A virtual asset is a digital representation of value that can be digitally traded, transferred, or used for payment or investment purposes (excluding a digital representation of a fiat currency).
Common virtual assets are cryptocurrencies, digital currencies that use cryptography to secure transactions and are decentralised (i.e., not issued by a central authority).
Virtual assets enhance security and privacy, and they are beneficial to users because they cut off intermediaries. At the same time, these qualities make them vulnerable to crime and money laundering.
The Financial Action Task Force (FATF), the international watchdog for anti-money laundering and counter financing of terrorism (AML/CFT), amended in 2018 its recommendations introducing Recommendation 15, which explicitly clarifies that AML/CFT standards apply to financial activities involving virtual assets.
This means that virtual asset service providers that buy and sell virtual assets in exchange for fiat currency, exchange different virtual assets (e.g., from one cryptocurrency to another) and transfer virtual assets on behalf of a customer need to collect identity documents for their customers and monitor transactions.
Conversely, this means that peer-to-peer virtual asset payments are outside the scope of AML/CFT.
Cybercrimes and Crypto Laundering
We need to distinguish between two phases; one is the use of virtual assets to commit a crime (e.g., ransomware) and the other phase consists in using specific crypto laundering techniques to clean the proceeds of crime.
Cybercrimes
The Asia/Pacific Group on Money Laundering (APG) Yearly Typology Report 2023 describes a cybercrime scenario. An overseas scammer contacts a New Zealand-based victim and engages in deceptive practices (e.g., romance scams) to gain the victim’s trust. The scammer instructs their victim to meet with their local ‘associate’ (a Bitcoin trader and not associated with the scammer) to conduct a cash handover, providing the victim with a time and place to meet the ‘associate’. At the same time, the scammer contacts the Bitcoin trader advising they wish to purchase bitcoin with NZ$, instructing the trader to meet with their ‘associate’ (the victim) at a specific time and place to conduct the handover. The scammer provides the Bitcoin trader with their Bitcoin wallet address to which the Bitcoin trader is to credit bitcoin to the value of the cash handed to them by the victim.
In the case study presented by APG, the Bitcoin trader did not undertake any customer due diligence when facilitating these trades, accepting the cash from the victim, and crediting the value in Bitcoin to the scammer on a ‘no questions asked’ basis.
Crypto laundering
Crypto laundering starts after the crime has been committed. The cybercriminal needs to disguise the origin and the destination of the funds and ultimately convert the cryptocurrency into fiat currency to enjoy their profit.
Common crypto laundering techniques are:
- Chain swapping, the practice of rapidly exchanging one cryptocurrency for another, for example, shifting from bitcoins to a private coin, like Monero.
- Coin mixing, the practice of pulling coins together from multiple customers and redistributing different coins of the same amount to the customer. Cybercriminals use this practice because individual coins are traceable.
- Peel chain, a technique to launder cryptocurrency through a lengthy series of minor transactions. The process involves shuffling cryptocurrency coins into multiple wallets and, at each transaction, converting a small portion of the cryptocurrency into fiat currency.
New Zealand Amendment Regulations
The AML/CFT Amendment Regulations relating to virtual assets entered into force on the 1st of June 2024.
Under these Amendment Regulations, a person who, in the ordinary course of business, provides safekeeping or administration of virtual assets on behalf of any person is a reporting entity under the AML/CFT Act. This is because the deposit, withdrawal, exchange, or transfer of a virtual asset is declared to be a transaction for the AML/CFT Act.
This also means that a virtual asset-to-virtual asset transfer and a virtual asset-to-fiat currency transfer (or vice-versa) are considered wire transfers under the AML/CFT Act.
These amendments are in line with FATF Recommendation 15, and they will decrease the likelihood of scams similar to those reported by APG. By obtaining identity information from their customer (the scammers) and the person acting on behalf of the customer (the victims), and by investigating the nature and purpose of the business relationship, the Bitcoin trader will be better equipped to detect such scams.
At the same time, these amendments will apply to virtual asset exchange and mixing service providers, making it harder for cybercriminals to continue enjoying anonymity.
Conclusions
Virtual assets have created new avenues to commit crimes and new secure payment methods for criminals. Despite that, cybercriminals still encounter the same problems that traditional criminals do, they need to find a way to launder the proceeds of crime. To do so, they use a variety of virtual asset service providers to store, exchange and transfer their virtual assets.
The international financial system has been slow to adapt to virtual asset technologies. Considering that the first bitcoins were mined in 2009, it took the FATF nine years to establish clear anti-cryptocurrency laundering guidelines, and New Zealand fifteen years to clarify how AML/CFT standards apply to virtual asset service providers.
The recent amendments to the AML/CFT Regulations are a welcome addition to the New Zealand financial landscape, but we must wait and see how the affected providers will comply with these standards.
Dr Giulia Dondoli
Dr Giulia Dondoli is a certified anti-money laundering specialist and founder of Total AML. Giulia helps reporting entities in New Zealand, Australia and the Pacific Island Nations to comply with AML/CFT laws.