Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Compliance for blockchain-based cryptocurrencies and assets

423 Aufrufe

Veröffentlicht am

This deck was presented by SAP at the EY Global Blockchain Summit on April 18, 2018 as part of the Technology Track.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Compliance for blockchain-based cryptocurrencies and assets

  1. 1. EY Global Blockchain Summit Compliance for blockchain-based cryptocurrencies and assets New York, NY
  2. 2. Page 2 EY Global Blockchain Summit 01 Introduction 02 Regulatory implications 03 Compliance focus 04 How to comply 05 Q&A 06 Appendix
  3. 3. Page 3 EY Global Blockchain Summit 01 Introduction
  4. 4. Page 4 EY Global Blockchain Summit Introduction Blockchain and cryptocurrencies are poised to become a major disruptor in the financial services industry, with a variety of innovative applications, processes, products and business models. However, the emergence of this technology has led to increased regulatory scrutiny, and the need for more regulatory oversight and guidance. Many in the industry are choosing to embrace the new wave of regulations and ingrain it into their cultural DNA to facilitate a "culture of compliance." We will discuss how blockchain and cryptocurrency companies can continue to innovate and grow without running afoul of the quickly evolving regulatory environment. Compliance Regulatory scrutiny Efficiency Innovation and emerging opportunities of blockchain and cryptocurrency Risk PotentialDevelopment Policymakers and regulators want to demonstrate that any potential risks to the safety and soundness of financial institutions, the stability of the broader financial industry posed by evolving technologies are appropriately addressed. Blockchain startups: 400+ Banks looking into blockchain: All of them Blockchain and cryptocurrency have the potential to revolutionize transactions across industries. Risks and challenges include infrastructure concerns, capacity constraints, computing resources required to change records, performance risk, questions around privacy and information disclosure, and regulatory hurdles. Blockchain provides the ability to streamline the transfer of any value (data, assets, currency and information) in a secure, real-time and cost-efficient way, and to administer transactions globally without centralized oversight.
  5. 5. Page 5 EY Global Blockchain Summit 02 Regulatory implications
  6. 6. Page 6 EY Global Blockchain Summit Regulatory implications As blockchain and cryptocurrency companies continue to emerge, regulatory scrutiny has increased. Although it requires significant effort, many companies are choosing to embrace regulation and ingrain it into their cultural DNA. Dependent on products and services offered, as well as relationships maintained, an organization may be directly or indirectly subject to regulatory requirements and expectations. Joint ventures/alliances ► Vendor management ► Third-party risk Federal law and regulation ► Financial Crimes Enforcement Network ► USA Patriot Act, Bank Secrecy Act ► Office of Foreign Assets Control ► Consumer Financial Protection Bureau State law and regulation (state-specific) Products/services Relationships Business partners Consumer partners Drivers Reputational risk ► Avoidance of consumer harm ► “Doing the right thing” Licensure ► Money service business (federal) ► Money transmission license (state) ► Cryptocurrency ► Securities and Exchange Commission ► Lending licensing Direct compliance Indirect compliance Hot regulatory topics ► Sec registration for cryptocurrency exchanges (as of March 7, 2018) ► Cash on hand to cover value of cryptocurrencies ► Initial coin offering (ICO)
  7. 7. Page 7 EY Global Blockchain Summit 03 Compliance focus
  8. 8. Page 8 EY Global Blockchain Summit Compliance management system End-to-end framework An effective compliance program contains four key elements: (1) foundational compliance pillars to govern the organization, (2) robust framework to operationalize the compliance function, (3) strong financial crimes program to mitigate money laundering and terrorism financing risk, and (4) inventory of applicable regulations and major compliance requirements (MCR) to enable adequate development of processes and controls. Collectively, these four key elements can assist institutions in demonstrating compliance with regulatory requirements and principles. ► People ► Performance measurement and reporting ► Process ► Management information systems ► Policy ► Technology ► Organization Dimensions Financial crimes – BSA/AML/sanctions program pillars