Assignment Overview

Purpose: This simulation provides students with hands-on experience making real-world compliance decisions in the cryptocurrency industry. Unlike theoretical exam questions, students must grapple with incomplete information, regulatory gray areas, and the tension between innovation and compliance.

Duration: 60 minutes in-class + 10-minute presentations

Format: Individual or pairs (pairs recommended for richer discussion)

Key Pedagogical Goal: Develop judgment and risk-based decision-making skills, not just memorization of regulations.

Core Learning Objectives

By completing this assignment, students will:

  1. Apply theoretical regulatory knowledge (MiCA, FATF, OFAC) to ambiguous real-world scenarios
  2. Develop risk-based compliance thinking (not all scenarios have "right" answers)
  3. Practice articulating regulatory reasoning with specific citations
  4. Experience the practical challenges compliance officers face daily
  5. Recognize regulatory gaps and gray areas in crypto regulation
  6. Balance competing priorities: legal compliance, business viability, and innovation

Pre-Class Preparation

Recommended Pre-Reading (Assign 1 week before):

  • MiCA Regulation overview (Articles 3, 59-74 on CASPs)
  • FATF Recommendation 16 (Travel Rule) and updated guidance on VASPs
  • FATF red flag indicators for money laundering
  • Your jurisdiction's specific AML regulations

Alternatively, if this follows a regulatory lecture, students should have sufficient background.

Suggested Class Timeline (90-minute session)

Time Activity Description
0-5 min Introduction Explain assignment goals, scenario context (you are Chief Compliance Officer), and expectations
5-10 min Regulatory Review Brief review of key regulations (MiCA, FATF, OFAC) and thresholds. Direct students to regulatory guide.
10-55 min Scenario Work Students work through 5 required scenarios, completing decision worksheets. Instructor circulates to answer clarifying questions.
55-60 min Reflection Prep Students prepare 10-minute presentations addressing the three reflection questions
60-90 min Presentations Select 3-4 students/groups to present (10 min each). Facilitate class discussion after each.

If time is limited, presentations can be moved to the next class session or submitted as written reflections.

Discussion Prompts & Gray Areas

Scenario 1: Large Cash Deposit with KYC Resistance

Discussion Prompts
  • Privacy vs. Compliance: "The customer says 'crypto is supposed to be anonymous.' How do you respond to this common misconception?"
  • Bright line rules: "Is there ANY circumstance where you could onboard this customer without full KYC?"
  • Risk tolerance: "What if this customer offered to deposit €500,000 instead of €50,000 - would that change your decision?"
Gray Area to Highlight

Cash-intensive businesses: Restaurants, bars, and cash businesses are high-risk but not automatically illicit. Discuss how to distinguish legitimate cash businesses from money laundering fronts. What documentation would satisfy you?

Teaching point: AML is risk-based, not rules-based. High risk ≠ automatic rejection, but requires enhanced scrutiny.

Scenario 2: Withdrawal to Sanctioned Jurisdiction

Discussion Prompts
  • Sanctions severity: "How do sanctions violations differ from other compliance failures in terms of consequences?"
  • Blockchain transparency paradox: "Does blockchain's transparency make sanctions compliance easier or harder?"
  • Dubai relocation: "Many Iranian nationals genuinely live in Dubai. How can exchanges serve this legitimate population without sanctions risk?"
  • US vs. EU sanctions: "EU Iran sanctions are slightly less strict than US OFAC sanctions. As an exchange operating in both jurisdictions, which standard do you follow?"
Gray Area to Highlight

Secondary sanctions risk: Even if the direct transaction doesn't violate sanctions, your exchange's US banking partners may terminate your accounts if you process high-risk Iran-linked transactions. This "compliance by banking pressure" is not written in regulations but is a practical reality.

Teaching point: Compliance isn't just about regulatory text - it's about banking relationships, reputational risk, and commercial viability.

Common Student Mistake: Students may say "flag for review and investigate further." Emphasize that sanctions compliance is binary - you either have clearance or you don't. There's no "enhanced due diligence" that makes a sanctioned transaction acceptable. The default must be REJECT unless you have definitive legal clearance.

