Taler Operations Deployment =========================== .. contents:: Table of Contents :depth: 3 Definitions / Glossary ---------------------- * GwG: German "Geldwäschegesetz", Swiss law regarding anti-money laundering * VQF: Verein für Qualitätssicherung im Finanzwesen, self-regulatory organization that Taler Operations AG is a member of and thus needs to stick to their rules * TmeR: German "Transaktion mit erhöhtem Risiko", i.e. high-risk transactions * GmeR: "Geschäftsbeziehung mit erhöhtem Risiko", i.e. high-risk business relationships * PEP: Politically exposed person * MROS: Money Laundering Reporting Office Switzerland * StGB: (Switzerland-specific:) Strafgesetzbuch, Swiss criminal law Regulatory Requirements Introduction ------------------------------------ Regulatory requirements are set by `VQF `_ and detailed in their SRO-Regulation document. Our AML processes are based on their forms ("VQF Document Nr. 902.$x"). High-Level Processes -------------------- Establishing a Business Relationship ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1. A business relationship must be established if the thresholds of 15,000 CHF per year or 2,500 CHF per month are exceeded. The GNU Taler transaction system automatically records the transaction volumes and notifies the customer when a business relationship needs to be established. At this point, transactions are then frozen until the business relationship is established. 2. To do this, the customer must complete the corresponding VQF forms online and upload documents. The customer's address is then verified by sending a PIN letter. The customer must also submit a certified copy of their ID by postal mail. This is then digitally and physically filed. Alternatively, an identity check can in principle also be carried out manually by TOPS employees on site (in person) at the customer's premises. In this case, the ID copies must be signed by the TOPS employee. 3. New business relationships are checked against the current sanctions list. An automatic preliminary check takes place first, and suspected cases are then processed manually. 4. When all the required data has been provided, it is in any case checked manually by the AML officer. Finally, the AML officer must categorize the customer to to derive a risk profile. Based on the risk profile, risk-based rules are set for monitoring the business relationship. If the AML officer has concerns about the business, they escalate the case to the management as to whether the business relationship can be opened. The management can then make a final decision on acceptance or rejection. Monitoring a Business Relationship ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1. For each business relationship, risk-based and customer-specific transaction limits are defined. If these are exceeded, an "alert" is automatically generated. These transactions must then be validated by the responsible customer consultant. All validated alerts are checked by the AML officer and either approved or returned to the customer consultant for further validation, or escalated to management for final decision-making or appropriate action. 2. Business relationships are periodically reviewed and updated. The following rhythm applies: * every 5-7 years for low-risk business relationships * every 2 years for high-risk business relationships * annually for PEP relationships The review includes the verification of identification documents and any supporting documents submitted when the business relationship was established. Likewise, the information in the customer profile and the transaction behavior during the duration of the business relationship are reviewed. 3. All business relationships are continuously and automatically checked against current sanctions lists, especially when a new sanctions list is available, without delay. 4. Regardless of the risk category and the corresponding review frequency, a business relationship must be reviewed if special circumstances arise, such as negative press reports, unusual transactions and activities, etc. Terminating a Business Relationship ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ A business relationship is automatically considered terminated if no transactions have been processed with the GNU Taler system for over 12 months. Credit / Debit Restrictions --------------------------- Only Swiss IBANs (``CH...``) are allowed for both credit and debit transactions. Initial Threshold Rules ----------------------- * Withdrawal * ``withdrawal-low``: 200 CHF per month => measure ``sms-registration`` (or ``postal-registration``) * 2500 CHF per month => measure ``verboten`` * 15000 CHF per year => measure ``verboten`` * Deposit: * ``deposit-zero``: 0 CHF => measure ``accept-tos`` * 2500 CHF per month => measure ``kyx`` * 15000 CHF per year => measure ``kyx`` * Aggregate: * 2500 CHF per month => measure ``kyx`` * 15000 CHF per year => measure ``kyx`` * Merge (p2p receive) * ``merge-zero``: 0 CHF => measure ``sms-registration`` (or ``postal-registration``) * 2500 CHF per month => measure ``verboten`` * 15000 CHF per year => measure ``verboten`` Measures --------- Measures that ask for information: * ``sms-registration``: Validate (Swiss) mobile phone number of customer via SMS TAN. * On success: * Remove rule ``withdrawal-low`` * Remove rule ``merge-zero`` * ``postal-registration``: Validate (Swiss) postal address of customer via snail mail with TAN. * On success: * Remove rule ``withdrawal-low`` * Remove rule ``merge-zero`` * If arriving at the form via ``kyx`` measure, continue with manual check by AML officer. * ``accept-tos``: Ask customer to accept terms of service. * On success: * Remove rule ``deposit-zero`` * ``kyx``: Allow customer to initiate KYC/KYC process via form ``vqf_902_1_customer``. * On success: * Follow-up with other VQF-forms, or * ``postal-registration`` to validate submitted address, or * if everything is done AML officer must proceed manually with plausibilization. * ``form-902.9``: Allow customer fill out form to determine beneficiary owner. * On success: * Possibly more forms triggered via ``kyx``, or * ``postal-registration`` to validate submitted address, or * if everything is done AML officer must proceed manually with plausibilization. * ``form-902.11``: Allow customer fill out form to determine controlling person. * On success: * Possibly more forms triggered via ``kyx``, or * ``postal-registration`` to validate submitted address, or * if everything is done AML officer must proceed manually with plausibilization. Threshold Presets ----------------- Threshold presets are presets that the AML officer can select after the verifying the customer's documents and conducting a risk assessment. Exact thresholds will depend on the busines type and risk and may be assigned fully individually. However, we have a few typical profiles: * E-commerce: * Merge: 0 CHF / month * Withdrawal: 0 CHF / month * Deposit: 25000 CHF / month (high-value transactions with Taler are suspicious) * Aggregate: 25000 CHF / month * Point-of-sale: * Merge: 25000 CHF / month (peer-to-peer transfers may happen there) * Withdrawal: 0 CHF / month * Deposit: 25000 CHF / month (high-value transactions with Taler are suspicious) * Aggregate: 25000 CHF / month Properties ---------- FIXME-#9678: we should put these into GANA. * ``FILE_NOTE :: Text``: * Current note on the GWG file. * ``CUSTOMER_LABEL :: Text`` * Customer name or internal alias. * ``AML_ACCOUNT_OPEN :: Boolean`` * Was this customer activated for deposit operations? * Only set after merchant passes KYC * We store this to know when to emit the ``(INCR|DECR)_ACCOUNT_OPEN`` and related events * ``AML_DOMESTIC_PEP :: Boolean`` * Is the customer a domestic PEP? * ``AML_FOREIGN_PEP :: Boolean`` * Is the customer a foreign PEP? * ``AML_INTERNATIONAL_ORG_PEP :: Boolean`` * Is the customer a international org PEP? * ``AML_HIGH_RISK_CUSTOMER :: Boolean`` * Is the customer classified as high-risk? * ``AML_HIGH_RISK_COUNTRY :: Boolean`` * Is the customer associated with high-risk (VQF Dok. Nr. 902.4.1) country? * ``AML_ACCOUNT_IDLE :: Boolean`` * The account has been marked as idle (typically by a batch process that checks for idle accounts). * ``AML_INVESTIGATION_STATE`` * The MROS reporting state for the account. * Values: * ``NONE`` / undefined: No MROS reporting for that account * ``INVESTIGATION_PENDING``: Pending investigation. The AML officer should submit ``vqf_902_14`` to conclude investigation. Usually the property would be set by the sanction list tool or some AML program that detects an account crossing a threshold or an SQL trigger doing transaction monitoring (see ``tops-0001.sql`` for an example). The ``vqf_902_14`` form could also be used to start an investigation (by setting ``INCRISK_RESULT`` to ``OTHER``). * ``INVESTIGATION_COMPLETED_WITHOUT_SUSPICION``: Completed according to Art. 6 GwG * ``REPORTED_SUSPICION_SIMPLE``: Reported under Art. 305 StGB (German "einfacher Verdacht", simple suspicion) * ``REPORTED_SUSPICION_SUBSTANTIATED``: Reported under Art. 9 GwG (German "begründeter Verdacht", substantiated suspicion) * ``AML_INVESTIGATION_TRIGGER :: Text`` * Informal reason why the AML investigation was triggered; examples include suspicious transaction or (automated) sanction list match * ``SANCTION_LIST_BEST_MATCH :: Text`` * Identifies the sanction list entry that the account matched against (best match, does not mean it was a good match) * ``SANCTION_LIST_RATING :: float`` * [0,1] score for how good the sanction list match was (0: none, 1: perfect match) * ``SANCTION_LIST_CONFIDENCE :: float`` * [0,1] score for how much supporting data we had for the sanction list match (0: none, 1: all fields available) Events ------ Account opening/closing: * ``INCR_ACCOUNT_OPEN`` / ``DECR_ACCOUNT_OPEN`` PEP/Risk classification: * ``INCR_HIGH_RISK_CUSTOMER`` / ``DECR_HIGH_RISK_CUSTOMER`` * ``INCR_HIGH_RISK_COUNTRY`` / ``INCR_HIGH_RISK_COUNTRY`` * ``INCR_PEP`` / ``DECR_PEP`` * ``INCR_FOREIGN_PEP`` / ``DECR_FOREIGN_PEP`` * ``INCR_DOMESTIC_PEP`` / ``DECR_DOMESTIC_PEP`` * ``INCR_INTERNATIONAL_ORG_PEP`` / ``DECR_INTERNATIONAL_ORG_PEP`` MROS Reporting (see ``AML_INVESTIGATION_STATE`` property): * ``MROS_REPORTED_SUSPICION_SIMPLE`` * ``MROS_REPORTED_SUSPICION_SUBSTANTIATED`` * ``INCR_INVESTIGATION_CONCLUDED`` / ``DECR_INVESTIGATION_CONCLUDED`` PIN Letter ---------- After gathering initial information (``vqf_902_1_officer``), a letter with a PIN code is generated and sent to the customer. The customer needs to enter the PIN in the KYC SPA in order to validate their address. The letter also needs to ask the customer to send a certified copy of certain documents. The KYC SPA should also specify which documents are still needed. Implementation notes: * The letter is sent and generated via ``challenger`` * We keep track of required documents via an ``INFO`` measure, where the context is updated based on documents still required. AML/KYC Forms ------------- The following subsections define the contents of the forms. The corresponding field names are registered via `GANA `_. The the UI for the forms is defined in `taler-typescript-core `_ generic_note ^^^^^^^^^^^^ **Filled out by:** AML Officer, customer **Purpose:** Free-form note. Should be used instead of the ``FILE_NOTE`` when there are attachements or the note contains very sensitive information. **Form Demo:** `Link `_ **Attributes**: .. code:: none NOTE_TEXT :: Text SUPPLEMENTAL_FILES_LIST[].DESCRIPTION :: Text SUPPLEMENTAL_FILES_LIST[].FILE :: File generic_upload ^^^^^^^^^^^^^^ **Filled out by:** Customer **Purpose:** Free-form upload. The type/name of the requested document is taken from the context. **Form Demo:** `Link `_ **Context:** * ``REQUESTED_FILE_TITLE`` * ``REQUESTED_FILE_DESCRIPTION`` **Attributes**: .. code:: none NOTE_TEXT :: Text FILE :: File vqf_902_1_customer ^^^^^^^^^^^^^^^^^^ **Filled out by:** AML Officer, customer **Purpose:** Initial collection of basic attributes about customer during onboarding. **Form Demo:** `Link `_ **Remarks:** * We first ask for ``CUSTOMER_TYPE`` to know what type of basic information we need to ask. Only later in the form we ask for ``CUSTOMER_TYPE_VQF``, which can be ``OTHER``. We can't combine those two fields, as for ``CUSTOMER_TYPE_VQF=OTHER`` we wouldn't know what basic information to ask. **Attributes**: .. code:: none title TITLE_VQF_902_1_CUSTOMER CUSTOMER_TYPE :: 'NATURAL_PERSON' | 'LEGAL_ENTITY' when CUSTOMER_TYPE = 'NATURAL_PERSON' { FULL_NAME :: Text DOMICILE_ADDRESS :: Text CONTACT_PHONE :: Optional[Text] CONTACT_EMAIL :: Optional[Text] DATE_OF_BIRTH :: Date NATIONALITY :: Text PERSONAL_IDENTIFICATION_DOCUMENT_COPY :: DataUri CUSTOMER_IS_SOLE_PROPRIETOR :: Boolean when CUSTOMER_IS_SOLE_PROPRIETOR { COMPANY_NAME :: Optional[Text] REGISTERED_OFFICE_ADDRESS :: Optional[Text] LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY :: Optional[DataUri] } } when CUSTOMER_INFO_TYPE = 'LEGAL_ENTITY' { COMPANY_NAME :: Text DOMICILE_ADDRESS :: Text CONTACT_PERSON_NAME :: Optional[Text] CONTACT_PHONE :: Optional[Text] CONTACT_EMAIL :: Optional[Text] LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY :: DataUri ESTABLISHER_LIST[].FULL_NAME :: Text ESTABLISHER_LIST[].DOMICILE_ADDRESS :: Text ESTABLISHER_LIST[].DATE_OF_BIRTH :: Text ESTABLISHER_LIST[].NATIONALITY :: Text ESTABLISHER_LIST[].PERSONAL_IDENTIFICATION_DOCUMENT_COPY :: File ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE :: 'SINGLE' | 'COLLECTIVE_TWO' | 'OTHER' ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_TYPE :: 'CR' | 'MANDATE' | 'OTHER' ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_DOCUMENT_COPY :: File when (ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE = 'OTHER') { ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_OTHER :: Text } } CORRESPONDENCE_LANGUAGE :: 'en' | 'de' | 'fr' | 'it' CUSTOMER_TYPE_VQF :: ( 'NATURAL' | 'OPERATIONAL' | 'FOUNDATION' | 'TRUST' | 'LIFE_INSURANCE' | 'OTHER') * ``CUSTOMER_TYPE`` * **Type:** Single choice * **Choices:** * ``NATURAL_PERSON`` * **Label DE:** Die Vertragspartei ist eine natürliche Person * ``LEGAL_ENTITY`` * **Label DE:** Die Vertragspartei ist eine juristische Person * ``CUSTOMER_TYPE_VQF`` * **Description:** Customer type according to the VQF classification. * **Type:** Single Choice * **Choices:**: * ``NATURAL`` * **Label DE**: Die Vertragspartei ist eine natürliche Person und es bestehen keine Zweifel, dass diese selber an den Vermögenswerten wirtschaftlich berechtigt ist * **Label EN:** A natural person and there are no doubts that this person is the sole beneficial owner of the assets * ``OPERATIONAL`` * **Label DE**: ... eine operative juristische Person oder Personengesellschaft * ``FOUNDATION`` * **Label DE**: ... eine Stiftung (oder ein ähnliches Konstrukt; inkl. Underlying Companies). * ``TRUST`` * **Label DE**: ... ein Trust (inkl. Underlying Companies) * ``LIFE_INSURANCE`` * **Label DE**: ... eine Lebensversicherung mit separater Konto-/Depotführung (sog. Insurance Wrapper) * ``OTHER`` * **Label DE**: alle übrigen Fälle * ``FULL_NAME`` * **Description**: Full name of the customer. * **Type**: Single-line text * **Label EN**: Name / First Name * **Label DE**: Name/Vorname * ``DOMICILE_ADDRESS`` * **Description**: Domicile address of the customer. * **Type**: Multi-line text * **Label DE**: Wohnsitzadresse * ``CONTACT_PHONE`` * **Description:** Contact phone number of the customer. * **Type**: Phone number (**optional**) * **Label DE:** Telefon * ``CONTACT_EMAIL`` * **Description:** Contact e-mail address of the customer. * **Type**: E-Mail address (**optional**) * **Label DE:** E-Mail * ``DATE_OF_BIRTH`` * **Description:** Customer's date of birth. * **Type**: Date * **Label DE:** Geburtstsdatum * ``NATIONALITY`` * **Description:** Customer's nationality (only for natural person). * **Type**: Country code * **Label DE:** Staatsangehörigkeit * ``PERSONAL_IDENTIFICATION_DOCUMENT_COPY`` * **Type**: File upload (PDF). * **Label DE:** Identification document * ``CUSTOMER_NATURAL_COMPANY_NAME`` * **Type**: Single-line text * **Label DE:** [Bei Inhabern von Einzelunternehmen (in Ergänzung zu oben):] Firma * ``REGISTERED_OFFICE_ADDRESS`` * **Type**: Multi-line text * **Label DE:** [Bei Inhabern von Einzelunternehmen (in Ergänzung zu oben):] Geschäftsadresse * ``LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY`` * **Type**: File upload (PDF). * **Label DE:** Identifizierungsdokument für Unternehmen * ``COMPANY_NAME`` * **Type:** Single-line text * **Label DE:** Firma * ``CONTACT_PERSON_NAME`` * **Type:** Single-line text (**optional**) * **Label DE:** Kontaktperson * ``CORRESPONDENCE_LANGUAGE`` * **Type:** Single selection * **Choices:** ISO 639-1 Alpha-2 language codes. Currently only ``en``, ``de``, ``fr`` and ``it`` are supported. * ``ESTABLISHER_LIST[].FULL_NAME`` * **Type:** Single-line string * **Label DE:** Name/Vorname * ``ESTABLISHER_LIST[].DOMICILE`` * **Type:** Multi-line string * **Label DE:** Wohnsitzadresse * ``ESTABLISHER_LIST[].NATIONALITY`` * **Type:** ISO 3166 two-letter uppercase country code. * **Label DE:** Staatsangehörigkeit * ``ESTABLISHER_LIST[].PERSONAL_IDENTIFICATION_DOCUMENT_COPY`` * **Type**: File upload (PDF). * **Label DE:** Identifikationsdokument * ``ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE`` * **Type:** Single Choice * **Label DE:** Art der Zeichnungs- oder Vertretungsberechtigung * **Required:** yes * **Choices:** * ``SINGLE`` * **Label DE:** Einzelunterschrift * ``COLLECTIVE_TWO`` * **Label DE:** Kollektiv zu zweit * ``OTHER`` * **Label DE:** Anderes * ``ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE_OTHER`` * **Type:** Single-line string * ``ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE`` * **Type:** Single Choice * **Label DE:** Kenntnisnahme der Bevollmächtigtenbestimmungen durch * **Choices**: * ``CR`` * **Label DE:** Handelsregisterauszug * ``MANDATE`` * **Label DE:** Vollmacht * ``OTHER`` * **Label DE:** Anderes: * ``ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_OTHER`` * **Type**: Single-line text * ``ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_DOCUMENT_COPY`` * **Description:** Attached document as evidence of the person's signing authority. * **Type:** File upload. **Strings** * ``TITLE_VQF_902_1_CUSTOMER`` * ``Identifizierungsformular (Kundenbasisdaten)`` **Measure after submission by customer:** Depending on ``CUSTOMER_INFO_TYPE``, the customer is asked to fill out another form: * ``NATURAL``: No other form to fill out. A PIN letter will be directly sent to the customer. * ``OPERATIONAL``: Form ``vqf_902_11`` * ``FOUNDATION``: Form ``vqf_902_12`` * ``TRUST``: Form ``vqf_902_13`` * ``LIFE_INSURANCE``: Form ``vqf_902_15`` * ``OTHER``: Form ``vqf_902_9`` vqf_902_1_officer ^^^^^^^^^^^^^^^^^ **Filled out by:** Only AML Officer **Prerequisites:** ``vqf_902_1_customer`` (with follow-up form if required), ``vqf_902_5`` and ``vqf_902_4`` must have been submitted and checked. **Form Demo:** `Link `_ **Differences from VQF form 902.1:** * We do not ask for the type of correspondence service, but instead assume that correspondence is done via the Taler protocol or directly to the customer via postal mail. * We do not accept languages other than English, German and French * Section 6 ("Laufkunden/Kassageschäften") is not applicable * Section 7 ("Beilagen"): The other forms must be filed by the AML officer *before* filing ``vqf_902_1_officer``. In the future, this will be checked by an AML program that runs for the form submission. **Attributes:** .. code:: none ACCEPTANCE_DATE :: Date ACCEPTANCE_METHOD :: ( 'FACE_TO_FACE' | 'AUTHENTICATED_COPY' | 'RESIDENTIAL_ADDRESS_VALIDATED') ACCEPTANCE_FURTHER_INFO :: Optional[Text] EMBARGO_TERRORISM_CHECK_RESULT :: 'LISTED' | 'NOT_LISTED' EMBARGO_TERRORISM_CHECK_DATE :: Date when EMBARGO_TERRORISM_INFO = 'LISTED' { EMBARGO_TERRORISM_INFO :: Text } SUPPLEMENTAL_FILES_LIST[].FILE :: File SUPPLEMENTAL_FILES_LIST[].DESCRIPTION :: File vqf_902_4 ^^^^^^^^^ **Filled out by:** AML officer only **Purpose:** The AML officer uses this form to document the risk profile of a customer. **Form Demo:** `Link `_ **Differences from VQF form** * "LÄNDERRISIKO (Zahlungsverkehr)" does not apply, since we only accept Swiss customers * "PRODUKTRISIKO (Art der vom Kunden verlangten Dienstleistungen und Produkte) does not apply, since we do not offer customized products/services. **Attributes:** .. code:: none PEP_FOREIGN :: Boolean PEP_DOMESTIC :: Boolean PEP_INTERNATIONAL_ORGANIZATION :: Boolean when (PEP_DOMESTIC or PEP_INTERNATIONAL_ORGANIZATION) { PEP_HIGH_RISK :: Boolean } when PEP_FOREIGN or PEP_HIGH_RISK { PEP_ACCEPTANCE_DATE :: Date } HIGH_RISK_COUNTRY :: Boolean when HIGH_RISK_COUNTRY { HIGH_RISK_ACCEPTANCE_DATE :: Date } // FIXME-#9679: Unclear if this is single-choice