BCB Group Anti-Money Laundering Policy
v2.9 January 2020
What is Money Laundering?
The Proceeds of Crime Act 2002 (POCA) consolidated, updated and reformed criminal law with regard to money laundering.
Money laundering can be defined as the process to move illegally acquired cash through financial systems so that it appears to be from a legitimate source. Money laundering offences include: concealing, disguising, converting, transferring criminal property or removing it from the UK (Section 327 POCA); entering into or becoming concerned in an arrangement which you know or suspect facilitates the acquisition, retention, use or control of criminal property by or on behalf of another person (Section 328 POCA); and acquiring, using or possessing criminal property (Section 329 POCA).
There are also several secondary offences, failure to disclose knowledge or suspicion of money laundering to the Money Laundering Reporting Officer (MLRO); failure by the MLRO to disclose knowledge or suspicion of money laundering to the National Crime Agency; and ‘tipping off’ whereby somebody informs a person or persons who are, or who are suspected of being involved in money laundering, in such a way as to reduce the likelihood of their being investigated or prejudicing an investigation.
Within the UK alone it is estimated that over £90 billion is laundered on an annual basis. In response to this, the United Kingdom has passed legislation complementing POCA designed to prevent money laundering and to combat terrorism. This legislation, together with regulations, rules and industry guidance, forms the cornerstone of AML/CTF (anti-money laundering/countering terrorism financing) obligations for UK firms and outline the offences and penalties for failing to comply.
Applicability to BCB Group and its staff
This policy is applicable to all BCB Group entities including:
BCB Group Holdings Ltd (“BCB Group”) (11312470, England and Wales), the top level group entity
BCB Prime Services Ltd (“BCB Prime”) (10868869, England and Wales, 100% subsidiary of BCB Group Holdings Ltd)
BCB Payments Ltd (“BCB Payments”) (11313622, England and Wales, 100% subsidiary of BCB Group Holdings Ltd)
BCB Prime Services (Switzerland) LLC/Sarl/GmbH (“BCB CH”) (CHE-415.135.958, Neuchatel, Switzerland, 100% subsidiary of BCB Prime Services Ltd)
The trading and broking of cryptoassets is not currently a regulated activity for the purposes of the Financial Services and Markets Act 2000 unless they are classified as security tokens, in which case they will amount to a specified investment as set out in The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001. However, BCB Payments Limited, a BCB Group company, is regulated by the Financial Conduct Authority as an Authorised Payment Institution under the Payment Services Regulations 2017 with number 807377, while BCB CH is an SRO member of VQF, an officially recognized self-regulatory organization (SRO) according to the Swiss Anti-Money-Laudering Act. BCB Payments Limited is registered with HM Revenue and Customs under the Money Laundering, Terrorist Financing and Transfer of Fund (Information on the Payer) Regulations 2017 (the “2017 Regulations”) and BCB CH has obligations under the Federal Act on Combating Money Laundering and Terrorist Financing of 10 October 1997. In addition, the activities of BCB Group which are currently unregulated will also fall within UK AML regulation upon the passing into UK law of the Fifth Anti-Money Laundering Directive (Directive (EU) 2018/843).
As a result, BCB Group’s senior management have elected to implement systems and procedures that meet the requirements of both UK and Swiss AML legislation across its entire group.
This Policy sets out, among other things, the systems and processes put in place by BCB Group to manage and effectively mitigate the risks of money laundering and terrorist financing and how BCB Group staff should formally raise concerns, in writing to the managing director and head of compliance, if they suspect money laundering or inadvertently become involved in it in some way in the course of their BCB Group activities. Staff have a positive obligation to act should they suspect or become involved in money laundering – doing nothing is not an option and leaves staff open to criminal liability if they do not report money laundering where they suspect, or should have reasonable grounds to suspect, that it is taking place.
BCB Group Policies, Controls and Procedures
BCB Group is committed to establishing and maintaining policies, controls and procedures to manage and effectively mitigate the risks of money laundering and terrorist financing. These policies will be regularly reviewed to ensure that they remain fit for purpose and will include:
- The risk management practices adopted by BCB Group to prevent its business being used for money laundering and/or terrorist financing.
- Customer due diligence requirements, including enhanced due diligence for those customers presenting higher risk, such as Politically Exposed Persons (PEPs).
- Internal controls in relation to its senior management and staff members.
- The independent audit of its policies, controls and procedures.
- Record keeping.
- Monitoring compliance with its policies, controls and procedures and their communication to staff.
