Understanding compliance for digital assets – 4 common myths explained

BVNK risk and compliance experts unpack some common misconceptions about compliance for crypto payments.

By
Heather Chalk, Tom Boydell
November 7, 2024
5
min read

BVNK’s risk and compliance team visited some of our banking partners this month to share insights on compliance for digital assets, and how it compares to fiat payments. In the session, Tom Boydell, Senior Compliance Manager at BVNK, and Heather Chalk, Interim Chief Compliance Officer at BVNK covered some common misconceptions, and gave their expert perspectives from working at the intersection of banks and blockchains. We’ve summarised these here. 

Myth 1: “All crypto is the same”


Tom Boydell, Senior Compliance Manager, BVNK:

We often talk about ‘crypto’ as one thing, but as a category it’s actually very diverse. Different cryptocurrencies have different profiles and behave differently. 

At BVNK, we assess every token thoroughly to ensure it’s suitable for customers, before we list it on the BVNK platform, taking into account factors like liquidity, volatility, privacy, performance and its regulated status.

How the regulators see it

Regulators classify different cryptocurrencies in different ways. In the UK for example, the FCA applies these classifications:

  • Unregulated tokens
    • Exchange tokens: no ‘tangible’ underlying value, often used for trading and speculation. The FCA includes Bitcoin and Ethereum in this category. 
    • Utility tokens: give you access to a particular product or service. Eg MANA, the currency of the Decentraland platform.
  • Regulated tokens 
    • Security tokens: securitise real-world assets. They’re regulated under MiFID since holders are typically entitled to dividends and profits. Eg Securitize and tZERO.
    • E-money tokens: forms of digital money regulated under the Electronic Money Regulations.
       

A spectrum of risk

Crypto coins and tokens vary significantly in their risk profile. Regulated, asset-backed stablecoins are lower risk, since they peg their value to hard currencies like the US dollar. In the EU under MiCA, regulated stablecoin issuers are now overseen by an EU regulator, similar to other traditional financial institutions. These factors make stablecoins much more suitable for business payments.

In contrast, meme coins like PepeCoin are often volatile and high-risk. Privacy coins like Monero are high risk too, because they hide details about the user or history of funds, preventing effective anti-financial crime screening. For those reasons, BVNK doesn’t list these types of token on our platform.

Environmental impact

Crypto tokens also differ in their environmental impact. Those that use ‘proof of stake’ consensus mechanisms, like Ethereum for example, use less energy than those that use ‘proof of work’ mechanisms, like Bitcoin. These considerations are becoming increasingly important for regulated financial businesses, as ESG regulation ramps up globally. 

Myth 2: “Crypto is unregulated”


Tom Boydell:

It is true that the regulatory picture is mixed, but we’ve seen a number of comprehensive regulatory regimes emerge for crypto assets over the last four years. While these differ in specifics, they all tend to focus on a set of core principles: customer protection, market stability and market integrity. 

Regulators look to achieve these outcomes through things like:

  • licensing and registration to ensure crypto service providers are being overseen
  • rules on how businesses can promote crypto to consumers
  • AML compliance rules to make sure that providers are carrying out customer due diligence, transaction monitoring and reporting.

Let’s look at a few examples:

Licensing and registration 

Under MiCA in the EU, all crypto asset service providers and issuers must be licensed and overseen by an EU regulator. Stablecoin issuers for example must meet certain governance requirements designed to increase transparency and reduce risk (eg. safeguarding a portion of their reserves as bank deposits).

Crypto asset licensing regimes and CBDC projects are emerging globally. Source: ComplyAdvantage 2024

Consumer protection

In the UK, the FCA has classed crypto assets as Restricted Mass Market Investments (RMMIs), like unlisted equities and P2P lending. Under rules on financial promotions, UK customers who try to invest in crypto must be shown risk warnings, and must undergo assessments designed to assess their knowledge of crypto. After signing up to a crypto platform, they must also wait for 24 hours (a ‘cool-off’ period), before they can start investing.

