Money laundering is the process of converting illegally obtained proceeds into seemingly legitimate funds through a series of transactions, concealing and legitimizing their origin. It can involve various illegal activities, including drug trafficking, fraud, embezzlement, and corruption. Criminals use money laundering to transform "dirty money" into "clean money" usable for legitimate purposes.

Money laundering typically occurs in three key stages: placement, layering, and integration.

Placement Stage: This is the initial stage, where illegally obtained funds are introduced into the legitimate financial system. Common methods include:

Depositing cash into bank accounts;

Purchasing high-value assets (e.g., real estate, luxury goods, artworks);

Placing high bets at casinos to legitimize the "winnings";

Concealing cash sources through fabricated business transactions.

Layering Stage: This stage involves creating a complex network of financial transactions to move funds across multiple accounts, countries, or investment products, making their origin difficult to trace. Common methods include:

Multiple international transfers;

Buying and selling financial instruments (e.g., stocks, bonds);

Establishing shell or fake companies to conduct transactions;

Using cryptocurrencies for anonymous transfers.

Layering is the core of money laundering, as criminals repeatedly conduct intricate transactions to obscure the illicit origin of funds.

Integration Stage: At this stage, the funds, now difficult to trace, are reintroduced into the economic system as legitimate income. This can be achieved through:

Investing in legitimate businesses or real estate;

Purchasing legal financial products;

Legalizing funds through fake loans or contracts;

Engaging in large business transactions or investments.

Cash-Intensive Businesses: Launderers use businesses with significant cash flows (e.g., restaurants, gas stations) to mix illegal cash with legitimate income.

Trade Finance: Using fake invoices or inflated prices for goods to disguise the transfer of funds.

Fake Loans or Investments: Creating fictitious loan agreements or investment structures to legitimize and return funds to criminals.

Cryptocurrency: Cryptocurrencies, due to their anonymity, serve as a new avenue for laundering funds by converting illegal money into virtual assets.

Terrorist financing involves providing funds directly or indirectly to support terrorist organizations or activities. The funds may originate from legal or illegal sources, but the distinction lies in their use to support terrorism. Unlike money laundering, the funds in terrorist financing are not always illegally obtained and may come from donations, legitimate businesses, or even government funding.

The goal of terrorist financing is to provide resources for terrorist organizations to carry out activities, recruit members, procure weapons, and promote ideology. While the sources may be legitimate, the illegal end-use makes it a target for stringent action.

Fundraising: Sources of terrorist financing include:

Legitimate Sources: Legal income, such as personal donations, charitable funds, and business profits, making it harder to identify and trace terrorist financing.

Illegal Sources: Including drug trafficking, kidnapping for ransom, arms smuggling, and counterfeit goods trading.

Government or International Aid: In some cases, terrorists may obtain government or international aid funds through corruption or deception.

Fund Transfers: Terrorists use various methods to transfer funds globally while avoiding detection. Common methods include:

Bank or financial institution cross-border remittances;

Unregulated remittance systems, such as "Hawala," bypassing traditional banking systems;

Anonymous cryptocurrency transfers;

Using charities or nonprofit organizations for fund transfers.

Fund Usage: The ultimate goal of terrorist financing is to purchase weapons, fund terrorist activities, and promote extremist ideologies. Terrorist organizations also use funds to recruit personnel, train operatives, and build infrastructure.

Mix of Legal and Illegal Funds: Terrorist financing often involves funds from legitimate businesses or personal donations, making it difficult to distinguish from lawful financial activities.

Small and Frequent Transactions: Terrorist financing often uses small-scale transactions to evade monitoring systems for large transactions.

Cross-Border Networks and Informal Financial Systems: Terrorists use global financial networks, informal systems (like Hawala), or underground banking for fast, anonymous, and hard-to-trace transfers.

Unpredictable Fund Flows: Unlike money laundering, terrorist financing does not necessarily return funds to the organization but directly supports terrorist activities, making flow predictions difficult.

Fake Charities: Terrorists use fake charitable organizations or NGOs to collect donations and transfer them to terrorist organizations.

Illegal Trade: Generating funds through activities such as drug trafficking, arms smuggling, and counterfeit goods sales.

Criminal Activities: Kidnapping for ransom, extortion, and other crimes are commonly used by terrorist groups to obtain funds.

Money Laundering: Terrorists may also employ money laundering techniques to legitimize illegal funds for supporting terrorist activities.

