Virtual Digital Assets & Service Providers

By

 


Virtual Digital Assets (“VDAs”) have proven their utility in public service, wealth distribution, and economic access worldwide through their utilization of digital ledger technology (“DLT”) or blockchain technology. DLT allows for trust, security, transparency, and the traceability of data, which is especially beneficial to the financial context as it contributes to the reduction of information asymmetry and improves accountability in the provision of financial services.

 

Challenges

 

The virtual asset ecosystem has made its way to build anonymity-enhanced cryptocurrencies, decentralized exchanges (DEXs), privacy wallets, and various other services throughout recent years. However, such services contribute to reduced transparency and increased obfuscation of financial flows. 

These new virtual asset business models pose risks related to money laundering, terrorist financing, market manipulation, and other fraud types. Moreover, emerging illicit tendencies include the growing use of virtual-to-virtual layering schemes. These scams aim to further hide illicit funds in a relatively easy and cost-effective way.

 

Challenges lie ahead as the cryptocurrency landscape continues to evolve. Achieving regulatory consistency across different jurisdictions remains a complex endeavor, with variations in approaches leading to regulatory uncertainty. Technological advancements such as decentralized finance (DeFi) and non-fungible tokens (NFTs) present novel regulatory challenges that require prompt attention.

Problem of Anonymity

 It is pertinent to note here that crypto was built on blockchain ledger technology. The blockchain was lauded for ensuring the authentication of transactions by all users on the blockchain. One of the advantages of the blockchain was not to create a transactional plane where the payer and payee can be faceless and untraceable but to increase consumer ownership of transactions. This challenge is not the first time that governments have had to deal with a transactional plane that cannot be traced back to the payor or payee. Cash transactions still constitute the bulk of grey market exchange. This does not mean that cash as a medium of exchange and store of value can be banned or derecognized. Credit and debit through bank transfers also occasionally happens over the wire without a need for identity verification or using proxy verification details. In other words, the identity of the source of funds and the fund’s receiver is not critical for a bank transfer to occur as they happen over the internet. In both the above cases, and in the present case of crypto, regulatory mandates for KYC and a formal Customer relationship mechanism between holders/consumers of VDAs and Virtual Asset Service Providers (VASPs) are required.

 Transformation of VDAs

 Conversion of fiat currency held in traditional bank accounts undergo a complicated ‘cleansing’ process whereby this money is converted into a virtual digital asset. In this manner, the primary money trail that underlies the asset is obfuscated. However, in its current usage, crypto is used as a store value. Thus, the value held in crypto in this manner has to be realizable at some point and be integrated into the fiduciary cash flow of an economy to become usable by the beneficiary. Once again, regulatory efforts should be geared towards recognizing VDA exchanges as regulated entities. It would also behove governments use available softwares which can untangle or ‘un-mix’ and ‘un-layer’ crypto which has been converted from fiat to a VDA. This is indeed an opportunity for governments to integrate programs and specialized e-governance frameworks into law enforcement. With the adoption of machine learning based on Bigdata, the regulator will develop an initial database and upgrade or update its existing database to investigate criminals laundering money. As is suggested by international organisations like the FATF, ample budget and personnel need to be set aside for the development of such a database and investigative software.

 Central Regulation of a Decentralized Asset Class

 VDAs are also the vanguards of decentralized finance. The distributed nature of blockchain ledgers has been put to both virtuous and vicious use. On one hand, blockchain is goal-oriented in that it affords authentic exchange of value over secured networks which are verifiable by anyone who is a part of the transaction. On the other hand, it shuts out centralized law enforcement agencies from knowing the sources of funding. This problem is further exacerbated by the global infrastructure that supports such transactions, with links, in the form of an exchange or a mixer or a custodian, present at every node of the exchange infrastructure.


Irrevocable Transactions that Move Quickly: A cryptocurrency transfer can occur anywhere. The only requirements for transmitting funds from a particular address is the associated private key (which functions like a password or a PIN) and an Internet connection. Third parties do not sit between, or authorize, transactions and transactions are irrevocable – meaning they cannot be reversed. Criminal actors connected to the Internet from anywhere in the world can also exploit these characteristics to facilitate large-scale, nearly instantaneous cross-border transactions without traditional financial intermediaries that employ anti-money laundering programs.


The Global reach, anonymity and speedy transactions between the payer and the payee directly have made VDAs conduits for money laundering, terror financing and other illegal activities.


Origin of AML/CFT program for Virtual Asset Service Providers (VASPs)

 The ‘crypto sphere’ can be a potential safe haven for financial transactions by terrorist regimes and white-collar criminals. In addition, large-scale adoption of VDAs without regulatory oversight and control can adversely impact customers or investors who invest in such VDA projects and can have further macroeconomic impacts. On the other hand, globally, inordinate weightage has been placed on these concerns inviting disproportionate restrictions on VDAs by most governments. In doing so, an important economic opportunity is being missed by countries.

