A presentation on AML & CFT Risks and Opportunities delivered at the Gibraltar Association of Compliance Officers Blockchain & DLT Event on 17 October 2018.
This presentation covers different industry players; what obligations those industry players may have; how to meet those compliance obligations; other key risks and the future of compliance in the cryptocurrency and DLT sector.
2. 1. Why are you here? The story to date.
2. Who are the industry players? Which one of these are you.
3. What are the AML & CDD Obligations? What is required of you.
4. How do you meet these requirements? What you can do.
5. Where are we going? What is coming up on the horizon.
OVERVIEW OF THIS PRESENTATION
3. The story to date:
The Bitcoin Whitepaper - 2009;
Development of Blockchain & other DLTs which followed;
Gibraltar Working-Group 2014-15;
Total valuation of all digital assets peaked at over $800bn;
Gibraltar DLT Regulations 2018;
ICOs & ITOs.
1. WHY ARE YOU HERE TODAY?
4.
5. Bigger impact and happening faster than the internet;
Individuals using these technologies can use the technologies for illicit activities such as
money laundering and terrorist financing.
We have obligations and responsibility to minimise money laundering and terrorist
financing.
How do you fit into this industry ecosystem? What are you required to do?
How do you identify and mitigate risks? What should you expect in future?
1. WHY ARE YOU HERE TODAY?
6. NB - At this point DLTs are primarily being used for virtual currencies and financial services/transactions.
1. Creators of digital currencies & DLTs;*
2. Intermediaries of digital currencies;*
o Exchanges - facilitate the exchange of virtual currencies to other virtual currencies or fiat (i.e. cash / state
issued currencies like GBP / EUR / USD);
o Custodians of digital assets - store digital assets on behalf of others;
o Payment Services - allow you to spend your digital assets and send it to third parties on your behalf.
3. Investment funds & non-MIFID entities
*Represents activities that may need to consider DLT regulation.
2. WHO ARE THE INDUSTRY PLAYERS?
7. NB - At this point DLTs are primarily being used for virtual currencies and financial services/transactions.
4. Service Providers;*
a. Lawyers; b. Accountants; c. Corporate Services (Company Incorporation/Secretary);
d. Fund administrators; e. Trust Companies.
5. Consultants;
a. Directors; b. Contractors; c. Software developers.
* Represents activities that may need to consider DLT regulation.
2. WHO ARE THE INDUSTRY PLAYERS? (CONTD.)
8. Overview:
Proceeds of Crime Act 2015 (“POCA” as amended) and other relevant
legislation such as Drug Trafficking Offences Act, Terrorism Act 2005 and
Gambling Act 2005;
DLT Regulations - Guidance Note #8 - Financial Crime;
GFSC - AML Guidance Notes;
5th AMLD;
Upcoming Token Regulations.
3. WHAT ARE THE AML, CFT & CDD OBLIGATIONS?
9. 3.1 - PROCEEDS OF CRIME ACT
More likely than not, you are a relevant financial business which requires you to
keep to the obligations required under POCA.
This includes: entities regulated by the GFSC (banks, insurers, bureau de
changes, DLT Providers, Collective Investment Schemes); Gaming firms;
professional service providers (lawyers and accountants); and ICO’s (see section
9(1)(p) of POCA.
10. Relevant financial businesses must appoint a Director, Senior Manager or Partner as the Money
Laundering Reporting Officer (MLRO) and establish policy and procedures to ensure compliance
with POCA.
Relevant financial business must carry out CDD measures where they, among other things:
o Establish a business relationship;
o Carries out a transaction amounting to 15,000€;
o Suspect money laundering or terrorist financing;
o Doubts the veracity or adequacy of the document, data or information previously obtained.
Outsourcing
Ongoing monitoring.
o ICOs? DLT businesses?
3.1 POCA - WHAT MUST THESE ENTITIES DO?
11. Subject to AML Guidance Notes;
B2B vs B2C - Must document risk tolerance and assessment for each of the
products or services;
Use of eID for Verification of CDD Measures;
Traceability.
3.2 EXTRA - DLT GUIDANCE NOTES
12. Intermediaries and Service Providers to consider in addition to standard checks on
KYC, CDD & Source of Funds:
o Where have the digital assets originated from?
o How do you verify source of digital assets?
