3 popular crypto business models and their unique compliance needs

June 15, 2020
Share the news!

These are the respective risks and compliance countermeasures for the top three most common cryptocurrency business models.

If you’re an entrepreneur, we’ll explain the high-level AML compliance considerations for:

  • Bitcoin ATMs

  • Exchanges

  • P2P Lending

If you want to start a business in the cryptocurrency space, there are plenty of models to choose from.

There’s a crypto version of every conceivable kind of financial services business, as well as some unique and innovative bitcoin business ideas that only cryptocurrency technology makes possible.

For the purposes of this article, though, we’re assuming you’re doing research into what it takes to start a financial institution, or a business that buys, sells, and trades cryptocurrency for U.S. dollars (or other cryptocurrencies).

Those kinds of businesses are becoming more common in the industry, and it’s probable that your own first experience with cryptocurrency was facilitated by one. Maybe your first purchase of bitcoin occurred at an ATM or kiosk, or on an exchange like Coinbase.

Businesses like these are financial institutions, or, according to FinCEN, money services businesses (MSBs), money transmitters (for more on that topic and what it means, we wrote an in-depth article here).

If you’re an entrepreneur who wants to start one of these MSBs, then you need to know a few things about something called AML compliance first.

That’s where this post will help. Let’s dive in.

What is AML compliance for cryptocurrency?

If you’re interested in starting a cryptocurrency MSB, there are certain legal obligations you have to meet or exceed before you ever open for business.

Among them, AML (anti-money laundering) compliance refers to the policies and procedures you put in place to prevent your business from facilitating, wittingly or unwittingly, money laundering and other financial crimes.

Though there are more compliance requirements at the state level and from other agencies you’ll need help navigating depending on your specific model, AML comprises a significant share of your regulatory compliance.

Note that if you’re starting a mining operation, blockchain technology solution, or other technology startup within or adjacent to cryptocurrency, AML compliance is unlikely to factor into your business planning.

Once again, AML compliance applies to financial institutions in cryptocurrency, or cryptocurrency MSBs. Someday we may see specific cryptocurrency regulation, but until then, these kinds of business models must follow what’s already on the books for financial institutions.

AML compliance for common cryptocurrency business models

The good news is, there’s a bitcoin business model for just about everyone. But most entrepreneurs new to the space will fall into two fairly broad camps: those with a background in tech and platform development, and those with a more brick-and-mortar retail sensibility.

The three most common cryptocurrency business models — bitcoin ATM/kiosks, exchanges, and P2P trading platforms — reflect that. Each have their own risk and regulatory compliance considerations.

If you’re looking at entrepreneurship in the space and have your heart set on one of these business models, we explain what you need to know below and point you to additional resources where applicable.

Bitcoin ATM or kiosk


Bitcoin ATMs, also called BTMs and cryptocurrency kiosks, are physical machines that allow walk-up customers to purchase or sell cryptocurrency (or both).

Much like a generic bank ATM, these machines are located in third-party brick-and-mortar stores. The upkeep of these machines is the responsibility of the machine’s owner (you).

While that might be seen as a downside, the upside is that bitcoin ATM business models are highly customizable. Though commonly called “bitcoin ATMs,” these machines can in fact support multiple altcoins at once. Additionally, business owners may choose to simply sell cryptocurrency, or buy and sell tokens from customers.

Manufacturers of the machines offer customer support and, increasingly, AML compliance software to help augment your compliance regime.

ATMs are increasingly ubiquitous and seen as fairly straightforward business models to launch and implement. While every business has its challenges, crypto kiosks come ready practically out-of-box from a manufacturer and the technological support is fairly minimal compared to a large-scale exchange.

It is perhaps the most entrepreneur-friendly model, particularly for entrepreneurs without a specialized background in finance or technology.

Operational risks and compliance mitigation

Full AML compliance is required even for single-owner entities. This includes protocols for transaction monitoring, the appointment of a dedicated compliance officer, and employee training, among other policies and considerations.