The Financial Action Task Force (FATF) issued the report Virtual Currencies Key Definitions and Potential AML/CFT Risks, in June 2014. The FATF recognizes financial innovation. At the same time, VC payment products and services (VCPPS) present money laundering and terrorist financing (ML/TF) risks and other crime risks that must be identified and mitigated. This Guidance focuses on applying the risk based approach to the ML/TF risks associated with VCPPS, and not on other types of VC financial products, such as VC securities or futures products. Accordingly, the Guidance has adopted the term VC payments products and services (VCPPS), rather than VC products and services (VCPS), where the discussion is limited to VC payments schemes. The development of VCPPS and interactions of VCPPS with other New Payment Products and Services (NPPS) and even with traditional banking services,1 give rise to the need for this Guidance to protect the integrity of the global financial system.

 

 

In October 2018, the Financial Action Task Force (FATF) adopted changes to its Recommendations to explicitly clarify that they apply to financial activities involving virtual assets; FATF also added two new definitions to the Glossary: “virtual asset” (VA) and “virtual asset service provider” (VASP). The amended FATF Recommendation 15 requires that VASPs be regulated for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes, that they be licensed or registered, and subject to effective systems for monitoring or supervision.

 

In June 2019, the FATF adopted an Interpretive Note to Recommendation 15 to further clarify how the FATF requirements should apply in relation to VAs and VASPs, in particular with regard to the application of the risk-based approach to VA activities or operations and VASPs; supervision or monitoring of VASPs for AML/CFT purposes; licensing or registration; preventive measures, such as customer due diligence, recordkeeping, and suspicious transaction reporting, among others; sanctions and other enforcement measures; and international co-operation.

The FATF also adopted a first version of this Guidance on the application of the riskbased approach to VAs and VASPs in June 2019; The organization presented its report called “Guidance for a Risk-based Approach to Virtual Assets and Virtual Asset Service Providers.” 

 

Since then, FATF has conducted multiple reviews to check how well countries follow their standards by conducting Mutual Evaluation. FATF has also covered new risks and emerging market changes, like in Decentralised Finance (DeFi), Non-Fungible Tokens (NFTs), Peer-to-Peer transactions (P2P), or stablecoins.

 

The Guidance updated in October 2021 is intended to both help national authorities in understanding and developing regulatory and supervisory responses to VA activities and VASPs, and to help private sector entities seeking to engage in VA activities, in understanding their AML/CFT obligations and how they can effectively comply with these requirements. This Guidance outlines the need for countries and VASPs, and other entities involved in VA activities, to understand the money laundering and terrorist financing (ML/TF) risks associated with VA activities and to take appropriate mitigating measures to address those risks. In particular, the Guidance provides examples of risk indicators that should specifically be considered in a VA context, with an emphasis on factors that would further obfuscate transactions or inhibit VASPs’ ability to identify customers.

 

The Guidance examines how VA activities and VASPs fall within the scope of the FATF Standards. It discusses the five types of activities covered by the VASP definition and provides examples of VA-related activities that would fall within the definition and also those that would potentially be excluded from the FATF scope. In that respect, it highlights the key elements required to qualify as a VASP, namely acting as a business for or on behalf of another person and providing or actively facilitating VA-related activities.

The Guidance describes the application of the FATF Recommendations to countries and competent authorities; as well as to VASPs and other obliged entities that engage in VA activities, including financial institutions such as banks and securities brokerdealers, among others. Almost all of the FATF Recommendations are directly relevant to address the ML/TF risks associated with VAs and VASPs, while other Recommendations are less directly or explicitly linked to VAs or VASPs, though they are still relevant and applicable. VASPs therefore have the same full set of obligations as financial institutions and designated non-financial businesses and professions.

The Guidance details the full range of obligations applicable to VASPs as well as to VAs under the FATF Recommendations, following a Recommendation-byRecommendation approach. This includes clarifying that all of the funds or valuebased terms in the FATF Recommendations (e.g., “property,” “proceeds,” “funds,” “funds or other assets,” and other “corresponding value”) include VAs. Consequently, countries should apply all of the relevant measures under the FATF Recommendations to VAs, VA activities, and VASPs. The Guidance explains the VASP registration or licensing requirements, in particular how to determine in which country/ies VASPs should be registered or licensed – at a minimum where they were created; or in the jurisdiction where their business is located in cases where they are a natural person. However, jurisdictions can also choose to require VASPs to be licensed or registered before conducting business in their jurisdiction or from their jurisdiction. The Guidance further underlines that national authorities are required to take action to identify natural or legal persons that carry out VA activities without the requisite license or registration. This would be equally applicable to countries that have chosen to prohibit VAs and VA activities at the national level. 


