On June 20, 2024, Merkle Science hosted a three-hour crash course in Crypto Compliance. The full video can be watched on-demand here.
The two instructors were Natalia Latka, the policy director of Merkle Science, and Tom Luo, the sales director of Merkle Science.
Read on below to find out the 3 key takeaways from the webinar:
Compliance is not black or white
Compliance would indeed be simple if it was only a matter of following a blacklist. Organizations would just need to cross-reference accounts and transactions against the list that have been blocked or sanctioned in a particular jurisdiction. This vetting could be done manually with a compliance officer or automatically with a blockchain analytics tool.
As noted in the seminar, this was the historical foundation of compliance: After early hacks like Mount Gox, providers sprung up that tried to segment “bad” addresses from the “good.”
But compliance is now much more complex, multifaceted, and ever-changing than a blacklist, as the two instructors demonstrated in their discussion of some of the latest cryptocurrency policies and regimes. Businesses must now detect potentially criminal accounts that do not appear on any database. For example, indirect exposure, which is when criminals separate themselves from flagged accounts by more than one hop, can pose as great of a risk on organizations.
In this kind of environment, organizations must seek out blockchain analytics tools that are not built only on the principle of blacklists. Solutions must be able to identify indirect risk exposure dozens of hops away and through multiple conditions.
One seminar participant was concerned with exactly this. They inquired whether Compass, which is Merkle Science’s product for KYC, AML, and CFT compliance, had the ability to query for multiple conditions. Indeed, Compas possesses this feature. For example, a business could set a customizable alert for transactions greater than $10,000 that passed through a darknet coin mixer and had a coin taint of 10% or more.
In this way, the organization can set up behavioral-based parameters that match their unique risk profile and catch criminals that try to evade blocklists through various obfuscation techniques.
Compliance must move with incredible agility
In business, “compliance” is not typically associated with speed or agility. While that sentiment may be accurate for other sectors, nothing could be further from the truth when it comes to cryptocurrency. Given that a digital asset transaction can complete within a matter of seconds, compliance protocols and procedures must be able to move swiftly to take appropriate action.
Merkle Science achieves this agility through a number of different strategic integrations. For example, through API integrations, a company can use a certain level of risk, such as high risk, as a trigger for a corresponding action on the custodial side. Some custodians, for instance, may want to temporarily freeze funds at that risk level, and review the case with a compliance officer for further action.
This level of automation enables businesses to act fast in the face of threats: Instead of being reactive to risks, they can be proactive. The same goes with other areas of compliance. While Merkle Science does not offer a module for travel rule compliance, it supports integration with many other specialized solutions that do, such as Notabene and Sygna.
As advised during the seminar, these pre-built integrations will run an API call with the corresponding travel rule compliance partner’s database to check for sanction and high risk entities. With this ability, Compass users can check for all aspects of compliance through a convenient single interface.
By serving as the heart of your compliance stack, Compass enables organizations to take notice of high risk transactions, and more importantly, take appropriate action.
Compliance must be driven through a rule-engine
The conditions and alerts each organization employs should form a small part of a much broader rule engine. This rule engine will have rules based on regulatory requirements in different jurisdictions, needs of different clients, and the organization’s own risk tolerance, all of which can be combined into overarching themes.
The rule engine should further enable customization, monitoring, and pull audits. Different criminal behaviors, including everything from ransomware to money laundering, should have their own unique flags, descriptions, and patterns that inform rules.
For example, an organization could set a rule identifying a stolen or compromised account by flagging when a particular account moves 90% of funds within 5 minutes of receiving them to a different account. This activity would indicate the possibility of a hacker moving illicit funds from a victim’s account to a criminal-owned account, one which may be the first in a long line of wallets designed to facilitate the laundering.
With a wide variety of such rules in place, organizations can combat the diversity of criminal activity in digital assets and ensure compliance with relevant local regulations. The rule engine would essentially form the organization’s braintrust in identifying and preventing suspicious transactions, one which should evolve in response to criminals and their increasingly sophisticated evasion and obfuscation techniques.
Find the right way with Compass
Compliance is one of the most challenging areas for any crypto businesses. A failure in this area can lead to government punishments, reputational damage, and financial costs in the form of penalties and lost business.
Businesses must invest in the right compliance tool and Compass is a highly reputable compliance solution that encompasses all areas of compliance, including KYC, AML, CFT, and even the travel rule through various integrations with partners.
Click here to watch the full webinar on crypto compliance and make sure to follow us on LinkedIn and Twitter to sign up for future webinars.