The Joint Chiefs of Global Tax Enforcement — a coalition of tax authorities that include the Australian Taxation Office, the Canada Revenue Agency, the Dutch Fiscal Information and Investigation Service, His Majesty's Revenue and Customs from the United Kingdom and the Internal Revenue Service's Criminal Investigation Division from the United States —
"Identification and detection play a crucial role in combating cybercrime on a global level," said Guy Ficco, chief of IRS Criminal Investigation, in a statement. "Anytime we can pool the resources of our J5 partners to issue pertinent information to financial institutions about cybercrime indicators, we will seize the opportunity."
The document, called "Crypto Assets Risk Indicators," highlights how cryptocurrency asset layering, geographic locations, high-risk counterparties, unknown or obscured transaction recipients, and certain online behaviors may indicate criminal activity. It named 42 specific risk factors pertaining to these areas.
A number of these risk factors have to do with someone trying what authorities think is a little too hard to be anonymous. They include things like "a disproportionate amount of the customer's account activity involves the buying and selling of privacy coins or maintains a large portfolio of privacy coins, the customer transfers Bitcoin in large volumes in exchange for privacy coins, customer attempts to provide as little identity information as possible, including incomplete or insufficient identification information, and the customer's use of an anonymity-oriented email provider," among others. The document also named the use of peer-to-peer platforms that bypass traditional financial institutions.
Many of these risk factors stem from one of the reasons why cryptocurrency was developed in the first place, specifically to bypass traditional financial institutions with a medium of exchange that was, by design, meant to be effectively untraceable. While much has been done to bring the cryptocurrency sector into the light, which has weakened the presence of this ethos in the community, it remains a factor.
Other risk indicators are tied to specific activities, such as "rapid movement of funds between accounts held at crypto exchanges without apparent business rationale," the origin of the activity, such as sending/receiving from gambling platforms or exchanges operating out of high-risk jurisdictions identified as non-cooperative for anti-money laundering purposes, and the nature of counterparties such as financial institutions or individuals subject to sanctions or based in sanctioned states. Onboarding problems can include "the level or volume of transactional activity is inconsistent with the client's apparent financial profile, their usual pattern of activities, occupational information, or declared business information." Some activities are typically associated with ransomware and other cybercrime, like a digital currency account linked to or funded by multiple bank accounts at several different institutions, or going silent after a large initial transfer of digital currency.
Overall, the J5 is advising that institutions:
- Prioritize the detection of layering involving crypto assets, the phase in money laundering where transactions are intentionally made intricate to conceal illicit origin of funds, throughout their relationship with their customers;
- Exercise vigilance when dealing with cryptocurrency transactions tied to jurisdictions known for weak regulatory frameworks, inadequate anti-money laundering controls, or heightened levels of corruption;
- Monitor unusual counterparties, particularly if they have exposure to darknet marketplaces or mixing services;
- Practice know your customer techniques to identify potential risks associated with cryptocurrency asset transactions and ensure compliance with regulatory measures; and
- Detect and report financial flows related to ransomware and stop ransomware payments because they are a key point where criminals interact with the legitimate financial system.
