2014 10-05 juan llanos presentation (inside bitcoins)

Bitcoin & AML Regulation:
Strategies for
Successful Compliance &
Government Relations
Las Vegas InsideBitcoins Conference
Las Vegas, October 5, 2014
by @Juan Llanos

© 2014 Juan Llanos
“Risk management is not only
about reducing downside
potential (the probability of pain),
but also about increasing
upside opportunity
(the prospects for gain).”

James
Lam

MUST
WANT
CAN
© 2014 Juan Llanos
WANT
–
MUST
=
CAN

Agenda
1.  Brief history of AML standards
The latest FATF & EBA reports
2.  Risk identification
Risk areas à Focus on AML
3.  Risk mitigation
a)  Program design tips
b)  Overview of corporate and product safeguards
c)  Customer identification and behavioral
analytics
4.  Unsolicited (contrarian) advice
© 2014 Juan Llanos

Financial
Ac)on
Task
Force

Groupe
d’Ac)on
Financière
Interna)onale

(FATF-‐GAFI)

Independent inter-governmental body
Develops and promotes policies to protect the
global financial system against money laundering
and terrorist financing
FAFT recommendations
à define criminal justice and regulatory measures that
should be implemented to counter this problem
à are recognized as the global anti-money
laundering and counter-terrorist financing standard
(AML/CFT)

Special Recommendation VI
Each country should take measures to ensure that
persons or legal entities, including agents, that provide
a service for the transmission of money or
value, including transmission through an informal
money or value transfer system or network, should be
licensed or registered and subject to all the FATF
Recommendations that apply to banks and non-bank
financial institutions. Each country should ensure that
persons or legal entities that carry out this service
illegally are subject to administrative, civil or
criminal sanctions
Financial
Ac)on
Task
Force

Groupe
d’Ac)on
Financière
Interna)onale

(FATF-‐GAFI)

Anonymity = Anathema
•  Anonymous
iden0ﬁca0on

•  No
value
limits

•  Anonymous
funding

•  No
transac.on
records

•  Wide
geographical
use

•  No
usage
limits

Cash
features

© 2014 Juan Llanos
F A T F
R e p o r t
o n
N e w
P a y m e n t
M e t h o d s
( 2 0 0 6 )

FATF New Payment Methods Risks
© 2014 Juan Llanos
F A T F
R e p o r t
o n
N e w
P a y m e n t
M e t h o d s
( 2 0 1 3 )

FATF Virtual Currencies AML Risks
© 2014 Juan LlanosF A T F
R e p o r t
o n
V i r t u a l
C u r r e n c i e s
( 2 0 1 4 -‐ 0 6 -‐ 3 0 )

Convertible virtual currencies
•  are potentially vulnerable to money laundering and terrorist financing abuse
•  may allow greater anonymity than traditional non-cash payment methods
Virtual currency systems
•  can be traded on the Internet (global reach)
•  generally characterized by non-face-to-face customer relationships
•  may permit anonymous funding
•  may permit anonymous transfers
•  may operate in jurisdictions with inadequate controls
Decentralized systems
•  are vulnerable to anonymity risks. E.g., Bitcoin…
•  addresses have no names or other customer identification attached
•  has no central server or service provider
•  does not require or provide identification and verification of participants
•  does not generate historical records of transactions associated with real world identity
•  has no central oversight body
•  no AML software is currently available to monitor and identify suspicious
transaction patterns
•  law enforcement cannot target one central location or entity for investigative
or asset forfeiture purposes

© 2014 Juan Llanos
Who
is
a
money
transmi@er
in
the
USA?

IS
IS
NOT

…whoever
as
a
business:

•  Exchanges
virtual
currency
for

government
currency,
and
one

virtual
currencies
for
another
(e.g.,

exchanges)

•  Mines
and
makes
a
payment
to
a

third
party
on
behalf
of
a
customer

(e.g.,
for-‐profit
miners)

•  Accepts
value
from
A
and
delivers
it

to
B
(e.g.,
some
wallets)

•  Accepts
value
from
A
and
delivers
it

to
A
at
a
different
.me
or
place

(e.g.,
vaults)

…whoever

•  Mines,
uses
or
invests
virtual

currency
for
own
benefit

•  Provides

network
access

services
to
money

transmiIers

•  Acts
as
a
payment
processor

by
agreement
with
a
seller
or

creditor

•  Acts
as
intermediary
between

BSA-‐regulated
ins.tu.ons

Money
Transmi@er
Regula0on
(US)

© 2014 Juan Llanos
Focus
à
AML/BSA
+
State
Compliance

Main
Risk
Areas
Main
Statutes
and
Regs

An.-‐Money
Laundering
BSA,
USA
PATRIOT
Act,
Money

Laundering
Acts

An.-‐Terrorism
Financing
(CFT)
USA
PATRIOT
Act,
OFAC

Privacy
and
Informa.on

Security

Gramm-‐Leach-‐Bliley

Safety
and
soundness
State
(via
licensing)

