FinCEN releases red flags for fentanyl and Bitcoin

By Christine Duhaime | August 24th, 2019

FinCEN has released a very good plain language advisory for banks to become aware of, and assess the purchase and trafficking of fentanyl online for financial crime compliance. Fentanyl is imported in bulk from Mexican cartels and follows the same typology as typical TCOs and money laundering activities. It is also imported from China via online sales on the darknet using Bitcoin, Ether or Monero and the red flags in respect thereof are different.

With respect to fentanyl ordered online, the way it works is as follows:

  • A person accesses through TOR a darknet marketplace that allows vendors to sell fentanyl, or the person locates an online vendor in the normal way;
  • The person opens an account, makes the purchase and pays in Bitcoin;
  • The darknet marketplace uses its pooled Bitcoin wallet to broker the deal so that you or I, or law enforcement, cannot know what Bitcoin wallet address is involved in illegal activities and so the person paying is paying to the marketplace, not the vendor;
  • The darknet marketplace extracts their commission in Bitcoin for brokering sales of illegal drugs and they send the remaining Bitcoin to the drug dealer; and
  • The drug dealer uses the postal service or a courier to ship the fentanyl to the buyer.

Knowing that that’s the process, things for banks to be aware of to gate-keep the financial system are as follows:

  • With respect to digital currency exchanges, undertake due diligence to ensure that you are aware of any in your ecosystem (including your clients who bank exchanges) that have darknet capabilities. For example, there is an ICO exchange in Vancouver that has darknet capabilities for no obvious reason.
  • With respect to digital currency exchanges, undertake due diligence to be comfortable that the terms of use are adequate and make sense – this is important because it speaks to competence and knowledge of the law. We came across an exchange in Canada, for example, that in describing corporate accounts for financial crime purposes to onboard, asked companies to confirm whether they have shareholders or no shareholders; the latter evidences the exchange lacks corporate law knowledge, which means they likely will not be adequately versed in more complex financial crime law, which poses a risk to banks. Another exchange in Canada has some nonsensical terms of use in which it states that cheque cashing services and collection agencies and securities brokers are not regulated in Canada and therefore are prohibited and yet it has no provisions prohibiting sanctioned countries or terrorist activities or listed terrorist persons from trading in Bitcoin and using the exchange’s bank account in Alberta for those transactions.
  • With respect to digital currency exchanges, undertake due diligence to ensure that the terms of use identify the jurisdiction of law because if no jurisdiction is identified, it means the corporate entity is obfuscating its own identity, which is inconsistent with financial crime compliance.
  • With respect to digital currency exchanges, undertake due diligence to ensure the officers are identified on the business’s website – if not, that is a red flag indicating the business lacks transparency.

The FinCEN advisory mentions AlphaBay, the Canadian darknet marketplace that was the largest in the world which operated with bank accounts processing billions of dollars in Bitcoin and money solely for criminal activities, including the sale of fentanyl which resulted in the untimely death of young adults around the world. You can read about AlphaBay here.

Learning from the AlphaBay case, an obvious red flag is corporate officers who are young, flush with cash and sudden wealth and no gainful employment, or corporate sales to account for the increase in wealth.

Red flags also include transactions involving countries such as the Seychelles, Malta, Guernsey, the Isle of Man, Jersey, Cyprus and other jurisdictions that are known for lax financial crime compliance and where identity of corporate controllers is difficult to verify.

Banks will rarely know if a customer uses a mixer or anonymizer but FinCEN notes that using mixers and anonymizes is a financial crime red flag. That’s because the purpose of mixers is to obfuscate the transactor behind a Bitcoin transaction.

FinCEN also lists as a red flag, bank customers with previous criminal records for drug trafficking – they are more likely to get back into the drug trafficking business online using Bitcoin.

In all the Bitcoin tracing work we have done for the preparation of SARs for clients, almost every single case was traced to the pooled wallet of just one digital currency exchange. That being said, another red flag is to be cognizant of what digital currency exchanges are preferred for criminal activities and to make decisions to minimize bank exposure in respect of those organizations and customers associated with those exchanges.

You can read more from FinCEN here.

Share this Post:
  • Facebook
  • Twitter
  • LinkedIn
  • Print
  • email

Comments are closed.