So you’ve automated a lot of your AML compliance. Now what? Here’s why cryptocurrency businesses shouldn’t rest on their laurels.
Most entrepreneurs in the cryptocurrency space don’t exactly sign up to start a business because they’re interested in BSA/AML compliance.
They’re attracted to technology and innovation and the good-old-fashioned promise of finding success as a small business owner in an exciting and lucrative field.
Cryptocurrency regulatory technology (regtech) has largely risen to meet crypto’s compliance challenges. Some as-yet unresolved issues notwithstanding, the software available to assist with (and in some cases automate) AML compliance are highly sophisticated and impressive.
But the availability of these tools might give entrepreneurs and small teams the wrong idea about their AML compliance.
AML compliance is sometimes seen as a chore, or a checklist item. The temptation to automate as much compliance as possible, to “set it and forget it” is very real.
But while it might not be the most exciting part of your day as a business owner, AML compliance requires real, continuous human engagement.
Technology will continue to automate processes and increase efficiencies, but your institutional compliance will always require a human component. If anything, advances in compliance technology only free up compliance personnel to focus on more intricate and crucial details that simply cannot be performed without a human touch.
Compliance Officers at crypto startups are often not compliance professionals by trade. Here’s why that’s not necessarily a bad thing.
Let’s say you’re a business owner serving in the BSA Compliance Officer role of a cryptocurrency startup. You might be wondering whether this is just going to be part of your job forever.
It’s actually very common for smaller-scale institutions and startups in our industry for one of the founders to initially serve as the BSA Compliance Officer. There’s no specific resume that regulators are looking for in that role; rather, they are primarily interested in someone invested in engaging in and committed to theday to day compliance activities.
It’s less about the resume, and more about the capacity to perform compliance tasks, and having the right resources dedicated to AML compliance.
We’ve been asked about compliance technology and how much that can help small teams manage their compliance. But we’ve also heard some of these de facto BSA Compliance Officers ask what, beyond keeping their FinCEN registration up to date and kicking tires once in a while, they should be doing for their institutional compliance.
Here’s what we always say:
Automating compliance and getting it out of your day should not be the goal.
Running compliance in the background is not effective compliance management. AML compliance will always require a human at the helm.
Here’s what you should do
Instead, if you’re in a position as the BSA Compliance Officer, you need to make a plan for dedicating the proper resources to your institution’s AML compliance as the business continues to scale.
You should revisit that plan at each board or shareholder meeting, and document what is discussed.
As you start to see more foot traffic to your business, and begin hiring additional personnel, sit down and have a conversation about bringing someone in with a more formal AML compliance background.
This doesn’t mean you shouldn’t invest in the automation of processes. We’re not suggesting you hire a human instead of using compliance technology. They’re not competitive. Rather, compliance technology and compliance personnel complement each other.
Regtech allows a seasoned compliance professional more bandwidth to perform more technical and nuanced compliance tasks.
Just because you have great recordkeeping software and information storage accessible at the click of a mouse doesn’t mean your compliance is effective. Features in your kiosks are only good if you turn them on, so to speak. They’re only as good as what compliance personnel are able to do with them.
Automation may make a business more efficient, but it also creates an expectation. Now that you have this information more readily available, what are you doing with it?
If anything, there’s more onus on the BSA Compliance Officer role to make use of that information.
Who should you look to hire?
There’s a big difference between starting a network of bitcoin kiosks and running a Top 10 financial institution. At that level, the BSA Compliance Officer will be a professional of immense pedigree. Probably a lawyer with decades of experience and a salary in the mid-six-figure range.
Regulators understand that at the early-stage small business level, that is not realistic.
Again, they’re looking for an engaged team member to fill that role. The next hire may be someone with financial compliance in their background who can “grow into” the role.
There’s no universal formula for this, which is why we simply recommend revisiting the topic at your board meetings. Broach the topic on a recurring basis and figure out when it’s the right time for your institution to take the next step.
But the next step has to be one where you’re dedicating the proper resources to your AML compliance. That might mean more regtech and automation, but it will always mean an engaged professional in the role of BSA Compliance Officer.
Key takeaway for cryptos
If you find yourself as the BSA Compliance Officer for a cryptocurrency startup, the best thing you can do is be honest with your team members or co-founders (or yourself as a solopreneur) from the start.
Take the role of BSA Compliance Officer seriously, but also take the need for resources seriously. AML compliance is not a “set it and forget it” checklist task. It requires a guiding human hand and other resources depending on the size, location, and services of the institution.
Based on your growth plans, will you need a second hand at some point? When?
Will you need a dedicated professional whose hire allows you to phase yourself out of the compliance role over time?
Do you want to stay a solopreneur, and if so, can you manage your BSA/AML responsibilities indefinitely?
The goal isn’t to automate compliance so you can set it and forget it. You should be revisiting the resources you dedicate to compliance at your regular board/shareholder meetings.
If you cannot sustain your engagement in that role yourself, you’ll need to figure out how to dedicate the proper resources to your institution’s AML compliance.
If you need help figuring out your compliance needs relative to your institution’s profile, or what daily compliance responsibilities look like for your business, you can reach out to us here.
We work primarily (though not exclusively) with small businesses and startups in the crypto space and would be happy to answer some of your questions.