Regarding VASP supervision, the Guidance makes clear that only competent authorities, and not self-regulatory bodies, can act as VASP supervisory or monitoring bodies. They should conduct risk-based supervision or monitoring, and have adequate powers, including to conduct inspections, compel the production of information and impose sanctions. There is a specific focus on the importance of international co-operation between supervisors, given the cross-border nature of VASPs’ activities and provision of services.


The Guidance makes clear that VASPs, and other entities involved in VA activities, need to apply all the preventive measures described in FATF Recommendations 10 to 21. The Guidance explains how these obligations should be fulfilled in a VA context and provides clarifications regarding the specific requirements applicable to the USD/EUR 1 000 threshold for occasional transactions, above which VASPs must conduct customer due diligence (Recommendation 10); and the obligation to obtain, hold, and transmit required originator and beneficiary information, immediately and securely, when conducting VA transfers (Recommendation 16) (the ‘travel rule’). As the guidance makes clear, relevant authorities should co-ordinate to ensure this can be done in a way that is compatible with national data protection and privacy rules. Finally, the Guidance provides examples of jurisdictional approaches to regulating, supervising, and enforcing VA activities, VASPs, and other obliged entities for AML/CFT.

 

The  October 2021 Guidance updated to provide the public and private sectors with revised guidance. These revisions focused on six key areas where greater guidance from the FATF was sought. These are to

(1) Clarify the definitions of VA and VASP to make clear that these definitions are expansive and there should not be a case where a relevant financial asset is not covered by the FATF Standards (either as a VA or as another financial asset),

(2) Provide guidance on how the FATF Standards apply to stablecoins and clarify that a range of entities involved in stablecoin arrangements could qualify as VASPs under the FATF Standards,

(3) Provide additional guidance on the risks and the tools available to countries to address the ML/TF risks for peer-topeer transactions, which are transactions that do not involve any obliged entities,

(4) Provide updated guidance on the licensing and registration of VASPs,

(5) provide additional guidance for the public and private sectors on the implementation of the ‘travel rule’, and

(6) Include Principles of Information-Sharing and Co-operation Amongst VASP Supervisors.

This document incorporates and supersedes the 2019 Guidance.


The AML/CFT efforts by IMF, FSB and G-20

During India’s G20 Presidency, the International Monetary Fund (IMF) and the Financial Stability Board (FSB) jointly published a Synthesis Paper on Cryptocurrencies. It provided further insights into the global perspective on crypto regulation and  highlighted potential risks to global financial stability posed by cryptocurrencies and discussed various regulatory approaches adopted by different countries. The paper also touched upon cross-border challenges and the potential for cryptocurrencies to promote financial inclusion.

It’s no secret that countries around the globe have taken different stances when it comes to dealing with cryptocurrencies. Some have opted for strict regulations, while others outright banned them. India’s approach to cryptocurrencies has been a bit of a rollercoaster ride.

 

Despite India having a huge investor base and market capitalistion, the sector has been deprived of any sort of regulation in the country. However, several emerging and developed market economies are taking measures to partly regulate the sector e.g., India’s recent reform to include VDAs under the Prevention of Money Laundering Act (PMLA).

 

India has already begun engaging in dialogues concerning VDA regulation and it is vital to consider an SOP which details out priority areas, commonly identified by governments and regulators worldwide. A comprehensive Standard Operating Procedure(SOP), ensuring appropriate regulatory agility and enforcement tools, will not only overcome the existing gaps in regulation but will also enable immediate intervention of law enforcement agencies for remedial measures and prevention of harm and misuse. An SOP focused on the four priority areas - Consumer and Investor Protection, Access to Law Enforcement Agencies to Address Fraudulent Practices, Regulatory Arbitrage and Financial Stability – holds the potential to address the existing lacunae in the VDA framework.

 

The past decade has witnessed a seismic shift in the landscape of cryptocurrencies. In a remarkably short span of time, digital assets have catapulted into the mainstream, capturing the attention of investors, technologists, and financial institutions alike. What began as a niche movement has now evolved into a global phenomenon, fueled by the allure of decentralization, financial inclusivity, and the potential of blockchain technology.

 

As this burgeoning industry expands, concerns surrounding money laundering, tax evasion, and regulatory compliance have taken center stage. Governments and financial authorities around the world find themselves grappling with the complex task of effectively regulating and integrating cryptocurrencies within existing financial frameworks.

 India assumed the G20 Presidency in 2023, providing it with a unique opportunity to influence global financial policies, including those related to cryptocurrencies. The G20, consisting of the world’s largest economies and the European Union, serves as a platform for international cooperation and economic governance. Under India’s leadership, the G20 addressed several critical issues related to cryptocurrencies.

