Investigations | July 10, 2024

Uncovering money muling and nested services in crypto

by the Crystal Marketing Team

On June 13, 2024, Crystal Intelligence and Chainar, a crypto compliance advisory and investigative firm based in Stockholm, Sweden, co-hosted a webinar panel discussion titled “Uncovering crypto crime: using blockchain analytics in compliance cases”. 

An expert panel provided insights into crypto compliance investigations about money muling via crypto, and nested services on crypto exchanges, both illustrated with real world case studies. 

The panel was made up of: 

  • Nicholas Smart, Director of Intelligence at Crystal, who led the discussion. 
  • Margareta Kowalska, Professional crypto compliance expert with extensive experience in AML and co-founder of Chainar, which is a Crystal partner. 

Understanding crypto crime: the common crypto crime typologies 

Margareta gave an overview of common crypto crime typologies, noting how they mimic the methods criminals use with fiat. She said cryptocurrency transactions are popular with criminals because of their speed, anonymity, and automation. 

 The illicit transactions involving crypto are performed as: 

  • Fiat to crypto 
  • Crypto to crypto 
  • Crypto to fiat 

Although the crypto industry has disrupted the traditional financial sector, fiat and crypto are integrating with each other. And recent trends in criminal activity and the use of cryptocurrencies to launder money show how the two worlds are merging. 

Money muling with the use of crypto 

Money muling is a type of money laundering in which people move illegal proceeds through their bank or crypto accounts on behalf of criminal entities without necessarily being directly involved in the criminal activities which generated the funds. 

It affects traditional finance as well, and crypto transactions’ borderless nature and privacy are attractive to criminals. A 2016 Europol anti-money muling operation estimated that over 90% of money mule transactions were cybercrime-linked. 

The types of crypto money mules 

Margareta described the three types of crypto money mules: 

  • Complicit: individuals who are members of, or work on behalf of, the organized crime groups (OCGs) or entities who knowingly allow money laundering via their crypto wallets, bank accounts or virtual asset service provider (VASP) accounts. They also often act as recruiters of money mules. 
  • Witting: Individuals who are not OCG members who suspect the funds are illicit but take the risk of allowing suspicious transactions via their facilities in return for a financial gain. 
  • Unwitting:  Individuals who have been duped by scammers into allowing movement of illegal funds through their accounts without knowing that they are laundering money. 

Margareta highlighted Interpol’s 2022 #YourAccountYourCrime campaign, which cautioned the public that individuals are responsible for securing their accounts, and they can be prosecuted for moving illicit funds for a third party regardless of their level of complicity. 

The warning signs of money muling for compliance officers 

Financial industry participants should have AML systems in place which detect possible money muling in the know your customer (KYC), know your business (KYB), and know your transaction (KYT) processes. If an incident is detected, responsible teams should follow their AML policies and implement adequate procedures which are, for example, part of their enhanced due diligence (EDD) process. 

Margareta touched on money mule recruitment tactics that compliance officers should be mindful of, such as: 

  • Fake job offers and instant cash profit offers, as such scams often initially appear legitimate to the potential mules. 
  • Recruiters most often target individuals in some state of financial duress, such as new immigrants, cash-strapped students, the unemployed, and victims of scams. 
  •  The recruiting process is designed to gain new hires for facilitating future laundering money for bad actors to avoid detection and prosecution by law enforcement agencies (LEAs), as well as in some cases for designated entities and physical persons to dodge sanctions. 

Europol busts money mule syndicate: a case study 

She discussed the May 2024 Europol-run takedown of two multinational money mule recruitment rings which are accused of laundering over €10M. 

She highlighted two remarkable aspects of the complex money muling operation and investigation: 

  • Since the perpetrators lacked the technical skills to carry out their crypto scams and launder the proceeds using money mules, they outsourced part of the work to external illegal service providers, also bad actors, who introduced a crime-as-a-service business model. 
  •  LEAs discovered two money laundering rackets which worked using crypto funds that were linked to the main group and were detected by using crypto-tracing analysis. This suggests that crypto crime investigation personnel, utilized tools, and services have improved in response to involvement and rise of crypto crime. 

The importance of blockchain intelligence in compliance 

Margareta said effective blockchain intelligence must be incorporated into compliance checks and processes in AML frameworks. She cited its role in the blockchain-based investigations underpinning the Europol operation as an example. 

