14.09.2021White paper

How to Win the Crypto Exchange Race

Turn compliance into your competitive advantage.

Fourthline Forrester TEI thumbnailBy The Fourthline Team

Quick takeaways

  • In most parts of the world, crypto currency exchange is still an unregulated market.

  • In Europe, regulatory pressures are increasing and smaller crypto exchange companies will have to step up their game to stay in the race.

  • New and existing crypto customers need to be verified, accurately and urgently, in order to reduce costs, regulatory fines, and reputational backlash.

  • Fourthline offers crypto exchanges the automated bank-grade KYC solutions they need to prevent fraud and reduce total compliance costs up to 95%.

All eyes are on Binance, as the world's most popular crypto exchange works through a series of publicized issues surrounding its anti-money laundering (AML) practices across the globe. Most recently, the Dutch central bank (De Nederlandsche Bank) warned Binance that their failure to adhere to the country's AML regulations meant they were operating illegally, and lack of compliance would have serious repercussions.

This was just another blow in a recent string of issues for crypto exchanges. In August, the decentralized financial platform Poly Network was victim to a hacker who stole $600 million dollars worth of cryptocurrency. In February, a hacker group from North Korea targeted KuCoin, a Singapore-based crypto exchange, in a $275 million dollar theft. In 2020, PlusToken operators were sentenced to almost $1 million in fines and 11 years in prison for their roles in a $3 billion dollar Ponzi scheme that made headlines.

Notwithstanding the alarming money laundering and cyber security scandals related to Virtual Asset Service Providers (VASP), cryptocurrency is here to stay. Banks and online brokers (i.e. Trade Republic) are now offering cryptocurrency while crypto exchanges (i.e. BitPanda) are offering stock options. There's a race to see who can keep up, and who can get ahead, in an evolving crypto currency market.

This puts crypto exchange companies under increased pressure to implement robust compliance programs that include Customer Due Diligence (CDD), KYC/Anti-Money Laundering (AML), and Counter Terrorist Financing (CTF) procedures to mitigate financial and reputational risk and to guarantee the timely detection of fraud.

Market leaders anticipate upcoming legislations by investing in AI-empowered regulatory technology to meet complex compliance regulations. Smaller VASPs will also have to gain awareness and take necessary steps in order to stay in the race.

An unchartered regulatory landscape

During the past decade, the decentralized cryptocurrency landscape has remained largely unregulated. There is a growing awareness of the urgency to mitigate the high risks involved with trading cryptocurrencies. Fraudsters and crypto launderers have taken advantage of the fact that regulations vary per jurisdiction. Rules are either non-existent, under development, or subject to continuous legal modifications.

Fragmented jurisdictions within this unchartered territory are making it increasingly difficult for VASPs, without a KYC and identity partner, to adapt to new regulatory measures without compromising costs, conversions, and growth.

Regulatory pressure is increasing: what you should know

FATF Standards on Virtual Assets and VASPs

The Financial Task Force (FATF) “Travel Rule” guidance requires that financial services firms, including VASPs, exchange personally identifiable information about customers sending and receiving funds over a certain amount (in a bid to counter money laundering and terrorist financing). FATF is so concerned about the link between unregulated crypto trade and financial crime, that it has issued a Second Review of the Revised FATF Standards on Virtual Assets and VASPs in July, specifying a long list of offences related to virtual assets and financial crime.

EU Regulation of Markets in Crypto Assets (MiCA)

Following the Financial Task Force (FATF) recommendations, the European Commission has presented an ambitious package of legislative proposals in the EU's Security Union Strategy for 2020-2025. Its objective is to strengthen AML and CTF rules within the EU, including a proposal for the creation of a new EU authority to fight money laundering. The regulation for cryptoasset exchanges is included in this package and is defined in the proposed regulation of Markets in Crypto-Assets (MiCA).


The European Commission defines cryptoassets as “digital assets that may depend on cryptography and exist on a distributed ledger” (blockchain). It’s important to understand that MiCA neither applies to the blockchain technology underlying cryptocurrencies, nor to digital currencies issued by states and regulated by central banks.

Crypto Exchange Companies Liability

The crucial factor for VASPs and crypto exchange companies is that MiCA will hold these companies fully responsible for the abuse of their services by money launderers, fraudsters, and terrorist financers. Most of the rules are proposed for crypto transactions - or a series of linked crypto transactions - over €1000. The law proposed by the European Commission applies the so-called travel rule to crypto transactions in order to make these transactions traceable. FinCEN’s Travel Rule has been designed to preserve the information trail about who is sending and receiving money through funds transfer systems.  The travel rule helps law enforcement to “follow the money”.

