Login
Contact Sales
Login
CONTACT SALES
U.S. Targets Bank M.Y. Safra in First-Ever Crypto AML Action

U.S. Targets Bank M.Y. Safra in First-Ever Crypto AML Action

by | Mar 2, 2020 | Compliance Updates, iComply Insights

U.S. Targets Bank M.Y. Safra in First-Ever Crypto AML Action

OCC Hits New York-Based Bank with First Ever Enforcement Action for Lack of Crypto AML Compliance

What Happened?

February 27, 2020: The U.S. OCC (Department of Treasury Office of the Comptroller of the Currency) took action publicly against M.Y. Safra Bank is the first in a new wave of enforcement for VASPs (virtual asset service providers).

According to the OCC order, the AML policies and procedures MYSB had in place were ineffective at identifying whether their clients were transacting with stolen or laundered virtual assets, such as Bitcoin and Ethereum cryptocurrencies and security tokens.

This inability to identify, investigate, or report this suspicious activity further prevented the bank from filing the appropriate SARs (suspicious activity reports) with FinCEN.

Source: https://www.occ.gov/static/enforcement-actions/ea2020-005.pdf

Who Is Impacted?

Any VASP–banks, crypto-exchanges, OTC desks, fintechs, etc.–dealing with virtual assets and serving U.S. customers.

Why This Matters?

The action taken against M.Y. Safra Bank is a strong indication that bank regulators such as the OCC, Federal Reserve Bank, and the FDIC (Federal Deposit Insurance Corporation) have already gathered enough information on VASPs to begin a campaign of targeted enforcement.

It also demonstrates that these regulators expect VASPs to have the capacity to identify and properly assess the risk of the clients and transactions they are serving. The regulator gives clear direction that the AML obligations of traditional finance apply to any virtual asset transaction.

What’s Next?

The MYSB board of directors has 60 days to respond with a comprehensive compliance program that is able to stand up to stress testing from an independent third party.

VASPs serving US users, clients, or investors should be able to clearly demonstrate that their KYC, risk screening, blockchain forensics, and transaction monitoring tools are integrated into an effective AML program – backed by comprehensive, written policies and procedures manuals, and audited by an independent expert.

Furthermore, compliance teams should review their AML providers to ensure they are not just paying for a KYC onboarding tool or identity verification APIs.

Ongoing monitoring programs are required – existing users should be screened regularly for AML risk such as whether they have appeared on global sanctions, watchlists, or adverse media risks, and whether they represent political exposure.

For iComply clients, our ongoing monitoring feature will perform these tasks on a daily basis and only provide alerts if a new risk is identified. Speak with your account manager for more information.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

The Future of Compliance is Decentralization
The Future of Compliance is Decentralization

May 28, 2025

Enhance security, streamline workflows, and empower customers with decentralized compliance solutions. Learn how edge computing, SSI, and AI-powered transaction monitoring are reshaping KYC, KYB, and AML.

European Union Blacklists Non-Cooperative Tax Havens

European Union Blacklists Non-Cooperative Tax Havens

by | Feb 28, 2020 | Compliance Updates, iComply Insights

European Union Blacklists Non-Cooperative Tax Havens

EU Targets Cayman Islands, Panama, Seychelles, and Palau For Lack of Beneficial Ownership Transparency And Abusive Tax Practices

What Happened?

February 28, 2020: The European Union blacklisted four additional jurisdictions–Cayman Islands, Panama, Seychelles, and Palau. The EU list of non-cooperative jurisdictions helps member states deal more robustly with countries that encourage abusive tax practices.

Source: https://www.consilium.europa.eu/en/policies/eu-list-of-non-cooperative-jurisdictions/

Who Is Impacted?

Businesses engaged in transactions with entities (individuals, organizations, or governments) based in, or operating through, the listed jurisdictions.

Why This Matters?

Entities operating in or through blacklisted countries will have increased difficulty accessing funding programs. Private capital transactions may be subject to significant withholding taxes, and companies operating in or through these jurisdictions must implement additional compliance measures.

What’s Next?

Effective January 1, 2021, EU member states will be required to implement measures for any transaction with entities based in Grand Cayman, Seychelles, Panama, and Palau. Member states are required to implement at least one of four tax measures before this date. Tax measures can include withholding tax on any funds sent to the listed jurisdiction, enhanced AML screening requirements for foreign beneficial ownership and control, and restrictions on tax deductions.

The targeted jurisdictions will have to demonstrate cooperation with the EU in the form of changes to corporate ownership and tax transparency. The EU blacklist of non-cooperative jurisdictions is updated twice a year; the next update will occur in October 2020.

