Compliance at the forefront of cryptocurrency
Even as financial institutions begin to tap on the potential of cryptocurrency, complexities surrounding digital assets and the industry as a whole have hampered widespread adoption. Some common pain points faced by financial institutions that contribute to the resistance to cryptocurrency adoption include:
- Misuse of cryptocurrency to launder money, finance terrorism, and carry out fraud, among other financial crimes
- Lack of consumer protection
- Cybersecurity vulnerabilities
Why the need to maintain a high level of compliance standards?
To raise confidence and trust and drive active participation among financial institutions, entities dealing with cryptocurrencies should endeavor to lay out comprehensive and robust Anti-Money Laundering (AML)/Combating the Financing of Terrorism (CFT) controls to manage risks. From heightened security measures to complying with local laws, a good balance of innovation and regulation can aid in addressing institutional frustrations and misconceptions about cryptocurrency.
Managing regulatory compliance has become increasingly important for cryptocurrency companies due to the inherent high-risk nature of digital assets. To ensure they operate with integrity, there is a shift toward adopting compliance best practices amongst them.
These stringent measures can offer financial institutions the assurance that their assets are in good hands. At the same time, these measures serve to build a positive reputation and raise the standards of cryptocurrency companies in Singapore.
Also read: Why should financial institutions engage a digital assets partner?
Going Beyond Customer Due Diligence
Customer Due Diligence is one of the measures Digital Payment Token Service (DPT) providers in Singapore must undertake to prevent money laundering and the financing of terrorism. Given the inherently high risk of Money Laundering (ML) and Financing of Terrorism (FT) that cryptocurrencies pose, effective Customer Due Diligence is essential from client onboarding. Here’s why:
The unique features of blockchain technology may be manipulated to carry out illicit activities in the following ways:
- Pseudonymity: Individuals use a fictitious name to maintain their privacy or disguise their identity.
- Near-instantaneous value transfer: Cryptocurrency transactions take place at a lightning speed, bypassing organizations’ scrutiny.
- Cross-border transactions: International payments between businesses and individuals can take place more efficiently than passing through a network of banks.
Presenting heightened ML and FT risks, a robust compliance framework that detects and deters such issues is integral to protecting the safety and soundness of the cryptocurrency ecosystem.
With comprehensive controls and procedures in place, financial institutions can still reap the benefits of the new asset class and meet customers’ demands with bespoke solutions.
Risk categorizing encompasses a holistic and comprehensive approach
Before establishing a relationship with clients, cryptocurrency companies in Singapore leverage Know Your Customer (KYC) processes to identify and verify the identities of clients during the establishment of business relationships and on an ongoing basis.
During KYC, data gathered from a variety of sources such as government-issued identification documents and third-party issued documents (e.g. utility bills and bank statements) are assessed to establish the client’s identity.
Traditionally, this step involved face-to-face contact between financial institutions and prospective clients to establish relationships in person. Aided by modern technology, the process is now enhanced with an online identity verification (such as Jumio) that uses biometric maps to match a human face from a digital image, on top of manual inspections from trained professionals.
Additionally, the cryptocurrency company will perform a name screening process by utilizing a third-party platform such as Refinitiv World Check to identify if individuals, legal entities, and their connected parties are Politically Exposed Persons (PEP) or have any adverse media exposure. Those who appear on such lists are categorized as high-risk and will require further evaluation to review their profile and associated risk from a holistic view.
How does the cryptocurrency company conduct a further risk analysis of such clients? By obtaining supporting documents, analyzing the source of fund/wealth, and clarifying the purpose and intended nature of the business relationship.
Clients who appear to be criminals, terrorists, sanctioned individuals, and those working in prohibited industries will be declined.
Stringent KYC processes to onboard clients
As a financial institution that intends to partner with cryptocurrency companies in Singapore to break ground on cryptocurrency activities, it is crucial to understand the importance of stringent procedures governing the DPT sector to:
- Reduce the risk of onboarding clients who may be involved in criminal activities such as money laundering, financing of terrorism, or fraud. → Avoid negative association with an organization that has a questionable reputation and is embroiled with non-compliance penalties.
- Understand clients and their financial dealings more thoroughly to establish authentic business relationships. → Creates trust amid an escalation of cryptocurrency-related crime.
Why do digital asset companies emphasize a client’s risk category?
The risk categorizing process requires cryptocurrency companies to assess and then assign each client a risk category. It comprises two fundamental elements: a form that collects all the data designated as critical to the risk assessment, and a framework that assigns a risk score of a low, medium, or high.
Dealing with virtual currencies presents several challenges: streams of cross-border activities, lack of transparency on asset distribution and issuance, and large transaction activities. As such, the client’s risk category is actively customized to address loopholes that threaten to undermine the integrity of the cryptocurrency ecosystem. The client’s risk category can essentially:
- Set monitoring levels appropriate to the risk category of the client in real-time
- Reduce the likelihood of establishing business relationships with high-risk prospects who may be involved in criminal activities
- Adjust the frequency of client account reviews according to their risk category
- Process multiple sources of information to review client accounts quickly and efficiently
Good compliance practice goes beyond onboarding
After a client is successfully onboarded and begins trading activities, ongoing monitoring of business relationships — a principal pillar of customer due diligence — commences. This continuous process seeks to detect suspicious activities that can be a precursor of ML, FT, and other financial crimes.
