FATF Provides Virtual Assets (VAs) Red Flag Indicators to Assist Jurisdictions in Mitigating Money Laundering (ML) and other Financial Crime Risks

By Nana  Oparebea Mante


Certain financial product features, functionality or activity often pose higher risk of misuse for money laundering and other financial crimes. Financial products or services like international trade finance and virtual assets (VAs) or virtual currencies (VCs) are often attractive to persons with malicious intents looking for ways to store crime proceeds or finance illegal activities because of their product features such as complexity, anonymity, global reach and speedVirtual assets or currencies like Bitcoin, Ether, and Ripple are digital representations of value that, like ordinary currency, function as media of exchange, units of account, and stores of value[i]. In the words of Therese Chambers, the UK Financial Conduct Authority (FCA), Director of Retail and Regulatory Investigation, the premise of the virtual currencies’ technology comes from a libertarian strand of ideology which eschews identity checks and advocates digital privacy.[ii] The virtual assets market originated from “Cypherpunks’, who deplore cyberspace regulation and the removal of intermediaries. Money launderers are therefore enticed by VAs or VCs because of its technological features which increases anonymity and add further impediments to the detection of criminal activities to hide their criminal activities with little fear of discovery.

A typical example of the misuse of VAs is the 12th May 2017, global WannaCry ransomware cryptoworm    attack demanding ransom payment in the Bitcoin cryptocurrency, that affected a wide range of countries and sectors including England’s National Health Service (NHS). 80 out of 236 hospital trusts across England were affected, causing disruption to patient care. Although no NHS organisations paid the ransom, it cost England several tens of millions of pounds, to fix the damage caused and to build a more robust cyber security system for the NHS[iii]. Again, according to CIPHERTRACE ’s Spring 2020 Cryptocurrency Crime and Anti-Money Laundering Report, in the first five months of 2020, crypto thefts, hacks, and frauds totalled $1.36 billion, suggesting 2020 could see an increase in virtual currencies related crimes.[iv]

Undoubtedly, one of the most pressing financial crime challenges facing financial crime experts of today is the growing sophistication of cybercrimes and how to narrow the gap between crime prevention experts and the criminals, in terms of the crime prevention experts’ ability to identify and track new crimes and criminal methods in a timely manner.  Over the past decade, nations, international bodies, regulators and other crime prevention agencies have been grappling with how to effectively mitigate the inherent risks of these virtual assets without siphoning the innovation of these digital currencies. Some virtual technologist enthusiasts believe VAs among other things, have the potential to offer cheaper and faster transactions than traditional bank payment networks.

VAs Red Flag Indictors

Consequently, AML competent authorities have been pursuing measures to ensure that VAs and virtual activities fit into AML and other financial crime regimes designed for obliged entities or organisations with reporting obligations as VAs and other digital currencies continues to evolve.

On the 14th of September 2020, the global standard setter for Anti- Money Laundering (AML) and other Financial crimes, (FATF) issued a report on Virtual Assets (VAs) Red Flag Indicators of Money Laundering (ML) and Terrorism Financing (TF). According to FATF, the purpose of the report among other things is to:

  1. assist operational agencies including Financial Intelligence Units (FIUs), law enforcement authorities (LEAs), and prosecutors in analysing suspicious transaction reports (STRs) or improving detection, investigation, and confiscation of VAs involved in misuse.
  2. facilitate obliged entities ‘application of the risk-based to their customer due diligence (CDD) requirements in implementing differing levels of CDD requirements for establishing clients’ identify and that of their beneficiaries, understanding the nature and purpose of the business relationships and understanding their source of funds or/and wealth.
  3. assist financial institutions (FI), designated non-financial businesses and professions (DNFBPs),  and virtual assets service providers (VASPs) and regulators assessing STRs preparations with samples of VA ML/TF typologies and monitoring obliged entities compliance with AML and other financial crime controls.

Findings from the VAs Case Studies

The sample of red flag indicators provided in the report were drawn from more than one hundred case studies that FATF has collected since 2017 from across the FATF Global Network of member states, literature reviews, and open source research. Their study of these case studies revealed that the majority of VA related offences focused on predicate or ML offences, with the most prevalent VA missuses relating to the disguise of proceeds from controlled substances (narcotics and psychotropic ), fraud, scams, ransomwares and extortions. Particularly, with the VA offences involving the proceed from controlled substances, it is carried out criminals who either transact the sale of the controlled substance directly in VAs or use VA transactions as an ML layering technique to disguise the proceeds from the sale of these controlled substances. FATF also noted that in recent times, professional ML networks have started exploiting VAs as one of their means to transfer, collect, or layer proceeds.

