Taler Operations Deployment ¶

Definitions / Glossary ¶

GwG: German “Geldwäschegesetz”, Swiss law regarding anti-money laundering
VQF: Verein für Qualitätssicherung im Finanzwesen, self-regulatory organization that Taler Operations AG is a member of and thus needs to stick to their rules
TmeR: German “Transaktion mit erhöhtem Risiko”, i.e. high-risk transactions
GmeR: “Geschäftsbeziehung mit erhöhtem Risiko”, i.e. high-risk business relationships
PEP: Politically exposed person
MROS: Money Laundering Reporting Office Switzerland
StGB: (Switzerland-specific:) Strafgesetzbuch, Swiss criminal law

Regulatory Requirements Introduction ¶

Regulatory requirements are set by VQF and detailed in their SRO-Regulation document. Our AML processes are based on their forms (“VQF Document Nr. 902.$x”).

High-Level Processes ¶

Establishing a Business Relationship ¶

A business relationship must be established if the thresholds of 15,000 CHF per year or 2,500 CHF per month are exceeded. The GNU Taler transaction system automatically records the transaction volumes and notifies the customer when a business relationship needs to be established. At this point, transactions are then frozen until the business relationship is established.
To do this, the customer must complete the corresponding VQF forms online and upload documents. The customer’s address is then verified by sending a PIN letter. The customer must also submit a certified copy of their ID by postal mail. This is then digitally and physically filed. Alternatively, an identity check can in principle also be carried out manually by TOPS employees on site (in person) at the customer’s premises. In this case, the ID copies must be signed by the TOPS employee.
New business relationships are checked against the current sanctions list. An automatic preliminary check takes place first, and suspected cases are then processed manually.
When all the required data has been provided, it is in any case checked manually by the AML officer. Finally, the AML officer must categorize the customer to to derive a risk profile. Based on the risk profile, risk-based rules are set for monitoring the business relationship. If the AML officer has concerns about the business, they escalate the case to the management as to whether the business relationship can be opened. The management can then make a final decision on acceptance or rejection.

Monitoring a Business Relationship ¶

For each business relationship, risk-based and customer-specific transaction limits are defined. If these are exceeded, an “alert” is automatically generated. These transactions must then be validated by the responsible customer consultant. All validated alerts are checked by the AML officer and either approved or returned to the customer consultant for further validation, or escalated to management for final decision-making or appropriate action.
Business relationships are periodically reviewed and updated. The following rhythm applies:
- every 5-7 years for low-risk business relationships
- every 2 years for high-risk business relationships
- annually for PEP relationships
The review includes the verification of identification documents and any supporting documents submitted when the business relationship was established. Likewise, the information in the customer profile and the transaction behavior during the duration of the business relationship are reviewed.
All business relationships are continuously and automatically checked against current sanctions lists, especially when a new sanctions list is available, without delay.
Regardless of the risk category and the corresponding review frequency, a business relationship must be reviewed if special circumstances arise, such as negative press reports, unusual transactions and activities, etc.

Terminating a Business Relationship ¶

A business relationship is automatically considered terminated if no transactions have been processed with the GNU Taler system for over 12 months.

Credit / Debit Restrictions ¶

Only Swiss IBANs (CH...) are allowed for both credit and debit transactions.

Initial Threshold Rules ¶

Withdrawal
- withdrawal-low: 200 CHF per month => measure sms-registration (or postal-registration)
- 2500 CHF per month => measure verboten
- 15000 CHF per year => measure verboten
Deposit:
- deposit-zero: 0 CHF => measure accept-tos
- 2500 CHF per month => measure kyx
- 15000 CHF per year => measure kyx
Aggregate:
- 2500 CHF per month => measure kyx
- 15000 CHF per year => measure kyx
Merge (p2p receive)
- merge-zero: 0 CHF => measure sms-registration (or postal-registration)
- 2500 CHF per month => measure verboten
- 15000 CHF per year => measure verboten

