In our experience as regular advisors to startups, regulatory requirements pose one of the biggest challenges for young companies. This is especially true for financial market regulation, which has been getting more and more comprehensive during recent years. The jungle of financial market laws can be difficult to navigate and there are many pitfalls you need to be aware of.
Somewhat of an evergreen for many companies, especially in the FinTech and Blockchain sector, are know-your-customer (KYC) and anti-money laundering (AML) requirements. The applicability of the Swiss Anti-Money Laundering Act is rather broad. Therefore, many different FinTech and Blockchain business models in connection with e.g. payment instruments, payment systems, lending activities or individual portfolio management are well within the touching points of the regulation.
This blogpost will give you an overview of how to approach anti-money laundering regulation as a startup. We will outline the different approaches you can take, the process of obtaining your membership with a Swiss Self-Regulatory Organization as well as ongoing know-your-customer duties. Additionally, we have prepared a brief overview of the regulatory framework.
Overview of the regulatory framework:
The Swiss AML regulation is made up of three core principles:
- Duties: Financial intermediaries are required to identify their clients as well as the beneficial owner of the assets, keep and maintain client files, supervise their client relationships, implement organizational measures and report events of suspected money laundering.
- Supervision: To ensure proper fulfillment of these duties, all financial intermediaries are supervised.
- Sanctions: In case of non-compliance with these duties, the financial intermediaries may be sanctioned.
The Anti-Money Laundering Act applies to all financial intermediaries. These can be divided into two different groups:
- Banking sector: The first group contains several regulated entities such as banks, securities dealers or insurance companies. These entities are per se financial intermediaries.
- Parabanking sector: Any person can fall into the second group merely by virtue of its professional activities. Hence, the legal definition covers anyone that, on a professional basis, accepts or holds or deposits third party assets or that assists in the investment or transfer of such assets. A professional basis is assumed if the following quantitative benchmarks are met:
- Gross profit equal to or in excess of CHF 50’000 per year;
- Contractual agreements with more than 20 parties per year;
- Unlimited authority to dispose of third party assets in excess of CHF 5 million; or
- The conduct of transactions in excess of CHF 2 million per year.
Three different approaches
First, you need to find out whether your business is subject to the AML regulation in the first place. This will require an evaluation of your business model and the activities you conduct. As a rule of thumb, you should be alert if your activities somehow include assisting in transferring assets for, or holding assets of, clients or third parties.
Once you have established that you are subject to the regulation, there are basically three different approaches you can take:
- Structure around the regulation: You can restructure your business model so none of your activities trigger the regulatory requirements. Although this can be an option worthwhile exploring, it would quite often require you to stray too far from your initial idea.
- Seek cooperation: You can try to cooperate with a regulated player such as a bank and seek to outsource all financial intermediation activities.
- Ensure compliance yourself: Mostly, the best approach is to just stick to your business model and comply with the regulatory requirements. Compliance is relatively easy to achieve and requires membership with one of eleven Swiss Self-Regulatory Organizations (SROs) and the implementation of KYC procedures.
If you decide to go with the third approach, you need to become a member of an SRO. The SRO will be supervising you to ensure you comply with all duties imposed by the anti-money laundering regulation. You are not allowed to start engaging in your business activities prior to having obtained an SRO membership.
The membership application process can be divided into the following steps:
- Deciding on an SRO: First, you need to decide which SRO you want to become a member of. Certain SROs are specialized on specific industries while others cover the entire range.
- Preparing your application: Once you have decided which SRO you want to go with, you then have to prepare all your application documents. This includes information about your business model, the setup of your company, your internal anti-money laundering guidelines as well as personal information about the key stakeholders in your business. Additionally, you will need to designate a person as anti-money laundering officer either within your business or outsource the function externally. In any case, you are required to prove that the designated person has undergone some training in the field of anti-money laundering.
- Submitting your application: Once you have gathered all your documents, you can then submit the application which – after having paid your application processing fee – will then be reviewed. The reviewing process usually takes a few weeks and as part of it, the SRO will often ask for a meeting with you to further discuss certain elements of your application and request some changes.
- Post-approval: After you have successfully obtained your membership, you are ready to start engaging in your business activities. The SRO will then periodically audit you to check whether you comply with all the regulation in your day-to-day activities. It is your duty to ensure compliance and to train your staff accordingly.
Once an SRO member, you must ensure your day-to-day KYC procedures are working effectively. Know-your-customer can generally be described as the identification and the risk assessment of clients as part of their onboarding as well as an ongoing monitoring of the client relationship. In essence, this means collecting and storing information about the client based on which you assess money-laundering and related risks. Setting up your KYC procedures takes some initial work but will ultimately be a largely repetitive task to execute. There is also the possibility to onboard clients via digital channels, e.g., by means of video transmission and other forms of online identification if the FINMA guidelines on the subject are being met.
Financial market regulation is a hurdle for many startups, especially in the FinTech and Blockchain sector. Usually, the first challenge lies in assessing what laws and regulation apply to your specific business. With its broad applicability, chances are that you fall within the scope of AML regulation. While there are different approaches on how to handle the regulation, in most cases you will want to seek membership with a Self-Regulatory Organization.
The process of evaluating your business model and obtaining your membership involves several steps and does require some planning ahead. In any case, you need to wait until you become an SRO member before you can start conducting business. Once a member, you must ensure you properly execute your day-to-day KYC duties.