In all CDD/AML projects, we come across transactions related to cryptocurrency. Regarding its characteristics, cryptocurrency combines features allowing (international) payments to be anonymous, fast, and cheap. For the user, anonymity can be an advantage, but it leads to possible compliance risks for the banks.

As a financial institution, you cannot ignore the existence and use of cryptocurrency. But how can you make sure that your organization does not violate the law and does not incur any damage through the use of cryptocurrency in your clients’ payments? This potential loss may include reputational damage or a fine from a supervisory authority for negligence in preventing money laundering and integrity violations.

Cryptocurrencies carry a high degree of risk

DNB qualifies cryptocurrency as a high-risk product. Cryptocurrency is a legal currency, but there are money laundering risks associated with its use and exchange. In 2017, the FIU established new money laundering typologies in response to cryptocurrency purchases and sales. Therefore, it is important that the use of cryptocurrency in payment transactions is qualified as a potential high-risk in banks’ customer due diligence and transaction monitoring.

Source of the funds

Central to CDD research are questions such as “who is the customer?”, “what is the account used for?”, “does the transaction pattern fit the customer?” and “what risks does the customer pose?”. These include geographic risk, capital risk, product risk, and transaction risk. The use of cryptocurrency is primarily about establishing the source of funds, and determining who is purchasing the cryptocurrency or for whom the cryptocurrency is being purchased.

How to recognize cryptocurrency transactions?
You can recognize cryptocurrency by transactions with exchange companies and crypto trading platforms. In, for example, the transaction description and/or the name of the counterparty you can see if cryptocurrency is purchased. Important here is: what is the source of the funds with which the cryptocurrency is purchased? Is this a purchase for own use or for third parties? The latter is particularly risky. The key question is: may we be facing an attempt to money laundering? Incoming money through an exchange company can also be identified by the sender. When you see such a transaction, the question is, “where did the money originally come from? Can you verify the source based on past purchases of the cryptocurrency? After selling the cryptocurrency, were funds immediately cashed in by withdrawals or transferred directly to another person or company? Does it come from a digital wallet, and who owns it? Is it coming from different wallets? Finally, does it appear to be a one-off, and does it concern a small amount? In the latter case, depending on possible other risk factors, it is not always necessary to review the customer periodically for cryptocurrency.

Binding advice of a compliance officer
The analyst maps out the risks and determines the customer’s risk profile. From a CDD perspective, customers who conduct transactions with cryptocurrency have a high transaction risk. Therefore, it is important that the CDD analyst also includes the FIU’s money laundering typologies for the purchase and sale of cryptocurrency in the analysis. If there are characteristics of any of these typologies, the analyst should incorporate them in the conclusion. When determining the risk profile, the analyst will examine – among other things – whether there are many transactions with the cryptocurrency or whether it is an ‘ordinary’ investment. When in doubt, the analyst can seek advice from the compliance officer. Based on the investigation, the compliance officer provides binding advice on the client’s [intended] risk rating, and how to further monitor and deal with the client. One of the customer’s controls may be that cryptocurrency-related transactions through the customer’s payment account are no longer permitted. If there is an unusual transaction on the account, a report to the FIU-the Netherlands is required.

Be ready for the future with new payment methods. Use cryptocurrency insights to set up your CDD research and transaction monitoring.
Merel Vermoolen

Ban on cryptocurrencies?

As an organization, you run the risk of being held accountable for not preventing money laundering. You can manage this risk by putting sufficient effort into your CDD research and transaction monitoring. An important precondition is for analysts to be well aware of the cryptocurrency risks. They also must apprehend the money laundering typologies related to the purchase and sale of cryptocurrency. For example, training from a compliance officer can help increase knowledge of money laundering typologies and awareness of these risks.

Or is it easier and/or better to ban customers who carry out transactions with cryptocurrency? From a commercial perspective, it may be a shame to exclude these customers just for that reason. These customers can yield a lot through knowledge sharing, which you can use to develop new products and improve old ones. Furthermore, banning these clients is also not a future-proof solution. The use of cryptocurrency provides new insights into new payment methods. It is expected that its use will only increase in the future. Understanding this payment system is therefore becoming increasingly essential. Cryptocurrency offers your organization an opportunity to anticipate these new payment methods directly. Believing that compliance means being integral and acting with integrity. It is also more future-proof to properly set up CDD research and transaction monitoring related to new payment methods. Sufficient expertise is now available. Of course, we can help to unburden organizations in this area.

Crypto exchange companies fall under DNB regulation

We currently notice that it is difficult for crypto exchange companies to open a bank account in the Netherlands. Banks are reluctant to provide services to these parties given the requirements under the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act [Wet ter voorkoming van witwassen en financieren van terrorisme]. They want to avoid becoming part of a money-laundering scheme. Meanwhile, the crypto exchange companies themselves are now also subject to DNB regulation, which means that they are obliged to register with DNB, conduct customer due diligence, monitor transactions and report to the FIU. This does not alter the fact that a bank must also continue to carry out careful CDD research and transaction monitoring.


Ensuring that CDD research and transaction monitoring are in order in relation to the use of cryptocurrencies is important to prevent your organization from suffering reputational or financial damage. It is not about banning cryptocurrencies but rather setting up your organization with the right policies, processes, and procedures what will future-proof your business. With the right tools and resources, you can sufficiently mitigate cryptocurrency risks. Stay critical, however, because the required monitoring turns these customers into intensive customers.