diff options
Diffstat (limited to 'doc/flows')
| -rw-r--r-- | doc/flows/.gitignore | 1 | ||||
| -rw-r--r-- | doc/flows/int-deposit.tex | 12 | ||||
| -rw-r--r-- | doc/flows/int-pay.tex | 10 | ||||
| -rw-r--r-- | doc/flows/int-pull.tex | 5 | ||||
| -rw-r--r-- | doc/flows/int-push.tex | 5 | ||||
| -rw-r--r-- | doc/flows/int-withdraw.tex | 2 | ||||
| -rw-r--r-- | doc/flows/kyc-balance.tex | 5 | ||||
| -rw-r--r-- | doc/flows/kyc-deposit.tex | 34 | ||||
| -rw-r--r-- | doc/flows/kyc-pull.tex | 28 | ||||
| -rw-r--r-- | doc/flows/kyc-push.tex | 27 | ||||
| -rw-r--r-- | doc/flows/kyc-withdraw.tex | 25 | ||||
| -rw-r--r-- | doc/flows/main.de.tex | 239 | ||||
| -rw-r--r-- | doc/flows/main.tex | 65 | ||||
| -rw-r--r-- | doc/flows/proc-domestic.tex | 2 | ||||
| -rw-r--r-- | doc/flows/proc-kyb.tex | 98 | ||||
| -rw-r--r-- | doc/flows/proc-kyc.tex | 10 |
16 files changed, 505 insertions, 63 deletions
diff --git a/doc/flows/.gitignore b/doc/flows/.gitignore new file mode 100644 index 000000000..f0de8a3d5 --- /dev/null +++ b/doc/flows/.gitignore @@ -0,0 +1 @@ +main.pdf diff --git a/doc/flows/int-deposit.tex b/doc/flows/int-deposit.tex index 4b1f657ba..661f4dccb 100644 --- a/doc/flows/int-deposit.tex +++ b/doc/flows/int-deposit.tex @@ -1,6 +1,4 @@ -\section{Deposit} - - +\section{Deposit} \label{sec:deposit} \begin{figure}[h!] \begin{sequencediagram} @@ -15,7 +13,7 @@ \node at (1.5,0) {\shortstack{{{\tiny Database}}}}; \end{tikzpicture} }} - \newinst[2]{bank}{\shortstack{Customer bank \\ + \newinst[2]{bank}{\shortstack{Retail bank \\ \\ \begin{tikzpicture} \node [fill=gray!20,draw=black,thick,align=center] {Checking \\ Accounts}; \end{tikzpicture} @@ -40,8 +38,10 @@ \mess[0]{exchange}{{Initiate transfer}}{bank} \end{sequencediagram} - \caption{Deposit interactions between customer, Taler exchange (payment - service provider) and customer's bank.} + \caption{A customer deposits the coins issued by a Taler exchange (payment + service provider) into a bank account. Even if the + bank account is owned by the same customer, the + KYC checks from Section~\ref{sec:kyc:deposit} apply.} \label{fig:int:deposit} \end{figure} diff --git a/doc/flows/int-pay.tex b/doc/flows/int-pay.tex index d2f0fb585..2968c4c2e 100644 --- a/doc/flows/int-pay.tex +++ b/doc/flows/int-pay.tex @@ -1,4 +1,4 @@ -\section{Pay} +\section{Pay} \label{sec:pay} \begin{figure}[h!] \begin{sequencediagram} @@ -29,7 +29,7 @@ \mess[0]{merchant}{Commercial offer}{wallet} \begin{callself}{wallet}{Review offer}{} \end{callself} - \mess[0]{wallet}{Send payment {(Coins)}}{merchant} + \mess[0]{wallet}{Pay {(Coins)}}{merchant} \mess[0]{merchant}{Deposit {(Coins)}}{exchange} \begin{sdblock}{Acceptable account?}{} \mess[0]{exchange}{{Refuse deposit}}{merchant} @@ -45,8 +45,10 @@ \end{sdblock} \mess[0]{exchange}{{Initiate transfer}}{bank} \end{sequencediagram} - \caption{Deposit interactions between customer, merchant, - Taler exchange (payment service provider) and merchant bank.} + \caption{Payments from a customer to merchant result in + depositing coins at the Taler exchange (payment service provider) + which then credits the merchant's bank account. + The KYC/AML checks are described in Section~\ref{sec:kyc:deposit}} \label{fig:int:pay} \end{figure} diff --git a/doc/flows/int-pull.tex b/doc/flows/int-pull.tex index 8c9b66b1b..38caef6c8 100644 --- a/doc/flows/int-pull.tex +++ b/doc/flows/int-pull.tex @@ -1,4 +1,4 @@ -\section{Pull payment (aka invoicing)} +\section{Pull payment (aka invoicing)} \label{sec:pull} \begin{figure}[h!] \begin{sequencediagram} @@ -43,7 +43,8 @@ \end{sequencediagram} \caption{Interactions between wallets and Taler exchange - in a pull payment.} + in a pull payment. KYC/AML checks are described in + Section~\ref{sec:kyc:pull}.} \label{fig:int:pull} \end{figure} diff --git a/doc/flows/int-push.tex b/doc/flows/int-push.tex index fd49e8d40..faea50f72 100644 --- a/doc/flows/int-push.tex +++ b/doc/flows/int-push.tex @@ -1,4 +1,4 @@ -\section{Push payment} +\section{Push payment} \label{sec:push} \begin{figure}[h!] \begin{sequencediagram} @@ -42,6 +42,7 @@ \end{sequencediagram} \caption{Interactions between wallets and Taler exchange - in a push payment.} + in a push payment. KYC/AML checks are described + in Section~\ref{sec:kyc:push}.} \label{fig:int:push} \end{figure} diff --git a/doc/flows/int-withdraw.tex b/doc/flows/int-withdraw.tex index 9b044df67..11ae25de9 100644 --- a/doc/flows/int-withdraw.tex +++ b/doc/flows/int-withdraw.tex @@ -44,6 +44,6 @@ \end{sequencediagram} \caption{Withdraw interactions between customer, Taler exchange (payment service provider) and bank. The amount of digital cash distributed is - subject to limits per origin account (see Figure~\ref{fig:kyc:withdraw}).