or multiple-choice COUNTRY_RISK_NATIONALITY_TYPE :: List[ 'NATIONALITY_CUSTOMER' | 'NATIONALITY_OWNER' | 'DOMICILE_CUSTOMER' | 'DOMICILE_OWNER' | 'DOMICILE_CONTROLLING'] COUNTRY_RISK_NATIONALITY_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' // FIXME-#9679: Unclear if this is single-choice or multiple-choice COUNTRY_RISK_BUSINESS_TYPE :: List['CUSTOMER' | 'OWNER'] COUNTRY_RISK_BUSINESS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' COUNTRY_RISK_PAYMENTS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' INDUSTRY_RISK_TYPE :: 'CUSTOMER' | 'OWNER' INDUSTRY_RISK_LEVEL :: ( 'TRANSPARENT' | 'HIGH_CASH_TRANSACTION' | 'NOT_WELL_KNOWN' | 'HIGH_RISK_TRADE' | 'UNKNOWN_INDUSTRY') CONTACT_RISK_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH' RISK_RATIONALE :: Text RISK_CLASSIFICATION_LEVEL :: 'HIGH_RISK' | 'NO_HIGH_RISK' when RISK_CLASSIFICATION_LEVEL = 'HIGH_RISK' { HIGH_RISK_ACCEPTANCE_DATE :: Date } * ``PEP_FOREIGN`` * **Type**: Checkbox * **Label DE:** Ist die Vertragspartei, der wirtschaftlich Berechtige resp. Kontrollinhaber oder der Bevollmächtigte ein ausländischer PEP oder steht er einem solchen nahe? * ``PEP_DOMESTIC`` * **Type**: Checkbox * **Label DE:** Ist die Vertragspartei, der wirtschaftlich Berechtigte resp. Kontrollinhaber oder der Bevollmächtigte ein inländischer PEP * ``PEP_INTERNATIONAL_ORGANIZATION`` * **Type**: Checkbox * **Label DE:** Ist die Vertragspartei, der wirtschaftlich Berechtigte resp. Kontrollinhaber oder der Bevollmächtigte ein PEP bei internationalen Organisationen oder steht er einem solchen nahe? * ``PEP_HIGH_RISK`` * **Type**: Checkbox * **Label DE:** Ist ein Risikokriterium aus diesem Formular erfüllt? * **VQF form original label:** Ist ein Risikokriterium gemäss Ziff. 3 nachfolgend erhöht? * ``PEP_ACCEPTANCE_DATE`` * **Type:** Date * **Label DE:** Die Zustimmung des obersten Geschäftsführungsorgans zur Aufnahme einer Geschäftsbeziehung mit einem PEP wurde eingeholt am: * ``COUNTRY_RISK_NATIONALITY_TYPE`` * **Type:** Multi-choice * **Label DE:** LÄNDERRISIKO (Nationalität) * **Choices:** * ``NATIONALITY_CUSTOMER`` * **Label DE:** [Staatsangehörigkeit] Vertragspartei * ``NATIONALITY_OWNER`` * **Label DE:** [Staatsangehörigkeit] An Vermögenswerten wirtschaftlich berechtigte Person * ``DOMICILE_CUSTOMER`` * **Label DE:** [Sitz/Wohnsitz] Vertragspartei * ``DOMICILE_CONTROLLING`` * **Label DE:** [Sitz/Wohnsitz] Kontrollinhaber * ``DOMICILE_OWNER`` * **Label DE:** [Sitz/Wohnsitz] an Vermögenswerten wirtschaftlich berechtigte Personen * ``COUNTRY_RISK_NATIONALITY_LEVEL`` * **Type:** Single choice * **Choices:** * ``LOW`` * **Label DE:** Risiko 0 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1) * ``MEDIUM`` * **Label DE:** Risiko 1 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1) * ``HIGH`` * **Label DE:** Risiko 2 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1) * ``COUNTRY_RISK_BUSINESS_TYPE`` * **Type:** Multi-choice * **Label DE:** LÄNDERRISIKO (Geschäftstätigkeit) * **Choices:** * ``CUSTOMER`` * **Label DE:** [Ort der Geschäftstätigkeit] Vertragspartei * ``OWNER`` * **Label DE:** [Ort der Geschäftstätigkeit] an Vermögenswerten wirtschaftlich berechtigte Person * ``COUNTRY_RISK_BUSINESS_LEVEL`` * **Type:** Single choice * **Choices:** * ``LOW`` * **Label DE:** Risiko 0 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1) * ``MEDIUM`` * **Label DE:** Risiko 1 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1) * ``HIGH`` * **Label DE:** Risiko 2 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1) * ``INDUSTRY_RISK_TYPE`` * **Type:** Multi-choice * **Label DE:** BRANCHENRISIKO * **Choices:** * ``CUSTOMER`` * **Label DE:** [Art der Geschäftstätigkeit] Vertragspartei * ``OWNER`` * **Label DE:** [Art der Geschäftstätigkeit] an Vermögenswerten wirtschaftlich berechtigte Person * ``INDUSTRY_RISK_LEVEL`` * **Type:** Single choice * **Choices:** * ``TRANSPARENT`` * **Label DE:** Dem Mitglied gut bekannte, klar um rissene, transparente und einfach verständliche Geschäftstätigkeit * ``HIGH_CASH_TRANSACTION`` * **Label DE:** Geschäftstätigkeit mit hohen Bargeldtransaktionen * ``NOT_WELL_KNOWN`` * **Label DE:** Dem Mitglied eher unbekannte Tätigkeit * ``HIGH_RISK_TRADE`` * **Label DE:** Waffen-/Rüstungshandel, Rohedelsteine- und Diamantenhandel, Schmuckhandel, internationaler Handel mit exotischen Tieren, Casino- und Lotteriegewerbe, Erotikgewerbe * ``UNKNOWN_INDUSTRY`` * **Label DE:** Keinerlei persönliche Kenntnisse des Mitglieds zur Branche der Vertragspartei * ``CONTACT_RISK_LEVEL`` * **Type:** Multi-choice * **Label DE:** KONTAKTRISIKO: Kontaktformen zur Vertragspartei/an Vermögenswerten wirtschaftlich berechtigten Person * **Choices:** * ``LOW`` * **Label DE**: Persönliche Bekanntschaft zwischen Mitglied und Vertragspartei/an Vermögenswerten wirtschaftlich berechtigter Person vor Geschäftsaufnahme seit mehreren Jahren (min. 2 Jahre) * ``MEDIUM`` * **Label DE**: Vertragspartei/an Vermögenswerten wirtschaftlich berechtigte Person war dem Mitglied vor Geschäftsaufnahme nicht seit mehreren Jahren (min. 2 Jahre) persönlich bekannt, aber (a) keine Geschäftsaufnahme unter Abwesenden oder (b) zumindest Einführung/Vermittlung des Kunden durch eine Vertrauensperson * ``HIGH`` * **Label DE**: Vertragspartei/an Vermögenswerten wirtschaftlich berechtigte Person persönlich unbekannt und Geschäftsaufnahme unter Abwesenden (Korrespondenzbeziehung) sowie keine Einführung/Vermittlung des Kunden durch eine Vertrauensperson * ``RISK_RATIONALE`` * **Type:** Multi-line text * **Label DE:** Begründung für abweichende Risikobewertung * ``HIGH_RISK`` * **Type:** Checkbox (yes/no) * **Label DE:** [Risikoklassifizierung] Geschäftsbeziehung mit erhöhtem Risiko * ``HIGH_RISK_ACCEPTANCE_DATE`` * **Type:** Checkbox (yes/no) * **Label DE:** Die Zustimmung einer vorgesetzten Person / Stelle oder der Geschäftsführung zur Aufnahme einer Geschäftsbeziehung mit erhöhtem Risiko wurde eingeholt am: vqf_902_5 ^^^^^^^^^ **Filled out by:** AML officer only **Purpose:** Customer profile **Form Demo:** `Link `_ **Differences from VQF form:** **Attributes:** .. code:: none BIZREL_PROFESSION :: Text BIZREL_FINANCIAL_CIRCUMSTANCES :: Text BIZREL_ORIGIN_NATURE :: Text BIZREL_ORIGIN_AMOUNT :: Text BIZREL_ORIGIN_CATEGORY :: List[ 'SAVINGS' | 'OWN_BUSINESS' | 'INHERITANCE' | 'OTHER'] when BIZREL_ORIGIN_CATEGORY contains 'OTHER' { BIZREL_ORIGIN_CATEGORY_OTHER :: Text } BIZREL_ORIGIN_DETAIL :: Text BIZREL_PURPOSE :: Text BIZREL_DEVELOPMENT :: Text BIZREL_FINANCIAL_VOLUME :: Text BIZREL_FINANCIAL_BENEFICIARIES_FULL_NAME :: Text BIZREL_THIRDPARTY_RELATIONSHIP :: Text BIZREL_THIRDPARTY_AMLA_FILES :: Text BIZREL_THIRDPARTY_REFERENCES :: Text BIZREL_FURTHER_INFO :: Text * ``BIZREL_PROFESSION`` * **Type:** Multi-line text * **Label DE:** [Geschäftliche Aktivitäten] Beruf, geschäftliche Aktivitäten etc. (frühere, aktuelle, evtl. geplante) * ``BIZREL_FINANCIAL_CIRCUMSTANCES`` * **Type:** Multi-line text * **Label