How should digital asset businesses approach AML/ATF in Bermuda?
Digital asset businesses are innovative, revolutionary and exciting. Each with their own unique offering, they present an opportunity to authenticate, validate, store, transfer, securitise and trade digital assets, such as cryptocurrency at lightning speed over geographical boundaries. Whilst a DAB's offering is inherently progressive, it also presents a huge challenge for regulators, law enforcement, risk managers and compliance professionals, who all share a common goal of protecting the investors, customer and the relevant jurisdiction.
Walkers has assisted a number of Bermudian-based DABs with their applications to the Bermuda Monetary Authority for a licence under Bermuda's pioneering DAB licensing framework, the Digital Assets Business Act, 2018 and its associated rules and regulations.
Here are three key learning that our clients successfully implemented as part of the anti-money laundering and antiterrorist financing (AML/ATF) aspect of the DAB license applications.
1, Go the extra mile when completing the business risk assessment
The business risk assessment is a tool that helps DABs identity, assess and measure their AML/ATF risk. This involves the DAB self-assessing against a range of risk factors such as customer type, products, delivery channel (how the customer interacts with the business) and geography including risk factors applicable specifically to DABs in accordance with the DAB specific AML/ATF guidelines issued by the BMA. The main aspects of the business risk assessment can be broken down into four questions:
a. What are my inherent AML/ATF risks?
b. How do I mitigate/reduce/transfer/avoid them?
c. Is there any residual risk?
d. How do I continue to monitor AML/ATF risk?
Putting the hours in at this early stage will increase the DAB's chances of long-term success as it will properly understand and appreciate why controls have been implemented. During the application process this has proved crucial for clients, who were consistently able to explain their risk management rationale to the BMA, whilst ensuring any control adjustments were appropriately mapped to the corresponding risks.
2, Explore ways to manage the risks associated with non-face-to-face customer onboarding
The Regulations explain that customers who were not physically present for identification purposes present a higher risk of money laundering and terrorist financing. Therefore, DABs should explore how they can utilise technology and further due diligence controls to reduce this risk, as a failure to do so may result in all customers being risk rated as 'high'.
Whilst this may not present an immediate issue, it promotes a long-term culture of rules-based, rather than risk-based compliance, which may lead to the mismanagement of resources and hinder the DABs ability to be flexible in this fast paced sector. By exploring and implementing guidance gleaned from recent Financial Action Task Force papers, Walkers has been able to assist clients to implement technological solutions and additional controls, which reduced their inherent risk, enabled them to avoid the automatic categorisation of non-face-to-face clients as high risk and improved the efficiency of their customer onboarding process.
3, Test your Customer Due Diligence procedures in an operational environment before implementing
Policies and procedures are a great guide, but when presented in silo, they are only words on paper. Before your AML/ATF policies and procedures are submitted to the BMA, a DAB should always ask:
a. Are we able to fulfil all the obligations within the policies and procedures?
b. And if so, will these obligations present a future commercial or operational challenge?
Walkers recommends that clients repeatedly test and refine their CDD procedures before submission to the BMA for operational effectiveness. This self-improvement process has proved vital to our clients who have been able to identify where original CDD requirements are unworkable for many potential customers, which would have resulted in a weakened commercial position and potential revenue loss.
This outcomes focused approach illustrates the importance of thinking beyond purely regulatory compliance, as the Regulations are a set of the rules and principles, and the responsibility and accountability for their practical implementation rests solely with the DAB.
• Natalie Neto is a partner in the Corporate, Finance, Funds & Insurance practice group at Walkers in Bermuda. She advises on a range of Bermuda-based and international corporate and regulatory matters with significant transactional experience advising on M&A transactions for public and private companies. She also advises on private equity investments, debt and equity capital markets transactions, banking, finance and fintech matters.
• Michael Wynne is the senior vice-president of Regulatory Compliance Services and leads the Walkers Regulatory Compliance service line in Bermuda. He particularly focuses on the areas of financial crime compliance, regulatory compliance and risk management. He is responsible for the delivery of regulatory and operational compliance engagements, ranging from compliance framework construction, assessment and remediation to training and internal controls testing.