Policymakers and stakeholders across the world have been closely monitoring the developments in India amid the ongoing G20 Presidency, which is expected to build a global consensus to regulate the crypto asset sector in India. The country’s Finance Minister Nirmala Sitharaman on multiple occasions reiterated that “crypto has been a very important part of the discussion under India’s G20 Presidency, given so many collapses and shocks. We seek to develop a common framework for all countries to deal with this matter”.

 The G20 New Delhi Leaders’ Declaration, issued at the conclusion of India’s G20 Presidency, was a significant document that shed light on the G20’s stance on cryptocurrencies. It acknowledged the growing significance of cryptocurrencies in the global economy and their potential impact on financial stability, monetary policy, and consumer protection. The declaration also emphasized the importance of innovation, risk mitigation, and international cooperation in regulating cryptocurrencies.

 

The G20 Leaders Declaration also backed the FSB’s recommendations and welcomed the paper’s roadmap for establishing a coordinated and holistic policy and regulatory framework. It’s pretty clear that the international community is keen on finding the right balance.

Enforcing a ban in one jurisdiction could merely result in crypto activity migrating to more crypto-friendly jurisdictions, leaving the former at a disadvantage. This could even increase the risks associated with financial integrity.

The paper suggests that regulating and supervising licensed or registered crypto-asset issuers and service providers could help bridge the information gaps, making cross-border monitoring much easier.

It advocates for implementing the anti-money laundering and counter-terrorist financing standards set by the Financial Action Task Force, specifically tailored to cryptocurrencies and service providers. This would certainly be a step in the right direction for creating a safer environment for all parties involved.

 

 

According to the Financial Action Task Force (FATF), VASPs are more prone to serious risks. For example, VASPs can be exploited by criminals and terrorists for money laundering and funding terrorist activities. 

The FATF’s guidance on virtual assets and VASPs, employing a risk-based approach, provides a precise understanding of virtual asset service providers. They played a crucial role in comprehending how FATF Recommendations affect cryptocurrency businesses.

 virtual asset (VA) is a digital form of value that can be traded or transferred online. Virtual assets are both suitable for payment and investment.

 

Some Examples of Virtual Assets (VAs)

 

According to the FATF, VAs include:

  • Gaming tokens.
  • NFTs that can be exchanged back to fiat currency.
  • Cryptocurrencies, such as Bitcoin, Ethereum, or Litecoin.
  • Some stablecoins. However, it depends on their characteristics.

 

Virtual Asset Service Providers (VASPs) are a fairly newly established sector in many jurisdictions. To put it simply, VASPs include exchanges, P2P platforms, crypto ATMs, custodians, and OTC desks, among others.

As per the FATF’s definition, a virtual asset service provider can be an individual or a legal entity engaged in one or more of these activities. Virtual asset service providers offer services, such as:

  • Converting virtual assets from one form to another.
  • Transferring virtual assets
  • Exchanging virtual assets and fiat currencies.
  • Safeguarding or managing virtual assets or instruments that provide comprehensive control over them.
  • Participating in and facilitating financial services related to the sale of virtual assets or an issuer’s offer.

 

Some Examples of Virtual Asset Service Providers

 

VASPs must comply with FATF’s crypto Travel Rule, which consists of the following obliged entities: 

  • Mining pools
  • Wallet providers
  • Custodians
  • Bitcoin ATMs and kiosks that engage in the exchange of virtual assets for fiat currency or other virtual assets.
  • Brokerage services that facilitate the issuance and trading of VAs for individuals or entities.

Exemptions to the VASP Category

The FATF’s VASP definition excludes software publishers whose services include creating new virtual assets. Additionally, investment funds, under specific conditions, do not fit into the VASP category. For example, when investment funds accept subscriptions through an external trading platform. 

Additionally, consumers, P2P transactions, and individual miners (when mining for personal use), do not meet the FATF’s definition of a VASP.


The Travel Rule for crypto assets mandates that any crypto transaction surpassing a specific threshold should include the customer’s personal information. Furthermore, VASPs are required to conduct sanctions screening on the counterparty customer and conduct customer due diligence (CDD) on the counterparty VASP.


The Travel Rule as applied to VASPs

According to the crypto Travel Rule, VASPs and cryptocurrency businesses are obligated to exchange customer information when transferring cryptocurrency or digital assets beyond a certain threshold. This personally identifiable information (PII) should encompass the name and wallet address of the sender.