Consumer
protec.on
State
(via
licensing)
+
Dodd-‐Frank
/

Regula.on
E
(CFPB)

Money transmitters
and their agents are perceived as
HIGH RISK of
• ABUSE TO CONSUMER
• MONEY LAUNDERING
• TERRORIST FINANCING
Money
transmission
=
highly
regulated
industry

© 2014 Juan Llanos

How Can We Abuse
Consumers?
• Loss of funds
• Wrong product/service
• Failed transactions
• Overpricing
• Divulging/losing private data
• Claims ignored
© 2014 Juan Llanos

How Can Money be
Laundered Through Us?
• Identity theft &
impersonation
• Structuring
• Fraudulent acts
• Lax controls
FRONT
OFFICE
BACK
OFFICE
© 2014 Juan Llanos
General risks (all FIs) à fake IDs, negligence, incompetence & wrongdoing

Opera.onal
Customer

(Sender
&
Recipient)

Foreign

Counterparty

Agent

(B&M,
online)

MT
Risks

Money Transmitter Risk
Fronts

© 2014 Juan Llanos

RISKS MITIGATORS
•  Commingling/diversion of funds
•  Poor cash management, accounting
and settlement
•  Poor document management,
reporting and record-keeping
•  Inadequate policies and procedures
•  Poor controls
•  Systems breakdowns
•  Employee acceptance, monitoring
and termination protocols
•  Employee training and education
•  Professional financial, operational
and compliance management
•  Dual controls and segregation of
duties
•  Business continuity and disaster
recovery planning
•  Independent auditing and testing
•  State-of-the-art technology
Operational Risks and Mitigators
© 2014 Juan Llanos

RISKS MITIGATORS
•  Complicity with agent or foreign
counterparty
•  Complicity with recipient (or sender)
•  ‘Drip-irrigation’ transfer of illicit funds
(O2M recipients, M2O recipient, M2M
recipients)
•  Intra-company structuring
•  Inter-company structuring (‘smurfing’)
•  Terrorist financing
•  Customer acceptance, monitoring
and termination protocols
•  Transaction & behavior monitoring
•  Lower identity verification thresholds
at origin and destination
•  For cards, maximum loadable
amounts, expiration date, and limited
number of recipients.
•  Redundant identity verification
procedures at destination
•  POS training
•  OFAC screening
•  Eventually, intercompany transaction
monitoring by highly-professional
and secure clearing house. This is the
only possible antidote against
‘smurfing’.
Customer Risks and Mitigators
© 2014 Juan Llanos

Foreign Counterparty
Risks and Mitigators
RISKS MITIGATORS
•  Complicity with sender or agent
•  Poor cash sourcing, management,
accounting and settlement
•  Poor documentation and record-
keeping
•  Lax policies, procedures and controls
•  Poor regulatory regime
•  Credit risk
•  Systems breakdowns
•  Foreign counterparty acceptance,
monitoring and termination
protocols
•  Selecting reputable partners with
proven track record and effective
systems and controls
•  Transaction monitoring
•  Independent auditing and testing
•  OFAC screening
© 2014 Juan Llanos

1.  Always understand the flow of DATA and
the flow of MONEY.
2.  Life-cycle management and the right mix
of detective and deterrent techniques,
including effective training, are key.
3.  Document or perish
Program Design Tips
© 2014 Juan Llanos

1.
Map
Flows,

and
Processes

2.
Iden.fy

Risks

3.
Design

Controls

4.
Write
PPCs

5.
Execute

and
Measure

6.
Enhance

and
Improve

Bottom-Up Program Design
Spirit of law +
Engineering Mindset
© 2014 Juan Llanos

* AML Program Elements (Section 352 of the USA PATRIOT Act)
1. A
designated
compliance
officer
+
professional
team

2. WriIen
policies
and
procedures
+
opera.onal
controls:

•  Licensing,
renewal
and
repor.ng
procedures
(S)

•  Registra.on,
record-‐keeping
and
report-‐filing
procedures
(F)

•  KY
(Know
Your…)
Subprograms:
Acceptance,
monitoring,
correc.on
and

termina.on

•  KY…Customer

•  KY…Agent
(if
applicable)

•  KY…Foreign
Counterparty

•  KY…Employee

•  KY…Vendor

•  Monitoring,
analysis
and
inves.ga.ng
procedures

•  OFAC
compliance
program

•  Response
to
official
informa.on
requests

•  Privacy
and
informa.on
security
protec.on
protocols

3. An
on-‐going
training
program

•  Risk
&
Compliance
CommiIee

4. An
independent
compliance
audi0ng
func.on

CORPORATE Safeguards*
© 2014 Juan Llanos

CUSTOMER Identification
© 2014 Juan Llanos
Non-‐Face
to
Face
à
“Card
not
present”
standards

Non-documentary à contacting a customer; independently
verifying the customer’s identity through the comparison of information
provided by the customer with information obtained from a consumer
reporting agency, public database, or other source; checking references
with other financial institutions; and obtaining a financial statement.
Documentary à Review an unexpired government-issued form of
identification from most customers. This identification must provide
evidence of a customer’s nationality or residence and bear a photograph
or similar safeguard; examples include a driver’s license or passport.
However, other forms of identification may be used if they enable the
bank to form a reasonable belief that it knows the true identity of the
customer.

