VC Compliance: Anti-Money Laundering

Jay Postma, CAMSPresident

MSB Compliance Inc.

Culture of Compliance

BEGIN with FinCEN’s “Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance”, FIN-2014-A007.

“Based on the enforcement cases I have seen time and time again, both during my time as a prosecutor at the U.S. Department of Justice and now as Director of FinCEN, I can say without a doubt that a strong culture of compliance could have made all the difference. If I were to find myself responsible for BSA/AML compliance within any financial institution, my first order of business would be to pay attention to these core, fundamental concepts. Because once you have a strong culture in place, including the support of your institution’s leadership, you have a firm foundation on which to build an effective program.”

Jennifer Shasky Calvery, Director, FinCEN

FIBA, Anti-Money Laundering Conference

February 20, 2014

6 Ways to Strengthen Your Program

A financial institution can strengthen its BSA/AML compliance program by ensuring:

1. Engaged Leadership“its leadership actively supports and understands compliance efforts”

2. Compliance not compromised“efforts to manage and mitigate BSA/AML deficiencies and risks are not compromised by revenue interests”

3. Lines of Communication“relevant information from the various departments within the organization is shared with compliance staff to further BSA/AML efforts”

4. Human and Technological Resources“the institution devotes adequate resources to its compliance function”

5. Competent Independent Testing“the compliance program is effective by, among other things, ensuring that it is tested by an independent and competent party”

6. Purpose“its leadership and staff understand the purpose of its BSA/AML efforts and how its reporting is used”

Compliance - Defined

Fulfillment (n)

ObservanceConformityDisobedience (antonym)

Obedience (n)

AcquiescenceAgreementFalling in lineSubmissionResistance (antonym)

Compliance is: Doing it right the first time...Adhering to internal policies and procedures… Maintaining a standard that is in accordance with laws and regulations

The “4 Pillars”I. Development of Internal Policies,

Procedures and ControlsRisk focused policies

Procedures for each area or function

Controls to Ensure Compliance

Monitoring and Reporting Systems

II. Designation of Compliance OfficerSufficient time, resources and authority

III. Training ProgramContent based on current procedures and systems

Relevant to specific audience position and responsibilities

Documentation

IV. Independent TestingSufficient scope and testing

Reporting to the Board of Directors

Timely action to address any concerns or weaknesses

FIN-2013-G001

• Application of FinCEN’s Regulations to Persons Administering, Exchanging, or Using Virtual Currencies

• Interpretive Guidance of existing statutes and regulations

• not a new “rule-making”

• Issued under existing authority

• No prior request for public comments

• knowledge of virtual currency models uncertain

• issued in vacuum without benefit of industry participation

• errors, omissions, ambiguities remain to be settled

• Identifies which parties involved in virtual currency are MSBs

• Identifies which of various MSB categories apply (money transmitter)

FinCEN’s New Definitions

• “Real currency” - the coin and paper money of the United States or of any other country that [i] is designated as legal tender and that [ii] circulates and [iii] is customarily used and accepted as a medium of exchange in the country of issuance.

• “Virtual currency” - a medium of exchange that operates like currency in some environments, but does not have all the attributes of real currency. In particular, virtual currency does not have legal tender status in any jurisdiction.

• “Convertible virtual currency” - a type of virtual currency that either has an equivalent value in real currency, or acts as a substitute for real currency.

More FinCEN Definitions

• “User” - A user is a person that obtains virtual currency to purchase goods or services.

• “Exchanger” - An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency.

• “Administrator” - A person engaged as a business in issuing a virtual currency and who has authority to redeem such virtual currency, i.e. release and withdraw from circulation.

• “Centralized virtual currency” - A convertible virtual currency having a centralized repository.

• “Decentralized virtual currency” - A convertible virtual currency (1) that has no central repository and no single administrator, and (2) that persons may obtain by their own computing or manufacturing effort.

“Users” of Virtual Currencies

• If virtual currency is used to purchase real or virtual goods or services, the User is not an MSB or money transmitter.

• Method of obtaining not material

• may be via purchase, mining, manufacturing, earning, etc.