A quick timeline of the Travel Rule’s evolution and VASP’s compliance:

  1. The ‘Travel Rule’ was initially introduced by FinCEN under the US Bank Secrecy Act (BSA) and became effective in 1996. This rule mandated financial institutions to share specific information with the next financial institution during wire transfers. 
  2. In 2012, the FATF added similar Travel Rule guidelines for wire transfers into the mentioned FATF 40 recommendations
  3. In 2018, the FATF added virtual assets and issued guidance on applying a Risk-Based Approach (RBA) to virtual asset service providers.
  4. In October 2021, FATF revised and expanded the scope of AML/CTF obligations for cryptocurrencies. This includes incorporating CDD practices under the Travel Rule outlined in Recommendation 16.
  5. Currently, FATF’s Travel Rule mandates regulated entities to ensure that specific information about the parties involved in transactions exceeding USD/EUR 1,000 accompanies the transaction to the receiving entity. 

The Travel Rule is applicable to transfers of VAs between two obligated entities, such as two VASPs or a virtual asset service provider and a traditional financial institution.


India and Virtual Digital Assets & Service Providers

Back in 2018, the Reserve bank of India (RBI) threw a curveball by prohibiting Indian banks from engaging in cryptocurrency transactions. But hold on, just when you thought it was game over, the Supreme Court stepped right in and overturned this ruling in 2020.

In the recent Union budget for 2022-23, the Indian government proposed a 30% tax on income from the transfer of digital assets, along with a 1% TDS (tax deduction at source) on such transactions. Finance Minister Nirmala Sitharaman emphasized the need for global collaboration in regulating or even banning cryptocurrencies due to their borderless nature.

 

Virtual Digital Assets & Service Providers : Guidance by FIU-Ind w. e. f. 10th March 2023

 AML & CFT Guidelines for Reporting Entities Providing Services Related To Virtual Digital Assets  aim to provide a summary of the provisions of the applicable antimoney laundering, counter-terrorism financing and proliferation financing legislations in India, viz. the Prevention of Money Laundering Act, 2002 (hereinafter referred to as the “PMLA”), the Unlawful Activities (Prevention) Act, 1967 (hereinafter referred to as the “UAPA”), The Weapons of Mass Destruction and Delivery Systems (Prohibition of Unlawful Activities) Act, 2005 (hereinafter referred to as the “WMDA”) and rules thereunder and their applicability to and implications for the providers of services related to Virtual Digital Assets hereinafter referred to as Service Providers (SPs) and their role in applying Anti-Money Laundering, Countering the Financing of Terrorism and Combating Proliferation Financing (AML/CFT/CPF) obligations.

 

a.       These guidelines are intended to set out the steps that a SP shall implement to discourage and to identify any money laundering, terrorist financing or proliferation financing activities. It prescribes the procedures and obligations to be followed by the reporting entities to ensure compliance with AML/CFT/CPF guidelines.

b.       b. The strategy would be to use deterrence (implementation of effective KYC, CDD and EDD measures), detection (e.g., monitoring and suspicious transaction reporting), and record-keeping so as to facilitate investigations by the appropriate authorities wherever required.

1.   Service Providers The Central Government vide notification F.No. P-12011/12/2022-ES Cell-DOR dated March 07, 2023, has notified the following activities, when carried out for or on behalf of another natural or legal person in the course of business as an activity for the purposes of sub-clause (vi) of clause (sa) of sub-section (1) of section 2 of the Prevention of Money-laundering Act, 2002 (15 of 2003):

      (i) exchange between virtual digital assets and fiat currencies;

          (ii) exchange between one or more forms of virtual digital assets; 

          (iii) transfer of virtual digital assets; 

          (iv) safekeeping or administration of virtual digital assets or instruments enabling control over virtual digital assets; and 

          (v) participation in and provision of financial services related to an issuer’s offer and sale of a virtual digital asset. 

Explanation:- For the purposes of these guidelines ‘virtual digital asset’ shall have the same meaning assigned to it in clause (47A) of section 2 of the Income-tax Act 1961 (43 of 1961).

2.      Purpose of the guidelines The purpose of these guidelines is to

    a. Understand and apply the risk-based approach and indicate best practices in the design and implementation of an effective risk-based approach. 

    b. Identify the entities that conduct activities or operations relating to VDAs i.e., SPs. 

    c. Establish an efficient reporting mechanism to prevent money laundering, terrorist financing and proliferation financing. 

    d. To assist entities engaged in or seeking to engage in VDA activities or operations to better understand their AML/CFT/CPF obligations and how they can effectively comply with the AML/CFT/CPF requirements as notified under PMLA/PMLR.

3. Scope 

a. The guidelines apply to SPs and explain how they should implement the AML/CFT/CPF obligations effectively.

 b. Further, the guidelines focus on VDAs that are convertible to other funds or value, including both VDAs that are convertible to other VDAs and VDAs that are convertible to fiat or that intersect with the fiat financial system. c. Central Bank issued Digital Currencies (CBDCs) are outside the scope of this guidance since they are digital representation of fiat currencies.

