Taler Operations Deployment

Definitions / Glossary

• GwG: German “Geldwäschegesetz”, Swiss law regarding anti-money laundering

• VQF: Verein für Qualitätssicherung im Finanzwesen, self-regulatory organization that Taler Operations AG is a member of and thus needs to stick to their rules

• TmeR: German “Transaktion mit erhöhtem Risiko”, i.e. high-risk transactions

• GmeR: “Geschäftsbeziehung mit erhöhtem Risiko”, i.e. high-risk business relationships

• PEP: Politically exposed person

• MROS: Money Laundering Reporting Office Switzerland

• StGB: (Switzerland-specific:) Strafgesetzbuch, Swiss criminal law

Regulatory Requirements Introduction

Regulatory requirements are set by VQF and detailed in their SRO-Regulation document. Our AML processes are based on their forms (“VQF Document Nr. 902.$x”).

Overview of High-Level Processes

Establishing a Business Relationship

1. A business relationship must be established if the thresholds of 15,000 CHF per year or 2,500 CHF per month are exceeded. The GNU Taler transaction system automatically records the transaction volumes and notifies the customer when a business relationship needs to be established. At this point, transactions are then frozen until the business relationship is established.

2. To do this, the customer must complete the corresponding VQF forms online and upload documents. The customer’s address is then verified by sending a PIN letter. The customer must also submit a certified copy of their ID by postal mail. This is then digitally and physically filed. Alternatively, an identity check can in principle also be carried out manually by TOPS employees on site (in person) at the customer’s premises. In this case, the ID copies must be signed by the TOPS employee.

3. New business relationships are checked against the current sanctions list. An automatic preliminary check takes place first, and suspected cases are then processed manually.

4. When all the required data has been provided, it is in any case checked manually by the AML officer. Finally, the AML officer must categorize the customer to to derive a risk profile. Based on the risk profile, risk-based rules are set for monitoring the business relationship. If the AML officer has concerns about the business, they escalate the case to the management as to whether the business relationship can be opened. The management can then make a final decision on acceptance or rejection.

Monitoring a Business Relationship

1. For each business relationship, risk-based and customer-specific transaction limits are defined. If these are exceeded, an “alert” is automatically generated. These transactions must then be validated by the responsible customer consultant. All validated alerts are checked by the AML officer and either approved or returned to the customer consultant for further validation, or escalated to management for final decision-making or appropriate action.

2. Business relationships are periodically reviewed and updated. The following rhythm applies:

   • every 5-7 years for low-risk business relationships

   • every 2 years for high-risk business relationships

   • annually for PEP relationships

   The review includes the verification of identification documents and any supporting documents submitted when the business relationship was established. Likewise, the information in the customer profile and the transaction behavior during the duration of the business relationship are reviewed.

3. All business relationships are continuously and automatically checked against current sanctions lists, especially when a new sanctions list is available, without delay.

4. Regardless of the risk category and the corresponding review frequency, a business relationship must be reviewed if special circumstances arise, such as negative press reports, unusual transactions and activities, etc.

Terminating a Business Relationship

A business relationship is automatically considered terminated if no transactions have been processed with the GNU Taler system for over 12 months.

Credit / Debit Restrictions

Only Swiss IBANs (CH...) are allowed for both credit and debit transactions.

Initial Threshold Rules

• Withdrawal

  • withdrawal-low: 200 CHF per month => measure sms-registration (or postal-registration)

  • 2500 CHF per month => measure verboten

  • 15000 CHF per year => measure verboten

• Deposit:

  • deposit-zero: 0 CHF => measure accept-tos

  • Note: While there are no further DEPOSIT rules, the aggregate rules still apply after deposits have been made.

• Aggregate:

  • 2500 CHF per month => measure kyx

  • 15000 CHF per year => measure kyx

• Merge (p2p receive)

  • merge-zero: 0 CHF => measure sms-registration (or postal-registration)

  • 2500 CHF per month => measure verboten

  • 15000 CHF per year => measure verboten

Measures

Measures that ask for information:

• sms-registration: Validate (Swiss) mobile phone number of customer via SMS TAN.

  • On success:

    • Remove rule withdrawal-low

    • Remove rule merge-zero

• postal-registration: Validate (Swiss) postal address of customer via snail mail with TAN.

  • On success:

    • Remove rule withdrawal-low

    • Remove rule merge-zero

    • If arriving at the form via kyx measure, continue with manual check by AML officer.

• accept-tos: Ask customer to accept terms of service.

  • On success:

    • Remove rule deposit-zero

• kyx: Allow customer to initiate KYC/KYC process via form vqf_902_1_customer.

  • On success:

    • Follow-up with other VQF-forms, or

    • postal-registration to validate submitted address, or

    • if everything is done AML officer must proceed manually with plausibilization.

• form-902.9: Allow customer fill out form to determine beneficiary owner.

  • On success:

    • Possibly more forms triggered via kyx, or

    • postal-registration to validate submitted address, or

    • if everything is done AML officer must proceed manually with plausibilization.

• form-902.11: Allow customer fill out form to determine controlling person.

  • On success:

    • Possibly more forms triggered via kyx, or

    • postal-registration to validate submitted address, or

    • if everything is done AML officer must proceed manually with plausibilization.

Threshold Presets

Threshold presets are presets that the AML officer can select after the verifying the customer’s documents and conducting a risk assessment.

Exact thresholds will depend on the busines type and risk and may be assigned fully individually. However, we have a few typical profiles:

• E-commerce:

  • Merge: 0 CHF / month

  • Withdrawal: 0 CHF / month

  • Deposit: 25000 CHF / month (high-value transactions with Taler are suspicious)

  • Aggregate: 25000 CHF / month

• Point-of-sale:

  • Merge: 25000 CHF / month (peer-to-peer transfers may happen there)

  • Withdrawal: 0 CHF / month

  • Deposit: 25000 CHF / month (high-value transactions with Taler are suspicious)

  • Aggregate: 25000 CHF / month

Properties

Properties are registered at the GNU Taler Account Properties GNU Taler Account Properties.

• FILE_NOTE :: Text:

  • Current note on the GWG file.

• CUSTOMER_LABEL :: Text

  • Customer name or internal alias.

• ACCOUNT_OPEN :: Boolean

  • Was this customer activated for deposit operations?

  • Only set after merchant passes KYC

  • We store this to know when to emit the (INCR|DECR)_ACCOUNT_OPEN and related events

• PEP_DOMESTIC :: Boolean

  • Is the customer a domestic PEP?

• PEP_FOREIGN :: Boolean

  • Is the customer a foreign PEP?

• PEP_INTERNATIONAL_ORGANIZATION :: Boolean

  • Is the customer a international org PEP?

• HIGH_RISK_CUSTOMER :: Boolean

  • Is the customer classified as high-risk?

• HIGH_RISK_COUNTRY :: Boolean

  • Is the customer associated with high-risk (VQF Dok. Nr. 902.4.1) country?

• ACCOUNT_IDLE :: Boolean

  • The account has been marked as idle (typically by a batch process that checks for idle accounts).

• INVESTIGATION_STATE

  • The MROS reporting state for the account.

  • Values:

    • NONE / undefined: No MROS reporting for that account

    • INVESTIGATION_PENDING: Pending investigation. The AML officer should submit vqf_902_14 to conclude investigation. Usually the property would be set by the sanction list tool or some AML program that detects an account crossing a threshold or an SQL trigger doing transaction monitoring (see tops-0001.sql for an example). The vqf_902_14 form could also be used to start an investigation (by setting INCRISK_RESULT to OTHER).

    • INVESTIGATION_COMPLETED_WITHOUT_SUSPICION: Completed according to Art. 6 GwG

    • REPORTED_SUSPICION_SIMPLE: Reported under Art. 305 StGB (German “einfacher Verdacht”, simple suspicion)

    • REPORTED_SUSPICION_SUBSTANTIATED: Reported under Art. 9 GwG (German “begründeter Verdacht”, substantiated suspicion)

• INVESTIGATION_TRIGGER :: Text

  • Informal reason why the AML investigation was triggered; examples include suspicious transaction or (automated) sanction list match

• SANCTION_LIST_BEST_MATCH :: Text

  • Identifies the sanction list entry that the account matched against (best match, does not mean it was a good match)

• SANCTION_LIST_RATING :: Integer

  • [0,10**9] score for how good the sanction list match was (0: none, 10**9: perfect match)

• SANCTION_LIST_CONFIDENCE :: Integer

  • [0,10**9] score for how much supporting data we had for the sanction list match (0: none, 10**9: all fields available)

• SANCTION_LIST_SUPPRESS :: Boolean

  • Suppress flagging this account when it creates a hit on a sanctions list, this is a false-positive.

Events

Account opening/closing:

• INCR_ACCOUNT_OPEN / DECR_ACCOUNT_OPEN

PEP/Risk classification:

• INCR_HIGH_RISK_CUSTOMER / DECR_HIGH_RISK_CUSTOMER

• INCR_HIGH_RISK_COUNTRY / INCR_HIGH_RISK_COUNTRY

• INCR_PEP / DECR_PEP

• INCR_PEP_FOREIGN / DECR_PEP_FOREIGN

• INCR_PEP_DOMESTIC / DECR_PEP_DOMESTIC

• INCR_PEP_INTERNATIONAL_ORGANIZATION / DECR_PEP_INTERNATIONAL_ORGANIZATION

MROS Reporting (see INVESTIGATION_STATE property):

• MROS_REPORTED_SUSPICION_SIMPLE

• MROS_REPORTED_SUSPICION_SUBSTANTIATED

• INCR_INVESTIGATION_CONCLUDED / DECR_INVESTIGATION_CONCLUDED

PIN Letter

After gathering initial information (vqf_902_1_officer), a letter with a PIN code is generated and sent to the customer. The customer needs to enter the PIN in the KYC SPA in order to validate their address. The letter also needs to ask the customer to send a certified copy of certain documents.

