According to the interdepartmental coordinating group on combating money laundering and the financing of terrorism (CGMT), virtual assets are an electronic representation of a value that can be traded on the Internet and used as a means of payment for real goods.
According to the interdepartmental coordinating group on combating money laundering and the financing of terrorism (CGMT), virtual assets are an electronic representation of a value that can be traded on the Internet and used as a means of payment for real goods. Thus, a virtual asset is a digital code and usually does not correspond to any physical counterpart, with the exception of asset backed tokens.
The Swiss Anti Money Laundering Act (AMLA) is designed to be technology neutral. It therefore also covers relevant activities in connection with virtual assets. Although virtual assets are not accepted and understood as ‘money’, it is possible to use them as a means of payment (so-called payment tokens and hybrid tokens with payment function). Furthermore, it is also possible to trade virtual assets on appropriate exchange/trading platforms, to make exchange transactions, to make transfers with appropriate tokens or to store tokens for third parties. This means that virtual assets can qualify as assets within the meaning of the AMLA and can be misused as funds for money laundering or terrorist financing. The activities of most players in the crypto sector qualify as financial intermediation and are therefore, in FINMA's view, covered by the scope of the AMLA.
This contribution outlines the main obligations under the AMLA, taking into account the specific practice in the field of digital business models (FinTech and virtual assets), although these are not exhaustively described.
Virtual assets, like other assets, offer possibilities to hide the origin of acquired assets. In order to counter money laundering, auditing obligations must be implemented. The risks of money laundering or terrorist financing arise primarily from the possibility of anonymous transfer of assets that offer certain tokens (so-called ‘private coins’, e.g. Monero). The risks here are basically the same as for cash. However, what makes the risk of concealing the origin of assets more likely is the underlying technology, which is both a curse and a blessing: transactions can be carried out within seconds and private keys that provide access to the assets on so-called wallets can be passed on via the Internet at any time. This combination of speed, mobility and simplicity of crypto transactions, which allow assets to be moved quickly from one place in the world to another, increases risk.
Players in the crypto sector, subject to the AMLA, must join a self-regulatory organisation “SRO” (or a supervisory organisation (“AO”). The technology neutral interpretation of the AMLA and the consequential subordination of players in the crypto field to AMLA supervision leads to a minimisation of money laundering risks. As financial intermediaries, players in the crypto field must identify the respective contracting party and create an AML file per contracting party in order to ensure the so-called ‘paper trail’. The financial intermediary must also clarify the origin of the assets involved and the purpose of the business relationship. Furthermore, he must also determine criteria for his company in order to be able to categorise customers and their transactions and to assign customers to a risk category while onboarding.
By storing transaction data on blockchain, transaction analysis is easier for players in the crypto field than for book money: forensic analysis tools allow the detection of assets from uncertain sources or the use of mixers and tumblers, which are used to disguise the origin, by evaluating previous transactions. This means that the structuring of the onboarding process and the setting up of the relevant controls as well as the implementation of appropriate third-party software is essential.
Depending on the type of transaction and the amount involved, facilitations are provided. For example, just like conventional exchange offices, online exchange offices involved in trading virtual assets only, must apply their due diligence obligations for money exchange transactions to their customers if the value is significant (within the meaning of art. 3 para. 2 in conjunction with art. 4 para. 2 let. c AMLA). However, if a financial intermediary wishes to benefit from facilitations in the form of threshold values, it must set up a corresponding transaction monitoring system in order to be able to monitor its risks.
For the duration of the business relationship, the financial intermediary must monitor his clients and their transactions in accordance with the assigned risk category.
If the financial intermediary establishes or has well-founded suspicions to suspect that the assets involved derive from a crime or qualified tax offences or are used for the financing of terrorism, he may not accept them. Under certain circumstances, the financial intermediary must report such suspicions to the Money Laundering Reporting Office Switzerland (MROS) and subsequently cooperate with the authorities. In concrete cases of suspicion, this may mean that assets must be frozen.
This assessment takes place not only at the beginning of a business relationship but must be monitored on an ongoing basis. Suspicious transactions require an individual examination and must be documented together with the results of the examination.
In order to promote innovation, FINMA introduced the possibility of digital identification of clients in its Circular 2016/7. Accordingly, ID documents for online identification may be transmitted via a photograph (e.g. photos of both sides of the ID), provided that the photograph is of impeccable quality, contains all relevant pages and corresponds to the photograph of the contracting party. It is also possible to transmit a copy of the ID card with a qualified electronic signature or a digital confirmation of authenticity. The latter refers to an electronic transmission of the identification document from the issuer of the confirmation of authenticity, which must have a digital time stamp and an employee visa.
However, online identification in accordance with FINMA guidelines require additional verification measures in addition to the upload of ID cards, which are often difficult to implement in practice: on the one hand, the client's address must be verified via a utility bill, database check or postal delivery. On the other hand, a financial intermediary wanting to carry out online identification in conformity with the regulatory requirements must also receive a transfer of a small amount from a bank from its client. Both requirements are disadvantageous for players in the crypto field, as they interrupt the digital onboarding experience.
Under certain conditions, identification of the contracting party by personal visit to the financial intermediary is considered equivalent with identification via digital channels. The following conditions must therefore be met for video identification: the audio visual communication must take place in real time; the image and sound quality must be suitable for proper identification; the staff employed must be trained and have a conversation guide; and the conversation must be recorded. During the identity check, it is important to detect conspicuous behaviour or indications of falsified information or documents. This process is also a viable option for legal entities as contracting parties, provided that the person acting in the video transmission has appropriate authorisation.
Video identification has established itself as the means of choice for crypto players in the digital identification of customers. The reason for this is the easy implementation in the digital onboarding process, without any noticeable break in the process for the customer.
The financial intermediary must inquire whether the person to be identified is also the respective beneficial owner of the virtual assets by means of a declaration (Form A). This declaration may be submitted with a qualified electronic signature, by means of a transaction authentication number “TAN” or a similar method or as an electronic copy. However, the latter requires the financial intermediary to compare the signature on the declaration with the signature on the identification document.
If an operating (non-listed) legal entity (private company) is the beneficial owner of the virtual assets, the person controlling the legal entity must be stated in the declaration, whether the person directly or indirectly owns the virtual assets, alone or together with third parties and hold at least 25% of the shares of the legal entity (Form K). If there is no person who actually controls the company, the person who exercises de facto control over the company must be specified.
In the sense of best practice, FinTech players in the crypto field have established a verification of the actual power of disposal by technical measures in addition to the declaration of beneficial ownership. In this context, customers wanting to send virtual assets from external wallets to the financial intermediary are requested to demonstrate their access and control over the declared wallet. This can be done, for example, by sending a small amount of a virtual currency (so-called ‘micro transaction’) or by using a special encryption procedure with a digital signature (so-called ‘digital signature verification’). The external wallet verified in this way is subsequently kept by most FinTech players in a list of approved wallets (so-called ‘whitelisting’) so that it can be used for future transactions.
The financial intermediary may delegate to a third party the identification of the contracting parties and the determination of the beneficial owner. This third party must be suitable for this purpose and must provide the financial intermediary with all the documents relating to his files.
The players in the crypto field can use digital channels for identifying the contracting party and establishing the beneficial owner, which certainly simplifies the onboarding process. Nevertheless, the provisions of the AMLA must be complied with, regardless of the technology used, which is a particular challenge in the case of anonymous, fast and simple transactions with the whole world.
Are you planning a business activity in which you come into contact with assets of third parties? MME's AML Compliance team created a checklist to give you a better understanding of your company's obligations.
