Many have reached out in response to my YouTube video in which I offer a sample AML policy. You can find said document below. While the document is Bank Secrecy Act compliant and applicable to literally all financial institutions that have an obligation under the BSA, not that some amendment and tailoring of the document would be required based on specific business activities.
Note further that an AML policy is only one of many compliance-related policies and procedures either required or strongly encouraged under the BSA, including:
- Anti-Money Laundering (“AML”) policy: a BSA-compliant AML policy and procedure is an absolute requirement.
- AML Risk Assessment Policy: Creates framework for handling low to high risk AML cases based on customer industry and business activity.
- Know-Your-Customer (“KYC”) policy: a BSA-compliant KYC policy details the procedure to identify customers.
- Compliance Manager Designation: a document identifying the organizations mandatory Compliance Officer(s) and the roles and responsibilities of that title. This is relevant insomuch that the Compliance Officer serves as the clearinghouse for all BSA-related inquiries from employees.
- Business Continuity Policy: Describes procedures for maintaining BSA compliance in the event of “black swan” event.
- Audit Policy: every Money Service Business is subject to an independent audit at least once every 18 months. The audit policy details the procedures for the audit.
- Document Retention Policy: every Money Service Business must retain certain records for a period of 5 years.
- Compliance Manual: Comprehensive document defining the scope of the company’s compliance regime together with transaction-specific policies and procedures.
- CRS Policy: Describes procedure (where applicable) for compliance with CRS data sharing and compliance.
- Currency Transaction Report Policy: a document outlining the parameters for when and how a Currency Transaction Report must be generated and filed.
- Cyber Security Policy: Provides outline of technical infrastructure, privacy failsafes and procedures in the event of a breach.
- Digital Asset Risk Assessment: Policy which defines the risks associated with the handling and transactions of various cryptocurrencies and how assessments of risk are made on a go forward basis.
- Electronic Transfers Policy: Delineates the means and payment rails employed by the company for handling electronic transfers and the management of compliance chokepoints with respect to each such transfer.
- FATCA Compliance Policy: Offers overview of FATCA and delineates formal procedures for compliance within an organization.
- FCPA Policy: Outlines the requirements of the US Foreign Corrupt Practices Act and provides for procedure with ongoing compliance.
- Suspicious Activity Report Policy: a document outlining the parameters for when and how a Suspicious Activity Report must be generated and filed.
- Employee Guidance Policy: this document outlines the high-level procedures for BSA compliance for employees and the legal implication of a failure to adhere to such standards.
- Employee Manual: this document outlines the full scope of BSA compliance and details the rights and responsibilities of each employee.
- OFAC Compliance Policy: much like any business in the U.S. Office of Foreign Asset Control promulgates controls and restrictions on certain foreign entities and individuals.
- Outsourcing Policy: Provides parameters, compliance requirements and general standards for engaging both regulated and unregulated third parties for outsourcing MSB-related functions.
- CRS Policy: this document outlines the company’s policies regarding CRS responsibilities.
- Customer Acceptance Policy: this document details the company’s onboarding process.
- PEP Policy: document outlining the company’s responsibilities regarding Politically Exposed Persons.
- Prohibited Business Policy: document outlining acceptable industries and businesses for onboarding.
- Prohibited Countries Policy: document outlining the nations from which the MSB cannot onboard customers
- Foreign Corrupt Practices Act Policy: documents governs acceptable financial transactions with non-US individuals and entities.
Note further that an entity subject to BSA regulation will further require a robust set of disclosures related to:
- Web & Mobile Applications
- Client Onboarding & Agreements
- Corporate Documentation
That said, here is the AML policy:
Bank Secrecy Act compliance goes well beyond the machinations of registering with FinCEN. The underlying regulations are robust and at times confusing. Penalties for non-compliance can be significany.
Adam Tracy works with financial institutions on licenses and implementing AML/KYC programs. Be sure to reach out with any questions or comments.
Book a free consultation here.
About Adam Tracy
Adam Tracy is a payments expert and entrepreneur who specializes in payment systems, blockchain technology, digital currencies, and other emerging technologies. He is the founder of Blockrunner, LLC that provides consulting services to clients in the blockchain, payments and cryptocurrency arenas.
Tracy has been involved in the payments industry as an attorney, consultant and entrepreneur since 2005, while he was become an expert in blockchain and cryptocurrency since its advent in 2013. Tracy has worked with a wide range of clients, including startups, established businesses, and investor – both in the United States and worldwide. He has advised clients on a wide range of compliance, legal and operational issues related to payment transfer systems, crypto token generation and architecture, cryptocurrency exchanges, regulatory licensing, smart contracts, and other blockchain applications.
In addition to his consulting work, Tracy has founded several companies in the payments, blockchain and cryptocurrency space, including a digital asset hedge fund, licensed electronic money institution and a blockchain-based tokenization platform. He is also a proponent of decentralized finance (DeFi) and has been involved in various DeFi projects.
Tracy is also a frequent speaker and writer on blockchain and cryptocurrency topics. He has been featured in a wide range of publications, including Forbes, Hollywood Reporters, CNBC, Reuters, CoinDesk, and Bitcoin.com.
Find Adam: https://linktr.ee/adamtracy
Blockrunner, LLC., is a financial services match-making marketplace and consulting company. We are not a bank, FI/NBFI, Payment Service Provider, deposit taking institution, trust, or money services business of any kind. We are not regulated by any financial regulator. Banking, Payment, Processing, and Licensing services are provided by our participating members. This website is for informational purposes only and does not constitute legal advice. If you need legal advice, please consult a licensed attorney in your jurisdiction.