An AML training program for employees is critical to the success of BSA/AML compliance for cryptocurrency businesses, but only truly effective if it includes these key elements.
Training your new employees on policies and procedures seems like a no-brainer; it’s a check-the-box activity.
But thinking of it that way minimizes how mission-critical AML training is when it comes to regulatory compliance.
Is AML training required of cryptocurrency businesses?
Yes, every crypto MSB (money services business) is responsible for training all employees on the basics of bitcoin money laundering and the AML compliance policies and procedures used to mitigate potential instances of financial crime.
But this is not as simple as sitting a new employee in front of a 30-minute orientation video. Proper AML training not only needs to be comprehensive, up-to-date, and participatory, it also needs to be performed regularly for every single customer-facing person your institution employs (not just new employees).
In AML circles, we like to say that training should be targeted, relevant, and ongoing.
Because AML training is one of many compliance requirements for cryptocurrency businesses, we’re often asked a number of questions about it.
- What should be included in AML training?
- Who should perform the workshop?
- How do we demonstrate compliance with this requirement?
We’ll answer these questions below, but remember that you can always reach out to our bitcoin compliance experts with any questions you may have.
But first, let’s cover the essentials of an AML employee training program.
Why do crypto businesses need AML training?
AML training is one of the pillars of effective AML compliance, and a cornerstone of what AML compliance professionals refer to as “a culture of compliance.”
Sound abstract? We’ll break it down.
AML compliance for bitcoin and other cryptocurrencies is built on the same rules and regulations that traditional financial institutions are required to follow. This can cause its fair share of headaches, since many of these laws are decades old and were not designed for decentralized financial products, but rather centralized operations like your bank.
Regardless, bitcoin regulation is the same as traditional financial regulation with adaptations where required and/or permitted.
“In AML circles, we like to say that training should be targeted, relevant, and ongoing.”
Traditional financial institutions are expected to adhere to the Bank Secrecy Act (BSA) of 1970, which mandates that said institutions build anti-money laundering (AML) compliance programs to help regulators mitigate the actions of financial criminals (e.g., the mob, drug dealers, terrorists) and prevent them from diluting the integrity of the financial sector, wider economy, etc.
The pillars of compliance refers to a framework that helps financial institutions adhere to the BSA. One of these pillars is employee training.
You see where this is going?
Traditional financial institutions are required to build AML programs that comply with the BSA (as well as other laws passed since), the pillars of compliance provide the framework for a strong AML program, and employee training is one of those pillars.
And because bitcoin regulation is largely the same as that of traditional finance, the pillars of compliance, including employee training, apply to every cryptocurrency MSB/money transmitter.
What is AML training for crypto MSBs?
AML employee training programs should be designed to improve the knowledge, performance, and skills of a cryptocurrency financial institution’s employees. It teaches them about the important rules and regulations their institution must follow, their role in enforcing compliance (i.e., a “culture of compliance“), and instructs them on the detection and reporting of potentially suspicious activity.
The training regimen should incorporate the requirements of the BSA, as well as those found in the PATRIOT Act as well as other AML laws and federal and state laws and regulations. Training should also be custom-tailored to each institution’s unique risk profile.
The training program should also cover day-to-day compliance responsibilities including how to recognize red flags in transactional activity, what to do once potentially suspicious or illegal activity is identified, who is responsible for what within the company, what should be recorded, and consequences for non-compliance (up to and including jail time).
Every new employee must receive this training within a certain period of being hired, and everyone who works with customers, institution-wide, must receive updated AML training at least annually.
5 things your AML employee training program shouldn’t miss
If you’re looking for a place to start in building an AML compliance training program, here are five points that must be included in order for it to be effective:
1. An explainer of BSA/AML compliance
This section should cover much of what we talked about above, albeit in much more specific detail. Explain the pillars of BSA/AML compliance here to help enforce a culture of compliance.
You may also want to touch on Know Your Customer (KYC) cryptocurrency considerations in order to help employees understand how the rules and regulations they’re learning about connect to day-to-day processes.
2. An overview of key regulations and laws
This section should speak to the main requirements of the BSA, the PATRIOT Act, and others, but should also include unique laws and regulations that may apply to you based on your business model, unique risk profile, or state regulations.
It would also be helpful to explain who the regulators (i.e. FinCEN, IRS) actually are and how cryptocurrency falls under their purview.
3. Reporting requirements
Cryptocurrency businesses are required to file numerous reports based on certain transactional activity triggers, so your employees need to know about all of them.
4. Relevant updates
Bitcoin regulation changes frequently, and major updates can be handed down without warning.
Training programs should be constantly updated to reflect these new realities. It’s also recommended that red flags and other institution-specific elements of the training be updated as well.
Questions will undoubtedly arise, so a forum for Q&A is an important element of annual training. Fostering open dialog encourages a strong culture of compliance, so be sure to create space for discussion.
Though not specifically required, it’s a good idea to have AML training be performed by a qualified third party in order to get a fresh, expert view of the regulatory landscape, and to bring new ideas and learnings in from outside your specific institution.
Tips for recording participation
In order to demonstrate compliance with the training pillar, keep records of company-wide training as well as individual training for new employees in each employee file.
An AML training record doesn’t need to be too exhaustive but should include basic details like when the training was received, a description of the topics covered, who participated, and who performed the training.
Key takeaways for cryptocurrency businesses
Employee training is critical to a crypto financial institution’s AML compliance, whether it’s a company of one or 1,000-plus.
As a pillar of AML compliance, employee training is one of the first steps in fostering a culture of compliance, which protects the integrity of your institution as well as the wider cryptocurrency ecosystem.
To be truly effective, AML employee training should be performed for new hires within 30 days of the start date, and annually for everyone else. It also needs to include key elements, like an overview of BSA/AML compliance, reporting and recordkeeping, relevant updates, and more.
If you need help creating a comprehensive, up-to-date AML employee training program, or it’s time for annual training and you’re looking for a qualified third-party to deliver a session, you can reach out to us here. We’d be happy to answer any questions about AML training you might have.