Anti-money laundering rules

Licensed or registered crypto service providers like BVNK must adhere to global anti-money laundering rules set by National Competent Authorities (NCAs). For example, licensed firms must demonstrate they have an effective financial crime control framework, carry out enhanced due diligence on customers, monitor transactions and report suspicious activity. The transparent, auditable and permanent nature of blockchains, combined with advanced blockchain analytic tools, enables providers, law enforcement and regulators to detect and prevent crime with a high degree of efficacy.

The Travel Rule is the latest addition to global anti-money laundering rules for crypto, adding an extra layer of transparency to crypto payments. The Rule has applied to fiat payments for more than 20 years, but in 2019, the Financial Action Task Force (FATF) applied the provisions to crypto asset transfers. Under the Rule, businesses that process crypto payments must now collect, verify and share specific transaction information with each other about who is sending and receiving the payment. In the EU, the Travel Rule comes into effect in 2024.

Myth 3: “Crypto is the currency of criminals”

Heather Chalk, Interim Chief Compliance Officer, BVNK:

Like all payment rails, blockchains can be used to move the proceeds of financial crime. But it’s important to remember that illicit activity makes up less than 1% of transactions on the blockchain – 0.34% in 2023, according to Chainalysis. In 2019, on-chain illicit activity peaked, coinciding with big increases in crypto adoption. But as the industry catches up with fraudsters, the percentage is trending downwards.

It’s also important to consider how the rate of illicit activity compares to fiat. At BVNK we have a unique perspective sitting at the intersection of banks and blockchains. We enable payments for business customers in both crypto and fiat currencies, and we‘ve found the rate of suspicious activity (and SARs filings) to be comparable. Typically, when we see suspicious activity, there is both a crypto and a fiat element to it, as money launderers work across both rails.

Source: Chainalysis, 2024
“The reality is that nearly all crypto transactions leave a digital trail that points to the identity of the sender and receiver.”
Heather Chalk
Interim Chief Compliance Officer, BVNK

Myth 4: “Crypto is anonymous”


Heather Chalk:

This is perhaps the most common misconception about crypto.

While some people think cryptocurrency is a way to buy things online while staying anonymous, the reality is that nearly all crypto transactions leave a digital trail that points to the identity of the sender and receiver. No matter how hard a criminal tries to hide on the blockchain, a well-resourced financial crime team can find them!

Let’s dig a bit deeper on the visibility of crypto payments.  

Customer due diligence 

As a payment provider, everything we do at BVNK in the financial crime space is underpinned by understanding our customer. That applies to crypto and fiat payments. In both cases, when we onboard a new customer, we ask questions about the nature of their business, their products and their customers, so we can understand any specific risks. 

If a potential customer is already transacting on a blockchain, we actually have more visibility, because blockchain data tools allow us to build a much richer picture of historical and current risk exposure. 

Monitoring transactions 

As a payment provider, we continually monitor transactions to detect and prevent financial crime. The information we monitor is similar for crypto and fiat. Since the roll out of the Travel Rule, this includes information on who is sending and receiving the payment. 

Comparing the information you can see about payment, before and after the Travel Rule

But there is a key difference. The transparent nature of blockchains means we can also see the entire history of funds for crypto payments, in a way that isn’t possible with fiat payments.

Let's imagine Tom is a customer of BVNK, and I send him £50. In this fiat transaction, BVNK sees me (the counterparty) and Tom (the customer). We call this ‘direct exposure’. In a crypto payment, BVNK would see this same information. But, in addition, they would see ‘indirect exposure’, meaning:

  • all transactions that I (the direct counterparty) have ever made since my crypto wallet became active
  • all the transactions that I make after this payment to Tom
  • the exposure of other counterparties that I have done business with, before or since.
With crypto payments, you can assess indirect exposure to financial crime risks


I’ve worked in transaction monitoring across both fiat and crypto, for financial institutions, banks and law enforcement. I’ve seen that while the risks of financial crime are similar across both, crypto payments can be even safer than fiat, if you use the right tools and work with the right partners. And that’s because the intelligence available is often more complete.

Subscribe

Get payment insights straight to your inbox

Thank you! You're signed up for the BVNK newsletter.
Oops! Something went wrong while submitting the form.