Thus, any activity that involves VDAs and is suspected of being connected with money laundering will be subject to the same rigours as any other transaction involving fiat currencies. It is the obligation of exchanges to maintain transparency, identification, and compliance with the rules.

 

Key AML/CFT obligations of Virtual Digital Assets Service Providers

The AML/CFT obligations imposed on service providers related to VDA are as under:

 

  1. Getting registered as a “Reporting Entity” with the FIU-IND
  2. Conducting overall Enterprise-Wide Risk Assessment (EWRA)
  3. Designing and implementing senior management-approved policies, procedures, and controls for AML/CFT and Combatting Proliferation Financing (CPF)
  4. Appointing Designated Director and a Principal Officer
  5. Imparting adequate AML training to employees to manage the AML/CFT/CPF compliances
  6. Establishing an internal audit function to monitor the AML policies and compliances regularly
  7. Developing and implementing “Customer Due Diligence” procedures and controls, which will include the “Know Your Customer” process, Sanctions screening compliance, customer risk classification, applying Enhanced Due Diligence measures for high-risk customers and transactions
  8. Adopting adequate policies and controls for Counterparty Due Diligence
  9. Implementing robust ongoing transaction monitoring system and controls
  10. Timely reporting of necessary reports with FIU-IND, which includes filing of Suspicious Transaction Reports (STR) and reporting receipts by Non-Profit Organizations (NPO) by filing Non-Profit Organization Transaction Reports (NTR)
  11. Filing information about the NPO wallets or accounts with the DARPAN Portal of NITI Aayog
  12. Maintaining adequate AML/CFT records related to VDA for at least years
  13. Complying with FATF Travel Rule to immediately exchange information about the beneficiary and the originator between the service providers involved in VDA transfer.

 

Entities providing VDA-related services are now considered Reporting Entities under PMLA 2002 and would be subject to AML/CFT/CPF compliance obligations like having Principal Officer, doing KYC and CDD, Reporting regularly to FIU-Ind and maintain records

  

Virtual Asset Service Providers (VASPs) can conduct customer due diligence (CDD) by following these steps:

 

·         Know Your Customer (KYC): Identify and verify the identity of customers using reliable sources, such as passports or driver's licenses. This process should also include identifying the Ultimate Beneficial Owners (UBOs) and any third parties involved.

·         Assess risk: Evaluate the customer's risk profile based on the information gathered.

·         Enhanced due diligence (EDD): Implement additional measures for high-risk customers.

·         Monitor transactions: Continuously monitor customer transactions to identify and report suspicious activity.

·         Record keeping: Maintain detailed records of customer information and transactions for a specified period. 

 

CDD is an important process for VASPs to comply with anti-money laundering (AML) regulations. It helps to keep tabs on financial crime, such as money laundering and terrorist financing. 

VASPs must also implement other preventive measures, such as obtaining, holding, and securely transmitting originator and beneficiary information when making transfers.

 The CDD legal documents involve data such as:

 

  • Full name
  • Date of Birth
  • E-mail
  • Phone number
  • Country and address of residence
  • Identification cards
  • OTP validation

 

While the mentioned lists seem to be basic, there are regions that enforce stricter compliance to crypto exchanges, such as stated by the Financial Crimes Enforcement Network (FinCEN) in 2019 that it expects cryptocurrency exchanges to follow the Travel Rule

To stay safe and build a safe tool in the crypto space, regulating bodies in Europe expect crypto and crypto service providers to comply with its AMLD5 and AMLD6 legislation. Also, in the USA, FinCEN clarifies that virtual currencies and platforms which they trade are subject to anti-money laundering legislation.

And there’s a good reason for that. Companies involved in illicit activities or those that avoid sticking to compliance regulations risk can even end up being charged

 

Recent Non-Compliance Cases 

 

The Bitzlato Case

 

The recent Bitzlato experience is one of the major reasons why crypto companies need KYC. The cryptocurrency firm owner and some key shareholders were charged with processing 700 million dollars in illicit funds.

The main reason was the deficient KYC procedures that paved the way for criminals to launder money from drugs and ransomware easily.

 

The Tornado Cash Case

 

Also, in 2022, the US government punished a company called Tornado Cash for being involved in money laundering. The crypto mixer was said to have laundered 7 billion dollars worth of virtual currencies. Unfortunately, this landed the founder in jail.

KYC examples explaining how identity verification can benefit businesses:

  • Enhancing transparency and trust: KYC forms a trust bond between the users and the brand. Users are legitimately assured of data and funds safety. Illegitimate users won’t consider using brands that are KYC oriented so as not to get caught
  • Reducing risks of identity theft: Robust identification service providers, including iDenfy, help instantly detect fraudsters who use fake and stolen identities to take advantage of any platform and launder money.
  • Ensuring robust money laundering prevention: KYC processes make every single user identifiable and traceable, meaning their every transaction becomes traceable. When users bear this fact in mind, they take their fraudulent practices like money laundering to less secure platforms. 
  • Minimizing legal risks: When brands shy away from compliance and regulations, they become open to governmental risks and threats, which might lead them to paying outrageous fines. Consequently, identity verification helps ensure KYC compliance and prevents getting caught up in fraudulent activity. 

