The NYDFS Issues Guidance Urging Virtual Currency Businesses to Adopt Blockchain Analytics

In the Virtual Currency Guidance published on April 28, 2022, the New York State Department of Financial Services (NYDFS), recommended that all virtual currency companies (VC Entities) operating under New York banking law adopt blockchain analytics to trace transactions. The guidance also encouraged the VC Entities to harness blockchain analytics tools to set controls and meet anti-money-laundering (AML) and sanctions-related compliance requirements. This is the first time any state or federal regulator has set explicit expectations for cryptocurrency transaction monitoring and the use of blockchain analytics 

“Blockchain analytics tools provide companies with an efficient, data-driven way to conduct customer due diligence, transaction monitoring, and sanctions screening, among other things, which are all critical elements of our virtual currency regulation. We expect regulated entities to utilize best practices to uphold the safety and soundness of the virtual currency market and to protect consumers.” NYDFS Superintendent, Adrienne A. Harris, said in the official press release.

The guidance outlined three ways in which blockchain analytics form a key part of an effective compliance program. These include augmenting (a) Know Your Customer (KYC) and associated controls, conducting transaction monitoring of on-chain activities, and (c) sanction screening. 

1] Augmenting Know Your Customer-related controls

The guidance stated that VC Entities must understand and address the risks presented by their customers and potential customers. To do this, VC Entities must use products and services that provide them with their customers’  identifying information that can be linked directly to the on-chain data.

The NYDFS acknowledged that blockchain analytics solutions can identify wallet addresses associated with both known wallets, for example, the address of a user’s custodial wallet, as well as high-risk wallets, such as wallets associated with darknet marketplaces. However, the NYDFS was also concerned that blockchain analytics tools “may not be able to identify underlying owners, including ultimate beneficial owner, and may have limited attribution capabilities.”

While it is true that transaction data may not reveal the real-world identity of an entity or ultimate beneficial owner; the associated wallet addresses can provide clues. Moreover, if further investigation is needed blockchain analytics companies may also aggregate off-chain data to identify the transaction participants. To achieve this, blockchain analytics experts use historical blockchain data analysis, combined with a detailed understanding of good and bad actor behaviors and techniques, to detect transaction patterns. 

To effectively identify illicit activity associated with a wallet address, blockchain analytics providers, such as Merkle Science, take into account guidance given by global and local regulators which include behaviors and patterns that may indicate illicit activity in their analysis. For example, Merkle Science’s Behavioral Rule Engine ensures compliance with FATF’s Red Flag Indicators for Virtual Assets, FinCEN’s Advisory on Illicit Activity Involving Convertible Virtual Currency, Singapore’s MAS PSN02 requirements, and other country-specific AML/CFT laws.

Compass, our flagship product, is a blockchain wallet and transaction monitoring system, designed to enable VC Entities to track fund movements in real-time, empowering them to understand and take action if clients are sending them funds from blacklisted addresses, sanctioned entities, darknet marketplaces, or ransomware accounts to name a few. 

Additionally, Compass leverages Merkle Science's proprietary Behavioral Rule Engine to go beyond the blacklists and allow compliance teams to create customized alerts to detect potential money laundering and suspicious transaction behavior in order to meet global and local KYC/AML regulatory requirements.

The guidance also urged the VC Entities to put in place policies and procedures to assess counterparty exposures in VC transactions. The NYDFS encouraged VC Entities to use tools that provide “numerical scores or tiered rankings to represent the risk of the counterparty institution, typically based on on-chain transaction data supplemented with other factors such as the strength of the institution’s BSA/AML Program.”

KYBB is Merkle Science’s enterprise solution that combines on-chain and off-chain information in order to provide an overall trust score which helps VC Entities understand their counterparty risk, and assist them with onboarding due diligence.

2] Conducting transaction monitoring of on-chain activity

VC Entities must have in place appropriate control measures to monitor and identify unusual activity tailored to the VC Entity’s risk profile. Further, it is important that VC Entities evidence appropriately tailored transaction monitoring coverage against applicable typologies and red flags, identify deviations from the profile of a customer’s intended purposes, and address other risk considerations as applicable.

The guidance also listed out some of the key financial crime typologies that VC Entities should take note of, for example, VC Entities should assess whether any VC they engage with: 

• Has substantial exposure to a high-risk or sanctioned jurisdiction
• Has processed transactions using a mixer or a tumbler
• Has sent transactions to or from darknet markets or other potentially illicit sources
• Are associated with scams/ransomware
• Are associated with other illicit activity relevant to the VC Entity’s business model.

Jurisdictions that have inadequate due diligence and compliance requirements, especially those jurisdictions that have weak AML/KYC/CFT frameworks will be considered high-risk jurisdictions. Further, jurisdictions that have been added to the FATF's greylist and the blacklist will also be considered high-risk. Merkle Science identifies said entities under type “High-Risk Jurisdictions” and subtypes “FATF Blacklist” and “FATF Greylist”. Moreover, Merkle Science also attributes addresses associated with coin mixers — such as Wasabi and Samourai — and alerts our users should they have direct or indirect exposure to funds from these entities.

Compass can identify the proceeds of ransomware payments by flagging transaction patterns and behaviors. Should an address receive payments of similar amounts from many different counterparties, the address is immediately flagged and escalated to compliance teams. Further, any rule created can be combined with other rules — such as range-bound transactions — to identify if the address is receiving many payments of similar size, which may indicate a scam. Ultimately, putting more conditions into a rule will make it difficult for an attacker to satisfy all of them, thereby reducing the chance of him engaging in criminal activity.

[3] Conducting sanctions screening of on-chain activity

The NYDFS also emphasizes the importance of implementing risk-based policies and processes that identify transaction activity involving VC addresses or other identifying information associated with sanctioned individuals and entities listed on the SDN List or located in sanctioned jurisdictions.

Entities that are based out of sanctioned jurisdictions are categorized in Compass as an “Entity from Sanctioned Country.” Merkle Science also provides sanction screenings for wallet addresses that are tagged against sanctioned entities. Using the sanctioned addresses, we run clustering algorithms to identify addresses that may — with a high degree of confidence — potentially belong to the sanctioned entities. Our behavioral rule engine also takes into consideration the OFAC guidance, which provides specific examples of red flag behaviors that indicate an entity’s sanctions nexus. 

Merkle Science’s multi-hop feature empowers Compliance Officers to investigate both direct and indirect risks, such as those originating from associated addresses. Therefore, addresses interacting either directly or indirectly with the sanctioned addresses will be flagged as high-risk alerts. Compass can monitor the transactional history of all the wallet addresses associated with a user.

How Merkle Science can help?

With U.S. regulators and law enforcement agencies strengthening their cybersecurity regime and ensuring strict implementation of their guidelines through enforcement actions, blockchain and crypto should proactively put robust compliance and security frameworks in place. Merkle Science’s highly customizable and easy-to-use platform provides near real-time detection of blockchain transactional risks. Our predictive cryptocurrency risk and intelligence platform set the standard for the next generation of financial safeguards and criminal detection. Merkle Science's proprietary Behavioral Rule Engine allows crypto businesses to tailor the tool according to their risk policies based on the recent changes so that businesses may stay ahead of emerging illicit activities and fulfill their local compliance obligations.