Money Laundering Reporting Officer
The Company has appointed a MLRO in each of the UK and in Switzerland to receive disclosures about money laundering activity and be responsible for anti-money laundering activity within BCB Group. The MLRO and Group head of compliance is Oliver Tonkin and the MLRO in Switzerland is Urs Bigger.
The MLROs will ensure that appropriate training and awareness is provided to new and existing staff and that this is reviewed and updated as required.
The MLROs will ensure that appropriate anti-money laundering systems and processes are incorporated by BCB Group.
Risk Assessment and Risk Management Practices
Regulation 18(1) of the 2017 Regulations requires a firm to take reasonable steps to identify and assess the risks of money laundering and terrorist financing to which its business is subject. Firms are required to take into account their customers and clients, the countries or geographical areas in which they operate, their products or services, the nature of transactions and delivery channels.
In the CryptoAsset Taskforce’s October 2018 Final Report, they highlighted that although the anonymity afforded by cryptoassets make them particularly attractive to criminals intent on money laundering, “the government’s 2015 and 2017 National Risk Assessments of Money Laundering and Terrorist Financing (NRAs) still assessed the risks associated with cryptoassets to be relatively low for both money laundering and terrorist financing, as there was little evidence of them being used to launder large amounts at high volume.”
Following the comprehensive risk assessment completed in January 2019, BCBPL has determined a set list of cryptoassets that it will deal with having taken into account the underlying technology of the token and its historic use cases. Coins (so-called “privacy coins”) that use technology allowing for untraceable transactions are not supported by the Firm due to the risk of potential illegal activity.
BCB Group has carried out a new risk assessment under Regulation 18 of the 2017 MLRs in respect of its payment account business and operations and how they will be carried out.
The Firm has, in this revised risk assessment, identified potential risks of money laundering/terrorist financing in the operation of payment account/money remittance services arising from:
- Payments received into payment accounts by third parties who are either not the client or who are not liquidity providers which the Firm has already vetted and onboarded.
- Payments made from payment accounts to third parties who are either not the client or who are not liquidity providers which the Firm has already vetted and onboarded.
The Firm is instituting the following procedure to mitigate these risks:
– For fiat payments from third parties received into a payment account
Where a client receives funds otherwise than from a liquidity provider verified and onboarded by BCB Group, BCB Group, before allowing client access to funds, (1) verify the identity of the sender (2) the name and geographic of the sender’s bank and (3) the purpose of the remittance to the client’s payment account.
PEP and sanctions check must be carried out on each sender through Onfido before allowing customer access to funds.
All funds in the account must be frozen if the relevant sender appears on any sanctions list or the funds originate from any of the countries listed in the HM Treasury “Money laundering and terrorist financing controls in overseas jurisdictions – advisory notice” (see Annex A for more details on the sanctions compliance process).
Where a sender is a PEP and/or the transfer represents part of a unusual pattern of activity on the account, the client must give further information on the payment and its purpose which is satisfactory to BCB Group before the funds can be accessed. If such explanation is not satisfactory, the payment must be returned.
For payments made to other third parties from a payment account
Where a client sends funds otherwise than to a liquidity provider verified and onboarded by BCB Group, BCB Group must, before processing the remittance, (1) verify the identity of the recipient (2) the name and geographic of the recipient’s bank and (3) the purpose of the remittance from the client’s payment account.
PEP and sanctions check must be carried out on each recipient through Onfido before processing the transfer.
The remittance must be rejected and funds in the account frozen if the recipient appears on any sanctions list or the funds are being sent to any of the countries listed in the HM Treasury “Money laundering and terrorist financing controls in overseas jurisdictions – advisory notice” (see Annex A for more details on the sanctions compliance process).
Where a recipient is a PEP and/or the remittance represents part of a unusual pattern of activity on the account, the client must give further information on the payment and its purpose which is satisfactory to BCB Group before the remittance can be accessed. If such explanation is not satisfactory, the remittance must be refused.
Other potential risks arising from payments received from the client or payments made to/from the Firm’s/BCB Group’s liquidity providers should already be mitigated by the Firm’s existing KYC procedures.
Notwithstanding the application of the measures outlined above, which are necessary to mitigate any risk of money laundering/terrorist financing, the Firm considers that the overall risk is low in the context of the clients it offers/will offer its services to, which are either high net worth individuals, boutique institutions/family offices or corporates that utilise cryptocurrency as part of their business models (either as a means of payment for services provided/consumed or as part of security token offerings) – all are clients with which it has an ongoing, rather than one-off, business relationship. The Firm will not onboard retail clients. The Firm’s low appetite for risk in terms of the clients it onboards means that the likely use of payment account/remittance services by these clients for money laundering/terrorist financing is low.
