We recently announced our excitement to helping solve the compliance puzzle for a lot of teams getting into the crypto ecosystem.

After working with a lot of different entrepreneurs, I felt there could be a huge amount of benefits from sharing what we’ve learned over the past 5 years working in Bitcoin. This is a follow up piece to my one that discussed the main drivers/rationale behind KYC & AML checks.

Ok, first off… Nice post before on the other stuff… Super helpful. Onto the next… I hear this term MSB all the time… What’s up with that? Also, what’s the difference between that and AML/KYC?

Good question! MSB stands for Money Services Business… it basically means is you registering your business with FinCEN (Financial Crimes Enforcement Network) because you believe that you fall under the category of handling money on behalf of other people to move it between different parties. When you register with FinCEN, it means you’re going to help them keep eyes on things. You’ll file various things to FinCEN as part of a compliance program (we talked about this in the last post!). E.g. Like if a particular customer seems suspicious… You would file a SARS report (Suspicious Activity Report)-ish.

Calm down on the acronymns! Geez.

Literally. The whole industry is all about acronymns. Hahaha…

So you guys are all reporting every activity that happens, every day?

Well not every single activity every day is reported because FinCEN likely have lives outside of work, and if every single business that touches money reported every single transaction, they would literally need hundreds of thousands of people manually reviewing every single time people spend money.

Instead (simplifying it down) they’re like:

“Ok guys, anybody touching money or being a middleman with money, report transactions to us that involve large sums over $X in currency conversions, or people that you deem suspicious actors”

Ok, sort of getting the gist… Give me some examples though to clarify?

No.

Huh?

Kidding, here’s some key examples for you based on what I mentioned above. This is mainly used when defining platforms and their different “flow of funds”, ugh, great. Just noticed that’s another term that needs explaining, I’ll come back to that in a sec.

Tom Cruise in Risky Business. Most partners will turn their back on you just like Tom is doing.

Your banking partners or companies you’re working with always size you up based on how “risky” you are to them and their business. I’m talking Risky Business. Risky meaning “Are you going to have your $hit together enough that means you too can keep an eye on things? Or are you going to just open the flood gates for people to act fraudulently or be bad actors, etc…”. Whether you or I think it’s risky, or even worth the time, that’s irrelevant if you’re doing business in that jurisdiction. Rules of the game pretty much… Those rules can/will change over time. For right now, it’s the hand we’ve been dealt so there’s little alternatives as far as I know!

Errrr… Not planning on trying to annoy my partnership opportunity i’ll make sure I get it sorted to reduce their risk. Could get a legal team onto it, or is there an app that covers what I need to do?

Tell that to a partner, or if they even get the slightest whiff of you not being well read on this stuff, you’re gone from their list of people they’d work with. Remember how we said in the last post that everyone has had to grind through the compliance maze, so they’re not going to go take a chance on your partnership opportunity if you’re risking the rest of the hard work they’ve already completed!

Kk, got it. Don’t open my mouth basically..

Hahaha, not far from that, yep! You’ve got to know your shit, and if you don’t know it find an expert/Chuck Norris compliance equivalent, and if neither of those are an option because of the costs, then learn it. Great work if you’re this far through the post! Means you’re trying to learn more. Solid.

Here’s an example of the categories that carry different risk:

This is from Stripe’s website. Like I mentioned a little bit earlier, this is a high level “Flow of funds”. See how it’s got the different parties involved, the arrows showing which way money is moving, and through who? Yep. These are par for the course.

Nice! Ok, this is helpful, we’re getting somewhere… So what do MSB’s do, who want to work with another MSB? Sounds too complex, but surely they do somehow?

Good point. Btw, not everyone in the diagram above is an MSB. That’s for you your newly found Chuck-Norris-Compliance-Equivalent to evaluate. When banks onboard money service businesses, banks take on additional risk since the money service business is operating a high-risk regulated entity within the bank’s scope. Typically, the bank will do enhanced due diligence (extra checks) to open a transacting account for the money service business and it could take anywhere between 2–12 months to open the account.



Banks will review the MSBs’ AML/KYC policies and will enter the associated risk levels within the bank’s back office management system. The bank completes the this and tests the compliance program; this provides the bank with the needed data to evaluate the level of risk that they are willing to take on the money service business.

The bank, themselves, have regulators, and are expected to be compliant within their own AML/KYC policy. As the money service business operates within the bank’s scope, they do this all without the bank needing to onboard all the money service businesses customers (know your customers, customers — “KYCC”).

The bank has the right to all the money service businesses’ due diligence on their customers and will regularly audit to ensure that the MSB is within compliance.

Yeah, you can smell the cluster of headaches already I’m guessing!

So they DO work together… But it’s not the norm… Optimistically it’s on a case by case basis?

Exactly, yep. We’ve got some partners that we’ve worked with for a long time, and that is part of de-risking yourself in a way. Understanding how they work/operate/etc… But this is the point of writing this stuff. It takes a lot of time and effort to get there. Most entrepreneurs/developers building something cool aren’t speaking in years, they’re talking in days/weeks for MVP’s to get out the door!

So what do you do if you’ve got the same customers? Everyone is doing their own verifications… Isn’t that just redundant?

There’s so much double handling by MSB’s, especially in crypto. Here’s a loose example.