AML compliance is complex, and it can be difficult for cryptocurrency businesses and startups to dot every last I. Here are some of the most commonly-overlooked bitcoin compliance essentials we run into.
Putting together an AML compliance program should be at very the top of the priority list for a new cryptocurrency business. But while you might know how important it is to know your customer, assess your risks, highlight red flags, and create a process for reporting, there are other mission-critical elements to AML compliance, and it’s important not to overlook them.
Unfortunately, it’s not uncommon for crypto businesses to get so focused on core AML compliance elements that they miss some of the smaller, but equally crucial, compliance requirements.
Keep in mind that regulators can impose penalties for any cryptocurrency compliance mistakes, large or small, so it’s vital to pursue comprehensive institutional compliance that leaves no stone unturned.
As you put together your crypto AML and bitcoin compliance program, make sure you include these three commonly missed but essential elements.
#1 Elder Financial Abuse Protocols
As people age, they come in at a higher risk for financial exploitation. Elder financial exploitation (EFE) usually takes the form of some kind of telephone scam wherein people over the age of 65 are manipulated into wiring money to a scammer posing as a loved one who needs help, or the IRS demanding back taxes.
Recently, scammers have begun demanding cryptocurrency as well, possibly due to its partially-anonymous nature.
As EFE becomes more prevalent in crypto, you have an opportunity to take action to reduce the problem. Your company can set up protocols that protect older Americans from financial fraud and abuse.
Unfortunately, older citizens can be victimized by people they know even more easily than strangers. By keeping an eye out for suspicious activity and filing SARs when you notice it, financial institutions can help draw attention to these criminals and stop them.
Because seniors are much less familiar with cryptocurrencies and advanced technology, scammers can confuse them while also convincing them that they are making a great investment in crypto.
Signs of EFE that you can watch for in your security protocols include:
- Elders at a kiosk looking agitated or confused.
- Email address and customer name mismatch.
- Client mentions winning the lottery, or gives a reason for the transaction that could indicate they are the victim of a scam.
You can also watch for unusual interaction from caregivers or family members when it comes to managing the account at your money transmitter or money services business (MSB). For instance, if a caregiver is overly interested in transactions or assets, or is controlling of the elder’s speech or actions, that’s a big red flag.
You never want an elder that seems to fear a caregiver regarding finances, or a caregiver that stands in the way of direct communication. If there are sudden changes in an elder’s financial management team or the individual doesn’t seem to understand cryptocurrency or what they are being asked to do by a caregiver or family member, those are also reasons to make a report.
With properly trained employees and a comprehensive AML program that looks for these red flags, you can be part of the solution when it comes to financial elder abuse.
#2 An Enhanced Due Diligence Policy
Doing proper due diligence is an essential foundation to any AML compliance program. It’s not something you can do once be done forever, of course – it’s an ongoing activity that requires continuous improvement and education for your employees.
Starting with know your customer (KYC) and customer due diligence (CDD) will get you quite a ways. However, there are always those who require additional scrutiny. Sometimes customer accounts are more active or have a history of red flags.
These accounts need another level of due diligence, which we refer to as enhanced due diligence (EDD). EDD is a process for monitoring and reporting on clients that pose a higher risk to your cryptocurrency business than others.
For instance, FinCEN requires you to know not just your client but the true beneficial owner of the account. If the beneficial owner is not the same as your client, the account probably requires additional scrutiny.
Other times you might need to implement EDD on an account include:
- Accounts that execute five or more transactions a month
- Accounts that have transactions over $10,000
- Account owners who have identification that is not from your company’s registered state
You’ll want to keep tabs on other red flags as well, including issues with a caretaker handling the account for an elder, as we mentioned above.
Your EDD policy will be unique to your particular company, but it will always mean getting more information from the target customer. You might do a telephone interview or require written information about the nature of the account. You can also do online research on the customer if needed.
#3 Testing And Monitoring Processes
An AML compliance policy is only as good as its power to root out problems and corruption. Unfortunately, a lot of crypto businesses don’t test or monitor their compliance to ensure that vulnerabilities are being detected.
You definitely do not want to be caught with a major money laundering scandal and only then discover holes in your process. You must test and monitor your procedures regularly.
When you run tests, you may find that employees haven’t been trained in how to handle specific red flags properly. Or, you may find lapses in your SAR process or discover that the employee assigned to SARs doesn’t have the bandwidth to file them in a timely manner.
These checks let you fix problems in your AML compliance program before the regulators catch them and require you to fix them – with fines and other sanctions attached.
If you find problems, update your program accordingly and document the updates. As you grow and the regulatory landscape develops and changes, you’ll need to continue testing and updating to keep up. Documentation of this process will show your company’s good-faith effort to comply with regulations, which may help during a regulatory examination or audit at some point in the future.
When you consistently test and monitor your AML compliance program, you’ll never risk being behind the curve.
Key Takeaways For Crypto Businesses
These three easily-missed parts of a compliance program may seem small, but that’s why they’re often overlooked. Of course the primary parts of your AML program, including KYC, CDD, and SAR processes, all come first.
But that doesn’t mean these three items are less important. As we’ve helped businesses with their AML, we find they often fall short in these areas.
Are you ready to incorporate these elements into your AML program, but you’re not sure how to get started? Let us help. Fill out the form below for a free consultation and we’ll be in touch to help you stay on the right side of AML regulations.