and key controls Compliance program (operational) organizational structure, approach and lifecycle Additional Laws, Regulations, and Guidance potentially applicable to cryptocurrency firms, based on products/services offered SR 08-8 (Compliance program foundational elements) Federal Reserve Board supervision and regulation letter – compliance risk management programs and oversight ► Organization ► Risk identification and assessment ► Policies and procedures ► Training ► Monitoring ► Testing ► Surveillance ► Management information and reporting ► Issue tracking and escalation ► Business unit ownership ► Roles and responsibilities Designation of an AML compliance officer Money laundering risk assessment Internal policies, procedures, and controls Preventative controls Detection controls Employee training program Management reporting Recordkeeping, document management retention Independent testing/internal audit of AML compliance program Economic sanctions and controls ► Anti-Money Laundering, Office of Foreign Assets Control (OFAC) ► Money Transmitter – state vs. federal lax requirements ► Electronic Funds Transfer Act (Reg E), E-Sign Act ► Third-party relationship and vendor management ► Privacy, information security, record retention Governance and oversight Inventory Risk assessment Communication/reporting Identifying regulations/ assessing risks Issue tracking/ escalation Reporting Compliance Monitoring Policy Framework Monitoring surveillance Testing Policies Training Organization, stature and independence ► Lending regulation ► Unfair Deceptive, or Abusive Acts or Practices (UDAAP) ► Fair and Responsible Lending ► Fair Credit Reporting Act (FCRA) ► Truth in Lending Act (TILA) ► Equal Credit Opportunity Act (ECOA) ► Debt collection ► Complaints Advisory activities Business units Operations Technology Regulators
  9. 9. Page 9 EY Global Blockchain Summit Regulatory universe Illustrative While blockchain and cryptocurrency organizations are experiencing rapid expansion to a variety of jurisdictions, it is also important to understand and consider all the possible in-scope regulations that they must adhere to. Specifically, blockchain and cryptocurrency firms are required to federally register through the Financial Crimes Enforcement Network (FinCEN) as a money service business (MSB). All MSBs are required to be have a standing compliance program that addresses at a minimum: ► A system of internal policies, procedures and controls ► A designated compliance function with a compliance officer ► An ongoing employee training program ► An independent audit function to test the overall effectiveness of the AML program Additional regulations and laws may apply dependent on the products and services offered. Fraud and corruption (DOJ) ► Insider transactions ► Foreign Corrupt Practices Act (FCPA) ► Financial statement fraud ► Occupational fraud (intellectual property, trade secrets) ► Corruption ► Revenue and expense recognition Government contracts (DOD, OMB) ► US government contracts ► Other jurisdictions (state and country) Information management ► Data and record classification ► Information access ► Information availability and recovery ► Information management monitoring ► Information disposition ► Litigation discovery rules ► Data protection and privacy Intellectual property (DOC) ► Copyright ► Trademark ► Trade secret ► Patent International dealings/trade (FTC, DOC) ► Boycott ► Import ► Export Workplace health/safety (OSHA) ► Employees ► Contractors Product quality/liability ► Quality management system Legal/regulatory requirements Business requirements Competitive practices (FTC, DOJ) ► Antitrust ► Customer, competitor, supplier relations Corporate governance (SEC) ► Board structure and processes ► Audit committee structure and processes ► Ethics Employment (EEOC, DOL) ► Executive compensation ► Compensation ► Benefits ► Hiring ► Employee info privacy ► Reductions in force ► Whistleblower protection ► Harassment prevention ► Accommodation (discrimination prevention) ► Workplace violence ► Global migration (immigration) ► Contingent workforce ► Labor ► Leave ► Employment torts Environmental (EPA) ► Management systems ► Reporting ► Hazardous material management ► Laboratory practices ► Permit management Financial (SEC) ► Tax ► Treasury Many industries are regulated by one or more agencies that mandate specific compliance requirements. In some industries, these requirements can be more complex than general legal and regulatory risks. Aside from mandatory requirements, organizations make choices regarding their brand, their values and the commitments