Being an AML Detective in the Crypto World Part II

Being an AML Detective in the Crypto World Part II

We left off last time discussing the basics and background of money laundering, the types, schemes (etc). Now it’s time to start digging into the regulatory weeds. It’s really important to understand the foundational elements and then build upon them with staying on top of the news for changes. This is not like learning a bike. You can’t put it down for 6 months and then pick it up again and be an expert. Do you want to be an AML detective?

Let’s start by discussing the AML risks with cryptocurrency…

Cryptocurrencies are known for transactions that are conducted between two different individuals or entities. This keeps certain institutions and authorities (domestic and global) out of the way. This allows people to be free and clear to conduct their transactions as they wish

Criminals know that this information and they try to use cryptocurrency to send illegally gotten gains across the globe. As AML detectives, we have to understand the differences between using cryptocurrencies and traditional finance. They are different.

From the internal side, we can conduct the typical KYC process, monitoring and leveraging other tools to try and identify the criminal elements and stop them in their tracks. But who oversees from a regulatory perspective? We need to look at the Financial Action Task Force (FATF) – the global money laundering and terrorist financing watchdog.

The FATF conducts a lot of research in virtual currencies to understand the current environment. They know that this new class of assets poses risks to everyone involved, even the criminal element. Based on the risks to the financial system, the FATF came out with a report that lists the most relevant risks. They include:

  • The anonymity offered by virtual assets on the internet.
  • The limited scope of the user verification and identification process.
  • Gaps in understanding, supervising, enforcing, and complying with the AML/CFT standards for cross-border. cryptocurrency transactions.
  • The absence of a body to oversee and ensure compliance.

This is list addresses some of the concerns and risks with cryptocurrencies, but there are more of course. Let’s now examine the type of AML red flags that can be present.

AML Red Flags

As AML detectives, we need to identify the red flags that I’ve learned in life not to make assumptions. If you break it down it means to make an ass out of you and me! So with that out of the way, let’s define what is a red flag? I like this definition courtesy of BitAML:

Red flags are hypothetical scenarios that could indicate suspicious activity in transactions. Basically, they are a series of thresholds that tell you “if a transaction looks like this, it might be suspicious.”

Since red flags enable you to identify potentially illicit activity, they will form the basis of your surveillance and monitoring policy. A strong policy will include the red flags unique to your institution in detail, giving your employees a list to refer to as they monitor transactions.

Essentially, if something doesn’t seem right or smell right, that needs to be investigated. As an AML Detective, it is our duty and responsibility to look into anything that doesn’t pass the smell test. And if an investigation is needed, then the proper escalation needs to occur. The risks for not investigating pose the firm to legal, financial, reputational, and other types of risk. I wouldn’t want that on my head if something needed to be researched didn’t occur.

Crypto laundering mimics similar steps to cash money laundering which are firstly Placement, then Layering and finally Integration


Firstly criminals convert cash into cryptocurrency.


To layer the cryptocurrency and make it difficult to trace, it is channeled between wallets or through “tumbling/mixing services”.


The illegal cryptocurrencies are then converted back to cash or are used to purchase goods or services.

In order to identify reg flags, we need to be as educated as possible. Luckily, the FATF provides us with a lot of details based on the research they conduct. To reiterate, the FATF combats money laundering on an international stage. Why am I bringing this up now? Because the FATF published money laundering red flag indicator guidelines to provide cryptocurrency exchanges with detailed information for minimizing crypto-related AML risks

We also must look at other issues in catching these criminal elements and determining potential red flags. The real issue is how they protect their investments

Criminals who use crypto wallets make it almost impossible for anyone, particularly a regulator, to access or move those funds without the wallet’s private key. A lot of investors use hardware wallets to protect their investments from theft or access by regulators.

With any type of criminal, in particular Money launderers, they attempt to find loopholes by moving their funds to platforms in other jurisdictions, where AML compliance isn’t as enforced as other jurisdictions. So, we need to look at the particulars in determining whether there is a red flag or if the person is a legitimate person who uses a cryptocurrency account for investment purposes.

Here are four prevalent money laundering schemes that can be found in the crypto industry today.

  1. 1. Tumbling/Mixing Services: In this scheme, a service is offered to criminals whereby they are allowed to mix suspicious cryptocurrency funds with other funds, making the illegal coin trail hard to trace by auditors.
  2. 2. Unregulated Exchanges: To avoid coming into the spotlight while cleaning their dirty funds, criminals often opt to transact through unregulated cryptocurrency exchanges. Such platforms have inadequate AML procedures in place, making it easy for money launderers to cover their tracks. Without any transaction monitoring or background screening process, illegal funds are left unnoticed. This scheme was used in 2018 during the famous 2018 Coincheck money laundering scandal.
  3. 3. Online Casinos: Laundering cryptocurrency through an online casino is a fairly simple scheme. Criminals place their bets through stolen coins. Once the game is finished, the winning coins are withdrawn and changed for real money. While this does not allow them to launder huge amounts, legitimate money is received in the end.
  4. 4. Money Mules: Fraudsters often recruit money mules, i.e. individuals with clean transaction history, to launder illicitly earned cryptocurrencies. In some cases, criminals use Ponzi schemes to collect bitcoins from victims and money mules transfer the coins between accounts to hide the source of the illegal coins. According to Europol, 90% of all money mule transactions in Europe are connected to cybercrimes.

So, if we are looking for red flags, yes, we have to look at their transactions, other activities, but also have to look at their residence, nationality, and occupation. When we put this all together, we are essentially building a case to determine whether the situation is a red flag or not. As AML detectives, we can’t let the simplest little item during our research to pass without investigation. Remember, we are detectives and as such, we need to look at everything. If we don’t, think of the consequences of our actions or inactions.

To stay clear of money laundering and similar financial crimes, cryptocurrency exchanges must have adequate AML checks and KYC procedures in place. These practices have not only been endorsed by global regulatory authorities but have shown encouraging results in the real world as well. As cryptocurrency adoption is showing no signs of slowing down, firms must invest in the right AML solutions to streamline compliance and fraud detection processes.

Hopefully, this provides you with a taste of what to look for, how to look for it, and what to consider during your research. As AML detectives, we need to educate ourselves to understand the types of red flags, where they originate from, and what to do about them. Good luck!!