• What one does with the virtual currency matters

• spending - not MSB

• selling / exchanging for “real” currency…

• if “mined” -

• may be money transmittal if selling to others

• probably not if exchanged via registered Exchange

• if exchanged at a registered Exchange, probably not

Administrators / Exchangers ofDe-centralized Virtual Currency

• A person that creates units of convertible VC and sells those units to another person for real currency or its equivalent is engaged in transmission to another location and is a money transmitter.

• A person is an exchanger and a money transmitter if the person accepts such de-centralized convertible virtual currency from one person and transmits it to another person as part of the acceptance and transfer of currency, funds, or other value that substitutes for currency.

Requirements for Exchangers / Administrators

• FinCEN registration as a “money transmitter”

• Agent list, if applicable

• State Licensure, where so required

• “4 pillars” - Policies, Procedures, Controls

• risk-based BSA/AML/OFAC program reasonably designed to protect, prevent, detect and report potential abuse for money laundering and/or terrorist financing.

• BSA recordkeeping, as applicable…

• CTRs, SARs, CMIRs, FBAR, MIL

• Record of Funds Transfers of $3,000 or more (Travel Rule)

• Customer Identification and Due Diligence

• OFAC

BSA Officer and Compliance Staff

• Knowledge, Experience and Understanding• Authority• Staffing and Resources

• direct and indirect• Budget• Provides for Program Continuity?

Risk Based Compliance Program

• Risks clearly understood driving tailored program?• including unique VC AML risks?• including unique VC OFAC risks?

• Do you know enough not to leave major gaps open?

• Sufficient data gathering and analysis for AML and anti-fraud

• Reasonable transaction limits and thresholds?• Information Sharing• Regulator and Law Enforcement issues

Customer Identification

• Recognize different requirements and expectations for individuals versus businesses

• Collection of identifying information and reasonable verification

• Collection / Use of additional data• IP addresses• Device IDs• Phone number(s)• Social networks

Customer Due Diligence• Individual

• Expected activity; purpose?• Purchase/Sale amounts, frequency• Source/Destination of funds (USD and BTC)

• Business• What type? EDD?• Expected activity; purpose?• Purchase/Sale amounts, frequency• Source/Destination of funds (USD and BTC)

Transaction Monitoring

• Source and Use of funds• Fiat / BTC in and out

• effective use of the blockchain• Identify, analyze and monitor relationships

• address, phone number, IP address, social• Monitor Internet for BTC addresses that may be

associated with suspicious activity• Blacklist

Suspicious Activity Reports

• Effective monitoring• Prompt, accurate reporting• Strong relationships with law enforcement• Processes to close accounts• Processes to allow relationships to remain

open when requested by law enforcement• while appropriately mitigating your risk

Additional Areas

• FBAR• 314(b)• OFAC• Digital Asset Security Program• Disaster Recovery Program• Access Controls and Information Security

Training• Board, Executives and Employees

• Culture of Compliance• “4 Pillars”• Red Flags unique to business model• sufficient depth, tailored to operations

• Special training needed for accounting and outside financial auditors

• Materials for regulators and bank partners…

Independent Review

• Party knowledgeable in BTC, Virtual Currencies• Sufficient depth and testing• Frequency

• more often likely necessary early on

Surety Bonding

• Already MT licensed and bonded?• Don’t begin VC activities without discussing first

• VC an area of concern• Enhanced Underwriting• 3rd Party Review

• BSA/AML/OFAC• Digital Asset Security

Where can I learn more?• Bitcoin.org

• BitcoinFoundation.org

• en.bitcoi.it/wiki/Main_Page

• Blockchain.info

• WeUseCoins.com

• CoinDesk.com

• BitcoinMagazine.com

• LetsTalkBitcoin.com

• BitcoinCharts.com

• KhanAcademy.org

• Udemy.com

Questions?Jay Postma, CAMSPresidentMSB Compliance Inc.Jay.Postma@MSBComplianceInc.com(678) 389-9068

www.LinkedIn.com/in/jaypostmawww.MSBComplianceInc.comwww.Twitter.com/MSBCompliance

Weekly newsletter: paper.MSBComplianceInc.com