} + subject to limits per origin account (see Section~\ref{sec:kyc:withdraw}).} \label{fig:int:withdraw} \end{figure} diff --git a/doc/flows/kyc-balance.tex b/doc/flows/kyc-balance.tex index 1192021b3..de8953665 100644 --- a/doc/flows/kyc-balance.tex +++ b/doc/flows/kyc-balance.tex @@ -49,9 +49,10 @@ if required. \begin{table}[h!] - \caption{Settings for the balance trigger} + \caption{Settings for the balance trigger.} \begin{tabular}{l|l|r} {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline - Default AML threshold & Amount & {\em 1000 CHF} \\ + KYC threshold & Amount & {\em 5000 CHF} \\ + Default AML threshold & Amount & {\em 5000 CHF} \\ \end{tabular} \end{table} diff --git a/doc/flows/kyc-deposit.tex b/doc/flows/kyc-deposit.tex index 2423235ab..0132cebf6 100644 --- a/doc/flows/kyc-deposit.tex +++ b/doc/flows/kyc-deposit.tex @@ -1,4 +1,4 @@ -\section{KYC: Deposit} +\section{KYC: Deposit} \label{sec:kyc:deposit} \begin{figure}[h!] \begin{center} @@ -14,8 +14,8 @@ ] \node (start) [start] {Start}; \node (country) [decision,below=of start,text width=2.5cm] {Target account in allowed country?}; - \node (amount) [decision, below=of country,text width=2.5cm] {Target account received less than KYC threshold?}; - \node (kyc) [process, right=of amount] {KYC process}; + \node (amount) [decision, below=of country,text width=2.5cm] {Target account received less than KYB threshold?}; + \node (kyc) [process, right=of amount] {KYB process}; \node (high) [decision, below=of amount,text width=2.5cm] {Target account received more than its AML threshold?}; \node (aml) [process, right=of high] {AML process}; \node (dummy) [below right=of aml] {}; @@ -55,17 +55,31 @@ \end{tikzpicture} \end{center} \caption{Regulatory process when depositing digital cash into a bank - account. When the transfer is denied, the money is returned to the - originating wallet.} + account. When the transfer is denied, the money is held in escrow + until authorities authorize the transfer.} \end{figure} \begin{table}[h!] - \caption{Settings for the deposit trigger} + \caption{Settings for the deposit trigger. Note that the operation + must satisfy all of the given rules.} \begin{tabular}{l|l|r} - {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline - Allowed bank accounts & RFC 8905 RegEx & {\em CH*} \\ \hline - KYC deposit threshold & Amount & {\em 1000 CHF} \\ - Default AML deposit threshold & Amount & {\em 2500 CHF} \\ + {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline + Allowed bank accounts & RFC 8905 RegEx & {\em CH*} \\ \hline + KYB deposit threshold & Amount/month & {\em 5000 CHF} \\ + KYB deposit threshold & Amount/year & {\em 15000 CHF} \\ + Default AML deposit threshold & Amount/month & {\em 5000 CHF} \\ \end{tabular} \end{table} + +%The KYB deposit threshold of 5'000 \CURRENCY{} per month and than 15'000 +%\CURRENCY{} per year ensure compliance. % with article 48-1b. + +Additionally, our terms of service will prohibit businesses to receive +amounts exceeding 1'000 \CURRENCY{} per transaction. +%(well below the 15'000 \CURRENCY{} threshold defined in article 24-1c). + +SMS-Identification is done by in-house software. KYB data is initially +obtained and vetted by one of several external KYB providers before +being passed for manual validation by our own staff who can then +determine appropriate AML thresholds and set review criteria. diff --git a/doc/flows/kyc-pull.tex b/doc/flows/kyc-pull.tex index b7cd34477..4d4f2c852 100644 --- a/doc/flows/kyc-pull.tex +++ b/doc/flows/kyc-pull.tex @@ -1,4 +1,4 @@ -\section{KYC/AML: Pull Payment} +\section{KYC/AML: Pull Payment} \label{sec:kyc:pull} \begin{figure}[h!] \begin{center} @@ -63,16 +63,30 @@ \end{center} \caption{Regulatory process when receiving payments from another wallet. The threshold depends on the risk profile from the KYC process. - When invoicing is denied the wallet cannot generate the invoice.} + When KYC thresholds would be passed, the receiving wallet cannot + generate a valid invoice until it has provided the KYC data. + When a transfer is denied by AML staff, the money is held in escrow + until authorities authorize the transfer.} \end{figure} \begin{table}[h!] - \caption{Settings for the pull payment trigger} + \caption{Settings for the pull payment trigger. Note that the operation + must satisfy all of the given rules.} \begin{tabular}{l|l|r} - {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline - Permitted phone numbers & Dialing prefix & {\em +41} \\ - P2P KYC threshold & Amount & {\em 100 CHF} \\ - Default P2P AML threshold & Amount & {\em 1000 CHF} \\ + {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline + Permitted phone numbers & Dialing prefix & {\em +41} \\ + SMS-Identification & Amount/month & {\em 0 CHF} \\ + P2P KYC threshold & Amount/month & {\em 5000 CHF} \\ + P2P KYC threshold & Amount/year & {\em 15000 CHF} \\ + Default P2P AML threshold & Amount/month & {\em 5000 CHF} \\ \end{tabular} \end{table} + +%The P2P KYC thresholds of 5'000 \CURRENCY{} per month and than 15'000 +%\CURRENCY{} per year ensure compliance with article 49-2c. + +SMS-Identification is done by in-house software. KYC data is initially +obtained and vetted by one of several external KYC providers before +being passed for manual validation by our own staff who can then +determine appropriate AML thresholds and set review criteria. diff --git a/doc/flows/kyc-push.tex b/doc/flows/kyc-push.tex index 6d25ac7ef..c74b3ce16 100644 --- a/doc/flows/kyc-push.tex +++ b/doc/flows/kyc-push.tex @@ -1,4 +1,4 @@ -\section{KYC/AML: Push Payment} +\section{KYC/AML: Push Payment} \label{sec:kyc:push} \begin{figure}[h!] \begin{center} @@ -63,17 +63,28 @@ \end{center} \caption{Regulatory process when receiving payments from another wallet. The threshold depends on the risk profile from the KYC process. - When the transfer is denied the money is (eventually) returned to - the originating wallet.} + When the transfer is denied, the money is held in escrow + until authorities authorize the transfer.} \end{figure} \begin{table}[h!] - \caption{Settings for the push payment trigger} + \caption{Settings for the push payment trigger. Note that the operation + must satisfy all of the given rules.} \begin{tabular}{l|l|r} - {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline - Permitted phone numbers & Dialing prefix & {\em +41} \\ - P2P KYC threshold & Amount & {\em 100 CHF} \\ - Default P2P AML threshold & Amount & {\em 1000 CHF} \\ + {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline + Permitted phone numbers & Dialing prefix & {\em +41} \\ + SMS-Identification & Amount/month & {\em 0 CHF} \\ + P2P KYC threshold & Amount/month & {\em 5000 CHF} \\ + P2P KYC threshold & Amount/year & {\em 15000 CHF} \\ + Default P2P AML threshold & Amount/month & {\em 5000 CHF} \\ \end{tabular} \end{table} + +%The P2P KYC thresholds of 5'000 \CURRENCY{} per month and than 15'000 +%\CURRENCY{} per year ensure compliance. % with article 49-2c. + +SMS-Identification is done by in-house software. KYC data is initially +obtained and vetted by one of several external KYC providers before +being passed for manual validation by our own staff who can then +determine appropriate AML thresholds and set review criteria. diff --git a/doc/flows/kyc-withdraw.tex b/doc/flows/kyc-withdraw.tex index ecdc9a399..b5605618e 100644 --- a/doc/flows/kyc-withdraw.tex +++ b/doc/flows/kyc-withdraw.tex @@ -1,4 +1,4 @@ -\section{KYC: Withdraw} +\section{KYC: Withdraw} \label{sec:kyc:withdraw} \begin{figure}[h!] \begin{center} @@ -30,16 +30,29 @@ \end{center} \caption{Regulatory process when withdrawing digital cash from a bank account. - When the transfer is denied the money is (eventually) returned to + If the transfer is denied or the user fails to withdraw the + funds for any other reason, the money is automatically returned + after the bounce period (see Table~\ref{table:kyc:withdraw:settings}) to the originating bank account.} \label{fig:kyc:withdraw} \end{figure} \begin{table}[h!] - \caption{Settings for the withdraw trigger} + \caption{Settings for the withdraw trigger. Note that the operation + must satisfy all of the given rules.} \label{table:kyc:withdraw:settings} \begin{tabular}{l|l|r} - {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline - Allowed bank accounts & RFC 8905 RegEx & {\em CH*} \\ \hline - Monthly withdraw maximum & Amount & {\em 1000 CHF} \\ + {\bf Setting} & {\bf Type} & {\bf Value} \\ \hline \hline + Allowed bank accounts & RFC 8905 RegEx & {\em CH*} \\ \hline + SMS-Identification & Amount/month & {\em 200 CHF} \\ + Withdraw limit & Amount/month & {\em 5000 CHF} \\ + Withdraw limit & Amount/year & {\em 15000 CHF} \\ + Bounce period & Delay & 1 month \\ \end{tabular} \end{table} + +%The limit of 200 \CURRENCY{} results from article 48-2. Strictly limiting +%withdrawals to less than 