Investors based in the EU can remain invested in funds based in listed jurisdictions–such as the Cayman Islands, a major offshore hotspot for U.S. institutional investors. However, new transactions may be subject to additional reporting, withholding tax (which can drastically increase the cost of making an investment), or other measures which may vary significantly between EU member states.

Compliance teams should review their obligations to identify all related parties under the EU Mandatory Disclosure Regime (DAC 6). For example, any payment involving an entity related to an entity in the Cayman Islands may need to report the activity to the “home country” within 30 days as per DAC 6. Reporting requirements are expected to take effect as of July 1, 2020. 

For online financial service providers in the EU, KYC onboarding tools must be able to distinguish between entity types, such as natural persons vs legal or incorporated entities. Corporate onboarding tools should be tested to ensure they can accurately identify and verify related parties–such as everyone with control or beneficial ownership in the company–involved in the transaction. Where a transaction has a related party operating from or through this jurisdiction, enhanced due diligence and government reporting may be required.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

The Future of Compliance is Decentralization
The Future of Compliance is Decentralization

May 28, 2025

Enhance security, streamline workflows, and empower customers with decentralized compliance solutions. Learn how edge computing, SSI, and AI-powered transaction monitoring are reshaping KYC, KYB, and AML.

Regulators Take Action Against Online FX Broker JT Trader

Regulators Take Action Against Online FX Broker JT Trader

by | Feb 27, 2020 | Compliance Updates, iComply Insights

Regulators Take Action Against Online FX Broker JT Trader

BCSC Says “Global” Platform For Institutional and Retail Clients Operating Without a License

What Happened?

February 26, 2020: The BCSC announced that JT Trader Financial Services Ltd. was serving residents of British Columbia without a license to do so. According to its website, JT Trader is an online foreign exchange broker that offers cutting-edge trading tools to institutional and retail clients globally.

Source: https://www.bcsc.bc.ca/Enforcement/Investment_Caution_List/JT_Trader_Financial_Services_Ltd_/

Who Is Impacted?

Financial service providers offering foreign exchange, virtual asset, or fintech solutions serving audiences in multiple states (United States), provinces (Canada), or countries (Global). Risk managers for online payment services and money transfer businesses–such as Meastro, Visa, Mastercard, and WebMoney who serve JT Trader–will need to identify and reassess their own risk in doing business with and enabling these transactions for JT Trader.

Why This Matters?

According to the BCSC, JT Trader was operating out of Toronto, in the Canadian province of Ontario. Ontario is regulated by the OSC (Ontario Securities Commission). Both BCSC and OSC are members of the CSA (Canadian Securities Administrators). Due to the nature of JT Trader’s business, they will need to secure regulatory approval from every provincial regulator where they have at least one user.

What’s Next?

JT Trader’s actions have placed the company on several international watchlists and adverse media lists. Companies who serve JT Trader will need to complete risk assessments to determine if they can continue to support their business activity.

Compliance teams should consider whether their AML tools can easily identify what jurisdiction their user is from and whether they are legally able to serve the user.

If the proper licenses are in place and the user is accepted, the KYC and AML procedures need to meet the regulatory requirements of the user’s jurisdiction. An intelligent AML program should enforce country-specific workflows for user authentication, identity verification, document verification, risk screening, and data privacy.

Business managers should ensure their compliance teams are not wasting money and resources on users from jurisdictions that the company is not able to serve and, subsequently, should not be onboarding.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

The Future of Compliance is Decentralization
The Future of Compliance is Decentralization

May 28, 2025

Enhance security, streamline workflows, and empower customers with decentralized compliance solutions. Learn how edge computing, SSI, and AI-powered transaction monitoring are reshaping KYC, KYB, and AML.

Hong Kong and Abu Dhabi Adopt the FATF Travel Rule

Hong Kong and Abu Dhabi Adopt the FATF Travel Rule

by | Feb 24, 2020 | Compliance Updates, iComply Insights

Hong Kong and Abu Dhabi Adopt the FATF Travel Rule

Regulators in Asia & Middle East Roll Out FATF R15.7b

What Happened?

February 24, 2020: Hong Kong and Abu Dhabi joined South Korea, Switzerland, and Singapore in adopting new policies and amendments to comply with the Virtual Asset recommendations made by global financial watchdog FATF.​

Sources:
Hong Kong – https://www.fatf-gafi.org/media/fatf/documents/reports/mer4/MER-Hong-Kong-China-2019.pdf
Abu Dhabi – https://www.adgm.com/media/announcements/fsra-updates-its-virtual-asset-regulatory-framework

Who Is Impacted?