The KYC SPA should also specify which documents are still needed.

Implementation notes:

• The letter is sent and generated via challenger

• We keep track of required documents via an INFO measure, where the context is updated based on documents still required.

Procedural View

This section provides a procedural view of the AML processes defined by the rules earlier in the document. It is meant to give some further context to the rules and show how the rules are used in the context of Taler business processes.

It only takes into account the standard rules. Decisions from the AML officer can lead to a deviation from the standard process/rules.

Wallet User: Onboarding and Withdrawal

1. User installs the Taler wallet software on their device of choice.

2. User adds the TOPS Taler Exchange to their Taler wallet

3. User starts a new withdrawal via the wallet. This creates a new (pending) transaction in the wallet. Optionally: If the wallet can deduct that the user has to complete a KYC process for the withdrawal, it notifies the user.

4. User follows instructions to send money to the TOPS exchange

5. The wallet waits until the exchange knows about the user’s wire transfer.

6. The user’s wallet checks with the exchange whether the withdrawal would cross the balance threshold. The key/identifier for is the wallet ID for the exchange (which is typically the reserve public key for P2P transactions).

   The TOPS exchange currently has no balance limits set, thus balance limits would never be crossed.

   • If the balance limit is not crossed (or the user increased the limit via KYC), continue at (7).

   • If no KYC process is started or the KYC process fails or times out, funds are automatically wired back to the customer after a reserve close timeout. Done.

7. The wallet attempts to withdraw electronic cash tokens. The exchange checks the withdrawal limit based on the IBAN that the customer used to transfer CHF to the exchange:

   • If the customer has already successfully completed the sms-registration or postal-registration, the withdrawal limit is 2500 CHF/month and 15000 CHF/year.

   • Otherwise, the limit is 200 CHF per month. If this limit would be crossed by the withdrawal, the wallet redirects the user to the exchange’s KYC page, where the user can complete the sms-registration or postal-registration.

   • If no limit would be crossed, continue at (8)

   • If a limit would be crossed and the customer is not able to lift it via the KYC process, funds are wired back automatically after a reserve close timeout. Done.

8. The wallet receives the (blindly signed) tokens from the exchange, the withdrawal is done. Done.

Wallet User: Deposit of E-Money

This process applies when the user wants to send CHF in their Taler wallet back to their CHF bank account. Technically, it is the same process as the merchant accepting a Taler payment. However, it might be treated differently from an AML perspective.

1. The user’s wallet asks the exchange to deposit a Taler payment to the user’s own bank account.

2. The exchange checks whether the users’s public key is associated with the users’s bank account specified in the deposit permission.

   Note that by default, the wallet uses a bank account that has previously used for withdrawal. The withdrawal already associates the reserve’s public key with the IBAN used for the withdrawal. Thus usually the right associated public key is already present.

   • If the association is missing, the exchange rejects the deposit. The customer must do a 1 rappen wire transfer to the exchange with a public key (as shown in the wallet) in the remittance information. Done.

   • Otherwise, continue at (3).

3. The exchange checks the DEPOSIT limit of the user. The user is identified via their IBAN.

   • Initally, the deposit limit is CHF 0. The user must accept the exchange’s terms of service on the exchange’s KYC page to lift this limit to CHF 2500/month and CHF 15000/year

   • If no deposit limit would be crossed, the exchange accepts the deposit from the user. Continue at (4).

   • Otherwise the exchange rejects the payment. The response is relayed to the wallet, which can (if necessary) refund coins previously deposited for the same payment and then refresh used coins. Done.

4. After the wire transfer deadline for the deposit has passed, the exchange checks whether the wire transfer would cross the AGGREGATE threshold for the merchant.

   • Initally, the aggregate limit is CHF 2500/month and CHF 15000/year. If that limit would be crossed, the customer must undergo a KYB process. This KYB process might result in limits being increased, depending on the details of the user.

   • If no aggregation limit would be crossed, the exchange initiates the wire transfer to the user.

   • Otherwise the exchange holds the funds until the user completes the necessary AML process.

Wallet User: Receiving P2P Payments

Applicable to both receiving P2P payments (push) and getting paid for P2P payment requests (pull).

1. The customer instructs their wallet to accept a P2P payment from another wallet.

2. The wallet tries to receive the P2P payment. The exchange checks the P2P receive (technically: MERGE) limit, based on the wallet ID.

   • If the customer has successfully completed postal-registration or sms-registration, the limits are 2500 CHF / month and 15000 CHF / year.

   • Otherwise, the limit is 0 CHF. The wallet redirects the user to the exchange’s KYC page, where the user can complete the sms-registration or postal-registration.

   • If P2P receive is below the limits (or the customer increases the limits via KYC), the P2P recive can proceed. Done.

   • Otherwise, the P2P payment expires and the sender’s wallet reclaims the money. Done.

FIXME: Do withdrawal limits also apply for withdrawal from the merge reserve?

Wallet User: Sending P2P Payments

Applicable to both sending P2P payments (push) and paying for P2P payment requests (pull).

There are no KYC/AML-relevant steps required for sending P2P payments.

Merchant: Onboarding

1. The merchant provisions a Taler merchant backend service.

2. A keypair is generated (or imported) for the merchant.

3. The merchant adds their (Swiss) bank account to the merchant backend

4. The merchant backend checks the KYC status of the account with the exchange.

5. The exchange checks if the merchant’s public key is already associated with the merchant’s bank account.

   • If not, the merchant needs to make a payment (1 rappen) to the exchange with the public key in the remittance information. Continue at (4).

   • Otherwise, continue at (6).

6. If the merchant’s bank account still has a deposit limit of zero, the merchant needs to accept the TOPS exchange terms of service on the exchange’s KYC page.

7. The deposit rule is lifted and the merchant can start accepting Taler payments from customers. However, initially no aggregated settlement payments (wire transfers) will be send from the exchange to the merchants, until the merchant has completed further KYC steps (vqf_902_1_customer etc.).

8. Optionally, the merchant can (via a link in the merchant backend to the KYC page) and immediately complete the further KYC process steps.

Merchant: Receiving Payments from Wallets

1. The merchant receives a Taler payment (technically: deposit permissions) from a wallet.

2. The merchant asks the exchange to deposit the Taler payment.

3. The exchange checks whether the merchant’s public key is associated with the merchant’s bank account specified (as a salted hash) in the deposit permission.

   • If the association is missing, the exchange rejects the deposit. Done.

   • Otherwise, continue at (4).

4. The exchange checks the DEPOSIT limit of the merchant. The merchant is identified via their IBAN.

   • Initally, the deposit limit is CHF 0. The merchant must accept the exchange’s terms of service on the exchange’s KYC page to lift this limit to CHF 2500/month and CHF 15000/year

   • If the merchant has accepted the terms of service, the deposit limit is CHF 2500/month and CHF 15000/year. If that limit is crossed, the merchant must undergo a KYB process. This KYB process might result in limits being increased, depending on the details of the business.

   • If no deposit limit would be crossed, the exchange accepts the deposit from the merchant. Done.

   • Otherwise the exchange rejects the payment. The response is relayed to the wallet, which can (if necessary) refund coins previously deposited for the same payment and then refresh used coins. Done.

Merchant: Receiving Wire Transfers for Taler Payments

1. The merchange receives payments from wallets.

2. The exchange waits and aggregates payments until the first wire transfer deadline set by the merchant has passed.

3. The exchange checks whether the aggregated wire transfer would cross the AGGREGATE threshold for the merchant.

   • Initally, the aggregate limit is CHF 2500/month and CHF 15000/year. If that limit would be crossed, the merchant must undergo a KYB process. This KYB process might result in limits being increased, depending on the details of the business.

   • If no aggregation limit would be crossed, the exchange initiates the wire transfer to the merchant.

   • Otherwise the exchange holds the funds until the merchant completes the necessary AML process.

KYC Providers

challenger-postal

Purpose: Validate customer address via postal mail.

Attributes

CONTACT_NAME :: Text
ADDRESS_LINES: Text
ADDRESS_COUNTRY :: "CH"

• CONTACT_NAME

  Description: Name of the person or company whose address was validated.

• ADDRESS_LINES

  Description: Contact address (without name and country). May span over multiple lines (separated by newline characters).

• ADDRESS_COUNTRY

  Description: Country of the validated address. Only “CH” is allowed.

AML/KYC Forms

The following subsections define the contents of the forms. The corresponding field names are registered via GANA. The the UI for the forms is defined in taler-typescript-core

When the customer or officer submit the information throught the client software it must include the fields FORM_ID and FORM_VERSION attributed as defined in GANA.

accept-tos

Filled out by: Customer

Purpose: Customer confirms that they accept the terms of service.

Form Demo: Link

Attributes:

ACCEPTED_TERMS_OF_SERVICE :: Text
DOWNLOADED_TERMS_OF_SERVICE :: Boolean

• ACCEPTED_TERMS_OF_SERVICE

  • Description: ToS version that the user accepted.

