Financial Crime Prevention in the Crypto Space
Why addressing fraud and regulatory compliance in crypto is important
The Initial Coin Offering (“ICO”) boom of 2016 and 2017 propagated a diversity of new blockchain based businesses that got off to a supersonic head start, fueled by funds raised through ICOs. Most projects at that time were primarily focused on providing solutions and services powered by the underlying utility of the blockchain networks they were built upon – cryptocurrencies, and as such attracted mainly crypto-native audiences. As the crypto industry matured, most players realised that to move the needle of the adoption curve of cryptocurrencies they had to bridge the gap between crypto based solutions and the traditional financial offerings that the early adopters are familiar with. Even at the recently growing rates of crypto adoption, it is estimated that the crypto market cap is still less than 3% of the global equities market cap and less than 2.5% of the world’s population holds cryptocurrencies. If a mass adoption of cryptocurrencies was to happen, the industry had to cater for a greater inclusivity and what better way to do that than adding fiat rails to crypto-born financial products.
Despite their disruptive nature, crypto companies had to resort to the well known fiat tools and products that the world has been using for centuries. Most centralised crypto exchanges and brokers now offer stored value wallets, payment accounts, prepaid cards, and fiat transfer channels. Bringing fiat currencies in crypto helped enthuse the crypto curious, add new users and increase the AUM of crypto platforms. With the traditional on and off ramps made largely available across the industry the crypto-backed personal finance products gained significant traction and popularity.
This, however, created a whole new universe of challenges and added complexity to the operational setup of the crypto-nascent companies. Suddenly, phrases like regulatory compliance, anti money laundering, counter-financing of terrorism (“AML/ CFT”) monitoring, fraud controls, chargeback disputes, reported fraud and many well known pains from the good old fiat world, have entered the dictionary of the crypto entrepreneur. The more experienced and ambitious players took the long road to obtaining relevant licenses, ranging from traditional securities to electronic money and moving to the more recently created licensing regimes for digital asset providers, which further amplified the importance of having proper compliance and fraud programs to ensure regulatory compliance.
Being pressured to comply with traditional finance requirements in order to tap into the fiat payment options, many crypto firms were quick to grab some of the better advertised or hip fraud and regtech solutions that got in their sight. Operating such solutions, while necessary, is a costly exercise that may break the bank without necessarily catering for all the use cases that a complex crypto business requires to keep their gates safe and products compliant.
How do I know which product fits my business best? Is a “traditional” fiat world fraud prevention solution a good match for a crypto wallet or an exchange? Do I only need this to “tick a box” or does it have any benefits for my business? Is maintaining a fraud prevention program in a crypto different to doing so in traditional finance?
In order to answer these questions we must start by construing the fraud, financial crimes, financial loss, regulatory compliance, and other industry specific risks that crypto companies are facing.
Fraud is a broad subject and appears in any customer interaction point throughout the customer journey. Fraud exposure in the crypto space is amplified by the nature of blockchain transactions – immutable and fast. Crypto based platforms (exchanges, wallets, lending services providers and etc.) that offer fiat on and off ramps face a multitude of fraud risks – payment fraud, card issuing fraud, account fraud, abuse of loyalty programs, trading abuse and more.
Crypto purchases with fiat instruments bear one of the highest risks – stolen credit cards, deposits from accounts of money mules and etc. Crypto customers expect to have their digital assets instantly delivered, especially in times of high market volatility. The acquired crypto assets are quickly utilised for trading and are often moved out of the platform they were initially purchased from, which makes a potential recovery effort complicated.
Financial Crime Risks
Like any stored value or money transfer products, crypto wallets and exchanges have high exposure to different types of financial crime. On top of traditional risks, the anonymity of the sender and the recipient of blockchain based transactions, coupled with the often light KYC regimes maintained by a good number of platforms, creates a fertile ground for money laundering, terrorist financing and tax evasion.
In essence, crypto companies face similar financial crime risks to the ones battled by the traditional financial services, but with a greater exposure due to the above mentioned nature of crypto transactions.
Industry Specific Risks
Crypto businesses often offer attractive loyalty programs, bonuses and reward fueled competitions to attract users and increase trading volumes. The abuse of loyalty programs, competitions, sign up or referral bonuses are a frequent headache for the crypto exchanges. Customers taking advantage of software glitches that may lead to misquoted asset pricing or l even rounding errors are an inherent risk in the crypto space and can often cost a fortune in direct financial losses.
Can crypto firms protect themselves from these risks and what is the best way to do so?