Any VASP, as well as dealers in precious metals, stones, and jewelry, operating in Hong Kong and Abu Dhabi. This includes, but is not limited to, custody providers, trading platforms, and investment platforms.

Why This Matters?

Pending a period of public consultation, businesses now have a closing window of opportunity to bring their systems, policies, and procedures in-line with the changes included in these updates – especially if they want to continue to serve customers in Hong Kong or Abu Dhabi.

What’s Next?

Enforcement. As we saw in the United Kingdom (effective January 10, 2020) or in Singapore under the new PSA (Payment Services Act), businesses have a short window to contract an independent firm to audit their compliance systems and processes, to fill gaps in their AML program and software, and to file regulatory paperwork.

As we saw in Canada, Singapore, and the United Kingdom, this increased clarity from the regulators in Abu Dhabi and Hong Kong is expected to create problems for businesses with weak or non-existent AML programs. Today, many digital asset firms in both countries are operating without institutional-grade compliance tools for onboarding, KYC refresh, AML screening, and transaction monitoring. It is likely that the firms that are not using cost-effective solutions or have not budgeted for compliance in their business model, will either cease to exist or look to be acquired – potentially transferring their liability baggage to their acquirer.

Dealers in precious metals, stones, and jewelry are also impacted and must now implement an AML program capable of maintaining a risk-based approach for their business. This is similar to the art and collectibles industry in the United Kingdom who were taken by surprise in January when they discovered that they were now required to implement AML programs. This increase in operating cost is likely to drive significant changes to these business models as enforcements begin.

Compliance teams should review user data including IP addresses, geofencing, the jurisdiction of nationality, and jurisdiction of domicile to identify potential exposure to these new regulations. Potential risks should be assessed and written AML policies and procedures should be reviewed against the new requirements.

VASP executive teams, major shareholders, and board members should take actions to limit their personal liability and exposure–such as ensuring their staff receives updated AML training, having their AML tools audited by an independent professional, and ensuring the new costs of compliance do not hinder the viability of the business.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

The Future of Compliance is Decentralization
The Future of Compliance is Decentralization

May 28, 2025

Enhance security, streamline workflows, and empower customers with decentralized compliance solutions. Learn how edge computing, SSI, and AI-powered transaction monitoring are reshaping KYC, KYB, and AML.

Regulators Take Action Against Online FX Broker JT Trader

Securities Commissions Targets OTC and Virtual Asset Trading Platform BitPrime

by | Feb 21, 2020 | Compliance Updates, iComply Insights

Securities Commissions Targets OTC and Virtual Asset Trading Platform BitPrime

Regulators Take Action Against Bitprime Ltd For Onboarding Users Without Local Licensing.

What Happened?

February 20, 2020: The BCSC identified that due to an inadequate KYC & AML program, Bitprime Ltd was onboarding clients they were not allowed to serve. BitPrime operates a platform that offers the retail trading of cryptocurrency assets.

Source: https://www.bcsc.bc.ca/Enforcement/Investment_Caution_List/Bitprime_Ltd__dba_Bitprimeprofx/

Who Is Impacted?

Fintech platforms, wealth managers, VASPs, and financial service providers who are serving users, clients, or investors in more than one jurisdiction.

Why This Matters?

Many online financial services businesses who have acquired licensing in a single jurisdiction believe that their license means they can serve the world.

This regulatory action shows that the BCSC, along with other IOSC (International Organization of Securities Commissions) members – which includes the U.S., the EU, Canada, Australia, and others – have a very different opinion on the matter.

The reality is, you can only serve the jurisdictions where you have both a license to operate in and a compliance program in place capable of meeting the local regulations of your user.

What’s Next?

BitPrime’s actions have placed the company on several international watchlists and adverse media lists. Companies and virtual asset traders who do business with BitPrime may now be subject to increased regulatory scrutiny, and they are likely to start showing up in the more sophisticated blockchain forensics tools.

To avoid this situation, BitPrime could have used a digital onboarding tool that had the capability to identify the prospective user’s jurisdiction, preventing those user accounts from being created.

While this is a relatively simple gap to close, most fintech platforms do not understand how vital it is to screen for this type of risk.

In order to avoid these regulatory actions, fintech platforms should test their compliance systems to ensure their onboarding tools can reject a user based on jurisdiction. Furthermore, these tools should be smart enough to identify and reject these users without incurring the full cost of KYC.

