Edit | Wu talks about blockchain
Original link (Chapter 12):
This chapter provides guidance on the money laundering/terrorist financing risks associated with virtual assets and the regulatory requirements and standards in place to combat such risks, including the factors to be considered when conducting a risk assessment using a risk-based approach, the requirements for customer due diligence and ongoing monitoring in relation to virtual assets, and the rules regarding the transfer of virtual assets and third-party deposits and payments made in the form of virtual assets.
- ERC-6551: NFT as Wallet, Bringing a New Paradigm of SocialFi
- Data Analysis: Has Multichain suffered a significant outflow of funds due to partial routing shutdown caused by force majeure?
- From BRC-20, ORC-20 to SRC-20: Will these innovative experiments be the future of Bitcoin?
For the purposes of this chapter, “virtual assets” means (i) any “virtual asset” as defined in section 53ZRA of the Anti-Money Laundering and Counter-Terrorist Financing Ordinance; and (ii) any security token. “Security token” means a digitally represented value of a security as defined in Part 1 of Schedule 1 to the Securities and Futures Ordinance.
Money laundering can be divided into three common stages, often involving multiple transactions. Financial institutions should be alert to signs of possible criminal activity. These stages include: (a) placement – depositing or disposing of cash proceeds from illegal activities or disposing of virtual assets from illegal activities; (b) layering – separating the proceeds of crime and their source by means of complex multi-layered financial transactions or by using various technologies (such as enhanced anonymity techniques or mechanisms) in order to conceal the source of funds or virtual assets, disguise audit trails and achieve anonymity; and (c) integration – creating the appearance of legitimacy of criminally derived wealth. When the layering process is successful, the integration plan actually reintroduces the laundered proceeds back into the general financial system, making it appear that the proceeds are derived from or connected with legitimate business activities.
Transactions facilitated by virtual asset businesses may involve cash as a medium of exchange, so such businesses may be used for the placement of cash proceeds from criminal activities. In addition, virtual asset businesses may be used to dispose of or hold virtual assets related to proceeds from illegal activities or upstream crimes (such as online scams, ransomware and other cybercrimes).
Virtual asset services may also be used in the second stage of money laundering, namely the process of layering transactions. These services provide potential avenues for criminals or money launderers to significantly alter the form of funds (i.e. fiat currency) or virtual assets involved, including converting cash or other funds into virtual assets or one type of virtual asset into another. This can be done to obscure the origins of illicitly obtained funds or virtual assets associated with illicit sources, by converting them into cash or other funds after a transaction, solely for the purpose of obscuring the flow of funds, the identity of virtual asset holders or beneficial owners.
In order to obscure the origins of virtual assets obtained from illicit activities, criminals or money launderers may transfer assets between different wallet addresses, service providers, categories of virtual assets, or blockchains. They may use virtual asset-specific layering techniques such as “peel chains” and “chain-hopping”. Virtual assets are sometimes laundered through anonymity-enhancing services such as mixers or tumblers and other anonymity-enhancing techniques or mechanisms such as privacy coins, privacy wallets, etc. Unhosted wallets, decentralized virtual asset exchanges, peer-to-peer platforms, or virtual asset services that are unregulated or have loose anti-money laundering/counter-terrorist financing controls can be particularly attractive to criminals or money launderers.
Before carrying out a virtual asset transfer involving an amount equivalent to HKD 8,000 or more, a remittance service provider must obtain and record the following information of the remitter and the payee:
(a) the name or the name of the entity of the remitter;
(b) where the virtual assets are transferred from an account held by the remitter with the remittance service provider – the number of the account (or, if there is no such account, a unique reference number assigned by the remittance service provider to the transaction);
(c) the address of the remitter, the customer identification number or identification document number of the remitter or, if the remitter is an individual, the date and place of birth of the remitter;
(d) the name or the name of the entity of the payee;
(e) For transfers of virtual assets, the account number (or, if there is no such account, a unique reference number assigned by the relevant payment service provider) of the account held by the payee with the payment service provider concerned to which the virtual assets are to be transferred.
Additional information includes: Internet protocol (IP) address together with the relevant time stamp; geographical data; and device identifier.
