Coinfirm has created a 13-piece guide specifically for crypto-asset exchanges to quickly and easily understand their AML/CFT compliance requirements for operating on a global scale and which policies to implement to stay ahead of the competition and avoid penalties.
To create a global AML compliance strategy for any exchange it is necessary to know a number of critical laws and regulations, reporting requirements and best industry compliance practices. Failure to comply with local and supranational regulations can result in hefty fines, sharp drawdowns in revenue and in some cases, prison sentences.
The key cornerstone of an exchange’s global AML compliance strategy is employing a Risk-Based Approach (RBA) to their crypto-asset dealing activities. The RBA comprises the identification, assessment and understanding of risks, as well as the consequent application of AML/CFT measures commensurate with these risks in order to ensure effective mitigation.
Crypto asset exchanges have unique needs as obliged entities in that they tend to process vast amounts of volume and deal with many clients based in numerous jurisdictions.
Licence and/or Registration with the Relevant Jurisdiction Authority
How an obliged entity is defined as by a regulatory authority affects that entity’s standard of compliance it must adhere to.
In some jurisdictions, a crypto-asset exchange is deemed to fall under the definition of a Money Service Business (MSB) and must register as such, in some it falls into the scope of Payment Service Provider, in others there is a separate regulated business category for such business (e.g. Digital Currency Exchange Provider in Australia). Registration with the relevant jurisdiction authority entails registering your exchange with the regulator overseeing a jurisdiction’s financial services markets such as BaFin in Germany, the FCA in the UK, etc.
Registration usually enables authorities to conduct ‘fit and proper’ tests on the exchange, which entails a number of checks on the company, including obtaining information regarding know who is a beneficial owner of an exchange (under the EU’s AMLD5, a beneficial owner is one with >25% ownership in an entity). Vetting the beneficial owners of exchanges allow regulators to be safe in the knowledge that operators of crypto obliged businesses are not criminals or under sanctions.
Read: 5 Steps Into the 5th Anti-Money Laundering Directive (5AMLD)
This aspect of compliance is important because often, failure to register your crypto asset exchange and continuing to operate one is a criminal offence in a number of countries. Some nations require crypto-asset exchanges to not only register with an authority but also request an operating licence.
Registration and licencing requirements differ depending on the maturity of the nation’s blockchain economy. For example, some nations currently only provide sandboxes for crypto entities whilst some such as the U.S. enable entities to be granted a federal trust charter with FDIC insurance, such as Paxos for USD-backed stablecoins in Paxos Wallet accounts.