Scenario 3: Suspicious Transaction Pattern

Discussion Prompts
  • Pattern recognition: "What is the 'layering' stage of money laundering? How does this scenario match that pattern?"
  • False positives: "Automated AML systems generate many false positives. How do you balance catching real criminals vs. not harassing legitimate customers?"
  • Burden of proof: "Should the customer have to prove legitimacy, or should you have to prove suspicion before freezing funds?"
  • Mule accounts: "What if the customer's account was compromised and they're unknowingly being used as a mule? How does that affect your compliance obligations?"
Gray Area to Highlight

Legitimate freelance growth: The gig economy and freelance work have unpredictable income patterns. A designer landing three big projects at once is plausible. Discuss: How much documentation is "enough" to verify this? At what point does requesting extensive documentation become customer harassment?

Teaching point: Risk-based compliance requires judgment. This scenario has no perfect answer - it depends on the quality of documentation provided.

Facilitation Tip: Poll the class on their decisions. If there's a split (some approve, some flag, some reject), have representatives from each group defend their reasoning. This demonstrates that experienced compliance professionals can disagree.

Scenario 4: High-Value NFT Sale

Discussion Prompts
  • NFTs and money laundering: "Why are NFTs particularly vulnerable to money laundering? What makes them different from fungible crypto?"
  • Art market precedent: "Traditional art markets (paintings, sculptures) have long been used for money laundering. What lessons can we learn?"
  • Value validation: "How do you determine if €2M is a 'legitimate' price for digital art? Is there such a thing as an objective NFT valuation?"
  • MiCA's limited NFT coverage: "Why did MiCA largely exclude NFTs from regulation? Is this a gap that should be closed?"
  • Artist protection: "If this is money laundering, the artist may be an innocent victim. What responsibility does your exchange have to protect them?"
Gray Area to Highlight

Anonymous art collectors: In traditional art markets, anonymous buyers paying millions for art is normal and legitimate (privacy, security concerns for wealthy collectors). But in AML context, anonymity is a red flag. How do we balance art market norms with financial crime prevention?

Fresh wallets: Creating a new wallet for a specific high-value purchase could be legitimate security practice (cold storage, limiting exposure) OR could be money laundering structuring. Context matters.

Teaching point: Cultural norms vary across industries. Compliance officers must understand the legitimate business practices of the sectors they regulate.

Scenario 5: DAO Treasury Management

Discussion Prompts
  • Legal entity requirement: "Why do regulators insist on legal entities? What problem are they trying to solve?"
  • Beneficial ownership: "In a DAO with 3,847 token holders, who is the 'beneficial owner'? Does the concept even apply?"
  • Innovation vs. compliance: "DAOs are genuinely innovative organizational structures. If regulations make them impossible to use, is that regulatory failure?"
  • Jurisdictional arbitrage: "Should this DAO incorporate in a crypto-friendly jurisdiction (Wyoming, Switzerland) just to satisfy compliance requirements? Is that the 'right' solution?"
  • On-chain transparency: "The DAO argues they have 'full transparency' because everything is on-chain. Is blockchain transparency a substitute for traditional KYC?"
Gray Area to Highlight

Regulatory gap: Neither MiCA nor US regulations clearly address how to handle DAOs. This is a genuine gap where regulators haven't caught up to innovation. Discuss: What SHOULD the regulation be? How can we allow DAOs to access financial services while maintaining AML protections?

Multi-sig as compromise: Some exchanges treat multi-sig signers as "joint account holders" and KYC all signers. Is this adequate? It's pragmatic but doesn't address the 3,847 token holders who have governance power.

Teaching point: Regulators often lag behind innovation. Compliance officers must make judgment calls in areas where regulations are silent or unclear. Document your reasoning and be prepared to defend it.

Common Student Questions & Suggested Responses

Anticipated Questions

Q: "What if I make the wrong decision and approve a money laundering transaction?"

