AML/CFT for crypto service providers
AML/CFT requirements for cryptocurrency exchanges
"In addition to complying with the PSN02’s travel rule, DPT service providers like crypto exchanges in Singapore must also meet the following comprehensive AML/CFT requirements in order to successfully apply for the MAS’ required license:
• Risk assessment and risk mitigation
• Customer due diligence (CDD).
• Reliance on third parties
• Correspondent accounts and wire transfers
• Suspicious transaction reporting.
• Internal policies, compliance, audit and training"
"To comply with CDD requirements, MAS needs DPT-related businesses to collate users’ legal names, IDs, residential/business addresses, and DoB (DoI for commercial enterprises).
The “PSN02 Prevention of Money Laundering and Countering the Financing of Terrorism (Digital Payment Token Service)” is a set of AML/CFT updates in December 2019 (incorporated into law in January 2020) for compliance, specifically catering to Digital Payment Tokens.
The PSN02 notice sets out additional monitoring and reporting requirements that are excluded in the PSA, such as;
- Recurring and cumulatively big Txs without a ‘real’ basis
- Recurring transfers of DPTs to one beneficiary
- Recurring Txs for the purchase/sale of DPTs in a short timeframe
- Many multiple of DPT Txs so that the value of one transfer may not be large to raise red flags – however a total which is large
PSN02 also takes aim at anonymous transactions and so-called ‘privacy coins’ when stating that those entities regulated under PSA must consider whether the service is attempting to “promote anonymity, obfuscate
transactions or undermine the payment service provider’s ability to identify its customers”, and that further due diligence KYC checks on customers must be made that incorporate a user’s “occupation, employer’s name, nature of business, range of annual income, and whether the customer holds or has held a prominent public function.”"