Early November was not an easy time in Hong Kong’s office of a global cryptocurrency exchange, FTX. After battling their competitor’s comments on social media on November 6, the company paused withdrawals on November 8. In the next two days, after hearing a vague comment from their colleagues in the Bahamas, the Asia-based employees were told they did not need to come to the office anymore. This fiasco of FTX’s management and their implementation of the Anti-Money Laundering (AML) procedures became a sensitive topic in the community ever since. After months of active encouragement from various global regulators to set up and follow AML and Know Your Customer (KYC) policies, Virtual Asset Service Providers (VASPs) saw FTX carry on with their operations whilst having an eight billion dollar hole in the balance sheet. An obvious question to come to mind would be whether achieving full transparency is still in vogue. If implementing KYC and AML procedures is still necessary, what could be done better to prevent cases like FTX?
How Alameda Research and FTX could both be involved in transacting users’ funds while being completely separate entities is now only part of history that we might never get to understand. KMPG published their version of what happened in this comprehensive
Did the FTX team do their best at diligently looking into their own AML procedures? Me and my team at AMLBot have spent over three years helping companies comply with AML regulations. When talking to customers, I always like to emphasize that the goal of an AML audit is to determine whether the company has an appropriate AML program and whether employees are following the required policies and procedures. FTX might have developed sophisticated AML and KYC policies for their firm, customers and counterparties. However, to determine that employees followed those procedures, an auditor had to speak to stakeholders and review relevant files, systems, and documents. I can only make an assumption now, that the exchange’s top management observed discrepancies in the firm’s books and compliance actions, and yet chose to close their eyes to such events. Such things would be promptly caught and flagged to relevant auditors and regulators when the management and board are diverse. In FTX’s case, access to information and decision-making power was concentrated in the hands of a very small group that seems to have followed the same moral principles.
I strongly believe that the push to design and follow AML and KYC policies will continue to come from regulators in all jurisdictions globally. Reuters looked at the need for such initiatives in their September
Secondly, implementing wallet and transaction checks helps avoid having assets of certain customers blocked and prevented from entering the ecosystem. With proper checks in place, customers can be sure to never get involved in transactions that would damage their wallets’ reputation and history.
And finally, putting AML and KYC tools in place makes it possible to immediately identify scammers and block their funds, increasing the level of service security by several times. A recent example is an investigation done by AMLBot’s team about sanctioned Iranian entities transacting with Binance. In the published
All of the above can help instill the exchange’s partners and stakeholders with confidence in its business. However, in my opinion, the key is to gather the right team with independent opinions to follow and implement the designed AML policy. There is no point in working only with people that agree with you and never point at a different way of doing things. Especially when it comes to following a strict regulatory environment, finding the right internal auditor is just as important as working closely with external stakeholders.