DE:** [Finanzielle Verhältnisse] Einkommen und Vermögen, Verpflichtungen (geschätzt) * ``BIZREL_ORIGIN_NATURE`` * **Type:** Multi-line text * **Label DE:** [Herkunft der eingebrachten Vermögenswerte] Art, Betrag und Währung der eingebrachten Vermögenswerte * ``BIZREL_ORIGIN_CATEGORY`` * **Type:** Multiple choice * **Label DE:** [Herkunft der eingebrachten Vermögenswerte] Art, Betrag und Währung der eingebrachten Vermögenswerte * **Choices:** * ``SAVINGS`` * **Label DE**: Ersparnis * ``OWN_BUSINESS`` * **Label DE**: Eigener Geschäftsbetrieb * ``INHERITANCE`` * **Label DE**: Erbschaft * ``OTHER`` * **Label DE**: Anderes, was? * ``BIZREL_ORIGIN_CATEGORY_OTHER`` * **Type**: Multi-line text * **Label DE**: Andere Herkunft: * ``BIZREL_ORIGIN_DETAIL`` * **Type**: Multi-line text * **Label DE**: [Herkunft der eingebrachten Vermögenswerte] Detaillierte Beschreibung der wirtschaftlichen Herkunft der in die Geschäftsbeziehung eingebrachten Vermögenswerte * ``BIZREL_PURPOSE`` * **Type**: Multi-line text * **Label DE**: Zweck des Geschäfts- bzw. der Geschäftsbeziehung * ``BIZREL_DEVELOPMENT`` * **Type**: Multi-line text * **Label DE**: Angaben über die geplante Entwicklung der Geschäftsbeziehung und der Vermögenswerte * ``BIZREL_VOLUME`` * **Type**: Multi-line text * **Label DE**: Insbesondere bei Kassa-, Geld- und Wertübertragungsgeschäften mit Stammkunden: (1) Angaben zum üblichen Geschäftsvolumen (2) Angaben zu den Begünstigten (Name, Vorname, Adresse, Bankverbindung) * ``BIZREL_THIRDPARTY_RELATIONSHIP`` * **Type**: Multi-line text * **Label DE**: Beziehung der Vertragspartei zu wirtschaftlich berechtigten Personen, Kontrollinhaber, Begünstigten, Bevollmächtigten und weiteren in die Geschäftsbeziehung involvierten Personen * ``BIZREL_THIRDPARTY_AMLA_FILES`` * **Type**: Multi-line text * **Label DE:** Verbindungen zu anderen GwG-Files * ``BIZREL_THIRDPARTY_REFERENCES`` * **Type**: Multi-line text * **Label DE:** Introducer / Vermittler / Referenzen * ``BIZREL_FURTHER_INFO`` * **Type**: Multi-line text * **Label DE:** Sonstige aus Sicht des Mitglieds relevante Informationen vqf_902_9 ^^^^^^^^^ **Filled out by:** AML officer or customer **Purpose:** Establish the identity of the beneficial owner. **Form Demo:** `Link `_ **Differences from VQF form 902.9:** * The VQF form can only be filled out by the customer. We also allow the AML officer to fill out this form, but then require an attached version signed by the customer. **Attributes:** .. code:: none SUBMITTED_BY :: 'AML_OFFICER' | 'CUSTOMER' info DECL_BENEFICIAL_OWNER CONTRACTING_PARTY :: String BENEFICIAL_OWNER_LIST[].FULL_NAME :: String BENEFICIAL_OWNER_LIST[].BIRTHDATE :: Date BENEFICIAL_OWNER_LIST[].DOMICILE :: AddressString BENEFICIAL_OWNER_LIST[].NATIONALITY :: CountryCodeString when SUBMITTED_BY = 'AML_OFFICER' { ATTACHMENT_SIGNED_DOCUMENT :: File } when SUBMITTED_BY = 'CUSTOMER' { info NOTICE_WRONG_DECLARATION SIGN_NAME :: String SIGN_DATE :: Date } info NOTICE_CHANGES * ``SUBMITTED_BY`` * **Type:** Single choice * **Choices:** * ``AML_OFFICER`` * **Description**: AML officer submits the form In this case, a scanned document signed by the contracting party must be attached. * ``CUSTOMER`` * **Description:** The customer submits the form. In that case, the customer vouches for correctness by inputting their name and date of signing. * ``CONTRACTING_PARTY`` * **Type:** Multi-line text * **Label EN:** Contracting party (name and address) * **Label DE:** Vertragspartner (Name und Adresse) * ``BENEFICIAL_OWNER_LIST[].FULL_NAME`` * **Type:** Single line text * **Label DE:** Name, Vorname * ``BENEFICIAL_OWNER_LIST[].BIRTHDATE`` * **Type:** Date entry * **Label DE:** Geburtsdatum * ``BENEFICIAL_OWNER_LIST[].NATIONALITY`` * **Type:** Country code * **Label DE:** Nationalität * ``BENEFICIAL_OWNER_LIST[].DOMICILE`` * **Type:** Multi-line text * **Label DE:** Effektive Wohnsitzadresse * ``SIGN_NAME`` * **Type:** Single-line text * **Label EN:** Signed by: * **Label DE:** Unterzeichnet von: * ``SIGN_DATE`` * **Type**: Single-line text (pre-filled with current date) * ``ATTACHMENT_SIGNED_DOCUMENT`` * **Label DE:** Scan des vom Kunden unterschriebenen Formulars. **Strings:** * ``DECL_BENEFICIAL_OWNER`` * **DE:** Der Vertragspartner erklärt hiermit, dass die nachfolgend aufgeführte(n) Person(en) an den in die Geschäftsbeziehung eingebrachten Vermögenswerten wirtschaftlich berechtigt ist/sind. Ist der Vertragspartner selber allein an diesen Vermögenswerten wirtschaftlich berechtigt, so sind nachstehend seine Personalien festzuhalten: * ``NOTICE_WRONG_DECLARATION``: * **DE**: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Handlung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs). * ``NOTICE_CHANGES`` * **DE:** Der Vertragspartner verpflichtet sich, Änderungen jeweils unaufgefordert mitzuteilen. **Others:** When filled out by the customer, the form **must** contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law. vqf_902_11 ^^^^^^^^^^ **Filled out by:** Customer or AML officer on behalf of customer. **Purpose:** Determine the controlling person of an operational legal entity or partnership. **Form Demo:** `Link `_ **Differences from VQF form 902.11:** * The VQF form can only be filled out by the customer. We also allow the AML officer to fill out this form, but then require an attached version signed by the customer. **Attributes:** .. code:: none title TITLE_VQF_902_11 info INFO_VQF_902_11 SUBMITTED_BY :: 'AML_OFFICER' | 'CUSTOMER' CONTRACTING_PARTY :: Text CONTROL_REASON :: 'HAS_25_MORE_RIGHTS' | 'OTHER_WAY' | 'DIRECTOR' CONTROLLING_LIST[].FULL_NAME :: Text CONTROLLING_LIST[].DOMICILE :: Text THIRD_PARTY_OWNERSHIP :: Boolean when SUBMITTED_BY = 'AML_OFFICER' { ATTACHMENT_SIGNED_DOCUMENT :: File } when SUBMITTED_BY = 'CUSTOMER' { info NOTICE_WRONG_DECLARATION SIGN_NAME :: String SIGN_DATE :: Date } * ``SUBMITTED_BY`` * **Type:** Single choice * **Choices:** * ``AML_OFFICER`` * **Description**: AML officer submits the form In this case, a scanned document signed by the contracting party must be attached. * ``CUSTOMER`` * **Description:** The customer submits the form. In that case, the customer vouches for correctness by inputting their name and date of signing. * ``CONTRACTING_PARTY`` * **Type:** Multi-line text * **Label EN:** Contracting party (name and address) * **Label DE:** Vertragspartner (Name und Adresse) * ``CONTROLLING_LIST[].LEVEL`` * **Type:** Single choice * **Label DE:** Der Vertragspartner erklärt hiermit, (das Zutreffende ankreuzen) ... * **Choices:** * ``HAS_25_MORE_RIGHTS`` * **Label DE:** ... dass die nachfolgend aufgeführte(n) Person(en) am Vertragspartner Anteile (Kapitals- oder Stimmrechtsanteile) von 25 % oder mehr halten * ``OTHER_WAY`` * **Label DE:** ... falls die Kapitals- oder Stimmrechtsanteile nicht festgestellt werden können oder falls keine Kapitals- oder Stimmrechtsanteile von 25% oder mehr bestehen, erklärt der Vertragspartner hiermit, dass die