Uncover the story behind the 'Biggest Heist Ever' — a gripping new Netflix documentary! Watch the trailer.

Webinar Recap: Navigating Risk in Crypto Payments

TRM InsightsInsights
Webinar Recap: Navigating Risk in Crypto Payments

Last month, TRM Labs’ Senior Policy Advisor Angela Ang was joined by Aaron Chua (Regional Head of Compliance at Fazz Financial and StraitsX, a Singapore-headquartered digital asset payment service provider and stablecoin issuer) and Rodrigo Peiteado (Financial Crime Intelligence Lead at BVNK, a UK-headquartered payments infrastructure provider) to discuss risk management in crypto payments.

According to TRM Labs, payment service providers (PSPs) across 60 countries process billions in crypto payments annually. While PSPs can help deliver on crypto payments’ tremendous potential and promise for consumers and businesses — value transfer at the speed of the internet — they also face unique risks by sitting at the intersection of payments and crypto.

This webinar unpacked some of the key considerations for a crypto payments risk management program, as well as practical tips for fintech compliance teams. Read on for highlights and key takeaways from the session, or watch the full recording below.

The unique world of crypto payments

The conversation kicked off by discussing how risk management differs fundamentally between crypto exchanges and PSPs. The speakers all agreed that there were significant differences. Exchanges primarily deal with trading, requiring a focus on individual users’ sources of wealth and transactional behaviors. In contrast, PSPs serve a more complex clientele — from merchants to financial institutions — with multifaceted use cases such as vendor payments, treasury management, and nested services.

Rodrigo stressed that PSPs often face intricate compliance challenges because client business models can vary widely. A normal transaction pattern for one client may be a red flag for another. For instance, a brokerage’s transaction patterns differ significantly from those of a gaming company. PSPs also see a wider range of financial crime typologies — like shell companies and trade–based money laundering — especially in B2B use cases. Aaron added that getting a good grasp of the customer’s use case at onboarding is critical to managing risk effectively. The PSP can then develop tailored monitoring frameworks to identify transactions that are not congruent to the intended use case.

Balancing risk management and customer experience

In payments — where speed, cost, and efficiency are key competitive advantages — it is also critical to balance between risk management and customer experience. 

Rodrigo outlined four guiding principles for striking the right balance:

  1. Deep client understanding: Robust onboarding and due diligence to capture a client’s unique profile.
  2. Multi-layered transaction monitoring: Continuously reassessing transaction monitoring rules and thresholds, adapting to new risks observed as well as insights from client profiling.
  3. Strong expertise and good judgment: As wrongfully withholding funds can cause damage to the client, it is critical for the compliance team to be able to discern false positives early. 
  4. Client trust and communication: Good communication is especially key when you are adding friction to the process, such as when there are additional requests for information.

Aaron highlighted how StraitsX operationalizes these principles by proactively engaging clients during onboarding to map out fund flows, and rationalizing transactions based on business models. Verifying the customer’s representation of their use case is also important. For example, for a customer collecting customer payments, his team would request for supporting documents like invoices and contracts, as well as examine the company’s website, to prove the legitimacy of transactions. He also noted that a robust onboarding process incorporating these elements minimizes the need for subsequent requests for information, which could negatively impact the customer experience. 

The nesting challenge 

Nested relationships — where a PSP onboards another PSP that serves end users, or even other PSPs — also emerged as a key topic. 

Nesting is a legitimate business arrangement that exists in both traditional finance and crypto. It allows businesses to reduce cost, expand reach, and increase economies of scale. However, it does come with additional risks. Rodrigo highlighted that the layered nature of nested relationships limits visibility into the ultimate users of funds. Aaron shared how StraitsX preemptively addresses this challenge by requiring detailed onboarding disclosures and using APIs to track transactions for each of the nested PSP’s customers. 

Leveraging blockchain’s unique features

The discussion then moved to the implications of blockchain technology in managing crypto-specific risks. Rodrigo noted that the speed of crypto payments is a double-edged sword for PSPs, allowing both legitimate and illicit transactions to happen faster. However, the inherent transparency and traceability of the blockchain — combined with blockchain intelligence tools like TRM and strong regulatory frameworks like the FATF Travel Rule —  provides the industry with effective tools to manage risk. 

In particular, Aaron championed programmability of blockchain-based payments as a game-changer. He shared an example where StraitsX used programmable money to ensure charity funds reached intended beneficiaries. By embedding conditions into digital vouchers, they assured donors that their contributions were used as intended, reducing the risk of misappropriation and other financial crime.

Compliance is not a checkbox

The discussion wrapped up with a reflection on the importance of nuanced judgment in compliance. A checkbox mentality that looks at a transaction or a customer solely through a pre-defined list of red flags may misidentify risk. Rodrigo stressed that red flags should be viewed as useful indicators, not definitive conclusions. Aaron echoed this sentiment, noting that red flags were established based on understanding of human behavior. Compliance teams must therefore not neglect that behavior can evolve over time, as bad actors get smarter at evading detection.

Final takeaways

As the session concluded, Angela asked the speakers to summarize their approach to managing risk in crypto payments in one sentence:

  • Aaron: “Stay true to your principles but be creative in your approach.”
  • Rodrigo: “Data and knowledge are the most important things in risk management.”

These insights underscore the fascinating world of crypto payments compliance. By combining deep domain expertise, innovative tools, and a flexible mindset, PSPs can navigate the complexities of this dynamic space while enabling the safe growth of digital payments.

{{horizontal-line}}

For more on managing risk in crypto payments, read our white paper here

This is some text inside of a div block.
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.