skip to navigation
skip to content

Financial Outsourcing Solutions

Corporate People

FOS Blog

10 Oct

Take a Proactive Approach to Cryptocurrency Due Diligence and Monitoring

Take a Proactive Approach to Cryptocurrency Due Diligence and Monitoring

With so many regulatory updates on your financial institution’s plate for 2018 (still having flashbacks from the beneficial ownership roll-out?), you may have overlooked one emerging higher risk trend – cryptocurrency.  Although this form of currency is not illegal, it is currently unregulated and poses elevated risks due to lack of oversight and volatile values.  Regulatory bodies have urged financial institutions to take a proactive, rather than reactive, approach to customers’ cryptocurrency activity – where to start?

  • Educate your Board of Directors – The Board should have a good grasp of cryptocurrency, including what it is, the potential risks posed to customers, and an overview of the differences between users, administrators, and exchangers. Some administrator and exchanger activity can classify a customer as an MSB, leading to enhanced due diligence, FinCEN registration, and use of your institution’s BSA resources.
  • Identify your institution’s appetite for cryptocurrency risk and ability to monitor – With input from the Board, BSA Officer, and senior management, determine what level of cryptocurrency activity fits your institution’s risk profile. Some institutions have opted to prohibit this transaction type; however, this runs counter to guidance from FinCEN and other regulatory bodies – in the absence of regulation, financial institutions have become the frontline for monitoring and reporting suspicious activity.  Many institutions have opted instead to implement AML model alert scenarios to detect and track activity while others use a less formal method of tracking activity once identified.
  • Update your BSA policy and risk assessment – As you have with MSBs and other higher risk areas, include your institution’s stance on cryptocurrency and your method of identifying and monitoring in the BSA policy and risk assessment.
  • Update your CDD questionnaires – If your institution uses a manual questionnaire, add a prompt to ask the customer for anticipated cryptocurrency activity frequency and dollar volumes just as you do for cash and wire activity. If you use an electronic questionnaire within your core system or AML model, reach out to the vendor – many systems have this prompt, but you may need to request activation.
  • Communicate with your customers – If you detect new cryptocurrency activity, ongoing high dollar volumes or frequencies, or activity that doesn’t make sense for what you know about your customer, reach out to the customer and ask. If red flags start to pop up, a discussion with your SAR Committee may be warranted.

One extra step in ongoing due diligence may include a periodic scrub of names of known cryptocurrency platforms (ie. Coinbase) against ACH transaction descriptions within a certain time period to identify any previously undetected activity.  Your approach to cryptocurrency due diligence should be risk-based and evolving as further guidance comes our way.  Taking a proactive approach to this emerging trend will help your institution get out ahead of regulatory expectations – until the next new thing comes along!

For additional questions contact the author at