CCAS Questions and Answers

Public blockchain data is pseudonymous, meaning wallet addresses alone do not reveal the owner’s identity. To identify the natural person controlling the wallet, the VASP must acquire additional information, typically through customer due diligence (CDD) processes or data obtained from exchanges and counterparties, linking the wallet address to an individual.

Periodic review (A), transaction screening (C), and obtaining transactional data (D) support ongoing monitoring but do not alone establish identity.

AML and FATF guidance emphasize that ownership linkage requires collecting identifying information beyond blockchain data to comply with AML regulations.

The Board holds ultimate responsibility for policy approval under DFSA and FSRA AML rules, ensuring senior-level oversight.

Bitcoin and Ethereum have fundamental differences important to investigators:

Variety of applications, assets, and networks (B): Ethereum supports diverse decentralized applications (dApps), multiple tokens (ERC-20, ERC-721), and various networks, complicating transaction tracing compared to Bitcoin’s primary use as a cryptocurrency.

Ledger model (D): Ethereum uses an account-based ledger model, while Bitcoin uses a UTXO (unspent transaction output) model, affecting how transactions are recorded and analyzed.

Transaction cost (A) and address length (C) differ but are less relevant for fund flow investigations.

Machine learning (ML) and artificial intelligence (AI) are applied within compliance frameworks to enhance the efficiency of monitoring and detection processes and to allow skilled compliance resources to focus on higher-value activities such as complex investigations and strategic decision-making. ML/AI tools can process vast amounts of transaction data to identify suspicious patterns faster than manual processes.

They do not reduce the fundamental requirement for risk assessment (A) nor are they intended primarily to reduce headcount (C), but rather to optimize resource allocation.

AML and DFSA guidance emphasize leveraging technology to improve the effectiveness and efficiency of AML controls while maintaining robust risk management.

EDD is required when dealing with customers or transactions from jurisdictions identified as high-risk for ML/TF. This aligns with FATF Recommendation 19 and local UAE regulations.

Mixing and tumbling services are used to obscure the origin of funds by blending multiple transactions, resulting in unknown or disguised sources of funds. This is a classic money laundering technique.

Rapid trades (B), IP address obfuscation (C), and transactions to high-risk jurisdictions (D) are separate or related risks but not direct indicators of mixing/tumbling.

Unhosted wallets allow direct user control without third-party oversight, making them harder to monitor and more vulnerable to misuse.

Sharing of the same IP address by multiple customers during onboarding can indicate potential fraud, identity manipulation, or collusion, and should be flagged for further investigation. This can be a sign of synthetic identities or multiple accounts controlled by the same person.

Receipt of law enforcement requests (A) usually occurs post-onboarding, while the location (B) or use of foreign IDs (C) is not inherently suspicious.

Indirect exposure occurs when funds pass through one or more intermediary wallets before reaching a known illicit destination. This requires enhanced monitoring to capture risks that are not directly linked but are part of the transaction chain.

The main red flag is the customer’s failure to cooperate with requests to provide information on the origin of funds, which undermines transparency and raises suspicion regarding the legitimacy of the funds.

While an unconnected IP address (D) is suspicious, non-cooperation (C) is a stronger indicator of potential money laundering.

Ongoing monitoring is the continuous analysis of customer activity to detect unusual or suspicious patterns over time.

Attribution data involves linking blockchain addresses to real-world entities, which is derived from a combination of public sources (blockchain explorers, public databases) and non-public sources (law enforcement databases, commercial analytics, exchange records).

Relying solely on blockchain data (C) or darknet sources (D) is insufficient. Business records (A) are part of non-public sources.

DFSA and FATF AML guidance underscore the multi-source approach for effective forensic attribution.

Integration is the final stage of money laundering, where illicit funds re-enter the economy appearing legitimate — e.g., converting crypto into fiat via exchanges or buying assets.

Anonymity-enhanced cryptoassets employ specific technical features to obfuscate the details of transactions and the identities of users to reduce traceability and increase privacy. These include:

Automatic mixing (B):This refers to mechanisms such as coin mixers or tumblers that combine multiple transactions from different users into one batch and redistribute them, breaking the direct transaction link and obscuring the audit trail.

Cryptographic enhancements (D):Techniques such as zero-knowledge proofs, ring signatures, stealth addresses, and confidential transactions are cryptographic protocols that conceal sender, receiver, and transaction amount information, making the blockchain ledger less transparent.

Other options explained:

Proof-of-stake mining (A)is a consensus mechanism and not related to anonymity features.

Secure hashing algorithm 256 (C)is a cryptographic hash function standard but does not directly enhance anonymity.

MetaMask wallet (E)is a non-custodial wallet used mainly for Ethereum and tokens but is not an anonymity tool.

References from official crypto AML guidance and typology papers:

DFSA AML Module and thematic reviews highlight these anonymity techniques as high-risk indicators requiring enhanced due diligence (EDD).

