3 improvements you should make to your AML program this year

December 14, 2020
Share the news!

This year saw numerous changes, both subtle and overt, to cryptocurrency AML compliance. As 2020 draws to a close, here are some improvements you should make to your BSA/AML Program to reflect them.


Note: we wrote a follow up piece related to crypto AML compliance for 2023: Navigating AML Compliance Changes in the Cryptocurrency Industry for 2023

Business owners in the cryptocurrency space should be reviewing and updating their BSA/AML Program, as well as its associated policies and procedures, regularly.

But it should go without saying that being responsive to the ever-shifting regulatory landscape in cryptocurrency is a major challenge, whether you operate an international crypto exchange or a single bitcoin kiosk.

It’s not easy for business owners to make smart, decisive compliance decisions and pivot quickly, whether in a small business setting or at scale.

Yet AML compliance that is up-to-date and practiced daily is an essential business function, not an afterthought.

This leaves business owners in a tough spot. How do they test and monitor their compliance and make the right decisions as soon as is practicable?

When it comes to testing and monitoring your AML compliance, nothing beats an annual independent third-party review.

But taking the time here and there to review and update your AML Program in response to regulatory shifts is highly advisable.

The year is coming to a close. If you haven’t made updates to your AML compliance in some time, we will prescribe three major changes you should implement based on major regulatory trends that occurred this year. 

We’ll also include some related reading in the final section Key takeaways.

Like we said before — nothing can take the place of an AML audit. If you want to learn more about setting one up, you can contact us here.

But these points should give you plenty to reflect on, and give you a good sense of how compliance changed in 2020 and how your institution should reflect and respond to that.

Let’s get started!

1. Add a procedure for Travel Rule compliance

A year ago, we wrote that the Travel Rule would be an issue that shaped compliance in the cryptocurrency space for years to come.

As it stands, practical implementation of the “Travel Rule” within cryptocurrency is a matter that remains largely unsettled.

Still, we’ve gotten indications that auditors, including those issuing Title 31 exams are asking businesses about Travel Rule compliance, and are interested in the measures businesses have taken to comply with it thus far.

Though the technical feasibility of Travel Rule compliance is still an open question in cryptocurrency, there are steps that businesses can be taking to proactively comply to the best of their ability, and that should be reflected in your AML Program.

As Title 31 examinations increase in the space, it’s important to take the time to review your AML Program for Travel Rule compliance and to add protocols and procedures before the year is over.

Here are a few blog posts we’ve written in the past that can help:

2. A policy for Token Risk Analysis

Don’t skip over this one.

You might be thinking to yourself that token risk analysis, also sometimes called “cryptocurrency due diligence,” is something that big cryptocurrency exchanges offering hundreds of altcoins need to worry about, not kiosk operators.

After all, if you operate a modest network of kiosks that offer bitcoin only, what would you need a policy like this for?

At present, risk analysis of the coins offered by cryptocurrency money transmitters of every stripe is a compliance industry best practice, but we predicted earlier this year that it would eventually become a formal AML compliance requirement.

We stand by this prediction, and recent developments in consumer protection (which we’ll cover in the next section) support this.

Even if you only offer bitcoin, implementing a formal policy for token risk analysis is low-hanging fruit that shows examiners that you are responsive to industry best practices, as well as a proactive manager of your compliance.

Regardless of whether you ever plan to offer altcoins in the future, having a policy on standby, reflected in your AML Program, demonstrates a strong commitment to the spirit of compliance as your business grows into the future.

3. Policies around the theme of consumer protection

The single biggest story of 2020 as it relates to compliance in the context of cryptocurrency was consumer protection.

Regulators dropped overt hints that examinations would increasingly probe proactive business practices related to consumer protection, and laws and frameworks were proposed, debated, and even passed for implementation in a number of major states.

Consumer protection is going to continue to be a key feature of AML compliance discussions in cryptocurrency well into 2021 and beyond. And right now, examiners will be looking closely at what cryptocurrency companies are proactively doing about it.

If you haven’t implemented consumer protection protocols yet, the time to do so was yesterday.

Additionally, consumer protection will constitute some of the most significant updates you will need to make to your AML program. That’s because unlike Travel Rule compliance and token risk analysis, consumer protection protocols aren’t back-end additions to policy and procedure. They are customer-facing.

You will need to include extensive disclosures and notice of risks, as well as a method for complaint remediation, just for starters.

The BitAML blog has written about these topics extensively over the previous year. We highly recommend tracking down our blog posts on scams in the cryptocurrency space, of which there are a dozen or more.

These posts will also help you get started:

Key takeaways

If it has been some time since you’ve revisited and updated your AML Program, the time to do so is right now. To get off to a good start, go through this post and read the linked articles.

Here are some additional articles that may help:

Watch For These Testing And Monitoring Mistakes As You Grow Out Of Startup Status: If you’re a relatively newer business (around 12-18 months of operation) with an AML compliance program in place, here are some next-level compliance questions you should be asking.

Top 3 Mistakes Cryptocurrency Businesses Make In Their Annual Audit: If you are pursuing an annual audit, make sure these bases are covered.

8 Important Ways You Can Test Your Compliance: Testing and monitoring is an important compliance practice to develop as you continue operation. Here are 8 tips to help.

And of course, if you have compliance questions of any kind, we are available for a free consultation. Reach out any time.

Similiar Blog Post

I’m a Crypto Startup With a Newly Written AML Policy. Now What?

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Crypto KYC: New School Meets Old School Compliance

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...

Striding Towards Compliance: Understanding DeFi’s Need for AML Policies

August 17, 2020
This old-fashioned scam is more prevalent than you think — and your customers could be at risk. If you run a cryptocurrency exchange, kiosk...