5'000 \CURRENCY{} per month and less than 15'000 +%\CURRENCY{} per year assures compliance with article 48-1c. + +SMS-Identification is done by in-house software. Withdraw limits are +hard and cannot be raised even if the customer is known. diff --git a/doc/flows/main.de.tex b/doc/flows/main.de.tex new file mode 100644 index 000000000..5f224007d --- /dev/null +++ b/doc/flows/main.de.tex @@ -0,0 +1,239 @@ +% This is a (partial) translation of main.tex into +% German. Please keep the structure as parallel as +% possible when improving / expanding the translation! +\documentclass[10pt,a4paper,oneside]{book} +\usepackage[utf8]{inputenc} +\usepackage{url} +\usepackage{enumitem} +\usepackage{graphicx} +\usepackage{hyperref} +\usepackage{qrcode} +\usepackage{pgf-umlsd} +\usepackage{tikz} +\usetikzlibrary{shapes,arrows} +\usetikzlibrary{positioning} +\usetikzlibrary{calc} +\usetikzlibrary{quotes} +\author{Christian Grothoff} +\title{Flows in the GNU Taler System} + +\begin{document} + +\tableofcontents + +\newcommand\TALER{TALER OPERATIONS AG} +\newcommand\CURRENCY{CHF} +\newcommand\LAND{der Schweiz} + +\section{Transaktionen im Taler-Bezahlsystem}\label{sec:Transaktionen} + +Dieser Abschnitt stellt die Transaktionen im Taler-Bezahlsystem +vor. Die Grafiken geben wieder, in welcher Reihenfolge die beteiligten +Parteien interagieren. \\ +F\"ur jede einzelne Transaktion ist die automatische Ausl\"osung von +Compliance-Prozessen durch den Taler-Exchange einstellbar. +Die im Rahmen des jeweiligen Compliance-Prozesses erzwungenen +Pr\"ufschritte beschreibt Abschnitt~\ref{sec:triggers}. + +Folgende Transaktionen kommen als Ausl\"oser f\"ur AML- und KYC-Prozesse +in Betracht: +\begin{description}[noitemsep] + \item[withdraw] Ein Nutzer hebt digitales Bargeld (e-money) in Form von + Taler-Coins in ein Taler-Wallet ab + \item[reimburse] Ein Nutzer l\"asst den Gegenwert von Taler-Coins vom + Taler-Exchange an das urspr\"ungliche IBAN-Bankkonto zur\"uck\"uberweisen + \item[pay] Ein Nutzer zahlt zugunsten eines IBAN-Bankkontos des Empf\"angers + \item[refund] Ein Verk\"aufer erteilt einem Zahlenden die R\"uckerstattung + eines Zahlbetrags + \item[push] Ein Nutzer sendet einen Zahlbetrag an ein anderes Taler-Wallet + \item[pull] Ein Nutzer stellt einem anderen Taler-Wallet eine Rechnung aus + und fordert eine Zahlung von diesem Wallet + \item[shutdown] Der Betreiber des Taler-Exchange informiert die Inhaber von + Coins, die diese von jenem Exchange abgehoben hatten, dass der Exchange + geplant eingestellt und die Gegenwerte der Coins restituiert werden +\end{description} + +Die Nutzer beginnen ein gesch\"aftliches Nutzungsverh\"altnis mit +\TALER{}, wenn sie ihre Taler-Wallets anweisen, eine Abhebung durchzuf\"uhren. +Das Taler-Bezahlsystem verwendet jedoch keine Konten, sondern wert-basierte +Token und explizit keine konten-basierten Geld-\"Aquivalente. +Taler soll digitales Bargeld sein und erlaubt technisch bedingt +kein Nachvollziehen der Transaktionen seiner Nutzer, wie es Konten mit +Eing\"angen und Ausg\"angen von Zahlungen erm\"oglichen w\"urden. +Es gibt daher kein ``Er\"offnen'' oder ``Schliessen'' von Konten der Nutzer. +Die Begriffe ``opening'' und ``closing'' lassen sich deshalb auch nicht auf +das System anwenden oder \"ubertragen. \\ + +Die Nutzer k\"onnen +\begin{enumerate}[noitemsep] +\item die treuh\"andisch verwalteten Einlagen gezielt auf ein bestimmtes +Bankkonto auszahlen lassen, +%(siehe Abschnitt~\ref{sec:deposit}) +\item an einen Verk\"aufer zahlen, +%(siehe Abschnitt~\ref{sec:deposit}) +\item einem anderen Empf\"anger mittels peer-to-peer-Verfahren Coins zukommen +lassen +%(siehe Abschnitte~\ref{sec:push} und~\ref{sec:pull}) +\item die Coins in ihrem Wallet, das verloren ging oder zerst\"ort wurde, +durch Ablauf der G\"ultigkeit entwerten lassen (dies w\"are ebenso der Fall +bei einer langen Zeit ohne Internet-Anbindung oder ohne Installation), +\item den Wert der Coins im Wallet durch Zahlung von Geb\"uhren f\"ur +die Verl\"angerung ihrer G\"ultigkeit langsam verringern lassen. +%(siehe Abschnitt~\ref{sec:fees:coin}) +\end{enumerate} + +Das Taler-Bezahlsystem verwehrt den Nutzern kategorisch die Abhebung +von h\"oheren Betr\"agen als 5.000 \CURRENCY{} pro Monat bzw. von +mehr als 15.000 \CURRENCY{} pro Jahr. Damit wird gew\"ahrleistet, +dass die Nutzer stets unterhalb der Grenzwerte bleiben, ab denen die +meisten Pr\"ufschritte aufgrund regulatorischer Bestimmungen erforderlich +werden. \TALER{} stellt dar\"uber hinaus sicher, dass die Nutzer +ausschliesslich in \LAND{} ans\"assig sind +(siehe Abschnitt~\ref{sec:proc:domestic}), da auf ihrer Seite ein Bankkonto +in \LAND{} f\"ur die \"Uberweisungen an den Taler-Exchange und/oder +eine Telefonnummer mit entsprechender Vorwahl (++41) ben\"otigt werden. +Zus\"atzlich setzt das Taler-Wallet zu jeder Zeit eine Obergrenze +von 5.000 \CURRENCY{} auf die Coin-Betr\"age in Summe fest, so dass es +keine weitere Abhebung \"uber diesen Grenzwert hinaus bewirken kann. + +F\"ur {\bf Verk\"aufer} beginnt ein gesch\"aftliches Nutzungsverh\"altnis +mit \TALER{}, sobald sie Geldeing\"ange auf ihren IBAN-Bankkonten erhalten, +die als Zahlungen von Nutzern des Taler-Bezahlsystems ausgel\"ost wurden +(siehe Abschnitt~\ref{sec:deposit}). Sollten die Summen der Eing\"ange +5.000 \CURRENCY{} pro Monat bzw. 15.000 \CURRENCY{} pro Jahr \"ubersteigen, +kommt es zu einer KYB-Pr\"ufung, die dem Begriff ``Er\"offnen'' eines +Kontos entspricht und die eine aktualisierte KYB-Information sowie +die Pr\"ufung von Sanktionslisten erfordert, sofern der Verk\"aufer +innerhalb von 24 Monaten wenigstens einen Geldeingang erhielt. + +Im Gegensatz zu normalen Nutzern k\"onnen Verk\"aufer im Prinzip +Zahlungen ohne Limit empfangen. Allerdings m\"ussen diese Transaktionen +auch wirklich als Eing\"ange auf dem Bankkonto des Unternehmens verzeichnet +werden (im Kontoauszug). In Abh\"angigkeit von den an das Gesch\"aftskonto +\"uberwiesenen Betr\"agen wird der Verk\"aufer einer KYB-Pr\"ufung unterzogen +(siehe Abschnitt~\ref{sec:KYB}). Dies gilt ebenso f\"ur +Geldw\"asche-\"Uberpr\"ufungen (AML checks). + +Das Taler-Bezahlsystem transferiert lediglich Gelder auf die bestehenden +Bankkonten der Verk\"aufer, die f\"ur ihre G\"uterleistungen Zahlungen +der Nutzer erhalten, f\"ur die bereits bei der \"Uberweisung von deren +Kundenkonten eine KYC-Pr\"ufung erfolgte. Daher wird unseres Erachtens +der Betreiber eines Taler-Exchange keine Mittelherkunft verlangen bzw. +nachweisen m\"ussen +\footnote{Wenn Unternehmen das Taler-Bezahlsystem ihrerseits f\"ur +Zahlungen nutzen wollen, m\"ussen sie genauso wie alle anderen Nutzer +zuerst Geld von ihrem Bankkonto an einen Taler-Exchange \"uberweisen, +eine KYC-Pr\"ufung absolvieren und dann ihr Wallet Coins abheben lassen. +F\"ur die gesch\"aftlichen K\"aufer gelten ebenfalls die Limits wie +f\"ur alle anderen Nutzer.}. + + +\include{int-withdraw} +\include{int-deposit} +\include{int-pay} +\include{int-refund} +\include{int-push} +\include{int-pull} +\include{int-shutdown} + + + +\chapter{Regulatory Triggers} \label{chap:triggers} + +In this chapter we show decision diagrams for regulatory processes of the +various core operations of the GNU Taler payment system. In each case, the +{\bf start} state refers to one of the interactions described in the previous +chapter. The payment system will then use the process to arrive at an {\bf + allow} decision which permits the transaction to go through, or at a {\bf + deny} decision which ensures that the funds are not moved. + +The specific {\em decisions} (in green) depend on the risk profile and the +regulatory environment. The tables in each section list the specific values +that are to be configured. + +There are five types if interactions that can trigger regulatory processes: + +\begin{description} + \item[withdraw] a customer withdraws digital cash from their {\bf bank account} + \item[deposit] a merchant's {\bf bank account} is designated to receive a payment in digital cash + \item[push] a {\bf wallet} accepts a payment from another wallet + \item[pull] a {\bf wallet} requests a payment from another wallet + \item[balance] a withdraw or P2P payment causes the balance of a {\bf wallet} to exceed a given threshold +\end{description} + +We note in bold the {\bf anchor} for the regulator process. The anchor is used +to link the interaction to an identity. Once an identity has been established +for a particular anchor, that link is considered established for all types of +activities involving that anchor. A wallet is uniquely identified in the +system by its unique cryptographic key. A bank account is uniquely identified +in the system by its (RFC 8905) bank routing data (usually including BIC, IBAN +and account owner name). + +The KYC and AML processes themselves are described in +Chapter~\ref{chap:regproc}. + +\include{kyc-withdraw} +\include{kyc-deposit} +\include{kyc-push} +\include{kyc-pull} +\include{kyc-balance} + +\chapter{Regulatory Processes} \label{chap:regproc} + +This chapter describes