Measures ¶

Measures that ask for information:

sms-registration: Validate (Swiss) mobile phone number of customer via SMS TAN.
- On success:
  - Remove rule withdrawal-low
  - Remove rule merge-zero
postal-registration: Validate (Swiss) postal address of customer via snail mail with TAN.
- On success:
  - Remove rule withdrawal-low
  - Remove rule merge-zero
  - If arriving at the form via kyx measure, continue with manual check by AML officer.
accept-tos: Ask customer to accept terms of service.
- On success:
  - Remove rule deposit-zero
kyx: Allow customer to initiate KYC/KYC process via form vqf_902_1_customer.
- On success:
  - Follow-up with other VQF-forms, or
  - postal-registration to validate submitted address, or
  - if everything is done AML officer must proceed manually with plausibilization.
form-902.9: Allow customer fill out form to determine beneficiary owner.
- On success:
  - Possibly more forms triggered via kyx, or
  - postal-registration to validate submitted address, or
  - if everything is done AML officer must proceed manually with plausibilization.
form-902.11: Allow customer fill out form to determine controlling person.
- On success:
  - Possibly more forms triggered via kyx, or
  - postal-registration to validate submitted address, or
  - if everything is done AML officer must proceed manually with plausibilization.

Threshold Presets ¶

Threshold presets are presets that the AML officer can select after the verifying the customer’s documents and conducting a risk assessment.

Exact thresholds will depend on the busines type and risk and may be assigned fully individually. However, we have a few typical profiles:

E-commerce:
- Merge: 0 CHF / month
- Withdrawal: 0 CHF / month
- Deposit: 25000 CHF / month (high-value transactions with Taler are suspicious)
- Aggregate: 25000 CHF / month
Point-of-sale:
- Merge: 25000 CHF / month (peer-to-peer transfers may happen there)
- Withdrawal: 0 CHF / month
- Deposit: 25000 CHF / month (high-value transactions with Taler are suspicious)
- Aggregate: 25000 CHF / month

Properties ¶

FILE_NOTE :: Text:
- Current note on the GWG file.
CUSTOMER_LABEL :: Text
- Customer name or internal alias.
AML_ACCOUNT_OPEN :: Boolean
- Was this customer activated for deposit operations?
- Only set after merchant passes KYC
- We store this to know when to emit the (INCR|DECR)_ACCOUNT_OPEN and related events
AML_DOMESTIC_PEP :: Boolean
- Is the customer a domestic PEP?
AML_FOREIGN_PEP :: Boolean
- Is the customer a foreign PEP?
AML_INTERNATIONAL_ORG_PEP :: Boolean
- Is the customer a international org PEP?
AML_HIGH_RISK_CUSTOMER :: Boolean
- Is the customer classified as high-risk?
AML_HIGH_RISK_COUNTRY :: Boolean
- Is the customer associated with high-risk (VQF Dok. Nr. 902.4.1) country?
AML_ACCOUNT_IDLE :: Boolean
- The account has been marked as idle (typically by a batch process that checks for idle accounts).
AML_INVESTIGATION_STATE
- The MROS reporting state for the account.
- Values:
  - NONE / undefined: No MROS reporting for that account
  - INVESTIGATION_PENDING: Pending investigation. The AML officer should submit vqf_902_14 to conclude investigation. FIXME: Also have a form to start investigation?
  - INVESTIGATION_COMPLETED_WITHOUT_SUSPICION: Completed according to Art. 6 GwG
  - REPORTED_SUSPICION_SIMPLE: Reported under Art. 305 StGB (German “einfacher Verdacht”, simple suspicion)
  - REPORTED_SUSPICION_SUBSTANTIATED: Reported under Art. 9 GwG (German “begründeter Verdacht”, substantiated suspicion)

Events ¶

Account opening/closing:

INCR_ACCOUNT_OPEN / DECR_ACCOUNT_OPEN

PEP/Risk classification:

