More than half of all cryptocurrency exchanges are so lax about making customers prove their identity that they can be considered money-launderer friendly.
That is the conclusion blockchain analytics firm CipherTrace reached in an Oct. 2 report on Virtual Asset Service Providers’ (VASPs) know-your-customer (KYC) processes.
According to CypherTrace, “56% of VASPs globally have weak or porous KYC processes, meaning money launderers can use these VASPs to deposit or withdrawal their ill-gotten funds with very minimal to no KYC.”
CipherTrace explained that the most porous VASPs—the term also encompasses custodians and hedge funds—allow deposits and withdrawals up to a specified amount with little or no KYC checks. Some of the largest cryptocurrency exchanges engage in the practice as long as fiat money is not involved in the user’s activities. This practice opens the service providers to money launderers hiding the source of cryptocurrencies.
Not just off shore
The countries with the most VASPs with porous or weak KYC practices are the U.S., Singapore, and the U.K. CipherTrace explains that this “demonstrates the ease and volume of potential off ramps for money launderers.”
An interesting detail is that the report claims that 72% of African-Domiciled VASPs are registered in Seychelles, and 70% of those Seychelles-domiciled VASPs have bad or porous KYC. This is where BitMEX is located, and its founder was criminally charged with violating anti-money-laundering laws by the U.S. Attorney just yesterday.
Europe’s strict new regulations fall short
CipherTrace adds that despite the European Union’s tough new regulations—the long-awaited Fifth Anti-Money Laundering Directive —“Europe has the highest count of VASPs with deficient KYC procedures. Sixty percent of European VASPs have weak or porous KYC.” The report also revealed:
“When looking at the weakest KYC countries in the world, CipherTrace analysts discovered that 60% of the top 10 worst KYC countries in the world are in Europe, 20% are in Latin American and Caribbean countries, and the final 20% are in APAC countries.”
The apparent lack of utility of the new EU regulation is particularly sad, given that at the end of 2019 the new money laundering laws resulted in several companies closing their businesses to avoid damaging user privacy or the added compliance costs that those rules would require.
DeFi “creates regulatory risks”
CipherTrace says that this year the value of crypto assets locked in decentralized finance (DeFi) protocols grew to reach $16 billion. Since those systems are designed to be permissionless and accessible to anyone without the opportunity for censorship, the firm claims that “it’s clear that DeFi has the potential to become a haven for money launderers.”
CipherTrace found that more than 90% of decentralized exchanges with a clearly domiciled country have insufficient KYC standards, while 81% have little to no KYC at all. The report cites United States Security and Exchange Commission’s Senior Advisor for Digital Assets and Innovation, Valerie Szczepanik, suggesting that DeFi projects are violating multiple laws:
“[DeFi Projects] are likely subject to various laws already, including securities law, potentially banking and lending laws— definitely AML/CTF laws.”
As Modern Consensus reported earlier today, United States regulators are expected to start taking action against DeFi firms. And despite their supposed lack of centralized control, many have people or companies that could be charged with breaking those rules.