• DOWNLOADED_TERMS_OF_SERVICE

  • Description: Whether the user downloaded the terms of service.

generic_note

Filled out by: AML Officer, customer

Purpose: Free-form note. Should be used instead of the FILE_NOTE when there are attachements or the note contains very sensitive information.

Form Demo: Link

Attributes:

NOTE_TEXT :: Text
SUPPLEMENTAL_FILES_LIST[].DESCRIPTION :: Text
SUPPLEMENTAL_FILES_LIST[].FILE :: File

generic_upload

Filled out by: Customer

Purpose: Free-form upload. The type/name of the requested document is taken from the context.

Form Demo: Link

Context:

• REQUESTED_FILE_TITLE

• REQUESTED_FILE_DESCRIPTION

Attributes:

NOTE_TEXT :: Text
FILE :: File

vqf_902_1_customer

Filled out by: AML Officer, customer

Purpose: Initial collection of basic attributes about customer during onboarding.

Form Demo: Link

Remarks:

• We first ask for CUSTOMER_TYPE to know what type of basic information we need to ask. Only later in the form we ask for CUSTOMER_TYPE_VQF, which can be OTHER. We can’t combine those two fields, as for CUSTOMER_TYPE_VQF=OTHER we wouldn’t know what basic information to ask.

Attributes:

title TITLE_VQF_902_1_CUSTOMER
CUSTOMER_TYPE :: 'NATURAL_PERSON' | 'LEGAL_ENTITY'
when CUSTOMER_TYPE = 'NATURAL_PERSON' {
  FULL_NAME :: Text
  DOMICILE_ADDRESS :: Text
  CONTACT_PHONE :: Optional[Text]
  CONTACT_EMAIL :: Optional[Text]
  DATE_OF_BIRTH :: Date
  NATIONALITY :: Text
  PERSONAL_IDENTIFICATION_DOCUMENT_COPY :: File
  CUSTOMER_IS_SOLE_PROPRIETOR :: Boolean
  when CUSTOMER_IS_SOLE_PROPRIETOR {
    COMPANY_NAME :: Text
    REGISTERED_OFFICE_ADDRESS :: Text
    LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY :: File
  }
}
when CUSTOMER_INFO_TYPE = 'LEGAL_ENTITY' {
  COMPANY_NAME :: Text
  DOMICILE_ADDRESS :: Text
  CONTACT_PERSON_NAME :: Optional[Text]
  CONTACT_PHONE :: Optional[Text]
  CONTACT_EMAIL :: Optional[Text]
  LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY :: DataUri
  ESTABLISHER_LIST[].FULL_NAME :: Text
  ESTABLISHER_LIST[].DOMICILE_ADDRESS :: Text
  ESTABLISHER_LIST[].DATE_OF_BIRTH :: Text
  ESTABLISHER_LIST[].NATIONALITY :: Text
  ESTABLISHER_LIST[].PERSONAL_IDENTIFICATION_DOCUMENT_COPY :: File
  ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE :: 'SINGLE' | 'COLLECTIVE_TWO' | 'OTHER'
  ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_TYPE :: 'CR' | 'MANDATE' | 'OTHER'
  ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_DOCUMENT_COPY :: File
  when (ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE = 'OTHER') {
    ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_OTHER :: Text
  }
}
CORRESPONDENCE_LANGUAGE :: 'en' | 'de' | 'fr' | 'it'
CUSTOMER_TYPE_VQF :: (
  'NATURAL' | 'OPERATIONAL' | 'FOUNDATION' |
  'TRUST' | 'LIFE_INSURANCE' | 'OTHER')

• CUSTOMER_TYPE

  • Type: Single choice

  • Choices:

    • NATURAL_PERSON

      • Label DE: Die Vertragspartei ist eine natürliche Person

    • LEGAL_ENTITY

      • Label DE: Die Vertragspartei ist eine juristische Person

• CUSTOMER_TYPE_VQF

  • Description: Customer type according to the VQF classification.

  • Type: Single Choice

  • Choices::

    • NATURAL

      • Label DE: Die Vertragspartei ist eine natürliche Person und es bestehen keine Zweifel, dass diese selber an den Vermögenswerten wirtschaftlich berechtigt ist

      • Label EN: A natural person and there are no doubts that this person is the sole beneficial owner of the assets

    • OPERATIONAL

      • Label DE: … eine operative juristische Person oder Personengesellschaft

    • FOUNDATION

      • Label DE: … eine Stiftung (oder ein ähnliches Konstrukt; inkl. Underlying Companies).

    • TRUST

      • Label DE: … ein Trust (inkl. Underlying Companies)

    • LIFE_INSURANCE

      • Label DE: … eine Lebensversicherung mit separater Konto-/Depotführung (sog. Insurance Wrapper)

    • OTHER

      • Label DE: alle übrigen Fälle

• FULL_NAME

  • Description: Full name of the customer.

  • Type: Single-line text

  • Label EN: Name / First Name

  • Label DE: Name/Vorname

• DOMICILE_ADDRESS

  • Description: Domicile address of the customer.

  • Type: Multi-line text

  • Label DE: Wohnsitzadresse

• CONTACT_PHONE

  • Description: Contact phone number of the customer.

  • Type: Phone number (optional)

  • Label DE: Telefon

• CONTACT_EMAIL

  • Description: Contact e-mail address of the customer.

  • Type: E-Mail address (optional)

  • Label DE: E-Mail

• DATE_OF_BIRTH

  • Description: Customer’s date of birth.

  • Type: Date

  • Label DE: Geburtstsdatum

• NATIONALITY

  • Description: Customer’s nationality (only for natural person).

  • Type: Country code

  • Label DE: Staatsangehörigkeit

• PERSONAL_IDENTIFICATION_DOCUMENT_COPY

  • Type: File upload (PDF).

  • Label DE: Identification document

• CUSTOMER_NATURAL_COMPANY_NAME

  • Type: Single-line text

  • Label DE: [Bei Inhabern von Einzelunternehmen (in Ergänzung zu oben):] Firma

• REGISTERED_OFFICE_ADDRESS

  • Type: Multi-line text

  • Label DE: [Bei Inhabern von Einzelunternehmen (in Ergänzung zu oben):] Geschäftsadresse

• LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY

  • Type: File upload (PDF).

  • Label DE: Identifizierungsdokument für Unternehmen

• COMPANY_NAME

  • Type: Single-line text

  • Label DE: Firma

• CONTACT_PERSON_NAME

  • Type: Single-line text (optional)

  • Label DE: Kontaktperson

• CORRESPONDENCE_LANGUAGE

  • Type: Single selection

  • Choices: ISO 639-1 Alpha-2 language codes. Currently only en, de, fr and it are supported.

• ESTABLISHER_LIST[].FULL_NAME

  • Type: Single-line string

  • Label DE: Name/Vorname

• ESTABLISHER_LIST[].DOMICILE

  • Type: Multi-line string

  • Label DE: Wohnsitzadresse

• ESTABLISHER_LIST[].NATIONALITY

  • Type: ISO 3166 two-letter uppercase country code.

  • Label DE: Staatsangehörigkeit

• ESTABLISHER_LIST[].PERSONAL_IDENTIFICATION_DOCUMENT_COPY

  • Type: File upload (PDF).

  • Label DE: Identifikationsdokument

• ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE

  • Type: Single Choice

  • Label DE: Art der Zeichnungs- oder Vertretungsberechtigung

  • Required: yes

  • Choices:

    • SINGLE

      • Label DE: Einzelunterschrift

    • COLLECTIVE_TWO

      • Label DE: Kollektiv zu zweit

    • OTHER

      • Label DE: Anderes

• ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE_OTHER

  • Type: Single-line string

• ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE

  • Type: Single Choice

  • Label DE: Kenntnisnahme der Bevollmächtigtenbestimmungen durch

  • Choices:

    • CR

      • Label DE: Handelsregisterauszug

    • MANDATE

      • Label DE: Vollmacht

    • OTHER

      • Label DE: Anderes:

• ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_OTHER

  • Type: Single-line text

• ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_DOCUMENT_COPY

  • Description: Attached document as evidence of the person’s signing authority.

  • Type: File upload.

Strings

• TITLE_VQF_902_1_CUSTOMER

  • Identifizierungsformular (Kundenbasisdaten)

Measure after submission by customer: Depending on CUSTOMER_INFO_TYPE, the customer is asked to fill out another form:

• NATURAL: No other form to fill out. A PIN letter will be directly sent to the customer.

• OPERATIONAL: Form vqf_902_11_customer

• FOUNDATION: Form vqf_902_12

• TRUST: Form vqf_902_13

• LIFE_INSURANCE: Form vqf_902_15

• OTHER: Form vqf_902_9_customer

vqf_902_1_officer

Filled out by: Only AML Officer

Prerequisites: vqf_902_1_customer (with follow-up form if required), vqf_902_5 and vqf_902_4 must have been submitted and checked.

Form Demo: Link

Differences from VQF form 902.1:

• We do not ask for the type of correspondence service, but instead assume that correspondence is done via the Taler protocol or directly to the customer via postal mail.

• We do not accept languages other than English, German and French

• Section 6 (“Laufkunden/Kassageschäften”) is not applicable

• Section 7 (“Beilagen”): The other forms must be filed by the AML officer before filing vqf_902_1_officer. In the future, this will be checked by an AML program that runs for the form submission.