INCR_HIGH_RISK_CUSTOMER / DECR_HIGH_RISK_CUSTOMER
INCR_HIGH_RISK_COUNTRY / INCR_HIGH_RISK_COUNTRY
INCR_PEP / DECR_PEP
INCR_FOREIGN_PEP / DECR_FOREIGN_PEP
INCR_DOMESTIC_PEP / DECR_DOMESTIC_PEP
INCR_INTERNATIONAL_ORG_PEP / DECR_INTERNATIONAL_ORG_PEP

MROS Reporting (see AML_INVESTIGATION_STATE property):

MROS_REPORTED_SUSPICION_SIMPLE
MROS_REPORTED_SUSPICION_SUBSTANTIATED
INCR_INVESTIGATION_CONCLUDED / DECR_INVESTIGATION_CONCLUDED

After gathering initial information (vqf_902_1_officer), a letter with a PIN code is generated and sent to the customer. The customer needs to enter the PIN in the KYC SPA in order to validate their address. The letter also needs to ask the customer to send a certified copy of certain documents.

The KYC SPA should also specify which documents are still needed.

Implementation notes:

The letter is sent and generated via challenger
We keep track of required documents via an INFO measure, where the context is updated based on documents still required.

AML/KYC Forms ¶

The following subsections define the contents of the forms. The corresponding field names are registered via GANA. The the UI for the forms is defined in taler-typescript-core

generic_note ¶

Filled out by: AML Officer, customer

Purpose: Free-form note. Should be used instead of the FILE_NOTE when there are attachements or the note contains very sensitive information.

Form Demo: Link

Attributes:

NOTE_TEXT :: Text
SUPPLEMENTAL_FILES_LIST[].DESCRIPTION :: Text
SUPPLEMENTAL_FILES_LIST[].FILE :: File

generic_upload ¶

Filled out by: Customer

Purpose: Free-form upload. The type/name of the requested document is taken from the context.

Form Demo: Link

Context:

REQUESTED_FILE_TITLE
REQUESTED_FILE_DESCRIPTION

Attributes:

NOTE_TEXT :: Text
FILE :: File

vqf_902_1_customer ¶

Filled out by: AML Officer, customer

Purpose: Initial collection of basic attributes about customer during onboarding.

Form Demo: Link

Remarks:

We first ask for CUSTOMER_TYPE to know what type of basic information we need to ask. Only later in the form we ask for CUSTOMER_TYPE_VQF, which can be OTHER. We can’t combine those two fields, as for CUSTOMER_TYPE_VQF=OTHER we wouldn’t know what basic information to ask.

Attributes:

title TITLE_VQF_902_1_CUSTOMER
CUSTOMER_TYPE :: 'NATURAL_PERSON' | 'LEGAL_ENTITY'
when CUSTOMER_TYPE = 'NATURAL_PERSON' {
  FULL_NAME :: Text
  DOMICILE_ADDRESS :: Text
  CONTACT_PHONE :: Optional[Text]
  CONTACT_EMAIL :: Optional[Text]
  DATE_OF_BIRTH :: Date
  NATIONALITY :: Text
  PERSONAL_IDENTIFICATION_DOCUMENT_COPY :: DataUri
  CUSTOMER_IS_SOLE_PROPRIETOR :: Boolean
  when CUSTOMER_IS_SOLE_PROPRIETOR {
    COMPANY_NAME :: Optional[Text]
    REGISTERED_OFFICE_ADDRESS :: Optional[Text]
    LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY :: Optional[DataUri]
  }
}
when CUSTOMER_INFO_TYPE = 'LEGAL_ENTITY' {
  COMPANY_NAME :: Text
  DOMICILE_ADDRESS :: Text
  CONTACT_PERSON_NAME :: Optional[Text]
  CONTACT_PHONE :: Optional[Text]
  CONTACT_EMAIL :: Optional[Text]
  LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY :: DataUri
  ESTABLISHER_LIST[].FULL_NAME :: Text
  ESTABLISHER_LIST[].DOMICILE_ADDRESS :: Text
  ESTABLISHER_LIST[].DATE_OF_BIRTH :: Text
  ESTABLISHER_LIST[].NATIONALITY :: Text
  ESTABLISHER_LIST[].PERSONAL_IDENTIFICATION_DOCUMENT_COPY :: File
  ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE :: 'SINGLE' | 'COLLECTIVE_TWO' | 'OTHER'
  ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_TYPE :: 'CR' | 'MANDATE' | 'OTHER'
  ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_DOCUMENT_COPY :: File
  when (ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE = 'OTHER') {
    ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_OTHER :: Text
  }
}
CORRESPONDENCE_LANGUAGE :: 'en' | 'de' | 'fr' | 'it'
CUSTOMER_TYPE_VQF :: (
  'NATURAL' | 'OPERATIONAL' | 'FOUNDATION' |
  'TRUST' | 'LIFE_INSURANCE' | 'OTHER')