Executives should ensure their compliance teams are saving time and money by not wasting resources through onboarding and screening clients that the business is not able to serve.

learn more

Is your AML compliance too expensive, time-consuming, or ineffective?

iComply enables financial services providers to reduce costs, risk, and complexity and improve staff capacity, effectiveness, and customer experience.

Request a demo today.

The Future of Compliance is Decentralization
The Future of Compliance is Decentralization

May 28, 2025

Enhance security, streamline workflows, and empower customers with decentralized compliance solutions. Learn how edge computing, SSI, and AI-powered transaction monitoring are reshaping KYC, KYB, and AML.

FATF Guidance For a Risk-Based Approached: Virtual Assets and Virtual Asset Service Providers

FATF Guidance For a Risk-Based Approached: Virtual Assets and Virtual Asset Service Providers

by | Jun 24, 2019 | Compliance Updates, iComply Insights

The Financial Action Task Force (FATF) first began weighing in on Cryptocurrency and Virtual Assets in June, 2014.  In 2015 the FATF’s guidance was focused on the interfaces between fiat currency and virtual currency. Since that time, the FATF and its 39 member countries have evolved their approach to Virtual Assets (VAs).  With the release of its June, 2019, Guidance For a Risk-Based Approached:  Virtual Assets and Virtual Asset Service Providers, the FATF has adopted a like-for-like approach to regulations with virtual assets.  Virtual Asset Service Providers (VASPs) must comply with the same regulations as traditional Financial Institutions.

To that end, the FATF has provided detailed guidance defining virtual assets, virtual asset service providers, and how regulations should apply.  While cryptocurrency is included under the umbrella of virtual assets, the definition is not limited to cryptocurrency. virtual assets are digital representations of value “that can be digitally traded or transferred and can be used for payment or investment purposes.” (pg. 13)  It is important to note that virtual assets do not include digital representations of fiat currency or securities and also do not include closed-loop systems such as airline miles, credit card awards, or other loyalty point systems. (pg 17)

Virtual asset service providers include any business that conduct one or more of the following activities: (pg 13-14)

  1. Exchange between virtual assets and fiat currencies;
  2. Exchange between one or more forms of virtual assets;
  3. Transfer of virtual assets;
  4. Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets;
  5. Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset. 

This includes businesses that maintain custody or control of a 3rd party’s funds or wallets, which includes virtual asset escrow services, online wallet services, and brokerage services, regardless of whether they are centralized or decentralized. The FATF makes some clear distinctions as to which types of businesses are required to follow industry-standard AML/KYC processes:

  • Software and hardware providers of cryptocurrency wallets where the end-user stores and owns their private keys are not considered VASPs
  • Manufacturers of Bitcoin ATMs are not VASPs, but the operators of those machines may be considered VASPs based on the limitation of the value of the transactions allowed.
  • Decentralized Exchanges (DeX) may or may not be classified as a VASP depending on whether or not they facilitate trades.  If a DeX serves only as a message board or meeting place for offers and bids for trades where the trades take place outside of the system, the DeX is not a VASP.  If the DeX processes or facilitates the trade, it is a VASP and must comply with appropriate AML/KYC requirements.

Much of the June 2019 guidance is directed toward countries and their Financial Intelligence Units (FIUs).  The FATF maintains a perspective that due to the anonymity of users and the potential to obfuscate transaction flows, virtual assets pose greater money laundering and terrorist financing risk and therefore may require enhanced due diligence and additional regulatory scrutiny.  This may be manifested as additional regulations for VAs and VASPs, but it also may include complete bans on VAs, VASPs, or both.

As part of the like-for-like approach that FATF has taken with VAs and VASPs, the FATF is recommending countries require VASPs to comply with the same rules including:

  • Freezing funds associated with money laundering or terrorism;
  • Confiscating funds or property that have been directly laundered, are the proceeds from financial crime, or have been used (or are intended to be used) for terrorist or terrorist financing;
  • Requiring VASPs to be licensed and/or registered by appropriate regulatory bodies;
  • Providing appropriate sanctions against VASPs that do not comply with AML/KYC policies;
  • Requiring VASPs to submit Suspicious Activity Reports (SARs), Suspicious Transaction Reports (STRs), and CTRs (Currency Transaction Reports (CTRs);
  • Providing monitoring of VASPs by regulatory bodies to ensure compliance with AML/KYC regulations;
  • Maintaining transaction records;

In addition to these policies, the FATF and its member countries are recommending implementation of the Travel Rule, which requires VASPs to gather, simultaneously and securely, details on the originator and beneficiary of all transactions between two VASPs.  This includes names, wallet addresses, account numbers, physical addresses, national ID numbers, and other details that may be applicable such as device identifiers, IP addresses, and transaction hashes.  There is currently no mechanism in place for this information exchange between VASPs. For traditional, fiat currency, this information is included as part of the SWIFT message. As cryptocurrency transfers occur on the blockchain itself, these details cannot be sent as part of those messages.  This poses a significant challenge for the entire cryptocurrency industry. There must be a balance between reducing the risk of money laundering and terrorist financing and the open nature of cryptocurrency.

