Hong Kong’s Anti-Money Laundering Guidelines: How to Identify Money Laundering in DeFi, Especially in the Virtual Currency Chapter

Edit | Wu talks about blockchain

Original link (Chapter 12):

https://www.sfc.hk/-/media/TC/assets/components/codes/files-current/zh-hant/guidelines/guideline-on-anti-money-laundering-and-counter-financing-of-terrorism/AML-Guideline-for-LCs-and-SFC-licensed-VASPs_TC_1-Jun-2023.pdf?rev=77578ce554fb4e45bc8b3006375f1e69

This chapter provides guidance on the money laundering/terrorist financing risks associated with virtual assets and the regulatory requirements and standards for combating money laundering/terrorist financing designed to address such risks, including factors to consider when conducting a risk assessment using a risk-based approach, requirements for customer due diligence and ongoing monitoring specifically in relation to virtual assets, and requirements for virtual asset transfers and third-party deposits and payments made in virtual asset form.

For the purposes of this chapter, “virtual assets” means (i) any “virtual assets” as defined in section 53ZRA of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance; and (ii) any security token. “Security token” means a digital representation of value that constitutes “securities” as defined in Part 1 of Schedule 1 to the Securities and Futures Ordinance.

Money laundering can be broken down into three common stages, often involving multiple transactions. Financial institutions should be mindful of indicators of possible criminal activity. These stages include: (a) placement – placing cash proceeds from illegal activity or disposing of virtual assets derived from illegal activity; (b) layering – separating illegal proceeds and their origins through complex layers of financial transactions or using various technologies such as enhanced anonymity techniques or mechanisms to conceal the source of funds or virtual assets, obscure audit trails, and achieve anonymity; and (c) integration – creating a veneer of legitimacy for criminal wealth. When the layering process is successful, the integration plan effectively funnels laundered proceeds back into the mainstream financial system, making it seem as though the proceeds are derived from or connected to legitimate business activities.

Transactions facilitated by virtual asset businesses may involve cash as a medium of exchange, and therefore such businesses may be used to place cash proceeds from criminal activity. In addition, virtual asset businesses may be used to dispose of or place virtual assets derived from illegal activities or associated with upstream criminal activities (such as online fraud, ransomware, and other cybercrime).

Virtual asset services may also be used in the second stage of money laundering, which is the process of layering transactions. These services provide potential avenues for criminals or money launderers to significantly alter the form of funds (i.e. fiat currency) or virtual assets involved. This can involve converting cash or other funds into virtual assets, or converting one type of virtual asset into another, and may also involve converting virtual assets derived from illicit activities or from a source connected to illicit activities into cash or other funds, with the aim of making the flow of funds, the holder of the virtual assets, or the beneficial owner more opaque.

To obscure the source of virtual assets derived from illicit activities, criminals or money launderers may transfer assets between different wallet addresses, service providers, categories of virtual assets or blockchains. They may utilize virtual asset-specific layering techniques, such as peel chains and chain-hopping. Virtual assets may sometimes be laundered through anonymizing services such as mixers or tumblers, and other enhanced anonymity techniques or mechanisms, such as virtual assets or privacy coins with enhanced anonymity features, privacy wallets, etc. Unhosted wallets, decentralized virtual asset exchanges, peer-to-peer platforms, or virtual asset services with lax anti-money laundering/counter-terrorist financing controls may be particularly attractive to criminals or money launderers.

Before conducting a virtual asset transfer involving an amount equivalent to HKD 8,000 or more, remittance agents must obtain and record the following information about the remitter and the payee:

(a) the remitter’s name or name of the entity;

(b) where the virtual asset is transferred out of an account held by the remitter with the remittance agent, the account number (or if no such account exists, a unique reference number assigned by the remittance agent for that transaction) of that account used to process the transaction;

(c) the remitter’s address, customer identification number or identification document number, or (in the case of an individual) date and place of birth of the remitter;

(d) the payee’s name or name of the entity;

(e) For virtual assets, the account number (or, if there is no such account, a unique reference number assigned by the relevant recipient institution) to which the virtual assets are transferred.

Additional information includes: Internet Protocol (IP) addresses together with related time stamps; geolocation data; and device identifiers.

Before a virtual asset transfer involving an amount equivalent to HKD 8,000 or below is made, the remittance institution must obtain and record the following information of the remitter and the payee:

(a) the remitter’s name or the name of the business;

(b) for virtual assets transferred out of an account held by the remitter with the remittance institution, the account number (or, if there is no such account, a unique reference number assigned by the remittance institution for that transaction);

(c) the payee’s name or the name of the business;

(d) for virtual assets transferred to an account held by the payee with the relevant recipient institution, the account number (or, if there is no such account, a unique reference number assigned by the recipient institution for that transaction).

