commit b3c8b4d243ccaf0b51918f5eba6c4a691720030c
parent c94be75455c7f4fc1405b90a51c180d123f906e6
Author: Florian Dold <florian@dold.me>
Date: Mon, 17 Mar 2025 23:40:34 +0100
TOPS WIP
Diffstat:
| M | deployments/tops.rst | | | 174 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- |
1 file changed, 152 insertions(+), 22 deletions(-)
diff --git a/deployments/tops.rst b/deployments/tops.rst
@@ -15,6 +15,7 @@ Definitions / Glossary
high-risk transactions
* GmeR: "Geschäftsbeziehung mit erhöhtem Risiko", i.e.
high-risk business relationships
+* MROS: Money Laundering Reporting Office Switzerland
Regulatory Requirements Introduction
------------------------------------
@@ -94,19 +95,40 @@ A business relationship is automatically considered terminated if no
transactions have been processed with the GNU Taler system for over 12 months.
-Threshold Rules
----------------
+Credit / Debit Restrictions
+---------------------------
+
+Only `CH...` IBANs are allowed for both credit and debit transactions.
+
+
+Initial Thresholds
+------------------
Initial Threshold Rules
^^^^^^^^^^^^^^^^^^^^^^^
-TBD.
+* Withdrawal
-Preset X1
-^^^^^^^^^
+ * ``withdrawal-low`` 200 CHF per month => measure ``sms-registration``
+ * 5000 CHF per month => measure ``verboten``
+ * 15000 CHF per year => measure ``verboten``
+
+* Deposit:
+
+ * ``deposit-zero``: 0 CHF => measure ``accept-tos``
+ * 500 CHF per month => measure ``kyx``
+ * 1500 CHF per year => measure ``kyx``
+
+* Aggregate:
+
+ * 500 CHF per month => measure ``kyx``
+ * 1500 CHF per year => measure ``kyx``
-TBD: Define the presets for rules that the AML officer has
-available from the AML SPA.
+* Merge (p2p receive)
+
+ * ``merge-zero``: 0 CHF => measure ``sms-registration``
+ * 500 CHF per month => measure ``verboten``
+ * 1500 CHF per year => measure ``verboten``
Measures
@@ -115,25 +137,98 @@ Measures
Ask for information:
* ``sms-registration``: Validate phone number of customer.
+
+ * On success:
+
+ * Remove rule ``withdrawal-low``
+ * Remove rule ``merge-zero``
+
+
* ``postal-registration``: Validate postal address of customer.
+
+ * On success:
+
+ * Remove rule ``withdrawal-low``
+ * Remove rule ``merge-zero``
+
* ``accept-tos``: Ask customer to accept terms of service.
+
+ * On success:
+
+ * Remove rule ``deposit-zero``
+
* ``kyx``: Allow customer to initiate KYC/KYC process via form ``vqf_902_1_customer``.
+
+ * On success: AML officer must proceed manually.
+
* ``form-902.9``: Allow customer fill out form to determine beneficiary owner.
+
+ * On success: AML officer must proceed manually.
+
* ``form-902.11``: Allow customer fill out form to determine controlling person.
-Other measures:
+ * On success: AML officer must proceed manually.
+
+
+Threshold Presets
+-----------------
+
+Threshold presets are presets that the AML officer can
+select after the verifying the customer's documents and conducting
+a risk assessment.
+
+FIXME: Define for deposit, based on busines type and risk.
+
+FIXME: These thresholds should be automatically selected based
+on completing ``vqf_902_1_officer``.
-* ... TBD ...
Properties
----------
-* ``FILE_NOTE``: Current note on the GWG file.
+* ``FILE_NOTE :: Text``: Current note on the GWG file.
+* ``CUSTOMER_LABEL :: Text``: Customer name or internal alias.
+* ``AML_ACCOUNT_ACTIVE_DEPOSIT :: Boolean``
+* ``AML_DOMESTIC_PEP :: Boolean``
+* ``AML_FOREIGN_PEP :: Boolean``
+* ``AML_HIGH_RISK_BUSINESS :: Boolean``
+* ``AML_HIGH_RISK_COUNTRY :: Boolean``
+* ``AML_NO_OPERATION_DURING_PERIOD :: Boolean``
+
+ * FIXME: What does this property mean?
+
+FIXME: Shouldn't the following be some state machine, rather than flags?
+
+* ``AML_INVESTIGATION_ART6_COMPLETED :: Boolean``
+* ``AML_INVESTIGATION_ART6_FAILED :: Boolean``
+* ``AML_MROS_REPORTED_ART305 :: Boolean``
+* ``AML_MROS_REPORTED_ART9 :: Boolean``
Events
------
-* TBD
+Account opening:
+
+* ``ACCOUNT_OPENED``
+* ``ACCOUNT_OPENED_HIGH_RISK``
+* ``ACCOUNT_OPENED_DOMESTIC_PEP``
+* ``ACCOUNT_OPENED_FOREIGN_PEP``
+* ``ACCOUNT_OPENED_HR_COUNTRY`` (high risk country)
+
+Account closing:
+
+* ``ACCOUNT_CLOSED``
+* ``ACCOUNT_CLOSED_HIGH_RISK``
+* ``ACCOUNT_CLOSED_DOMESTIC_PEP``
+* ``ACCOUNT_CLOSED_FOREIGN_PEP``
+* ``ACCOUNT_CLOSED_HR_COUNTRY`` (high risk country)
+
+MROS reporting:
+
+* ``ACCOUNT_MROS_REPORTED_ART9``: Account reported to MROS (Art. 9 GwG)
+* ``ACCOUNT_MROS_REPORTED_ART305``: Account reported to MROS (`Art. 305 StGB <https://www.fedlex.admin.ch/eli/cc/54/757_781_799/de#art_305_ter>`_)
+* ``ACCOUNT_INVESTIGATION_ART6_COMPLETED``
+* ``ACCOUNT_INVESTIGATION_ART6_FAILED``
PIN Letter
@@ -150,6 +245,7 @@ Implementation notes:
* The letter is sent and generated via ``challenger``
* FIXME: How do we keep track of required documents?