Use of tools - Coinfirm, Elliptic, Chainalysis, Polymath (STO & CIS).
4. HOW DO YOU MEET THESE REQUIREMENTS?
13.
14.
15.
16.
17. 4.2 EXAMPLE OF COUNTERPARTY SCENARIOS
A high net worth individual approaches your relevant financial business for
services. They hold high amounts of BTC as they had purchased these prior to
January 2017 and has a ‘long only’ portfolio (i.e. minimal trading has taken place).
This client wants to pay for £10,000 worth of your services in BTC. Assume in this
scenario you have agreed a fixed BTC price and you accept BTC as payment.
What can you do as a regulated financial business in respect of requests and checks?
18. An ICO wishes to engage your relevant financial business. They have provided you
with all Company due diligence and KYC documents required. They wish to pay for
your services in Ethereum used from their ICO raise.
What checks / requests should you carry out before onboarding the Client and
accepting funds?
4.2 EXAMPLE OF COUNTERPARTY SCENARIOS
19. A company wishing to conduct an ICO from Gibraltar wishes to enlist your services
as an external MLRO.
What processes and checks should you have in mind when considering such a role?
4.2 EXAMPLE OF COUNTERPARTY SCENARIOS
20. 5th AMLD - going to require virtual currency exchanges to fall within relevant
financial business for purposes of AML regulations.
International AML standards for crypto expected in October by FATF.
More regulation & more guidance.
Enforcement - no test cases yet.
5. WHAT IS COMING?
21. Proceeds of Crimes Act 2015;
Financial Services (Distributed Ledger Technology Providers) Regulations 2017;
https://www.fsc.gi/dlt;
https://www.fsc.gi/uploads/Guidance%20Note%208%20-%20Financial%20Crime%20GFSC.pdf;
Directive (EU) 2018/843 -https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018L0843
Survey of Terrorist Groups and their Means of Financing - https://financialservices.house.gov/uploadedfiles/hhrg-115-ba01-wstate-yfanusie-20180907.pdf
Virtual Currencies and terrorist financing: assessing the risks and evaluating responses - European Parliament May 2018 -
http://www.europarl.europa.eu/RegData/etudes/STUD/2018/604970/IPOL_STU(2018)604970_EN.pdf
FATF Report - Virtual Currencies Key Definitions and Potential AML/CFT Risks June 2014 - http://www.fatf-gafi.org/media/fatf/documents/reports/Virtual-
currency-key-definitions-and-potential-aml-cft-risks.pdf ;
Guidance for a risk based approach - virtual currencies 2015 - http://www.fatf-gafi.org/media/fatf/documents/reports/Guidance-RBA-Virtual-Currencies.pdf ;
Where are we going? - Legal and regulatory overview of DLT & the Tokenised Economy - https://www.slideshare.net/Flipsta1/where-are-we-going-dlt-
blockchain-legal
Funds and the Emerging Digital Asset Class - https://www.dam.gi/gibraltarfunds/
The Digital Estate (Wills and Probate) 2018 - Sweet & Maxwell by Leigh Sagar;
www.coinfirm.io;
www.chainalysis.com;
www.elliptic.co;
https://hackernoon.com/the-ico-market-is-not-collapsing-its-maturing-c11bfd4cdfe8
https://elementus.io/token-sales-history
RESOURCES
22. Please note the contents of this presentation do not constitute legal advice and has been provided solely
for training purposes. Similarly, references to regulations and law provided are for illustration purposes
only and such laws are updated from time to time. By participating in this seminar you agree that you will
use its contents solely for training purposes and you will hold the authors of this presentation free from
liability should you choose to do so and that the contents remain the copyright and property of their
respective authors.
Should you have questions regarding requirements of Gibraltar law please seek professional legal advice.
You may contact Philip Vasquez at TSN law pv@tsnlaw.com or Javi Triay at Triay and Triay
javi.triay@triay.com .
RESOURCES
23. 1. What are the most common problems that you are seeing in respect of
AML/CFT compliance?
2. What other matters should EIF funds or DLT businesses consider in respect
of policies and controls?
3. What do you believe are key considerations when setting up a tokenised EIF?
4. What trends or changes have we experienced since starting advising on DLT
matters? And what do you expect to see?
QUESTIONS