they make to customers, business partners, employees and other stakeholders. Although voluntary, consequences for non-compliance could be more serious than non-compliance with mandatory requirements. Industry specific * Illustrative US example (US regulatory agency listing) Internally focused requirements ► Mission ► Values ► Code of conduct ► Policies and procedures ► Quality management Certifications (ISO, Six Sigma) ► Crisis preparedness Externally focused requirements ► Corporate social responsibility ► Sustainability ► Public commitments ► Contractual obligations ► Vendor management ► Exchange listings Voluntary standards ► US federal sentencing guidelines ► Industry codes ► Trade associations Emerging issues ► Anti-money laundering (AML), office of foreign assets control (OFAC) ► Money transmitter – state vs federal lax requirements ► Electronic Funds Transfer Act (Reg E) and E-sign Act ► Third-party relationships and vendor management ► Privacy, information security, record retention ► Lending regulations (as applicable) ► Fair and responsible lending (F&RL) – disparate treatment, suitability, predatory lending. unfair, deceptive, or abusive acts or practices (UDAAP) ► Fair Credit Reporting Act (FCRA) ► Truth in Lending Act (TILA) ► Equal Credit Opportunity Act (ECOA) ► Debt collection
  10. 10. Page 10 EY Global Blockchain Summit 04 How to comply
  11. 11. Page 11 EY Global Blockchain Summit Transaction monitoring at industry leaders Typical AML typologies Although crypto exchanges, FinTechs and MSBs experience unique activity, a strong transaction monitoring is a universal process for all business types to promote compliance and prevent risky activity. Payments through cryptocurrency Transaction Monitoring MSBs FinTechs Crypto exchanges ► Insider trading ► Cross-border activity/high-risk jurisdiction ► Price ramping/hammering ► Counterparty concentration ► Network analysis Crypto exchanges ► High GPV ► Velocity of payments ► High sending or receiving volume between the same sender/recipient ► Load Velocity ► High daily/weekly spenders or collusion through IP addresses for app payments FinTechs ► High-risk activity ► High-risk geography ► Single/multiple cash transactions ► Structuring ► Identity masking ► Hidden relationships ► P2P payments with no mutual contacts ► Large exchanges with a new contact MSBs
  12. 12. Page 12 EY Global Blockchain Summit AML red flags Organizations need to create AML compliance systems that assist trained employees to flag suspicious transactions efficiently and completely. Internal controls and documented procedures should have the ability to distinguish signs that a transaction is potentially risky or illegal. Below are examples of some common red flags and examples of controls used to mitigate. Red flags Funds transfer activities ► High-risk jurisdictions ► Funneling ► Structuring ► Patterns of fund transfers Inconsistent activities ► Transaction patterns show a sudden change inconsistent with normal activities. ► Unusual transfers of funds Relationships ► Hidden relationships ► Concentration of same sender/receiver ► Insider trading ► P2P payments with recent contacts or contact with no mutual connections Other suspicious activities ► Unexplained high level of account activity with very low levels of transactions Track % of transactions with new wallets Monitor Track and monitor the history of high-risk wallets History Propagate risks through a graph-based network Graph-based network Monitor historic overseas exchanges – risk factors or scenarios Location Controls
  13. 13. Page 13 EY Global Blockchain Summit Blockchain integration does not come without its challenges. Various aspects of implementing a blockchain can be difficult. Below are hurdles that blockchain and cryptocurrency exchange firms face before operationalizing the business and on an ongoing basis: Security Scalability Business case Regulation Blockchain challenges Can the applications be made that match the inherent security of the blockchain? ► Evolving applications remain immature and untested ► While encryption keeps all details from everyone, it is probably possible to deduce more information about operations than parties can today Regulation is written for managing incumbent operators – will it hold back the new architecture? ► A considerable number of aspects of law will need to be reinterpreted or changed through primary legislation ► GDPR will impact the way data can be used What is the use-case that is powerful enough to overcome the legacy hurdle? ► Challenges of legacy infrastructure ► Challenges of technical understanding Public ledgers are already “saturated” with new use cases dependent on exponentially higher volumes ► Slow transactions because of the computational “cost” brings the scalability concern that blockchain will not be able to meet demand With multiple emerging variants, investment will inevitably be held back – the industry needs a winner ► There are a number of technologies under the banner of blockchain. Until one pulls ahead, investment will hold back. Common pain points Standardization
