Anonymous Anti-Money Laundering
How Coral Protocol is Securing the Blockchain
In February 2018, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) released a letter to U.S. Senator Ron Wyden of Oregon establishing that FinCEN considers token sellers to be money services businesses (MSB), a term financial regulators use to describe businesses that transmit or convert money. As such, token companies may be required to comply with the Bank Secrecy Act.
Among other obligations, anyone who sells newly created tokens to buyers (i.e. having a token sale or ICO) involving U.S. residents may need to comply with Know Your Customer (KYC) and Anti-Money Laundering obligations.
Traditional KYC / AML solutions are not complete solutions for blockchain transactions. Best practices dictate that companies must establish customer identity, which is covered by most traditional KYC providers. But they must also establish custodianship of the funds to help ensure that they are actually doing business with the beneficial owner. While this is relatively easy in traditional exchange environments where the funds are already in the global banking system, it is difficult in blockchain where the source of funds is only associated with anonymous wallet addresses. It is also essential that the exchanging company understand the nature of the customer’s activities to make sure that both the source of funds and the intended use of funds are legitimate.
Using best practices to achieve this thorough analysis is fundamentally important to assess money laundering risks associated with that customer and to meet regulatory obligations.
Coral complements traditional KYC/AML services by providing a holistic approach to Customer Due Diligence, increasing the likelihood of regulatory compliance while also reducing the risk of transacting with fraudulent funds. We call this Anonymous Anti-Money Laundering (AAML) since we can evaluate the risk of an address without having to know the identity behind the address.
In the following section, we outline the four best practices in customer due diligence, derived from FinCEN’s customer due diligence requirements.
Currently, only one of these best practices is sufficiently met in crypto.
Four Best Practices in Customer Due Diligence
- Establish Customer Identity
If there is any risk that your customers can use your service for illicit activities like money laundering, you need to know who they are. This covers crypto exchanges, crypto gambling services, and new token sellers such as ICOs.
Typically, companies work with Identity Providers (IDPs) that offer KYC products. Large IDPs like Trulioo have expanded to provide KYC services to ICOs and exchanges. Additionally, blockchain-native companies like Civic have emerged to provide these services to the crypto market. These IDPs are generally sufficient solutions for compliance for crypto companies.
2. Establish Custodianship of Funds
KYC is different from proving custodianship of funds. A project may have an obligation to confirm that the source of funds and the beneficial owner of the funds are the customer who has been KYC’d.
This is a problem unique to cryptocurrency. In traditional financial services, the whole flow of funds is KYC’d. If Dave sends $100 of his paycheck from his Chase Bank account to Suzie’s Wells Fargo account, and then Suzie uses that $100 to invest in a publicly listed stock which she then sells at a profit, FinCEN knows the whole flow of funds is legitimate because both Dave and Suzie went through a KYC process that verified their identities and provided evidence that Suzie was not laundering money. FinCEN is comfortable with this because they know who controls the money at every point along the way.
In crypto, however, addresses depositing to an exchange typically are not KYC’d. There is no evidence that the owner of the account actually controls the depositing wallet. This is a risk for exchanges, token sellers, and other crypto companies. If you don’t know who controls the funds depositing money into your service, you cannot demonstrate that the funds entering your service are not fraudulent or that you are doing business with the beneficial owner.
Coral’s challenge deposits validate that a KYC’d customer controls access to a provided wallet, reducing this risk for the token sellers, exchanges, and other custodial services. Challenge deposits send microtransactions to a wallet. The KYC’d customer then enters in the amount sent to the wallet, demonstrating that the customer controls the given wallet.
3. Establish the Nature of Customer Activities
Generally, customer activities are established through a subjective review of customer behavior. Employees may be trained to identify money laundering or terrorist financing activities, and some companies go as far as to assign every customer a risk score. By and large, however, this third practice is typically subjective and only undertaken rigorously by very large institutions.
Coral’s trust score enhances the ability for a company to judge whether the customer’s address has been involved in the fraudulent flow of funds, providing a foundation for a quantifiable assessment of customer risk.
4. Establish Legitimacy of Customer Funds
The fourth and final practice presents a challenge to most companies. The company may know who the customer is, may know that the customer has custodianship of the funds, may know that the customer is engaged in legitimate activities, but may not know whether the customer is involved in a fraudulent flow of funds. If the customer address turns out to have been involved in the flow of laundered funds, the company may be on the hook. Exchanges need to be sure that the wallet sending money to their account has been untouched by illicit activities to remain compliant.
Exchanges, MSBs and ICOs are ultimately liable to undertake due diligence to determine the legitimacy of customer funds. They need a way to establish the legitimacy of customer funds. Coral’s trust score maps the exposure of any wallet to a fraudulent flow of funds, enhancing a business’ knowledge of the legitimacy of client funds.
Coral Enhances KYC/AML Compliance
Companies offering customer due diligence services are and will continue to be critical to protecting crypto businesses and supporting crypto-friendly regulation. There are strong solutions for the first of the four best practices, but the remaining three are largely unmet.
Coral Protocol provides a solution for the remaining three best practices. We’ve developed a trust score, the Anonymous Blockchain Trust Score (ABTS), which reflects the degree to which an address has participated in a fraudulent flow of funds. Addresses that are engaged in fraudulent activity, such as money laundering, will have the lowest trust. Addresses that are recipients of those funds likewise have reduced trust. Alternately, addresses that are in the custody of a known individual or organization, such as an exchange, will have a high trust score. Additionally, Coral supports challenge deposits to validate that a KYC’d customer controls access to a provided wallet.
Together, Coral’s trust score and challenge deposits enable Anonymous Anti-Money Laundering, which protects companies from fraudulent funds without requiring them to know the identity behind an address.
Read more about how Coral Protocol protects against blockchain fraud here
Interested in contributing or collaborating? Join our reef: