commit bca70c70434b34b5a757b13e215a86072ca13ac9 parent 074d291c6c29ca8f0fce52caec2810ba2da7d7d8 Author: Florian Dold <florian@dold.me> Date: Wed, 12 Mar 2025 00:16:45 +0100 initial TOPS AML docs Diffstat:
| A | deployments/tops.rst | | | 333 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 333 insertions(+), 0 deletions(-)
diff --git a/deployments/tops.rst b/deployments/tops.rst @@ -0,0 +1,333 @@ +Taler Operations Deployment +=========================== + +.. contents:: Table of Contents + :depth: 3 + +Definitions / Glossary +---------------------- + +* GwG: Geldwäschegesetz, Swiss law regarding anti-money laundering +* VQF: Verein für Qualitätssicherung im Finanzwesen, self-regulatory + organization that Taler Operations AG is a member of and thus + needs to stick to their rules + +Regulatory Requirements Introduction +------------------------------------ + +Regulatory requirements are set by `VQF <https://www.vqf.ch/indexen.html>`_ +and detailed in their SRO-Regulation document. Our AML processes +are based on their forms ("VQF Document Nr. 902.$x"). + +Threshold Rules +--------------- + +Initial Threshold Rules +^^^^^^^^^^^^^^^^^^^^^^^ + +TBD. + +Measures +--------- + +* ``sms-registration`` +* ``postal-registration`` +* ``accept-tos`` + +AML/KYC Forms +------------- + +vqf_902_1_customer +^^^^^^^^^^^^^^^^^^ + +**Filled out by:** AML Officer, Customer + +**Purpose:** +Initial collection of basic attributes about customer during onboarding. + +**Attributes**: + +.. code:: none + + CUSTOMER_INFO_TYPE :: 'NATURAL_PERSON' | 'LEGAL_ENTITY' + CUSTOMER_TYPE :: ( + 'NATURAL' | 'OPERATIONAL' | 'FOUNDATION' | + 'TRUST' | 'LIFE_INSURANCE' | 'OTHER') + when CUSTOMER_INFO_TYPE = 'NATURAL_PERSON' { + CUSTOMER_NATURAL_FULL_NAME :: Text + // Residential address + CUSTOMER_NATURAL_RESIDENTIAL :: Text + CUSTOMER_NATURAL_PHONE :: Optional[Text] + CUSTOMER_NATURAL_EMAIL :: Optional[Text] + CUSTOMER_NATURAL_BIRTHDATE :: Date + CUSTOMER_NATURAL_NATIONALITY :: Text + // PDF Document + CUSTOMER_NATURAL_NATIONAL_ID :: File + // Optional fields for sole proprietor + CUSTOMER_NATURAL_COMPANY_NAME :: Optional[Text] + CUSTOMER_NATURAL_REGISTERED_OFFICE :: Optional[Text] + // PDF Document + CUSTOMER_NATURAL_COMPANY_ID_DOC :: Optional[File] + } + when CUSTOMER_INFO_TYPE == 'LEGAL_ENTITY' { + CUSTOMER_ENTITY_COMPANY_NAME :: Text + CUSTOMER_ENTITY_ADDRESS :: Text + CUSTOMER_ENTITY_CONTACT_PERSON_NAME :: Optional[Text] + CUSTOMER_ENTITY_PHONE :: Optional[Text] + CUSTOMER_ENTITY_EMAIL :: Optional[Text] + // PDF File + CUSTOMER_ENTITY_ID_COPY :: File + // FIXME: This is not founder, but establisher of business + // relationship with TOPS + FOUNDER_LIST[].FOUNDER_FULL_NAME :: Text + FOUNDER_LIST[].FOUNDER_RESIDENTIAL_ADDRESS :: Text + FOUNDER_LIST[].FOUNDER_BIRTHDATE :: Text + FOUNDER_LIST[].FOUNDER_NATIONALITY :: Text + FOUNDER_LIST[].FOUNDER_AUTHORIZATION_TYPE :: Text + FOUNDER_LIST[].FOUNDER_NATIONAL_COPY :: File + // values are "CR", "MANDATE", but do we model "other"? + FOUNDER_LIST[].FOUNDER_POWER_OF_ATTORNEY :: Text + + require len(FOUNDER_LIST) > 0 + } + +**Measure after submission by customer:** +Depending on ``CUSTOMER_INFO_TYPE``, the customer is asked to fill out another +form: + +* ``NATURAL``: No other form to fill out. A PIN letter will be directly + sent to the customer. +* ``OPERATIONAL``: Form ``vqf_902_11`` +* ``FOUNDATION``: Form ``vqf_902_12`` +* ``TRUST``: Form ``vqf_902_13`` +* ``LIFE_INSURANCE``: Form ``vqf_902_15`` +* ``OTHER``: Form ``vqf_902_9`` + +vqf_902_1_officer +^^^^^^^^^^^^^^^^^ + +**Filled out by:** Only AML Officer + +**Differences from VQF form 902.1:** + +* We do not ask for the type of correspondence service, + but instead assume that correspondence is done via the Taler + protocol or directly to the customer via postal mail. +* We do not accept languages other than English, German and French +* Section 6 ("Laufkunden/Kassageschäften") is not applicable +* Section 7 ("Beilagen"): The other forms must be filed by + the AML officer *before* filing ``vqf_902_1_officer``. + In the future, this will be checked by an AML program + that runs for the form submission. + +**Attributes:** + +.. code:: none + + ACCEPTANCE_DATE :: Optional<Date> + ACCEPTANCE_METHOD :: ( + 'FACE_TO_FACE' | + 'AUTHENTICATED_COPY' | + 'RESIDENTIAL_ADDRESS_VALIDATED') + ACCEPTANCE_LANGUAGE :: 'en' | 'de' | 'fr' + ACCEPTANCE_FURTHER_INFO :: Optional<Text> + EMBARGO_TERRORISM_INFO :: Optional<Text> + + +vqf_902_4 +^^^^^^^^^ + +**Filled out by:** AML officer only + +**Purpose:** The AML officer uses this form +to document the risk profile of a customer. + +**Attributes:** + +.. code:: none + + PEP_FOREIGN :: Boolean + // FIXME: The next two don't really match + // the VFQ form, check and justify + PEP_DOMESTIC :: Boolean + PEP_INTERNATIONAL_ORGANIZATION :: Boolean + when PEP_INTERNATIONAL_ORGANIZATION or PEP_DOMESTIC { + PEP_ACCEPTANCE_DATE :: Date + } + HIGH_RISK_COUNTRY :: Boolean + when HIGH_RISK_COUNTRY { + HIGH_RISK_ACCEPTANCE_DATE :: Date + } + // FIXME: Unclear if this is single-choice or multiple-choice + COUNTRY_RISK_NATIONALITY_TYPE :: ( + 'NONE' | + 'NATIONALITY_CUSTOMER' | 'NATIONALITY_OWNER' | + 'DOMICILE_CUSTOMER' | 'DOMICILE_OWNER' | + 'DOMICILE_CONTROLLING') + COUNTRY_RISK_NATIONALITY_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' + // FIXME: Unclear if this is single-choice or multiple-choice + COUNTRY_RISK_BUSINESS_TYPE :: 'NONE' | 'CUSTOMER' | 'OWNER' + COUNTRY_RISK_BUSINESS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' + COUNTRY_RISK_PAYMENTS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' + INDUSTRY_RISK_TYPE :: 'CUSTOMER' | 'OWNER' + INDUSTRY_RISK_LEVEL :: ( + 'TRANSPARENT' | 'HIGH_CASH_TRANSACTION' | + 'NOT_WELL_KNOWN' | 'HIGH_RISK_TRADE' | 'UNKNOWN_INDUSTRY') + CONTACT_RISK_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' + PRODUCT_RISK_LEVEL :: ( + 'EASY' | 'SOPHISTICATED' | 'OFFSHORE' | + 'COMPLEX_STRUCTURE' | 'LARGE_NUMBER_OF_ACCOUNTS' | + 'COMPLEX_SERVICE' | 'FREQ_TRANS_WITH_HIGH_RISK') + // FIXME: Enum values here are weird! + RISK_CLASIFICATION_LEVEL :: 'WITH' | 'WITHOUT' + RISK_CLASIFICATION_ACCEPTANCE_DATE :: Date + // FIXME: We need to define our own risk criteria here + // ... + // FIXME: We need to define our own criteria for + // monitoring of high-risk transactions. + + +vqf_902_9 +^^^^^^^^^ + +**Filled out by:** AML officer or customer + +FIXME: Is it really okay for the AML officer to fill this out? +The original form requires a signature from the customer. + +**Purpose:** Establish the identity of the beneficial owner. + +**Attributes:** + +.. code:: none + + // FIXME: Single line or multi-line? + IDENTITY_CONTRACTING_PARTNER :: String + // FIXME: Is this the right attribute name? + IDENTITY_LIST[].IDENTITY_FULL_NAME :: String + IDENTITY_LIST[].IDENTITY_BIRTHDATE :: Date + IDENTITY_LIST[].IDENTITY_DOMICILE :: AddressString + IDENTITY_LIST[].IDENTITY_NATIONALITY :: CountryCodeString + SIGN_NAME :: String + SIGN_DATE :: Date + +**Others:** + +When filled out by the customer, the form **must** contain a notice that +filling this form with incorrect information is a punishable offence (document +forgery) according to Swiss law. + + +vqf_902_11 +^^^^^^^^^^ + +**Filled out by:** Customer or AML officer on behalf of customer. + +FIXME: Is it really okay for the AML officer to fill this out? +The original form requires a signature from the customer. + +**Purpose:** Determine the controlling person of an operational legal +entity or partnership. + + +**Attributes:** + +.. code:: none + + // FIXME: Single line or multi-line? + // The VQF form has multiple lines. + CONTROLLING_ENTITY_CONTRACTING_PARTNER :: Text + CONTROLLING_ENTITY_LEVEL :: '25_MORE_RIGHTS' | 'OTHER_WAY' | 'DIRECTOR' + // FIXME: The VQF forms allow *multiple* people as controlling entity. + // Fix or justify! + CONTROLLING_ENTITY_FULL_NAME :: Text + CONTROLLING_ENTITY_DOMICILE :: Text + CONTROLLING_ENTITY_THIRD_PERSON :: Boolean + SIGN_NAME :: String + SIGN_DATE :: Date + +**Measure after submission from the customer**: If +``CONTROLLING_ENTITY_THIRD_PERSON`` is true, `vqf_902_9` needs to be filled +out. + +**Others:** + +When filled out by the customer, the form **must** contain a notice that +filling this form with incorrect information is a punishable offence (document +forgery) according to Swiss law. + +vqf_902_12 +^^^^^^^^^^ + +**Purpose:** Declaration for foundations. + +**This form will not be supported for the TOPS MVP. Foundations will either +not be accepted as customers or the AML officer will need to submit +a PDF form.