  14. 14. Page 14 EY Global Blockchain Summit How to comply – use of three pillars Effective regulatory compliance for blockchain presents people, process and technology-related challenges. Below are examples of how each of these 3 key areas can be approached. Current pain points and challenges Strategy to comply ► Privacy and security ► Visible transactions ► Regulatory concerns ► Money laundering and fraud risks ► Lack of standardized monitoring processes ► Clarity on applicable regulatory laws ► Public awareness ► Training ► Public perception and lack of expertise ► Differences between cryptocurrencies, blockchain, and bitcoin ► Mainstream awareness of the use of this technology ► Association with negative undertones People Process Technology ► High initial costs ► Integration with legacy systems ► Lack of available compliance systems ► Need for a customized, scalable solution ► Advanced analytics ► Clarity on money laundering typologies ► Customized AML program and enhanced processes to support the BSA/AML program, Cybersecurity and Consumer protection including: ► Transaction monitoring/alert review ► Identity protection/application security ► Complaints/anti-fraud ► Customized compliance technologies such as: ► KYC and associated EDD functionality ► Sanctions (e.g., vendor systems that compare wallet addresses to a large database of “bad guys”/mandatory lists) ► In-house TM and case management tools ► Leverage innovative tech to streamline processes such as: ► Natural language processes (NLP) ► Knowledge graphs ► Robotics/automation
  15. 15. Page 15 EY Global Blockchain Summit 05 Q&A
  16. 16. Page 16 EY Global Blockchain Summit Key contacts Ed Guerra Regulatory Compliance, FinTech & Banking and Capital Markets Regional Leader Ernst & Young LLP +1 415 894 4396 ed.guerra@ey.com Darpan Khanna Senior Manager, Compliance Technology Ernst & Young LLP +1 213 240 7570 darpan.khanna@ey.com
  17. 17. Page 17 EY Global Blockchain Summit 06 Appendix
  18. 18. Page 18 EY Global Blockchain Summit Compliance foundational elements Second line of defense The following methodology evaluates a compliance function (second line of defense) against regulatory requirements and industry practices in 11 key topics as outlined below: Compliance management system foundational elements 1. Organization (including structure and objectivity) and governance 2. Risk identification and assessment policies and procedures 3. Policies and procedures 4. Training 5. Monitoring 6. Testing 7. Surveillance 8. Management information and reporting 9. Issue tracking and escalation 10. Business unit ownership 11. Roles and responsibilities
  19. 19. Page 19 EY Global Blockchain Summit AML program Pillars In accordance with industry standard practices, any successful and effective AML program is supported by certain key principles as illustrated below: Designation of AML compliance officer Employee training program Recordkeeping, document management and retention Independent testing/internal audit of the AML compliance program Customer onboarding Know your customer (KYC) Due diligence (CDD/EDD) Transaction monitoring Investigations and case management Receiving and responding to information requests from the government Sharing information with other financial institutions List screening and reporting Suspicious activity reporting (SAR) Prevention Detection Internal policies, procedures, and controls Management reporting Money laundering risk assessment Risk rating Model risk validation, tuning, and optimization Economic sanctions (OFAC)
  20. 20. EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. © 2018 EYGM Limited. All Rights Reserved. EYG no. 02174-183Gbl 1803-2618612 ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com Disclaimer: Views expressed in this presentation are those of the speakers and do not necessarily represent the views of Ernst & Young LLP. This presentation is provided solely for the purpose of enhancing knowledge on blockchain matters. It does not provide blockchain advice to any organization because it does not take into account any specific organization’s facts and circumstances.