Compliance Rating of Cryptocurrency Exchange Huobi Disappoints in Latest Industry Evaluation

The rise of cryptocurrencies and blockchain technology has undoubtedly revolutionized the financial industry, offering a decentralized and transparent alternative to traditional payment systems. However, the industry faces a major hurdle that threatens to undermine its potential: compliance.

The importance of compliance in the blockchain and crypto industry cannot be overstated. It is the cornerstone upon which the integrity of the industry rests and is the key to building trust among users, investors, and regulators alike.

Crypto exchanges, which are the gateway to the world of cryptocurrencies, are particularly vulnerable to compliance issues. Without proper compliance measures, these exchanges become a haven for money launderers, terrorist financiers, and other nefarious actors seeking to exploit the anonymity and decentralized nature of cryptocurrencies. This poses a significant risk not only to the exchanges themselves, but also to the wider financial system and the society at large.

To achieve compliance, crypto exchanges must implement robust Know Your Customer (KYC) and Anti-Money Laundering (AML) policies, which require exchanges to verify the identity of users and monitor transactions for suspicious activity. Nevertheless, compliance can be a daunting task for exchanges, especially given the global and decentralized nature of cryptocurrencies, which is why, companies that offer such services exist.

Compliance in the legacy system versus compliance in the crypto system

The legacy financial system is highly regulated by government agencies like FinCEN and the SEC, while the regulatory environment for crypto exchanges is still evolving.

Compliance requirements for traditional financial institutions are often more prescriptive and detailed, and they have more established technology infrastructures and compliance departments compared to newer crypto exchanges that rely on third-party technology providers for compliance procedures.

The use of blockchain technology in crypto exchanges can create unique compliance challenges. Both the legacy financial system and the crypto industry have seen notable cases of non-compliance resulting in huge fines.

Some recent instances include Signature Bank and Coinbase in the cryptocurrency industry, and the 2012 money laundering scandal at HSBC, which resulted in a fine of $1.9 billion. In 2014, JPMorgan Chase was fined $2.6 billion for failing to prevent the Madoff Ponzi scheme, and in 2016, Wells Fargo faced a fine of $185 million for its cross-selling scandal. Additionally, in 2018, Danske Bank was fined $2 billion for its involvement in a money laundering scandal related to its Estonian branch in the traditional financial system.

As the crypto market evolves, we can expect more regulatory scrutiny and enforcement actions in this area to ensure compliance with regulatory requirements.

Case Summary and methodology

UNLOCK Blockchain and VAF Compliance have collaborated to analyze the risks connected with wallet addresses associated with centralized exchange Huobi, which is currently in the MVP stage and has applied for a VARA license in the UAE.

Using cryptocurrency forensic tools and open-source intelligence tools (OSINT) (i.e., OFAC lists, Blockchain explorers), VAF Compliance screened transactions and wallets with cluster monitoring.

The case particularly demonstrates how VAF Compliance can detect flaws and risks in the operations of crypto exchanges and help institutions safely interact with crypto wallets, through undertaking thorough screening of withdrawals and deposits associated with these wallets for potential money laundering and sanctions risks.

The analysis of the cluster of wallets was conducted between March 01, 2023, and March 14, 2023, noting that the activity period covered by this cluster was from 2013 to 2023.

During the analysis, VAF Compliance utilized virtual asset investigation software and publicly available blockchain information to successfully identify and confirm the source and destination of funds. As a result, this report includes the wallet balances, transaction flow, and the extent to which the specific wallet cluster is exposed to various addresses.

VAF Compliance concluded their analysis based on the information provided about the cluster in question and its relationships with various services such as exchanges and sanctioned addresses. The report includes table representations of the cluster’s main relationships with other services, exchanges, and wallets.

It is important to note that the cluster got a rating of C-, which was determined by the transactions of the cluster wallet with categorized addresses related to Child Abuse, Terrorism Financing, and OFAC sanctions among others.

Analysis

This analysis only covers Bitcoin wallet addresses. An overview of the root address of the cluster is presented in Table 1.

BTC Cluster Analysis

In the review, the counterparty categories have been identified with the cluster. Table 2 presents the breakdown of the categories and the percentage contribution of each category to the total Bitcoins directly sent and received.

The table shows that the wallet cluster has exposures to all risky categories – from low risk such as exchanges to severe risk such as sanctions.