Keep in mind that, like many digital spheres, cryptocurrency can be risky. People who own digital assets become victims of attackers who have the goal of stealing their money. This can also cause the prices of cryptocurrencies to change quickly, making the market unstable.

 

In 2022, the FBI formed the Virtual Assets Unit (VAU), a specialized team dedicated to investigating cryptocurrency-related crimes. The VAU centralizes the FBI’s cryptocurrency expertise, providing technological equipment, blockchain analysis, virtual asset seizure training, and other sophisticated training for FBI personnel.

The FBI warns that as cryptocurrency usage continues to grow, so too will the risk of associated scams. Individuals should be cautious and vigilant when dealing with cryptocurrency-related investments and offers.

India

 Criminal actors exploit cryptocurrencies for all schemes, to include tech support, confidence and romance, investment, and government impersonation scams. Investment fraud was the most reported cryptocurrency scheme in 2023 and also saw the most reported losses, with about $3.9 billion lost

 According to the FBI's report, India ranked fifth globally in terms of the number of cryptocurrency-related complaints, with 840 cases reported. However, India's losses amounted to $44,054,244, placing it in the top ten countries in terms of total financial impact.

 

Korvio Coin Case

 

The fraudsters approached people with an investment plan related to a locally made (in Mandi district) cryptocurrency known as 'Korvio Coin' or KRO coins. Three to four kinds of cryptocurrency were used and false websites in which the cryptocurrency prices were manipulated and inflated were created, police said.

Cryptocurrency is a digital currency designed to work as a medium of exchange through a computer network that is not dependent on any central authority, such as the government or bank to uphold or maintain it.

The website used for the crypto scam had around 2.5 lakh different IDs. The accused used a combination of misinformation, deception and threats to maintain control over the scheme causing huge financial losses to the victims

The Himachal Pradesh Police has arrested one of the masterminds of a ₹ 2,500-crore cryptocurrency scam, which was unearthed in the state in 2022, from Kolkata, officials said on Thursday[18 July , 2024].

Accused Milan Garg (35), a resident of Meerut in Uttar Pradesh, was arrested on Wednesday night from the Netaji Subhash Chandra Bose International Airport, Kolkata while he was trying to flee to Bangkok in Thailand

 

Garg, who earlier fled to Dubai after the scam came to light, had returned to India in June and was again leaving the country when he was detained at Kolkata airport

He is the main associate of kingpin Subash Sharma, was involved in designing of the cryptocurrency, software development and marketing. The cryptocurrency scam, which has duped thousands of people, started in 2018 but came to light in 2022 as the perpetrators of the fraud had threatened the investors to keep their mouth shut or lose money.

The victims did not come out openly against the fraudsters initially, however, later hundreds of victims came forward and uncovered the modus operandi of scammers and so far over 300 complaints have been received in this regard.

Police have arrested 26 people in connection with the case and charge sheets have been filed against 70 people so far. Some of the main accused arrested included Hemraj, Sukhdev, both from Mandi and Arun Guleria and Abhishekh from Una district of Himachal.

Over a thousand police personnel have also fallen victim to the fraud.

While a majority of them were duped of crores of rupees, some of them made huge gains by creating chains by roping in more investors and opted for voluntary retirement scheme (VRS), and became its promoters, police said.

The kingpin of the scam, Subhash Sharma from Sarkaghat in Himachal's Mandi district, is still at large [July 18, 2024] and probably hiding in the UAE. Efforts are underway to bring him back. Garg is the main associate of  Subash Sharma  who is involved in designing of the cryptocurrency, software development and marketing.

The SIT investigations have also revealed that the kingpin and other key accused invested in plots and flats in Himachal, Chandigarh, Punjab and Haryana, besides buying luxury items and high-end cars, and even indulged in tax evasion.


G-20 Presidency & VDAs


The G20 has reaffirmed its commitment to the swift implementation of the ‘Two-Pillar’ international tax package. ‘Pillar One’ allocates certain portion of the taxing right to market jurisdictions, from residential jurisdictions.

Pillar Two provides for the levy of a global minimum corporate tax rate of 15% on all such big MNCs, whereby any shortfall between such global minimum tax rate and the tax rate in the low tax jurisdiction will have to be paid by such MNCs as a top-up tax.

One of the major highlights of the joint declaration is the G20’s call for the swift implementation of the Crypto-AssetReporting Framework (CARF) and amendments to the ‘Common Reporting Standard’ (CRS).

