The Financial Action Task Force (FATF) recently published a report titled Virtual Assets: Red Flag Indicators of Money Laundering and Terrorist Financing. The report discusses a number of red flag indicators of suspicious virtual asset (VA) activities identified “through more than one hundred case studies collected since 2017 from across the FATF Global Network, literature reviews, and open source research.” The purpose of the report is to help financial institutions (FIs), designated non-financial businesses and professions (DNFBPs), and virtual asset service providers (VASPs) to create a “risk-based approach to their Customer Due Diligence (CDD) requirements.”
The report focuses on the following six categories of red flag indicators: those (1) related to transactions, (2) related to transaction patterns, (3) related to anonymity, (4) about senders or recipients, (5) in the source of funds or wealth, and (6) related to geographical risks.
When discussing red flags relating to transactions, FATF suggests that the size and frequency of transactions can be a good indicator of suspicious activity. For example, making multiple high-value transactions in short succession (i.e. within a 24-hour period) or in a staggered and regular pattern, with no further transactions during a long period afterwards. With regard to transaction patterns, FATF notes that large initial deposits with new users or transactions involving multiple accounts should also raise suspicion.
As to red flag indicators related to anonymity, the report acknowledges that the presence of features allowing for anonymity in a transaction does not – on its own – suggest an illicit transaction. Such features also can be utilized as legitimate methods of securing VAs against theft. Thus, the presence of these indicators relating to anonymity, as with the other red flag indicators, “should be considered in the context of other characteristics about the customer and relationship, or a logical business explanation.”
The report also identifies unusual behaviors of senders or recipients that may be indicative of illicit transactions, such as creating separate accounts under different names, incomplete or insufficient know-your-customer (KYC) information, or discrepancies between IP addresses associated with the customer’s profile and the IP addresses from which transactions are being initiated. Similarly, misuse of VAs relating to criminal activities can be identified by the source of funds or wealth. A few red flag indicators highlighted by FATF in this category are transactions originating from or destined to online gambling services, lack of transparency or insufficient information on the origin and owners of the funds, or funds sourced directly from third-party mixing serves or wallet.
Lastly, the report discusses red flag indicators related to geographical risks. This section of the report discusses how customers moving illicit funds will exploit gaps in the anti-money laundering (AML) and counter-terrorist financing (CFT) regulations by moving their funds to jurisdictions with non-existent or minimal AML/CFT regulations on VAs. These FATF “high risk jurisdictions” were also identified as a concern in a report published by SWIFT (the global provider of secure financial messaging services) titled Follow the Money. The SWIFT report determined that “there is a need to distil and cascade the key findings through [investigations of FATF high risk jurisdictions] across the international financial system.” The SWIFT report focuses on how funds obtained through cyber attacks on financial institutions are laundered, particularly through “money mules” (a subject recently covered by this excellent guest blog). Although the SWIFT report brims with eye-catching visuals and is worth a look on that basis alone, its discussion tends to be descriptive and it lacks the concrete details of the FATF report, which tries to provide specific red flags for assessing transfers today and tomorrow.
FATF concludes its report by noting that while the red flag indicators are useful tools for risk management, the report is not exhaustive and the red flag indicators “are best used when applying other contextual information from domestic law enforcement and public sources.”