This Guideline provides guidance to assist a licensee to understand the money laundering and terrorist financing (ML/TF) risks associated with regulated stablecoin activities and sets out the relevant anti-money laundering and counter-financing of terrorism (AML/CFT) regulatory requirements for the licensee to address such risks. A licensee should meet these requirements in order to comply with the statutory requirements under the Stablecoins Ordinance and the AMLO.
Risk assessment
A licensee should adopt a risk-based approach (RBA) in the design and implementation of its AML/CFT policies, procedures and controls (hereafter collectively referred to as “AML/CFT Systems”). The licensee should identify, assess and understand the ML/TF risks to which it is exposed in respect of its specific stablecoin business, and take AML/CFT measures commensurate with those risks in order to manage and mitigate them effectively.
AML/CFT Systems
A licensee should:
(a) have AML/CFT Systems, which are approved by senior management, to enable the licensee to effectively manage and mitigate the risks relevant to the licensee;
(b) monitor the implementation of those AML/CFT Systems referred to in (a), and to enhance them if necessary; and
(c) take enhanced measures to manage and mitigate the risks where higher risks are identified.
Customer due diligence
A licensee should carry out CDD measures in the following circumstances:
(a) before establishing a business relationship with a customer;
(b) before carrying out an occasional transaction (e.g. issuance and redemption of stablecoin) involving an amount equal to or above $8,000 for a customer;
(c) when the licensee suspects that the customer or the customer’s account is involved in ML/TF; or
(d) when the licensee doubts the veracity or adequacy of any information previously obtained for the purpose of identifying the customer or for the purpose of verifying the customer’s identity.
Stablecoin transfers
A licensee should assess how the ML/TF risks identified from the stablecoin transfer counterparty due diligence may affect it, and take reasonable measures to mitigate and manage the ML/TF risks posed by a stablecoin transfer counterparty, which may include:
(a) perform enhanced and/or more frequent due diligence reviews;
(b) conduct enhanced monitoring of stablecoin transfers with the stablecoin transfer counterparty; and/or
(c) (where appropriate) impose transaction limits.
Record-keeping
A licensee should maintain the original or a copy of the documents, and a record of the data and information, obtained in connection with each transaction the licensee carries out, both domestic and international, which should be sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity. All these documents and records should be kept for a period of at least five years after the completion of a transaction, regardless of whether the business relationship ends during the period.
The above is only a partial summary; please refer to the full article for complete details.
Leave a Reply