Compliant cryptocurrency businesses know what it takes to keep their platforms safe: They need to conduct KYC checks on customers, monitor transactions for counterparty risk, and file SARs when they see suspicious activity. However, these can’t just be one-time jobs that only happen when a new customer signs up or when a transaction takes place. If new information comes out that raises a customer or counterparty’s risk factor — for instance, news of possible involvement in criminal activity, or an OFAC designation — then previous transactions involving that person or entity retroactively become risky even if they initially appeared safe. Those old transactions may therefore warrant a SAR or other action by the compliance team.
That’s why your cryptocurrency compliance software needs to include continuous monitoring for transactions. It’s the only way for compliance teams to ensure they know to take action when historic transactions become risky in the light of new information. Below, we’ll explain why continuous monitoring is important and show you how Chainalysis KYT (Know Your Transaction) makes it easy.
Why continuous monitoring is necessary
Sanctioned individuals and entities represent some of the biggest compliance risks for both cryptocurrency businesses and mainstream financial institutions. Since 2018, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) has included cryptocurrency addresses in the Specially Designated Nationals (SDN) list entries for a handful of sanctioned entities, including developers of destructive ransomware strains and individuals found to have laundered funds on behalf of cybercriminals associated with the North Korean government.
Blockchain analysis suggests that cryptocurrency compliance teams have been effective in helping enforce these sanctions.
Every sanctioned entity with an OFAC-identified cryptocurrency address has received little to no cryptocurrency payments since being added to the SDN list. However, that doesn’t mean compliance teams’ work is done. In addition to preventing future payments, cryptocurrency compliance teams need to review past transaction activity when a new entity is sanctioned to see if their platform previously processed transactions with that entity, even if the compliance team would have had no way of knowing about upcoming sanctions when those transactions occurred. If reviews showed their platform did transact with that now-sanctioned entity, the compliance team would need to report those transactions through the appropriate channels.
Keep in mind, this doesn’t just apply to sanctioned entities, but to any entity whose cryptocurrency transaction activity becomes suspicious in hindsight due to new information being uncovered. For instance, if a cryptocurrency wallet was identified as belonging to a ransomware operator, cryptocurrency exchange compliance teams would need to identify any old transactions occurring between that ransomware wallet and addresses hosted by their platform. Compliance teams who don’t continuously monitor for newly identified risk in old transactions could find themselves in trouble with regulators, who are themselves adopting the same blockchain analysis platforms the compliance teams themselves rely on, and can therefore spot historic suspicious activity compliance teams fail to report.
What effective continuous monitoring looks like
Any continuous monitoring solution needs three elements to be effective for compliance teams.
It would be so time-consuming as to be infeasible for compliance teams to manually screen old transactions on a consistent basis as they learn about new risk factors. Luckily, that’s not necessary. With the right architecture in place, once a blockchain data platform has attributed new risk designations for old wallets, it can scan the blockchain to spot any transactions between those wallets and a cryptocurrency platform, and notify the platform’s compliance team via real-time transaction monitoring alerts.
Customized alert thresholds
Some transactions with risky entities aren’t large enough to create real risk or warrant a follow-up from compliance, and these standards change from one organization to another based on differing policies and priorities. If your continuous monitoring tool doesn’t account for that, your compliance team could be inundated with non-critical alerts. A good continuous monitoring tool will let compliance teams set customized alert thresholds for risky transactions, with different thresholds for different risk categories, so that they only receive alerts for historic transactions that require a follow-up.
No extra fees
Some cryptocurrency compliance solutions support continuous monitoring, but require compliance teams to pay for the “re-screening” of old transactions. This is especially common with softwares that don’t provide automatic alerts and instead require manual re-screening. Not only do these unpredictable costs put a dent in compliance teams’ budgets, but it also makes the cryptocurrency ecosystem less safe by disincentivizing compliance teams from undertaking continuous monitoring in the first place. At Chainalysis, we don’t believe in imposing extra costs on workflows necessary for cryptocurrency platforms to meet the compliance requirements mandated by regulators.
Chainalysis KYT’s continuous monitoring checks all the boxes
A continuous monitoring tool with the three elements described above lets compliance teams rest easy, knowing that they’ll automatically learn when an old transaction becomes suspicious due to new information. Chainalysis KYT checks all the boxes. In addition to monitoring new transactions for risks as they occur in real time, its continuous monitoring tool has everything compliance teams need to get peace of mind when it comes to historic transactions.
Want to learn more? Contact us here to talk to someone on the team and learn how KYT can make your compliance team more effective.