Monday, February 10, 2025
banner


On June 30, the Financial Action Task Force (FATF) – the global standard setter for anti-money laundering and countering the financing of terrorism (AML/CFT) measures – released a status report on the application of its standards to virtual assets. The release of the report marks three years since the FATF first issued guidance on virtual assets and virtual asset service providers (VASPs) in 2019.

FATF’s report is essential reading for compliance teams in crypto-asset businesses and financial institutions. It offers insight into the FATF’s view of the new priorities facing the crypto sector and regulators globally. Compliance teams that understand these issues can prepare themselves to meet the challenge of upcoming regulatory developments that are likely to impact the crypto space in the coming months.

DeFi: growing cross-stream risks

The main issue FATF highlights in its report is the growth of decentralized finance (DeFi). In updated guidance issued in October 2021, the FATF urged countries to impose AML/CFT requirements on those who have control and influence over DeFi services, such as decentralized exchanges (DEX). This is a priority identified by the FATF in part in response to the rise in DeFi-related crime, as highlighted in Elliptic’s DeFi report.

In its latest report, the FATF notes that the DeFi sector has grown and evolved even in the short eight months that have passed since it released its guidelines last year. According to the FATF, the rapid growth and evolution of the DeFi sector is cause for concern as it could cause the acceleration and spread of risks.

The first of FATF’s concerns is that most DeFi protocols and applications operate outside the regulatory perimeter – despite its call for countries to regulate DeFi. While some regulators have begun to crack down on non-compliant DeFi platforms, most have yet to regulate the space. This is a vulnerability according to the FATF, as it allows criminals the freedom to exploit DeFi services.

Another of FATF’s DeFi concerns is the increasing use of mixing services in the DeFi space that enable money laundering. As Elliptic specifically noted, cybercriminals, including North Korean hackers, are increasingly using DeFi mixing services – like the popular mixer Tornado Cash – in an attempt to cover up their illegal activities.

Third, the FATF highlights the growing risks associated with cross-chain activities in the DeFi space. According to the FATF: “DeFi protocols can be used to perform ‘chain-hopping,’ which can make it difficult to trace transactions.” Chain-hopping refers to the practice of criminals exchanging funds across different cryptoassets in order to hide the trail of their funds. In the DeFi ecosystem , this is achieved through the use of cross-chain bridges, an innovation that allows users to seamlessly move funds across cryptoasset blocks.

As Elliptic’s research highlighted, cross-bridges are becoming an increasingly important part of the criminal ecosystem. Illegal actors – such as ransomware attackers and hackers – can use these services to launder funds through the blockchain. In addition, funds passing through cross-chain bridges are vulnerable to cyber-criminal attack. In the first six months of 2022 alone, cybercriminals stole more than $1 billion in cryptoassets from cross-bridges. Two of the top three cross-chain bridge thefts have even been attributed to North Korea – highlighting the emerging risks of sanctions in the DeFi space.

The FATF’s focus on these issues sends a clear message: illegal activities involving DeFi mixers and cross-bridges will become an area of ​​increasing regulatory focus in the second half of 2022.

To prepare for the increasing focus on DeFi, VASPs and financial institutions should ensure that they utilize blockchain analytics capabilities that can reveal the risks associated with DeFi mixers and cross-chain bridges. Using Elliptic’s transaction screening solutions, regulated businesses can identify high-risk transactions involving these services – enabling them to file suspicious activity reports (SARs) or block prohibited transactions with sanctioned actors.

FAT report

The image above from Elliptic Investigator software illustrates the flow of funds from the Harmony Horizon Cross-chain Bridge hacker’s wallet being sent through multiple Ethereum wallets before passing through the Tornado Cash mixer. The funds were then sent from Tornado Cash to several additional Ethereum addresses. Crypto exchange services that identify incoming transfers from these Ethereum addresses can use Elliptic’s software to identify that the ultimate source of the funds is actually the Harmony Horizon Cross-chain Bridge hack – despite the use of mixers.

Unhosted wallets

Another issue that the FATF addresses in its report is the always controversial issue of unhosted wallets.

In its guidelines, the FATF has highlighted what it considers to be the risk of unhosted wallets; Namely, they allow users to carry out transactions without the presence of a regulated entity that can carry out Know Your Customer (KYC) checks on users.

In a recent public statement, the US Deputy Treasury Secretary named unhosted wallets as a specific illicit financing risk of concern because they allow users to transact outside the regulatory perimeter. The European Union and the UK have also recently put forward proposals to address the risks of unhosted wallets.

The latest FATF report highlights that many other countries are still determining what steps to take to mitigate the risks of hostless wallets. However, the FATF notes that some countries see blockchain analytics as a central part of that effort.

For example, using wallet verification solutions like Elliptic Lens, VASPs can identify unhosted wallets associated with sanctioned parties or other illegal actors. Blockchain analytics enable VASPs to proactively detect and mitigate associated risks.