The core of the anti-money laundering compliance program is the appointment of an experienced and empowered Anti-Money Laundering (AML) Compliance Officer. The officer's responsibilities include:

Responsibilities and Authority: Responsible for the implementation and management of the anti-money laundering program, ensuring that all business operations comply with relevant regulations and internal policies. The officer reports directly to senior management to ensure the effectiveness and enforcement of AML policies. Maintains contact with regulatory authorities (such as FinCEN) to ensure the company is aware of and complies with the latest regulatory changes. Evaluates and updates the company's AML policies and adjusts measures based on risk dynamics.

Training and Knowledge: The compliance officer must receive thorough AML training and possess sufficient financial regulatory knowledge and experience, understanding the complexity of the financial system, common money laundering methods, and how to identify suspicious activities. The compliance officer must regularly attend external training to ensure their knowledge and skills stay current with the latest regulatory changes and money laundering threats.

Customer Due Diligence is a key step in preventing the company from engaging in transactions with individuals or entities involved in money laundering or terrorist financing. CDD includes identifying the customer's identity, assessing the customer's risk level, and continuously monitoring their transactions. The specific steps include:

Identity Verification (KYC): Before establishing any business relationship, the company must verify the customer's identity. This typically involves collecting government-issued identification documents (e.g., passport, ID card, driver’s license) and verifying their address. For corporate entities, the ultimate beneficial owner (UBO) of the company must be verified to ensure the company knows who actually controls the company and funds.

Risk Assessment: The company should assess the customer’s risk based on factors such as the customer's business type, geographic location, and transaction volume. High-risk customers may include Politically Exposed Persons (PEPs), customers from high-risk countries, or those conducting large cash transactions. For high-risk customers, enhanced due diligence (EDD) should be applied, including more frequent monitoring and investigating the source of funds.

Ongoing Monitoring: The company needs to continuously monitor customer transactions to ensure that their activities align with their business and risk level. If the customer’s behavior becomes suspicious or inconsistent with known information, the company should take further investigation measures. Ongoing monitoring also requires the periodic update of the customer's due diligence information, especially for high-risk customers, to ensure the company has the latest information.

Enhanced Due Diligence is mainly applicable to customers or transactions identified as high risk, typically involving the following additional steps:

Source of Funds Investigation: For high-risk customers, the company must obtain detailed information about the source and use of the funds. For example, if the customer is a business, the company should understand its sources of revenue, main clients, and how funds are transferred.

Additional Identity Verification: The company may require customers to provide additional identity documentation or background information to verify the authenticity of their identity.

Increased Frequency of Transaction Monitoring: The company will monitor the customer's transactions more frequently to identify unusual behavior. Particular attention should be given to large cash transactions or frequent cross-border transfers.

Special Attention to High-Risk Areas and Industries: The company will pay special attention to transactions related to high-risk countries (such as those on FinCEN’s sanctions list) or high-risk industries (such as gambling or cryptocurrency transactions).

Financial institutions must monitor all transactions to identify potential money laundering and terrorist financing activities and submit reports when suspicious activities are detected. The key elements of transaction monitoring and reporting include:

Transaction Monitoring Systems: The company should deploy transaction monitoring systems to analyze transaction behavior in real-time and identify potential money laundering activities. These systems automatically flag large or frequent transactions, transactions involving high-risk countries, and split transactions (to avoid currency transaction report thresholds).

Suspicious Activity Report (SAR): If suspicious activity is detected, the compliance officer is responsible for submitting a SAR to the Financial Crimes Enforcement Network (FinCEN). The SAR must be submitted within 30 days of identifying suspicious activity. The submission of the SAR is confidential and legally protected, and the company must not notify customers or third parties about the report.

Currency Transaction Report (CTR): When the company receives or processes more than $10,000 in cash transactions on a single day, it must submit a CTR to FinCEN, detailing the transaction. Monitoring and reporting cash transactions help reduce the risk of money laundering through large cash operations.

Record keeping is a crucial aspect of the anti-money laundering compliance program. Under U.S. law, financial institutions must retain all relevant due diligence and transaction records to ensure they are available for regulatory investigations.

Retention Period: Under the Bank Secrecy Act, the company must retain all anti-money laundering-related records for at least five years. This includes customer due diligence documents, transaction records, SAR and CTR report copies, etc.

Records to be Retained: Customer Identity Verification Documents: Including all materials related to KYC and EDD. Transaction Records: Details of all large or suspicious transactions. Internal Audit and Compliance Review Records: Including audit reports, compliance reviews, and documentation of corrective actions.

