The Association of Cryptocurrency Enterprises and Start-Ups, Singapore (ACCESS) recently sought public feedback on a draft Code of Practice for the digital asset industry (Code). ACCESS prepared the Code in consultation with the Association of Banks in Singapore under the Standardisation of Practice in Crypto Entities initiative facilitated by the Monetary Authority of Singapore.
The Code provides broad guidance that is intended to complement the Payment Services Act by standardising approaches to anti-money laundering and counter financing of terrorism (AML/CFT) and Know Your Customer (KYC) issues. The aim is to promote best practices and strengthen regulatory compliance for cryptocurrency industry participants (crypto-firms) within the digital asset industry. The Code is not intended to replace other legislation, regulations or guidelines.
The Code does not apply to businesses that merely utilise blockchain technology and are not otherwise involved with cryptocurrency or customer funds. Crypto-firms adopting the Code should be guided by the leading principle of proportionality and strike an appropriate balance between risks posed and AML/CFT measures. The Code suggests identifying and assessing the respective money laundering or terrorism financing (ML/TF) risks according to qualitative and quantitative analyses and considering the risk criteria set out in the Code in order to determine the appropriate level of stringency for the required measures. In that regard, the Code is not meant to be a “one size fits all” approach and seeks to establish a common set of practical AML/CFT measures that crypto-firms may implement.
Companies are encouraged to approach the Code in the following steps:
The Code sets out a guide on the scope of activities or operations conducted by crypto-firms for or on behalf of another natural or legal person:
Businesses above generally includes cryptocurrency exchanges, payment and remittance services firms, custodians, issuers, dealers, cryptocurrency fund investment firms, and blockchain network infrastructure service providers.
Additionally, the Code sets out three key categories of crypto-assets or digital tokens under the ambit of “cryptocurrency”:
The Code is expected to be applicable to a diverse range of crypto-firms regardless of whether they provide products and services to businesses or consumers. The Code encourages crypto-firms, regardless of licensing status under any other legislation, to assess the ML/TF risks arising from the dealings in the categories above and to apply AML/CFT measures accordingly.
The Code recommends that crypto-firms identify, assess and understand their own ML/TF risks on an enterprise-level. Crypto-firms should review their assessments periodically and when material trigger events occur such as the launch of a new product or service or an acquisition or merger with another crypto-firm. Quantitative and qualitative data should be used when considering the risk criteria in the context of the business, including factors such as size, scale and nature of the business. The Code details various risk factors for assessment such as customer risk, geographical risk, and risks under products, services, transactions and delivery channels.
Thereafter, a crypto-firm may implement measures listed within the Code, where appropriate, based on the risk assessment. Measures detailed within the Code include:
Disclaimer: This article is for general information only and does not constitute legal advice.