.4 million. The rise of public interest in digital currency has significantly increased the rates of scams targeting all demographics. Digital currencies are used for various scams, including romance, investment, giveaways, job/employment scams, and Ponzi schemes.
What to look out for: The scammer can take the identity of someone who does not fit the usual persona of a digital currency trader, such as an elderly customer, and initiate high-volume transactions. Common characteristics include showing little knowledge of digital currency but revealing urgency when transferring funds and sounding coached when answering personal questions.
Individuals may attempt to avoid their tax obligations by not declaring trading in digital currency in their tax returns, making payments in digital currency to avoid GST or shifting value offshore to avoid capital gains tax. In Australia, the Australian Taxation Office (ATO) has raised concerns that cryptocurrency is being used for tax evasion, particularly to evade income tax.
What to look out for: In-depth interest regarding their reporting obligations and the amount of information the ATO requests. Illegal behaviour can also be identified if the customer aims to delete transaction history and currency is distributed to a wide range of accounts.
While most people engage with digital currency for legitimate purposes, providers need to assess and understand the risks associated with their services and the people they are offering them to. Many tools are available to target, detect and disrupt transactions related to financial crime and money laundering through digital currencies.
Cryptocurrency providers must identify and understand the associated money laundering and terrorism financing risks and have appropriate risk-based systems and controls in place as part of their anti-money laundering (AML) and counter-terrorism financing (CTF) programs.
Key considerations for monitoring suspicious behaviour include:
Know Your Customer (KYC): KYC is the process of identifying your customers and verifying their details to comply with national and global regulations, including anti-money laundering and counter-terrorism financing laws. The overarching goal of KYC is to make sure the prohibition of unqualified people from trading in crypto exchanges. The topic of KYC has been controversial among the crypto community.
While KYC has become a regulatory norm for most financial services, the crypto industry often argues against it as it can slow down a client’s access to services, or some clients may hesitate to share their personal information. Crypto exchanges are then caught in an unfortunate position where they are forced to choose between forgoing KYC measures for swift operations or fulfilling their obligations of protecting their client’s money with due diligence.
Enhanced Customer Due Diligence (ECDD): Customer Due Diligence (CDD) is a crucial step in the Know Your Customer (KYC) process not only to identify a customer but also to assess their risk. In cases where the risk of money laundering or terrorist financing may be higher, businesses can use Enhanced Due Diligence (ECDD). This involves conducting additional checks on a customer's identification, collecting different information, and doing additional verification for accounts or activities that pose a higher risk.
Screening and monitoring: For businesses to engender trust in their customers, they need to effectively assess risks. KYC programs, along with Politically Exposed Persons (PEPs) and Sanctions screenings, demonstrate active risk assessment on the part of exchanges, helping stabilise the market through increased trust and use.
Innovation is an essential element of the cryptocurrency industry; however, new avenues for financial crime emerge as technology evolves.
NFTs are blockchain-based digital assets that are one of a kind. Due to their individuality, they cannot be traded or exchanged at equivalency, so they cannot be used as currency. With the rise of technology, new financial crime opportunities are emerging. NFTs can be used to commit crimes such as selling fake NFTs or posing as the original. Like other assets, NFTs can be used for money laundering. Illegal proceeds are used to purchase legitimate assets and then sold to ‘wash’ the money.
Decentralized finance, commonly known as DeFi, is an application or protocol operating via distributed ledger technology that facilitates financial activities (such as trading, loans, and investments). DeFi allows users to be responsible for managing their funds using smart contracts – a self-executing contract with the terms of the agreement between buyer and seller directly written into lines of code.
DeFi uptake surged over 2021, increasing opportunities for it to be used for criminal activities, such as money laundering. Hacks against DeFi are similarly increasing and made up 76% of major cryptocurrency hacks in 1H21, or $361 million out of $462 million stolen, according to CipherTrace, which states that is up from the $129 million stolen from DeFi protocols in all of 2020.
Staking is how many cryptocurrencies verify their transactions. Users can lock their crypto assets for a set period to help support a blockchain’s operation. Staking enables an individual to earn more digital currency over time, either because of network fees paid by users of the digital currency or by earning rewards, similar to a term deposit or bank account which earns interest.
Individuals can use staking in a completely decentralized manner to legitimately invest and earn profits from their digital currency. Criminals may seek to exploit this method to earn ‘clean’ digital currency while staking illicit digital currency.
As your business grows, building a global onboarding solution can introduce significant upfront and ongoing costs. Our single global integration means you can scale easier while minimising operational complexity and development resources. You can verify customers from new countries using our low-code setup through the initial integration.
Legacy onboarding solutions struggle to meet increasing customer expectations for minimal friction, leading to higher drop-off rates and lost revenue. Data Zoo replaces these slow, manual processes with a real-time and automated solution that can verify your customers in less than 2 seconds - eliminating the need for you to review verifications manually.
Staying compliant can be challenging, especially as digital businesses are required to meet multi-jurisdictional regulatory requirements. Data Zoo keeps privacy and security at the core of our products, infrastructure and policies. Our ecosystem is certified and adheres to the highest industry standards and regulations around the world.