Electronic and Paper Filing: The company should ensure these records are securely stored and can be archived either electronically or in paper form, and be readily accessible when needed.

Regular employee training is a key element to ensure that all employees understand and can effectively implement the anti-money laundering policies. The training content should cover the following areas:

Training Content: The definition and impact of money laundering and terrorist financing; How to identify potential suspicious activities and common methods; The use of transaction monitoring systems; How to handle and submit Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs); Updates on the latest laws, regulations, and internal policy changes.

Training Frequency: All employees, especially front-line staff (such as customer managers, transaction handlers, etc.), must receive anti-money laundering training at least once a year. New employees should undergo specialized AML training upon joining.

Assessment and Evaluation: The company should periodically assess employees' understanding of anti-money laundering policies through evaluations to ensure they can correctly apply them in practice.

To ensure the effectiveness of the anti-money laundering compliance program, the company must arrange for regular independent audits and internal compliance testing. These tests help identify gaps or weaknesses in policy implementation and facilitate timely improvements.

Independent Audits: Independent third-party firms or internal audit departments should regularly conduct comprehensive reviews of the anti-money laundering program to ensure all processes and procedures comply with regulatory requirements. Audit reports should be submitted directly to senior management to ensure that compliance recommendations are swiftly implemented.

Compliance Testing: The company should regularly conduct internal compliance testing, simulating suspicious transaction scenarios, to ensure that the anti-money laundering system can effectively detect and handle such transactions.

The successful implementation of the anti-money laundering compliance program requires the support of senior management. Senior management must ensure that the implementation of AML policies is adequately supported by resources and that the compliance officer has sufficient authority to manage the anti-money laundering efforts.

Board Responsibility: The board should regularly review the anti-money laundering policies and procedures to ensure they comply with the latest regulatory requirements and make necessary adjustments based on audit reports and compliance reviews.

Resource Allocation: Management should allocate sufficient human, technical, and financial resources to the anti-money laundering compliance program to ensure that systems and training can operate effectively.

The Risk-Based Approach (RBA) refers to the design and implementation of anti-money laundering (AML) procedures by MSBs based on the risk levels associated with customers, transactions, and geographic locations. The core principle is to prioritize high-risk customers and activities by assessing risks and taking appropriate control measures to mitigate those risks. This approach is more flexible and targeted than a "one-size-fits-all" compliance method, allowing companies to manage resources more efficiently and prevent financial crime.

According to the U.S. Bank Secrecy Act (BSA) and the Patriot Act, MSBs must establish comprehensive AML programs, including a risk-based approach. FinCEN clearly stipulates that MSBs involved in cryptocurrency must adopt appropriate AML control measures based on their business nature and risk levels. Key regulatory requirements include:

Bank Secrecy Act (BSA): Requires MSBs to establish effective AML procedures to identify and report suspicious activities.

Patriot Act: Requires financial institutions to conduct due diligence on customers, particularly for high-risk clients, with stricter scrutiny.

FinCEN Guidelines: Clearly states that MSBs involved in cryptocurrency must perform customer identification (KYC) and conduct ongoing transaction monitoring and risk assessments.

In a risk-based approach, MSBs need to identify and assess the risks associated with cryptocurrency transactions. These risks mainly include the following aspects:

Customer Risks:

Customer Identity Verification (KYC): Identifying and verifying the identity of customers is the foundation of RBA. Cryptocurrency-related businesses should pay special attention to:

High-net-worth customers, especially those who cannot provide proof of the source of funds.

Politically Exposed Persons (PEPs) or their family members and close associates.

Customers from high-risk countries or regions (such as countries under international sanctions or those uncooperative with anti-money laundering efforts).

Customer Background and Transaction Purpose: Understanding the customer's economic background, source of funds, transaction purposes, and whether they align with their stated identity is crucial. Particularly when the customer's behavior is inconsistent with their declared identity, MSBs need to conduct further investigations.

Transaction Risks:

Large or Frequent Transactions: Large transactions or multiple small transactions within a short period (structured transactions) could indicate money laundering activities. MSBs should set monitoring thresholds and alert mechanisms based on the customer's transaction history, amounts, and frequency.

Anonymous Transactions: Using transaction methods that do not provide identity information (such as certain decentralized exchanges) increases the risk of money laundering and terrorist financing. MSBs should closely monitor these transactions and prioritize reviewing customer behavior that may circumvent AML policies.

