BSA/AML Compliance For Crypto Lenders: Here’s How To Be Compliant

May 13, 2019
Share the news!

Crypto lenders qualify as financial institutions and must adhere to the same compliance regulations as Bitcoin ATMs and crypto exchanges.

Unlike ATM operators, crypto lenders are not money transmitters. However, the same compliance standards related to the Bank Secrecy Act (BSA) and anti-money laundering (AML) apply.

As part of our compliance basics mini-series for cryptocurrency entrepreneurs, today, we’re focusing on what crypto lenders need to do to be compliant with applicable regulations.

Basic Compliance Requirements For Crypto Lending Institutions

Crypto Lenders

A crypto lender is considered a “loan or finance company,” which means it’s a money services business (MSB) subject to all of the laws and regulations that other MSBs are required to follow.

To help law enforcement agencies combat money-laundering and terrorist financing, the BSA mandates that all MSBs must have a solid BSA/AML program in place that reduces risk by detecting and preventing suspicious behaviors.

Your BSA/AML program is required under the BSA to address five pillars:

  1. A designated BSA Compliance Officer
  2. Internal controls specific to your crypto lending business model
  3. AML training
  4. Independent testing of your BSA/AML program
  5. Customer due diligence (CDD)

If your BSA/AML program is missing any of the five pillars or doesn’t adequately address each pillar, then you and your business could get into expensive legal trouble. The fines and penalties for non-compliance can be quite large and may even include jail time.

In addition, both federal and state rules and requirements must be weaved into your compliance program, and state rules vary from one state to another. Things can get confusing quickly.

Bottom-line, give your BSA/AML program the attention it needs to ensure it’s comprehensive. Make sure it adequately addresses all five pillars in your program, and if you need help, reach out to cryptocompliance experts like the team at BitAML.

A Designated Compliance Officer

Your BSA/AML program must be led by a BSA/AML Compliance Officer. This person must be experienced with cryptocurrency risk and highly knowledgeable on the rules and regulations of the BSA and AML.

Your BSA/AML Compliance Officer will work with your Board of Directors to understand the compliance requirements for a crypto lending business and will create a compliance program with policies, procedures, and processes that employees must follow.

The BSA/AML Compliance Officer is responsible for not just creating the compliance program but also for implementing it, which includes training employees, monitoring risk, choosing tools, and holding everyone working for your crypto lending business accountable for following all compliance rules.

Internal Controls Specific To Your Crypto Lending Business Model

Internal controls refers to all of the policies, procedures, and processes that make up your BSA/AML compliance program. Every cryptocurrency business is different, so your internal controls should be unique to your crypto lending business.

Developing effective internal controls requires understanding how the geographic locations of your customers, your products and services, and the types of customers and entities that you work with affect your risk.

Next, your BSA/AML Compliance Officer leads the effort to create policies, procedures, and processes that mitigate your business risks while meeting all BSA requirements related to reporting suspicious activities, updating the risk profile, conducting CDD, training employees, and monitoring employee performance.

AML Training

Effective, ongoing training is the backbone of a good BSA/AML program that keeps you, your employees, your customers, and your business up to date on regulations as they change (which in crypto, happens frequently and unpredictably).

It’s your BSA/AML Compliance Officer’s responsibility to develop and carry out employee training, so they fully understand BSA and AML regulations as well as how those regulations directly affect them and their jobs.

Every employee should be trained annually at a minimum, so they’re always aware of current compliance rules and the internal controls policies, procedures, and processes that they’re required to follow.

Independent Testing Of Your BSA/AML Program

Your BSA/AML program must be tested on an annual basis at a minimum. Schedule this independent testing with a third party that is highly experienced in reviewing crypto lender compliance programs, so you can be confident that the recommendations you receive cover everything.

BitAML performs independent testing of BSA/AML programs for crypto lenders with a goal to ensure the programs are comprehensive and adequately protect the business and customers by meeting or exceeding all regulatory requirements.

Independent testing might sound scary, but if it’s done well, testing actually helps your business by ensuring you have everything in place that you need to be compliant and avoid problems.

Customer Due Diligence

The fifth pillar of a BSA/AML compliance program was added by FinCEN in May 2018 and involved identifying beneficial ownership risks through enhanced due diligence (EDD).

The purpose of adding more customer due diligence requirements is to reduce risks associated with shell companies and anonymous companies. Since crypto lenders often deal with large amounts of money and business entity customers, EDD is very important to your business.

It’s important to point out that crypto lending institutions have unique considerations that affect the development and implementation of CDD. For example, crypto lenders must have a stronger focus on Know Your Customer (KYC) and the risks different customers pose (e.g., high net worth individuals, miners, etc.).

That means crypto lenders must have a depth of knowledge about who their customers are and where their money comes from.

Looking for politically exposed persons (PEPs) and high-risk business activities needs to be included in your due diligence processes. You’ll also need to increase your due diligence with background checks, media research, and more.

Bottom-line, you need to create a more extensive onboarding process for customers, which includes requests for additional information, interviews, and research.

Unlike the walk-up transactions that happen at a kiosk, crypto lending is more of a concierge relationship with back and forth communications.

Key Takeaways For Crypto Lending Institutions

As a crypto lender, you’re required to develop a BSA/AML compliance program that fully addresses all five pillars introduced in this article. These include identifying a BSA/AML Compliance Officer, developing adequate internal controls, creating and conducting ongoing AML training, independent testing of your compliance program, and conducting enhanced customer due diligence.

The team at BitAML has the expertise to help you develop a strong BSA/AML compliance program that addresses all five pillars, so your crypto lending business stays compliant. Schedule a free consultation!


Similiar Blog Post

International Fraud Awareness Week 2023

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Your Crypto Company Needs a Vendor & Partnership Due Diligence Policy

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Does My Web3 Project Need An AML Program?

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...