*We hope you were able to join us for the “Safety in Digital Asset Compliance” webinar (access the recording here); however, in the event you weren’t able to attend or wanted a way to reference the content we covered, you’ve come to the right place.*
Whether you’re working in traditional finance or blockchain, the fundamentals of a strong compliance program are the same. As you look to join (or continue to build in) the digital asset ecosystem, understanding the role of compliance in managing digital assets is key to protecting consumers and building safe, transparent products.
In this post, we will cover:
- How traditional compliance and regulation apply to blockchain
- Compliance-at-work in blockchain tech
- How to evaluate and leverage partnerships to enhance your compliance program
How traditional compliance and regulation apply to blockchain
The fundamentals of a strong compliance program are consistent across the financial services sector, including blockchain technology. When we talk about the fundamentals of any compliance program, we reference five key pillars. These include:
- Internal controls, including policies, procedures and transaction monitoring
- The designation of a BSA officer
- Independent testing
- Due diligence
At the foundation, compliance programs should also have a risk assessment, tailored to the business profile, which outlines key risks and informs the development of corresponding controls. It is also important to ensure that senior management, including the Board, is made aware of the health of the program and sets an appropriate culture of compliance.
The role of NYDFS and FinCEN
Since 2015, the New York State Department of Financial Services (NYDFS) has regulated entities operating as virtual currency businesses in New York State under the “BitLicense” regulation or the limited purpose trust company provisions of the New York Banking Law.
As a limited-purpose trust, Paxos is subject to traditional aspects of New York State banking law, including certain controls for BSA / AML programs and Part 504, which requires certain compliance controls for a BSA / AML program, including transaction monitoring. The BitLicense regime also requires licensees to:
- comply with all applicable laws,
- designate a qualified compliance officer; and
- maintain and enforce written compliance policies, including policies with respect to anti-fraud, anti-money laundering, cyber security, privacy and information security, which the Board must approve.
Additionally, Paxos is registered with FinCEN as a money services business (MSB). FinCEN requires registration for all MSBs, a term for anyone doing business with money or other store of value. Pursuant to FinCEN guidance, businesses involved in the transmission of crypto assets or other “convertible virtual currencies” are MSBs and therefore must register with FinCEN and implement an AML compliance program as described above.
For more information on how regulatory enforcement covers crypto under traditional laws, access the webinar recording to hear from Sarah Breslow, Senior Counsel.
Compliance-at-work in blockchain tech
There are various tools and features specific to the crypto industry that support AML / CFT efforts including (but not limited to) how the blockchain is public and immutable, blockchain analytics tools and freeze and seize capabilities.
Public and immutable blockchain
The blockchain itself is public and immutable, which means that there is a permanent record of all transactions that occur on the blockchain. This feature supports compliance related investigations into transactional patterns and customer activity. Additionally, while virtual currency is believed to be anonymous, it is really pseudonymous. Every transaction is tied to a unique wallet address and regulated institutions must maintain KYC / CIP obligations on their customers.
Blockchain analytics tools
Blockchain analytics tools help visualize the flow of funds and provide information regarding transactions on the blockchain. These tools can also support real-time screening to prevent transactions with sanctioned wallet addresses, just as with traditional finance payment screening systems.
Freeze & seize
There is also a freeze and seize capability which is unique to crypto. Freeze and seize is a term we use to describe a functionality that is built into smart contracts and allows tokens to be frozen, thereby preventing onward transactional activity.
One real world example of the power of freeze and seize capabilities is from November 2022, when Paxos, at the direction of US law enforcement, froze Paxos-issued assets associated with four wallet addresses on the Ethereum network, totalling roughly $19M. These tokens were previously on the FTX.com platform and had moved to unknown wallet addresses over the previous 24 hours.
For more information on compliance at work in blockchain technology, access the webinar recording to hear from Kate Eyerman, BSA/AML & Sanctions Officer
How to evaluate and leverage partnerships to enhance your compliance program
Based on your blockchain technology roadmap, you can leverage a partner to strengthen (or build) your digital asset compliance programs. And one of the best things about the digital asset ecosystem is that there are many qualified third party companies to help you evaluate partners and bolster your team’s approach to building a compliant product for your clients, including:
- Blockchain monitoring products
- Systems integration and operational support
Once you start to evaluate partners (both for compliance specifically as well as general infrastructure providers), you should ask questions in four key areas: licensing, regulation, compliance and reputation.
Questions to consider as you evaluate these areas include:
- Where are they licensed to operate?
- Are they in good standing with their regulators?
- Who is their primary regulator? Do they have any others?
- Do you trust the oversight of the regulatory authority under whom this partner operates?
- Are there designated BSA / AML / Sanctions officers?
- How is the compliance organization organized?
- Are they audited regularly by third parties?
- Have they ever misrepresented their products?
While this is not an extensive list of considerations or questions, it’s a great starting point as you begin to evaluate potential partners.
For more information on how to evaluate and leverage partnerships to enhance your compliance program, access the webinar recording to hear from Alex Guttler, Head of Global Partnerships
Digital asset compliance protects consumers and builds safer, transparent products
Protecting consumers and building safe, transparent products is key to the success of any company – and this is no different in the digital asset industry. As discussed, the fundamentals of a strong compliance program in the digital asset industry are the same as traditional finance with the added enhancements from new technology and tracking tools available with blockchain – from blockchain analytics tools, freeze and seize capabilities and a large market of third party partnerships.