Records retention – it may not be the most exciting topic, but it’s definitely one of the most important for cryptocurrency businesses.
Why? Because every crypto MSB/money transmitter is required to keep specific documents for certain periods of time in order to stay in compliance with the Bank Secrecy Act (BSA) and anti-money laundering (AML) rules.
But what does that mean?
The reality is regulators and law enforcement investigators could request records related to your own business as well as your clients’ cryptocurrency transactions. Not only do you need to know which documents you’re required to hand over, but you also need to have them available and easily accessible.
Don’t worry, you don’t have to keep every digital and hardcopy document that your business produces on a daily basis.
If you take the time to develop a solid records retention strategy, train your employees on it, and enforce the policies you put in place, records retention becomes a simple habit rather than a challenging chore.
What Do Crypto Businesses Need To Keep?
According to the BSA, crypto MSBs are required to keep documents related to their FinCEN registration in addition to documents used in reporting a variety of activities that your clients engage in.
Typically, retained records should include the customer ID, customer information, and transaction information, including the amount, date of the transaction, and transaction information. In addition, all records must be retained for five years.
However, the records, supporting documents, and information that your business is required to retain in order to stay in compliance with the BSA can vary. Therefore, it’s important to get up to speed on the current regulations and requirements, and then, develop policies and procedures that adhere to those rules. Ideally, your BSA Compliance Officer will handle all of this for you.
Some of the most commonly generated documents that your crypto business needs to retain include but are not limited to:
As a cryptocurrency MSB/money transmitter, you’re required to retain copies of your FinCEN registration form and any renewal forms. Make sure the registration number assigned to your business is included in these documents.
Monetary Instrument Log
You’re required to maintain information in a monetary instrument log for each money instrument purchase of $3,000 to $10,000 regardless of the payment method. Keep the record for five years from the date of the transaction.
Funds Transfer and Travel Rules
The Funds Transfer and Funds Travel Rules require all financial institutions (including crypto money transmitters as clarified in an interpretive note by FATF in June 2019) to collect certain information from customers and to maintain records of the aforementioned information.
While practical implementation of these rules has been challenging in cryptocurrency, businesses should at minimum take proactive steps to collect and record the required information.
FinCEN 314(a) Requests
You must create and retain records for FinCEN 314(a) requests, including copies of information related to requested individuals, entities, or organizations. Each record should provide logs showing the date the request was made, the number of accounts searched, and a notation that states whether or not a match was found.
Currency Transaction Report (CTR) Logs
Your business is required to keep copies of any CTRs originated and all supporting documentation for five years from the date of filing.
Suspicious Activity Report (SAR) Logs
You are required to maintain copies of all SARs (including joint reports) and supporting documents originated by your business for five years from the date of filing.
AML Training Logs
Training is a required part of your BSA/AML compliance program. In fact, it’s one of the pillars of BSA compliance, and you’re required to retain documents related to how and when you train your employees on compliance policies and procedures. You have to keep a detailed log of all AML training activities, including participation in e-learning and any other training opportunity.
All supporting documentation related to CTRs, SARs, and other records must be identified as such. If FinCEN or any other federal, state, or local law enforcement agency or any state or federal regulatory authority examines your BSA compliance, you need to be able to provide all supporting documents and have them clearly marked as supporting information.
How To Develop An Effective Records Retention Process
Many businesses keep incomplete records, don’t keep records long enough, don’t organize their records (making it difficult to find them at a later date), or create documents with critical missing information.
As part of your BSA/AML compliance program, you should develop policies and procedures related to document retention that address all of these gaps and more.
Here are some tips to get you started:
- Write a policy that outlines what needs to be retained and for how long as well as where and how records will be retained so they’re easy to find later (this is your indexing and filing system), who can access them, and when and how they’ll be destroyed.
- Define your budget for records retention based on your new policy and processes.
- Train employees on your records retention policy and processes.
- Find documents that have already been produced and need to be retained. File those using the indexing and filing system you developed.
- Review your records retention policy annually to ensure it’s effective, being implemented appropriately, and compliant with current regulations and best practices.
Developing a records retention policy and implementing it can seem overwhelming, so don’t hesitate to bring in cryptocompliance experts if you need help making sure your policy and procedures are strong enough to keep you out of trouble.
Key Takeaways About Records Retention For Cryptocurrency Compliance
Records retention is not optional for crypto MSBs. If you can’t produce documents that your business is required to keep when they’re requested by regulators or investigators, you could face legal and financial consequences.
Best just avoid that altogether, right? You can do so by developing a records retention policy and related procedures, training your employees, holding them accountable, and enforcing the policy consistently.
If you need help identifying which documents your cryptocurrency business needs to keep and developing a records retention policy, schedule a free consultation with the cryptocurrency compliance experts at BitAML here.