CDD: Know Your Customer (KYC)

Companies that transfer cryptoassets must identify the senders and recipients to detect and prevent financial crime. The name, address, date of birth, account number and location of the account have to be identified, including the official and personal document number, customer ID number of the crypto transaction originator and the identity of the person who will receive the cryptoassets has to be verified. The recipient's service provider must also check if any of the required information is missing. Anonymous cryptoasset wallets will be strictly forbidden, just like anonymous bank accounts. Besides verifying sender and recipient profiles, underwriter best practices include the monitoring of numerous factors.


underwriterHow to navigate regulatory changes in the EU and stay one step ahead

Smaller crypto exchange companies could postpone or avoid jurisdictions that are in the process of regulating VASPs, but they should choose for an intelligent and proactive strategy in the long term, by anticipating legal requirements and preparing their businesses.

Depending on the jurisdiction, crypto exchange companies may be legally obliged to implement only the basics of Customer Due Diligence (CDD), but it is realistic to assume that companies and merchants that deal in crypto assets will be subject to the same strict compliance rules that other financial institutions abide to. One reason to support this is the fact that crypto exchanges are exchanges, and long-established exchanges like NASDAQ and the New York Stock Exchange are required to adhere to regulations.

Additionally, in the aforementioned MiCa legislative proposal, President of the European Commission Ursula von der Leyen is quoted expressing the need for “a common approach with Member States on cryptocurrencies to ensure we understand how to make the most of the opportunities they create and address the new risks they may pose”, further stressing the desire for a regulatory framework to be put in place.


Automated Customer Due Diligence Solutions

An agile crypto exchange company is ready for the present and well prepared for the future. New customers need to be identified, accurately and ASAP, in order to reduce costs. Due Diligence procedures include screening, identity verification, and an in-depth analysis of the risks that a business relationship may pose to the organization. Manual screening is costly and time- and labor intensive. Crypto exchange companies are facing changing rules and regulations which may differ per country and region. In order to be ready for the future, modular compliance solutions provide the perfect flexibility that these companies need. These are solutions that can customized and adapted according to a company’s changing (CDD, ECDD or OCDD) business needs.

How Fourthline partners with crypto exchanges to stay competitive and compliant

Fourthline offers VASPs a state-of-the-art regulatory technology suite that detects and prevents fraud and reduces total compliance costs up to 95% by eliminating costly manual processes that can be replaced by automated key components. Fourthline applies the highest (99.8% fraud accuracy) quality technology for document and ID verification. In addition to this high tech end-to-end KYC customer identification solution, our in-house experts act as your trusted advisors.

Particularly for smaller crypto exchange companies, our modular suite offers the flexibility to easily implement solutions as you grow (such as passport data extraction, geo-location through device fingerprinting, sanction list check, and proof-of-address check) on top of standard CDD tools, and fit to the demands of the regulators in the specific region(s) in which a VASP operates. Fourthline's proof-of-address check, for instance, uses a combination of device geolocation, customized rule logic, and an analysis of metadata consistency to flag fraudulent onboarding attempts.

Artificial Intelligence (AI)- empowered risk scoring is another key element in a robust Customer Due Diligence process. Our innovative product solutions replace time-consuming manual procedures, by applying rule-based and AI algorithm-based models to guarantee smooth and accurate risk profiling. The maximum score of our rule-based or algorithm-based models are combined to calculate the potential risk that a new or existing customer represents for a financial institution, or in this case, for a crypto exchange company.

Based on the VASPs compliance requirements, risk appetite, and existing processes, Fourthline designs bespoke decision-making and reporting protocols. These reports and data equip businesses with actionable insights they can leverage to fight fraud throughout the whole customer lifecycle.

When it comes to navigating regulatory juridistictions, Fourthline’s KYC and AML tools can be seamlessly scaled to meet local compliance regulations. Our suite of solutions comprise a 5AML- and GDPR-compliant process that fulfills all relevant regulatory requirements.

FL equips

Lead by Example

Due to its modular architecture, Fourthline’s solutions can be implemented during different phases, depending on specific needs of each business. The implementation of automated regulatory technology solutions mitigate risk and reduce compliance costs by 95%, due to the high cost in human resources involved in manual CDD/KYC/AML.

Cryptocurrency trade is under heavy scrutiny to comply with (AML 4/5) banking standards in order to detect and prevent the abuse of their platforms by money launderers, terrorist financers, fraudsters, and hackers. The price that VASPs ultimately pay in terms of financial and reputational damage can be avoided by transforming compliance – often perceived as a major ‘headache’ – into your company’s competitive advantage. Investment in a KYC and AML partner with a holistic suite of solutions pays off in the long term and reaffirms your position as a VASP that stays ahead of the game.

Gabriele Rosati
Want to learn more? Talk to our experts

Get in touch with Gabriele Rosati, who brings years of financial industry expertise at Fourthline.