The Art of Operational High Risk Management in Crypto: How to Mitigate Risk and Keep Safe

The Art of Operational High Risk Management in Crypto: How to Mitigate Risk and Keep Safe

Welcome to AMLBot Stream Podcast Episode 1! One of the most asked questions we receive from our clients at AMLBot is, "What are the best ways to mitigate high-risk to keep us safe?" Today, Graeme Hampton, (Anti Money Laundering Advisor at AMLbot and Co-Chair with the International Association for Trusted Blockchain Applications) podcast host speaks with the objective to understand Risk Assessment, with a specific focus on high-risk.

You can listen or subscribe now on Apple Podcast, Spotify, Audible or Youtube. Continue reading for a comprehensive preview of episode 01.

To address this question comprehensively we'll delve into various typologies, provide illustrative examples, share best practices, and offer actionable insights aimed at fostering a secure environment. 

Graeme showcases the importance of understanding and mitigating high-risk factors to ensure safety within financial systems and prevent criminal activities like money laundering. 

Graeme covers various aspects of risk management, including setting risk appetite, identifying prohibited business activities, complying with regulatory standards such as the EU's 6th AML Directive, and implementing transaction monitoring procedures. 

He also highlights the assessment of inherent and residual risks, high-risk industries, jurisdictional risks, and the importance of transaction monitoring in detecting suspicious activities. Overall, Graeme provides a comprehensive overview of risk assessment methodologies and best practices to combat financial crime.

Detailed episode timeline by minute 

0 - Introduction to Risk Assessment and High Risk Management

2 - Compliance with Anti-Money Laundering Directives

4 - Prohibited Business Activities

5:30 - Inherent and Residual Risk

7:40 - Customized Business Model for Risk Mitigation

9:30 - High Risk Industries and Transactions

11:30 - Managing High-Risk Customers

13 - Requirements for Customer Onboarding and Monitoring

15 - Transaction Monitoring and Suspicious Activity Reports



Today’s topic is Risk Assessment with a main focus on high risk, which is the most important aspect, I’ll explain why. One of the most asked questions we receive from our clients is, 

"What are the best ways to mitigate high-risk to keep us safe?"

To support the need I’ll share some typologies, examples, best practices and how to stay safe.

I’ll start with a quick overview of a tone from the top. 

Where does the risk management start? 

An Entity’s risk appetite is set annually by the Board of Directors to align risk-taking with the business requirements.

The Board of Directors and the CEO are key in implementing the risk appetite. They also monitor adherence to the regulator, if regulated, and make necessary changes to the operations and risk profile. 

The objective is to understand the entity’s risk-bearing capacity, risk appetite, risk limits and risk profile.

However, firstly it’s very important to eliminate (Prohibited Business) which are Shell banks, shell companies, Bearer shares, sanctioned SDN targets, local secondary sanctions lists, and Blacklisted countries. 

In addition, there are the global standards which are set by FATF, however, as I’m based in the EU, I’ll use the 6th AMLD as an example.

The EU 6th AML Directives define 22 predicate offences, the basic crimes that generate the funds that then need to be laundered. 

A Company would adopt zero tolerance, to interact, or to be related in any way to the 22 predicate offences. 

It is important to watch criminal behaviour during onboarding, ongoing Customer Due Diligence and Transaction Monitoring.

I strongly recommend looking at the list of the offences on the EU website, just type in ‘the EU 6AMLD 22 predicate offences and remember that these are prohibited within your organisation.

To follow I’ll share some of  Transaction Monitoring related to Predicate Offences, but not all of them, I’ve selected the common types that we see on blockchain monitoring and investigations.

I’ll start with Ponzi Schemes - A form of fraud in which a belief in the success of a non-existent enterprise is fostered by the payment of quick returns to the first investors from money invested by later investors.

An example is Jetcoin. The Offence is Fraud, Insider trading, and Market Manipulation - AML action is Forbidden.

Ransomware - A type of malicious software from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. An example is WannaCry 2.0. The Offence is Cybercrime - it’s Forbidden.

Terrorist Organisation: An organisation involved in terrorism or related activity. For example, in ISIS the Offence is Terrorism, Forbidden.

Theft- Recipient of stolen funds. An example is the Stolen Coin Secure Funds. The Offence is Robbery & theft, Trafficking in stolen goods. AML Action is Forbidden.

The Risk factor - OFAC Sanctioned Entity, an entity sanctioned by the Office of Foreign Assets Control (OFAC).