– Customer Due Diligence Requirements
Customer due diligence requirements are set out in Annex 1.
– Record Keeping
Regulation 40 of the 2017 Regulations requires firms to retain copies of all documentation obtained from a customer. In addition, records of all trades and their position on the relevant blockchain will be retained by BCB Group.
Documentation will be retained for at least ten years, in the case of trades, from the date of the trade, and in the case of customer documentation, following the last trade which the customer has made with BCB Group.
Personal data may only be used by BCB Group for the purpose of our business or for the purposes of preventing money laundering or terrorist financing.
– Communication of Policies to Staff and Compliance Monitoring
This policy is available for review by all staff. Each staff member must read it and become familiar with its contents. Updates to the policy will be communicated to staff as they become available. Staff compliance with this policy will be monitored on a regular basis to ensure that BCB Group remains compliant with UK AML law and regulation.
Annex 1 – Customer Due Diligence Requirements
Customer due diligence (CDD) is required under Regulation 27(1) of the 2017 Regulations when BCB Group is establishing a business relationship with a customer, where it or any member of staff suspects money laundering or terrorist financing or where the veracity or adequacy of documents previously obtained for CDD purposes is doubted.
CDD at Customer Take-on
Photo identification showing full name which corresponds to the name in which the customer account is being opened. Any one of the following is acceptable:
- Driving license (if contains photograph of individual)
- National ID Card
- Armed Forces ID Card
For all Passports/Identity Documents ensure the following:
- The document is valid and shows the issue and expiry dates
- The photograph is clear and all features are visible
- The page showing signature is included
- The place of issue and passport number details are included and are clearly legible
- Nationality details are included
Proof of residential address which shows the name of the customer opening the account (documents showing joint names for couples are acceptable). Any one of the following:
- Valid, full driving license (unless already provided as proof of identity)
- Utility bill (such as gas, water, electricity, although NOT a mobile phone bill)
- Television license
- Home or motor insurance policy document or certificate
- Council tax (or equivalent) bill
All documentation must be from a recognised or verifiable provider and must not be more than three months old.
For an individual account opener, a short video clip of the individual holding their photo ID next to their face and speaking the words, “My name is [Name] and I wish to enter into a relationship with BCB Group.”
In addition, BCB Group reserves the right to request additional professional references for KYC purposes in its absolute discretion
For companies and other corporate bodies:
Each of the following:
- Certificate of incorporation and memorandum and articles of association
- Latest annual return
- Latest statutory report and accounts
- Current shareholder and director registers
- Resolution of the Board of Directors to open an account and identification of those who have authority to operate the account
- Full CDD documentation on each director (see “for individuals” above)
- Full CDD on any company which controls the company applying for the BCB Group account
- Full CDD documentation on each ultimate beneficial owner of more than 20% of the company’s share capital. Where there are corporate shareholders, documentation confirming the identity of the ultimate individual beneficial owners must be provided.
- An original ink signed Form K (for operating companies) and/or Form A (for investment companies or where a Form K indicates a legal shareholder is not also the beneficial owner of such shareholding).
- A short video clip of the corporate representative opening the BCB account holding their photo ID next to their face and speaking the words, “My name is [Name], I represent [Company/Entity] and I wish to enter into a relationship with BCB Group.”
Each of the following:
- Registration certificate (where applicable) or any business registration document (such as a tax registration document, including VAT certificate)
- Copy partnership deed
- Full CDD on all individual partners (see “for individuals” above)
For charities, foundations or trusts:
This category of customer is particularly high risk and BCB Group staff must operate CDD procedures with particular care. Charities, foundations and trusts operate with different structures based on the jurisdiction in which they are based. The key priority in CDD for these customers is to understand both of the following:
- Who controls the operation of the charity, foundation or trust? Is it the trustees or somebody else?
- What is the ultimate source of funds for the charity, foundation or trust? Where there is one significant or a group of significant donors or funders, who are they and what is their source of wealth? What control do they have in how the charity, foundation or trust spends or invests its funds?
As a minimum, the following documentation will be required:
- Certificate of incorporation/registration (if applicable – more likely to be applicable to a registered charity or foundation, so check the jurisdiction if in doubt)
- Copy memorandum and articles of association (if applicable – more likely to be applicable to a registered charity or foundation, so check the jurisdiction if in doubt)
- Most recent report and accounts (for all)
- In the case of a trust, a copy of the trust deed, showing the identity of the settlor of the trust and for whose benefit the trust has been established.
