Insights
November 25, 2024

Webinar Recap: Navigating Risk in Crypto Payments

TRM InsightsInsights
Webinar Recap: Navigating Risk in Crypto Payments

Last month, TRM Labs’ Senior Policy Advisor Angela Ang was joined by Aaron Chua (Regional Head of Compliance at Fazz Financial and StraitsX, a Singapore-headquartered digital asset payment service provider and stablecoin issuer) and Rodrigo Peiteado (Financial Crime Intelligence Lead at BVNK, a UK-headquartered payments infrastructure provider) to discuss risk management in crypto payments.

According to TRM Labs, payment service providers (PSPs) across 60 countries process billions in crypto payments annually. While PSPs can help deliver on crypto payments’ tremendous potential and promise for consumers and businesses — value transfer at the speed of the internet — they also face unique risks by sitting at the intersection of payments and crypto.

This webinar unpacked some of the key considerations for a crypto payments risk management program, as well as practical tips for fintech compliance teams. Read on for highlights and key takeaways from the session, or watch the full recording below.

The unique world of crypto payments

The conversation kicked off by discussing how risk management differs fundamentally between crypto exchanges and PSPs. The speakers all agreed that there were significant differences. Exchanges primarily deal with trading, requiring a focus on individual users’ sources of wealth and transactional behaviors. In contrast, PSPs serve a more complex clientele — from merchants to financial institutions — with multifaceted use cases such as vendor payments, treasury management, and nested services.

Rodrigo stressed that PSPs often face intricate compliance challenges because client business models can vary widely. A normal transaction pattern for one client may be a red flag for another. For instance, a brokerage’s transaction patterns differ significantly from those of a gaming company. PSPs also see a wider range of financial crime typologies — like shell companies and trade–based money laundering — especially in B2B use cases. Aaron added that getting a good grasp of the customer’s use case at onboarding is critical to managing risk effectively. The PSP can then develop tailored monitoring frameworks to identify transactions that are not congruent to the intended use case.

Balancing risk management and customer experience

In payments — where speed, cost, and efficiency are key competitive advantages — it is also critical to balance between risk management and customer experience. 

Rodrigo outlined four guiding principles for striking the right balance:

  1. Deep client understanding: Robust onboarding and due diligence to capture a client’s unique profile.
  2. Multi-layered transaction monitoring: Continuously reassessing transaction monitoring rules and thresholds, adapting to new risks observed as well as insights from client profiling.
  3. Strong expertise and good judgment: As wrongfully withholding funds can cause damage to the client, it is critical for the compliance team to be able to discern false positives early. 
  4. Client trust and communication: Good communication is especially key when you are adding friction to the process, such as when there are additional requests for information.

Aaron highlighted how StraitsX operationalizes these principles by proactively engaging clients during onboarding to map out fund flows, and rationalizing transactions based on business models. Verifying the customer’s representation of their use case is also important. For example, for a customer collecting customer payments, his team would request for supporting documents like invoices and contracts, as well as examine the company’s website, to prove the legitimacy of transactions. He also noted that a robust onboarding process incorporating these elements minimizes the need for subsequent requests for information, which could negatively impact the customer experience. 

The nesting challenge 

Nested relationships — where a PSP onboards another PSP that serves end users, or even other PSPs — also emerged as a key topic. 

Nesting is a legitimate business arrangement that exists in both traditional finance and crypto. It allows businesses to reduce cost, expand reach, and increase economies of scale. However, it does come with additional risks. Rodrigo highlighted that the layered nature of nested relationships limits visibility into the ultimate users of funds. Aaron shared how StraitsX preemptively addresses this challenge by requiring detailed onboarding disclosures and using APIs to track transactions for each of the nested PSP’s customers. 

Leveraging blockchain’s unique features

The discussion then moved to the implications of blockchain technology in managing crypto-specific risks. Rodrigo noted that the speed of crypto payments is a double-edged sword for PSPs, allowing both legitimate and illicit transactions to happen faster. However, the inherent transparency and traceability of the blockchain — combined with blockchain intelligence tools like TRM and strong regulatory frameworks like the FATF Travel Rule —  provides the industry with effective tools to manage risk. 

In particular, Aaron championed programmability of blockchain-based payments as a game-changer. He shared an example where StraitsX used programmable money to ensure charity funds reached intended beneficiaries. By embedding conditions into digital vouchers, they assured donors that their contributions were used as intended, reducing the risk of misappropriation and other financial crime.

Compliance is not a checkbox

The discussion wrapped up with a reflection on the importance of nuanced judgment in compliance. A checkbox mentality that looks at a transaction or a customer solely through a pre-defined list of red flags may misidentify risk. Rodrigo stressed that red flags should be viewed as useful indicators, not definitive conclusions. Aaron echoed this sentiment, noting that red flags were established based on understanding of human behavior. Compliance teams must therefore not neglect that behavior can evolve over time, as bad actors get smarter at evading detection.

Final takeaways

As the session concluded, Angela asked the speakers to summarize their approach to managing risk in crypto payments in one sentence:

  • Aaron: “Stay true to your principles but be creative in your approach.”
  • Rodrigo: “Data and knowledge are the most important things in risk management.”

These insights underscore the fascinating world of crypto payments compliance. By combining deep domain expertise, innovative tools, and a flexible mindset, PSPs can navigate the complexities of this dynamic space while enabling the safe growth of digital payments.

{{horizontal-line}}

For more on managing risk in crypto payments, read our white paper here

This is some text inside of a div block.
Subscribe and stay up to date with our insights
arrow right
October 3, 2024

Recap: Quarterly Crypto Policy Roundtable, Q3 2024

arrow right
October 9, 2024

TRM Talks: Building with Compliance at Crypto’s First Bank with Rachel Anderika, Anchorage Digital

arrow right
August 8, 2024

Webinar Recap: Trends and Tactics to Strengthen Your Sanctions Program

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT