June 29, 2022
As regulators and policymakers around the globe continue to debate and discuss, cryptocurrency businesses and financial institutions must work to ensure that they are skating toward where the regulatory puck is headed. This means building robust compliance frameworks to mitigate the risks of fraud and financial crime.
On June 23, TRM’s Ari Redbord spoke to an all-star crypto compliance panel to discuss today's key issues and challenges for compliance teams in the digital asset space. Panelists included Alfarida Mohammed, Senior Vice President of Compliance at FTX.US; Brandi Reynolds, Managing Director of the Bates Group; Jamal El-Hindi, Counsel at Clifford Chance and former Deputy Director of FinCEN; and Thomas Armstrong, Compliance Advisory at TRM and former Head of Financial Crime Compliance Digital Assets at Goldman Sachs.
It was an in-depth discussion on what businesses and financial institutions should consider when adopting and managing their AML crypto compliance program in order to meet evolving regulatory obligations. Here are a few key takeaways:
Institutions must focus on the basics first
Jamal El-Hindi explained companies and firms need to start with the fundamentals and take time, “assessing their business model and what the risks actually are.“ Brandi Reynolds agreed, cautioning firms against "throwing a lot of things on paper that sound really great but that they don’t have the intention to operationalize — or yet know how to operationalize.”
Alfarida Mohammed, who built FTX.US’ compliance program, highlighted the need for firms to do a thorough AML/CFT risk assessment of products, customers, and counter-party risks before the creation of a compliance framework, and policy and procedures. Hiring appropriately trained and educated staff who can implement and operationalize a comprehensive compliance framework is especially important. Finally, “with respect to the technological aspects, we analyze the marketplace for all the different vendors, making sure we are selecting the best in class to verify the data that we being are given and screen them from an AML standpoint.”
Many organizations are taking a conservative approach
Ms. Reynold also suggested, “that institutions really need to pursue conservative risk tolerance because regulators are taking notice,” especially when it comes to OFAC and sanctions compliance. While regulations are still evolving, it is critical to have a framework in place today.
This sentiment was echoed by Tom Armstrong, who recently joined TRM from Goldman Sachs’ Financial Crime Compliance Department. He highlighted Goldman’s evaluative framework, which, “covered off on all of the risks irrespective of whether there was a regulatory obligation to do this or not.”
One example is in the sanctions area. While OFAC’s position on sanctions is clear — crypto is treated the same as any other currency for purposes of sanctions compliance. In fact, OFAC has provided extensive guidance on what it expects from cryptocurrency businesses including transaction monitoring, geolocation and other tools to mitigate sanctions exposure. However, when it comes to Russia/Ukraine sanctions, there are still not cryptocurrency addresses on OFAC’s list.
How does a crypto business navigate this potential lack of information? Ms. Mohammed stressed the importance of conducting name screening and transaction monitoring, and of carefully evaluating the technology solutions available to support these processes, to manage sanctions-related risk.
Frequent dialog with regulators is key
Mr. Armstrong also discussed the challenges in a regulatory landscape that includes both regulation and regulatory expectations: “The latter is, I think, much harder to manage. So we wanted to, from the beginning, have early, frequent, and transparent interactions with the regulators.” Mr. El-Hindi highlighted that regulators desire to engage with industry and suggested firms engage regulators about emerging issues in the crypto space, focusing on the regulators’ goals.
Looking over the horizon
Ms. Mohammed stated that FTX.US will need to be, “flexible and nimble to whatever is going to come...we know the landscape will continue to evolve. I expect over the next few months there to be quite a bit of regulation by enforcement action. We read those enforcement actions and amend our compliance program accordingly.”
Watch the recording
About TRM Labs
TRM provides blockchain intelligence to help financial institutions, cryptocurrency businesses, and public agencies detect, investigate, and manage crypto-related fraud and financial crime. TRM's risk management platform includes solutions for transaction monitoring and wallet screening, entity risk scoring - including VASP due diligence - and source and destination of funds tracing. These tools enable a rapidly growing cohort of organizations around the world to safely embrace cryptocurrency-related transactions, products, and partnerships.
Want more content like this?
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.