Can crypto firms self-manage for AML Compliance, Risk?


page image

FTX collapse has investors wanting better risk management at crypto firms

If you were surprised by the magnitude of trouble at FTX, you probably weren’t paying much attention. If you work in the AML Compliance and GRC fields, you may have seen it all as a slow-motion trainwreck. You know…the trainwreck you can see from miles away, but it’s all in slow motion and no one is paying attention to the obviously impending disaster.

Now some crypto firms are working to get ahead of the questions and show they are attending to rigorous risk-management and AML Compliance standards.  And for firms remaining silent, there are the questions from the public about how to prevent collapses, fraud, and wholesale rejections of risk management at other crypto firms. Mengai Sun in the Wall Street Journal this week reported on conversations within the industry about how to manage risk and identify red flags.

Many firms are claiming that their own risk-management programs are robust and their commitment to fighting financial crime is sound. Many analysts, however, remain skeptical. And since there are few U.S. regulatory requirements truly in place for this hard-lobbying industry in its infancy, decisions about risk management at some firms tend to remain opaque and likely minimally prioritized.

This opaqueness is especially true, according to the Journal, for crypto firms that are privately held. Public firms must adhere to reporting requirements like third-party audits, but private firms have no such requirements.

To reassure investors and to demonstrate that they’re capable of policing themselves, some crypto firms have chosen to prioritize risk-management programs like those in place at more traditional financial institutions. Traditional institutions must monitor and mitigate risk both in their financials and in their operations. Risk categories include elements like financial crime, anti-money laundering measures, Know Your Customer (KYC CDD), cyber risk, liquidity requirements, auditing standards, and so on.

In fact, some accounting firms are pulling back on their work with crypto firms in order to limit their own exposure if those firms choose not to implement standard risk management with sufficient transparency.

Chief Compliance Officers at BitGo and Bitstamp both described how their firms leverage measures such as annual audits, AML Compliance reviews, AML KYC programs, stress testing, and more to ensure robust risk management.

However, much of the onus for risk-management remains on those who invest in cryptocurrencies and the companies that handle them. Until and unless governments assert by-the-book regulatory requirements and controls, buyer-beware appears to be a sensible motto.


RegTech 100 for AML Partners and RegTechONE (logos of all three)--AML Compliance and GRC platform

Governance, Risk, and Compliance: Software solutions that transform results, costs, and efficiency

AML Partners designs GRC and AML software solutions that transform the work of Governance, Risk, and Compliance. With AML Partners’ platform technology for AML Compliance and RegTech, AML and GRC software solutions are easier, faster, and so much more effective and efficient.  With extraordinary configurability and built for API extensibility and Business Intelligence, the RegTechONE platform powers a range of end-to-end AML/KYC tools but also Dynamic Case Management, vendor management and risk, cyber risk workflows, FCPA workflows, and so much more. RegTechONE: For your institution’s Network of Applications and Ecosystem of Permissioned Data. Contact us today for more information and to explore options for a Proof of Concept demonstration.