I'll refer you to FinCEN's Guidance "Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies" (FIN-2019-G001) pgs. 17-18. CVC kiosk owner-operators are money transmitters; however, places like convenience stores are typically acting as agents of them.
You'll need to start by determining the business model. Does the c-store intend to settle their activity through your Bank; or, will that occur elsewhere? The latter is the lower risk scenario (for your Institution).
In a way, the nature of CVC kiosk risks are comparable to banking "traditional" money transmittal (e.g. Western Union) agents. There will be both federal and state registrations you'll need to confirm, contracts you'll need to obtain, and of course you'll need to confirm that the principal (kiosk owner).
However, there are some key differences. For starters, I've observed plenty of Institutions with transmittal agent customers for whom they have not performed "full" EDD when they settle the activity elsewhere and had no issues with examiners. In other words, when the agents don't bank their risky activity with you, it's an acceptable practice - at least from what I've seen - to "flag" their agent status but not perform any additional EDD (e.g. obtaining contracts, principal BSA/AML Program, etc.). With CVC transmittal agents, I would not advise that approach, as it's such a "hot" risk area.
Furthermore, in my opinion, the risk assessing and monitoring expectations for CVC agents are higher. To put it simply, you need to do more to assess the principal and monitor the activity. Here are some items you'll need to consider:
- Coin Offerings: While Bitcoin gets all the news, it's arguably the least risky VC from a BSA/AML perspective, because it's pseudonymous. With BSA/AML regulations now clearly in place and the public ledger system, boutique monitoring systems used by VC exchanges can "map" Bitcoin addresses to entities and people. The riskier coins, likely getting more popular on the Darknet these days, are private or anonymizing coins like Monero.
In short, your decision to bank/not bank should account for the risk of the VC's based on the level of anonymity they provide.
- BSA/AML Program: You should not just do the typical collection of a boilerplate BSA/AML Policy. See if you can obtain the resumes of compliance leaders and actually *talk* to their BSA Officer.
- Principal's Monitoring: See if the principal is willing to give you a walkthrough of their AML System (assuming they have one). Focus on what scenarios they have in place to "map" bad actors to addresses and detect patterns indicative of mixing/tumbling.
- 314(b): Register for 314(b) and confirm that the principal is as well. Periodically, submit a general inquiry about the agent (your customer).
- Your Transaction Monitoring: You'll need to build this around how the agent settles the activity with the principal. If the activity runs through your Institution, you should set up one or more segregated accounts for it. Potentially, you may need one account for outgoing transmittals and another for incoming transmittals redeemed as cash. Either way, you should ensure you understand exactly how this works and assess the potential to either introduce illicit cash or take out illicit funds from the VC world as cash. Although many transactions will be folks using cash to buy/send Bitcoin, there also may be a potential for the store to try and introduce dirty cash themselves by funding the CVC kiosk with their own illegal cash source, which folks will then unwittingly withdraw and help them "clean", similar to private ATMs.
In addition, you should request that the c-store or kiosk owner (ideally) provide you with activity reports, so you can identify red flags like a high volume of kiosk customers sending funds to the same address. See FIN-2019-A003 for more red flags.
That should at least get you started, but I'm sure you'll run into more questions/concerns as you go along!
Last edited by Pat Patriot Act; 01/03/20 08:51 PM. Reason: Updated wording
_________________________
CFE, CAMS