Basic BSA/AML and OTC Annual Training

  1. Introduction and Scope
  • Purpose: to ensure that all front‑facing personnel understand their role in the firm’s compliance with the Bank Secrecy Act (“BSA”) and related AML/CTF obligations, and to recognize, escalate and handle risks in our OTC crypto desk business.
  • Who this applies to: any staff engaging with business clients, onboarding, trading operations, OTC desk facilitation, stable‑coins/BTC ↔ USD flows.
  • Business model context: our desk buys stablecoins or BTC from business clients, pays them USD; and likewise sells USD from our stock in exchange for stablecoins/BTC from clients. That means we handle “fiat ↔ virtual asset” flows, which raise particular risks.
  • Regulatory framework overview (U.S.‑centric, plus international best practice): we must comply with BSA/AML obligations, sanctions screening (Office of Foreign Assets Control ‑ OFAC), terrorist financing (TF) rules, and apply a risk‑based approach consistent with Financial Action Task Force (FATF) guidance on virtual assets. Note: As a virtual‑asset service provider (VASP) or OTC crypto desk we must treat our flows like a money transmitter / MSB activity (in the U.S. context).
  1. AML / Money Laundering Basics for Crypto OTC
  • Definition of money laundering (ML): the process by which illicit proceeds are made to appear legitimate, typically via placement, layering and integration.
  • Why crypto & OTC desks are high risk: virtual assets can facilitate anonymity, speed, cross‑border movement, layering via exchanges, mixing, unhosted wallets; our model has fiat ↔ crypto flows which entail value conversion, increasing the risk of integration of illicit funds. The FATF notes that VASPs face ML/TF risks and should apply risk‑based controls.
  • Key high-risk behaviors/red flags for our business:
    • A business client offers large volume stablecoins or BTC with minimal business rationale or documentation for source of funds/wealth.
    • Client wants to convert crypto quickly into USD (or vice versa) with little counterparty transparency or uses multiple hops.
    • Client wants to use multiple unhosted wallets, self‑custodied addresses, or requests frequent wallet changes.
    • Jurisdictional risk: client from a high‑risk country, or counterparties in sanction‑sensitive regions.
    • Transactions structured to avoid thresholds, split to avoid review, or use of intermediaries.
    • Use of stablecoins that might mask value transfers or bypass traditional banking rails.
  • Role of front‑line staff: Know your customer (KYC)/customer due diligence (CDD) at onboarding; ask for and verify documentation; escalate unusual requests; observe client behavior; follow procedures when suspecting ML.
  • Documentation and record‑keeping: Ensure the needed fields are captured, consistent with internal policies and regulatory requirements (e.g., origin of funds, business purpose, transaction history).
  • Monitoring & escalation: Recognize suspicious activity, report to compliance/AML team for review, file Suspicious Activity Reports (SARs) when warranted. The regulators expect training and awareness of ML / TF risk.
  1. Terrorist Financing (TF) Risks
  • Definition: TF is the provision, collection, or movement of funds for terrorist acts or organizations.
  • Why crypto/OTC desks are sensitive: Virtual assets can be used to move value across borders quickly and may obscure the source or destination; business clients converting stablecoins/BTC ↔ USD may be part of complex networks.
  • Red flags:
    • Clients with no clear business purpose but asking to move value quickly or across borders.
    • Use of new or little‑known stablecoins, mixing services, anonymity enhancing technologies (AETs).
    • Transactions linked to sanctioned persons/entities (see next section).
  • Front‑line responsibilities: screening for PEPs (politically exposed persons), checking for unusual ties, asking for documentation, escalating if the transaction appears to be moving value without clear legitimate purpose.
  1. Sanctions / SD (Specially Designated) Persons / OFAC Screening
  • Overview: The OFAC enforces U.S. sanctions; firms must not transact with blocked persons or entities, and must screen for SDNs (Specially Designated Nationals). Required OFAC screenings are conducted at onboarding and throughout the Client\'s lifetime since the OFAC list is constantly updated. If a client is a PEP (Politically Exposed Person), it DOES NOT automatically means they are on the OFAC SDN list.
  • For crypto/OTC desks: when buying stablecoins/BTC or selling USD, you must ensure neither your client nor counterparties (wallet addresses, jurisdictions) are associated with SDNs or embargoed regions.
  • Key obligations:
    • Screen new clients and counterparties against current sanctions lists.
    • Screen transaction parties (wallet addresses, stablecoin issuer, counterparties) as part of ongoing monitoring.
    • Reject, block or freeze transactions if the counterparty is on a sanctions list.
    • Keep audit logs of screening and actions taken.
  • Red flags:
    • Client requests to use wallet addresses in embargoed jurisdictions or from known sanctioned entities.
    • Client uses complex routing or third‑party wallets to obscure link to a sanctioned party.
  • Note: Sanctions compliance is separate but complementary to AML/CTF obligations.
  1. Risk‑Based Approach & Our OTC Desk Controls
  • Risk‑Based Approach (RBA): We assess risk by customer, transaction type, jurisdiction, product (stablecoins/BTC), delivery channel. The higher the risk, the stronger our controls. This is consistent with FATF’s guidance for VASPs.