CUSTOMER_TYPE
- Type: Single choice
- Choices:
  - NATURAL_PERSON
    - Label DE: Die Vertragspartei ist eine natürliche Person
  - LEGAL_ENTITY
    - Label DE: Die Vertragspartei ist eine juristische Person
CUSTOMER_TYPE_VQF
- Description: Customer type according to the VQF classification.
- Type: Single Choice
- Choices::
  - NATURAL
    - Label DE: Die Vertragspartei ist eine natürliche Person und es bestehen keine Zweifel, dass diese selber an den Vermögenswerten wirtschaftlich berechtigt ist
    - Label EN: A natural person and there are no doubts that this person is the sole beneficial owner of the assets
  - OPERATIONAL
    - Label DE: … eine operative juristische Person oder Personengesellschaft
  - FOUNDATION
    - Label DE: … eine Stiftung (oder ein ähnliches Konstrukt; inkl. Underlying Companies).
  - TRUST
    - Label DE: … ein Trust (inkl. Underlying Companies)
  - LIFE_INSURANCE
    - Label DE: … eine Lebensversicherung mit separater Konto-/Depotführung (sog. Insurance Wrapper)
  - OTHER
    - Label DE: alle übrigen Fälle
FULL_NAME
- Description: Full name of the customer.
- Type: Single-line text
- Label EN: Name / First Name
- Label DE: Name/Vorname
DOMICILE_ADDRESS
- Description: Domicile address of the customer.
- Type: Multi-line text
- Label DE: Wohnsitzadresse
CONTACT_PHONE
- Description: Contact phone number of the customer.
- Type: Phone number (optional)
- Label DE: Telefon
CONTACT_EMAIL
- Description: Contact e-mail address of the customer.
- Type: E-Mail address (optional)
- Label DE: E-Mail
DATE_OF_BIRTH
- Description: Customer’s date of birth.
- Type: Date
- Label DE: Geburtstsdatum
NATIONALITY
- Description: Customer’s nationality (only for natural person).
- Type: Country code
- Label DE: Staatsangehörigkeit
PERSONAL_IDENTIFICATION_DOCUMENT_COPY
- Type: File upload (PDF).
- Label DE: Identification document
CUSTOMER_NATURAL_COMPANY_NAME
- Type: Single-line text
- Label DE: [Bei Inhabern von Einzelunternehmen (in Ergänzung zu oben):] Firma
REGISTERED_OFFICE_ADDRESS
- Type: Multi-line text
- Label DE: [Bei Inhabern von Einzelunternehmen (in Ergänzung zu oben):] Geschäftsadresse
LEGAL_ENTITY_IDENTIFICATION_DOCUMENT_COPY
- Type: File upload (PDF).
- Label DE: Identifizierungsdokument für Unternehmen
COMPANY_NAME
- Type: Single-line text
- Label DE: Firma
CONTACT_PERSON_NAME
- Type: Single-line text (optional)
- Label DE: Kontaktperson
CORRESPONDENCE_LANGUAGE
- Type: Single selection
- Choices: ISO 639-1 Alpha-2 language codes. Currently only en, de, fr and it are supported.
ESTABLISHER_LIST[].FULL_NAME
- Type: Single-line string
- Label DE: Name/Vorname
ESTABLISHER_LIST[].DOMICILE
- Type: Multi-line string
- Label DE: Wohnsitzadresse
ESTABLISHER_LIST[].NATIONALITY
- Type: ISO 3166 two-letter uppercase country code.
- Label DE: Staatsangehörigkeit
ESTABLISHER_LIST[].PERSONAL_IDENTIFICATION_DOCUMENT_COPY
- Type: File upload (PDF).
- Label DE: Identifikationsdokument
ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE
- Type: Single Choice
- Label DE: Art der Zeichnungs- oder Vertretungsberechtigung
- Required: yes
- Choices:
  - SINGLE
    - Label DE: Einzelunterschrift
  - COLLECTIVE_TWO
    - Label DE: Kollektiv zu zweit
  - OTHER
    - Label DE: Anderes
ESTABLISHER_LIST[].SIGNING_AUTHORITY_TYPE_OTHER
- Type: Single-line string
ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE
- Type: Single Choice
- Label DE: Kenntnisnahme der Bevollmächtigtenbestimmungen durch
- Choices:
  - CR
    - Label DE: Handelsregisterauszug
  - MANDATE
    - Label DE: Vollmacht
  - OTHER
    - Label DE: Anderes:
ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_OTHER
- Type: Single-line text
ESTABLISHER_LIST[].SIGNING_AUTHORITY_EVIDENCE_DOCUMENT_COPY
- Description: Attached document as evidence of the person’s signing authority.
- Type: File upload.

