commit c94be75455c7f4fc1405b90a51c180d123f906e6
parent 37eaa7d811086e6929b977f3d49a6057acac64c2
Author: Florian Dold <florian@dold.me>
Date: Mon, 17 Mar 2025 19:07:32 +0100
TOPS WIP
Diffstat:
| M | deployments/tops.rst | | | 191 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------- |
1 file changed, 166 insertions(+), 25 deletions(-)
diff --git a/deployments/tops.rst b/deployments/tops.rst
@@ -7,12 +7,14 @@ Taler Operations Deployment
Definitions / Glossary
----------------------
-* GwG: Geldwäschegesetz, Swiss law regarding anti-money laundering
+* GwG: German "Geldwäschegesetz", Swiss law regarding anti-money laundering
* VQF: Verein für Qualitätssicherung im Finanzwesen, self-regulatory
organization that Taler Operations AG is a member of and thus
needs to stick to their rules
-* TmeR: Transaktion mit erhöhtem Risiko
-* GmeR: Geschäftsbeziehung m.e.R.
+* TmeR: German "Transaktion mit erhöhtem Risiko", i.e.
+ high-risk transactions
+* GmeR: "Geschäftsbeziehung mit erhöhtem Risiko", i.e.
+ high-risk business relationships
Regulatory Requirements Introduction
------------------------------------
@@ -52,7 +54,7 @@ Establishing a Business Relationship
laundering reporting officer makes a recommendation to the management as to
whether the business relationship can be opened from the money laundering
reporting officer's point of view or not. The management decides on
- acceptance or rejection."
+ acceptance or rejection.
Monitoring a Business Relationship
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -60,8 +62,8 @@ Monitoring a Business Relationship
1. For each business relationship, risk-based and customer-specific transaction
limits are defined. If these are exceeded, an "alert" is automatically
generated. These transactions must then be validated by the responsible
- AML advisor. All validated alerts are checked by the AML
- officer and either approved or returned to the advisor for further
+ customer consultant. All validated alerts are checked by the AML
+ officer and either approved or returned to the customer consultant for further
validation, or escalated to management for final decision-making or
appropriate action.
@@ -69,7 +71,7 @@ Monitoring a Business Relationship
* every 5-7 years for low-risk business relationships
* every 2 years for high-risk business relationships
- * annually for PEP relationships"
+ * annually for PEP relationships
The review includes the verification of identification documents and any
supporting documents submitted when the business relationship was
@@ -85,10 +87,6 @@ Monitoring a Business Relationship
business relationship must be reviewed if special circumstances arise, such
as negative press reports, unusual transactions and activities, etc.
-FIXME: Further define AML officer vs AML advisor.
-advisor/Berater: Bankberater, ro
-AML officer: official AML officer, rw
-
Terminating a Business Relationship
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -130,19 +128,27 @@ Other measures:
Properties
----------
-TBD: Document TOPS-specific semantics of account properties.
+* ``FILE_NOTE``: Current note on the GWG file.
+
+Events
+------
+
+* TBD
+
PIN Letter
----------
-FIXME: Clarify the following points:
+After gathering initial information (``vqf_902_1_officer``), a letter with a
+PIN code is generated and sent to the customer. The customer needs to enter
+the PIN in the KYC SPA in order to validate their address. The letter
+also needs to ask the customer to send a certified copy of certain documents.
-* how is the PIN letter generated? How is the PIN generated/stored?
- * Challenger generates PIN letter
-* What exactly are the contents?
- * asking to send certified copies of certain documents
+The KYC SPA should also specify which documents are still needed.
-important point: after / when sending PIN letter, specify which documents are still needed
+Implementation notes:
+* The letter is sent and generated via ``challenger``
+* FIXME: How do we keep track of required documents?
AML/KYC Forms
-------------
@@ -151,10 +157,48 @@ The following subsections define the contents of the forms. The corresponding
field names are registered via `GANA <https://git.taler.net/gana.git/tree/gnu-taler-form-attributes>`_.
The the UI for the forms is defined in `taler-typescript-core <https://git.taler.net/taler-typescript-core.git/tree/packages/web-util/src/forms/gana>`_
+
+generic_note
+^^^^^^^^^^^^
+
+**Filled out by:** AML Officer, customer
+
+**Purpose:** Free-form note. Should be used instead of the ``FILE_NOTE`` when there
+are attachements or the note contains very sensitive information.
+
+**Attributes**:
+
+.. code:: none
+
+ NOTE :: Text
+ ATTACHMENT :: File
+
+
+generic_upload
+^^^^^^^^^^^^^^
+
+**Filled out by:** Customer
+
+**Purpose:** Free-form upload. The type/name of the requested
+document is taken from the context.
+
+**Context:**
+
+** ``REQUESTED_FILE_TITLE``
+** ``REQUESTED_FILE_DESCRIPTION``
+
+**Attributes**:
+
+.. code:: none
+
+ NOTE :: Text
+ ATTACHMENTS :: File
+
+
vqf_902_1_customer
^^^^^^^^^^^^^^^^^^
-**Filled out by:** AML Officer, Customer
+**Filled out by:** AML Officer, customer
**Purpose:**
Initial collection of basic attributes about customer during onboarding.
@@ -430,6 +474,109 @@ vqf_902_13
not be accepted as customers or the AML officer will need to submit
a PDF form.**
+
+vqf_902_14
+^^^^^^^^^^
+
+**Purpose**: Special clarifications regarding the customer. This form is filled
+out by at the initiative of the AML officer or in response to an alert.
+
+**Attributes:**
+
+.. code:: none
+
+ INCRISK_REASON :: Text
+ INCRISK_MEANS :: 'GATHERING' | 'CONSULTATION' | 'ENQUIRIES' | 'OTHER'
+ when INCRISK_MEANS_OTHER = 'OTHER' {
+ INCRISK_MEANS_OTHER :: Text
+ }
+ INCRISK_SUMMARY :: Text
+ INCRISK_DOCUMENTS :: Text
+ INCRISK_RESULT :: (
+ 'NO_SUSPICION' | 'REASONABLE_SUSPICION' |
+ 'SIMPLE_SUSPICION' | 'OTHER')
+ if INCRISK_REASON = 'OTHER' {
+ INCRISK_RESULT_OTHER :: Text
+ }
+
+* ``INCRISK_REASON``
+
+ * **Type:** Free-form, multi-line text.
+ * **Label DE:** [Grund für die besonderen Abklärungen]
+ Beschreibung der Umstände/Transaktionen, die zu
+ den besonderen Abklärungen geführt haben
+
+* ``INCRISK_MEANS``
+
+ * **Type**: Single choice
+ * **Choices**:
+
+ * ``GATHERING``
+
+ * **Label DE:** Einholen Auskunft von Vertragspartei, an Vermögenswerten
+ wirtschaftlich berechtigten Person, Kontrollinhaber
+
+ * ``CONSULTATION``
+
+ * **Label DE:** Konsultation öffentlicher Quellen und Datenbanken
+
+ * ``ENQUIRIES``
+
+ * **Label DE**: Erkundigung bei vertrauenswürden Dritten (z.B. Depotbank)
+
+ * ``OTHER``
+
+ * **Label DE**: Andere, welche?
+
+ * **Label DE:** Verwendete Mittel zur Abklärung
+
+* ``INCRISK_MEANS_OTHER``
+
+ * **Type:** Free-form, multi-line text
+ * **When:** ``INCRISK_MEANS = 'OTHER'``
+ * **Label DE:** Erklärung zu anderem Mittel
+
+* ``INCRISK_SUMMARY``
+
+ * **Type:** Fee-form, multi-line text.
+ * **Label DE:** Zusammenfassung und Plausibilisierung der eingeholten Informationen
+ (=> Die Ergebnisse der Abklärungen sind zu dokumentieren und auf ihre Plausibilisierung zu überprüfen.)
+
+* ``INCRISK_DOCUMENTS``
+
+ * **Type:** Fee-form, multi-line text.
+ * **Label DE:** Eingeholte/eingesehene Unterlagen
+
+* ``INCRISK_RESULT``
+
+ * **Type:** Single Choice
+ * **Choices:**
+
+ * ``NO_SUSPICION``
+
+ * **Label DE**: Sachverhalt konnte plausibilisiert werden, kein
+ begründeter Verdacht nach Art. 9 GwG (evtl. Anpassung Kun- denprofil (VQF
+ Dok. Nr. 902.5) und/oder Risikoprofil (VQF Dok. Nr. 902.4))
+
+ * ``REASONABLE_SUSPICION``
+
+ * **Label DE**: Begründeter Verdacht nach Art. 9 GwG, Meldepflicht an MROS
+
+ * ``SIMPLE_SUSPICION``
+
+ * **Label DE:** Einfacher Verdacht nach Art. 305ter Abs. 2 StGB, Melderecht an MROS
+
+ * ``OTHER``
+
+ * **Label DE:** Anderes, was?
+
+* ``INCRISK_RESULT_OTHER``
+
+ * **Type:** Free-form, multi-line text
+ * **When:** ``INCRISK_RESULT = 'OTHER'``
+ * **Label DE:** Erklärung zu anderem Verdacht
+
+
vqf_902_15
^^^^^^^^^^
@@ -523,9 +670,3 @@ Open Questions
for notes about the account.
=> Modeled as a form filled out only by the AML officer
-* Do we need a form to upload arbitrary PDF documents (also as the AML
- officer)? What other fields does this form need?
- => Aktennotiz or Besondere Abklärung
-
-* When do we need VQF document 902.14 ("Besondere Abklärung")?
- => On demand / after alerting