She added that when financial institutions are shaping general risk assessment policies (GRA), their processes and procedures of potential risks management should include fiat alongside crypto. 

She concluded by outlining challenges that public and private sector compliance teams face in 2024. These challenges generally touch on rising financial crime, especially the more complex crypto crime, and increased regulations. She focused briefly on the ‘battle for talent’, which she identified as a shortage of trained crypto crime investigators. 

Q & A on crypto compliance investigations and money muling 

In the Q & A session which followed, panelists gave their views on the current popularity of money muling with the use of cryptocurrencies, and the status quo of compliance investigations and processes. 

Margareta reiterated that borderless, pseudo anonymous, and quick crypto transactions are still an attractive option for money mules trying to launder funds. 

On financial crime investigations, she noted that improved tools and resources in recent years are starting to get results in current and old crypto crime cases. 

Federico Paesano shared that when he was involved in establishing the Working Group on Criminal Finances and Cryptocurrencies with Interpol and Europol in 2014, they had just one case study on money laundering via crypto, yet today they have ‘literally hundreds of cases’ to learn from. He attributes much of this to improved detection techniques and increased understanding among LEAs of the minutiae of how financial crime in the industry works. 

He also referred to the ongoing symbiosis between both money launderers’ growing sophistication and that of LEAs, as the latter learn how to detect and counter the formers’ evolving criminal skills. He added that these learnings are then incorporated into Crystal’s compliance and investigation training programs. 

Nick suggested the sharp increase in crypto money muling is because tightening the regulatory framework in recent years shone a light on other money laundering methods. Criminals responded by recruiting money mules to exploit different chinks in the crypto industry’s armor since they could move funds via mules’ legitimate crypto wallets. 

Echoing Federico’s words, he quipped, “We build a ten-foot wall, and they bring a twelve-foot ladder.” 

Of compliance, he said creating a safe AML regime in the crypto industry is a holistic and ongoing process from onboarding to the end. 

Crypto compliance cases and nested services 

Federico discussed the crypto risks of nested services, which are personal accounts legally opened by individuals to provide financial services to other parties rather than for the latter individual’s sole use. 

The nested service is legal, and transactions from it to a crypto exchange are subject to KYC vetting at the exchange, where investigators encounter them. However, what Law Enforcement will receive is the KYC done on the nested service, rather than useful information on the people using it. 

This creates a blind spot for investigators on crypto exchanges which money mules can sneak laundered funds past undetected. 

Margareta said a supervised whitelist of approved and regulated industry participants would see nested services integrated into the regulatory framework. She warned that VASPs dealing with them should consider that they might risk increasing their exposure to illicit funds in specific cases when AML measures are either not implemented or insufficient. 

Federico concluded his presentation with his view on policy surrounding nested services, saying that Crystal has made recommendations that exchanges monitor them to mitigate their own exposure to risk. 

The Q&A following Federico’s presentation touched on privacy coins. 

Margareta drew on her compliance background to advocate for increased collaboration, transparency and traceability in the fight against international crypto crime. 

Federico said increased government regulation globally caused many major exchanges to delist privacy coins. He added that most crypto crime is committed via popular coins, not private ones. 

Nick concurred, adding that criminals stick to simple methods that work for them and develop new criminal typologies to avoid detection by LEAs on popular exchanges. 

The final question was whether exchanges put profit over management of the risks presented by nested services. The panel generally concurred that the business can be seen as lucrative in the short term but may involve risk in the long term. Federico and Nick agreed that if irregularities with nested services are detected, the responses should be swift and emphatic. 

The future of uncovering crypto crime and investigations 

Margareta said that while financial institutions and VASPs might bemoan the high cost of compliance in the short term, it is necessary to remain operational. She explained that regulators issue heavy fines to non-compliant VASPs, and that the amount of crypto regulation is increasing on national and international levels. 

Federico encouraged all compliance teams to educate themselves on how crypto crime works, what tools are available to fight it, and how to use those tools. Nick agreed and closed the webinar by imploring compliance teams to use all their resources to fight crypto crime effectively. 

You can watch the full webinar over on YouTube

Solve your crypto investigations with Crystal by requesting a demo. Reach out to Chainar for a crypto compliance advisory

Be the first to get news from Crystal