Before carrying out a transfer of virtual assets involving an amount equivalent to HK$8,000 or above, the remittance agent must obtain and record the following information of the remitter and the payee:
(a) the name or names of the remitter;
(b) for transfers of virtual assets from an account held by the remitter with the remittance agent, the account number of that account (or, if there is no such account, a unique reference number assigned by the remittance agent to that transfer);
(c) the name or names of the payee; and
(d) for transfers of virtual assets to an account held by the payee with the payment service provider concerned, the account number (or, if there is no such account, a unique reference number assigned by the payment service provider to that transfer).
Some potential money laundering red flags:
(a) Customers who have no apparent reason to use a financial institution’s services (for example, customers who only deposit fiat or virtual assets with virtual asset trading services upon opening accounts but thereafter only withdraw all the balance or the majority of the assets deposited without conducting other activities; or customers located outside Hong Kong opening accounts with financial institutions for the purpose of buying and selling virtual assets services provided by virtual asset service providers that are also available in their own jurisdictions);
(b) Customers who request virtual asset trading services or virtual asset transfers and whose source of funds is unclear or incompatible with their status and apparent position;
(c) Customers who access the platform of a financial institution and/or issue transaction instructions from IP addresses that may have higher risks, including IP addresses:
(i) from jurisdictions with higher risks;
(ii) that are not compatible with the customers’ status (e.g. jurisdictions where the IP addresses are located are not the customers’ places of residence or main business locations);
(iii) that have previously been identified by the financial institution as suspicious; or
(iv) Associated with software that enhances anonymity or allows anonymous communication in “dark web” markets (such as proxy servers, unverifiable IP geolocation, virtual private networks, and The Onion Router routers);
(d) A customer and other clearly unrelated customers enter the financial institution’s platform from the same IP or MAC address;
(e) The customer frequently changes contact information, such as email addresses and phone numbers, especially disposable or short-term email addresses and phone numbers;
(f) The customer frequently or within a short period of time (such as a few hours) changes the IP address or device used to access the financial institution’s platform and/or conduct transactions.
(a) The buying and selling of virtual assets has no apparent purpose, or the nature, scale, or frequency of the transactions appears unusual. For example, if a customer repeatedly trades virtual assets with a particular individual or group and earns substantial profits or incurs significant losses, this may indicate that the transactions are part of a money laundering/terrorist financing scheme and are being used to transfer value or obscure the flow of funds, or that the account may be taken over;
(b) Mirror trading or trading of virtual assets used as currency exchanges for illegal purposes or without apparent business purposes;
(c) Conversion of virtual assets into fiat currency in disregard of (for example) price fluctuations or high commission fees, in circumstances where losses may be incurred;
(d) Conversion of a large amount of fiat currency or virtual assets into other or multiple virtual assets for no logical or apparent reason, obscuring the flow of funds.
(a) Accounts for the same virtual asset that is traded thinly are closely followed by the same beneficial owner or by a customer’s affiliated person;
(b) Within a short period of time, the same person introduced multiple new customers to open accounts to buy and sell the same virtual asset;
(c) The customer participates in pre-arranged or other non-competitive trades, especially where this may also indicate that the customer’s account may be taken over (i.e. impostors impersonate real customers and gain control of accounts and then engage in unauthorized trading).
(d) Buying and selling a specific virtual asset in the same quantity (“wash trading”) to create a false impression of trading activity, while the actual ownership of the virtual asset remains unchanged. Such wash trading does not reflect the true market conditions and could provide a “cover-up” for money launderers;
(e) Accumulating virtual assets at incrementally higher prices and gradually increasing the prices of virtual assets over time;
(f) Customers buying large amounts of virtual assets in a short period of time, especially for virtual assets with low trading volume, and the scale of the transaction is disproportionate to the customer’s status;
(g) A group of customers with the same trading pattern (e.g. buying the same virtual assets at the same or similar times or at the same or similar prices), especially for virtual assets with low trading volume, authorizing the same person or third party to operate their accounts and/or transfer fiat currency or virtual assets between their accounts.
