How Crypto Businesses Can Build A Culture Of Compliance (And, Importantly, Why They Should)

July 2, 2019
Share the news!

Any financial institution, including a cyptocurrency money services business (MSB) money transmitter, with a poor culture of compliance is likely to have problems with its BSA/AML compliance program.

Don’t just take our word for it. That conclusion comes directly from FinCEN’s 2014 advisory (FIN-2014-A007), which said, “The culture of an organization is critical to its compliance.”

What type of culture is fostered at your cryptocurrency business? Is it one that prioritizes compliance? Does it hold everyone accountable for compliance regardless of their role or level? Does everyone understand what’s expected of them with regard to compliance, and do they know why their actions matter? Have they been trained not just on policies and procedures but on what their reporting and actions are used for by law enforcement agencies and in criminal investigations?

Fin-2014-A007 states, “Understanding and communicating the context and the purpose of FinCEN’s BSA/AML regime is as important to a financial institution’s culture as understanding its underlying requirements, and financial institutions should consider including such information as part of their ongoing training requirement.”

Now, before you start thinking all you have to do to create a culture of compliance is bolster your compliance training, think again.

There is more to developing a culture of compliance than sending employees to another training class.

5 Ways Crypto Businesses Can Build A Culture of Compliance

culture of compliance in crypto - BitAML blog

In Ethics and Compliance Based Leadership Models: Essential to Compliance and Performance, a white paper from the Association of Certified Anti-Money Laundering Specialists (ACAMS), author Arthur C. Taylor, Jr. defines a culture of compliance as a holistic approach made by everyone in the organization to recognize the regulatory obligations of a company and work together to ensure they’re met.

In other words, a culture of compliance is only as strong as the sum of all of its interconnected parts.

FinCEN offered five ways that financial institutions (including crypto MSBs) can build a strong culture of compliance within their organizations in FIN-2014-A007. Familiarize yourself with each and commit to incorporating them into your company to create the culture of compliance you need to survive and thrive in the cryptocurrency industry.

1. Engage Leadership

Company culture is a top-down strategic imperative for every business and every type of culture, including a culture of compliance. If leadership doesn’t believe in the culture, support it with adequate resources, staff and budget, and model appropriate behaviors, then you can’t expect any other employee to live the culture.

In other words, leaders need to walk the walk and talk the talk. That is the only way to ingrain a culture of compliance into your organization’s DNA. Every employee has to understand it, believe it, and live it – no exceptions.

2. Separate Compliance And Revenue Interests

Fin-2014-A007 says a culture of compliance can only exist if compliance is never compromised by revenue interests.

Therefore, your compliance staff should have adequate authority to develop and implement your BSA/AML compliance program, and at no time should your operation’s interest in revenue compromise the compliance policies and procedures put in place to reduce risks and provide required reports to FinCEN, law enforcement, and so on.

3. Communicate And Share Information

Transparency is essential to most company cultures, and a culture of compliance is no exception.

For businesses in crypto, it’s essential that employees provide relevant information to the BSA/AML compliance staff quickly and efficiently. That means processes need to be in place for information sharing and all employees need to understand the importance of sharing that information.

Again, this ties back to providing ongoing, adequate training.

In addition, barriers between departments and teams need to be removed. Compartmentalizing people, duties, and information is counterproductive when you’re trying to create a culture of compliance.

4. Provide Adequate Resources And Tools

If the leadership team doesn’t believe in compliance enough to dedicate adequate human and technological resources to the BSA/AML program, then it will be impossible to develop a culture of compliance.

Instead, leaders should identify a BSA Compliance Officer who has the right knowledge and experience to lead the charge. This person will ultimately be held accountable for the compliance program and its performance, so executives need to be prepared to budget not only for the salary but also for the equipment and tools the BSA Compliance Officer needs to do the job well.

But that’s not all.

Depending on the size of the cryptocurrency business and its risk profile, supporting compliance staff might be needed, and software and technology that streamlines or automates tasks might be a necessity.

5. Test The Program Through An Independent Party

One of the pillars of a BSA/AML compliance program is auditing the program on an annual basis, but FIN-201-A007 reiterates the importance of third-party testing by saying it’s a core component of a culture of compliance.

The FinCEN Advisory advises, “Leadership should ensure that the party testing the program (whether internal or external) is independent, qualified, unbiased, and does not have conflicting business interests that may influence the outcome of the compliance program test.”

Without honest, independent testing of your compliance program, all deficiencies may not be detected. You could miss critical problems that need to be corrected.

Bonus: Provide Contextual Training

FIN-201-A007 offers a sixth guideline to build a culture of compliance: Leadership and staff should understand how their BSA reports are used.

Bottom-line, every employee at every level should understand there is a very important reason why they’re generating compliance reports. Being compliant isn’t a necessary evil. Instead, its purpose is much bigger.

Employees won’t understand the purpose of BSA reports and compliance activities unless they’re put into context in terms of employees’ daily lives. In other words, training should teach employees how the information in compliance reports is used to support investigations and keep people safe.

From being used to confront terrorist organizations to fighting cyber threats and more, BSA compliance activities provide some of the most important information to law enforcement and other people and agencies who work to protect the nation and its citizens every day. Make sure your employees understand just how important they are to the overall process.

Key Takeaways To Create A Culture Of Compliance For Your Crypto Business


Building a culture of compliance not only keeps you, your business, and your employees out of trouble, it can also give your business a competitive advantage.

After all, most people prefer to work with a business with a great reputation for compliant business practices than a business that has been the subject of AML enforcement actions.

If you need help developing a strong cryptocurrency compliance program, testing your program, or assessing your policies and procedures so you can start building a culture of compliance, reach out and schedule a free consultation with the compliance experts at BitAML today.


Similiar Blog Post

National Compliance Officer Day: The Unsung Heroes Behind Crypto’s Legitimacy

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

UPDATE: Ukraine bitcoin market is hot, but beware of U.S. regulatory sanctions

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

How cryptos can work with cannabis companies in compliance

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...