Guest Blog Post by Carol R. Van Cleef, Partner- Manatt, Phelps and Phillips
A runner knows how important preparation is to performing well in competition. When it comes to race day, climbing hills on a hot day may be very painful, or impossible, if the training regime has been lax. Likewise, proper training and conditioning are essential for a soldier headed into combat. In both cases, preparation may be a matter of life and death.
Similarly, financial services companies – including digital currency companies- need to be prepared for a worst case scenario. Unfortunately, this includes unexpected events like terrorism, and other horrific criminal acts.
Besides the news of an event itself, the worst headline to wake up to is a report stating the attacker was a customer, or used a product or service of your company. At that point, your preparation must kick in. Like your body confronting a hill on a hot day, you need your first line of defense – your anti-money laundering (AML) compliance program – to be in top shape to get your company over the hill, and protect it from the laser focus to which it is about to be subjected.
Following the Money. Money is often considered the lifeline of terrorist activity, and when an unfortunate incident occurs, investigators immediately begin reviewing the flow of funds around participants to find out how the operation was financed, who funded it, and how the money was spent. These are just the first questions, and a confiscated computer or cell phone can jump start the investigation by revealing account numbers, transactional activity, and other useful communications that can be used to map the money trail.
Why a First Line of Defense? Every financial services company is vulnerable to abuse. In these scenarios, an effective AML program can help prevent the company from being accused of aiding and abetting, or being willfully blind to illegal transactions and activity. A company’s written AML program document is intended to set out a reasonable strategy for protecting itself from criminal abuse, and provide important documentation of its efforts to prevent such abuse.
Shaping the Defense. Preparing your AML program for the day a headline appears can be a challenge. The program must enable the company to detect and deter criminal activity, and provide for timely reporting to law enforcement if unusual or suspicious activity is detected. Your program should have robust measures to “know your customer” and monitor transaction activity, dictated in large part by a risk assessment that appropriately analyzes how your company’s products and services can be used or abused for criminal purposes. If the company is subject to the Bank Secrecy Act, your program will need to address additional issues.
Even if your company has not provided a service directly to the perpetrators, representatives of the law enforcement community (e.g. FBI, DEA, Secret Service, ICE) may still want to talk if the company have been involved in the transfer of funds or other value to or from another party. The company’s AML program may be equally important in getting it up and over this hill as well.
Ready for Primetime? Regardless of how your company makes it onto the radar screen of law enforcement, you should expect investigators to contact you. The contact may be made by telephone call, email, or even with a personal visit.
What kind of questions should you expect? How should you answer them?
Obviously, the questions you will be asked will depend on the type of product or service you offer and the role you may have played in a transaction under scrutiny. For example, if you are a bitcoin exchange, do you offer a wallet service, hold funds or bitcoin on behalf of customers, or simply provide exchange services? Do you buy or sell bitcoin from customers, or arrange for third party transactions? What role do you play in processing the transaction?
If the investigator does not understand your service or product, he or she will likely ask questions to better understand it, and the role you played in the transaction(s) at issue. The most important documents you will likely be asked to produce are the transaction monitoring reports and information you have collected in your customer identification (CIP) and KYC processes. A number of factors will be used to judge the effectiveness of your AML compliance program including your ability to communicate the information you have, your ability to produce accurate and adequate records quickly, and the quality and condition of the files you maintain.
Tweaking the Game Plan. Other issues you should consider in your preparation include, but are not limited to the following:
- How quickly you can search your customer records after the perpetrators have been identified, to see if you’ve ever done business with them (Don’t forget to search for aliases).
- Do you have adequate and effective procedures in place to capture your customer’s information, keep it updated, and integrate it into your transaction monitoring system?
- Do you have a robust transaction monitoring system? Is it fully automated? Should it have detected the activity under review? Did you miss any red flags?
- Whom should you call, and what should you report if you discover you have done business with one of the perpetrators? What should you say in that conversation? How can you avoid potentially incriminating yourself in this conversation?
- Have your employees received AML compliance training? Is the training adequate and appropriate for the job? Will a prosecutor agree? Do you have training records?
- Has your AML program been reviewed by an independent third party (not a regulator)?
- Have you registered as a money service business? If you have, do you have all required pieces of your AML compliance program in place? Do they adequately reflect your business, have you implemented them, and are they effective?
- If you’re not registered as an MSB, do you have a letter from FinCEN or a reliable legal opinion stating that registration is not necessary? This question is important as both your company, and potentially, key decision makers could be at risk- it’s a federal criminal offense to engage in exchange and other virtual currency activities without being registered as a Money Service Business (MSB). On the other hand, withholding material evidence could make matters worse.
- What about compliance with state money transmitter licensing statutes? Don’t assume registration as an MSB is your only regulatory obligation and ignore state money transmitter licensing laws. While many questions have been raised as to where and when such laws apply, a number of states do require licensing and, regardless of where you are located, if your company has customers in those states and is not licensed, you may have federal criminal liability as well.
Cooperation with law enforcement investigating terrorism or criminal activity is critical, and may make up for other shortcomings in an AML program. However, the benefits of having your compliance house in order before such an unexpected event occurs can ultimately be the deciding factor in whether a company successfully climbs the hill in scorching heat.
Carol R. Van Cleef, Partner- Manatt, Phelps and Phillips
Carol Van Cleef is co-chair of the Global Payments practice group, and a member of the Financial Services and Banking practice. She represents financial services companies and other clients in federal and state regulatory, compliance, and enforcement matters, including anti-money laundering, electronic payments, federal deposit insurance, and other bank regulatory issues. She has counseled banking organizations, credit unions, securities firms, insurance companies, finance companies, money service businesses and hedge funds, among others.
Join us for a Complimentary Compliance Review at Inside Bitcoins San Diego
Carol has partnered with IdentityMind to provide Bitcoin start-ups with complimentary 15 minute compliance program reviews at this year’s Inside Bitcoins Conference in San Diego, Dec. 15-16th:
- Discuss one-on-one whether your business model requires an Anti-Money Laundering Compliance Program, and what it should look like
- Assess your written AML compliance program and get tips on possible improvements
- Get tips on how to prepare for a FinCEN/IRS or state money transmitter examination
*Complementary compliance reviews do not constitute legal advice and does not establish attorney client privilege