In the United States, a business that is a money transmitter, such as a Bitcoin ATM business, needs to have its own KYC/AML (Know Your Customer/Anti-money laundering) policies, but it only has to submit them to the federal authorities upon request.
Generally speaking, a program by a business that implements the KYC/AML policies needs to have four parts.
Policies and procedures
The first part of the KYC/AML compliance program consists of policies and procedures that need to assure compliance with the existing laws. A policy is a collection of principles and procedures are processes that outline step by step how the business will implement the policies. Typically, the policies need to include the following parts: acceptance of someone as a customer, identification of a prospect’s or a customer’s identity, monitoring and recording transactions by customers and management of risks.
For example, a customer acceptance policy of a Bitcoin ATM business can define as a customer someone who has an account and a business relationship with the ATM business. A policy would then specify what the business would do to accept someone as a customer and what steps a prospect would need to take to become a customer.
Internal Controls and a Compliance Officer
Once a Bitcoin ATM business has a set of policies and procedures, it needs to install internal controls. Typical controls include analysis and verification of identity documents, name matching, evaluations of risks, monitoring of the behavior of a customer, and monitoring of the transactions.
A compliance officer is a dedicated employee in charge of compliance and implementation of the legal regulations. The person should have previous experience with these job responsibilities and also needs to have a certain level of freedom and trust when implementing and monitoring the regulations. The ideal scenario is to have someone working strictly on compliance and nothing else because this will prevent potential conflicts of interest.
Once you do develop the necessary policies and procedures, you need to train your employees about them. This is the part where many business owners do not do a good enough of a job. They do what they need to do to comply with the law. Often, this requires spending a lot of time studying the regulations and hiring the right people to do the compliance work. Because of this, it is easy for a Bitcoin ATM owner to forget that non-compliance employees did not spend a lot of time studying compliance, which means that they need training and they need explanations of everything from scratch.
In many instances, customers leave unhappy not because the employees do not want to help, but because the employees do not know how to help. You need to have a program for the employees. The program doesn’t necessarily have to be just formal. The program is about how you do things in your business.
Think about the time when you were getting new jobs in the past. The first thing you would want to know when reporting to a new job for the first time was “how are the things getting done around here?”
The answer to this question is what you want to have for your employees. It does not have to be dull or be a formal employee manual. You can also talk about the expectations that your customers would have and how your employees would need to satisfy those expectations. For example, depending on your geographical area and the goals for your business, you may want to hire employees who have a keen interest in cryptocurrencies and who invest in cryptocurrencies themselves and you may encourage conversations between your employees and your customers that have to do with blockchain technology, freedom, decentralization and more, not just with using your Bitcoin ATM.
If you do not develop a program or if you do not teach the program well to your employees, you can be sure that your employees will develop a program of their own and their program will be different from yours.
It probably won’t be hard for you to think of a business you patronize where employees spend time talking to their friends on their smartphones and neglecting customers. This is what typically happens when a business has no program or doesn’t enforce a program.
After you create your policies and procedures and train your employees, you want to make sure that everything is working properly. This is why you need to test your systems. Test your entire transaction flow from A to Z and document all the steps. When performing testing, also test all the transaction limits and Know Your Customer verification steps. Try all the scenarios in which things go wrong or in which customers can make mistakes, including submitting insufficient documentation, wrong documentation and making spelling mistakes and mistakes about dates and account numbers and see what happens to your system when you do so. Typically, hardware manufacturers of Bitcoin ATMs do provide buyers of ATMs with systems and solutions, but you do what to make sure that the systems work without any flaws or issues.
After everything in your business is working the way it is supposed to work, you want to make sure that it stays this way. This is why you need to have regular independent audits that will provide a review of your compliance program and procedures. You can have your own employees conducting audits, but it is better to get an independent third party because doing so will allow you to completely avoid any potential conflicts of interest. An independent third party would also not have any relationships with any of your employees, so you will be sure that the reports are completely honest.