+
AML/KYC Forms
-------------
@@ -447,7 +543,7 @@ entity or partnership.
SIGN_DATE :: Date
**Measure after submission from the customer**: If
-``CONTROLLING_ENTITY_THIRD_PERSON`` is true, `vqf_902_9` needs to be filled
+``CONTROLLING_ENTITY_THIRD_PERSON`` is true, ``vqf_902_9`` needs to be filled
out.
**Others:**
@@ -606,28 +702,42 @@ with the following colums (see VQF 902.8):
Event Reporting
^^^^^^^^^^^^^^^
+The following items should be reported on the status page, based on the collected events:
+
- Number of accounts that are opened (triggered the deposit limits and were then subject to KYC and AML processes).
- [called: "Anzahl betreuter GwG Files" in German]
+
+ * German: Anzahl betreuter GwG Files
+
- Number of new GwG files in the last year (=> easy via stats).
+
- Number of GwG files closed in the last year (=> easy via stats).
[ Note: we only close GwG files after 1 year of inactivity, so not exactly pressing ...]
+
- Number of GwG files managed with "increased risk" (that remain in this status: so increment if property set, decrement if unset!)
[ based on all other high-risk events below, *or* high-risk assessment due to "risky business domain" checked ]
+
- Number of GwG files managed with "increased risk" due to PEP status (that remain in this status: so increment if property set, decrement if unset!)
[ AML decision needs an easy *property-setting/unsetting* checkbox to say: "controlled by domestic PEP" that increases this counter ]
+
- Number of GwG files managed with "increased risk" due to foreign PEP status (that remain in this status: so increment if property set, decrement if unset!)
[ AML decision needs an easy *property-setting/unsetting* checkbox to say: "controlled by foreign PEP" that increases this counter ]
+
- Number of GwG files managed with person of nationality or origin of a country classified as "high risk" (that remain in this status: so increment if property set, decrement if unset!)
[ AML decision needs an easy *property-setting/unsetting* checkbox to say: "controlled by person from high-risk country" that increases this counter ]
+
- Number of MROS reports based on Art 9 Abs. 1 GwG (per year)
[ AML decision needs an easy *event* checkbox to say: "reported to MROS under Meldepflicht" that increases this counter ]
+
- Number of MROS reports based on Art 305ter Abs. 2 StGB (per year)
[ AML decision needs an easy *event* checkbox to say: "reported to MROS under Melderecht" that increases this counter ]
+
- Number of customers involved in proceedings for which Art 6 GwG did apply [ AML decision needs *event* counter
"Customer involved in proceedings requiring investigations after Art 6 GwG" ]
+
- Number of customers involved in proceedings for which Art 6 GwG did apply but was not performed
[ AML decision needs *event* counter "Failure to investigate after Art 6 GwG" ]
+
Suspicious Transaction Reporting
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -637,6 +747,7 @@ FIXME: Define our classification. Is the classification global or per-customer?
FIXME: Define how this is technically implemented
+
Sanction Lists
--------------
@@ -646,27 +757,46 @@ FIXME: How is this refleced in the forms? Or is it a property?
FIXME: Document how we ingest sanction lists.
+
Implementation Gaps
-------------------
+Auditing:
+
* For the yearly audit, it would be convenient (and probably also *necessary*)
to show all information we have on an exchange AML account (=GwG file in VQF terminology)
on a single, printable page.
-* For vqf_902_1_officer, it would be great if an AML program could check
+Moving logic into the AML programs:
+
+* For ``vqf_902_1_officer``, it would be great if an AML program could check
that required forms have actually been submitted.
+* For MROS reporting, submission of the ``vqf_902_14`` should run an AML
+ program that sets the events/properties based on the form.
+
Open Questions
--------------
-* What about MROS reporting? Does the AML officer just need to
- set an event for this, or also upload a form?
+* Clarify MROS reporting according to Art 305ter Abs. 2 StGB vs Art. 9 GwG
+
+ * Why is there a counter for failed investigations according to one, but not the other?
+
+FAQ
+---
+
+* Q: What's the difference between the controlling entity and beneficiary owner?
-* Unclear (fdold): What is the difference between the controlling
- entity and the beneficial owner? Clarify!
+ * A: Controlling entity: Natural person(s) with at least 25% ownership or voting rights (direct or indirect, alone or colletively).
+ Beneficial owner: Natural person(s) who enjoy the benefits of ownership even though the title to some form of property is in another name.
-* How do we deal with the "Aktennotiz"? Is that a property?
- => Usually as Attribute, but we could also have a property
- for notes about the account.
- => Modeled as a form filled out only by the AML officer
+* Q: How is the "file note" (German: "Aktennotiz") handled?
+
+ * A: Two ways: Each AML customer account can have a note as a property.
+ For more complex notes (attachments, more sensitive information),
+ a ``generic_note`` form should be submitted by the AML officer.
+
+References
+----------
+* FIXME: Add link to ``exchange/doc/flows/main.pdf``
