Complex Compliances: Checklist for Crypto ATM Operators
The very first Bitcoin (BTC) ATM came to the United States in 2014 to Austin, Texas. This historic event occurred quickly after Canada pioneered the idea in 2013, and the excitement and demand for such ATMs have soared across the globe ever since. There are currently over 8,000 BTC ATMs in more than 70 countries worldwide. In fact, the highest number of Bitcoin ATMs was recorded in the U.S. in 2020, and as of April 2020, approximately 81% of global ATMs were concentrated in North America.
Two types of Bitcoin ATMs exist, with one being more complex than the other. The more basic one simply enables users to purchase Bitcoin, whereas the more complex one provides the function of both buying and selling. These new-age machines have sky-rocketed in popularity, overtaking Bitcoin exchanges as a preference for many. The exchange of fiat for Bitcoin is now a seamless procedure, with Bitcoin ATMs offering a fast and user-friendly experience. This all sounds great — but how can ATM operators buy a machine and set it up in their desired location?
There is just one thing we haven’t mentioned until now — compliance. Bitcoin ATM operators need to ensure a comprehensive compliance framework that appeases Know Your Customer and Anti-Money Laundering regulations, as well as other laws on a federal and state level. Without necessary compliance measures fully in place, Bitcoin ATM operators will be forced to shut down. In short, compliance is key.
Research money transmitter requirements
It’s crucial to understand that regulation for Bitcoin ATMs varies from state to state — some states are more welcoming than others. New York has much stricter requirements than Texas, for example. These differences are abundant and are constantly updated.
For example, in some states, money transmitter requirements declare that you must acquire a money transmitter license. Any operator without a license is committing an imprisonable offense, even if it has completed every other step toward compliance. Therefore, it’s important to research the specific states in which you are operating to avoid any difficulty.
The federal regulations relating to Bitcoin ATMs are outlined in the Bank Secrecy Act, or BSA. This law requires all financial institutions, including Bitcoin ATMs, to assist U.S. government agencies in both detecting and preventing money laundering. Therefore, Bitcoin ATMs must adhere to the regulations of the BSA and rules relating to AML. As mentioned above, both federal and state laws must be followed. For this reason, it is crucial that you research the law in the specific states that you operate in, too.
Register as an MSB with FinCEN
In the U.S., Bitcoin ATMs are considered Money Services Businesses and, therefore, are subject to the regulation of the U.S. Treasury’s Financial Crimes Enforcement Network, or FinCEN. Every Bitcoin ATM operator must register as an MSB with FinCEN.
FinCEN is the U.S.’ financial intelligence unit and arbiter of federal AML laws. Registration is a simple step that involves registering via the online portal with a basic “check-the-box” process. By registering with FinCEN, you are essentially agreeing to be regulated by the entity. This also includes registering at a state level and developing an AML program in most cases, retaining transactional information and reporting any suspicious activity. For state-level regulation, you must complete a permission-based state licensing process.
Develop and implement an AML program
Once registered with FinCEN, operators must comply with the BSA as outlined above. This involves a Bitcoin ATM operator establishing and implementing an anti-money laundering compliance program — a written document that explains an operator’s overall plan to prevent its Bitcoin ATMs from facilitating money laundering activities. An AML program must address a minimum of five pillars, as outlined below:
- Appointment of a designated compliance officer. This officer is responsible for day-to-day compliance with the BSA and AML programs and responsible for the risk assessment of each ATM.
- AML training. Ongoing training of personnel should be conducted, informing them of their specific responsibilities within the program. The training should also include an explanation of classic money laundering techniques and activities, general Bitcoin ATM risks, and other issues a compliance team may experience.
- Customer Due Diligence. Operators must develop risk-based procedures for conducting customer identification and due diligence. FinCEN identifies various elements of Customer Due Diligence. This pillar states that your AML program should include policies, procedures and adequate training for employees to spot beneficial owners of a legal entity customer, verify the information, comprehend the risks related to beneficial ownership, and report any related suspicious activity.
- Internal controls specific to your business model. Develop appropriate procedures, policies and processes specific to your business that meet all BSA requirements. Internal controls are implemented to lower the risks associated with operating Bitcoin ATMs. Multiple factors should be considered when developing internal controls, such as how to identify, report and address suspicious activity, as well as recent regulatory updates or changes.
- Independent review and audit. Organize independent reviews of your AML program in the form of a third-party audit/testing, occurring at least once per year.
Test your AML program, customer and transaction controls before going live
Before going live, it’s important for operators to test all AML controls. This can be done by conducting some sample transactions through the machines. It’s imperative to take this opportunity to ensure that the appropriate KYC processes and suspicious activity indicators are in place and functioning.
In addition, check that customer and transaction information is properly recorded. Any issues found during testing and any relevant changes or solutions introduced to address these problems should also be recorded.
There has been a huge stigma around Bitcoin ATMs because they are considered to be a vehicle for money laundering, with bad actors using the machines to clean cash quickly and easily. Removing this stigma and thwarting this negative reputation still remains a challenge today. However, with ATM operators following the above steps and complying with required regulation, this negative reputation can be alleviated and, hopefully, one day eradicated.
Honest, hardworking Bitcoin ATM producers and operators can play an integral role in creating this bright future, but compliance is something that cannot be ignored. Compliance is a core foundation of the Bitcoin ATM industry and must be adhered to accordingly. Compliance is not a one-time checkbox and, therefore, should be updated regularly. It is in the interest of your users to take responsibility and to be fully compliant both at a federal and state level.
The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Bo Oney is the executive vice president of operations and head of compliance at Coinsource and is a certified anti-money laundering specialist. Bo manages Coinsource’s compliance with AML/CFT regulations and the operational development of Coinsource’s proprietary Platform-as-a-Service program. The PaaS program for operators leverages the company’s state-of-the-art technology and industry-standard best practices to form a robust, innovative program leading the way to the future of financial services transactions.