Strings

TITLE_VQF_902_1_CUSTOMER
- Identifizierungsformular (Kundenbasisdaten)

Measure after submission by customer: Depending on CUSTOMER_INFO_TYPE, the customer is asked to fill out another form:

NATURAL: No other form to fill out. A PIN letter will be directly sent to the customer.
OPERATIONAL: Form vqf_902_11
FOUNDATION: Form vqf_902_12
TRUST: Form vqf_902_13
LIFE_INSURANCE: Form vqf_902_15
OTHER: Form vqf_902_9

vqf_902_1_officer ¶

Filled out by: Only AML Officer

Prerequisites: vqf_902_1_customer (with follow-up form if required), vqf_902_5 and vqf_902_4 must have been submitted and checked.

Form Demo: Link

Differences from VQF form 902.1:

We do not ask for the type of correspondence service, but instead assume that correspondence is done via the Taler protocol or directly to the customer via postal mail.
We do not accept languages other than English, German and French
Section 6 (“Laufkunden/Kassageschäften”) is not applicable
Section 7 (“Beilagen”): The other forms must be filed by the AML officer before filing vqf_902_1_officer. In the future, this will be checked by an AML program that runs for the form submission.

Attributes:

ACCEPTANCE_DATE :: Date
ACCEPTANCE_METHOD :: (
  'FACE_TO_FACE' |
  'AUTHENTICATED_COPY' |
  'RESIDENTIAL_ADDRESS_VALIDATED')
ACCEPTANCE_FURTHER_INFO :: Optional[Text]
EMBARGO_TERRORISM_CHECK_RESULT :: 'LISTED' | 'NOT_LISTED'
EMBARGO_TERRORISM_CHECK_DATE :: Date
when EMBARGO_TERRORISM_INFO = 'LISTED' {
  EMBARGO_TERRORISM_INFO :: Text
}
SUPPLEMENTAL_FILES_LIST[].FILE :: File
SUPPLEMENTAL_FILES_LIST[].DESCRIPTION :: File

vqf_902_4 ¶

Filled out by: AML officer only

Purpose: The AML officer uses this form to document the risk profile of a customer.

Form Demo: Link

Differences from VQF form

“LÄNDERRISIKO (Zahlungsverkehr)” does not apply, since we only accept Swiss customers
“PRODUKTRISIKO (Art der vom Kunden verlangten Dienstleistungen und Produkte) does not apply, since we do not offer customized products/services.

