Specifics of a Risk-Based Approach and GL Score Calculation

What is the concept of a risk-based approach?

The risk-based approach encompasses the steps taken by financial institutions or cryptocurrency companies to identify the most critical compliance risks for their organization. A risk-based approach is a fundamental principle outlined in the Financial Action Task Force (FATF) guidelines regarding virtual assets. This approach aims to ensure that businesses and financial institutions identify, assess, and mitigate the risks associated with money laundering and terrorist financing effectively. By adopting a risk-based approach, the processes for assessment, monitoring, managing, and mitigating risks associated with money laundering and terrorist financing, organizations can enhance their ability to combat illicit activities within the virtual asset space. Let’s dive into and understand why these processes are so important.

Risk Assessment Process

In accordance with the Financial Action Task Force (FATF) guidelines, it is imperative to conduct a comprehensive evaluation of money laundering and terrorist financing (ML/TF) risks associated with cryptocurrency transactions. This assessment should consider various factors, including:

  • The types and origins of virtual assets involved
  • Transaction volumes
  • Customer profiles
  • Geographic locations.

Furthermore, it is essential to identify ML/TF indicators specific to the crypto industry, such as large or excessively frequent transactions, engagement with high-risk jurisdictions like Iran, Democratic People’s Republic of Korea, and Myanmar (listed on the FATF “blacklist”), utilization of anonymity-enhancing technologies (AETs) like mixing services or privacy coins, as well as transactions linked to known criminal entities or sanctioned individuals. The assessment should also encompass the evaluation of risks arising from interactions with third parties.

FATF black and grey list map

FATF black and grey list map

Regulatory compliance program

To adhere to FATF guidelines, it is vital to develop a comprehensive compliance program that delineates policies, procedures, and control measures aimed at mitigating ML/TF risks. This program should encompass internal controls, employee training, independent audits, and the appointment of a designated compliance officer, such as the MLRO, responsible for overseeing the effectiveness of the program.

Customer Due Diligence (CDD)

Establishing robust CDD procedures is a fundamental requirement outlined by FATF. This entails verifying customer identities, evaluating their risk profiles, and gaining an understanding of the nature of their crypto transactions. To achieve regulatory compliance, measures such as Know Your Customer (KYC) checks, enhanced due diligence for high-risk customers, and ongoing monitoring of customer activities must be implemented.

During the onboarding process, it is crucial to conduct comprehensive screenings of customers against Politically Exposed Persons (PEP) and sanctions lists. These lists consolidate regulatory and enhanced due diligence data from major sanctioning bodies worldwide, such as the Office of Foreign Assets Control (OFAC), UN sanctions, EU sanctions, His Majesty’s Treasury, Interpol, and numerous other regulatory and law enforcement organizations. This enables the identification of individuals with potential political influence or involvement in illicit activities.

Transaction Monitoring

A robust system for monitoring and analyzing crypto transactions should be established to detect suspicious activities. Transaction monitoring systems must be capable of identifying potential ML/TF red flags, such as structured transactions, round-trip transactions, unusual transaction volumes, and other suspicious behaviour. Employing behavioural analysis techniques to identify abnormal transaction patterns and deviations from expected behaviour is recommended.

Polter Finance Breach

GL Vision screen with the Polter Finance breach scheme. Attacker used Tornado Cash mixer to launder assets

Ongoing Monitoring and Review

Customer profiles are subject to change over time, necessitating continuous monitoring efforts. Regularly reviewing transactions for signs of criminal activity is crucial. Additionally, anti-fraud alerts should be processed, such as detecting extended logins from restricted countries or multiple users sharing a single wallet (as a pattern of third-party transactions). Furthermore, inconsistencies in a client’s profile, such as a significant deposit despite regular income, should be promptly identified and investigated.

GL alerts
GL alerts

Reporting and Record-Keeping

Compliance with local regulations necessitates the establishment of mechanisms for reporting suspicious transactions to the relevant authorities. Seated compliance officers, such as the Money Laundering Reporting Officer (MLRO), must file Suspicious Activity Reports (SARs) with the appropriate regulator and law enforcement agencies whenever suspicious activity is detected. These reports should be timely, accurate, and contain all the necessary information to facilitate investigations and law enforcement actions. All records and documentation pertaining to customer due diligence, transactions, and risk assessments should be diligently maintained, ensuring ease of access for regulatory inspections.

Global Ledger blockchain analytics tools make it possible to easily apply the FATF standards in the field of risk assessment and transaction monitoring of the risk of base approach to the everyday routine of compliance teams. The toolset serves government agencies, banks, fintech companies, and crypto startups, facilitating their compliance efforts in the realm of anti-money laundering.

What is a GL Score?

It is a number from 0 to 100 showing the degree of risk. Based on this number, the risk rating is determined:

  • Low (green colour): For GL Score from 0 to 29 
  • Medium (yellow): 30–69 
  • High (red): 70–100. 
GL Score

The risk scoring algorithm assigns greater significance to sources that pose higher risks, recognizing their increased importance to the compliance officer.

The GL toolset incorporates a risk flag feature, which assigns a high risk score to sensitive sources such as sanctioned entities, even with minimal contributions. This can help avoid involvement with illicit funds originating from specific addresses. In the future, users will be able to customize their risk tolerance levels in relation to different companies.

How does the GL Score work?

Let’s explore it using a real-life case, for example, 17oHs…tYdAU.

GL Score example

GL Score for address 17oHs…tYdAU

To assess its risk, the algorithm checks:

  • Entity risk
  • Source of funds risks
  • Use of funds risks
  • Address risk.  

To calculate the source of funds and use of funds risks, the system tracks where the funds come from and their destination. It stops when it finds an entity, a smart contract, an unhosted wallet, etc.

If the algorithm doesn’t find any stopping conditions in the current transaction, it moves to previous transactions. The algorithm tracks how many transitions back it makes — this is called depth

1. Entity risk

The entity itself, an online wallet, has a GL Score of 50 (medium risk rating). However, an account holder has a score of 100 because it is under sanctions and connected to terrorist financing.

GL Profile tab in a risk report

2. Source of funds risks 

The address doesn’t have risky sources of funds, including a low-risk exchange and mining. More than 50% of low-risk funds come to 17oHs…tYdAU in direct transactions (highlighted in bright green colour).  

GL Source of Funds tab in a risk report

GL Source of Funds tab in a risk report

3. Use of funds risks

The use of funds shows a different picture. Over 90% of it is of medium risk. However, a small portion is connected to illegal services, such as a darknet marketplace, cybercrime/hack, ransomware, and FinCEN-sanctioned entity. 

Part of the GL Use of Funds tab in a risk report

Part of the GL Use of Funds tab in a risk report

4. Address risks 

The address we are examining is considered high-risk because it is associated with a high-risk account holder, HAMAS Donations, which has a GL Score of 100.

All these risks serve as input for calculating the GL Score of 53. It is considered medium because it falls within the range of 30–69. However, in this particular case, a compliance officer should also pay attention to an account holder who is sanctioned and connected to terrorist financing.  

To sum up


By adopting a risk-based approach, organizations can focus their resources on the areas that pose the highest risk, allowing for a more targeted and efficient approach to combating illicit activities within the virtual asset space. This approach contributes to the overall goal of maintaining the integrity and security of the global financial system in the context of virtual assets. Leveraging the capabilities of the GL toolset, government agencies, banks, fintech companies, and crypto startups can enhance their compliance efforts in money laundering and terrorist financing activities in the crypto space.