A board of directors sounds like something you’d find at a major corporation, not a small-time bitcoin ATM operator. But according to regulators, the board is ultimately responsible for institutional compliance, meaning every crypto should have one in place.
Does your cryptocurrency business have a board of directors? It should.
For financial institutions and money services businesses (including crypto MSBs), the board of directors provides essential oversight to ensure a business operates safely and in compliance with all relevant laws and regulations.
No matter what type of crypto business you operate, you need to have an active board of directors in place.
It can be easy to think of compliance as a checklist item, and tempting to deprioritize it when day-to-day fires come up, but this should never happen. Your board of directors helps to ensure it doesn’t happen because they’re ultimately responsible for your MSB’s compliance with regulations.
This article is part of our series of crypto compliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance.
Today, we’re focusing on the board of directors, namely:
- The board’s responsibilities
- What the relationship with the BSA Compliance Officer should entail
- Why boards are ultimately responsible for BSA compliance.
What is the board of directors responsible for?
The board of directors of any company holds ultimate accountability for effective governance of the business to regulators, shareholders, and other stakeholders. It’s the board’s duty to develop the business’ risk framework, which defines how the business operates and is a critical part of the BSA/AML Compliance Program. The framework spells out the company’s strategy and culture as well as its risk tolerance levels.
The U.S. Department of Treasury’s Office of the Comptroller of the Currency lists 17 areas of board responsibility in its guide for directors of national banks and federal savings associations. Many of these responsibilities apply to crypto MSB boards as well.
In terms of compliance, the board is responsible for complying with fiduciary duties and the law as well as for ensuring the business maintains an effective BSA/AML control structure. Common law fiduciary legal principles say that directors’ activities include two broad-ranging duties: a duty of care and a duty of loyalty.
A duty of loyalty relates to making decisions and acting for the benefit of the company, not individual gain. The duty of care applies directly to compliance. It requires that directors gather enough knowledge and facts about the company’s transactions or activities, thoroughly examine those facts, and then make decisions for the benefit of the business.
What does that mean?
Simply put, the board of directors should use a hands-on, proactive approach to compliance because the directors are responsible for setting the company’s compliance strategy. The board is also responsible for hiring the right people to execute that strategy, ensuring they’re trained properly, and holding them accountable to adhering to established compliance policies and procedures.
What is the BSA Compliance Officer responsible for?
While the board of directors sets the compliance strategy, the BSA Compliance Officer executes that strategy.
The board of directors empowers the BSA Compliance Officer by giving them the tools and resources needed to do their jobs. That means the BSA Compliance Officer must stay current on all relevant laws, use the tools available to them to manage the compliance program and activities, provide compliance training to employees, make daily decisions related to compliance, and communicate with law enforcement as needed.
From there, the BSA Compliance Officer reports on the program’s implementation to the board, and the board makes vital decisions related to risk, policy modifications, and so on to ensure the risk strategy is always optimized and the company is protected.
Again, the board of directors is ultimately responsible for compliance at a cryptocurrency financial institution, not the BSA Compliance Officer. In fact, directors can be (and have been) held personally liable in civil and criminal lawsuits for failure to comply with MSB regulatory requirements.
We should note that it is common for some crypto business models to have a board member who also serves in the role of BSA Compliance Officer. However, over time, as the operation grows, the company should develop a degree of separation from the implementation of compliance-related duties and board duties in order to avoid the appearance of a conflict of interest.
Why a ‘culture of compliance’ matters
Your compliance strategy is only as strong as your MSB’s ability to execute it on a daily basis. To put that another way, every employee plays a part in compliance, and they need to understand not just their roles but also why their support and participation is essential.
Developing a culture of compliance has to start at the top – at the board of directors – and be monitored through formal compliance meetings. The board needs to live and breathe the culture and hold senior management accountable for doing the same.
From there, employees at all levels should be held accountable through performance reviews, and they should be incentivized for positive compliance behaviors within reward structures. That means they have to receive ongoing compliance training and have access to the necessary procedures, tools, and technology to do their jobs within the documented compliance policies and procedures.
Interestingly, the Office of the Comptroller of the Currency lists “establishing an appropriate corporate culture and setting the tone at the top” as a core board responsibility. In addition, FinCEN stated in a 2014 advisory that financial institutions (including crypto MSBs) which have poor cultures of compliance are likely to have problems with their BSA/AML compliance programs.
Bottom-line, a culture of compliance starts at the top but every employee needs to understand how and why they matter to that culture in order to fully embrace it and live it.
Since the board is responsible for matching risk-taking behavior to the directors’ strategic vision of a company, MSBs may be tempted to involve board members only in annual risk assessments.
That’s a mistake.
The board of directors has broad compliance program oversight responsibilities and is ultimately and finally accountable for the MSB’s compliance with rules and regulations.
In addition to compliance risk assessments, the board of directors should be involved in an annual independent AML audit, which is a regulatory requirement. An annual audit can show management and the board where roles and responsibilities could be improved to strengthen the MSB’s compliance overall.
Lastly, frequent formal and informal touchpoints within the institution between the board and the BSA Compliance Officer are a must to maintaining a culture of compliance.
If you have any questions about what roles and responsibilities should look like in your business and whether you’re doing everything right related to BSA compliance, you can schedule a free consultation with the cryptocompliance experts at BitAML here.