Attributes:

ACCEPTANCE_DATE :: Date
ACCEPTANCE_METHOD :: (
  'FACE_TO_FACE' |
  'AUTHENTICATED_COPY' |
  'RESIDENTIAL_ADDRESS_VALIDATED')
ACCEPTANCE_FURTHER_INFO :: Optional[Text]
EMBARGO_TERRORISM_CHECK_RESULT :: 'LISTED' | 'NOT_LISTED'
EMBARGO_TERRORISM_CHECK_DATE :: Date
when EMBARGO_TERRORISM_INFO = 'LISTED' {
  EMBARGO_TERRORISM_INFO :: Text
}
SUPPLEMENTAL_FILES_LIST[].FILE :: File
SUPPLEMENTAL_FILES_LIST[].DESCRIPTION :: File

vqf_902_4

Filled out by: AML officer only

Purpose: The AML officer uses this form to document the risk profile of a customer.

Form Demo: Link

Differences from VQF form

• “LÄNDERRISIKO (Zahlungsverkehr)” does not apply, since we only accept Swiss customers

• “PRODUKTRISIKO (Art der vom Kunden verlangten Dienstleistungen und Produkte) does not apply, since we do not offer customized products/services.

Attributes:

PEP_FOREIGN :: Boolean
PEP_DOMESTIC :: Boolean
PEP_INTERNATIONAL_ORGANIZATION :: Boolean
when (PEP_DOMESTIC or PEP_INTERNATIONAL_ORGANIZATION) {
  PEP_HIGH_RISK :: Boolean
}
when PEP_FOREIGN or PEP_HIGH_RISK {
  PEP_ACCEPTANCE_DATE :: Date
}
HIGH_RISK_COUNTRY :: Boolean
when HIGH_RISK_COUNTRY {
  HIGH_RISK_ACCEPTANCE_DATE :: Date
}
// FIXME-#9679: Unclear if this is single-choice or multiple-choice
COUNTRY_RISK_NATIONALITY_TYPE :: List[
 'NATIONALITY_CUSTOMER' | 'NATIONALITY_OWNER' |
 'DOMICILE_CUSTOMER' | 'DOMICILE_OWNER' |
 'DOMICILE_CONTROLLING']
COUNTRY_RISK_NATIONALITY_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
// FIXME-#9679: Unclear if this is single-choice or multiple-choice
COUNTRY_RISK_BUSINESS_TYPE :: List['CUSTOMER' | 'OWNER']
COUNTRY_RISK_BUSINESS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
COUNTRY_RISK_PAYMENTS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
INDUSTRY_RISK_TYPE :: 'CUSTOMER' | 'OWNER'
INDUSTRY_RISK_LEVEL :: (
  'TRANSPARENT' | 'HIGH_CASH_TRANSACTION' |
  'NOT_WELL_KNOWN' | 'HIGH_RISK_TRADE' | 'UNKNOWN_INDUSTRY')
CONTACT_RISK_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
RISK_RATIONALE :: Text
RISK_CLASSIFICATION_LEVEL :: 'HIGH_RISK' | 'NO_HIGH_RISK'
when RISK_CLASSIFICATION_LEVEL = 'HIGH_RISK' {
  HIGH_RISK_ACCEPTANCE_DATE :: Date
}

• PEP_FOREIGN

  • Type: Checkbox

  • Label DE: Ist die Vertragspartei, der wirtschaftlich Berechtige resp. Kontrollinhaber oder der Bevollmächtigte ein ausländischer PEP oder steht er einem solchen nahe?

• PEP_DOMESTIC

  • Type: Checkbox

  • Label DE: Ist die Vertragspartei, der wirtschaftlich Berechtigte resp. Kontrollinhaber oder der Bevollmächtigte ein inländischer PEP

• PEP_INTERNATIONAL_ORGANIZATION

  • Type: Checkbox

  • Label DE: Ist die Vertragspartei, der wirtschaftlich Berechtigte resp. Kontrollinhaber oder der Bevollmächtigte ein PEP bei internationalen Organisationen oder steht er einem solchen nahe?

• PEP_HIGH_RISK

  • Type: Checkbox

  • Label DE: Ist ein Risikokriterium aus diesem Formular erfüllt?

  • VQF form original label: Ist ein Risikokriterium gemäss Ziff. 3 nachfolgend erhöht?

• PEP_ACCEPTANCE_DATE

  • Type: Date

  • Label DE: Die Zustimmung des obersten Geschäftsführungsorgans zur Aufnahme einer Geschäftsbeziehung mit einem PEP wurde eingeholt am:

• COUNTRY_RISK_NATIONALITY_TYPE

  • Type: Multi-choice

  • Label DE: LÄNDERRISIKO (Nationalität)

  • Choices:

    • NATIONALITY_CUSTOMER

      • Label DE: [Staatsangehörigkeit] Vertragspartei

    • NATIONALITY_OWNER

      • Label DE: [Staatsangehörigkeit] An Vermögenswerten wirtschaftlich berechtigte Person

    • DOMICILE_CUSTOMER

      • Label DE: [Sitz/Wohnsitz] Vertragspartei

    • DOMICILE_CONTROLLING

      • Label DE: [Sitz/Wohnsitz] Kontrollinhaber

    • DOMICILE_OWNER

      • Label DE: [Sitz/Wohnsitz] an Vermögenswerten wirtschaftlich berechtigte Personen

• COUNTRY_RISK_NATIONALITY_LEVEL

  • Type: Single choice

  • Choices:

    • LOW

      • Label DE: Risiko 0 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)

    • MEDIUM

      • Label DE: Risiko 1 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)

    • HIGH

      • Label DE: Risiko 2 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)

• COUNTRY_RISK_BUSINESS_TYPE

  • Type: Multi-choice

  • Label DE: LÄNDERRISIKO (Geschäftstätigkeit)

  • Choices:

    • CUSTOMER

      • Label DE: [Ort der Geschäftstätigkeit] Vertragspartei

    • OWNER

      • Label DE: [Ort der Geschäftstätigkeit] an Vermögenswerten wirtschaftlich berechtigte Person

• COUNTRY_RISK_BUSINESS_LEVEL

  • Type: Single choice

  • Choices:

    • LOW

      • Label DE: Risiko 0 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)

    • MEDIUM

      • Label DE: Risiko 1 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)

    • HIGH

      • Label DE: Risiko 2 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)

• INDUSTRY_RISK_TYPE

  • Type: Multi-choice

  • Label DE: BRANCHENRISIKO

  • Choices:

    • CUSTOMER

      • Label DE: [Art der Geschäftstätigkeit] Vertragspartei

    • OWNER

      • Label DE: [Art der Geschäftstätigkeit] an Vermögenswerten wirtschaftlich berechtigte Person

• INDUSTRY_RISK_LEVEL

  • Type: Single choice

  • Choices:

    • TRANSPARENT

      • Label DE: Dem Mitglied gut bekannte, klar um rissene, transparente und einfach verständliche Geschäftstätigkeit

    • HIGH_CASH_TRANSACTION

      • Label DE: Geschäftstätigkeit mit hohen Bargeldtransaktionen

    • NOT_WELL_KNOWN

      • Label DE: Dem Mitglied eher unbekannte Tätigkeit

    • HIGH_RISK_TRADE

      • Label DE: Waffen-/Rüstungshandel, Rohedelsteine- und Diamantenhandel, Schmuckhandel, internationaler Handel mit exotischen Tieren, Casino- und Lotteriegewerbe, Erotikgewerbe

    • UNKNOWN_INDUSTRY

      • Label DE: Keinerlei persönliche Kenntnisse des Mitglieds zur Branche der Vertragspartei

• CONTACT_RISK_LEVEL

  • Type: Multi-choice

  • Label DE: KONTAKTRISIKO: Kontaktformen zur Vertragspartei/an Vermögenswerten wirtschaftlich berechtigten Person

  • Choices:

    • LOW

      • Label DE: Persönliche Bekanntschaft zwischen Mitglied und Vertragspartei/an Vermögenswerten wirtschaftlich berechtigter Person vor Geschäftsaufnahme seit mehreren Jahren (min. 2 Jahre)

    • MEDIUM

      • Label DE: Vertragspartei/an Vermögenswerten wirtschaftlich berechtigte Person war dem Mitglied vor Geschäftsaufnahme nicht seit mehreren Jahren (min. 2 Jahre) persönlich bekannt, aber (a) keine Geschäftsaufnahme unter Abwesenden oder (b) zumindest Einführung/Vermittlung des Kunden durch eine Vertrauensperson

    • HIGH

      • Label DE: Vertragspartei/an Vermögenswerten wirtschaftlich berechtigte Person persönlich unbekannt und Geschäftsaufnahme unter Abwesenden (Korrespondenzbeziehung) sowie keine Einführung/Vermittlung des Kunden durch eine Vertrauensperson

• RISK_RATIONALE

  • Type: Multi-line text

  • Label DE: Begründung für abweichende Risikobewertung

• HIGH_RISK

  • Type: Checkbox (yes/no)

  • Label DE: [Risikoklassifizierung] Geschäftsbeziehung mit erhöhtem Risiko

• HIGH_RISK_ACCEPTANCE_DATE

  • Type: Checkbox (yes/no)

  • Label DE: Die Zustimmung einer vorgesetzten Person / Stelle oder der Geschäftsführung zur Aufnahme einer Geschäftsbeziehung mit erhöhtem Risiko wurde eingeholt am:

vqf_902_5

Filled out by: AML officer only

Purpose: Customer profile

Form Demo: Link

Differences from VQF form:

Attributes:

BIZREL_PROFESSION :: Text
BIZREL_FINANCIAL_CIRCUMSTANCES :: Text
BIZREL_ORIGIN_NATURE :: Text
BIZREL_ORIGIN_AMOUNT :: Text
BIZREL_ORIGIN_CATEGORY :: List[
  'SAVINGS' | 'OWN_BUSINESS' |
  'INHERITANCE' | 'OTHER']
when BIZREL_ORIGIN_CATEGORY contains 'OTHER' {
  BIZREL_ORIGIN_CATEGORY_OTHER :: Text
}
BIZREL_ORIGIN_DETAIL :: Text
BIZREL_PURPOSE :: Text
BIZREL_DEVELOPMENT :: Text
BIZREL_FINANCIAL_VOLUME :: Text
BIZREL_FINANCIAL_BENEFICIARIES_FULL_NAME :: Text
BIZREL_THIRDPARTY_RELATIONSHIP :: Text
BIZREL_THIRDPARTY_AMLA_FILES :: Text
BIZREL_THIRDPARTY_REFERENCES :: Text
BIZREL_FURTHER_INFO :: Text

• BIZREL_PROFESSION

  • Type: Multi-line text

  • Label DE: [Geschäftliche Aktivitäten] Beruf, geschäftliche Aktivitäten etc. (frühere, aktuelle, evtl. geplante)

• BIZREL_FINANCIAL_CIRCUMSTANCES

  • Type: Multi-line text

  • Label DE: [Finanzielle Verhältnisse] Einkommen und Vermögen, Verpflichtungen (geschätzt)

• BIZREL_ORIGIN_NATURE

  • Type: Multi-line text

  • Label DE: [Herkunft der eingebrachten Vermögenswerte] Art, Betrag und Währung der eingebrachten Vermögenswerte

• BIZREL_ORIGIN_CATEGORY

  • Type: Multiple choice

  • Label DE: [Herkunft der eingebrachten Vermögenswerte] Art, Betrag und Währung der eingebrachten Vermögenswerte

  • Choices:

    • SAVINGS

      • Label DE: Ersparnis

    • OWN_BUSINESS

      • Label DE: Eigener Geschäftsbetrieb

    • INHERITANCE

      • Label DE: Erbschaft

    • OTHER

      • Label DE: Anderes, was?

• BIZREL_ORIGIN_CATEGORY_OTHER

  • Type: Multi-line text

  • Label DE: Andere Herkunft:

• BIZREL_ORIGIN_DETAIL

  • Type: Multi-line text

  • Label DE: [Herkunft der eingebrachten Vermögenswerte] Detaillierte Beschreibung der wirtschaftlichen Herkunft der in die Geschäftsbeziehung eingebrachten Vermögenswerte

• BIZREL_PURPOSE

  • Type: Multi-line text

  • Label DE: Zweck des Geschäfts- bzw. der Geschäftsbeziehung

• BIZREL_DEVELOPMENT

  • Type: Multi-line text

  • Label DE: Angaben über die geplante Entwicklung der Geschäftsbeziehung und der Vermögenswerte

• BIZREL_VOLUME

  • Type: Multi-line text

  • Label DE: Insbesondere bei Kassa-, Geld- und Wertübertragungsgeschäften mit Stammkunden: (1) Angaben zum üblichen Geschäftsvolumen (2) Angaben zu den Begünstigten (Name, Vorname, Adresse, Bankverbindung)

• BIZREL_THIRDPARTY_RELATIONSHIP

  • Type: Multi-line text

  • Label DE: Beziehung der Vertragspartei zu wirtschaftlich berechtigten Personen, Kontrollinhaber, Begünstigten, Bevollmächtigten und weiteren in die Geschäftsbeziehung involvierten Personen

• BIZREL_THIRDPARTY_AMLA_FILES

  • Type: Multi-line text

  • Label DE: Verbindungen zu anderen GwG-Files

• BIZREL_THIRDPARTY_REFERENCES

  • Type: Multi-line text

  • Label DE: Introducer / Vermittler / Referenzen

• BIZREL_FURTHER_INFO

  • Type: Multi-line text

  • Label DE: Sonstige aus Sicht des Mitglieds relevante Informationen

vqf_902_9_customer

Filled out by: Customer only.

Purpose: Establish the identity of the beneficial owner.

Form Demo: Link

Differences from VQF form 902.9:

• The VQF form can only be filled out by the customer. We also allow the AML officer to fill out this form, but then require an attached version signed by the customer.

Attributes:

info DECL_BENEFICIAL_OWNER
IDENTITY_CONTRACTING_PARTNER :: String
IDENTITY_LIST[].FULL_NAME :: String
IDENTITY_LIST[].DATE_OF_BIRTH :: Date
IDENTITY_LIST[].DOMICILE_ADDRESS :: AddressString
IDENTITY_LIST[].NATIONALITY :: CountryCodeString
info NOTICE_WRONG_DECLARATION
SIGNATURE :: String
SIGN_DATE :: Date
info NOTICE_CHANGES

• IDENTITY_CONTRACTING_PARTNER

  • Type: Multi-line text

  • Label EN: Contracting party (name and address)

  • Label DE: Vertragspartner (Name und Adresse)

• IDENTITY_LIST

  • Description: Identities of controlling persons.

• IDENTITY_LIST[].FULL_NAME

  • Type: Single line text

  • Label DE: Name, Vorname

• IDENTITY_LIST[].DATE_OF_BIRTH

  • Type: Date entry

  • Label DE: Geburtsdatum

• IDENTITY_LIST[].NATIONALITY

  • Type: Country code

  • Label DE: Nationalität

• IDENTITY_LIST[].DOMICILE_ADDRESS

  • Type: Multi-line text

  • Label DE: Effektive Wohnsitzadresse

• SIGNATURE

  • Type: Single-line text

  • Label EN: Signed by:

  • Label DE: Unterzeichnet von:

• SIGN_DATE

  • Type: Single-line text (pre-filled with current date)

Strings:

• DECL_BENEFICIAL_OWNER

  • DE: Der Vertragspartner erklärt hiermit, dass die nachfolgend aufgeführte(n) Person(en) an den in die Geschäftsbeziehung eingebrachten Vermögenswerten wirtschaftlich berechtigt ist/sind. Ist der Vertragspartner selber allein an diesen Vermögenswerten wirtschaftlich berechtigt, so sind nachstehend seine Personalien festzuhalten:

• NOTICE_WRONG_DECLARATION:

  • DE: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Handlung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs).

• NOTICE_CHANGES

  • DE: Der Vertragspartner verpflichtet sich, Änderungen jeweils unaufgefordert mitzuteilen.

Others:

When filled out by the customer, the form must contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law.

vqf_902_9_officer

Filled out by: AML Officer only.

Purpose: Establish the identity of the beneficial owner.

Form Demo: Link

Differences from VQF form 902.9:

• We also allow the AML officer to fill out this form, but then require an attached version signed by the customer.

Attributes:

info DECL_BENEFICIAL_OWNER
IDENTITY_CONTRACTING_PARTNER :: String
IDENTITY_LIST[].FULL_NAME :: String
IDENTITY_LIST[].DATE_OF_BIRTH :: Date
IDENTITY_LIST[].DOMICILE_ADDRESS :: AddressString
IDENTITY_LIST[].NATIONALITY :: CountryCodeString
info NOTICE_WRONG_DECLARATION
ATTACHMENT_SIGNED_DOCUMENT :: File
info NOTICE_CHANGES

• IDENTITY_CONTRACTING_PARTNER

  • Type: Multi-line text

  • Label EN: Contracting party (name and address)

  • Label DE: Vertragspartner (Name und Adresse)

• IDENTITY_LIST

  • Description: Identities of controlling persons.

• IDENTITY_LIST[].FULL_NAME

  • Type: Single line text

  • Label DE: Name, Vorname

• IDENTITY_LIST[].DATE_OF_BIRTH

  • Type: Date entry

  • Label DE: Geburtsdatum

• IDENTITY_LIST[].NATIONALITY

  • Type: Country code

  • Label DE: Nationalität

• IDENTITY_LIST[].DOMICILE_ADDRESS

  • Type: Multi-line text

  • Label DE: Effektive Wohnsitzadresse

• ATTACHMENT_SIGNED_DOCUMENT

  • Label DE: Scan des vom Kunden unterschriebenen Formulars.

Strings:

• DECL_BENEFICIAL_OWNER

  • DE: Der Vertragspartner erklärt hiermit, dass die nachfolgend aufgeführte(n) Person(en) an den in die Geschäftsbeziehung eingebrachten Vermögenswerten wirtschaftlich berechtigt ist/sind. Ist der Vertragspartner selber allein an diesen Vermögenswerten wirtschaftlich berechtigt, so sind nachstehend seine Personalien festzuhalten:

• NOTICE_WRONG_DECLARATION:

  • DE: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Handlung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs).

• NOTICE_CHANGES

  • DE: Der Vertragspartner verpflichtet sich, Änderungen jeweils unaufgefordert mitzuteilen.

Others:

When filled out by the customer, the form must contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law.

vqf_902_11_customer

Filled out by: Customer only.

Purpose: Determine the controlling person of an operational legal entity or partnership.

Form Demo: Link

Differences from VQF form 902.11:

• The VQF form can only be filled out by the customer. When the officer fills out the VQF 902.11, we use our vqf_902_11_officer.