In anticipation of increasing regulatory scrutiny of unhosted wallets, VASPs should ensure that they have implemented a block analysis solution that can help them identify unhosted wallets that pose high risks of illicit financing.

NFT: painting a picture of rising risk

Like DeFi, non-fungible tokens (NFTs) are another recent crypto innovation where the FATF sees developing risks thanks to the rapid growth of the market.

In particular, the FATF notes the expansion of NFTs into non-financial markets and the growing number of active wallets buying and selling NFTs as elements of segment growth that could shape risk dynamics. In addition, the FATF notes that NFTs pose certain regulatory challenges as they are difficult to classify within legal frameworks. Depending on their use and characteristics, they may be securities, works of art or virtual assets, which may determine the nature of the regulations that should apply. Most countries have not yet clarified their regulatory arrangements for overseeing the NFT market, and this may exacerbate AML/CFT risks.

NFTs can pose a number of financial crime risks. In particular, the bubble markets of NFTs present the risks of fraud, wash trading and manipulation. Elliptic’s research also highlighted how NFT markets can be vulnerable to hacking and theft, and can even pose a risk of sanctions. Elliptic intends to publish further data and insight into the financial crime risks of NFTs in a report to be published soon.

As the FATF and regulators begin to take a closer look at the risks posed by NFTs, compliance teams should ensure they can mitigate the risks of financial crime.

For example, VASPs can use transaction screening solutions such as Elliptic Navigator to identify whether they are processing payments related to NFT fraud and theft. VASP compliance teams can also use multi-currency forensics capabilities such as Elliptic Investigator to perform deep analysis of payments in cryptoassets such as Ethereum related to the illicit use of NFTs to support SAR submissions.

Travel rule: necessary to combat sanctions evasion and ransomware

The FATF report also comes with a stern warning about the Travel Rule – a data-sharing requirement that countries should impose on VASPs under FATF standards. In FATF’s view, the current implementation of the Travel Rules by countries and the private sector is too slow, and further delay poses a significant risk to the international financial system.

According to the report, only 29 of the 98 countries surveyed by the FATF have made the Travel Rule a local requirement for VASPs since the FATF guidelines were published three years ago. Moreover, only eleven countries surveyed by the FATF actively enforce and monitor it.

This lack of urgency on the part of countries discourages compliance by the private sector, despite the availability of travel compliance solutions on the market – a phenomenon known as the ‘sunrise problem’.

The report identifies two areas of risk where the lack of implementation of the global travel rule poses particular risks. One of them refers to compliance with sanctions. The FATF states that “rapid implementation of the FATF Travel Rule is a vital component in supporting effective identification of partners and effective sanctions screening”.

Another risk is ransomware. Since ransomware attackers often monetize the proceeds of their crimes on unregulated exchange services in jurisdictions that have failed to implement FATF standards, improved enforcement of travel rules would – in theory – ensure that VASPs collect additional information about transaction counterparties, which would aid law enforcement.

The report also states that blockchain analytics acts as a complementary and important method to disrupt ransomware. According to the FATF: “Blockchain tools have supported and informed successful enforcement cases, targeted financial sanctions and other actions to disrupt ransomware financing.”

Further oversight by the FATF will prompt countries to accelerate implementation of the Travel Rules, and compliance teams should take steps to ensure they are ready to comply. This should include the use of integrated solutions that combine Travel Rule’s data sharing capabilities with blockchain analytics.

At Elliptic, we’ve partnered with leading travel policy solution providers such as Notabene and Sygna to integrate our blockchain analytics data—which includes information about sanctioned actors, ransomware gangs, and other illicit actors—into your compliance team’s workflows to manage the Rule travel.

A new FATF report points to key issues that will be high on the regulatory agenda in the second half of 2022 and beyond. Cross-chain DeFi, unhosted wallets, NFTs and travel compliance will be major issues for VASP compliance teams. Contact us to learn more about how Elliptic’s enterprise-class blockchain analytics capabilities can help you meet the challenges ahead.

Key takeaways

  • Make sure you have a blockchain analytics capability that allows you to detect and manage the risks of cross DeFi activities as well as DeFi mixers like Tornado Cash. Elliptic’s new Holistic Screening solution provides full capability enabling efficient tracking of cryptoassets across and between all blockchains and assets simultaneously.
  • Use blockchain analytics capabilities to identify unhosted wallets associated with sanctioned actors, ransomware gangs, and other illegal actors.
  • Start implementing a system to detect transactions related to the illegal use of NFTs.
  • Prepare for travel compliance by implementing a travel compliance solution that integrates blockchain analytics capabilities.

Do you find this interesting? Share on your network.



banner
crypto & nft lover

Johnathan DoeCoin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar.

Follow Me

Top Selling Multipurpose WP Theme

Newsletter

banner

Leave a Comment

crypto & nft lover

John DoeCoin

Learn all about cryptocurrency and NFT, we publish news and interesting fauths from the world of crypto.

@2022 u2013 All Right Reserved. Designed and Developed by Evegal.com