- Full CDD on each individual trustee, settlor (in the case of a trust), beneficiary (in the case of a trust) and any significant individual donors or funders (in the case of a charity or foundation).
Retention of CDD Documentation
In accordance with Regulation 40 of the 2017 Regulations, BCB Group will retain copies of all documentation provided at customer take on stage. BCB Group will retain such copies for at least 5 years from the last date on which the customer transacts with BCB Group. Such documentation and personal data contained therein will only be used for BCB Group internal compliance purposes.
Use of Onfido
BCB Group currently uses Onfido to conduct additional identity verification. Each new customer’s details will be entered into the Onfido system and a report will be generated for that customer. Where the Onfido report flags any issues with the documentation provided, BCB Group staff should take steps to obtain additional documentation to satisfy themselves that the information provided by the customer is true and accurate in all material respects.
In addition, Onfido will report on whether the customer is a Politically Exposed Person or appears on an international sanctions or watch list (see below).
Politically Exposed Persons
Politically Exposed Persons (PEPs) are defined in Regulation 35 of the 2017 Regulations. PEPs are broadly defined as individuals entrusted with prominent public functions, such as heads of state, members of parliament, members of key government bodies and ambassadors, as well as members of their close family. PEPs are deemed to carry a higher risk of money laundering and so enhanced due diligence is required in respect of them, both at take on stage and on an ongoing basis.
Where Onfido reveals that a prospective customer is a PEP, BCB Group cannot take on such an individual as a customer without the consent from the managing director or head of compliance.
In addition, the prospective customer will be required, at customer take on stage, to provide information, with supporting evidence of their source of wealth:
- Their current salary and other income; and
- Their liquid assets (including cash and investment portfolio).
The information provide on source of wealth will be required to provide some context to the source of funds for transactions (see below).
BCB Group is unable to accept clients or otherwise do business with parties from certain jurisdictions for its own internal compliance purposes and in order to comply with international sanctions requirements imposed by, among others, the United States.
This means that BCB Group may not under any circumstances deal with parties incorporated in, resident in or with financial operations in, the following countries:
|The Bahamas||Sri Lanka|
|Ethiopia||Trinidad and Tobago|
In addition, BCB Group operates procedures to identify parties who appear on various international sanctions lists, including those operated by the United States Treasury Department’s Office of Foreign Asset Control. BCB Group is unable to accept as customers or otherwise do business with parties appearing on these sanctions lists.
BCB Group staff must request a new set of KYC documentation provided by individual customers in the following circumstances:
- Every twelve months following the initial take-on of the customer:
- Fresh photo ID documentation where the documentation previously supplied has since expired.
- Fresh proof of address documentation.
- Where a customer who has not traded for the previous twelve months wishes to trade:
- Fresh photo ID will be required where the documentation previously supplied has since expired.
- Fresh proof of address documentation.
A new Onfido check should also be carried out whenever new customer documentation is received.
In addition, a fresh PEP and sanctions check must be carried out on each individual, director or 25%+ ultimate beneficial owner every three months from initial onboarding, or, if a counterparty has not traded in the previous three months, before any subsequent trade can be executed.
Ongoing CDD is required under Regulation 27(8) of the 2017 Regulations for existing clients at appropriate times based on the risk based approach adopted by BCB Group. This will be based on a qualitative or quantitative review of customer activity and will be required where:
- Any member of staff becomes aware that the circumstances of an existing customer which are relevant to a previous assessment of the risk of money laundering or terrorist financing have changed.
- Where there are indications that the identity of a customer or, in relation to a corporate body, its beneficial owner, has changed.
- A customer is carrying out transactions which are not reasonable consistent with BCB Group’s previous knowledge or experience of that customer.
- The purpose or intended nature of BCB Group’s relationship with the client change for any reason.
- There exist any other events or circumstances which might affect BCB Group’s assessment of the money laundering or terrorist financing risk in relation to that customer.
Potential issues to be aware of include (not an exhaustive list):
- Where the identity of the holder of the bank account from which funds are being remitted to BCB Group does not match the name of the customer which BCB Group has on file. Where such funds are received, no trade should take place and BCB Group staff should immediately contact the customer to request an explanation, which once received should be referred to the managing director or head of compliance. In the case of joint accounts where one account holder is the customer, KYC documentation should be obtained in the other account holders before any trade can proceed. Money should not be returned to the customer without the consent of the head of compliance (an immediate return of funds may alert a customer that money laundering is suspected, thus exposing BCB Group and its staff to criminal liability under the “tipping off” offence under POCA).