“What customers do
speaks so loudly
that I cannot hear
what they’re saying.”
(Paraphrasing Ralph Waldo Emerson)
Customer identification vs. customer knowledge
BEHAVIORAL ANALYTICS
© 2014 Juan Llanos

© 2014 Juan Llanos
Machine Learning (AI) Methods
SUPERVISED
LEARNING:
relies
on
two
labeled
classes
(good
vs.
bad)

Goal
à
Detect
known
suspicious
paIerns

1.  Training
set:

a.  Select
dataset
with
clean
and
dirty
cases.

b.  Classiﬁca.on
algorithm
to
discriminate
between
the
two

classes
(ﬁnds
the
rules
or
condi)ons)

c.  Probabili.es
of
class
1
and
class
2
assignment

2.  Run
discrimina.on
method
on
all
future
purchases.

UNSUPERVISED
LEARNING:
no
class
labels

Goal
à
Detect
anomalies

1.  Takes
recent
purchase
history
and
summarize
in
descrip.ve

sta.s.cs.

2.  Measure
whether
selected
variables
exceed
a
certain
threshold.

(devia)ons
from
the
norm)

3.  Sounds
alarm
and
records
a
high
score.

© 2014 Juan Llanos

•  High
amounts

•  High
frequency

•  Use
of
mul0ple
loca0ons

•  Use
of
mul0ple
iden00es

•  Use
of
untrusted
device

•  Values
just
below
threshold

•  Immediate
withdrawals

Examples of
Known Unusual Behaviors
© 2014 Juan Llanos

Risk Areas
•  operational
•  credit
•  money laundering
•  terrorist financing
•  information loss
•  liquidity
•  fraud
•  Identity Theft
Stakeholders
•  federal agencies
•  state agencies
•  investors
•  consumers
•  employees
•  society
Goals
•  safety
•  soundness
•  security
•  privacy
•  crime prevention
•  health
•  integrity
Regulation à Inevitable, yet valid
Risks & Stakeholders
© 2014 Juan Llanos
Compliance à Onerous, yet valuable

•  Prevention trumps damage control
•  Risk MGT à Both reducing downside and
increasing upside
•  Simplicity and common sense
•  Train for behavior change, not theoretical
knowledge
•  Form-substance continuum à substance
•  Letter-spirit continuum à focus on spirit
(underlying purpose and values) facilitates
• Operational synergies (leveraging tech)
• Compliance without compromising performance
• Flexibility and sustainability
© 2014 Juan Llanos

Evolution of Regulatory Relations
VALUES AND CULTURE REGULATORY RELATIONSHIP
Minimum Standards
As little as can get away with
Unthinking, mechanical
Compliance Culture
By the book
Bureaucratic
Beyond Compliance
Risk focused, self-policing
Ethical business
Values-based
Spirit, not just letter
Focus on prevention
Strong learning
Policing
Enforcement lesson
Basic training
Supervising / Educating
Look for early warnings
Themed, focused visits
Educating / Consulting
Culture development
Lighter touch
Mature relationship
Reinforce best practice
Benchmark
Reallocate resources to problem firms
Source: Financial Services Authority, UK
© 2014 Juan Llanos
Banking

SUBSTANCE (be)
Handbooks, written policies, talk
(lawyers, public relations)
Operationalization, quality, walk
(compliance officers, engineers, leaders)
FORM (seem)
© 2014 Juan Llanos

“Prosecutors are looking for
substantive AML programs (not just
paper ones) in determining whether
you’re a victim or a suspect.”
Former federal prosecutor
“A well-written AML program will not
by itself be sufficient. It’s the
everyday operation, the execution
and delivery, that matters.”
Wells Fargo MSB Risk Manager
© 2014 Juan Llanos

© 2014 Juan Llanos
Juan Llanos
EVP, Strategic Partnerships & Chief Transparency Officer
Bitreserve, Inc.
New York, NY
Mobile: (917) 684-0560
Email: juanbllanos@gmail.com
LinkedIn: www.linkedin.com/in/Juan Llanos
Twitter: @JuanLlanos
Blog: ContrarianCompliance.com
Thank you!

2014 10-05 juan llanos presentation (inside bitcoins)

More Related Content

What's hot

Viewers also liked

Similar to 2014 10-05 juan llanos presentation (inside bitcoins)

More from MecklerMedia

Recently uploaded

2014 10-05 juan llanos presentation (inside bitcoins)