The recent loss of over $1 million worth of nonfungible tokens (NFTs) by Kevin Rose due to a phishing scam highlights the need for financial institutions to protect their clients’ assets from bad actors. Mainstream financial institutions are starting to provide services related to Web3, crypto, and NFTs, but the crypto industry presents challenges for Anti-Money Laundering (AML) functions within organizations due to constructs like cross-chain bridges, mixers, and privacy chains that hackers and crypto thieves can use to hide stolen assets.
To address these issues, AML frameworks need several capabilities that banks must evaluate and build. These capabilities could be built in-house or achieved by collaborating with third-party solutions. Some of the vendors that focus on delivering holistic AML frameworks to banks and financial institutions include Solidus Labs, Moralis, Cipher Blade, Elliptic, Quantumstamp, TRM Labs, Crystal Chain, and Chainalysis.
For these vendor platforms to deliver a holistic approach to AML around digital assets, they must have several inputs. Institutions need a wide range of data from varied sources to effectively identify AML risks. The breadth and depth of data an institution can access will decide the effectiveness of its AML function.
Banks must also perform proactive monitoring and screening of customer wallets to assess whether a wallet has interacted directly or indirectly with illicit actors like hackers, sanctions, terrorist networks, mixers, and so on. Blockchain investigation is critical to ensure transactions happening on the network do not involve any illicit activities, and monitoring risk where multiple tokens are used to launder money on the same blockchain is another critical capability that AML platforms must have.
Cross-chain transaction monitoring is perhaps the hardest problem to solve, as it is more challenging than mixers and dark web transactions. Wallets that hold assets that hopped through mixers and the dark web can be monitored, but cross-chain asset transfers are commonplace and a genuine use case that drives interoperability. While centralized governance is considered antithetical to the Web3 ethos, the pendulum may have to swing in the other direction before reaching a balanced middle ground that protects users and doesn’t curtail innovation.