** + +vqf_902_13 +^^^^^^^^^^ + +**Purpose:** Declaration for trusts. + +**This form will not be supported for the TOPS MVP. Trusts will either +not be accepted as customers or the AML officer will need to submit +a PDF form.** + +vqf_902_15 +^^^^^^^^^^ + +**Purpose:** Declaration for life insurance companies. + +**This form will not be supported for the TOPS MVP. Life insurance companies +will either not be accepted as customers or the AML officer will need to submit +a PDF form** + +Reporting +--------- + +GwG File List +^^^^^^^^^^^^^ + +Event Reporting +^^^^^^^^^^^^^^^ + +- Number of accounts that are opened (triggered the deposit limits and were then subject to KYC and AML processes). + [called: "Anzahl betreuter GwG Files" in German] +- Number of new GwG files in the last year (=> easy via stats). +- Number of GwG files closed in the last year (=> easy via stats). + [ Note: we only close GwG files after 1 year of inactivity, so not exactly pressing ...] +- Number of GwG files managed with "increased risk" (that remain in this status: so increment if property set, decrement if unset!) + [ based on all other high-risk events below, *or* high-risk assessment due to "risky business domain" checked ] +- Number of GwG files managed with "increased risk" due to PEP status (that remain in this status: so increment if property set, decrement if unset!) + [ AML decision needs an easy *property-setting/unsetting* checkbox to say: "controlled by domestic PEP" that increases this counter ] +- Number of GwG files managed with "increased risk" due to foreign PEP status (that remain in this status: so increment if property set, decrement if unset!) + [ AML decision needs an easy *property-setting/unsetting* checkbox to say: "controlled by foreign PEP" that increases this counter ] +- Number of GwG files managed with person of nationality or origin of a country classified as "high risk" (that remain in this status: so increment if property set, decrement if unset!) + [ AML decision needs an easy *property-setting/unsetting* checkbox to say: "controlled by person from high-risk country" that increases this counter ] +- Number of MROS reports based on Art 9 Abs. 1 GwG (per year) + [ AML decision needs an easy *event* checkbox to say: "reported to MROS under Meldepflicht" that increases this counter ] +- Number of MROS reports based on Art 305ter Abs. 2 StGB (per year) + [ AML decision needs an easy *event* checkbox to say: "reported to MROS under Melderecht" that increases this counter ] +- Number of customers involved in proceedings for which Art 6 GwG did apply [ AML decision needs *event* counter + "Customer involved in proceedings requiring investigations after Art 6 GwG" ] +- Number of customers involved in proceedings for which Art 6 GwG did apply but was not performed + [ AML decision needs *event* counter "Failure to investigate after Art 6 GwG" ] + +Suspicious Transaction Reporting +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Also called TmeR ("Transaktionen mit erhoehtem Risiko"). + +FIXME: Define our classification. Is the classification global or per-customer? + +FIXME: Define how this is technically implemented + +Open Questions +-------------- + +* What about MROS reporting? Does the AML officer just need to + set an event for this, or also upload a form? + +* Unclear (fdold): What is the difference between the controlling + entity and the beneficial owner? Clarify!