Written by: Cristina Palladino
Cryptocurrency and digital assets are becoming commonplace, bringing crypto regulations and digital asset risks to the forefront of financial sector considerations. Trillions of dollars are funneling into this emerging market, but is your organization ready? Your business can prepare by understanding the opportunities and risks presented by crypto and digital assets as organizations enter the digital asset economy.
Per Metaco, digital assets represent an opportunity to tap a significant new revenue stream, which can compensate for revenue lines foregone to new contributors. What’s more, these assets unlock access to revenue lines with higher margins and lower asset intensity.
Services like payment processing, lending, custody services, and crypto ATMs are on the verge of major changes. However, these new products and services pose significant risks to many organizations’ control environments and risk models. The digital asset landscape is rapidly changing, and diligence is required to ensure proper crypto compliance protocols are in place. With careful preparation, implementation, and analysis, your organization can develop viable crypto regulations and compliance procedures that anticipate and manage weak controls.
Digital Asset Risks & Challenges
To fully adapt to the crypto asset economy, organizations must identify areas of need to enhance their risk assessment. This includes understanding the potential crypto risks and your organization’s level of risk tolerance. By measuring and evaluating how risk will affect operations, your organization will be able to identify areas where improvements are necessary. Lastly, developing a plan for implementing solutions by determining and considering the cost will enhance the control environment.
Crypto Compliance Best Practices
To keep up with the evolving landscape and ever-changing initiatives, organizations need to designate leadership such as a chief compliance officer, board of directors, or risk assessment committee. The leader or leadership group must install risk models and regulatory controls as well as third-party platforms that provide anti-money laundering (AML), fraud detection, and cybersecurity programs that meet state regulatory standards.
A successful compliance program will also include the following:
- Resources and staff to oversee a manual AML system or
- Automated software with appropriate threshold settings for crypto-specific transaction oversight, and
- Controls in place to monitor potentially illicit activity and file suspicious activity reports (SAR).
Your crypto plans are in place, what now? Continue to improve on what has been built with ongoing crypto risk assessment, independent testing, and model and system validation. Calibrate and optimize performance with enhanced internal programs and staff training on crypto regulations.
Crypto Risks in the News
New York’s Department of Financial Services (NYDFS) disclosed the first penalty against the cryptocurrency industry for “significant violations” of AML and cybersecurity rules.
Robinhood Crypto (RHC) holds licenses to operate as both a money transmitter and a cryptocurrency business in New York. The company runs an online platform through which customers can buy crypto on various exchanges with United States (U.S.) dollars from their accounts as its sister company, Robinhood Financial.
Some key takeaways:
- RHC relied solely on parent company Robinhood Market’s AML compliance, fraud detection, and cybersecurity programs, which did not meet New York’s standards.
- The chief compliance officer reported to the parent company’s senior products manager rather than directly to the board of directors or risk assessment committees.
- The organization failed to allocate enough resources and staff to the company’s AML function. Additionally, the company utilized a manual system to screen a daily average of 106,000 transactions with an aggregate value of $5.3 million.
- Ten months after an independent consultant warned that the manual process was not sufficient, the company had accumulated a backlog of 4,378 transactions requiring review for potentially illicit activity.
- NYDFS cited an “extremely high and arbitrary” threshold for flagging crypto-specific transactions, which went unnoticed by RHC if it did not exceed $250,000 in aggregate value over a six-month period.
- As a result, the company filed only two SARs during the period in question.
- According to NYDFS, RHC relied entirely on its parent company’s AML program for its cybersecurity, which resulted in inadequate staffing to ensure compliance with reporting requirements during a period of rapid growth.
As Robinhood Crypto grew, the company failed to invest the proper resources and attention to develop and maintain a culture of compliance. NYDFS fined Robinhood Markets’ cryptocurrency wing $30 million for violating AML and cybersecurity rules.
Cryptocurrencies and digital assets continue to become more mainstream, and organizations need to implement the necessary controls and crypto compliance programs to mitigate risk. Despite the potential challenges that come with crypto, they also present significant revenue opportunities with diligent planning.