Some potential indicators of money laundering risk are:

(a) customers who have no apparent reason to use a financial institution’s services (for example, customers who open accounts for virtual asset trading services, but only deposit fiat or virtual assets and withdraw all remaining or most of the assets shortly after without conducting any other activities; or customers outside Hong Kong who open accounts with a financial institution for buying and selling virtual assets that are also offered by virtual asset service providers in their jurisdiction);

(b) customers who request virtual asset trading services or virtual asset transfers with funds of unknown origin or which do not match their status or apparent position;

(c) customers who access the platforms of financial institutions and/or give trading instructions from IP addresses that may have higher risks, such as those that:

(i) originate from jurisdictions with higher risks;

(ii) do not match the customers’ status (e.g. the IP address is located in a jurisdiction other than the customers’ place of residence or principal place of business);

(iii) were previously identified as suspicious by financial institutions; or

(iv) Association with software that enhances anonymity or allows anonymous communication in relation to “dark web” markets (such as proxy servers, unverifiable IP geolocation, virtual private networks and The Onion Router routers);

(d) A customer and other apparently unrelated customers enter a financial institution’s platform from the same IP or MAC address;

(e) A customer frequently changes contact information, such as email addresses and phone numbers, especially email addresses and phone numbers that can be discarded or used for short periods of time;

(f) A customer frequently or within a short period of time (such as within hours) changes the IP address or device used to access the financial institution’s platform and/or conduct transactions.

(a) The buying and selling of virtual assets has no apparent purpose, or the nature, scale or frequency of the transactions appears unusual. For example, if a customer repeatedly trades virtual assets with a particular individual or group of individuals and makes significant profits or incurs significant losses, this may indicate that the transactions are part of a money laundering/terrorist financing scheme and are being used to transfer value or make the flow of funds unclear, or that the account may have been taken over;

(b) Mirror buying or trading of virtual assets that are used for illegal purposes or as a currency exchange without an obvious business purpose;

(c) Conversion of virtual assets into fiat currency without logical or apparent reason, despite (for example) price fluctuations or high commission fees, in circumstances where loss may be incurred;

(d) Conversion of large amounts of fiat currency or virtual assets into other or multiple virtual assets for no logical reason, making the flow of funds unclear.

(a) Accounts holding the same virtual assets with low turnover are immediately matched for buying and selling by the same beneficial owner or by a related customer of the customer;

(b) Within a short period of time, the same person introduces multiple new customers to open accounts to buy and sell the same virtual assets;

(c) Customers participate in pre-arranged or other non-competitive trades, particularly where this may also indicate that the customer’s account may have been taken over (i.e. fraudsters pretending to be genuine customers and gaining control of the account, then making unauthorized trades).

(d) Engage in wash trading of specific virtual assets with the same quantity of buy and sell orders to create a false impression of active trading, while the true ownership of the virtual assets remains unchanged. Such wash trading does not reflect the true market situation and may provide a “cover-up” for money laundering activities;

(e) Accumulate virtual assets at incrementally increasing prices, gradually driving up the price of the virtual assets over time;

(f) Customers make large purchases of virtual assets in a short period of time, especially for thinly traded virtual assets, and the scale of the transactions is disproportionate to the customer’s status;

(g) A group of clients with the same trading pattern (such as buying the same virtual assets at the same or similar time or at the same or similar prices) (especially for thinly traded virtual assets), authorizing the same person or a third party to operate their accounts and/or transfer legal tender or virtual assets between their accounts.

(a) Customers use a financial institution to pay on their behalf or hold funds or other assets, but the related funds or assets are rarely or not used for the purchase or sale of virtual assets, i.e. the accounts appear to be used as a deposit account or a transfer channel;

(b) Transfer of warehouses or funds, virtual assets or other property between accounts of persons who do not appear to be controlled by the same person or have no apparent relationship;

(c) Frequent transfer of funds, virtual assets or other property or payment of cheques to third parties who are unrelated or difficult to verify;

(d) In the absence of a reasonable explanation, funds or virtual assets are transferred between financial institutions or virtual asset service providers located in jurisdictions with higher risk or that do not correspond to the client’s declared place of residence, business transactions or interests;

(e) In the absence of a reasonable explanation, funds or virtual assets are transferred from different persons to the same person, or from the same person to different persons. For example, the jurisdiction in which the virtual asset service provider is located does not prohibit or regulate virtual asset-related activities or services.

