The evolution of cryptocurrency-related business activities increases anti-money laundering (AML) risks to Swiss banks – but to what extent? Learn everything you need to know about identifying the issues and successfully monitoring cryptocurrency activity from a compliance standpoint.
Ever since the first decentralised cryptocurrency, bitcoin, burst onto the scene back in 2009, the financial world has started to move at lightning speed.
The term ‘cryptocurrency’ is a buzzword that’s never been far away from the headlines. Whether it’s surrounding Starbucks’ decision to accept bitcoin in May 2019 or a $1 million AML scandal in Japan, it’s always newsworthy.
More recently, Swiss banks are dragging their heels when it comes to offering bank accounts to businesses dealing with cryptocurrency.
This revelation is quite surprising when Switzerland is widely regarded as a “crypto nation” and an innovator for crypto startups. The Swiss government believe that blockchain and cryptocurrencies can enhance efficiency both in the financial sector and in other sectors in the economy – which lead them to introduce a favourable framework and taxation law.
The problem is, a lot of these startup crypto businesses require a bank account with a Swiss bank to pay bills, salaries and social security fees using FIAT currency.
While some banks are hesitant, others are onboarding cryptocurrency clients. However, the crypto businesses that are fortunate enough to open an account are under strict legal and regulatory requirements.
Here’s everything you need to know about the AML risks highlighted by Swiss banks and the type of due diligence both parties are required to consider.
Cryptocurrency might be relatively new, but AML risks in the world of payment aren’t. From a regulatory point of view, a lot of Swiss banks believe the risks associated with blockchain and digital currencies are very similar to new financial products and technologies previously introduced to the market.
Their thinking is that these new technologies come with untested business models, are subject to fraudulent activity, fail to clarify how they work and have an element of uncertainty as they rapidly evolve.
To break this down further, here are some examples of the risks inherent in the technology and the types of fraudulent activity that commonly associated with it:
To some, the Swiss banks’ decision to deem cryptocurrency in the same field as older new financial technology might be unfair.
One major argument is that cryptocurrencies, especially bitcoin, is more pseudonymous than anonymous – meaning every transaction leaves a transparent public record and can be accessed by anyone interested in seeing a full history of a business. So, in theory, why does cryptocurrency pose such a threat to the AML regulation when the information is readily available to all?
Well, that’s where privacy coins can play a part. Certain cryptocurrencies are untraceable and categorically obscure the link between a transaction and the public wallet addresses of the parties. Naturally, this makes it a lot easier for criminals to conduct fraudulent activity by exchanging these back to primary cryptocurrencies which can then be exchanged for FIAT currency. Therefore, turning dirty money into clean money.
Mixers are also an issue, as they provide a mechanism of breaking down cryptocurrencies into several fragments and mixing them up with other fragments of other clients in a bid to confuse the trail back to the tainted source of the crypto.
However, despite the risks associated with cryptocurrencies, there have been very little money-laundering cases linked back to it and zero examples of terrorism financing in Switzerland.
Regardless, Swiss banks are not willing to take risks and have recognised the challenges that cryptocurrency presents. Every acceptance of sale proceeds of cryptocurrencies needs to be determined on a case-by-case basis and consider specific factors.
Risk assessment
The bank has to perform an accurate assessment, including its inherent, the risks associated and any counter-parties involved (i.e. crypto exchanges). This can be carried out through rigorous monitoring of transactions.
Risk-based approach
The extent of the due diligence requirements must be assessed on the given situation.
Risk mitigation
A detailed risk assessment must be completed with the definition of risk appetite, plus a consistent framework for outlining the bank’s specific risks and management boundaries. This includes documentation of the risk assessment, framework, risk factors-logic and derivation. These reviews need to be carried out periodically and banks should have a comprehensive transaction monitoring system in place which alerts them when a risk occurs.
The Swiss Bankers Association (SBA) developed guidelines that assist banks in opening accounts for blockchain/crypto businesses.
The guidelines outline blockchain-specific elements within the standard scope of the KYC (know your customer) process, as well as specifying expectations for the issuer of tokens. As a part of the guidelines, crypto businesses must also demonstrate that they operate in Switzerland too.
Interestingly, the guidelines don’t define minimum standards, meaning banking instructions issued by SBA can be prioritised. Therefore, each Swiss bank is responsible for its own business activities, so they can define their own due diligence framework for cryptos.
There’s also the matter of defining each business on a one-by-one basis too. For instance, if a business simply offers cryptocurrency payment options (like Starbucks), but doesn’t use blockchain technology to raise capital via an initial coin offering (ICO), security token offering (STO) or token generating event (TGE), they should be treated like a normal business trying to open a bank account.
However, those who do have the support of ICO, STO or TGE funding, Swiss banks should introduce additional requirements – including KYC and AML regulations.
As it stands, there is no Swiss AML regulation in place that prohibits the acceptance of sale proceeds of cryptocurrencies in general. Nevertheless, both individuals and banks have a duty under customer due diligence (CDD) to carry out checks on who they’re completing a transaction with.
It’s then up to them to identify any risks and take action to mitigate them.
This article should not be construed as a recommendation, endorsement, opinion or approval of any kind. It has been written for information only and should not be relied on for legal purposes.
Professional advice can be sought at my website.
Cover image: ©Comugnero Silvana / Adobe Stock