Cross-border Transactions: Cryptocurrency transactions often span multiple jurisdictions, involving different regulatory environments, especially in high-risk or unregulated countries. MSBs need to pay special attention to customers who frequently conduct cross-border transactions and large cross-border fund flows.

Geographical Risk:

High-risk Countries: The high-risk country lists published by FinCEN and FATF (Financial Action Task Force), including sanctioned countries and those with weak anti-money laundering systems, are central to geographical risk assessments. Customers from these countries or transactions related to these countries need to be particularly scrutinized.

Regional Payment Systems: MSBs should consider regional payment habits and cryptocurrency usage. For instance, in some countries, cryptocurrencies are primarily used to circumvent capital controls, which increases the risk of transactions.

a. High-Risk Signs in Customer Behavior

Anonymous or Fake Accounts: Customers who use false or incomplete identity information to register, or use unverifiable email addresses and phone numbers. This behavior may indicate that the customer is attempting to conceal their true identity and evade anti-money laundering (AML) monitoring.

Customers who use Virtual Private Networks (VPNs) or proxy servers to hide their actual geographic location.

Reluctance to Provide Necessary Identity Verification Information (KYC): Customers who refuse or delay providing necessary identity verification information, or provide false or inconsistent information during the verification process.

Politically Exposed Persons (PEPs): PEPs or individuals closely associated with PEPs are typically considered high-risk customers due to their increased likelihood of being involved in corruption or embezzlement. Their sources of funds should undergo additional due diligence and monitoring.

Customers from High-Risk Countries: Customers whose residence or transaction sources are linked to countries or regions listed as high-risk by FinCEN or FATF, which may lack effective anti-money laundering and counter-terrorism financing measures or are subject to international sanctions.

Sudden Large Transactions: A significant change in a customer's transaction behavior, such as a customer who has never made large transactions suddenly conducting a large transaction without a reasonable explanation.

Customer accounts showing large deposits followed by rapid withdrawals, especially when transactions are converted through multiple cryptocurrencies.

b. High-Risk Signs in Transaction Patterns

Frequent Structuring of Transactions: Customers deliberately splitting large transactions into multiple smaller transactions to avoid triggering regulatory scrutiny. Particularly in cryptocurrency transactions, customers can use multiple small transfers to disguise the actual flow of funds.

Structuring transactions is often used to evade Currency Transaction Reporting (CTR) thresholds.

Complex and Opaque Transaction Paths: Customers transferring funds through multiple wallets, various cryptocurrencies, or multiple exchanges to disperse and obscure the source of the funds. This complex layering is a typical method of money laundering, designed to make the origin of funds difficult to trace.

Frequent Cross-border Transactions: Customers frequently conducting cross-border transactions, especially involving high-risk countries, which may indicate money laundering or terrorist financing.

Large Conversions Between Cryptocurrencies and Fiat: Customers frequently converting large amounts of cryptocurrency into fiat currency or vice versa, especially when funds are rapidly switched between exchanges. This behavior may be indicative of money laundering, particularly when the customer does not have a clear transaction purpose.

Transactions Involving Privacy Coins: Customers frequently using privacy coins (such as Monero, Zcash), which are known for their anonymity and untraceable nature, making transactions more difficult to monitor. Privacy coins are widely used for money laundering and terrorist financing activities, and MSBs need to pay special attention to large or frequent transactions involving privacy coins.

c. Other High-Risk Indicators

Abnormal Activity at Cryptocurrency Exchanges: The exchange itself may show suspicious signs, such as large-scale, rapid movements of funds without apparent business activity to support them. Such exchanges may be used for money laundering, especially in decentralized exchanges (DEX), where traders can bypass traditional AML procedures.

Customer Unable to Explain Source of Funds: Customers who cannot provide a reasonable explanation or documentation when questioned about the source of their funds, particularly when their funds are inconsistent with their occupation or income level.

Sudden Increase in Account Activity: Certain customer accounts may experience sudden large deposits or high-frequency trading after long periods of inactivity, especially when multiple large cryptocurrency transfers occur within a short time. This activity is often associated with "account takeover" or illegal use of the account, and may indicate that the account is being used for money laundering or illicit fund transfers.

Addresses Linked to Dark Web Transactions: Cryptocurrency addresses or transaction behavior linked to known dark web markets or illegal trading platforms, especially those related to drug trafficking, illegal weapons trade, or other criminal activities.

Associated with High-Risk Business Models: Certain business models or industries are closely associated with high-risk activities, such as online gambling, adult services, or cryptocurrency lending platforms.