the interactions between the customer, exchange and +organizations or staff assisting with regulatory processes designed to ensure +that customers are residents in the area of operation of the payment service +provider, are properly identified, and do not engage in money laundering. + +The three main regulatory processes are: + +\begin{description} +\item[domestic check] This process establishes that a user is generally + eligible to use the payment system. The process checks that the user has an + eligible address, but stops short of establishing the user's identity. +\item[kyc] This process establishes a user's legal identity, possibly + using external providers to review documents and check against blacklists. +\item[aml] The AML process reviews suspicious payment activities for + money laundering. Here AML staff reviews all collected information. +\end{description} + +\include{proc-domestic} +%\include{proc-kyc} +\include{proc-kyb} +\include{proc-aml} + +\chapter{Fees} \label{chap:fees} + +The business model for operating a Taler exchange is to charge transaction +fees. Fees are charged on certain operations by the exchange. There are two +types of fees, {\bf wire fees} and {\bf coin fees}. This chapter describes +the fee structure. + +Fixed, amount-independent {\bf wire fees} are charged on wire transfers using +the core banking system. Details on wire fees are described in +Section~\ref{sec:fees:wire}. + +Coin fees are more complex, as they do not exactly follow neither the usual +percentage of volume model of other payment systems. Instead, coin fees are +applied per coin, resulting in a {\em logarithmic} fee structure. As a +result, the effective fee {\em percentage} for tiny transactions is high (for +example 50\% for transactions of 0.0025 CHF) while the effective fee +percentage for large transactions is nominal (for example $\approx$ 0.05\% for +transactions of $\approx$ 40 CHF). Details on coin fees are described in +Section~\ref{sec:fees:coin}. + +Fees are configurable (and that fee types beyond those described here are +supported by the software). Thus, the specific fees may be adjusted in the +future based on business decisions. However, changes to the fees are never +retroactively applied to coins already in circulation. Wire fees that have +been publicly announced for a particular time period also cannot be changed. +Finally, any change to the terms of service must also be explicitly accepted +by the users before they withdraw additional funds. + + +\include{fees-wire} +\include{fees-coins} +%\include{fees-other} + + +\end{document} diff --git a/doc/flows/main.tex b/doc/flows/main.tex index c2aee65ac..d46d93251 100644 --- a/doc/flows/main.tex +++ b/doc/flows/main.tex @@ -13,8 +13,11 @@ \author{Christian Grothoff} \title{Flows in the GNU Taler System} +\newcommand\CURRENCY{CHF} + \begin{document} +\maketitle \tableofcontents \chapter{Interactions} \label{chap:interactions} @@ -37,16 +40,57 @@ The main interactions of the system are: \item[shutdown] the Taler payment system operator informs the customers that the system is being shut down for good \end{description} -Taler has no accounts (this is digital cash) and thus there is no ``opening'' -or ``closing'' of accounts. The equivalent of ``opening'' an account is thus -to withdraw digital cash. The equivalent of ``closing'' an account is to -either (1) deposit the funds explicitly into a bank account, or (2) the coins -will expire if the wallet was lost (including long-term offline or +In the analysis of the legal requirements, it is important to differentiate +between transactions between wallets (customer-to-customer) and transactions +where money flows from a wallet into a bank account (customer-to-merchant) as +these have different limits: When digital coins are used to pay at a business in +Taler, the business never actually receives usable digital coins but instead +the amount is always directly credited to their bank account. Depending on +the transacted amounts, the business will nevertheless be subject to KYB +(Section~\ref{sec:proc:kyb}) and AML checks. + +{\bf Customers} begin their business relationship with us when they withdraw +digital cash. Taler has no accounts (this is digital cash) and thus there is +no ``opening'' or ``closing'' of accounts for consumers. Given digital cash, +the customers can either (1) deposit the funds explicitly into a bank account +(see Section~\ref{sec:deposit}), (2) pay a merchant (see +Section~\ref{sec:pay}), (3) pay another customer using