Sample AML Compliance Program for Virtual Currency Money Services Business


A virtual currency Money Service Business “MSB” Compliance Program should include, at a minimum, the below areas. Areas should be built out with further sub-components and their controls. Categories should be risk ranked and linked to applicable regulation(s) and controls identified and tested. Testing results and corrective actions should be retained and implemented in a reasonable time frame.

1. AML Compliance Program
  • Written risk assessment of the financial products and services offered to customers including information on which type blockchain technology has been used.
  • Written Anti-Money Laundering “AML” program tailored to business specific risk assessment including KYC/CIP procedures.
  • Types of customers including geographic analysis of customers, value Limits and usage limits.
  • Suspicious activity reporting procedures.
  • Designated Bank Secrecy Act “BSA” AML Officer. The AML program should provide details on the responsibilities of BSA Officer and supporting staff including responsibility for preparing BSA reports and transactions.
  • AML training information should be documented including the dates of training and log of employees who attended.
  • OFAC Program: Written policies and procedures for filtering transactions for possible OFAC violations and the process for rejecting/blocking access and reporting.
  •  Red Flags Program
  • Procedure for responding to law enforcement requests (subpoenas and levies)
  • Currency Transaction Reporting- report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000.
  • Documentation of Types of Transactional Testing and Analysis. For example:
    • Fund Flow Analysis
    • Anomaly Detection
    • One Class SVM Support Vector Machines
    • Graph-Based Pattern Recognition
    • Deep Learning                                         
2. Regulatory/Legal Filings
  • State MSB Filings
    • Initials
    • Renewals
    • Amendments
    • Terminations
  • SEC Security Analysis
  • Utility Token or Security Token reasoning per Howey Test.
  • FinCEN
  • MSB registration information
  • IRS regulations
  • Customer agreement disclosures review and updates
  • Agent list
  • International filings
  • Whitepaper and other disclosure documentation review and updates
    • Address the volatility of the market
    • Unique nature of the regulatory landscape and the uncertainty of the investment
3. Intermediaries, Vendor, Merchant Oversight
    • Exchange Registrations trackin and oversight
    • Comprehensive due diligence and onboarding procedures for vendors and intermediaries
    • Banks used by MSB
4. Internal Controls

Each of the following areas should have a corresponding compliance bulletin or if not, a reason documented as to why this risk area does not apply to your MSB

  • Separation of powers
  • Record retention
  • Business continuity
  • Information security
  • Documentation on firm organizational structure
  • Operational procedures
  • Fee structure documentation
  • Privacy
  • Correspondence record retention and responses
  • Threatened, pending and settled litigation or arbitration involving firm or material employee(s).
  • Actions that were taken against employees.
  • Remote office working oversight.
  • Controls of employee access to physical locations containing customer information.
  • Marketing and Advertising
    • Social media policy
    • Performance policy
5. Best Practices
  • Code of Ethics
  • Whistleblower
  • Training
  • Industry Associations
6. Risk-Based Compliance Testing
  • Annual testing at a minimumvi

Leave a Comment

Your email address will not be published. Required fields are marked *