06 May BSA/AML Compliance For Crypto Exchanges: How To Stay Compliant
Cryptocurrency compliance can be challenging, so today, we’re focusing on what crypto exchanges need to do to be compliant with relevant regulations as part of a new mini-series explaining compliance basics for aspiring or new entrepreneurs in the space.
Is your crypto exchange BSA/AML compliant?
Let’s dig into the fundamentals of cryptocompliance for crypto exchanges and find out.
Basic Compliance Requirements For Crypto Exchanges
Your crypto exchange is considered a money services business (MSB), and as such, you need to build a BSA compliance program just like any other financial institution.
The foundation of a successful crypto exchange is a solid BSA/AML compliance program. To create that program, you need to fully understand the requirements of the Bank Secrecy Act (BSA) that crypto exchanges have to comply with to prevent and report behaviors commonly associated with anti-money laundering (AML).
Complying with BSA regulations and AML rules is mandatory to help law enforcement and government agencies detect and prevent money laundering and terrorist financing. All MSBs (including your crypto exchange) are required under the BSA to develop compliance programs that include five pillars:
- A designated BSA Compliance Officer
- Internal controls specific to your crypto exchange business model
- AML training
- Independent testing of your BSA/AML program
- Customer due diligence (CDD)
Developing a BSA/AML compliance program can seem overwhelming, but the information in this article will help you get started.
If you need help, working with cryptocompliance experts, like the team at BitAML, can give you peace of mind that your program will effectively protect you, your business, and your customers.
A Designated BSA Compliance Officer
The first pillar of an effective BSA compliance program is identifying a BSA Compliance Officer.
In simplest terms, you need a BSA Compliance Officer to develop policies, processes, and procedures for your employees to follow. Your BSA Compliance Officer is responsible for hiring and training your staff, selecting tools, evaluating your crypto exchange’s risk level, and making decisions related to risk.
This isn’t a role for just anyone.
Your BSA Compliance Officer should be an expert in cryptocurrency compliance. He or she should fully understand all relevant regulations and the signs of money laundering.
In addition, the BSA Compliance Officer must be an excellent communicator as it’s his or her role to share information with the Board of Directors and carry out the Board’s directives related to BSA compliance.
Ultimately, the Board is responsible for the crypto exchange’s BSA compliance, so they need a BSA Compliance Officer they can count on to perform well.
Internal Controls Specific To Your Business Model
The second pillar of a BSA/AML compliance program is specific to your crypto exchange. This is where you develop the policies, procedures, and processes that all employees will follow to ensure your business stays compliant with current BSA regulations.
All MSB’s internal controls should include policies and procedures for the following:
- Identifying high-risk operations
- Reporting suspicious activities and taking corrective action
- Performing customer due diligence
- Separating duties and providing adequate employee supervision
- Training and monitoring employee performance
- Updating the risk profile
- Monitoring compliance regulations and updating policies on an ongoing basis
But that’s not all.
As a crypto exchange, your business needs to pay close attention to state laws and international laws simply due to the types of customers you’ll interact with and transactions you’ll process.
In fact, there are several differences between the internal controls your crypto exchange needs to put in place compared to the internal controls of crypto ATM businesses. Some of those differences include:
International Considerations: For example, since your crypto exchange will likely interact with international customers (unlike crypto ATMs), your compliance has to take a global view when it comes to sanctions and fraud. Exchanges generally need stronger blockchain analytics, IP and geo-training tools, and more.
VPNs and such make it difficult since anyone with an internet connection anywhere in the world can technically become a customer, but you have to do your best to stay compliant and prevent and detect money laundering activities by international customers.
Business Customers: Kiosk operators typically have walk-up individual customers, but crypto exchanges are more likely to have customers that are businesses in addition to individuals. Therefore, crypto exchanges have different Know Your Customer (KYC) and CDD considerations.
State Licensing: Unlike kiosk operators that may be able to avoid state licensing thanks to “no action” policies in several states, crypto exchanges always need to secure state licenses to operate.
Red Flags and Monitoring: Crypto exchanges have some unique red flags and surveillance and monitoring considerations. These differences include things like flagging dormant accounts and larger transaction volumes.
Overall, crypto exchanges need to build BSA/AML compliance programs like any other financial institution, but in addition to the BSA’s federal requirements, crypto exchanges need extra focus on state and international rules.
Developing a comprehensive BSA compliance program tailored to your crypto exchange is the only way to ensure you and your employees have the right policies, processes, and procedures in place.
The third pillar of a BSA/AML compliance program is training employees on AML and BSA regulations as well as the internal controls your BSA Compliance Officer develops.
Since laws can change and ongoing employee performance is essential to compliance, it’s important that all employees receive BSA/AML training annually at a minimum.
Keep in mind, this is not a one-size-fits-all training. Each employee has different roles and responsibilities related to BSA/AML compliance, so training should be tailored to their duties and the policies and procedures they’ll need to follow to perform their jobs.
Independent Testing Of Your BSA/AML Program
How good is your BSA/AML program? Are the policies and procedures in your compliance program current? Are they working?
Independent testing of your BSA/AML program is required under the BSA to ensure your compliance procedures are working and your employees are performing as they should be.
This testing should be performed annually by a third party who understands all aspects of BSA compliance and objectively evaluates your program’s internal controls, policies, procedures, training, and recordkeeping.
It’s in your best interest to have a thorough and strong compliance program, and an annual audit tells you if there are areas for improvement.
Customer Due Diligence
Customer due diligence is the fifth pillar of a BSA compliance program. The purpose of this pillar is to reduce the risks associated with transactions involving shell companies and anonymous companies.
The fifth pillar can be referred to as enhanced customer due diligence because it adds more to customer identification and due diligence procedures based on risk. Specifically, the enhanced customer due diligence steps required by FinCEN include verifying customer identity, identifying and verifying beneficial ownership, understanding customer relationships to create customer risk profiles, and monitoring to report suspicious activities and update customer information based on risk.
Your crypto exchange’s BSA compliance program must include policies and procedures to identify beneficial owners of a legal entity customer (owners who directly or indirectly own 25% or more of a legal entity’s equity interest or who meet the control threshold showing they have significant authority to control, direct, or manage the legal entity).
In addition to identification, your employees must be trained on policies and processes in your BSA compliance program related to verifying the information collected, understanding the risks that beneficial ownership creates, and reporting any suspicious activity related to beneficial ownership.
Key Takeaways For Crypto Exchanges
Crypto exchanges must develop effective BSA/AML compliance programs based on the five pillars: designating a BSA Compliance Officer, developing internal controls, training employees, testing by a third party, and conducting enhanced customer due diligence.
While developing a cryptocompliance program can be confusing, don’t let the challenges stop you. Not only is creating a strong compliance program a good business practice, it’s also required by law.
The compliance experts at BitAML can take the stress and worry out of developing a comprehensive BSA/AML compliance program for your crypto exchange. To get started, submit the contact form below and schedule a free consultation: