How to nail your banking audition every time

 

What do you look for when assessing a crypto platform’s compliance credentials?

During the onboarding process, I’m looking to get a sense of how seriously the crypto platform takes compliance. How credible is their leadership team and compliance function? And how mature is their risk management approach? Our banks ask us the same questions and expect us to make sure our members are following the regulations.

It’s a combination of an audition and an audit with one difference. At Fiat Republic, rather than making yes/no onboarding decisions, we offer crypto platforms advice on how to improve their compliance and risk management. Here are some of my key considerations when onboarding a crypto platform.

How do you conduct risk assessments?

Firstly, I’d expect to see how a crypto platform identifies, assesses and understands its various financial crime risks. How does it determine the likelihood and impact of risks materialising from its customers, products and services. But also from its transactions, delivery channels or geographical areas of operation.

Crypto transactions may be more transparent than traditional financial transactions, depending on the blockchain network used. At the same time, no financial product is too simple or too sophisticated to be used for financial crime. Newer players may not understand the full extent of their risk exposure, so they might not have the appropriate risk mitigation and monitoring in place. We want to help educate them on this. 

Regulatory risk is also key, partly because it’s so diverse and fast-moving. In Europe, the Markets in Crypto-Assets (MiCA) regulation is on the horizon. More proactive European regulators are also creating their own regimes. I’m looking to assess whether the crypto platform understands the implications of operating in a regulated environment and dealing with regulators.

What policies, procedures and controls would you expect to be in place?

Next, I review a crypto platform’s internal policies, procedures and controls. These should be clearly documented and should explain how it plans to undertake its responsibility to prevent money laundering, terrorist financing, fraud and financial crime generally. 

Typically, I’d expect to see something around the firm’s risk appetite and how it evaluates various risks according to a risk-based approach. For example, how it undertakes customer due diligence, verifies customer identity, and understands the intended nature and purpose of customer relationships. But also how it establishes source of funds and wealth, scrutinises transactions and conducts ongoing monitoring.

Having nicely documented policies is just the start. I’m looking to see that the policies are live within the business, regularly reviewed, audited and updated. I’m assessing whether the crypto platform can demonstrate that it has a good understanding of what its processes are. Does it have the systems and controls in place that it says? Are these being applied consistently and effectively?

Crypto platforms may buy compliance tools or engage third-party vendors, for example to do ID verification or sanctions screening, and think it’s “job done”. Sadly, it’s not that simple. You can outsource completion of a task to a tool or a vendor, yet the responsibility remains with you. Crypto platforms must understand how their tools are configured and why. And whether they adequately address the risks their business is facing.   

Why is it crucial that a crypto platform has a Money laundering reporting officer (MLRO) or equivalent?

Having an MLRO is a requirement for Fiat Republic’s crypto platform members. This person may have a different job title, depending on the jurisdiction, but there must be a person responsible for compliance. I need to know who the nominated person is, where they’re based, and how I can contact them when needed.

In Europe, the Fifth Anti-Money Laundering Directive made cryptocurrency exchanges ‘obliged entities’ bound by the same AML/CFT requirements as financial institutions. So, the MLRO should be appropriately qualified, experienced and senior, with a clear reporting line into senior management and/or the board.

In the past I recall onboarding a payments company hiring their first MLRO and offering a salary of around a quarter of the market rate. This didn’t give a good impression of how they valued the MLRO role, or how seriously they took compliance. The MLRO is the focal point internally for all AML/CFT activities, as well as the external contact with bank compliance departments and regulators. Having a credible person in the role is a must.

How Fiat Republic can help

Fiat Republic is a regulated entity, as are our banking partners, so our proposition depends on a robust compliance-first approach. Our compliance experts all come from the regulated sectors themselves, so they have designed regulatory compliance into our systems and processes from the get-go. 

We’ve innovated on the technical side, too. Through our API and monitoring we utilise data  to help manage risk internally. It also gives our banking partners more comfort around particular transactions to reduce the number of manual requests for information. 

We also combine data from the fiat and crypto worlds. This gives us a wider view than either banks or crypto platforms, who typically only see their part of the transaction. And helps us spot trends and anomalies across the whole transaction lifecycle. 

We’re also working hard to address systemic problems through our crypto consortium. This brings crypto platforms and banks together to promote best practice, keep out bad actors and cooperate with regulators to advance crypto access and adoption. Consortium membership includes our advice and expertise to help manage risk. And advocacy with industry group and regulators.

Find more information here.