A: This is the compliance officer's daily anxiety. The key is: (1) Follow a documented risk-based process, (2) Request appropriate due diligence, (3) Document your reasoning thoroughly. If you follow proper process and a sophisticated criminal still gets through, you have a defensible position. Regulators punish negligence and willful blindness, not reasonable errors in judgment.

Q: "These scenarios are all high-risk. In real life, most transactions are normal, right?"

A: Correct! 95%+ of transactions are straightforward and low-risk. This assignment focuses on the difficult 5% that require judgment. But compliance officers must be prepared for these edge cases because they carry disproportionate risk.

Q: "Can I call the customer and ask them to explain?"

A: Yes! Customer outreach is standard practice. But be careful: once you file a SAR (Suspicious Activity Report), you CANNOT tell the customer ("tipping off" is a crime). For non-SAR cases, asking for clarification is appropriate.

Q: "What if I REJECT a legitimate customer and they take their business to a competitor?"

A: This is the business cost of compliance. Sometimes you will lose legitimate customers due to conservative risk policies. This is preferable to facing license revocation, criminal liability, or reputational destruction from facilitating money laundering. The question is: where do you draw the line?

Q: "Why isn't there a clear regulation that says exactly what to do in each scenario?"

A: Regulations intentionally use risk-based principles rather than hard rules because criminals constantly adapt. If regulations specified "X, Y, Z are suspicious," criminals would simply do A, B, C instead. Risk-based compliance requires professional judgment - which is why Chief Compliance Officers earn high salaries!

Extension Activities (If Time Permits)

Optional Extensions

  1. Compliance policy writing: Have students draft a 1-page "KYC Policy" for CryptoSecure Exchange based on their scenario decisions
  2. Regulator perspective: Role-play as MiCA regulators auditing the exchange - what would they scrutinize?
  3. Debate: "Resolved: Crypto regulation is too strict and stifles innovation" - assign pro/con sides
  4. Real-world case studies: Analyze actual enforcement actions (Binance $4.3B settlement, FTX, BitMEX) and compare to these scenarios
  5. International comparison: Compare MiCA (EU) vs. Singapore's regulatory approach vs. US fragmented system

Assessment Guidance

Key Grading Principle: There are often no "right" answers in compliance - only well-reasoned or poorly-reasoned answers. Grade based on:
  • Accuracy of regulatory citations
  • Quality of reasoning
  • Demonstration of risk-based thinking
  • Acknowledgment of gray areas and trade-offs

Do NOT deduct points simply because a student's decision differs from the model answer, as long as their reasoning is sound.

Red Flags for Low Grades:
  • Inaccurate regulatory citations or fundamental misunderstanding of regulations
  • Binary thinking without acknowledging nuance ("approve because customer seems honest")
  • Failure to request appropriate additional information
  • Ignoring major red flags (e.g., approving Scenario 2 sanctions transaction without any concern)
  • Circular reasoning ("risky because suspicious" without explaining why suspicious)

Learning Outcomes Assessment

After completing this assignment, successful students should be able to:

  • ✓ Cite specific MiCA articles, FATF recommendations, and OFAC sanctions rules
  • ✓ Identify AML red flags (structuring, layering, rapid in-and-out patterns, fresh wallets)
  • ✓ Apply thresholds correctly (€1,000 Travel Rule, €10k+ enhanced DD, etc.)
  • ✓ Articulate the difference between risk-based and rules-based compliance
  • ✓ Recognize when regulations provide incomplete guidance and make reasoned judgment calls
  • ✓ Balance competing interests: compliance, business viability, customer experience, innovation
  • ✓ Communicate compliance reasoning clearly to non-technical stakeholders

Additional Resources for Students

Suggested further reading:

  • FATF Guidance on Virtual Assets and VASPs (2021 update)
  • MiCA: Regulation (EU) 2023/1114 (full text)
  • US Treasury - National Money Laundering Risk Assessment (crypto section)
  • Chainalysis Crypto Crime Report (annual)
  • CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report
  • OFAC Sanctions List (SDN - Specially Designated Nationals)

© Joerg Osterrieder 2025-2026. All rights reserved.