Types of Red Flag Indicators Listed in the FATF Report and How to Analyse them

For effective financial prevention, it is important that competent authorities try to identify trends and spread knowledge of various AML and other financial crime red flags so that professionals in the industry are aware of red flag indicators that accompany these illegal activities to act properly upon, red flag indicators that a transaction or activity may be suspicious. To that extent, regulators recommend that individuals that work in the financial services industry and other obliged entities are trained with samples of appropriate ML/TF typologies or indicators to enhance their ability to spot suspicious activity and to report it. Additionally, for best practice, obliged entities are advised to incorporate some of these published red flag indicators from competent authorities like the FATF and the Wolfsberg Group in their written AML procedures.

To that end, FATF studied VAs misuse cases and prepared the report on ML/TF red flag indicators associated with VAs to assist reporting entities in detecting suspicious activities or transactions. The sample of VA red flag indictors of ML and other financial crime covered in the report included red flag indicators related to Transactions, Transaction patterns, Anonymity, Senders and Recipients, Source of funds or wealth and Geographical Risk.

Discussing the red flag indicators related to VA transactions, FATF advised that one of the signs that analyst must look out for is the VA transactions size and frequency. In principle, it is possible for a VA investor to diversify asset classes to reduce risk and to maximise returns based on the notion of not putting all your eggs in one basket. However, when a VA investor deposit VAs at an exchange and then often immediately converts the VAs to multiple types of VAs, again incurring additional transaction fees, without any logical business explanation, analyst must probe further to determine if the transaction is legitimate.

Regarding red flag indicators related to Senders or Recipients of VA transactions, some of the indicators that FATF advised, to look out for, are irregularities observed during account opening and CDD process. Irregularities such as entities that use internet domain registrations different from where the entity is established or in a jurisdiction with a weak process for domain registration.

FATF acknowledged in the report that, although VAs are attractive to criminals because of its technological features, the mere presence of these distinct features of VA transactions must not be construed that a VA transaction is an illegal transaction or be used as the sole determinant of whether VA transaction is suspicious.  But rather LEAs, FIs, DNFBPs and other experts analysing these VA transactions to detect suspicious transactions, must look out for the existence of multiple indicators that do not give any logical business explanations to the VA transaction in question.

FATF further stated that, in using the sample of VA red flag indicators provided to evaluate potential suspicious activity, the approach must be on transaction-specific reviews. Taking into consideration issues around the business line, products or services offered by the institution or Virtual Assets Service Provider (VASP) and how the institution involved interacts with its clients to determine whether one or more of the red flag indicators present raises reasonable grounds for suspicion. The report also highlighted the fact that, VAs misuses share similar traits with other financial crime activities involving the use of fiat currency, or other kinds of assets. Thus, analyst should consider the VAs’ distinct features as well as, the existence of other conventional risk indicators. In short, like all financial crime detections, red flag indicators should always be considered in context, noting that the red flag indicators listed in the report are neither applicable in every situation nor exhaustive.

In October 2018 and in June 2019, FATF updated its standards to clarify the application of the FATF Standards to VA activities to assist its member states in mitigating the money laundering (ML) and other financial crime risks associated with VA activities. FATF requires of all its member states to supervise and monitor businesses that provide VAs and other digital currencies including some wallet providers to ensure they implement control against ML/TF including customer due diligence and reporting suspicious activities[v]. Unfortunately, in most countries, there are no established regulation and oversight for VAs creating a massive loophole in the global financial system for criminals who want to escape regulatory compliance scrutiny.  This fact was also reiterated  by FATF in this report, stating that their study of cases from their member states showed criminals exploited the gaps in AML/CFT regimes on VAs and VASPs by moving their illicit funds to VASPs domiciled or operating in jurisdictions with non-existent or minimal AML/CFT regulations on VAs and VASPs. As a result, members states must ensure they understand their reporting obligations to act and to prevent the misuse of VAs for ML and other financial crimes within their jurisdictions.


As a global AML standard setter, with an all-encompassing objective of promoting the implementation of effective measures to protect the integrity of the international financial system via the establishment of its recommendations and standards by member states, it used the report to urge competent authorities in its member states to disseminate this report to all obliged entities, LEAs and other financial crime experts to conduct engagement and awareness-raising sessions with them to promote an understanding of this report. Furthermore, obliged entities and financial crime experts using the knowledge shared in the report must be aware of the fact that, the list of VA red flags indicators provided in the report may also be limited considering the current evolving digital and technological innovation climate, hence, identifying virtual assets ML/TF red flag indicators must be an ongoing process.

The hope is that this report on VAs ML/TF red flag indicators and other anti-financial crime regulations and guidance are increasingly implemented effectively around the globe, to ensure that there are good safeguards in place to protect the global financial system.  Click here to read the full report.

Contact us today if you need assistance on financial crime prevention systems and controls implementation or training for your first line of defence operational or compliance teams on financial crime prevention.


[i] FATF REPORT; Virtual Currencies Key Definitions and Potential AML/CFT Risks June 2014, Page 4.





Leave a Reply

Your email address will not be published. Required fields are marked *