Screening counterparties in incoming and outgoing customer transactions
The Sanctions Act (Sanctiewet 1977 – Sw) and the Regulation on Supervision pursuant to the Sanctions Act 1977 (Regeling toezicht Sanctiewet 1977 – RtSw) stipulate that providers of crypto services must take measures to ensure they adequately check, at the minimum, the identities of the persons or legal entities with whom they have a business relationship in their records, in compliance with the sanctions regulations. The RtSw defines a party in a relationship as “anyone involved in a financial service or a financial transaction”. This includes the counterparty or other party involved in a transaction of a crypto service provider's customers.
The counterparty may be either the crypto service provider's own customer or a third party:
- A customer may send cryptos to or receive cryptos from their own (external) wallet not managed by the crypto service provider.
- A customer may receive cryptos from or send cryptos to a third person.
In transactions to and from external wallets, crypto service providers must be able to effectively screen the identity of a relationship with a person or legal entity as referred to in the sanctions regulations. Effectively, this means the following:
- The provider must establish the identity and place of residence of the counterparty and screens it against the sanctions lists (and this should not produce a hit).
- The provider must establish that this person or legal entity is actually the recipient or the sender.
The law does not stipulate a specific procedure for verification that the person or legal entity whose identity and place of residence have been established is actually the recipient or sender. The procedure must, however, offer adequate safeguards for screening counterparties.
For example, providers can whitelist external wallets using technological means. We have encountered various practices, such as:
- providing a crypto address to the customer (whether or not as a custodian)
- screen sharing or video conferencing at the time of logging in
- signing a transaction or sending back a small amount of cryptos to the provider on request
Other measures which may help to reduce risks but in isolation are most likely insufficient to comply with the Sw include:
- Investigating and monitoring (whitelisted) crypto addresses using pre- and post-transaction monitoring software
- Blocking crypto addresses linked to illegal activities and addresses sanctioned by the US Office of Foreign Assets Control (OFAC)
- Crypto service providers