
Understanding the Key Role of Risk Assessment in the Crypto Industry

BEFORE YOU GO...
Check how Shufti Pro can verify your customers within seconds
Request DemoNo thanks
Cryptocurrencies are becoming a hotspot for scammers to perpetrate financial crime. Over 46,000 individuals have lost more than $1 billion to crypto fraud since 2021. To avoid unintentionally facilitating illegal practices within the industry, it is vital to establish robust systems, controls, and procedures. This is where the significance of cryptocurrency risk assessment becomes evident.
Conducting a thorough risk assessment is an essential procedure that enables organisations to proactively recognise and address potential vulnerabilities, allocate resources efficiently, and protect against financial crime risks in cryptocurrencies.
Consider a situation where a customer becomes a scam victim and uses cryptocurrencies for fraudulent payments. Due to the prevalence of cryptocurrency scams, this scenario’s probability is relatively high. The impact can be categorised as moderate.
Subsequently, the inherent risk of this scenario needs to be calculated. Assuming it is assessed as a medium risk, it becomes essential for firms to be cautious of it and have robust systems to prevent such incidents. Security controls may involve collecting customer data and implementing transaction monitoring rules and limits.
Once the primary areas of risk are identified, there are several things to consider during the risk assessment procedure:
Risk assessments are conducted regularly at different intervals, including annual assessments, ad-hoc assessments, or continuous monitoring of customers.
Here are the common types of risk assessments:
Risk assessments offer numerous advantages to the cryptocurrency industry:
The Financial Crimes Enforcement Network (FinCEN) classifies cryptocurrency exchanges as Money Services Businesses (MSBs) and considers them covered financial institutions under the Bank Secrecy Act. Federal law does not mandate MSBs, such as crypto exchanges, to perform an AML Risk Assessment. However, FinCEN encourages MSB management to document a Risk Assessment to establish a clear foundation for the MSB’s policies and procedures.
Demonstrating a “risk-based programme” becomes challenging without conducting an AML Risk Assessment. Moreover, FinCEN’s “September 2020 Advanced Notice of Proposed Rulemaking (ANPRM)” suggests the establishment of a requirement for all covered financial firms to maintain an “effective and reasonably designed” AML programme. This includes performing a written AML risk assessment as proof of an efficient and well-designed programme. When regulatory authorities identify deficiencies, AML Risk Assessments are frequently referenced in enforcement actions.
Understanding the regulatory landscape in New York is crucial, as it is the only state in the US that mandates cryptocurrency exchanges to obtain a BitLicense. New York Law (23 CRR-NY 200.15) mandates crypto exchanges to conduct an AML risk assessment. Section B of CRR-NY 200.15 specifies that licensees must perform additional assessments annually or more frequently to adapt to changing risks and modify their AML programs accordingly.
The New York Department of Financial Services (NYDFS) urges firms to assess their inherent risk and have specific controls, including:
“The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017” (MLR) are the principal regulations outlining AML requirements and registration obligations in the UK. It has undergone various amendments to incorporate the EU’s Anti Money Laundering Directive 5 (AMLD5) in 2019 and the Travel Rule in 2022.
Moreover, the following laws may also apply depending on the nature and type of assets that a crypto firm handles:
Shufti Pro offers a risk assessment solution to 230+ countries and territories that determine high-risk customers whilst complying with KYC and AML compliance regulations.
Here’s what makes Shufti Pro’s risk assessment solution stand out:
Still confused about how risk assessment helps the crypto sector keep scammers away?