AML reporting is dead. Long live AML monitoring
The fight to make our systems resistant to the proceeds of crime is an ongoing effort as we discover loopholes, and develop the legislation and tooling to beat the criminals.
The nascent world of crypto has an image problem and is wrongly associated with criminal activity. A public, immutable ledger, is in fact a useless place to hide your money as the money trail is open for everyone to look at. There have been some high-profile success stories where the enforcement agencies were able to trace stolen funds and patiently waited until the criminals moved the tokens to an exchange to convert into fiat currency where they have disclosed their identity and address.
There is a cost to society and businesses to comply with the AML legislation in the extra time taken to show evidence of identity, residence, prove who the ultimate beneficiaries are, and businesses, in particular, have a reporting obligation, particularly around suspicious activity report filing.
There is then a big burden on regulators who accumulate a vast amount of data, the need to have an expensive infrastructure in place, have the capacity to evaluate the information, and determine whether the activity stems from proceeds of crime.
When looking at crypto it is natural for the regulatory bodies and lawmakers to require new sectors to comply and fit with existing structures irrespective of how the technology. After all, they have invested in their infrastructure and processes and after all, why should this small sector be different from everyone else?
What if the financial crime units had access to a fully open, immutable ledger and run their own investigation software rather than relying on thousands of organizations to send timely data, and store and manage it?
A Money Mule Operation
One of the common ways to clean money is a Money Mule operation, this involves the criminals reaching out to people offering them a commission such as €30 to receive a sum of money and sending it on to another account. This can be done at an industrial scale using social media and it goes through a diverse set of financial organizations making detection hard as each institution is a silo.
I discussed this with Paddy McHale from Ignite (formerly Tendermint) in the context of his project Cosmos Cash. We discussed how to simulate a money mule operation on a blockchain and importantly could we have a program monitor the blockchain that would detect this type of money laundering operation.
We got into the details of how many addresses we could create and a form of random “commission” deduction at the mule end to make it a little harder to detect.
We also discussed what kind of activity we are looking for in order to build the monitoring tool.
We wanted to build a proof of concept to show that it is possible to detect money mules by listening to the chain rather than piecing together SARs submitted.
Gottcha!
Paddy got to work and got coding. He kindly made a video showing how he set up the Money Mule operation and how the tool he wrote worked in detecting the operation, and I think we can agree he did a fine job.
The demonstration can be seen in this AML tooling (vimeo.com) where Paddy walks you through the code and how he ran it on the blockchain. For the curious, the code is available on Github
The results were as we expected. The Money Mule operation ran successfully and was immediately detected by the monitoring tool. Clearly, this was an experiment and would need some further refinement and some more extensive testing. The main takeaway is that a public blockchain is fully transparent and we can build the right monitoring tools in lieu of the cumbersome reporting requirements.
Improve success rate and drop the reporting
What the experiment showed was that it is possible to monitor in real-time what is happening on-chain and detect AML activity as it is happening. This is one attack vector and can clearly be extended to cover other known activities, such as Romance scams, and phishing attacks where the funds will be channeled into an address where the criminals are likely to move the proceeds into other tokens (which can be traced) or the fiat off-ramp.
Having such powerful tools to monitor and identify activity related to the proceeds of crime greatly improves what financial crime units can achieve and heavily reduces the infrastructure needed to handle and process vast amounts of data submitted for processing.
There is a good case for businesses based on a public blockchain being exempt from reporting obligations given the tooling financial crime units can deploy to monitor and detect the proceeds of crime going through a blockchain infrastructure as it renders the reporting redundant.
This was a collaborative project with Paddy McHale who did the hard work of coding the thought experiment into something real on a test blockchain.