a peer-to-peer +transfer (see Sections~\ref{sec:push} and~\ref{sec:pull}), or (4) the coins +will expire if the wallet was lost (including offline for a long time or uninstalled). Finally, if a wallet remains (occasionally) online but a user -does simply not spend the coins will (3) diminish in value from the change +does simply not spend the coins will (5) diminish in value from the change fees (see Section~\ref{sec:fees:coin}) that apply to prevent the coins from expiring outright. +For customers, we will categorically limit of digital cash withdrawn per month +to less than CHF 5'000 per month and less than CHF 15'000 per year, thus +ensuring that consumers remain below the thresholds where most regulatory +processes become applicable. Payments between users will be limited +to receiving less than CHF 2'500 per month and less than CHF 15'000 per year. +We will ensure that customers are Swiss +(see Section~\ref{sec:proc:domestic}) by requiring them to have a Swiss bank +account and/or a Swiss phone number (+41-prefix). +%Furthermore, the wallet will +%impose an upper limit of CHF 5000 on its balance at any point in time. + +For {\bf merchants}, the Taler equivalent of ``opening'' an account and thus +establishing an ongoing business relationship is for a business to receive +payments (see Section~\ref{sec:pay}) exceeding CHF 5'000/month or CHF +15'000/year. We will consider the account ``open'' (and require up-to-date KYB +information and check sanction lists) as long as the business has made any +transactions within the last 24 months. + +As we will only transfer money into the existing bank accounts of the +merchants to compensate them for sales made using the Taler payment system, we +do not need to check the origin of funds for those merchants as they will only +receive funds from us.\footnote{Should businesses want to use Taler for +expenditures, they will need to withdraw digital coins from their bank account +just like customers, and the limits for customers will continue to apply.} + +For individual {\bf transactions}, we will impose a limit of CHF +1'000/transaction (even though our reading of the regulations would permit +individual transactions up to CHF 15'000). + The following sections describe the respective processes for each of these interactions. @@ -76,10 +120,12 @@ There are five types if interactions that can trigger regulatory processes: \begin{description} \item[withdraw] a customer withdraws digital cash from their {\bf bank account} - \item[deposit] a merchant's {\bf bank account} is designated to receive a payment in digital cash + \item[deposit] a customer or merchant's {\bf bank account} is + designated to receive a payment due someone paying with or + depositing digital cash \item[push] a {\bf wallet} accepts a payment from another wallet \item[pull] a {\bf wallet} requests a payment from another wallet - \item[balance] a withdraw or P2P payment causes the balance of a {\bf wallet} to exceed a given threshold +% \item[balance] a withdraw or P2P payment causes the balance of a {\bf wallet} to exceed a given threshold \end{description} We note in bold the {\bf anchor} for the regulator process. The anchor is used @@ -97,7 +143,7 @@ Chapter~\ref{chap:regproc}. \include{kyc-deposit} \include{kyc-push} \include{kyc-pull} -\include{kyc-balance} +%\include{kyc-balance} \chapter{Regulatory Processes} \label{chap:regproc} @@ -120,6 +166,7 @@ The three main regulatory processes are: \include{proc-domestic} \include{proc-kyc} +\include{proc-kyb} \include{proc-aml} \chapter{Fees} \label{chap:fees} diff --git a/doc/flows/proc-domestic.tex b/doc/flows/proc-domestic.tex index 387b964d5..f3a1b7b18 100644 --- a/doc/flows/proc-domestic.tex +++ b/doc/flows/proc-domestic.tex @@ -1,4 +1,4 @@ -\section{Domestic wallet check} +\section{Domestic wallet check} \label{sec:proc:domestic} \begin{figure}[h!] \begin{sequencediagram} diff --git a/doc/flows/proc-kyb.tex b/doc/flows/proc-kyb.tex new file mode 100644 index 000000000..6c84f414c --- /dev/null +++ b/doc/flows/proc-kyb.tex @@ -0,0 +1,98 @@ +\section{KYB process} \label{sec:proc:kyb} + +\begin{figure}[h!] + \begin{sequencediagram} + \newinst{merchant}{\shortstack{Merchant \\ + \\ \begin{tikzpicture} + \node [fill=gray!20,draw=black,thick,align=center] { Unique \\ Action}; + \end{tikzpicture} + }} + \newinst[2]{exchange}{\shortstack{Taler (exchange) \\ + \\ \begin{tikzpicture}[shape aspect=.5] + \tikzset{every node/.style={cylinder,shape border rotate=90, draw,fill=gray!25}} + \node at (1.5,0) {\shortstack{{{\tiny Database}}}}; + \end{tikzpicture} + }} + \newinst[2]{kyb}{\shortstack{KYB provider \\ + \\ \begin{tikzpicture}[shape aspect=.5] + \tikzset{every node/.style={cylinder,shape border rotate=90, draw,fill=gray!25}} + \node at (1.5,0) {\shortstack{{{\tiny Database}}}}; + \end{tikzpicture} + }} + + \postlevel + \mess[0]{merchant}{{Initial action}}{exchange} + \begin{callself}{exchange}{Establish KYB requirement}{} + \end{callself} + \mess[0]{exchange}{Request new KYB process}{kyb} + \mess[0]{kyb}{{Process identifier (PI)}}{exchange} + \mess[0]{exchange}{{KYB required (PI)}}{merchant} + \mess[0]{merchant}{{KYB start (PI)}}{kyb} + \mess[0]{kyb}{{Request identity documentation}}{merchant} + \mess[0]{merchant}{{Upload identity documentation}}{kyb} + \begin{callself}{kyb}{Validate documentation}{} + \end{callself} + \mess[0]{kyb}{{Share documentation (PI)}}{exchange} + \mess[0]{kyb}{{Confirm completion}}{merchant} + \mess[0]{merchant}{{Retry action}}{exchange} +\end{sequencediagram} + \caption{Deposit interactions between customer, Taler exchange (payment + service provider) and external KYB provider. The process can be + triggered by various {\em actions} described in Chapter~\ref{chap:triggers}.} + \label{fig:proc:kyb} +\end{figure} + +At the beginning of the KYB process, the user needs to specify whether they +are an {\bf individual} (not incorporated) or a {\bf business}.\footnote{In +practice, we expect most owners of bank accounts crossing the KYB threshold to +be businesses, but in principle such a bank account could be owned by an +individual operating a business without a separate legal entity.} This then +determines which types of attributes are collected in the KYB process +(Table~\ref{table:proc:kyb:individual} +vs. Table~\ref{table:proc:kyb:business}). + +\begin{table} + \caption{Information collected for unincorporated individuals} + \label{table:proc:kyb:individual} + \begin{center} + \begin{tabular}{l|c|r} + {\bf Type} & {\bf Required} & {\bf Example} \\ \hline \hline + Surname & yes & Mustermann \\ + First name(s) & yes & Max \\ + Date of birth & yes & 1.1.1980 \\ + Nationality & yes & Swiss \\ + Actual address of domicile & yes & Seestrasse 3, 8008 Zuerich \\ + Phone number & no & +41-123456789 \\ + E-mail & no & me@example.com \\ + Identification document & yes & JPG image \\ + Taxpayer identification & yes & ZPV Nr. 253'123'456 \\ + \end{tabular} + \end{center} +\end{table} + + +\begin{table} + \caption{Information collected for businesses. Information on individals is + collected for owners with more than 25\% ownership and for those with + signature authority for the business.} + \label{table:proc:kyb:business} + \begin{center} + \begin{tabular}{l|c|r} + {\bf Type} & {\bf Required} & {\bf Example} \\ \hline \hline + Company name & yes & Mega AG \\ + Registered office & yes & Seestrasse 4, 8008 Zuerich \\ + Company identification document & yes & PDF file \\ + Power of attorney arrangement & yes & PDF file \\ + Business registration number & yes & \\ + Business registration document & yes & PDF file \\ + Registration authority & yes & \\ \hline + Authorized person name & yes & Max Mustermann \\ + Share/authorization certification & yes & PDF file \\ + Identification document & yes & JPG image \\ + Date of birth & yes & 1.1.1980 \\ + Nationality & yes & Swiss \\ + E-mail & yes & me@example.com \\ + Phone number & no & +41-123456789 \\ + \end{tabular} + \end{center} +\end{table} diff --git a/doc/flows/proc-kyc.tex b/doc/flows/proc-kyc.tex index 006a05561..87465f44c 100644 --- a/doc/flows/proc-kyc.tex +++ b/doc/flows/proc-kyc.tex @@ -42,10 +42,11 @@ \label{fig:proc:kyc} \end{figure} -At the beginning of the KYC process, the user needs to specify -whether they are an {\bf individual} or a {\bf business}. This -then determines which types of attributes are collected in the -KYC process (Table~\ref{table:proc:kyc:individual} vs. +At the beginning of the KYC process, the user needs to specify whether they +are an {\bf individual} or a {\bf business}.\footnote{ In practice, we expect +most wallet-users to be individuals, but in principle a wallet could be owned +by a business.} This then determines which types of attributes are collected +in the KYC process (Table~\ref{table:proc:kyc:individual} vs. Table~\ref{table:proc:kyc:business}). \begin{table} @@ -66,7 +67,6 @@ Table~\ref{table:proc:kyc:business}). \end{center} \end{table} - \begin{table} \caption{Information collected for businesses} \label{table:proc:kyc:business} |