nachträglich aufgeführte Person(en) auf andere Weise die Kontrolle über den Vertragspartner ausübt/ausüben; * ``DIRECTOR`` * **Label DE:** ... falls auch diese Person(en) nicht festgestellt werden kann/können, oder diese Person(en) nicht besteht/bestehen, erklärt der Vertragspartner, dass die nachfolgend aufgeführte(n) Person(en) die Geschäftsführung ausüben. * ``CONTROLLING_LIST[].FULL_NAME`` * **Type:** Single line text * **Label DE:** Name, Vorname * ``CONTROLLING_LIST[].BIRTHDATE`` * **Type:** Date entry * **Label DE:** Geburtsdatum * ``CONTROLLING_LIST[].DOMICILE`` * **Type:** Multi-line text * **Label DE:** Effektive Wohnsitzadresse * ``THIRD_PARTY_OWNERSHIP`` * **Type:** Choice yes/no * **Label DE:** Ist eine Drittperson an den auf dem Konto/Depot liegenden Vermögenswerten wirtschaftlich berechtigt? * **Choices:** * false * **Label DE**: Nein * true * **Label DE**: Ja. => Die entsprechenden Angaben zur wirtschaftlichen Berechtigung sind durch das Ausfüllen eines separaten Formulars VQF Dok Nr. 902.9 zu erheben. * ``SIGN_NAME`` * **Type:** Single-line text * **Label EN:** Signed by: * **Label DE:** Unterzeichnet von: * ``SIGN_DATE`` * **Type**: Single-line text (pre-filled with current date) * ``ATTACHMENT_SIGNED_DOCUMENT`` * **Label DE:** Scan des vom Kunden unterschriebenen Formulars. **Strings** * ``NOTICE_WRONG_DECLARATION``: * **DE**: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Hand lung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs). * ``TITLE_VQF_902_11`` * **DE:** Feststellung des Kontrollinhabers an nicht operativ tätigen juristischen Personen und Personengesellschaften (K) * ``INFO_VQF_902_11`` * **DE:** (bei operativ tätigen juristischen Personen und Personengesellschaf ten als Vertragspartner sowie sinngemäss bei operativ tätigen juristischen Personen und Personengesellschaf ten als wirtschaf tlich Berechtigte) **Measure after submission from the customer**: If ``CONTROLLING_ENTITY_THIRD_PERSON`` is true, ``vqf_902_9`` needs to be filled out. **Others:** When filled out by the customer, the form **must** contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law. vqf_902_12 ^^^^^^^^^^ **Purpose:** Declaration for foundations. **This form will not be supported for the TOPS MVP. Foundations will either not be accepted as customers or the AML officer will need to submit a PDF form.** vqf_902_13 ^^^^^^^^^^ **Purpose:** Declaration for trusts. **This form will not be supported for the TOPS MVP. Trusts will either not be accepted as customers or the AML officer will need to submit a PDF form.** vqf_902_14 ^^^^^^^^^^ **Filled out by:** AML officer only. **Purpose**: Special clarifications regarding the customer. This form is filled out by at the initiative of the AML officer or in response to an alert. **Form Demo:** `Link `_ **Attributes:** .. code:: none INCRISK_REASON :: Text INCRISK_MEANS :: 'GATHERING' | 'CONSULTATION' | 'ENQUIRIES' | 'OTHER' when INCRISK_MEANS_OTHER = 'OTHER' { INCRISK_MEANS_OTHER :: Text } INCRISK_SUMMARY :: Text INCRISK_DOCUMENTS :: Text INCRISK_RESULT :: ( 'NO_SUSPICION' | 'SUBSTANTIATED_SUSPICION' | 'SIMPLE_SUSPICION' | 'OTHER') if INCRISK_REASON = 'OTHER' { INCRISK_RESULT_OTHER :: Text } * ``INCRISK_REASON`` * **Type:** Free-form, multi-line text. * **Label DE:** [Grund für die besonderen Abklärungen] Beschreibung der Umstände/Transaktionen, die zu den besonderen Abklärungen geführt haben * ``INCRISK_MEANS`` * **Type**: Single choice * **Choices**: * ``GATHERING`` * **Label DE:** Einholen Auskunft von Vertragspartei, an Vermögenswerten wirtschaftlich berechtigten Person, Kontrollinhaber * ``CONSULTATION`` * **Label DE:** Konsultation öffentlicher Quellen und Datenbanken * ``ENQUIRIES`` * **Label DE**: Erkundigung bei vertrauenswürden Dritten (z.B. Depotbank) * ``OTHER`` * **Label DE**: Andere, welche? * **Label DE:** Verwendete Mittel zur Abklärung * ``INCRISK_MEANS_OTHER`` * **Type:** Free-form, multi-line text * **When:** ``INCRISK_MEANS = 'OTHER'`` * **Label DE:** Erklärung zu anderem Mittel * ``INCRISK_SUMMARY`` * **Type:** Fee-form, multi-line text. * **Label DE:** Zusammenfassung und Plausibilisierung der eingeholten Informationen (=> Die Ergebnisse der Abklärungen sind zu dokumentieren und auf ihre Plausibilisierung zu überprüfen.) * ``INCRISK_DOCUMENTS`` * **Type:** Fee-form, multi-line text. * **Label DE:** Eingeholte/eingesehene Unterlagen * ``INCRISK_RESULT`` * **Type:** Single Choice * **Choices:** * ``NO_SUSPICION`` * **Label DE**: Sachverhalt konnte plausibilisiert werden, kein begründeter Verdacht nach Art. 9 GwG (evtl. Anpassung Kun- denprofil (VQF Dok. Nr. 902.5) und/oder Risikoprofil (VQF Dok. Nr. 902.4)) * ``REASONABLE_SUSPICION`` * **Label DE**: Begründeter Verdacht nach Art. 9 GwG, Meldepflicht an MROS * ``SIMPLE_SUSPICION`` * **Label DE:** Einfacher Verdacht nach Art. 305ter Abs. 2 StGB, Melderecht an MROS * ``OTHER`` * **Label DE:** Anderes, was? * ``INCRISK_RESULT_OTHER`` * **Type:** Free-form, multi-line text * **When:** ``INCRISK_RESULT = 'OTHER'`` * **Label DE:** Erklärung zu anderem Verdacht vqf_902_15 ^^^^^^^^^^ **Purpose:** Declaration for life insurance companies. **This form will not be supported for the TOPS MVP. Life insurance companies will either not be accepted as customers or the AML officer will need to submit a PDF form** Derived Properties and Events (AML Officer) ------------------------------------------- When the AML officer submits a form, the AML SPA will derive some pre-defined properties and events from the filled-in form attributes. The AML Officer can change (override) these derived properties and events. * Assumptions: * Properties are always calculated only based on new attributes and the previous properties. They are never calculated from older attribute collections or the current rules. * The AML officer can always override derived properties or events. * In the future, we might derive *rules* from properties, but we don't do that right now. The derivation is defined in pseudo-code. The following special variables/functions are available: * ``oldProps``: Previous properties of the account (before the decision) * ``newProps``: New properties of the account (i.e. the derived properties) * ``form``: Form attributes of the AML form submitted by the AML officer * ``emit(evt)``: Function that marks an event as emitted * ``propBecameTrue(prop)``: Helper predicate that returns true iff a property was false or undefine before (in ``oldProps``) and is now true (in ``newProps``). * ``propBecameFalse(prop)``: Helper predicate that returns true iff a property was true before (in ``oldProps``) and is now false or undefined (in ``newProps``). vqf_902_1_officer ^^^^^^^^^^^^^^^^^ Properties: .. code:: javascript newProps.AML_ACCOUNT_OPEN = true; Events: .. code:: javascript if (propBecameTrue(AML_ACCOUNT_OPEN)) { emit(INCR_ACCOUNT_OPEN); const isPep = ( newProps.AML_FOREIGN_PEP || newProps.AML_DOMESTIC_PEP || newProps.AML_INTERNATIONAL_ORG_PEP ); if (isPep) { emit(INCR_PEP); } if (newProps.AML_FOREIGN_PEP) { emit(INCR_FOREIGN_PEP); } if (newProps.AML_DOMESTIC_PEP) { emit(INCR_DOMESTIC_PEP); } if (newProps.AML_INTERNATIONAL_ORG_PEP) { emit(INCR_INTERNATIONAL_ORG_PEP); } if (newProps.AML_HIGH_RISK_CUSTOMER) { emit(INCR_HIGH_RISK_CUSTOMER); } if (newProps.AML_HIGH_RISK_COUNTRY) { emit(INCR_HIGH_RISK_COUNTRY); } } vqf_902_4 ^^^^^^^^^ Properties: .. code:: javascript newProps.AML_FOREIGN_PEP = form.PEP_FOREIGN; newProps.AML_DOMESTIC_PEP = form.PEP_DOMESTIC; newProps.AML_INTERNATIONAL_ORG_PEP = form.PEP_INTERNATIONAL_ORGANIZATION; newProps.AML_HIGH_RISK_CUSTOMER = form.RISK_CLASSIFICATION_LEVEL == "HIGH_RISK"; newProps.AML_HIGH_RISK_COUNTRY = form.COUNTRY_RISK_NATIONALITY_LEVEL == "HIGH"; Events: .. code:: javascript if (oldProps.AML_ACCOUNT_OPEN) { if (propBecameTrue(AML_FOREIGN_PEP) { emit(INCR_FOREIGN_PEP); } if (propBecameTrue(AML_DOMESTIC_PEP) { emit(INCR_INTERNATIONAL_ORG_PEP); } if (propBecameTrue(AML_DOMESTIC_PEP) { emit(INCR_DOMESTIC_PEP); } if (propBecameFalse(AML_FOREIGN_PEP) { emit(DECR_FOREIGN_PEP); } if (propBecameFalse(AML_DOMESTIC_PEP) { emit(DECR_INTERNATIONAL_ORG_PEP); } if (propBecameFalse(AML_DOMESTIC_PEP) { emit(DECR_DOMESTIC_PEP); } const wasPep = ( oldProps.AML_DOMESTIC_PEP || oldProps.AML_FOREIGN_PEP || oldProps.AML_INTERNATIONAL_ORG_PEP); const isPep = ( newProps.AML_DOMESTIC_PEP || newProps.AML_FOREIGN_PEP || newProps.AML_INTERNATIONAL_ORG_PEP); if (wasPep && !isPep) { emit(DECR_PEP); } if (!wasPep & isPep) { emit(INCR_PEP); } if (propBecameTrue(AML_HIGH_RISK)) { emit(INCR_HIGH_RISK); } if (propBecameFalse(AML_HIGH_RISK)) { emit(DECR_HIGH_RISK); } } vqf_902_14 ^^^^^^^^^^ Properties: .. code:: javascript if (INCRISK_RESULT == "SIMPLE_SUSPICION") { newProps.AML_INVESTIGATION_STATE = "REPORTED_SUSPICION_SIMPLE"; } else if (INCRISK_RESULT == "SUBSTANTIATED_SUSPICION") { newProps.AML_INVESTIGATION_STATE = "REPORTED_SUSPICION_SUBSTANTIATED"; } else if (INCRISK_RESULT == "NO_SUSPICION") { newProps.AML_INVESTIGATION_STATE = "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION"; } else if (INCRISK_RESULT == "OTHER") { // FIXME-#9677: would be nice if we instead could set the property to "undefined"/null // and *force* the AML officer to manually set it. // Alternatively, we should probably default to "INVESTIGATION_PENDING". -CG newProps.AML_INVESTIGATION_STATE = "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION"; } else { not_reached(); } Events: .. code:: javascript if (oldProps.AML_INVESTIGATION_STATE == "NONE" || oldProps.AML_INVESTIGATION_STATE == "INVESTIGATION_PENDING" || oldProps.AML_INVESTIGATION_STATE == null) { if (newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SIMPLE" || newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SUBSTANTIATED" || newProps.AML_INVESTIGATION_STATE == "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION") { emit(INCR_INVESTIGATION_CONCLUDED); } if (newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SUBSTANTIATED") { // FIXME-#9676: if possible, we should force the AML officer to tick // an extra check-box "I submitted this case to MROS". No need to // actually do anything here server-side, it's more an explicit // acknowledgement/reminder to make really sure this event is only // emitted if the report was files. emit(MROS_REPORTED_SUSPICION_SUBSTANTIATED); } if (newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SIMPLE") { // FIXME-#9676: if possible, we should force the AML officer to tick // an extra check-box "I submitted this case to MROS". No need to // actually do anything here server-side, it's more an explicit // acknowledgement/reminder to make really sure this event is only // emitted if the report was files. emit(MROS_REPORTED_SUSPICION_SIMPLE); } } Derived Properties and Events (Customer/KYC forms) -------------------------------------------------- When the customer submits an AML form, the AML program that checks the form can also derive properties and events. Examples for this are: * When the customer selects a correspondence language, a property could be set to store the correspondence language. * When the customer fills out a form that requires the AML officer to check the form, a property could be used to indicate which manual verification from the AML officer is still pending. **TBD: Spec this fully** Reporting --------- GwG File List ^^^^^^^^^^^^^ VQF requires a list of all open and closed GwG files. To satisfy this requirement, we need a *table* of all AML accounts with the following colums (see VQF 902.8): * File number (for us, probably the payto hash sufficies, otherwise we need to take some row ID) * Contracting party (internal alias is also okay, but we don't have an internal alias anyway) * Notes * PEP status (yes/no) * Creation date * Closing date Event Reporting (VQF) ^^^^^^^^^^^^^^^^^^^^^ The VQF self-declaration contains the following questions that we need to answer with statistics derived via events: .. code:: none Original German Text: 3. Anzahl der betreuten GwG-Files 3.1. GwG-Files für dauernde Geschäftsbeziehungen (gemäss Art. 7 lit. b SRO-Reglement) 3.1.1. Anzahl der am 01.01.20XX betreuten GwG-Files 3.1.2. Zwischen 01.01.20XX und 31.12.20XX hinzugekommene GwG-Files 3.1.3. Anzahl der während des Jahres 20XX betreuten GwG-Files (Relevante Zahl für die jährliche GwG-File Gebühr / Jahresrechnung) 3.1.4. Zwischen 01.01.20XX und 31.12.20XX beendigte GwG-Files 3.1.5. Anzahl der am 31.12.20XX betreuten GwG-Files (gerechnet ab dem 01.01.20XX) 4. Angaben zu Kundenstruktur, Produkten, Betriebsstruktur 4.1. Führten Sie im Jahre 2024 Geschäftsbeziehungen mit erhöhtem Risiko (Art. 58 SRO-Reglement)? 4.2. Falls bei Ziff. 4.1 mit "Ja" geantwortet, bei wie vielen davon handelt es sich um politisch exponierte Personen (PEP)? (nummerische Anzahl) 4.3. Wie viele von den genannten PEP sind ausländische PEP? (nummerische Anzahl) 4.4. Falls bei Ziff. 4.1 mit "Ja" geantwortet, wie viele weitere (zusätzlich zu den in Ziff. 4.2 / PEP genannten) Geschäftsbeziehungen mit erhöhten Risiken führten Sie? (nummerische Anzahl) 4.5. Total der Geschäftsbeziehungen mit erhöhtem Risiko 4.6. Führten Sie im Jahre 2024 Geschäftsbeziehungen mit Vertragspartnern oder wirtschaftlich berechtigten Personen mit Nationalität oder Domizil/Sitz in einem Land mit Risikostufe "High" gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)? 