The Financial Action Task Force (FATF) has prepared a report on red flag indicators to assist financial institutions, investigating agencies and regulators in detecting misuse of virtual assets for money laundering, terrorist financing and other crimes.
Virtual assets, which also include cryptocurrencies, are defined as a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. While they are not widely used by the public, the report says their use has caught on among criminals.
The red flag indicators included in the report are based on more than 100 case studies contributed by various jurisdictions from 2017-2020, a confidential FATF report on financial investigations involving virtual assets (June 2019) and another report published in June 2014, apart from the information available in the public domain.
The majority of virtual asset-related crimes involve predicate or money laundering offences. However, criminals also use them to evade financial sanctions, raise funds for terror activities, sell controlled substances and other illegal items, commit fraud, tax evasion, cybercrimes, child exploitation and human trafficking, says the report.
The red flags include structuring of virtual asset transactions in small amounts or in amounts under the reporting thresholds, making multiple high-value transactions in short succession or in a staggered and regular pattern, with no further transactions recorded during a long period afterwards, which is common in ransomware-related cases or to newly created or previously inactive accounts.
Transferring virtual assets immediately to multiple service providers, particularly those registered in another jurisdiction with weak anti-money laundering regulations, quick deposits and withdrawal without additional exchange activity, conversion to multiple types of virtual assets without any logical explanation and withdrawal for transfer to a private wallet are possible indicators.
Activities like making a large initial deposit to open a new account, inconsistent with the customer profile, starting to quickly trade the total amount or a large portion, and an immediate withdrawal or transfer of the whole amount also raise suspicion.
Incoming transactions from many unrelated wallets in relatively small amounts with subsequent transfer to another wallet or full exchange for fiat currency; conducting virtual asset-fiat currency exchange at a potential loss; and converting a large amount of fiat currency into virtual assets, or a large amount of one type of virtual asset into other types, with no logical explanation, are also included in the list of red flags.
Funds deposited or withdrawn from a virtual asset address or wallet with direct/indirect links to known suspicious sources like darknet marketplaces, mixing/tumbling services, questionable gambling sites and illegal activities like ransomware come under the scanner, and so does any unusual activity related to use of multiple IP addresses, frequent change in identification details or insufficient KYC information.
The profile of potential money mule or scam victims include those who do not appear to be familiar with the virtual asset technology or online custodial wallet solutions. “Such persons could be money mules recruited by professional money launderers, or scam victims turned mules who are deceived into transferring illicit proceeds without knowledge of their origins,” says the report.
If the users are significantly older than the average age of platform users and are engaging in large numbers of transactions, it may also suggest that they are potential mules or scam victims.