The very essence of cryptocurrency is its decentralization. It relies on a network of computing power that isn’t shackled by the confines of TradFi, also known as traditional finance. Unfortunately—and perhaps not surprisingly at all—decentralized digital currencies have become a magnet for criminal enterprise, so Anti-Money Laundering (AML) laws have been enacted to combat these billion-dollar issues. The answer is in a constant state of evolution, but the question remains the same: Can AML cryptocurrency laws curtail criminal behavior in such a nebulous system?
What Is Anti-Money Laundering (AML) In Crypto?
Anti-Money Laundering in crypto is a series of checks and confirmations done by exchanges and money transfer entities designed to limit—or even eliminate—criminal activity in crypto trades.
Anti-Money Laundering in crypto is still a relatively new thing, although trading in crypto is not. Back in 2010, when users traded thousands of bitcoins on forums, people immediately saw the lack of trading regulations surrounding it to be a near-perfect ecosystem to launder money. As the value of Bitcoin—and crypto in general—skyrocketed, larger players began seeing the utility of the digital asset.
An obvious analogy would be if you were to walk into a bank and open an account. No information is required other than a name, which you make up. You then deposit a check with no information other than the amount. Then you transfer that check to a different account under a different name, then close your account, and walk away.
Crypto was being traded back in 2010, and it wasn’t until 2019 that any real legislation came into effect in the U.S. to combat the issue, resulting in The Money Laundering and Terrorist Financing Regulations of 2019. This was expanded into the framework we are subject to now: the Anti-Money Laundering Act of 2020.
Some other names for the AML Act of 2020 are:
- Anti-Money Laundering/Combating the Financing of Terrorism
- Anti-Money Laundering/Bank Secrecy Act
Whatever you want to call it, it’s much more robust than the 2019 regs, allowing the Financial Crimes Enforcement Network (FinCEN) a whole slew of actions designed to make crypto wallet owners’ information more transparent and spark red flags when accounts deal with known cryptocurrency mixing services. Without some sort of watchdog, criminals would essentially be able to launder money non-stop and with little-to-no worry of legal consequences.
Governments, understandably, don’t like this.
This particular article will be centered on the AML Act of 2020 and the resultant restrictions, rules, and consequences for non-compliance. There are many more proposed acts and regulations that lawmakers are considering.
Anti-money laundering cryptocurrency measures have lagged far behind the crypto market itself. It becomes more complicated when you consider that cryptocurrency is an international, decentralized financial system. Getting approval at the Federal level is difficult enough, let alone getting foreign nations on board.
The big one was the AML Act of 2020. It is by far the biggest in the States because it allows for the use of the Bank Secrecy Act. The BSA basically forces financial institutions to follow a set of regulations, which is a nice way of saying that any financial institution governed under the act is subject to extreme enforcement by FinCEN.
Any exchange or entity involved in cryptocurrency is required to register with FinCEN, all mixing services are required to comply with the BSA, all suspicious activity must be reported via Suspicious Activity Reports (SARs), and more. Essentially, if you are any kind of entity at all, whether you’re a person or a business, and you deal with cryptocurrency, you must be registered and provide a skeleton key to FinCEN.
A bulleted history of financial regulations as they pertain to crypto:
- 1970: The Bank Secrecy Act is written into law
- 1996: Suspicious Activity Reports (SARs) are standardized across all financial sectors in the U.S.
- 2001: The U.S. Patriot Act is written into law after the events of 9/11
- 2021: The AML Act of 2020 is enacted on January 1
The U.S. Patriot Act not only severely increased the scrutiny both the banking system and the average citizen are subjected to, but it paved the way for more involved surveillance and reporting legislation to be written into law. Without the Patriot Act, the AML Act of 2020 may not have been enacted.
Cryptocurrency Money Laundering Cases
As you can probably guess, there have been some high-profile Bitcoin money laundering, as well as other illegal transactions that triggered AML cryptocurrency enforcement.
- Tornado Cash
- The mixer was sanctioned in 2022 by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). Treasury states that Tornado Cash has laundered over $7 billion USD since 2019, $455 million of which was stolen by a North Korean-backed hacking group. In essence, Tornado Cash was barred from any involvement with or in The United States.
- RenBridge, similar to Tornado Cash, has been linked to hundreds of millions of dollars of laundered cash. $540m, to be exact. The platform became a quick favorite due to its ability to obfuscate the origin of funds by rapidly trading them between coins and exchanges. Chainalysis, a lauded data firm, stated 69% of cryptocurrency funds stolen in 2022 have been linked to thefts on cross-chain bridges.
- Lichtenstein and Morgan
- Ilya Lichtenstein and Heather Morgan—a married couple—were arrested in New York by the Justice Department for the alleged laundering of over $4.5 billion USD. This amount has been tied to the Bitfinex hack that occurred in 2016. For those interested, they were attempting to launder 119,754 bitcoins.
These are just some of the newsworthy cases. There are millions-worth of crypto stolen and laundered every day.
These are just some of the newsworthy cases. There are millions-worth of crypto stolen and laundered every day.