These requirements can sometimes seem daunting for “solopreneurs,” but they are requirements nonetheless, and very manageable.

Kiosk operations in particularly risky metropolitan areas will likely require more monitoring and stricter controls. Business owners must also be ever-vigilant of state regulation when it comes to money transmission in the context of cryptocurrency. New regulations are often handed down without warning.

For single-owners and small teams, the biggest challenge is thoroughly enforcing AML compliance as strictly as the large-scale financial institutions. There are no breaks for this, and if you operate in an area of higher risk, your mitigation efforts must be redoubled.

We wrote a longer article for bitcoin ATM operators here, and if you want to understand the full scope of bitcoin compliance requirements, you can check out our compliance 101 blog series (start at the last page).

Cryptocurrency exchanges


While most people think of large online exchanges, many smaller, brick-and-mortar businesses do operate the same model in the cryptocurrency space.

In an exchange, the operator offers customers various cryptocurrencies at spot price (meaning, what it is worth in the moment) with a fairly standard transaction fee on top. Small exchanges operate on the basis of arbitrage, i.e., buying cryptocurrency in bulk and selling it to their customers on the basis of established, recurring relationships, convenience, and to take advantage of inefficiencies and currency volatility.

There only a handful of large-scale online exchanges, but many entrepreneurs in crypto do offer exchange services exclusively or in addition to other products and services.

Operational risks and compliance mitigation

The same risks and mitigation strategies that apply to crypto kiosks also apply to exchanges, though the scope for some considerations is significantly broader.

As a brick-and-mortar exchange, you are still likely sourcing your customers and/or conducting a fair amount of your business online, which complicates AML compliance requirements concerning Know Your Customer (KYC).

You likely lack many of the inherent technological features that help bitcoin ATM operators perform KYC and transaction monitoring, but your obligations are the same regardless.

Additionally, you will likely come into contact with customers from all over the country, if not the world.

While a kiosk operator will likely only do business with customers in the state(s) where they operate, you will need to make sure your AML compliance and state licensing status cover you in any state a transaction may take place.

Additionally, contact with customers from other countries carries additional compliance considerations.

An exchange opens up a bigger sandbox for customer acquisition, and thus, a bigger compliance checklist to manage.

P2P trading

Good Free Photos

P2P platforms (also called decentralized exchanges) operate much like large-scale exchanges, only instead of the financial institution itself buying and selling cryptocurrency from users, the users are allowed to buy and sell from each other directly.

This creates a couple of compliance wrinkles that are hotly debated to this day. Mainly, P2P activity potentially makes each user a money services business/money transmitter all their own, meaning the users themselves have compliance obligations the same as businesses.

Regardless, if you’re operating a P2P exchange for the benefit of the users, that doesn’t mean you can outsource compliance to them.

Operational risks and compliance mitigation

While a P2P platform is expected to meet or exceed all of the regulatory compliance obligations of any other financial institution, there are particular challenges when it comes to KYC.

Namely, when users are wholly responsible for their own trading activity, the presence of potential fraud and money laundering occurring on your platform is a significant concern.

It’s difficult for operators to know whether financial criminals are using their platform to launder ill-gotten gains, and as such, strict, highly-customized compliance protocols would need to be enforced.

Key takeaways

Now’s a good time to point out that no one expects you to figure this out on your own (in fact, we would advise against it). Though we hope blog posts like these are helpful resources, they’re meant to educate on a wide variety of complex compliance topics — they can’t get you to functioning AML compliance alone.

For that, you’ll need to get in touch. BitAML has helped countless cryptocurrency-based money services businesses accurately assess their risk levels and design AML compliance policy that leaves no stone unturned and scales with any business model.

There’s a lot of opportunity in the crypto space, and we don’t want you to miss out. But we also don’t want you getting yourself into trouble, either. Reach out today for a free consultation.

Similiar Blog Post

International Fraud Awareness Week 2023

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Your Crypto Company Needs a Vendor & Partnership Due Diligence Policy

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Does My Web3 Project Need An AML Program?

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...