Assisting a Digital Asset Company Create Localized AML/KYC Compliance Programme Documents
The client is a leading blockchain technology service provider for services such as a wallet app (for retail customers) and custody and asset management services (for institutional clients). As one of the largest crypto asset custodians in Asia, its services are trusted by over 300 institutions and high-net wealth individuals to grow and preserve a total portfolio of over US$1B AuM.
In January 2020, the Monetary Authority of Singapore (MAS) issued the Payment Service Act (PSA) – a comprehensive regulatory framework for digital asset service providers. Besides adhering to this framework, affected organisations must now apply for a PSA license in order to commence (or continue) their operations in Singapore.
With plans to expand their digital asset footprint into Singapore, the client engaged Pragma's services into assist it in applying for a PSA license and, in the context of that application, to assist in the interpretation and implementation of relevant AML/CFT requirements.
To ensure that it's anti-money laundering/know your customer (AML/KYC) capabilities would satisfy MAS requirements, Pragma's Compliance, Conduct, and Regulatory Risk team was engaged to review and document the client's existing AML/KYC compliance programme.
Since the client's global AML/KYC compliance programme was insufficiently chronicled, Pragma's assisted in creating a comprehensive procedures document for the areas listed below.
- Customer onboarding – e.g., document collection and verification, customer risk assessments
- Ongoing customer monitoring – e.g., periodic reviews, transaction monitoring, responding to red flags
- Information reporting – e.g., suspicious transaction reporting, regulatory authority requests
- Recordkeeping – e.g., documentation storage and retention
- Third parties/third party vendors
- Internal policies, audits, and training
Though the procedures document focused on MAS requirements, it could be easily customized for other jurisdictions where the client operates. Where controls could be improved (and, thus, further reducing operational risk), such recommendations were provided to the client.