Consulting Magazine - August 2018

and process alerts What is the road ahead from stakeholders’ perspective?

Regulators: Should promote an environment of partnerships between Financial Institutions (FIs) and cryptocurrency companies. Initially, cryptocurrency firms can focus on their core competency such as technological innovation whereas FIs can focus on operations and investment. Over time, the operational aspects could be outsourced to cryptocurrency firms and FIs can audit them periodically. Factors that should be considered by FIs before getting into joint ventures with cryptocurrency firms are:

a; What is the type of cryptocurrency system (closed, unidirectional,
bidirectional, centralized, and decentralized)? Decentralized bidi-
rectional cryptocurrencies are most risky
a; Are the cryptocurrency firm or its customers located in a high-risk
jurisdiction?
aDoes the firm have sufficient licenses, permits?
a; Is the exchanger or administrator linked to potentially illicit busi-
ness such as gambling?

Advantage to FIs: Access to the following:
a; Innovative solutions such as DLT, Smart Contract and Robotic Pro-
cess Automation (RPA) to fight ML
a; Unserved & underserved market segments who are potential cryp-
tocurrency users

Advantage to cryptocurrency companies: Access to the following:

aFunds in running business aMentors in understanding ML use cases

FIs’ Operations Team: Focus on:

1. Establishing strong Know Your Customer (KYC) and enhance due diligence by analyzing customer data from web, 3rd party databases, IP addresses, geo locations from multiple devices

2. Building a strong ML audit competency by training
the audit team w.r.t cryptocurrency technology and use
cases. Audit team should be able to:
a. Identify the weak links in the cryptocurrency
transaction flow
b. Assess the risk of cryptocurrency operations and
the extent to which BSA/AML regulations have
been incorporated

Cryptocurrency Firms’ Innovation Team: Focus on:

1. How to identity potential ML transactions? Trans-
actions with any of the following properties should be
considered as risky enough to generate SAR:
a. Buying casino chips using cryptocurrency
b. Transfer of cryptocurrencies to or from exchanges
based in high risk geographies
c. Transactions coming out from a ToR exit node
d. Actual volume or amount of transaction much
greater in comparison to expected volume or
amount
2. How to link the real identity behind wallet(s) and
addresses?
a. If a user logs on to two different wallets installed
on two different mobile devices, it is possible to
know using ‘cookie syncing’ that two particular
devices always connect to DLT from the same net-
work. It can therefore be inferred that same person
owns those two devices and therefore two wallets
b. Blockchain Analytics can link addresses using the
following rules
a; If two or more addresses are inputs to the same transaction, then
those addresses are controlled by the same user. For example if
one transaction has addresses W1 and W2 as inputs and another
has addresses W2 and W3 as inputs then we can conclude that
W1, W2 , and W3 belong to the same entity
a; If cryptocurrencies sent from address W1 always end on address
W2 then we can infer that W1 and W2 belong to same entity
a; If two addresses are shared to buy goods then we can infer that
those t wo addresses are controlled by a single entity

Once an address(s) is identified to be owned by a criminal, any cryptocurrency coming in or going out of that address(s) can be blacklisted or tainted.

3. How to automate alert generation process?

Machine learning can be leveraged to detect suspicious behavior and classify alerts as high, medium or low risk. Only the alerts with high and medium scores should be used for manual review. This would reduce dependencies on human operators and reduce the total time to triage alerts.

4. How to reduce the systemic cost of KYC?

Smart contract and RPA based KYC can be used to gain efficiency, reduce cost, improve customer experience, and increase transparency during customer onboarding. It allows customers to carry out full KYC process with one FI, and later on to share the result of that KYC with any other FI(s). KYC only needs to be carried out once for each customer, rather than once for each institution work-ing with that customer. Exiting KYC costs—$60 million per year per bank and as per Goldman Sachs’ reports, a 10 percent headcount reduction could be achieved with the introduction of smart contract in KYC procedures, resulting in $160 million in annual cost savings.

Saurav Mukherjee is a Fintech consultant with Cognizant Business Consulting and leads business IT transformation initiatives for major Financial Institutions in the US, UK and India.