Attributes:

title TITLE_VQF_902_11_CUSTOMER
info INFO_VQF_902_11_CUSTOMER
IDENTITY_CONTRACTING_PARTNER :: Text
CONTROL_REASON :: 'HAS_25_MORE_RIGHTS' | 'OTHER_WAY' | 'DIRECTOR'
IDENTITY_LIST[].FULL_NAME :: Text
IDENTITY_LIST[].DOMICILE_ADDRESS :: Text
THIRD_PARTY_OWNERSHIP :: Boolean
info NOTICE_WRONG_DECLARATION
SIGNATURE :: String
SIGN_DATE :: Date

• CONTROL_REASON

  • Type: Single choice

  • Label DE: Der Vertragspartner erklärt hiermit, (das Zutreffende ankreuzen) …

  • Choices:

    • HAS_25_MORE_RIGHTS

      • Label DE: … dass die nachfolgend aufgeführte(n) Person(en) am Vertragspartner Anteile (Kapitals- oder Stimmrechtsanteile) von 25 % oder mehr halten

    • OTHER_WAY

      • Label DE: … falls die Kapitals- oder Stimmrechtsanteile nicht festgestellt werden können oder falls keine Kapitals- oder Stimmrechtsanteile von 25% oder mehr bestehen, erklärt der Vertragspartner hiermit, dass die nachträglich aufgeführte Person(en) auf andere Weise die Kontrolle über den Vertragspartner ausübt/ausüben;

    • DIRECTOR

      • Label DE:

        … falls auch diese Person(en) nicht festgestellt werden kann/können, oder diese Person(en) nicht besteht/bestehen, erklärt der Vertragspartner, dass die nachfolgend aufgeführte(n) Person(en) die Geschäftsführung ausüben.

• IDENTITY_LIST[].FULL_NAME

  • Type: Single line text

  • Label DE: Name, Vorname

• IDENTITY_LIST[].DOMICILE

  • Type: Multi-line text

  • Label DE: Effektive Wohnsitzadresse

• THIRD_PARTY_OWNERSHIP

  • Type: Choice yes/no

    • Label DE: Ist eine Drittperson an den auf dem Konto/Depot liegenden Vermögenswerten wirtschaftlich berechtigt?

  • Choices:

    • false

      • Label DE: Nein

    • true

      • Label DE: Ja. => Die entsprechenden Angaben zur wirtschaftlichen Berechtigung sind durch das Ausfüllen eines separaten Formulars VQF Dok Nr. 902.9 zu erheben.

• SIGNATURE

  • Type: Single-line text

  • Label EN: Signed by:

  • Label DE: Unterzeichnet von:

• SIGN_DATE

  • Type: Single-line text (pre-filled with current date)

Strings

• NOTICE_WRONG_DECLARATION:

  • DE: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Hand lung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs).

• TITLE_VQF_902_11_CUSTOMER

  • DE: Feststellung des Kontrollinhabers an nicht operativ tätigen juristischen Personen und Personengesellschaften (K)

• INFO_VQF_902_11_CUSTOMER

  • DE: (bei operativ tätigen juristischen Personen und Personengesellschaf ten als Vertragspartner sowie sinngemäss bei operativ tätigen juristischen Personen und Personengesellschaf ten als wirtschaf tlich Berechtigte)

Measure after submission from the customer: If THIRD_PARTY_OWNERSHIP is true, vqf_902_9_customer needs to be filled out.

Others:

When filled out by the customer, the form must contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law.

vqf_902_11_officer

Filled out by: AML officer only.

Purpose: Determine the controlling person of an operational legal entity or partnership.

Form Demo: Link

Differences from VQF form 902.11:

• The VQF form can only be filled out by the AML officer. When the customer directly fills out the VQF 902.11, we use our vqf_902_11_customer.

Attributes:

title TITLE_VQF_902_11_OFFICER
info INFO_VQF_902_11_OFFICER
IDENTITY_CONTRACTING_PARTNER :: Text
CONTROL_REASON :: 'HAS_25_MORE_RIGHTS' | 'OTHER_WAY' | 'DIRECTOR'
IDENTITY_LIST[].FULL_NAME :: Text
IDENTITY_LIST[].DOMICILE :: Text
THIRD_PARTY_OWNERSHIP :: Boolean
ATTACHMENT_SIGNED_DOCUMENT :: File

• IDENTITY_CONTRACTING_PARTNER

  • Type: Multi-line text

  • Label EN: Contracting party (name and address)

  • Label DE: Vertragspartner (Name und Adresse)

• CONTROL_REASON

  • Type: Single choice

  • Label DE: Es wird erklärt, (das Zutreffende ankreuzen) …

  • Choices:

    • HAS_25_MORE_RIGHTS

      • Label DE: … dass die nachfolgend aufgeführte(n) Person(en) am Vertragspartner Anteile (Kapitals- oder Stimmrechtsanteile) von 25 % oder mehr halten

    • OTHER_WAY

      • Label DE: … falls die Kapitals- oder Stimmrechtsanteile nicht festgestellt werden können oder falls keine Kapitals- oder Stimmrechtsanteile von 25% oder mehr bestehen, erklärt der Vertragspartner hiermit, dass die nachträglich aufgeführte Person(en) auf andere Weise die Kontrolle über den Vertragspartner ausübt/ausüben;

    • DIRECTOR

      • Label DE:

        … falls auch diese Person(en) nicht festgestellt werden kann/können, oder diese Person(en) nicht besteht/bestehen, erklärt der Vertragspartner, dass die nachfolgend aufgeführte(n) Person(en) die Geschäftsführung ausüben.

• IDENTITY_LIST[].FULL_NAME

  • Type: Single line text

  • Label DE: Name, Vorname

• IDENTITY_LIST[].DOMICILE

  • Type: Multi-line text

  • Label DE: Effektive Wohnsitzadresse

• THIRD_PARTY_OWNERSHIP

  • Type: Choice yes/no

    • Label DE: Ist eine Drittperson an den auf dem Konto/Depot liegenden Vermögenswerten wirtschaftlich berechtigt?

  • Choices:

    • false

      • Label DE: Nein

    • true

      • Label DE: Ja. => Die entsprechenden Angaben zur wirtschaftlichen Berechtigung sind durch das Ausfüllen eines separaten Formulars VQF Dok Nr. 902.9 zu erheben.

• ATTACHMENT_SIGNED_DOCUMENT

  • Label DE: Scan des vom Kunden unterschriebenen Formulars.

Strings

• TITLE_VQF_902_11_OFFICER

  • DE: Feststellung des Kontrollinhabers an nicht operativ tätigen juristischen Personen und Personengesellschaften (K)

• INFO_VQF_902_11_OFFICER

  • DE: (bei operativ tätigen juristischen Personen und Personengesellschaf ten als Vertragspartner sowie sinngemäss bei operativ tätigen juristischen Personen und Personengesellschaf ten als wirtschaf tlich Berechtigte)

vqf_902_12

Purpose: Declaration for foundations.

This form will not be supported for the TOPS MVP. Foundations will either not be accepted as customers or the AML officer will need to submit a PDF form.

vqf_902_13

Purpose: Declaration for trusts.

This form will not be supported for the TOPS MVP. Trusts will either not be accepted as customers or the AML officer will need to submit a PDF form.

vqf_902_14

Filled out by: AML officer only.

Purpose: Special clarifications regarding the customer. This form is filled out by at the initiative of the AML officer or in response to an alert.

Form Demo: Link

Attributes:

INCRISK_REASON :: Text
INCRISK_MEANS :: 'GATHERING' | 'CONSULTATION' | 'ENQUIRIES' | 'OTHER'
when INCRISK_MEANS_OTHER = 'OTHER' {
  INCRISK_MEANS_OTHER :: Text
}
INCRISK_SUMMARY :: Text
INCRISK_DOCUMENTS :: Text
INCRISK_RESULT :: (
  'NO_SUSPICION' | 'SUBSTANTIATED_SUSPICION' |
  'SIMPLE_SUSPICION' | 'OTHER')
if INCRISK_REASON = 'OTHER' {
  INCRISK_RESULT_OTHER :: Text
}

• INCRISK_REASON

  • Type: Free-form, multi-line text.

  • Label DE: [Grund für die besonderen Abklärungen] Beschreibung der Umstände/Transaktionen, die zu den besonderen Abklärungen geführt haben

• INCRISK_MEANS

  • Type: Single choice

  • Choices:

    • GATHERING

      • Label DE: Einholen Auskunft von Vertragspartei, an Vermögenswerten wirtschaftlich berechtigten Person, Kontrollinhaber

    • CONSULTATION

      • Label DE: Konsultation öffentlicher Quellen und Datenbanken

    • ENQUIRIES

      • Label DE: Erkundigung bei vertrauenswürden Dritten (z.B. Depotbank)

    • OTHER

      • Label DE: Andere, welche?

  • Label DE: Verwendete Mittel zur Abklärung

• INCRISK_MEANS_OTHER

  • Type: Free-form, multi-line text

  • When: INCRISK_MEANS = 'OTHER'

  • Label DE: Erklärung zu anderem Mittel

• INCRISK_SUMMARY

  • Type: Fee-form, multi-line text.

  • Label DE: Zusammenfassung und Plausibilisierung der eingeholten Informationen (=> Die Ergebnisse der Abklärungen sind zu dokumentieren und auf ihre Plausibilisierung zu überprüfen.)

• INCRISK_DOCUMENTS

  • Type: Fee-form, multi-line text.

