ML/TF Risks and Decentralized Autonomous Organizations (DAOs)
Foundation companies, a category of corporate entities available to be incorporated in the Cayman Islands which allow for highly customized corporate governance with an ownerless trust-like variant, are becoming more popular as a legal entity vehicle allowing decentralized autonomous organizations (DAOs) to benefit from legal personality and limited liability, while still carrying out non-profit, social good or community growth objectives as per the DAO consensus mechanism in place.
Like any other legal entities incorporated in the Cayman Islands, foundation companies are subject to the Proceeds of Crime Act (As Revised), irrespective of their activities and whether they are or not regulated by the Cayman Islands Monetary Authority (CIMA). This implies that foundation companies cannot engage in activities which they (including any directors, officers, supervisors, etc.) know or suspect facilitate (by whatever means) money laundering and/or terrorist or proliferation financing by anyone else (the “ML/TF risks”). In addition, Cayman foundation companies cannot accept an asset contribution of any kind unless the Secretary, which is a service provider regulated by CIMA with a company management license, has given notice that there appears to be no objection under the Proceeds of Crime Law, the Terrorism Law, and the Money Laundering Regulations (the “AML/CFT rules”).
For this reason, the Directors of a foundation company, as part of their fiduciary duties, would need to receive comfort with respect to mitigation of the ML/TF risks. In addition, any bank relationship would likely be subject to the foundation company adopting and implementing policies and procedures to mitigate ML/TF risks, especially if the foundation company is carrying out certain activities related to virtual assets (VAs) generally.
As part of establishing best practices for the digital assets industry as well as protecting DAO assets, Provenance is typically recommending that a foundation company playing host to a DAO designates a person to be its Compliance Officer even when there is no mandatory legal obligation to do so. The person selected for the position should be someone knowledgeable of the foundation company’s operations and finances and the Chief Financial Officer (CFO) is often a good choice. It is not necessary to hire a professional to act as Compliance Officer, but if a professional is not hired, the foundation company should ensure that the Compliance Officer receives adequate training and resources. The decision to outsource mitigation of the ML/TF risks to professionals or build a compliance programme at the level of the foundation company is a business decision for Directors, who remain liable for compliance with applicable laws and regulations and retain their oversight and supervision duties. If the Compliance Officer role is covered by the CFO (or another officer), a recommendation is made to appoint a professional Money Laundering Reporting Officer (MLRO) and Deputy.
For the same reasons, Provenance is typically recommending that the foundation company takes reasonable measures to establish the identity of any contributors, donors, beneficiaries and partners, and runs AML/KYC due diligence and/or criminal records background checks on its beneficiaries (for grants, community members which are active contributors and receive financial benefits, independent contractors, etc.), as well as contributors and donors and partners. This due diligence process will ensure that the Secretary of the foundation company is reasonably assured of the provenance of any funds received by the foundation company, is confident that the foundation company knows the people and organizations it works with, and is able to identify and manage associated ML/TF risks. Under the Proceeds of Crime Act, the foundation company must report any suspicious transactions relating to ML/TF risk to the Cayman authorities, and keep a record of all such suspicious transactions reported.
Designing a compliance architecture should be done after the Compliance Officer takes steps to identify its specific ML/TF risks. Pursuant to the risk-based approach (RBA) which is the core principle of compliance, the assessment of the risks would directly affect what sort of due diligence and monitoring steps and any other actions the foundation company would need to take. In a nutshell, the greater the risks, the more the Directors of the foundation company will need to do to ensure that they have discharged their duty of care and other legal duties to prevent abuse of the foundation company and its resources, without impeding the foundation company from carrying out its designated objects, negative impact on people benefiting legitimately from the objects of the foundation company, imposing duplicative or unduly costly or burdensome measures, etc. Any short term or one-off cost needs to be assessed against the long term benefits, assurances required and public expectations, reputational issues, etc. Taking into consideration the scrutiny that digital assets projects are faced with from regulators worldwide, we believe that the additional costs of compliance are justified to protect the projects long term, and we advise accordingly.
Typically, the foundation company will monitor relationships with beneficiaries, contributors or donors and partners, as well as any outgoing payments. Adequate monitoring also ensures that funds or assets reach their proper destinations and are used as the foundation company intended. This will also reinforce any internal financial controls in place to ensure that funds are fully accounted for and spent in a manner that is consistent with the objects of the foundation company.
Key Points
FinTech, crypto and virtual assets businesses including recent models like DeFi, NFT, Web3, and Metaverse projects, are becoming more mainstream every day, but this means interacting with the traditional financial system also, and complying with regulatory requirements, and risk and corporate governance best practices. Provenance can help foundation companies ensure that their ML/TF risks are identified and adequately mitigated and the DAO assets are protected against misuse by bad actors. From the initial risk assessment to the design of the compliance architecture taking into account the specifics of each project, Provenance is acting as the compliance partner and providing additional comfort to the Board of Directors.
Other Compliance News
ChainSwap, a British Virgin Islands (BVI) company operating a ‘cross-chain bridge’, obtained a freezing order against several unknown crypto-wallets following the theft of digital assets.
As part of the publication of the Financial Stability Review Report, the European Central Bank (ECB) specifically addressed crypto-assets, noting that market has increased dramatically in both size and complexity since the end of 2020, that high volatility remains, and there is increasing correlation and interconnectedness with traditional assets and financial systems.
At the Chainalysis Links Conference, the United States (U.S.) Financial Crimes Enforcement Network (FinCEN) stressed out the need for “responsible financial innovation” and the need for compliance by design and/or embedded compliance. On the positive, according to FinCEN the cryptocurrency and digital assets industry has an immense opportunity to raise the bar for the next generation of financial services.
Industry publications flagged a significant increase in information stealing malware focusing on wallet, private keys and other cryptocurrency-related data, with multiple strategies and patterns for stealing cryptocurrency.
According to the Economic Well-Being of the U.S. Households report published by the Federal Reserve Board, 12% of adults held cryptocurrencies in 2021. According to the report, those who held cryptocurrency purely for investment were disproportionately high-income, almost always had a traditional banking relationship, and typically had other retirement savings.
The International Swaps and Derivatives Association (ISDA) published a report proposing a crypto-asset hedging framework.
Miami Mayor Francis Suarez spoke about crypto at the World Economic Forum.
In the U.S., one of the potential regulators for digital assets is the Commodity Futures Trading Commission (CFTC), which already covers BTC, ETH, futures, swaps, etc. This would imply stricter controls on market manipulation, similar to a recent CFTC action against Glencore, required to pay US$1.186 billion for its actions on the U.S. and global oil markets.
The value of Milady NFTs plummeted after revelations with respect to its founder, showcasing again the need for proper due diligence of investments made.
Andreessen Horowitz announced its fourth crypto-fund for Web3 for 4.5 billion dollars.
About Provenance
As the virtual assets industry is on the brink of mainstream adoption, the demand for services in this space far exceeds the capabilities of the traditional compliance providers. The difficulty to date has been that industry veterans have had neither the benefit of practical examples of how regulators will assess the servicing of virtual assets, nor do they have in house expertise or experience to confidently risk asses virtual asset engagements and build out the controls to mitigate associated risks. Additionally, the volatility in the asset class causes trepidation in traditional investment circles. We have established service lines across the specialist functions of compliance, internal audit, risk and advisory, with a focus on enhancing compliance and risk management solutions available to Investment Funds, Managers, Service Providers, and other participants in the virtual asset sector. We collectively bring over 75 years of experience in traditional legal, accounting and compliance services to the financial services industry, with recognised industry leaders and pioneers in developing solutions for virtual asset ventures in Cayman Islands, BVI and across the globe.