Among the severe risk categories, 1.83 Bitcoins were directly sent from the BTC root address to addresses related to child abuse material, 416.5 Bitcoins were directly sent to addresses related to darknet market, 21,081.98 Bitcoins were directly sent to addresses related to sanctions, and 31.20 Bitcoins were directly sent to addresses related to terrorist financing.

Although the percentages of these amounts may not seem significant, they could potentially pose a significant risk to Exchange’s legitimacy and subject it to regulatory fines.

Considering the indirect exposures, table 3 presents the breakdown of the categories and the percentage contribution of each category to the total Bitcoins indirectly sent and received.

Severe Risk Exposure Analysis

In reference to the severe risk exposures, the addresses, particularly those to where assets were directly sent, have been scrutinized with a focus on the following categories:

• Child Abuse Material

• Sanctions

• Terrorist Financing

Table 4 shows the top 5 direct counterparties of the cluster in terms of Bitcoin directly sent to child abuse material. These counterparties account for 68.16% of the total 1.83 Bitcoins directly sent to child abuse material addresses.

The same analysis was done for the severe risk exposures related to sanctions and terrorist financing. The corresponding tables are presented below:

Given that the addresses shown in table 5 were only sanctioned on April 4, 2022, an assessment has been conducted to determine how many of these Bitcoins were sent out after the sanctions were imposed.

Notably, 218 transfers with approximately 4,461 Bitcoins and 2 transfers with approximately 5.1614 Bitcoins were sent to Garantex’s address and Hydra Marketplace 1K2fmE’s address, respectively, after the addresses were sanctioned by the OFAC.

Regarding terrorist financing, no further transfers were made to the addresses in table 6 after the seizure date July 1, 2021.

Discussion

The blockchain’s inherent characteristics make it impossible to block the receipt of funds in a wallet address, which is why various exchanges are adopting distinct measures to hinder the transfer of suspicious funds to their clients.

As a best practice, centralized exchanges typically whitelist wallet addresses before allowing withdrawals to those addresses. As part of the whitelisting process, several service exchanges conduct verification checks on the wallets, including scanning the addresses against sanctions and terrorist financing lists.

From the transaction flow analysis, it appears that the centralized exchange did not conduct sufficient due diligence on some addresses, thus allowing multiple transfers to be sent to high and severe-risk addresses, even after the addresses were placed on sanction lists.

Implications

While it is true that a single user cannot fully control the exposures of a service wallet like an exchange, any exposure that does exist will be passed on to the addresses within the cluster.

Consequently, a user’s risk profile might be impacted, which can affect their risk rating during the onboarding process with a regulated entity. Any exposure to high-risk categories, such as a sanctioned wallet, can raise red flags for financial institutions.

In fact, a single wallet address within a service exchange wallet may carry inherent risks. Setting aside the potential penalties or enforcement actions that a regulator may impose on the entity for failures in the AML monitoring process, which could be significant, we will instead focus on the risks that will affect the client’s profile and could result in, but not limited to: higher risk profile, increased scrutiny, delayed and protracted onboarding, and limited access to certain services.

This being said, even if users have not intentionally involved themselves with high-risk groups, they may still raise concerns for institutions because of the risks associated with the service wallet. As a result, users will bear the burden of the potential repercussions of the transfer of risk.

In conclusion, this report presents a real and clear case study, which emphasizes the important technical assistance that VAF Compliance offers to digital or virtual asset providers in meeting regulatory requirements and in protecting their users.

After all, the importance of crypto compliance cannot be overstated, and it really depends on the country that the business is operating in. For instance, in a country like the UAE, which is at the forefront of the industry and is one of the most technologically advanced countries in the world, crypto businesses must ensure that they are fully compliant with all regulatory requirements. Otherwise, failing to comply with these regulations could have serious consequences, including significant penalties, legal ramifications, and damage to the exchange’s reputation. Furthermore, it could also impact the exchange’s standing in the countries where it operates.

With this in mind, the crypto industry is facing challenges due to wrongdoings and regulatory pressure. While these challenges may be daunting, it is important for the industry to take responsibility and work towards compliance with regulations.

Binance’s recent actions have given regulators a cornerstone to start from. It is therefore critical for exchanges to carefully navigate regulatory requirements in order to build trust and maintain momentum in the crypto industry.

For the full report, please contact us on info@unlock-bc.com.

UNLOCK Blockchain is solely reporting the information presented in this piece and is not endorsing or adopting it in any manner. Kindly read disclaimer here.