  • Label DE: Eingeholte/eingesehene Unterlagen

• INCRISK_RESULT

  • Type: Single Choice

  • Choices:

    • NO_SUSPICION

      • Label DE: Sachverhalt konnte plausibilisiert werden, kein begründeter Verdacht nach Art. 9 GwG (evtl. Anpassung Kun- denprofil (VQF Dok. Nr. 902.5) und/oder Risikoprofil (VQF Dok. Nr. 902.4))

    • REASONABLE_SUSPICION

      • Label DE: Begründeter Verdacht nach Art. 9 GwG, Meldepflicht an MROS

    • SIMPLE_SUSPICION

      • Label DE: Einfacher Verdacht nach Art. 305ter Abs. 2 StGB, Melderecht an MROS

    • OTHER

      • Label DE: Anderes, was?

• INCRISK_RESULT_OTHER

  • Type: Free-form, multi-line text

  • When: INCRISK_RESULT = 'OTHER'

  • Label DE: Erklärung zu anderem Verdacht

vqf_902_15

Purpose: Declaration for life insurance companies.

This form will not be supported for the TOPS MVP. Life insurance companies will either not be accepted as customers or the AML officer will need to submit a PDF form

Derived Properties and Events (AML Officer)

When the AML officer submits a form, the AML SPA will derive some pre-defined properties and events from the filled-in form attributes. The AML Officer can change (override) these derived properties and events.

• Assumptions:

• Properties are always calculated only based on new attributes and the previous properties. They are never calculated from older attribute collections or the current rules.

• The AML officer can always override derived properties or events.

• In the future, we might derive rules from properties, but we don’t do that right now.

The derivation is defined in pseudo-code. The following special variables/functions are available:

• oldProps: Previous properties of the account (before the decision)

• newProps: New properties of the account (i.e. the derived properties)

• form: Form attributes of the AML form submitted by the AML officer

• emit(evt): Function that marks an event as emitted

• propBecameTrue(prop): Helper predicate that returns true iff a property was false or undefine before (in oldProps) and is now true (in newProps).

• propBecameFalse(prop): Helper predicate that returns true iff a property was true before (in oldProps) and is now false or undefined (in newProps).

The event-rule tag is included to reference the implementation and testing functions in code.

vqf_902_1_officer

Properties:

newProps.ACCOUNT_OPEN = true;

Events:

if (propBecameTrue(ACCOUNT_OPEN)) {
  emit(INCR_ACCOUNT_OPEN); # event-rule 1

  const isPep = (
    newProps.PEP_FOREIGN ||
    newProps.PEP_DOMESTIC ||
    newProps.PEP_INTERNATIONAL_ORGANIZATION
  );

  if (isPep) {
    emit(INCR_PEP); # event-rule 2
  }

  if (newProps.PEP_FOREIGN) {
    emit(INCR_PEP_FOREIGN); # event-rule 3
  }

  if (newProps.PEP_DOMESTIC) {
    emit(INCR_PEP_DOMESTIC); # event-rule 4
  }

  if (newProps.PEP_INTERNATIONAL_ORGANIZATION) {
    emit(INCR_PEP_INTERNATIONAL_ORGANIZATION); # event-rule 5
  }

  if (newProps.HIGH_RISK_CUSTOMER) {
    emit(INCR_HIGH_RISK_CUSTOMER); # event-rule 6
  }

  if (newProps.HIGH_RISK_COUNTRY) {
    emit(INCR_HIGH_RISK_COUNTRY); # event-rule 7
  }
}

vqf_902_4

Properties:

newProps.PEP_FOREIGN = form.PEP_FOREIGN;
newProps.PEP_DOMESTIC = form.PEP_DOMESTIC;
newProps.PEP_INTERNATIONAL_ORGANIZATION = form.PEP_INTERNATIONAL_ORGANIZATION;
newProps.HIGH_RISK_CUSTOMER = form.RISK_CLASSIFICATION_LEVEL == "HIGH_RISK";
newProps.HIGH_RISK_COUNTRY = form.COUNTRY_RISK_NATIONALITY_LEVEL == "HIGH";

Events:

if (oldProps.ACCOUNT_OPEN) {
  if (propBecameTrue(PEP_FOREIGN) {
    emit(INCR_PEP_FOREIGN); # event-rule 8
  }
  if (propBecameTrue(PEP_INTERNATIONAL_ORGANIZATION) {
    emit(INCR_PEP_INTERNATIONAL_ORGANIZATION); # event-rule 9
  }
  if (propBecameTrue(PEP_DOMESTIC) {
    emit(INCR_PEP_DOMESTIC); # event-rule 10
  }
  if (propBecameFalse(PEP_FOREIGN) {
    emit(DECR_PEP_FOREIGN); # event-rule 11
  }
  if (propBecameFalse(PEP_INTERNATIONAL_ORGANIZATION) {
    emit(DECR_PEP_INTERNATIONAL_ORGANIZATION); # event-rule 12
  }
  if (propBecameFalse(PEP_DOMESTIC) {
    emit(DECR_PEP_DOMESTIC); # event-rule 13
  }
  const wasPep = (
    oldProps.PEP_DOMESTIC ||
    oldProps.PEP_FOREIGN ||
    oldProps.PEP_INTERNATIONAL_ORGANIZATION);
  const isPep = (
    newProps.PEP_DOMESTIC ||
    newProps.PEP_FOREIGN ||
    newProps.PEP_INTERNATIONAL_ORGANIZATION);
  if (wasPep && !isPep) {
    emit(DECR_PEP); # event-rule 14
  }
  if (!wasPep & isPep) {
    emit(INCR_PEP); # event-rule 15
  }
  if (propBecameTrue(HIGH_RISK_COUNTRY)) {
    emit(INCR_HIGH_RISK_COUNTRY); # event-rule 16
  }
  if (propBecameFalse(HIGH_RISK_COUNTRY)) {
    emit(DECR_HIGH_RISK_COUNTRY); # event-rule 17
  }
  if (propBecameTrue(HIGH_RISK_CUSTOMER)) {
    emit(INCR_HIGH_RISK_CUSTOMER); # event-rule 18
  }
  if (propBecameFalse(HIGH_RISK_CUSTOMER)) {
    emit(DECR_HIGH_RISK_CUSTOMER); # event-rule 19
  }
}

vqf_902_14

Properties:

if (INCRISK_RESULT == "SIMPLE_SUSPICION") {
  newProps.INVESTIGATION_STATE = "REPORTED_SUSPICION_SIMPLE";
} else if (INCRISK_RESULT == "SUBSTANTIATED_SUSPICION") {
  newProps.INVESTIGATION_STATE = "REPORTED_SUSPICION_SUBSTANTIATED";
} else if (INCRISK_RESULT == "NO_SUSPICION") {
  newProps.INVESTIGATION_STATE = "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION";
} else if (INCRISK_RESULT == "OTHER") {
  // FIXME-#9677: would be nice if we instead could set the property to "undefined"/null
  // and *force* the AML officer to manually set it.
  // Alternatively, we should probably default to "INVESTIGATION_PENDING". -CG
  newProps.INVESTIGATION_STATE = "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION";
} else {
  not_reached();
}

Events:

if (oldProps.INVESTIGATION_STATE == "NONE" ||
    oldProps.INVESTIGATION_STATE == "INVESTIGATION_PENDING" ||
    oldProps.INVESTIGATION_STATE == null) {
  if (newProps.INVESTIGATION_STATE == "REPORTED_SUSPICION_SIMPLE" ||
      newProps.INVESTIGATION_STATE == "REPORTED_SUSPICION_SUBSTANTIATED" ||
      newProps.INVESTIGATION_STATE == "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION") {
    emit(INCR_INVESTIGATION_CONCLUDED); # event-rule 20
  }
  if (newProps.INVESTIGATION_STATE == "REPORTED_SUSPICION_SUBSTANTIATED") {
    // FIXME-#9676: if possible, we should force the AML officer to tick
    // an extra check-box "I submitted this case to MROS". No need to
    // actually do anything here server-side, it's more an explicit
    // acknowledgement/reminder to make really sure this event is only
    // emitted if the report was files.
    emit(MROS_REPORTED_SUSPICION_SUBSTANTIATED); # event-rule 21
  }
  if (newProps.INVESTIGATION_STATE == "REPORTED_SUSPICION_SIMPLE") {
    // FIXME-#9676: if possible, we should force the AML officer to tick
    // an extra check-box "I submitted this case to MROS". No need to
    // actually do anything here server-side, it's more an explicit
    // acknowledgement/reminder to make really sure this event is only
    // emitted if the report was files.
    emit(MROS_REPORTED_SUSPICION_SIMPLE); # event-rule 22
  }
}

Derived Properties and Events (Customer/KYC forms)

When the customer submits an AML form, the AML program that checks the form can also derive properties and events.

Examples for this are:

• When the customer selects a correspondence language, a property could be set to store the correspondence language.

• When the customer fills out a form that requires the AML officer to check the form, a property could be used to indicate which manual verification from the AML officer is still pending.

