6.4. BD Minter and Minter Compliance Requirements

Each Minter and its affiliates, such as the BD Minter, must have written policies, procedures, and internal controls designed to ensure compliance with the applicable laws within the jurisdiction in which they operate. Additionally, Minters need to have anti-money laundering procedures that are reasonably designed to prevent the Minter from facilitating money laundering and terrorist financing including know-your-customer policies, maintaining highly useful records for law enforcement and regulators and identifying and reporting suspicious activity, as appropriate. These controls must be designed to comply with the obligations of the Minter’s jurisdiction of incorporation or with the international standards recommended by the Financial Action Task Force, as specified below. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.

Minters need to maintain anti-money laundering and counter terrorist financing (AML/CFT) programs that are reasonably designed to manage and mitigate the Minter’s risks related to money laundering and terrorist financing. The nature and extent of the AML/CFT program depends upon a number of factors, including the nature, scale and complexity of the Minter’s operations, the diversity of its operations, including geographical diversity, its customer base, product and activity profile, and the degree of risk associated with each area of its operations, among other factors. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.

As part of its AML/CFT program, Minters need to obtain and verify the customer identification information as required by the laws of the jurisdiction within which it operates. Minters must also implement policies and procedures to collect additional information to verify the customer’s identity at the beginning of the customer relationship to demonstrate that the Minter can form a reasonable belief of the identity of its customer. Minters must also implement policies and procedures to conduct due diligence about its customer sufficient for the Minter to establish a customer’s risk profile and conduct ongoing monitoring. Such additional, non-core identity information, could include, for example an IP address with an associated time stamp; geo-location data; device identifiers; digital asset wallet addresses; and transaction hashes. Minters may simplify the extent of these due diligence measures where the risk associated with the customer relationship or activities is lower. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.

Minters need to implement policies and procedures that assist with identifying customers’ unusual or suspicious movements of funds or transactions indicative of potential involvement in illicit activity. These policies and procedures should ensure that the Minter can timely identify, investigate, and report customers’ unusual or suspicious activity in compliance with the requirements and timeframes imposed by the jurisdictions within which they operate. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.

Minters need to designate a person with the responsibility to ensure compliance with the AML/CFT program and oversee day-to-day operations concerning such compliance. This person must be empowered with sufficient authority and autonomy to implement the Minter’s AML/CFT program including access to sufficient resources as needed to mitigate the Minter’s risks of money laundering and terrorist financing. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.

Minters need to develop procedures to test the effectiveness of the AML/CFT program commensurate with the Minter’s level of AML risk exposure. The party designated to test the AML/CFT program must be independent, qualified, unbiased and free from any conflicting business interests that may influence the outcome of the compliance program test. The Minter’s policies should include provisions for tracking and remediating weaknesses identified as part of these independent reviews. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.

BD Minters need to implement a training program to ensure that all employees at the BD Minter, or independent contractors or third party service providers involved in the BD Minter’s and/or Minter’s operations, understand their obligations under the AML/CFT program. Such training should include senior management and the board of directors or other similar governing bodies of the BD Minter and Minter. The training program should be designed to provide appropriately detailed information to employees based on their level of responsibility regarding the AML/CFT program.

BD Minters and Minters need to, at all times, comply with all economic or financial sanctions or trade embargoes imposed, administered or enforced by the United States (including those administered by OFAC and the U.S. Department of State), the EU, and any other government authority with jurisdiction over the BD Minter and Minter. The Minter needs to maintain effective measures to ensure compliance with, and awareness of, its sanctions-related obligations. This includes implementing measures to conduct appropriate due diligence on customers’ underlying transactions and the parties involved by screening such parties against OFAC’s SDN list and EU sanctions and monitoring virtual asset wallet addresses against such lists. Additionally, these measures will monitor the jurisdictions within which its customers are domiciled to prevent the Minter from facilitating transactions on behalf of persons residing in any country, region or territory, or government thereof, that is the subject or target of comprehensive sanctions. These obligations can be fulfilled by the BD Minter on behalf and for the Minter.