What Are The AML Rules For Crypto?
The AML cryptocurrency regulations are not different from other bank institutions in the sense that since cryptocurrency assets are considered not inherently illegal, they must obey the same AML regulations any other business dealing with legal tender might. Some of those include, but are obviously not limited to:
- Companies must register with FinCEN. Failure to do so could result in hefty penalties, a la the $100m levied on BitMEX in 2021.
- All staff must undergo AML training. Failure to do so will result in, again, extreme financial penalties and, more like than not, sanctions of the business.
- Know Your Customer (KYC) regs are to be followed to the T. These procedures were developed in order to first identify who the customer is and the second is to verify that the specific customer is real. It also weeds out known criminals or those operating as agents of larger organizations.
- Compliance officers are required (read: fall guy).
- AML programs must be independently tested once per year.
- Fills out SARs.
- And many more regulations. They are all based on identifying customers, keeping records of suspicious activity or customers, cracking down on potential illicit transactions, and recovering stolen funds.
AML Cryptocurrency Laws
Crypto laws become interesting—and convoluted—once you consider the lack of a centralized network. In fact, this is probably the reason legislation has been so slow catching up to crypto crime.
In the U.S., not only does Federal legislation need to be passed, but individual states are able to exercise their own authority regarding laundering that occurs within that state’s borders. As you can imagine, this makes jurisdiction confusing.
The most important AML crypto laws in the U.S. were set in place by the Anti-Money Laundering Act of 2020. In late 2022, Biden’s administration released a framework to expand the Act and hopefully tackle more crypto crime. It includes updates like:
- Recognizing the potential benefits of a U.S. Central Bank Digital Currency
- Reiterates that the SEC and other agencies aggressively pursue unlawful practices
- Increase public awareness of digital asset cybercrime
- Increased scrutiny of instant payment systems
- Increased data collection requirements for digital wallets
- Back programs that make digital asset ecosystems more accessible to the average person
- Develop new methods of recognizing and anticipating crypto crime
The two states with the most crypto movement—and GDP—are New York and California. In New York, jurisdiction falls under the Department of Financial Services, requiring a license called BitLicense to manage commercial crypto transfers, sales, purchases, or issuances. In Cali, this is handled by the Department of Financial Protection. A pretty sweet breakdown of crypto laws by state can be found here.
Cryptocurrency AML strategies depend mostly on monitoring and tracking the activity of exchanges, not individuals. Since exchanges can be based anywhere in the world and still attract international clientele, it is important for international agencies to develop a consistent framework to tackle bitcoin and alternative coin laundering.
Some laws around the world include:
- Canada: Proceeds of Crime and Terrorist Financing Act (PCMLTFA). Very similar to the U.S. rules and regulations regarding the exchanges’ responsibility for training staff, reporting suspicious behavior, and developing transparency with anti-fraud judicial bodies.
- China: Exchanges are straight-up illegal, as is mining crypto and even owning crypto itself. Like many things in China, people attempt to work around these bans using powerful VPS and zombie systems.
- European Union: The EU has a body called the Fifth Anti-Money Laundering Directive (5AMLD). This organization is actually similar to the AML/CFT laws in the States. It requires KYC on customers, their version of SARs, and adding cybercrime to the list of cybercrime predicate offenses. The Markets in Crypto-assets (MiCA) legislation was greenlit in 2023 and purports to increase consumer protection by enhancing crypto-tracing methods.
- The United Kingdom: Crypto exchanges are legal in the UK but are subject to the same level of reporting and monitoring as in other countries. Exchanges are required to report and register with the Financial Conduct Authority (FCA) and are expected to follow the same AML guidelines as other countries using the same legal framework.
In no surprise to anyone, countries appear to be finding it difficult to balance their dedication to cryptocurrency risks with their desire for cryptocurrency-based transactional tax revenues. Along with almost all the regulatory framework researched for this article was accompanied by tax-incentivized proposals. This is important because tax evasion is a hot topic among governments and further complicates international cooperation regarding money laundering legislation.
AML Cryptocurrency Risks For Non-Compliance
Jail. I mean, if you’re an individual, jail for sure. However, most of the AML non-compliance comes from a company or exchange, so oftentimes there is not a single individual to be held responsible. Even if a company appoints an AML compliance officer, it doesn’t necessarily mean anyone else in the company categorically cannot violate AML guidelines.
In this case, the government has no issue levying fines against the business. Sometimes an individual is held responsible—such as in the Lichtenstein and Morgan case above—but more often than not, the business is held responsible for the activities on its platform. The Tornado Cash example above illustrates this well enough for even an ape to understand. If fines aren’t met, or AML issues are not fixed, the company is sanctioned.
Cryptocurrency And Money Laundering
Governments are realizing they fell behind in keeping up with crypto crime. AML regulations related to crypto exchanges and mixing services have helped unearth some serious criminal enterprises. These developments have shown lawmakers and those responsible for following those laws that more measures are required to combat cybercrime. Expect an increase in the frequency of changes in crypto regulation moving forward.