FCC Controls Design and Risk Assessment of a Global Cryptoexchange
-
March 16, 2022
-
FTI Consulting experts assisted the Bank to ensure they have a clear understanding of the VASP, their underlying client base and to confirm whether key FCC controls exist and are fit-for-purpose, such that the financial crime risks to the Bank are sufficiently known and can be adequately controlled.
FTI Consulting professionals developed a VASP due diligence and risk classification framework that the Bank can apply as and when the Bank onboards and / or partners with any additional VASPs in the future.
Situation
The Bank is considering acting as a designated dealer for a US-based VASP. A designated dealer is an institution responsible for handling base currencies and foreign exchange (‘FX’) for a VASP and would interact with the Blockchain platform to create and redeem cryptocurrency coins on behalf of the VASP.
Though VASPs are accountable to take steps to mitigate ML/TF risks they are exposed to and are required to take a risk-based monitoring approach that is commensurate with respective jurisdiction risks, the designated dealer Bank must me knowledgeable and comfortable with the VASP’s business, risk exposure and the controls established by the VASP to address those risks, service and exposure.
Given this is the first time the Bank was onboarding a cryptocurrency VASP, the Bank contracted the experts at FTI Consulting to review and advise on the draft due diligence standard prepared (in consideration of UK and Singapore regulatory requirements and US industry practice), and assist the Bank in executing the standard, as well as identify key risks and other mitigating facts necessary to inform the Bank’s business, compliance, and risk decision making.
Our Role
With the lack of global regulatory and technical implementation compliance standards for cryptocurrencies, and the key feature of this cryptocurrency being the inclusion of peer-to-peer transactions across jurisdictions high on the transparency and corruption index, The team at FTI Consulting focused the initial part of the assessment identifying Risk Typologies applicable to the cryptocurrency and the VASP.
FTI Consulting experts then developed an inherent risk classification framework taking into consideration the risk exposure corresponding to the different transaction types, features, jurisdictions, channels and services.
Leveraging this framework, the experts at FTI Consulting scored the applicable Risk Typologies, and determined the inherent and residual risks based on the VASP’s customer and transaction exposure during Beta launch and beyond, strength of the VASP’s FCC programme fundamentals and controls, and the Blockchain Platforms supplemental controls and mitigants in consideration of leading US, UK, and Singapore VASPs, regulatory imperatives, and industry views.
The team also assessed the risk exposure as and when the VASP would expand its products/services, and identified a list of go-forward risk management considerations for the Bank.
Our Impact
FTI Consulting experts assisted the Bank to ensure they have a clear understanding of the VASP, their underlying client base and to confirm whether key FCC controls exist and are fit-for-purpose, such that the financial crime risks to the Bank are sufficiently known and can be adequately controlled.
FTI Consulting experts developed a VASP due diligence and risk classification framework that the Bank can apply as and when the Bank onboards and / or partners with any additional VASPs in the future.
FTI Consulting developed a VASP due diligence and risk classification framework that the Bank can apply as and when the Bank onboards and / or partners with any additional VASPs in the future.
Published
March 16, 2022
Key Contacts
Senior Managing Director, Head of Asia Financial Crime Compliance, Co-Head of Southeast Asia Investigations