UAE typology papers and FATF virtual asset guidance emphasize the risk posed by anonymity-enhanced cryptoassets using automatic mixing and cryptographic enhancements to circumvent AML controls【AML/VER25/05-24: Sections 6.4, 7.3; 31.92._TFS_Typology_Paper_Eng__4.pdf】.

Effective risk mitigation requires VASPs to obtain sufficient information about counterpart VASPs to assess the quality of their regulatory supervision and controls. This helps determine the risk of transactions and build a risk-based framework for correspondent relationships.

Having no requirements (A) or engaging with poorly regulated jurisdictions (B) increases risk. Blanket high-risk classification (C) without proper assessment is inefficient.

FATF Recommendation 15 and DFSA guidance emphasize due diligence on counterparties as a critical control.

The EU’s Markets in Crypto-Assets Regulation (MICA) applies specifically to:

Electronic Money Tokens (B): Tokens that fulfill the definition of electronic money under the E-Money Directive.

Cryptoassets (D): Broad category including digital representations of value that are not covered by existing financial services legislation.

Asset-Referenced Tokens (E): Tokens that purport to maintain a stable value by referencing one or several assets.

Meme coins (A) and privacy coins (C) are not separately classified under MICA but may fall under broader cryptoasset categories subject to other regulations.

Proof of Work (PoW) consensus achieves network consensus by requiring participants (miners) to solve complex cryptographic puzzles, which verifies transactions and secures the blockchain. This computational work makes it difficult and costly to alter the blockchain.

Dependency on electricity (A) is a criticism rather than an advantage. PoW promotes decentralization rather than centralization (B). It provides strong security for large networks rather than small ones (D).

This principle is fundamental in Bitcoin and many other cryptocurrencies and is frequently referenced in AML/CFT guidance to understand the transaction validation process and network security.

Upon identifying customer engagement with unhosted wallets or P2P transfers, the first step a VASP should take is tocollect and assess dataon such transactions. This assessment helps determine if these activities fall within the firm's risk appetite and what enhanced controls or actions may be needed.

Immediate account freezing (B) is not the first step without assessment; neither is allowing transfers (A) without risk consideration. Enhancing risk frameworks (D) is important but follows from an initial data-driven risk assessment.

Relevant guidance:

FATF Recommendations and DFSA AML Module require VASPs to maintain a risk-based approach that begins with data collection and risk assessment on unhosted wallet transactions.

The DFSA’s 2023 Dear MLRO letters and thematic reviews stress proportionality and evidence-based responses rather than immediate punitive measures.

Enhanced due diligence (EDD) and risk mitigation measures, including potentially freezing accounts, come after assessment of the risk level【AML/VER25/05-24: Sections 4.1, 6.4, 13; 20230406Dear_MLRO_Letter_re_IEMS.pdf】.

Hence,Cis the appropriate first action.

Money laundering risk increases if the business operates in or near high-risk jurisdictions (D) or regions associated with narcotics production (C), as these are common sources of illicit funds.

An increase in volume and users (A) or supporting various cryptoassets (B) alone does not necessarily increase ML risk. Recent licensing (E) may indicate regulatory compliance, potentially lowering risk.

Monero is a privacy-focused blockchain designed with built-in features like ring signatures, stealth addresses, and confidential transactions to obfuscate sender, receiver, and transaction amounts, making tracing difficult.

Cardano, Polygon, and Ethereum are not designed primarily with these privacy features and have publicly traceable ledgers, although privacy solutions may be layered on.

Mining generates new cryptoassets (A) by rewarding miners for solving complex cryptographic puzzles. It also validates transactions on the blockchain (D) by confirming and recording them in blocks, ensuring the integrity of the ledger.

While mining indirectly contributes to network security, the core security mechanisms involve consensus protocols beyond mining alone (B). Optimizing network functionality (C) is usually a development task rather than a mining function.

To effectively mitigate money laundering risks in the virtual asset sector, countries must ensure that Virtual Asset Service Providers (VASPs) are subject to AML regulations (B), which provide the legal framework for risk-based customer due diligence and reporting suspicious activities. Additionally, VASPs must maintain effective monitoring systems (C) that enable the detection and reporting of suspicious transactions.

While connection to regulated financial institutions (A) and beneficial ownership evaluation (E) are important components of AML frameworks, the foundational requirements per FATF and DFSA guidance focus on regulatory oversight and operational controls.

Jurisdictional regulatory expectations (D) influence enforcement but do not replace the need for direct AML regulatory application on VASPs.

The most critical information enabling FIUs to address anonymity risks is data linking a virtual address to the real-world identity of its owner. Without this association, blockchain addresses remain pseudonymous, hindering effective AML efforts.

While transaction timing (A), identity of receiver (B), and transaction-to-address mapping (C) are useful, ownership linkage (D) is essential to break anonymity.

FATF and DFSA guidance prioritize obtaining ownership information through KYC and intelligence sharing.

Hash immutability means that altering any transaction would require changing all subsequent blocks and achieving majority consensus. This security property underpins blockchain integrity and forensic traceability, crucial in AML investigations.

EDD and internal review determine whether the activity is suspicious before regulatory reporting or freezing actions.