Digital assets compliance: Why you should care.

Kotani Pay
7 min readApr 27, 2023

Blockchain technology gave us cryptocurrency, the decentralized digital currency that acts as a medium of exchange across the network. This financial alternative powered by smart contracts facilitates peer-to-peer transactions. This is a good thing mostly because it eliminates the need for middlemen making transactions affordable, faster, and convenient.

However, the technology has also attracted the wrong attention drawing in criminal activities i.e money laundering, financial fraud, and terrorist financing. Crypto crimes such as ransomware attacks, scams, illicit trade, and theft are siphoning billions of dollars, a worrying trend for governments and investors globally.

Here is the problem

As of 2022, the global cryptocurrency market cap was valued at over $800 billion with over 85 million crypto wallets worldwide. In the same year, Chainalysis reports that illicit cryptocurrency transaction was at $20 billion, which represents 2% of the $800 billion that is laundered globally.

The report further notes that 44% of the illicit transaction volume is associated with sanctioned entities, followed by scams that account for $5.9 billion and stolen funds at $3.8 billion.

It’s all in the features

Blockchain is a system of a distributed ledger shared among nodes of computer networks. Any information added to it is encrypted using cryptography to ensure data cannot be altered. To send and receive cryptocurrency, a wallet address is required. Users are identified by their wallet address number. This means users don’t get to know who they are transacting with, where they are from, or their background.

The anonymity provided by the technology has protected bad actors from being identified making it easier for them to engage in illegal activities. The lack of accountability makes it hard to identify and prosecute these bad actors for their actions as their identities are hidden.

Anonymity has also brought regulatory concerns as government and financial institutions are unable to monitor and regulate transactions effectively.

Smart contracts are made to automatically execute transactions based on the fulfillment of agreed terms. Its self-executing format makes it easy for anyone to anonymously transact both legal and illegal activities.

Despite so, all transactions performed in the blockchain are registered in the ledger which is both transparent and immutable. Even though criminals can hide behind anonymity or pseudonym, any transactions they perform is registered in the blockchain making it hard to erase this evidence.

Why is it important to be compliant?

Blockchain technology has been misused for criminal activities but has been and is being used for legitimate innovative purposes and efforts. To mitigate these risks that come with the features of technology, businesses need to take all the necessary compliance regulations and steps that promote transparency, security, and accountability.

Compliance will help in tracking and avoiding illicit activities. Compliant businesses are at the forefront of preventing money laundering. By tracking all transactions, relevant authorities can easily capture bad actors and prevent illegal activities.

As a business, a primary interest is to always protect the customers. Compliant businesses put customers first by protecting their funds and personal information from hacking and illegal activities.

The compliant business also brings an element of credibility and trust as clients have confidence that the business they work with is recognized by their respective jurisdiction and is answerable to them in case of anything. Compliant businesses who are globally compliant with relevant institutions also attract global clients

courtesy of KYC map

Financial Action Task Force (FATF)

Crypto compliance and regulations are based on Anti Money Laundering (AML) and Counter-Terrorism Financing (CTF) that are designed to prevent money laundering and terrorism financing. Depending on the jurisdiction, these regulations are implemented at a national or regional level.

Globally, we have the Financial Action Task Force (FATF) which leads in tackling AML and CTF. Part of what they do is to research the various ways money is laundered and how terrorism is financed and promote a global standard to mitigate these risks. They do this by recommending standards and monitoring the implementation of these standards.

Currently, more than 200 countries have committed to implementing FATF’s recommendations that are assessed by global partners such as International Monitory Fund and World Bank.

FATF crypto recommendations

Cryptocurrencies and virtual assets are increasingly becoming a populated alternative for money movements which puts them at a high risk of being used for illegal activities. With this cause, in 2019, the FATFT developed guidance specifically for the transaction and use of these assets.

These recommendations aim at mitigating the risk associated with cryptocurrencies and virtual assets while also creating a safe space for innovation, growth, and trust in the sector for its member countries.

The recommendations for Virtual Asset Service Providers (VASP) include:

  1. Licensing and Registration

To ensure transparency and accountability, VASPs ie crypto exchanges, and wallet providers are required to register their companies and obtain a relevant license for operation in their respective countries.

Licensing of VASPs is important for preventing money laundering and terrorist financing. Beyond that, licensing gives the customers the confidence and transparency to work with an entity recognized by their respective jurisdictions.

VASPs who are licensed also have the credibility to their name that attracts global and local customers. With a license, VASPs have better access to banking services that will help in their operations.

2. Know Your Customer (KYC)/ Know Your Business (KYB)

This is the process of identifying and verifying customers and businesses to ensure their legitimacy. Through this process, you can establish if the said person or business is involved in illicit activities such as money laundering.

VASPs will collect information such as business registration or licensing from regulatory authorities to operate in particular jurisdictions, legal names, addresses, and registration numbers. They may also need to take information on the ownership and control of the business ie names and addresses of all directors, officers, and shareholders.

3. Customer Due Diligence (CDD)

The CDD is designed to verify the identity of customers and assess their risk of financial crime. Once the information has been collected in the KYC process, the VASPs will verify the information provided to ensure there is no link to criminal activity.

VASPs may also be required to perform enhanced due diligence on customers who represent a higher risk of financial crimes such as those being politically exposed or clients who are of high net worth.

It’s also the responsibility of VASPs to collect information on the source of their customer’s funds and monitor their transactions for any suspicious or unusual transactions. Additionally, they are tasked with ensuring that their customers are compliant with laws and regulations applicable to them.

On top of that, VASPs are required to keep a record of their CDD for a certain duration of time for investigative purposes in case of suspicion of any illicit activity.

4. Travel rule

In this recommendation, VASPs should record and share information of both the sender and receiver of any transaction performed above $1,000 in effort to fight money laundering. The $1,000 threshold varies with different jurisdictions, with other countries having $3,000 and others $1,000.

How does it work? Based on the threshold of the Country, the VASP of the sender of the money is required to share the personally identifiable information (PII) with the VASP of the recipient of the money. The recipient country VASP can perform its due diligence and report any suspicious activities.

Some of the information required includes the name and address of the sender and receiver, the unique identifier of the sender and receiver, and the amount and currency of the transaction

5. Reporting

In case of any abnormal activity, VASPs are required to report suspicious activities to their respective authorities. Data gathered from KYC/KYB and CDD are vital for investigations for a better understanding of the nature of the transaction and the identity of the parties involved.

VASPs are advised to maintain confidentiality in the matter and cooperate with relevant activities.

Cryptocurrency compliance is becoming increasingly important in the fast-evolving world of virtual assets. With the growing adoption of cryptocurrency and blockchain technology, regulators around the world are taking steps to ensure that the industry is transparent, accountable, and secure. For businesses and individuals involved in the virtual asset industry, compliance is essential to avoid legal and financial risks, as well as to protect against the use of virtual assets for illicit purposes.

As a compliant VASP, Kotani Pay is committed to meeting the highest standards of regulatory compliance, ensuring that our customers can transact with confidence and security.

Talk to us and let’s explore how you can transact across borders safely using our stablecoin settlement solution.



Kotani Pay

Our purpose here is to write great stories that inspire people to follow their unique path in life and explore ideas around making money beautiful.