Some examples of suspicious transactions include:
- Frequent residential/ business address changes
- Frequent addition/ removal of private wallet address
- Incorporation of companies or trusts with no perceivable business purpose
- Large lump-sum international payments to/from high-risk countries
- Large transactions exchanged between two unrelated parties
- Large volume assets traded that do not correlate with the customer’s past transaction pattern
To ensure consistency and continuity, many cryptocurrency companies will monitor client transactions and flag anomalous activities. Thereafter, a compliance specialist will cease the transaction immediately and investigate it to determine if the alert is a true hit or a false positive. If it is a true hit, a Suspicious Transaction Report (STR) with the relevant authorities will be filed.
Reliable digital assets partner conducts ongoing monitoring
Monitoring does not stop there and carries on in the form of periodic account reviews to routinely refresh and update the client’s profile. The objectives:
- Update a client’s risk category to reflect recent business activities, transactions, geographic changes, and PEP and sanctions database updates
- Determine whether clients’ activities are consistent with the risk category assigned during onboarding and identify any inconsistent behavior
The frequency of ongoing monitoring is often determined by the risk category of the client during the onboarding stage. High-risk clients will be subject to reviews on a more regular basis while low-risk clients need not undergo them as frequently.
Additionally, daily name screenings are conducted to ensure clients and their connected parties are screened against updated sources of information which reflect the latest developments from media searches, law enforcement lists, and government records. This step of the process is automated with systems such as Refinitiv World Check to build more robust risk categories and reduce human errors.
How to evaluate a digital asset partner with an exceptional compliance framework
With an overview of standard due diligence processes conducted by cryptocurrency companies in Singapore to protect all stakeholders within the industry, let us take a look at what sets an exceptional firm apart from a mediocre one. Here are some important factors to consider as a financial institution engaging a digital assets partner:
- Prioritizes customer experience throughout every touchpoint and not only during the onboarding process
- Handles confidential and sensitive client information with discretion
- Establishes sustainable, scalable, and adaptable processes
- Has a team of compliance professionals who are ready to walk clients through every step of the process
- Updates processes to increase efficiency while adhering to dynamic regulatory requirements
- Simplifies and smoothens the due diligence journey with advanced technology and systems
- Single point-of-contact to create a streamlined and frustration-free experience for clients without compromising critical compliance processes
- Listens to client feedback to improve processes and user experience
- Maintains a strong relationship with relevant authorities
Compliance is at the heart of Sparrow’s responsibilities towards our institutional clients
Sparrow seeks to solidify our position as a credible partner that practices due diligence to create a secure environment for cryptocurrency activities. With a robust risk-based framework that covers onboarding to a client’s life cycle with us, we play our part in contributing to a reliable system of cryptocurrency flow.
We pay attention to client touchpoints to remove any compliance-related friction to enhance the user experience. All this is achieved through a dedicated team of professionals who guide financial institutions and wealth managers at every stage of the process. Speak to our digital assets specialist team today to find out how we can help you achieve the desired growth objectives whilst not compromising on onboarding experience and regulatory compliance requirements.
Risk Warning on Digital Payment Token Services:
The Monetary Authority of Singapore (MAS) requires us to provide this risk warning to you as a customer of a Digital Payment Token (DPT) service provider. Before you pay your DPT service provider any money or DPT, you should be aware of the following.
1.Your DPT service provider is licensed by MAS to provide DPT services. Please note that this does not mean you will be able to recover all the money or DPTs you paid to your DPT service provider if your DPT service provider’s business fails.
2.You should not transact in the DPT if you are not familiar with this DPT. This includes how the DPT is created, and how the DPT you intend to transact is transferred or held by your DPT service provider.
3.You should be aware that the value of DPTs may fluctuate greatly. You should buy DPTs only if you are prepared to accept the risk of losing all of the money you put into such tokens.
4.You should be aware that your DPT service provider, as part of its licence to provide DPT services, may offer services related to DPTs which are promoted as having a stable value, commonly known as “stablecoin”.
The information provided here is for informational purposes only and is not to be construed as a recommendation or advice to any prospective investor in relation to any legal, tax, financial investment or any other matters. You should consult with an attorney or other professional advisors to determine what may be best for your individual needs.
Sparrow Tech Private Limited (“Sparrow”) does not make any guarantee or other promise as to any results that may be obtained from using our content. In making any decisions regarding our content, prospective users should first consult his or her own financial advisor and rely on their own examination of the terms of the offering, including the merits and risks of investing in the relevant products.
To the maximum extent permitted by law, Sparrow shall not be liable in the event of any information, commentary, analysis, opinions, advice and/or recommendations proving to be inaccurate, incomplete or unreliable, or result in any decisions regarding our content or other losses.
Content contained on or made available through any of our communication channels is not intended to and does not constitute legal advice or investment advice and no attorney-client relationship is formed. Your use of the information on any of our communication channels is at your own risk.
I hereby acknowledge that I have read and understand the contents of the Risk Warning and Disclaimer and I accept and agree with all the terms stated therein.