The good news is that fighting financial crimes and fraud has been at the forefront of the financial services industry for decades. The regtech and fraud prevention space offers a myriad of solutions that can cater for the risk mitigation strategies of crypto platforms. Before starting the search for the right solution, however, one must come to a simple, yet fundamental realisation – no matter the use case at hand, be it fraud, AML or regulatory compliance, the underlying data is always the same – user profile and transactional data. To take advantage of this fact you need to look for a solution that is capable of parallel interpretation of the same data for multiple use cases – fraud, account take over and etc.
What kind of solutions are available on the market?
Most solutions were built to cater for particular use cases or industries and are banking on their strong sides relative to the industry they specialise in supporting. Fraud prevention solutions that were specifically designed to service ecommerce and payment processing businesses, for example, may not be a great fit for a crypto exchange as they will have a hard time handling the additional data related to crypto transactions. By design, such solutions can handle well account-based products where balance movements are key to track and use as a critical data point. Ecommerce-centric solutions will fail with the increasing compliance requirements that crypto firms now have, necessitating the use of more than one solution to cater for all your needs.
Solutions that heavily rely on artificial intellect (“AI”) and machine learning (“ML”) without a solid logic engine may also fail to deliver the desired results as they will not be able to deploy the necessary transactional, AML and customer risk assessment matrices. It is likely to expect that the ML and AI frameworks may not fit the entirety of diverse money flows and various financial transactions that exist on crypto exchanges and wallets.
Banking-centric fraud and compliance solutions, ironically, stand a better chance to be of any help, but they carry along a heavy legacy in many aspects. Their integration is complex due to their modularity and it is often aligned with banking standards, which are rigid and outdated. The available solutions that fall in that group rely on receiving data in a pre-set format and may not be able to handle additional blockchain data. Such solutions are often offered “on premise” only, which brings further deployment and ongoing maintenance complexity.
Newcomers to the fraud and compliance solutions space offer universal application and promise data agnosticity but this has to be closely verified during the selection process.
In order to leave our readers with a useful takeaway from this article we’ve compiled a 10-points checklist for selecting the fraud and compliance solution that is right for your business.
- Supported event types and event updates. Look for a solution that can consume any type of events – financial and non-financial transactions of any type, fiat or crypto, all user interactions – account registrations, logins, account updates, and etc.
- Data and use case agnostic. Look beyond the buzzword! Agnostic – make sure that you choose a vendor that can interpret your transactional and user data for multiple use cases and delivers a true omni-channel fraud prevention – transactional AML, user risk, account takeover and etc. Addressing these key risks with a single solution will hugely improve your ROI and will reduce customer friction.
- Data mapping & Data structuring. Make sure your solution of choice can handle your data in your format or with as few modifications as possible – this will keep the integration easy and simple.
- Integration options. Don’t fall victim to the “quick and straightforward” integration promises. Check for different integration options – synchronous, asynchronous or batch mode. For example, storing user profile data within the vendor platform in dynamic lists will simplify the integration effort.
- Multi-layered approach to fraud and compliance. One simple example are card transactions – look for vendors that will allow you to make decisions about risk based 3D Secure application, fraud detection and load balancing based on fraud rates, cost of processing or acceptance rate.
- Scalability & Performance. Market conditions directly impact user activity, resulting in sudden and steep surges in transaction and registration volumes. To handle these volume fluctuations you need a robust solution that can continue to deliver a millisecond response under thousands of transactions per second.
- References, Team & Solution maturity. Do your own due diligence – confirm the vendor legacy and team experience. Do not take name dropping or references to large players in your industry for granted. More than often these mean very little.
- Access to 3rd parties. Find out what third parties are already integrated. How quickly can the vendor add a blockchain intel tool if you insisted? If you use a third party connected to your fraud solution of choice how will the data from selected third parties be received and made available to you? Look for ways to optimize your 3rd party cost through flexible use mechanisms.
- Screening outputs. What level of flexibility is available to generate different decisions on a single transaction? Are you limited to working with score-based alerts? Does the vendor only offer predefined solutions? Can you automate key processes like customer notifications?
- Deployment options. Software-as-a-Service “SaaS” is the popular choice nowadays but depending on the size of your organisation you should not discard premises managed deployment without proper consideration, especially if you enjoy a rapid growth and millions of users.
If the above article triggered some thoughts or brought more questions we at NOTO will be happy to talk! Get in touch and learn how to navigate the complexities of fraud prevention and compliance like a pro.