The Offence - approving transactions with targeted foreign countries or citizens such as Russia, Iran, and North Korea, which bring a risk to national security. - aml action is Forbidden.

There are many Dark Market types, Centralised and Decentralised.

Dark Forums - (A TOR-only) accessible online discussion forum. An example is DNM Avengers. The Offence is Illicit trafficking in narcotics and psychotropic substances, Illegal arms trafficking, Trafficking in stolen goods - AML action is Forbidden.

There are Dark Vendor Shops and Dark Service, illicit services, including hacking, wallets, and web hosting services. An example is Pin Pays, the Offence is Fraud and Cybercrime - AML action is Forbidden.

So, here we can see Money laundering is a serious crime that undermines the integrity of financial systems and enables other criminal activities to thrive. 

A predicate offence is a criminal activity that generates proceeds that can be laundered. The directive applies to a wide range of entities, including virtual asset service providers. 

There are a range of punishments, for acts like wilful blindness, aiding and abetting etc...

The senior management could be exposed to large fines of up to €400k, and in some cases, prison services can be served.

So now I’ve highlighted prohibited, I’ll share high-risk business.

I’ll start with:

Identification of Inherent & Residual Risk:

The Inherent Risk is defined as the pre-existing money laundering related Risk that is associated with specific Risk factors, such as products and services, before the introduction of measures to mitigate that Risk. 

Residual Risk is defined as the money laundering related risk that remains after the mitigation of specific risk factors. 

I’ll break the Inherent Risks, into two steps.

Firstly, Business Based Risk Assessment: The Products, services and delivery channels. 

The jurisdiction in which the Company operates; New and developing technologies.

Secondly, the Relationship Based Risk Assessment:

Products, services and delivery channels used by customers; Jurisdiction in which customers operate or do business; and customer activities and transaction patterns, etc. 

The Inherent and Residual Risk rating is described by calculating the average of the Risk scores for each category.

Here’s an example: 

The Company facilitates the exchange of virtual currency for individuals and legal entities. Virtual currency exchange is a method traditionally used to disguise the proceeds of crime and is considered inherently high-risk for Money Laundering. 

Virtual currency exchanges are used in the placement and layering stages of money laundering. 

Virtual currency-based transactions provide an enhanced level of anonymity below record-keeping and reporting threshold amounts. Hence, it is frequently used in the commission of the previously mentioned, predicate offences such as illicit drug trafficking and arms smuggling. 

The Company applies a customised Business Model to mitigate the Risks. 

50% of the customers are buying Virtual Currency using the FIAT which is deposited via SEPA and SWIFT transfer. That enables the Company to see that the funds belong to the particular customer and makes the audit trail visible. The Company follows customer identification, monitoring and reporting standards set by the Regulator to ensure its products and services will not be used to launder money or fund Terrorism, and to help mitigate Operational, Financial and Reputational Risk. 

50% of virtual currency deposits for the transactions are checked by AMLBot to make sure it does not include illicit funds and the AML team to identify the fund’s legitimacy. Customers can deposit a certain amount of money in the currency or coin that the Company supports to their account and consequently use the balance to trade and then withdraw its currency or coins.

A Customer questionnaire is to establish a Risk Rating, the categories are High, Medium and Low.

I’ll walk you through a customer risk rating, a system that can typically calculate a risk score:

Offering let’s say, 10 questions to determine the customer’s risk, such as, "Are you a PEP?" Yes or No

6 questions to determine Geographical risks, such as Citizenship, residency etc..

Transaction Risk Rating Lists the Products and Channels available - Crypto is a high score by default.

Transaction Profiling… Expected monthly credit and debit amount. Expected monthly credit and debit count. So, How much and how many?

The definition of high-risk. The Risk is likely to happen, they’re unacceptable risks, unless appropriately mitigated with controls in place. Also any issues has been rectified and signed off by the Compliance Officer.

I’ll tap in a bit further. For example,

Corporate Accounts - can be a High-Risk, based on Monthly Transaction Thresholds

  • Low:       € 1 to € 250 000
  • Medium: € 250 000 to € 800 000
  • High:      € 800 000 and up
  • High-Risk Industries

Customers’ occupation or nature of principal business. 

The Company should maintain a list of industries and business types that are High Risk, as well as restricted business types with whom we will not establish a business relationship, that are employed in High-Risk or restricted industries. 