TBD: Spec this fully

Reporting

GwG File List

VQF requires a list of all open and closed GwG files. To satisfy this requirement, we need a table of all AML accounts with the following colums (see VQF 902.8):

• File number (for us, probably the payto hash sufficies, otherwise we need to take some row ID)

• Contracting party (internal alias is also okay, but we don’t have an internal alias anyway)

• Notes

• PEP status (yes/no)

• Creation date

• Closing date

Event Reporting (VQF)

The VQF self-declaration contains the following questions that we need to answer with statistics derived via events:

Original German Text:

3. Anzahl der betreuten GwG-Files

3.1. GwG-Files für dauernde Geschäftsbeziehungen (gemäss Art. 7 lit. b SRO-Reglement)

3.1.1. Anzahl der am 01.01.20XX betreuten GwG-Files

3.1.2. Zwischen 01.01.20XX und 31.12.20XX hinzugekommene GwG-Files

3.1.3. Anzahl der während des Jahres 20XX betreuten GwG-Files
(Relevante Zahl für die jährliche GwG-File Gebühr / Jahresrechnung)

3.1.4. Zwischen 01.01.20XX und 31.12.20XX beendigte GwG-Files

3.1.5. Anzahl der am 31.12.20XX betreuten GwG-Files (gerechnet ab dem 01.01.20XX)

4. Angaben zu Kundenstruktur, Produkten, Betriebsstruktur

4.1. Führten Sie im Jahre 2024 Geschäftsbeziehungen mit erhöhtem Risiko (Art. 58 SRO-Reglement)?

4.2. Falls bei Ziff. 4.1 mit "Ja" geantwortet, bei wie vielen davon handelt es
sich um politisch exponierte Personen (PEP)? (nummerische Anzahl)

4.3. Wie viele von den genannten PEP sind ausländische PEP?
(nummerische Anzahl)

4.4. Falls bei Ziff. 4.1 mit "Ja" geantwortet, wie viele weitere
(zusätzlich zu den in Ziff. 4.2 / PEP genannten)
Geschäftsbeziehungen mit erhöhten Risiken führten Sie?
(nummerische Anzahl)

4.5. Total der Geschäftsbeziehungen mit erhöhtem Risiko

4.6. Führten Sie im Jahre 2024 Geschäftsbeziehungen mit
Vertragspartnern oder wirtschaftlich berechtigten Personen mit
Nationalität oder Domizil/Sitz in einem Land mit Risikostufe
"High" gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)?

5. Meldungen an die Meldestelle (MROS)

5.1. Meldepflicht (Art. 9 Abs. 1 GwG) (nummerische Anzahl)
5.2. Melderecht (Art. 305ter Abs. 2 StGB) (nummerische Anzahl)
5.3. Total der an die Meldestelle (MROS) und den VQF erfolgten MROS-Meldungen


English Translation

TBD.

Based on this, we have the following statistics:

• Number of open accounts on January 1st (self-declaration 3.1.1)

  • Implemementation: evtcount(INCR_ACCOUNT_OPEN, start=0, end=jan_first_20xx) - evtcount(DECR_ACCOUNT_OPEN, start=0, end=jan_first_20xx)

• Number of newly opened accounts between 01.01.20XX and 31.12.20XX (self-declaration 3.1.2.)

  • Implemementation: evtcount(INCR_ACCOUNT_OPEN, start=jan_first_20xx, end=dec_last_20xx)

• Number of AML files managed during the year 20XX (self-declaration 3.1.3.)

  • All accounts ever opened except the ones that were closed before 20xx

  • Implemementation: evtcount(INCR_ACCOUNT_OPEN, start=0, end=dec_last_20xx) - evtcount(DECR_ACCOUNT_OPEN, start=0, end=jan_first_20xx)

• Number of AML files closed between 01.01.20XX and 31.12.20XX (self-declaration 3.1.4)

  • Implemementation: evtcount(DECR_ACCOUNT_OPEN, start=jan_first_20xx, end=dec_last_20xx)

• Were there business relationships in the year 20XX with high risk? (self-declaration 4.1)

  • Implementation: evtcount(INCR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) - evtcount(DECR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) > 0

• Of those, how many were with PEPs? (self-declaration 4.2.)

  • Implementation: evtcount(INCR_PEP, start=0, end=dec_last_20xx) - evtcount(DECR_PEP, start=0, end=dec_last_20xx)

• Of those PEPs, how many were with foreign PEPs? (self-declaration 4.3.)

  • Implementation: evtcount(INCR_PEP_FOREIGN, start=0, end=dec_last_20xx) - evtcount(DECR_PEP_FOREIGN, start=0, end=dec_last_20xx)

• Number of other additional (other than PEPs and foreign PEPs) high-risk business relationships in 20XX (self-declaration 4.4.)

  • Implementation: Difference between 4.5. and 4.2

• Number of high-risk business relationship n total in 20xx (self-declaration 4.5.)

  • Implementation: evtcount(INCR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) - evtcount(DECR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx)

• Number of reports (substantiated suspicion) to MROS during 20xx (self-declaration 5.1)

  • Implementation: evtcount(REPORTED_SUSPICION_SUBSTANTIATED, range=year_20xx)

• Number of reports (simple suspicion) to MROS during 20xx (self-declaration 5.2)

  • Implementation: evtcount(REPORTED_SUSPICION_SIMPLE, range=year_20xx)

• Total number of reports to MROS during 20xx (self-declaration 5.3)

  • Implementation: evtcount(REPORTED_SUSPICION_SIMPLE, range=year_20xx) + evtcount(REPORTED_SUSPICION_SUBSTANTIATED, range=year_20xx)

Event Reporting (TOPS)

The following event-based statistics are custom-defined by us and shown in the AML officer dashboard.

• Number of accounts that are opened:

  • Implementation: evtcount(INCR_ACCOUNT_OPEN) - evtcount(DECR_ACCOUNT_OPEN)

• Number of new GwG files in the last year.

  • Implementation: evtcount(INCR_ACCOUNT_OPEN, range=last_year)

• Number of GwG files closed in the last year

  • Implementation: evtcount(DECR_ACCOUNT_OPEN), range=last_year)

  • Note: we only close GwG files after 1 year of inactivity, so implementation not exactly pressing …

• Number of GwG files of high-risk customers

  • Implementation: evtcount(INCR_HIGH_RISK) - evtcount(INCR_HIGH_RISK)

• Number of GwG files managed with “increased risk” due to PEP status

  • Implementation: evtcount(INCR_PEP) - evtcount(DECR_PEP)

• Number of MROS reports based on Art 9 Abs. 1 GwG (per year)

  • Implementation: evtcount(MROS_REPORTED_SUSPICION_SUBSTANTIATED, range=last_year)

• Number of MROS reports based on Art 305ter Abs. 2 StGB (per year)

  • Implementation: evtcount(MROS_REPORTED_SUSPICION_SIMPLE, range=last_year)

• Number of customers involved in proceedings for which Art 6 GwG did apply

  • Implementation: evtcount(INCR_INVESTIGATION, range=last_year)

Suspicious Transaction Reporting

Also called TmeR (“Transaktionen mit erhoehtem Risiko”). We define fixed criteria that apply to all customers.

Examples:

• sudden increase in volume (monthly volume exceeding previous year’s, plus above 100,000 CHF)

https://bugs.taler.net/9639

Sanction Lists

When a new customer is onboarded, they are checked against a sanction list.

Three properties are set:

• SANCTION_LIST_BEST_MATCH identifies the position of the entry in the sanctions list that matches the new customer the best

• SANCTION_LIST_RATING is set to a numeric score [0,1] that identifies how well the available data matches (with 1.0 being a perfect match)

• SANCTION_LIST_CONFIDENCE is set to a numeric score [0,1] that indicates how confident we are that the rating is accurate, with 0 indicating no data available, and 1 indicating that all possible fields could be evaluated

• INVESTIGATION_STATE is set to INVESTIGATION_PENDING if the rating and confidence are sufficiently high

• INVESTIGATION_TRIGGER is set to SANCTION_LIST_MATCH

Finally, sanction list hits trigger one of two possible events:

• sanction-list-hit-account-frozen is set if the hit was so clear that the system immediately froze the account

• sanction-list-hit-partial-account-investigated is set if the hit requires the account to be investigated

Implementation Gaps

Auditing:

• For the yearly audit, it would be convenient (and probably also necessary) to show all information we have on an exchange AML account (=GwG file in VQF terminology) on a single, printable page.

Moving logic into the AML programs:

• For vqf_902_1_officer, it would be great if an AML program could check that required forms have actually been submitted.

• For MROS reporting, submission of the vqf_902_14 should run an AML program that sets the events/properties based on the form.

Open Questions

• Do we use Boolean attributes or always 'YES' | 'NO' to be extensible in the future?

• General forms question: Are attributes first stored and then validated or the other way around? If first stored: What if the AML program fails to run?

• We need a generic way to show INFO to a customer (e.g. asking for more documents)

FAQ

• Q: What’s the difference between the controlling entity and beneficiary owner?

  • A: Controlling entity: Natural person(s) with at least 25% ownership or voting rights (direct or indirect, alone or colletively). Beneficial owner: Natural person(s) who enjoy the benefits of ownership even though the title to some form of property is in another name.

• Q: How is the “file note” (German: “Aktennotiz”) handled?

  • A: Two ways: Each AML customer account can have a note as a property. For more complex notes (attachments, more sensitive information), a generic_note form should be submitted by the AML officer.

• Q: What’s the difference between simple/substantiated suspicion?

  A: Simple suspicion is a suspicion according to Art 305ter Abs. 2 StGB. It is a suspicion that may be reported (“Melderecht”). A substantiated suspicion is according to Art. 9 GwG and must be reported (“Meldepflicht”)

References

• Taler-Exchange AML flows (git, PDF)

• VQF forms (VQF Website)

• GANA form attributes (git)

• taler-typescript-core forms implementation (git)