(a) Customers using financial institutions to pay on their behalf or hold funds or other assets, but the funds or assets are rarely or not used to buy or sell virtual assets, i.e. the account appears to be used as a deposit account or transfer channel;
(b) Transferring warehouses or funds, virtual assets or other assets between accounts that appear to be controlled by different or unrelated individuals;
(c) Frequent transfers of funds, virtual assets or other assets or cheque payments to third parties who have no connection or are difficult to verify;
(d) Without a reasonable explanation, transfer of funds or virtual assets between financial institutions or virtual asset service providers located in jurisdictions with higher risks or that do not correspond to the customer’s declared place of residence, business transactions or interests;
(e) Without a reasonable explanation, transfer of funds or virtual assets from different individuals to the same person, or from the same person to different individuals. For example, the jurisdiction in which the virtual asset service provider is located does not prohibit or regulate virtual asset-related activities or services.
(f) Frequently changing the details or information of the bank account or wallet address used to collect funds or virtual assets;
(g) Multiple transactions involving high-value virtual assets, and the nature, frequency or pattern of trading appears to be unusual, such as transactions occurring within a short period of time (e.g. within 24 hours), or in a pattern of regular segments after a long period of inactivity; transferring virtual assets to another wallet, especially a new wallet or a wallet that has been idle for a period of time, which may indicate the possibility of ransomware attacks or other cyber crimes;
(h) Virtual assets are transferred out of a wallet address that is known to hold stolen virtual assets or is known to be associated with the holder of stolen virtual assets;
(i) Transactions that involve depositing virtual assets (including from new customers) and immediately engaging in transactions that have no apparent legitimate purpose or business rationale that would attract additional or unnecessary costs or fees (such as converting the deposited virtual assets into other or multiple virtual assets, making transaction tracing difficult, and/or immediately withdrawing all or part of the deposited virtual assets to an unhosted wallet);
(j) Virtual assets (particularly those held by third parties) are transferred out of multiple wallets in small amounts and subsequently transferred to another wallet or converted into fiat currency;
(k) Transactions involving virtual assets with a high degree of anonymity (such as enhanced anonymity virtual assets) (such as depositing virtual assets that operate on a public blockchain and then immediately converting them into virtual assets with a higher degree of anonymity);
(l) Customers utilize financial institutions to convert unusual amounts of virtual assets (measured by transaction volume or number) into fiat currency from peer-to-peer platforms (such as those with lax anti-money laundering/counter-financing of terrorism controls);
(m) Transactions involving virtual assets transferred to and from wallet addresses associated with higher risk (such as those directly and/or indirectly associated with illicit or suspicious activity/sources or designated persons);
(n) Transactions involving virtual assets that are associated with chain hopping;
(o) Frequent and/or high-value transactions involving virtual assets that are conducted through virtual asset ATMs or self-service kiosks (particularly those located in high-risk jurisdictions);
(p) Information or messages that are transmitted with the virtual asset transfer that display that the transaction may be used to fund or assist illegal activities;
(q) High-frequency and/or high-value transactions (particularly in funds and/or virtual assets) involving financially unsound persons and/or customers who have no prior knowledge of virtual assets, which may reflect signs of money mules or scam victims, through financial institutions.
(r) Depositing a large amount of virtual assets and then converting them into legal currency, where the source of the funds is unclear and the scale of the transaction does not match the customer’s background, may indicate that the deposited virtual assets are stolen assets;
(s) The customer’s funds or virtual assets originate from or are sent to a financial institution or virtual asset service provider that (i) is not registered or licensed in the jurisdiction where it operates (or where its customers who receive its products and/or services reside);
(ii) operates in a jurisdiction that does not prohibit or regulate virtual asset-related activities or services or where its customers who receive its products and/or services reside;
(t) The required information for virtual asset transfers is inaccurate or incomplete, for example, as far as the remittance institution is concerned, the recipient information provided by its customer is inconsistent with the information stored by the recipient institution, resulting in inaccurate or incomplete information required for virtual asset transfers, such as the recipient information provided by its customer is inconsistent with the information noticed when screening the recipient’s wallet address associated with virtual asset transfers;
(u) Customers with limited assets placed in financial institutions receive large amounts of transferred virtual assets with low trading volume;
(v) Customers deposit virtual assets and request that they be recorded in multiple seemingly unrelated accounts, as well as selling or otherwise transferring ownership of such virtual assets.