- Being asked to accept cash to trade with BCB Group. BCB Group operates a strict no-cash policy.
- Becoming or being made aware that the cryptocurrency wallet from which BCB Group is receiving cryptocurrency or to which it is asked to transfer cryptocurrency does not belong to the client.
- Any unusual pattern of trades, such as a one-off large trade or series of large trades, which is inconsistent with historic trading patterns.
Anything which raises suspicions in relation to a customer should be reported to the managing director or head of compliance immediately.
Source of Funds/”Source of Crypto” Verification
Certain trades will require confirmation as to proof of funds/wealth before they can be made. These are:
- Any transaction from a PEP customer;
- Any transaction from a non-PEP customer with a fiat value in excess of Euros 15,000; and
- Any transaction from a non-PEP customer which would result in that customer having completed transactions with a fiat value of more than Euros 15,000 with BCB Group in the previous 12 months.
- Any transaction from a customer of BCB CH
Customers requested to provide confirmation of source of funds should provide:
- An explanation of where the funds for the trade in question have originated (from income, savings, liquidation of another asset etc).
- Depending on the explanation of the source of funds, documentary evidence of the explanation, such as copy bank statements, investment account records or a solicitors’ or accountants’ letter confirming source of funds.
- In the case of cryptocurrency-to-fiat transactions, evidence of the original fiat-to-cryptocurrency transaction and the source of the fiat funds for that original acquisition. This will include details of the original transaction or transactions, including time, date and transferor/transferee wallet details. BCB Group reserves the right to carry out due diligence via analysis of the blockchain to verify past transactions, including cross checking against any “blacklisted” wallets associated with historical illegal behaviour (such as the Mt.Gox theft or wallets linked to cyber-extortion). This may include using Elliptic (www.elliptic.co) for due diligence purposes. With some cryptocurrencies (such as XRP and some altcoins), blockchain analysis may not be possible, in which case the client will be expected to provide independent verification of historical transactions.
For high value transactions, BCB Group staff also reserve the right to verify that the cryptocurrency wallet from which a client is sending cryptocurrency or to which BCB Group is asked to send cryptocurrency belongs to that client. This will typically consist of a small pilot transfer of cryptocurrency to the client wallet which the client will transfer back to evidence of client wallet control.
The head of compliance should be consulted in each source of funds request and, following receipt of relevant documentation, his/her consent obtained before any trade may take place.
Initial Coin Offering Liquidations
Unregulated token offerings (which fall outside the regulatory regime of a respected onshore financial services regime) are outside of BCB Group’s risk appetite and are not supported by BCB Group.
However, regulated security token offerings (STOs) that meet the criteria set out below do fall within BCB Group’s risk appetite and are supported by BCB Group.
Where corporate clients who have undertaken STOs are wishing to liquidate some or all of the cryptocurrency received from that STO, in addition to the CDD on the client and their directors/controllers set out above, clients will need to provide:
- Full details of the STO including nature of the offering, jurisdiction, advisers etc.
- Full details of the KYC/AML processes undertaken to verify the identities and source of funds for contributors. We would expect this confirmation to come from reputable advisers. If an STO project can use BCB Group’s own white labelled onboarding platform for AML/KYC purposes, this would be strongly preferred. Any project which does not operate KYC/AML checks for all investors will not be supported.
- Full details of any contributor to the STO who invested the fiat equivalent of more than Euros 15,000. Where any such contributor exists, the client will need to provide details of the contributor for KYC purposes.
Additional criteria for supported STOs are as follows:
- The token itself qualifies as a security under the relevant regulatory regime (such as Financial Services and Market Act in the UK, US securities law and SEC rules in the United States, Swiss securities law and FINMA rules in Switzerland etc).
- The token is being offered in compliance with a respected onshore regulatory regime (such as FSMA/FCA Conduct of Business Rules in the UK, Regulation S in the United States, FINMA rules in Switzerland). STOs through other jurisdictions, such as Malta, Gibraltar or Cyprus would not be within BCB’s risk appetite and will not be supported.
- The token offering is taking place through a regulated firm or platform in a respected onshore jurisdiction. STOs taking place through other jurisdictions, such as Malta, Gibraltar or Cyprus would not be within BCB’s risk appetite and will not be supported.