Navigating the financial segment as an AML regulated entity

1. Business model and the nature and scope of your operations
   What services and products does your business offer (P2P exchange, on ramp only, on & off ramp, do you offer your wallets or allow the crypto to be purchased into an external wallet, etc.)? What countries do you serve, and what type of customers (retail clients, corporate clients, or both)?

2.  Who are the people in control of and directing the business
   Adequate identification of the natural persons controlling the business, whether as direct or indirect owners, through other legal entities. In the case of high-risk, such as Virtual asset providers (VASPs), it is recommended to identify up to those holding at least 10% of the shares. 

3.  How were the funds to open and run the business acquired
   What is the founders' source of wealth? How did they generate the wealth used to start this business? 

4.  Who are your counterparties
   In connection to point 1., whether you expect to transact funds with C2B or B2B customers and what jurisdictions. If B2B, what type of industries make up for your most significant customer segments?

5.  How do you ensure that your compliance and security processes meet regulatory requirements? 
   How robust are your AML controls, from your AML policy to the operational implementation, and whether an independent, expert person has been appointed responsible for AML? Providing this information right from the start of your application will help ensure the review process goes as efficiently as possible. 

In addition to the above, applicable to all businesses, AML-regulated businesses, e.g., financial institutions, virtual asset service providers (VASP), and licensed gambling and Forex providers, are also subjected to additional due diligence reviews due to the nature of the regulated business and specific risks. Every AML-regulated business should ensure to provide the following information at the beginning of their application:

• AML policy.

• Copy of your license (when a license is required, or proof of registration as a VASP, when only registration is required in the given jurisdiction).

• Risk assessment. 

Some typical blockers include:

• Your company is not properly licensed or still waiting for license approval.

• Documents are in a foreign language and/or not notarised or from an official source (e.g., local government business register).

• Your business structure is not adequately explained from the beginning.

• Your compliance controls are not sufficient in line with regulatory requirements.

• Your business has not appointed an independent expert as the responsible person for AML (instead, it is a director or beneficial owner).