On Sept. 14, 2020, FATF released “Virtual Assets—Red Flag Indicators of Money Laundering and Terrorist Financing.” The report was released to assist both public and private sectors in identifying, detecting and ultimately preventing criminal, money laundering (ML) and terrorist financing (TF) activities associated with VAs. 

In this report, the FATF discussed red flags indicators that have been collected from past studies, input across the global network and guidance, as well as information available in the public domain. The red flag indictors include, but are not limited to the following: 

Red flag indicators related to transactions

• Structuring VA transactions (e.g., exchange or transfer) in small amounts, or in amounts under record-keeping or reporting thresholds, similar to structuring cash transactions.
• Transferring VAs immediately to multiple VASPs, especially to VASPs registered or operated in another jurisdiction where there is no relation to where the customer lives or conducts business or there is nonexistent or weak AML/combating the financing of terrorism (CFT) regulations. 

Red flag indicators related to transaction patterns

• Conducting a large initial deposit to open a new relationship with a VASP, while the amount funded is inconsistent with the customer profile. 
• Incoming transactions from many unrelated wallets in relatively small amounts (accumulation of funds) with subsequent transfer to another wallet or full exchange for fiat currency. Such transactions by a number of related accumulating accounts may initially use VAs instead of fiat currency.

Red flag indicators related to anonymity

• Abnormal transactional activity (level and volume) of VAs cashed out at exchanges from peer to peer platform-associated wallets with no logical business explanation.
• A large number of seemingly unrelated VA wallets controlled from the same IP-address (or MAC-address), which may involve the use of shell wallets registered to different users to conceal their relation to each other.

Red flag indicators about senders or recipients

• Transactions initiated from nontrusted IP addresses, IP addresses from sanctioned jurisdictions, or IP addresses previously flagged as suspicious.
• Customer purchases large amounts of VA not substantiated by available wealth or consistent with his or her historical financial profile, which may indicate money laundering, a money mule or a scam victim.

Red flag indicators in the source of funds or wealth

• Lack of transparency or insufficient information on the origin and owners of the funds, such as those involving the use of shell companies or those funds placed in an initial coin offering (ICO) where personal data of investors may not be available, or incoming transactions from online payments systems through credit/pre-paid cards followed by instant withdrawal.
• The use of one or multiple credit and/or debit cards that are linked to a VA wallet to withdraw large amounts of fiat currency (crypto-to-plastic), or funds for purchasing VAs are sourced from cash deposits into credit cards.

Red flag indicators related to geographical risks

• Customer’s funds originate from, or are sent to, an exchange that is not registered in the jurisdiction where either the customer or exchange is located.
• Customer sends funds to VASPs operating in jurisdictions that have no VA regulation, or have not implemented AML/CFT controls.

The FATF recommends that reporting entities should consider the risks posed by their customers, products and operations, as well as the presence of conventional risk indicators. The mere presence of a red flag indicator is not necessarily a basis for a suspicion of ML or TF, but should encourage further monitoring, examination and reporting where appropriate. 

For more information, go to Virtual Assets—Red Flag Indicators of Money Laundering and Terrorist Financing.