Money Laundering, Terrorism and Proliferation Financing Risk Module for Virtual Asset Service Providers (VASPs)

Exposure to External Risks - Money Laundering or Terrorism Financing Risks; Proliferation Financing Risks; Sanctions or Geopolitical Risks; Fraud and Scam Risks and Other Financial Crimes.

National Risk Assessment Considerations - Criminal Threats; Sector Vulnerabilities; Regulatory Expectations; Enforcement and Supervision; International Standards and Divergence; Legal and Judicial Systems and Emerging Regulations.

Exposure to Internal Risks - Governance and Oversight; AML/CTF Program Alignment to Risks; AML/CTF Program Non-Compliance and Regulatory Reporting.

Exposure to Operational Risks - Business Location Risk; Outsourcing Risk; Employee Risk; New or significant business changes and Emerging or forward looking risks.

Customer Base Profile - Customer Type; Customer Location and Changing customer base profile.

Customer Legal Form Risk - Proportion of higher risk customer types.

Politically Exposed Person Risk - Proportion of PEPs and PEP profile changes.

Customer Location Risk - Proportion of customers by location.

Customer Industry / Occupation Risk - Proportion of higher risk industry or occupations.

Customer Activity Risk - Customer risk profiling and other risk factors; Customer behaviours, profiles and activities and PEPs, sanctions or proliferation financing risk.

• Cross-Border and Intermediary Services
• Cross Jurisdictional Value Transfer Services
• Message Passing in a Value Transfer Chain

• Custodial Services
• Custodial of Digital Asset Services
• Custody of private key services

• Brokerage and Arrangement Services
• Fiat to Virtual to Asset Exchange Services
• Virtual Asset-to-Virtual Asset Exchange Services

• Crowdfundraising and Fundraising Tokens
• Initial Coin Offerings (ICOs) and Token Sales
• Issuance and Fund Raising Services
• Token Structuring and Advisory

• Accepting Virtual Assets as Payment
• Payment Services
• Transfer and Payment Services
• Transfer of Virtual Assets

• Hosted Wallet Services (Custodial Wallets)
• Unhosted Wallet Interfaces
• Wallet Services

Face-to-Face Channels - Internal Physical Channels; Relationship Managed Physical Channels and External Physical Channels.

Non-Face-to-Face Channels - Internal Remote Assisted Channels; Internal Manual Channels; Internal Digital Self-Service Channels; Internal Programmatic / Embedded Access Channels; External Interbank and Payment Infrastructure Channels and External Digital Channels.

Face-to-Face or Non-Face-to-Face Channels - External Partner Intermediary Channels.

Customer Onboarding Channels (General) - Channel type; onboarding through face-to-face channels and non-face-to-face channels and customer onboarding through intermediaries.

Transaction and Delivery Channels - Value of transactions by delivery channel type.

General Channel Risks - Higher channel risk indicators.

• Authorised Third-Party Introducers
• Correspondent Banks
• MSBs / Remittance Agents
• Retail Agents / Convenience Stores
• Sales Agents / Relationship Managers

• Crypto ATMs or Cash Deposit Machines
• Call Centres / Customer Service Desks
• Crypto Exchange / Digital Asset Partnerships
• Digital Wallets / Stored-Value Facilities
• Open Banking / APIs
• SMS Banking
• Social Media / Messaging Apps

Transaction Volume By Transaction Risk Type - Industry Type; Customer Type; Country Risk Rating and Changes in Transaction Volumes.

Transaction Value By Transaction Risk Type - Industry Type; Customer Type; Country Risk Rating and Changes in Transaction Values.

Higher Risk Business Operations - geographic footprint of business locations.

Country Risk by Customer Type (Individuals) - Higher risk individual customers and country risks and Residency, nationality or citizenship.

Country Risk by Customer Type (Entities) - Higher risk non-individual customers and country risks and Country of registration, incorporation, domicile or operating in.

Country Risk by Transaction - Transaction volume and values by country.