When a regulator knocks - Managing Virtual Currency and Financial Crime Risk in the Regulated Sector
At Coinfirm’s latest Blockchain event, regulatory and financial crime compliance expert Lee Byrne and Coinfirm CEO Pawel Kuskowski shared their view and experience on what steps firms needs to take to manage your business and protect yourself in the virtual and cryptocurrency space in the regulated sector.
Below our CEO lays out some important takeaways for any business operating in the blockchain asset/cryptocurrency space.
From the Financial Action Task Force (“FATF”) FinTech and RegTech Forum’ (2017)
FATF is the foremost inter-government regulatory standards setter for financial crime and anti-money laundering. The FATF forum discussed the significant trends and developments of FinTech and RegTech and how the financial services landscape could look like in the near future, including peer-to-peer transfers, crowd-funding, distributed ledger-technology or blockchain-based services, analytical tools, KYC utilities, and digital identity.
One of the key take-aways from the conference was agreement on the defining aims and objectives for those present. Termed the ‘The San Jose Principles’, these are:
Fight terrorism financing and money laundering as a common goal
Encourage public and private sector engagement
Pursue positive and responsible innovation
Set clear regulatory expectations and smart regulation that addresses risks and allows for innovation
Fair and consistent regulation
Typically, legislation defines virtual currency “as a digital representation of value that is used as a medium of exchange, unit of account, or store of value; and is not treated legal tender, whether or not denominated in legal tender". However, there are some obvious concerns and limitations to this statement, as said definitions don’t therefore appear to cover software protocols, affinity reward programs, and the tokens of online games. Some of which you might expect raise some financial crime opportunities.
What is more certain is that every business that accepts, deals in, or stores virtual currency does appear to be covered by this definition and consequently by these regulations.
Those firms that are covered by the legislation are required to have in place a framework of systems and controls that for example includes keeping records of transactions performed by clients and executed through your businesses for more than five years. On top of that, there is a requirement for obtaining client identification and verification records, also known as Know Your Customer or Customer Due Diligence, in certain circumstances, such as:
When establishing a business relationship;
When carrying out a transaction that is part of a transaction amounting to 10 000 EURO or more, whether the transaction is carried out in a single operation or in several operations linked to one;
When there are suspicions of money laundering or terrorist financing, regardless of any derogation, exemption or threshold;
When there are doubts about the veracity or adequacy of previously obtained Client identification data; and
Meeting these requirements is not just a legal concern and responsibility, it is also necessary if the industry is going to play an active part in countering the threat of financial crime and the financing of terrorism. There is of course a very real need to be able to demonstrate to a regulator who comes knocking on your door, just how you taking steps to ensure that you and the firm are not supporting crime and terrorism.
Some of the best practices that were shared and discussed by Pawel and Lee Byrne at the Coinfirm’s event include:
Regulatory Methodology
Preparing a pre-visit regulatory compliance information pack including details of:
Organization structure
Corporate ownership structures
Extracts from relevant AML policies
Internal and external audit reports
Notes from Committee meetings
List of employees
Risk assessment activity and outcomes
High risk account holders including Politically Exposed Persons
Details of accounts closed due to crime risk concerns
Suspicious activity reports
Details of funds seized by the authorities
Recent money laundering compliance reports to senior management
During the visit - be prepared to explain your systems and controls including:
An outline and explanation of the roles & responsibilities in individual job descriptions. These are important
How senior manager demonstrates a positive ‘tone from the top’,
Details of the Financial Crime Risk Assessment detailing how firms manage crime threats
How the firm is adopting a Risk Based Approach to managing crime and terrorism threats,
Details of the controls that are being applied to help to manage and mitigate the threats identified,
How the firm is conducting client relationship ongoing monitoring to identify unusual activity
Transaction monitoring controls that include compliance with sanction requirements
Suspicious activity reporting – timeliness, trends, respons and outcomes
Training and awareness for staff, including senior management
Quality assurance, testing and audit procedures to monitor the effectiveness of a firms framework of controls
Management information, to help inform the business on crime trends including MLRO
Reports to the board,
Record keeping arrangements, including record retention and recovery, and how these are performed in full compliance with data protection laws and regulations
WATCH When a regulator knocks AT WARSAW BLOCK
In summary, and wishing to keep it simple!
Be organized - Clear statement of roles, responsibilities and accountabilities and documented tailored policies and procedures
Know your risks and customers – Have a documented financial crime risk assessment and map this to your customer relationship management
Never forget that this is about the fight against crime and terrorism – have clear, timely and documented reporting procedures
Procedures must be documented and up to date
Don’t rely exclusively on a third party – you cannot delegate your responsibilities
A firm that does not report is either very fortunate or is ‘asleep at the wheel’!
A final thought for you is that ‘Good compliance is good business’. Making money whilst meeting the challenge of new regulatory requirements should not be viewed as an administrative headache, but the key to ensuring that a business is run efficiently and is sufficiently robust that the criminals and terrorist financiers are dissuaded from using you. Nothing is more important that maintaining a healthy.
Written by Coinfirm Co Founder and CEO Pawel Kuskowski
Be sure to check out the exiting launch of the first virtual currency certified compliance training course coming soon!