(f) Frequently change details or information about bank accounts or wallet addresses used to receive funds or virtual assets;

(g) Multiple transactions involving high-value virtual assets, with the nature, frequency or pattern of the transactions appearing unusual, such as transactions that are conducted within a short period of time (such as within 24 hours), or that are conducted in a regular pattern after a long period of inactivity; the transfer of virtual assets to another wallet, especially a new wallet or a wallet that has been inactive for a period of time, which may indicate that there is a possibility of ransomware attacks or other cybercrime;

(h) Virtual assets are transferred from a wallet address known to hold stolen virtual assets or known to be associated with the holder of stolen virtual assets;

(i) Transactions involving virtual assets deposited (including by new customers) with no apparent lawful purpose or commercial rationale that immediately incur additional or unnecessary costs or fees, such as converting the deposited virtual assets to other or multiple types of virtual assets, making transactional traces unclear and/or immediately extracting all or part of the deposited virtual assets to unhosted wallets;

(j) Virtual assets are gradually transferred out from multiple wallets (particularly virtual assets held by third parties) and thereafter transferred to another wallet or converted into fiat currency in their entirety;

(k) Transactions involving virtual assets with enhanced anonymity features (e.g., anonymity-enhanced virtual assets) that are deposited onto public blockchains and subsequently converted into virtual assets with stronger anonymity features;

(l) Customers, without logical or apparent reason, utilize financial institutions to convert virtual assets of an unusual amount (in terms of transaction volume or number) into fiat currency from peer-to-peer (P2P) platforms with lax anti-money laundering/counter-financing of terrorism (AML/CFT) controls;

(m) Transactions involving virtual asset transfers to/from wallet addresses associated with high-risk entities (e.g., directly and/or indirectly associated with illegal or suspicious activities/sources or designated persons);

(n) Transactions involving virtual assets associated with chain hopping;

(o) Frequent and/or high-value transactions involving virtual assets through virtual asset automated teller machines or self-service terminals (particularly those located in jurisdictions with high levels of ML/TF risks);

(p) Information or messages accompanying virtual asset transfers that indicate that the transaction may be related to funding or assisting illegal activities;

(q) Customers who are financially unstable and/or have no prior knowledge of virtual assets engaging in frequent and/or high-value transactions (particularly funds and/or virtual asset deposits), which may indicate the presence of money mules or scam victims, through financial institutions.

(r) Depositing a large amount of virtual assets and then converting them into fiat currency, where the source of the funds is unclear and the size of the transaction does not correspond to the background of the customer, may indicate that the deposited virtual assets are stolen assets;

(s) The customer’s funds or virtual assets originate from or are sent to a financial institution or virtual asset service provider that (i) is not registered or licensed in the jurisdiction where it operates (or where its clients who receive its products and/or services reside);

(ii) operates in a jurisdiction that does not prohibit or regulate virtual asset-related activities or services, or where its clients who receive its products and/or services reside;

(t) The required information for virtual asset transfers is inaccurate or incomplete, for example, for a remittance institution, the recipient information provided by its customer is inconsistent with the information stored by the recipient institution, resulting in the required information for virtual asset transfers being inaccurate or incomplete, for example, for a remittance institution, the recipient information provided by its customer is inconsistent with the information stored by the recipient institution, resulting in the recipient institution may refuse the virtual asset transfer request, return the virtual asset, or the recipient information provided by its customer is inconsistent with the information noticed when screening the recipient wallet address associated with the virtual asset transfer;

(u) Customers with limited assets deposited in financial institutions receive a large number of virtual assets with light trading activity;

(v) Customers deposit virtual assets and request that they be credited to multiple seemingly unconnected accounts, and sell or transfer ownership of such virtual assets in other ways.

Note: Blocking all articles only represents the author’s opinion and does not constitute investment advice
Original link: https://www.bitpush.news/articles/4468658

Like what you're reading? Subscribe to our top stories.

We will continue to update Gambling Chain; if you have any questions or suggestions, please contact us!

Follow us on Twitter, Facebook, YouTube, and TikTok.

Share:

Was this article helpful?

93 out of 132 found this helpful

Gambling Chain Logo
Industry
Digital Asset Investment
Location
Real world, Metaverse and Network.
Goals
Build Daos that bring Decentralized finance to more and more persons Who love Web3.
Type
Website and other Media Daos

Products used

GC Wallet

Send targeted currencies to the right people at the right time.