Current through Register Vol. 46, No. 39, September 25, 2024
(a) All values in United States dollars
referenced in this Section must be calculated using the methodology to
determine the value of Virtual Currency in Fiat Currency that was provided to
the Department under this Part.
(b)
Each Licensee shall conduct an initial risk assessment that will consider
legal, compliance, financial, and reputational risks associated with the
Licensee's activities, services, customers, counterparties, and geographic
location and shall establish, maintain, and enforce an anti-money laundering
program based thereon. The Licensee shall conduct additional assessments on an
annual basis, or more frequently as risks change, and shall modify its
anti-money laundering program as appropriate to reflect any such
changes.
(c) The anti-money
laundering program shall, at a minimum:
(1)
provide for a system of internal controls, policies, and procedures designed to
ensure ongoing compliance with all applicable anti-money laundering laws,
rules, and regulations;
(2) provide
for independent testing for compliance with, and the effectiveness of, the
anti-money laundering program to be conducted by qualified internal personnel
of the Licensee, who are not responsible for the design, installation,
maintenance, or operation of the anti-money laundering program, or the policies
and procedures that guide its operation, or a qualified external party, at
least annually, the findings of which shall be summarized in a written report
submitted to the superintendent;
(3) designate a qualified individual or
individuals in compliance responsible for coordinating and monitoring
day-to-day compliance with the anti-money laundering program; and
(4) provide ongoing training for appropriate
personnel to ensure they have a fulsome understanding of anti-money laundering
requirements and to enable them to identify transactions required to be
reported and maintain records required to be kept in accordance with this
Part.
(d) The anti-money
laundering program shall include a written anti-money laundering policy
reviewed and approved by the Licensee's board of directors or equivalent
governing body.
(e) Each Licensee,
as part of its anti-money laundering program, shall maintain records and make
reports in the manner set forth below.
(1)
Records of Virtual Currency transactions. Each Licensee shall maintain the
following information for all Virtual Currency transactions involving the
payment, receipt, exchange, conversion, purchase, sale, transfer, or
transmission of Virtual Currency:
i) the
identity and physical addresses of the party or parties to the transaction that
are customers or accountholders of the Licensee and, to the extent practicable,
any other parties to the transaction;
ii) the amount or value of the transaction,
including in what denomination purchased, sold, or transferred;
iii) the method of payment;
iv) the date or dates on which the
transaction was initiated and completed; and
v) a description of the
transaction.
(2) Reports
on transactions. When a Licensee is involved in a Virtual Currency to Virtual
Currency transaction or series of Virtual Currency to Virtual Currency
transactions that are not subject to currency transaction reporting
requirements under federal law, including transactions for the payment,
receipt, exchange, conversion, purchase, sale, transfer, or transmission of
Virtual Currency, in an aggregate amount exceeding the United States dollar
value of $10,000 in one day, by one Person, the Licensee shall notify the
Department, in a manner prescribed by the superintendent, within 24
hours.
(3) Monitoring for
suspicious activity. Each Licensee shall monitor for transactions that might
signify money laundering, tax evasion, or other illegal or criminal activity.
(i) Each Licensee shall file Suspicious
Activity Reports ("SARs") in accordance with applicable federal laws, rules,
and regulations.
(ii) Each Licensee
that is not subject to suspicious activity reporting requirements under federal
law shall file with the superintendent, in a form prescribed by the
superintendent, reports of transactions that indicate a possible violation of
law or regulation within 30 days from the detection of the facts that
constitute a need for filing. Continuing suspicious activity shall be reviewed
on an ongoing basis and a suspicious activity report shall be filed within 120
days of the last filing describing continuing activity.
(f) No Licensee shall structure
transactions, or assist in the structuring of transactions, to evade reporting
requirements under this Part.
(g)
No Licensee shall engage in, facilitate, or knowingly allow the transfer or
transmission of Virtual Currency when such action will obfuscate or conceal the
identity of an individual customer or counterparty. Nothing in this Section,
however, shall be construed to require a Licensee to make available to the
general public the fact or nature of the movement of Virtual Currency by
individual customers or counterparties.
(h) Each Licensee shall also maintain, as
part of its anti-money laundering program, a customer identification program.
(1) Identification and verification of
account holders. When opening an account for, or establishing a service
relationship with, a customer, each Licensee must, at a minimum, verify the
customer's identity, to the extent reasonable and practicable, maintain records
of the information used to verify such identity, including name, physical
address, and other identifying information, and check customers against the
Specially Designated Nationals ("SDNs") list maintained by the Office of
Foreign Asset Control ("OFAC"), a part of the U.S. Treasury Department.
Enhanced due diligence may be required based on additional factors, such as for
high risk customers, high-volume accounts, or accounts on which a suspicious
activity report has been filed.
(2)
Enhanced due diligence for accounts involving foreign entities. Licensees that
maintain accounts for non-U.S. Persons and non-U.S. Licensees must establish
enhanced due diligence policies, procedures, and controls to detect money
laundering, including assessing the risk presented by such accounts based on
the nature of the foreign business, the type and purpose of the activity, and
the anti-money laundering and supervisory regime of the foreign
jurisdiction.
(3) Prohibition on
accounts with foreign shell entities. Licensees are prohibited from maintaining
relationships of any type in connection with their Virtual Currency Business
Activity with entities that do not have a physical presence in any
country.
(4) Identification
required for large transactions. Each Licensee must require verification of the
identity of any accountholder initiating a transaction with a value greater
than $3,000.
(i) Each
Licensee shall demonstrate that it has risk-based policies, procedures, and
practices to ensure, to the maximum extent practicable, compliance with
applicable regulations issued by OFAC.
(j) Each Licensee shall have in place
appropriate policies and procedures to block or reject specific or
impermissible transactions that violate federal or state laws, rules, or
regulations.
(k) The individual or
individuals designated by the Licensee, pursuant to Paragraph 200.15(c)(3),
shall be responsible for day-to-day operations of the anti-money laundering
program and shall, at a minimum:
(1) Monitor
changes in anti-money laundering laws, including updated OFAC and SDN lists,
and update the program accordingly;
(2) Maintain all records required to be
maintained under this Section;
(3)
Review all filings required under this Section before submission;
(4) Escalate matters to the board of
directors, senior management, or appropriate governing body and seek outside
counsel, as appropriate;
(5)
Provide periodic reporting, at least annually, to the board of directors,
senior management, or appropriate governing body; and
(6) Ensure compliance with relevant training
requirements.