  • Specific controls for our desk:
    • Enhanced due diligence (EDD) for business clients requesting large or unusual OTC crypto/fiat swaps.
    • Source of funds/wealth checks for business clients with stablecoins/BTC.
    • Wallet address provenance checks: ensure transparency of wallet, history, and counterparties.
    • Transaction monitoring rules specific to fiat‑crypto flows: value thresholds, rapid conversion patterns, high volume stablecoin movement.
    • Sanctions screening and wallet‑address screening.
    • Documentation of business purpose: Why is the client converting stablecoins/BTC ↔ USD? Is there a legitimate commercial reason?
    • Periodic review of client activity, risk scoring, trigger reviews for changes.
  • Front‑line role: Ask the right questions at onboarding and during trades; document answers; escalate anomalies; maintain vigilance on behavior changes.
  • Training and documentation: As required by BSA regulatory guidance: training should cover relevant regulatory requirements, internal policies, ML/TF risks, and be tailored to our business line.
  1. Suspicious Activity Reporting & Escalation Process
  • When to escalate: any client‑behavior or transaction that doesn’t fit the expected business profile, has no discernible legitimate reason, involves high‑risk jurisdictions/wallets, tries to circumvent controls.
  • What front‑line staff should do: Immediately notify Compliance/AML team, provide all known facts (client, transaction details, wallet address, timing, counterparties). Do not alert the client that a review is underway.
  • SAR filing: The firm (via AML team) may file a SAR with Financial Crimes Enforcement Network (FinCEN) in the U.S. or relevant national body. Crypto‑asset related activity should be clearly described and flagged as such.
  • Documentation: keep internal records of review decisions, screening results, client communications, and actions taken.
  1. Practical Examples / Case Scenarios
  • Example 1: A business client requests to sell $5 million of stablecoins for USD via our OTC desk. They refuses to explain the business reason or provide documentation for how they acquired the stablecoins, use multiple self‑custodied wallets, and the chain history shows mixing. What do you do?
    • Ask for additional documentation on source of funds, wallet history, business purpose; escalate to compliance; review wallet transaction history; possibly decline or conduct EDD.
  • Example 2: A client wants to buy BTC from us via USD payment, then convert those BTC into stablecoins and send to an unhosted wallet in a high‑risk jurisdiction. What are the red flags and how to respond?
    • Red flags: unhosted wallet, high‑risk jurisdiction, conversion chain. Response: check sanctions lists, ask business purpose, verify client profile, escalate.
  • Example 3: A client is flagged in the sanctions screening as a PEP linked to an embargoed country but still wants to convert USD into stablecoins. How to respond?
    • Reject or block transaction; escalate to compliance; screen full ownership and beneficial owners; no deal until cleared.
  1. Front‑Line Personnel Responsibilities & Best Practices
  • Always follow the firm’s OTC desk procedures and your role’s checklist: ask key onboarding questions, verify documentation, verify wallet addresses.
  • Maintain client transaction history and monitor for unexpected behavior.
  • Raise questions if something looks off — don’t assume compliance will catch everything.
  • Keep current on firm’s policies, updates, sanctions list changes, emerging crypto‑risk typologies.
  • Treat confidentiality and escalation protocols seriously.
  • Keep accurate records of your interactions, questions asked, and answers received.
  • Remember: even if a transaction appears profitable, compliance risk and regulatory risk may outweigh short‑term gain.
  1. Emerging Trends & Crypto‑Specific Considerations
  • Travel Rule: For virtual asset services, originator/beneficiary information must accompany certain transfers.
  • Stablecoins: some stablecoins may be pegged, but still carry unique risks (issuer risk, redemption risk, jurisdictional risk). Stablecoins are NOT always less risky than BTC due to their peg to fiat currencies.
  • Self‑custody/unhosted wallets: harder to trace, higher risk for layering.
  • Privacy‑enhancing technologies (mixers, tumblers) and cross‑chain bridges: layering risk.
  • Rapid value movement, automated trading, dark‑pool OTC desks: add complexity.
  • Jurisdictional arbitrage: Some clients may operate in unregulated or loosely regulated crypto jurisdictions — extra caution required.
  • Regulators are increasing scrutiny of OTC desks and crypto‑asset exposures: our firm must keep strong policies and training up to date.
  1. Summary & Key Takeaways
  • You, as front‑line personnel, are the first line of defense in preventing money laundering, terrorist financing, and sanction evasion via our OTC desk business.
  • Always adopt a risk‑based mindset: ask questions, verify, escalate.
  • Know red flags and emerging crypto risks: stablecoins, self‑custody, jurisdiction risk, unverified wallets.
  • Screen for sanctions/SDNs and block or reject questionable transactions.
  • Document client interactions and transactions thoroughly.
  • Follow our firm\\\\\\\'s internal procedures and escalate when something seems abnormal.
  • Training is not a one‑time event: stay current, stay alert, stay compliant.

Trainer/Facilitator: Paul Conroy / LBIT Compliance

Start the Quiz

Enter your details to begin. You’ll be taken to the dedicated quiz page.



Privacy: Your name, email, and timestamp are stored to evidence completion.