It is important to note that the FATF does not have regulatory power, nor can it implement any sanctions against countries that do not follow its guidance.  Only weeks after the FATF guidance, member states of the G20 met at the G20 Summit in Tokyo, Japan and agreed to implement these recommendations within a year and other countries are likely to follow suit. Additionally, the FATF’s guidance is only intended to address AML/KYC concerns, not issues of taxation (except for issues of tax evasion as per the AML4 directive), consumer protection, securities, banking, or commodities.

About iComply Investor Services Inc.
iComply Investor Services Inc. (iComply) is Regtech for Fintech, an award-winning software company focused on reducing regulatory friction in the digital finance. With powerful data, verification, tokenization solutions, iComply helps companies overcome the cost, complexity, and risks of multi-jurisdictional compliance in order to effectively access new markets. Learn more: iComplyIS.com

The Future of Compliance is Decentralization
The Future of Compliance is Decentralization

May 28, 2025

Enhance security, streamline workflows, and empower customers with decentralized compliance solutions. Learn how edge computing, SSI, and AI-powered transaction monitoring are reshaping KYC, KYB, and AML.

Vaidyanathan Chandrashekhar

Vaidyanathan Chandrashekhar

Advisors

“Chandy,” is a technology and risk expert with executive experience at Boston Consulting Group, Citi, and PwC. With over two decades in financial services, digital transformation, and enterprise risk, he advises iComply on scalable compliance infrastructure for global markets.
Thomas Linder

Thomas Linder

Advisors

Thomas is a global tax and compliance expert with deep specialization in digital assets, blockchain, and tokenization. As a partner at MME Legal | Tax | Compliance, he advises iComply on regulatory strategy, cross-border compliance, and digital finance innovation.
Thomas Hardjono

Thomas Hardjono

Advisors

Thomas is a renowned identity and cybersecurity expert, serving as CTO of Connection Science at MIT. With deep expertise in decentralized identity, zero trust, and secure data exchange, he advises iComply on cutting-edge technology and privacy-first compliance architecture.
Rodney Dobson

Rodney Dobson

Advisors

Rodney is the former President of ADP Canada and international executive with over two decades of leadership in global HR and enterprise technology. He advises iComply with deep expertise in international service delivery, M&A, and scaling high-growth operations across regulated markets.
Praveen Mandal

Praveen Mandal

Advisors

Praveen is a serial entrepreneur and technology innovator, known for leadership roles at Lucent Bell Labs, ChargePoint, and the Stanford Linear Accelerator. He advises iComply on advanced computing, scalable infrastructure, and the intersection of AI, energy, and compliance tech.
Paul Childerhose

Paul Childerhose

Advisors

Paul is a Canadian RegTech leader and founder of Maple Peak Group, with extensive experience in financial services compliance, AML, and digital transformation. He advises iComply on regulatory alignment, operational strategy, and scaling compliance programs in complex markets.
John Engle

John Engle

Advisors

John is a seasoned business executive with senior leadership experience at CIBC, UBS, and Accenture. With deep expertise in investment banking, private equity, and digital transformation, he advises iComply on strategic growth, partnerships, and global market expansion.
Jeff Bandman

Jeff Bandman

Advisors

Jeff is a former CFTC official and globally recognized expert in financial regulation, fintech, and digital assets. As founder of Bandman Advisors, he brings deep insight into regulatory policy, market infrastructure, and innovation to guide iComply’s global compliance strategy.
Greg Pearlman

Greg Pearlman

Advisors

Greg is a seasoned investment banker with over 35 years of experience, including leadership roles at BMO Capital Markets, Morgan Stanley, and Citigroup. Greg brings deep expertise in financial strategy and growth to support iComply's expansion in the RegTech sector.
Deven Sharma

Deven Sharma

Advisors

Deven is the former President of S&P and a globally respected authority in risk, data, and capital markets. With decades of leadership across financial services and tech, he advises iComply on strategic growth, governance, and the future of trusted data in AML compliance.