The G20 has also taken note of the OECD (Organisation for Economic Co-operation and Development) report on enhancing international tax transparency on real estate and the Global Forum Report on facilitating the use of tax-treaty-exchanged information for non-tax purposes. At present, the confidentiality laws of a tax haven /low tax jurisdiction often come in the way of Indian tax authorities, and also any information obtained through any tax treaty agreement in respect of any undisclosed foreign asset or real estate holding of an Indian resident, can’t be readily used by other regulatory agencies like the Enforcement Directorate, Central Bureau of Investigation, Serious Fraud Investigation Office, etc., other than the income tax department. But, following a request from the Indian G20 presidency, a methodology is being worked out to streamline the wider use of treaty exchanged information between interested jurisdictions.



Happy Reading,


Thos who read this, also read

1. Casinos & AML/CFT

2. Reports to be submitted to FIU-Ind by different REs


Formerly Faculty for Finance & Associate Dean, IBS-Kochi MBA (Banking & Finance – CUSAT);CFA. Accredited Management Teacher from CME of AIMA, Delhi has been in Management Education from 1988. Exposure is in the field of Mutual Funds, Market Research, Project Report preparation & evaluation, Advertising & NGO Activities. This Chief Manager, UTI Asset Management Co Pvt. Ltd(1992-2003), Mumbai. Undergone training in Case Study method of teaching under Mr. Trevor Williams and Mr. Scott M Andrews conducted by the ECCH, UK . Published Books & Book Review, Series of academic articles and maintains a column on MFs under "Fund scan" in Business Manorama since January 2007,Contributes "Portfolio Doctor" column for 'Sampadyam' a wealth mgt publication in Malayalam from manorama group since February 2007, Listed her case studies at asiacase.com.Presented papers in national & international conferences on Mutual Funds. Faculty Member @ ASIET, Kalady from 2010 to June 2019. Dean @ SNGIST, N Paravur, Ernakulam from Sep 2019 -Jan 2021, I continue my efforts to spread the knowledge in area of Finance and contribute to Management Education

Comments

Post a Comment

Popular posts from this blog

National Risk Assessment (NRA): India

By
  India's National Risk Assessment (NRA) is  an ongoing exercise to identify sectors that are vulnerable to money laundering and terrorist financing (ML/TF) .  The NRA is based on recommendations from the Financial Action Task Force (FATF) and helps inform policy-making, resource allocation, and the implementation of effective AML/CFT measures. The NRA also ensures that national strategies address both domestic and international threats. The NRA provides a foundation for informed policy-making, resource allocation, and the implementation of effective AML/CFT measures . It ensures that national strategies are aligned with the specific risk landscape of the country and that they address both domestic and international threats. The subject matter of NRA  was discussed in the Anti-Money Laundering Steering Committee (AMLSC) set up with the approval of Finance Minister, and it was decided to conduct the NRA following the World Bank methodology. The Methodology requi...
Read more

Customer Due Diligence(CDD) : Individuals

By
Image
This post is based on RBI Master Circular dated Feb 25, 2016 updated on Jan 04, 2024  Part I - Customer Due Diligence (CDD) Procedure in case of Individuals For undertaking CDD, REs shall obtain the following from an individual while establishing an account-based relationship or while dealing with the individual who is a beneficial owner, authorised signatory or the power of attorney holder related to any legal entity: (a)     the Aadhaar number where,   (i) He is desirous of receiving any benefit or subsidy under any scheme notified under section 7 of the Aadhaar (Targeted Delivery of Financial and Other subsidies, Benefits and Services) Act, 2016 (18 of 2016); or (ii) He decides to submit his Aadhaar number voluntarily to a bank or any RE notified under first proviso to sub-section (1) of section 11A of the PML Act; or (aa) the proof of possession of Aadhaar number where offline verification can be carried out; or (ab) the proof of possession of Aa...
Read more

Periodic Updation of Customer Risk Profile

By
1. Preparation of Customer Profile from KYC Data In the initial years of KYC, RBI has been following a handholding approach as can be seen from their circular dated July 2009 and that of Feb 25, 2016 as updated on Jan 04, 2024. RBI requires REs to conduct risk profiling and risk categorization and periodic updation.  Extracts from RBI MD dated July 01, 2009 under Customer Acceptance Policy a)ii) Parameters of risk perception are clearly defined in terms of the nature of business activity , location of customer  and his clients, mode of payments, volume of turnover, social and financial status etc. to enable categorisation of customers into low, medium and high risk (banks may choose any suitable nomenclature viz. level I, level II and level III). Customers requiring very high level of monitoring, e.g. Politically Exposed Persons (PEPs) may, if considered necessary, be categorised even higher; b). Banks should prepare a profile for each new customer based on risk categorisatio...
Read more