If the client’s industry does not appear on the following list, the client’s occupation can be a low Risk. 

  • MSB/ Money Transmitter/Payment Services
  • Online Gaming and fantasy sports websites
  • Import/export companies
  • Precious Metals and Stone Dealers
  • Construction industry
  • Cash Intensive businesses: restaurants etc. 
  • Jewellery/wholesalers
  • High-value Art dealers
  • Luxury vehicle industry (cars, boats, motorcycles)
  • Charity, non-profit organizations
  • Oil and gas industry
  • Weapons industry

Jurisdictional Risk: Geography of the customers transactions. 

The Company bases its jurisdictional Risk assessment on the country Risk assessment prepared by the United Nations, European Union (EU) and national Government and assesses the geographic Risk of each client according to the Risk that has been assigned to the countries that the client transacts with. 

Risk Calculator contains the country’s Risk rating and the methodology for determining that rating. The Company will not establish or maintain a relationship with clients that reside or send funds to countries that have been designated through a ministerial directive. 

Countries that are targeted by EU, UN and national sanctions, or, have been identified as High-Risk by the Financial Action Task Force (FATF). 

Suspicious transactions filing: Upon filing a suspicious transaction report on a client, management will review the client’s historical activity, to determine whether the client relationship should be maintained. However, The Company will keep a record documenting the rationale for this decision. 

Managing High-Risk customers:  ‘Politically Exposed Persons’ and high-risk transactions are identified and will require EDD. In cases where high Risks are identified, additional information is mandatory. All high-risk relationships would need to be approved by the Compliance Officer before onboarding. 

Pre-defined questions to satisfy the suspicion are required to continue. RFIs and cooperation from the customer are required for the following:

  • The Client is PEP.
  • They exceeded monthly limits.
  • Transactions with a High-Risk jurisdiction.
  • High-risk occupation or operates in a high-risk industry.
  • Complex ownership structures.
  • Inquiry from law enforcement.
  • Information for SAR filing.

Transaction Monitoring:

Real-time processing of crypto transactions that generate alerts for suspicious transactions is vital, a transaction from or to a high-risk address requires escalation with the following procedures. AMLBot software tools support continuous monitoring of the transactions to detect anomalies and suspicious trends in customer activities and promptly flag them. 

The power of alerts allows more time for the compliance team to focus on genuine suspicious warnings.

Specific Red Flags that are associated with virtual currency transactions. For example. A customer conducts transactions with cryptocurrency addresses that have been linked to darknet marketplaces or other illicit activity; A customer’s cryptocurrency address appears on public forums associated with illegal activity; A customer’s transactions are initiated from IP addresses associated with Tor; 

AMLBot indicates that the wallet transferring cryptocurrency to the exchange has a suspicious source or sources of funds, such as a darknet marketplace.

If during online or off-line transaction monitoring, suspicious activity patterns are identified, an internal investigation must be initiated, in the case a transaction being sent, the transaction is stopped. The results of the investigation are sent to the MLRO with the name of which suspicious activity has been identified.

Escalation & Suspicious Activity

The MLRO is responsible for submitting Suspicious Activity Reports (SAR) countries are different, for example, Lithuania is within 3 business hours, and Estonia is within 48 hours after the internal investigation confirms that a customer’s activity is suspicious.

A SAR is prepared per regulation requirements, provided by the FIU in question.

It is a criminal offence for anyone working in the Company following an escalation of a SAR, to do, or, say anything that might “tip off” to the customer that a disclosure has been made. 

If a SAR has been filed, careful steps must be taken while communicating with the customer and additional advice should be taken from the MLRO to not accidentally disclose investigative actions to the customer.

That concludes our AMLBot STREAM. 

Thank you for listening, and remember, by harnessing the power of AMLBot you can experience the highest-quality blockchain insights with the best data that is also affordable. 

This website may include links to third-party sites beyond AMLBot's control. AMLBot neither endorses nor recommends these sites or their operators. Our podcasts offer informational content only and do not constitute legal, tax, financial, or investment advice. Listeners should seek advice from their own advisors before acting on any information provided. AMLBot cannot guarantee the accuracy or completeness of podcast content and will not be liable for any errors or inaccuracies. References to specific products or entities do not imply endorsement by AMLBot. Guest opinions are their own and do not necessarily reflect AMLBot's views. Opinions expressed by AMLBot employees are personal and not necessarily endorsed by the company.