Sample AML Compliance Program for Virtual Currency Money Services Business
(THIS IS NOT LEGAL ADVICE)
A virtual currency Money Service Business “MSB” Compliance Program should include, at a minimum, the below areas. Areas should be built out with further sub-components and their controls. Categories should be risk ranked and linked to applicable regulation(s) and controls identified and tested. Testing results and corrective actions should be retained and implemented in a reasonable time frame.
1. AML Compliance Program
- Written risk assessment of the financial products and services offered to customers including information on which type blockchain technology has been used.
- Written Anti-Money Laundering “AML” program tailored to business specific risk assessment including KYC/CIP procedures.
- Types of customers including geographic analysis of customers, value Limits and usage limits.
- Suspicious activity reporting procedures.
- Designated Bank Secrecy Act “BSA” AML Officer. The AML program should provide details on the responsibilities of BSA Officer and supporting staff including responsibility for preparing BSA reports and transactions.
- AML training information should be documented including the dates of training and log of employees who attended.
- OFAC Program: Written policies and procedures for filtering transactions for possible OFAC violations and the process for rejecting/blocking access and reporting.
- Red Flags Program
- Procedure for responding to law enforcement requests (subpoenas and levies)
- Currency Transaction Reporting- report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000.
- Documentation of Types of Transactional Testing and Analysis. For example:
- Fund Flow Analysis
- Anomaly Detection
- One Class SVM Support Vector Machines
- Graph-Based Pattern Recognition
- Deep Learning
2. Regulatory/Legal Filings
- State MSB Filings
- SEC Security Analysis
- Utility Token or Security Token reasoning per Howey Test.
- MSB registration information
- IRS regulations
- Customer agreement disclosures review and updates
- Agent list
- International filings
- Whitepaper and other disclosure documentation review and updates
- Address the volatility of the market
- Unique nature of the regulatory landscape and the uncertainty of the investment
3. Intermediaries, Vendor, Merchant Oversight
- Exchange Registrations trackin and oversight
- Comprehensive due diligence and onboarding procedures for vendors and intermediaries
- Banks used by MSB
4. Internal Controls
Each of the following areas should have a corresponding compliance bulletin or if not, a reason documented as to why this risk area does not apply to your MSB
- Separation of powers
- Record retention
- Business continuity
- Information security
- Documentation on firm organizational structure
- Operational procedures
- Fee structure documentation
- Correspondence record retention and responses
- Threatened, pending and settled litigation or arbitration involving firm or material employee(s).
- Actions that were taken against employees.
- Remote office working oversight.
- Controls of employee access to physical locations containing customer information.
- Marketing and Advertising
- Social media policy
- Performance policy
5. Best Practices
- Code of Ethics
- Industry Associations
6. Risk-Based Compliance Testing
- Annual testing at a minimumvi