Individuals or entities on the OFAC Sanctions List

Individuals or entities listed on the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctions list, including terrorist organizations, criminals, foreign government officials, etc.

Customers from Sanctioned Countries

Individuals or entities from countries or regions under U.S. sanctions, including but not limited to:

North Korea

Iran

Syria

Crimea Region

Cuba

Venezuela

Customers Linked to Terrorist Organizations

Customers associated with known terrorist organizations or individuals or groups sanctioned by the United Nations, OFAC, and other international bodies.

Individuals or entities involved in terrorist financing activities or providing financial support to terrorist organizations.

Anonymous Customers:

Customers who use false or unverifiable identity information, register accounts under fake names, or conceal their actual identity using Virtual Private Networks (VPNs).

Customers Who Refuse to Provide Identity Verification:

Customers who refuse or fail to provide valid identification, address proof, or source of funds during the customer due diligence (KYC) process.

Dark Web Market Users:

Customers engaged in illegal transactions through known dark web markets (e.g., Silk Road, AlphaBay), particularly transactions related to drugs, weapons, counterfeit goods, pornography, etc.

Customers Using Cryptocurrency Mixing Services:

Customers using cryptocurrency mixers (such as Tumbling or Mixing Services) to hide the source of transactions. These services are often used for money laundering and concealing the flow of illicit funds.

Customers Involved in Illegal Gambling and Betting:

Customers participating in online gambling or betting activities not authorized by the U.S. or local governments, particularly on illegal gambling platforms where cryptocurrency is widely used for payments.

High-Risk Politically Exposed Persons (PEPs):

Including current or former senior government officials, state-owned enterprise executives, military officials, legislators, judicial officers, etc., who may be involved in corruption or money laundering activities due to their positions of influence.

The sources of funds for these individuals are often difficult to trace and require special attention.

Close Relatives or Business Partners of PEPs:

Individuals or entities with business or financial links to PEPs, either directly or indirectly, such as family members or long-term business partners of PEPs.

Shell Companies:

Entities registered as companies but with no actual business activities or production, typically used for money laundering, tax fraud, or fund transfers. These companies may engage in false transactions or large amounts of fund movement.

Companies with Fictitious Business Purposes:

Companies that cannot explain their business activities or the movement of funds, or whose transactions do not align with their stated business scope. Such companies are often used to hide illegal sources of funds.

Customers from "High-Risk and Non-Cooperative Jurisdictions" Listed by FATF:

Customers from countries or regions listed by the Financial Action Task Force (FATF) as high-risk or with weak anti-money laundering (AML) systems. These countries include but are not limited to:

North Korea

Iran

Myanmar

Yemen

Syria

Customers Involved in Frequent Cross-Border Transactions with High-Risk Countries:

Customers who frequently engage in fund transfers with high-risk countries, particularly those involving large or complex cross-border cryptocurrency transactions, usually pose high money laundering or terrorist financing risks.

Customers Unable to Provide Legal Source of Funds:

Customers who fail to provide a credible explanation for the source of their funds, especially when their trading activity is significantly inconsistent with their known economic background or professional income. For example, low-income individuals engaging in large-scale cryptocurrency transactions.

Customers with Unclear Use of Funds:

Customers whose transaction purposes are vague or the use of funds is unclear, and who refuse or are unable to provide detailed explanations.

Split Transactions:

Customers intentionally splitting large transactions into multiple smaller transactions to avoid triggering Currency Transaction Reports (CTR) required by U.S. law or to bypass anti-money laundering monitoring systems. This type of transaction pattern is commonly used to evade regulation or launder money.

Customers with Funds Linked to Terrorist Organizations:

Customers whose funds or transactions are connected to known terrorist organizations, or whose funds are suspected of being directed toward terrorism-related activities. FinCEN closely monitors terrorist financing risks.

Customers Using Cryptocurrency to Fund Terrorist Activities:

Anonymous cross-border transfers conducted via cryptocurrency, especially to conflict zones or areas controlled by terrorist organizations, which may involve terrorist financing.

Customers Submitting False Identity or Fund Information:

Customers who repeatedly submit false identity, address, or source of funds information during account opening or transactions, or provide misleading descriptions of business purposes.

Customers Attempting to Avoid KYC Procedures Multiple Times:

Customers who repeatedly attempt to circumvent identity verification or conduct transactions through multiple accounts, particularly those hiding their identity using VPNs or proxy servers.