5. Meldungen an die Meldestelle (MROS) 5.1. Meldepflicht (Art. 9 Abs. 1 GwG) (nummerische Anzahl) 5.2. Melderecht (Art. 305ter Abs. 2 StGB) (nummerische Anzahl) 5.3. Total der an die Meldestelle (MROS) und den VQF erfolgten MROS-Meldungen English Translation TBD. Based on this, we have the following statistics: * Number of open accounts on January 1st (self-declaration 3.1.1) * Implemementation: ``evtcount(INCR_ACCOUNT_OPEN, start=0, end=jan_first_20xx) - evtcount(DECR_ACCOUNT_OPEN, start=0, end=jan_first_20xx)`` * Number of newly opened accounts between 01.01.20XX and 31.12.20XX (self-declaration 3.1.2.) * Implemementation: ``evtcount(INCR_ACCOUNT_OPEN, start=jan_first_20xx, end=dec_last_20xx)`` * Number of AML files managed during the year 20XX (self-declaration 3.1.3.) * All accounts ever opened except the ones that were closed *before* 20xx * Implemementation: ``evtcount(INCR_ACCOUNT_OPEN, start=0, end=dec_last_20xx) - evtcount(DECR_ACCOUNT_OPEN, start=0, end=jan_first_20xx)`` * Number of AML files closed between 01.01.20XX and 31.12.20XX (self-declaration 3.1.4) * Implemementation: ``evtcount(DECR_ACCOUNT_OPEN, start=jan_first_20xx, end=dec_last_20xx)`` * Were there business relationships in the year 20XX with high risk? (self-declaration 4.1) * Implementation: ``evtcount(INCR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) - evtcount(DECR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) > 0`` * Of those, how many were with PEPs? (self-declaration 4.2.) * Implementation: ``evtcount(INCR_PEP, start=0, end=dec_last_20xx) - evtcount(DECR_PEP, start=0, end=dec_last_20xx)`` * Of those PEPs, how many were with *foreign* PEPs? (self-declaration 4.3.) * Implementation: ``evtcount(INCR_FOREIGN_PEP, start=0, end=dec_last_20xx) - evtcount(DECR_FOREIGN_PEP, start=0, end=dec_last_20xx)`` * Number of other additional (other than PEPs and foreign PEPs) high-risk business relationships in 20XX (self-declaration 4.4.) * Implementation: Difference between 4.5. and 4.2 * Number of high-risk business relationship n total in 20xx (self-declaration 4.5.) * Implementation: ``evtcount(INCR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) - evtcount(DECR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx)`` * Number of reports (substantiated suspicion) to MROS during 20xx (self-declaration 5.1) * Implementation: ``evtcount(REPORTED_SUSPICION_SUBSTANTIATED, range=year_20xx)`` * Number of reports (simple suspicion) to MROS during 20xx (self-declaration 5.2) * Implementation: ``evtcount(REPORTED_SUSPICION_SIMPLE, range=year_20xx)`` * Total number of reports to MROS during 20xx (self-declaration 5.3) * Implementation: ``evtcount(REPORTED_SUSPICION_SIMPLE, range=year_20xx) + evtcount(REPORTED_SUSPICION_SUBSTANTIATED, range=year_20xx)`` Event Reporting (TOPS) ^^^^^^^^^^^^^^^^^^^^^^ The following event-based statistics are custom-defined by us and shown in the AML officer dashboard. * Number of accounts that are opened: * Implementation: ``evtcount(INCR_ACCOUNT_OPEN) - evtcount(DECR_ACCOUNT_OPEN)`` * Number of new GwG files in the last year. * Implementation: ``evtcount(INCR_ACCOUNT_OPEN, range=last_year)`` * Number of GwG files closed in the last year * Implementation: ``evtcount(DECR_ACCOUNT_OPEN), range=last_year)`` * Note: we only close GwG files after 1 year of inactivity, so implementation not exactly pressing ... * Number of GwG files of high-risk customers * Implementation: ``evtcount(INCR_HIGH_RISK) - evtcount(INCR_HIGH_RISK)`` * Number of GwG files managed with "increased risk" due to PEP status * Implementation: ``evtcount(INCR_PEP) - evtcount(DECR_PEP)`` * Number of MROS reports based on Art 9 Abs. 1 GwG (per year) * Implementation: ``evtcount(MROS_REPORTED_SUSPICION_SUBSTANTIATED, range=last_year)`` * Number of MROS reports based on Art 305ter Abs. 2 StGB (per year) * Implementation: ``evtcount(MROS_REPORTED_SUSPICION_SIMPLE, range=last_year)`` * Number of customers involved in proceedings for which Art 6 GwG did apply * Implementation: ``evtcount(INCR_INVESTIGATION, range=last_year)`` Suspicious Transaction Reporting ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Also called TmeR ("Transaktionen mit erhoehtem Risiko"). We define fixed criteria that apply to all customers. Examples: * sudden increase in volume (monthly volume exceeding previous year's, plus above 100,000 CHF) https://bugs.taler.net/9639 Sanction Lists -------------- When a new customer is onboarded, they are checked against a sanction list. Three properties are set: * ``SANCTION_LIST_BEST_MATCH`` identifies the position of the entry in the sanctions list that matches the new customer the best * ``SANCTION_LIST_RATING`` is set to a numeric score ``[0,1]`` that identifies how well the available data matches (with 1.0 being a perfect match) * ``SANCTION_LIST_CONFIDENCE`` is set to a numeric score ``[0,1]`` that indicates how confident we are that the rating is accurate, with 0 indicating no data available, and 1 indicating that all possible fields could be evaluated * ``AML_INVESTIGATION_STATE`` is set to ``INVESTIGATION_PENDING`` if the rating and confidence are sufficiently high * ``AML_INVESTIGATION_TRIGGER`` is set to ``SANCTION_LIST_MATCH`` Finally, sanction list hits trigger one of two possible events: * ``sanction-list-hit-account-frozen`` is set if the hit was so clear that the system immediately froze the account * ``sanction-list-hit-partial-account-investigated`` is set if the hit requires the account to be investigated Implementation Gaps ------------------- Auditing: * For the yearly audit, it would be convenient (and probably also *necessary*) to show all information we have on an exchange AML account (=GwG file in VQF terminology) on a single, printable page. Moving logic into the AML programs: * For ``vqf_902_1_officer``, it would be great if an AML program could check that required forms have actually been submitted. * For MROS reporting, submission of the ``vqf_902_14`` should run an AML program that sets the events/properties based on the form. Open Questions -------------- * Do we use ``Boolean`` attributes or always ``'YES' | 'NO'`` to be extensible in the future? * General forms question: Are attributes *first* stored and *then* validated or the other way around? If first stored: What if the AML program fails to run? * We need a generic way to show INFO to a customer (e.g. asking for more documents) FAQ --- * Q: What's the difference between the controlling entity and beneficiary owner? * A: Controlling entity: Natural person(s) with at least 25% ownership or voting rights (direct or indirect, alone or colletively). Beneficial owner: Natural person(s) who enjoy the benefits of ownership even though the title to some form of property is in another name. * Q: How is the "file note" (German: "Aktennotiz") handled? * A: Two ways: Each AML customer account can have a note as a property. For more complex notes (attachments, more sensitive information), a ``generic_note`` form should be submitted by the AML officer. * Q: What's the difference between simple/substantiated suspicion? A: Simple suspicion is a suspicion according to Art 305ter Abs. 2 StGB. It is a suspicion that *may* be reported ("Melderecht"). A substantiated suspicion is according to Art. 9 GwG and *must* be reported ("Meldepflicht") References ---------- * Taler-Exchange AML flows (`git `_, `PDF `_) * VQF forms (`VQF Website `_) * GANA form attributes (`git `_) * taler-typescript-core forms implementation (`git `_)