Attributes:

PEP_FOREIGN :: Boolean
PEP_DOMESTIC :: Boolean
PEP_INTERNATIONAL_ORGANIZATION :: Boolean
when (PEP_DOMESTIC or PEP_INTERNATIONAL_ORGANIZATION) {
  PEP_HIGH_RISK :: Boolean
}
when PEP_FOREIGN or PEP_HIGH_RISK {
  PEP_ACCEPTANCE_DATE :: Date
}
HIGH_RISK_COUNTRY :: Boolean
when HIGH_RISK_COUNTRY {
  HIGH_RISK_ACCEPTANCE_DATE :: Date
}
// FIXME: Unclear if this is single-choice or multiple-choice
COUNTRY_RISK_NATIONALITY_TYPE :: List[
 'NATIONALITY_CUSTOMER' | 'NATIONALITY_OWNER' |
 'DOMICILE_CUSTOMER' | 'DOMICILE_OWNER' |
 'DOMICILE_CONTROLLING']
COUNTRY_RISK_NATIONALITY_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
// FIXME: Unclear if this is single-choice or multiple-choice
COUNTRY_RISK_BUSINESS_TYPE :: List['CUSTOMER' | 'OWNER']
COUNTRY_RISK_BUSINESS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
COUNTRY_RISK_PAYMENTS_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
INDUSTRY_RISK_TYPE :: 'CUSTOMER' | 'OWNER'
INDUSTRY_RISK_LEVEL :: (
  'TRANSPARENT' | 'HIGH_CASH_TRANSACTION' |
  'NOT_WELL_KNOWN' | 'HIGH_RISK_TRADE' | 'UNKNOWN_INDUSTRY')
CONTACT_RISK_LEVEL :: 'LOW' | 'MEDIUM' | 'HIGH'
RISK_RATIONALE :: Text
RISK_CLASSIFICATION_LEVEL :: 'HIGH_RISK' | 'NO_HIGH_RISK'
when RISK_CLASSIFICATION_LEVEL = 'HIGH_RISK' {
  HIGH_RISK_ACCEPTANCE_DATE :: Date
}

PEP_FOREIGN
- Type: Checkbox
- Label DE: Ist die Vertragspartei, der wirtschaftlich Berechtige resp. Kontrollinhaber oder der Bevollmächtigte ein ausländischer PEP oder steht er einem solchen nahe?
PEP_DOMESTIC
- Type: Checkbox
- Label DE: Ist die Vertragspartei, der wirtschaftlich Berechtigte resp. Kontrollinhaber oder der Bevollmächtigte ein inländischer PEP
PEP_INTERNATIONAL_ORGANIZATION
- Type: Checkbox
- Label DE: Ist die Vertragspartei, der wirtschaftlich Berechtigte resp. Kontrollinhaber oder der Bevollmächtigte ein PEP bei internationalen Organisationen oder steht er einem solchen nahe?
PEP_HIGH_RISK
- Type: Checkbox
- Label DE: Ist ein Risikokriterium aus diesem Formular erfüllt?
- VQF form original label: Ist ein Risikokriterium gemäss Ziff. 3 nachfolgend erhöht?
PEP_ACCEPTANCE_DATE
- Type: Date
- Label DE: Die Zustimmung des obersten Geschäftsführungsorgans zur Aufnahme einer Geschäftsbeziehung mit einem PEP wurde eingeholt am:
COUNTRY_RISK_NATIONALITY_TYPE
- Type: Multi-choice
- Label DE: LÄNDERRISIKO (Nationalität)
- Choices:
  - NATIONALITY_CUSTOMER
    - Label DE: [Staatsangehörigkeit] Vertragspartei
  - NATIONALITY_OWNER
    - Label DE: [Staatsangehörigkeit] An Vermögenswerten wirtschaftlich berechtigte Person
  - DOMICILE_CUSTOMER
    - Label DE: [Sitz/Wohnsitz] Vertragspartei
  - DOMICILE_CONTROLLING
    - Label DE: [Sitz/Wohnsitz] Kontrollinhaber
  - DOMICILE_OWNER
    - Label DE: [Sitz/Wohnsitz] an Vermögenswerten wirtschaftlich berechtigte Personen
COUNTRY_RISK_NATIONALITY_LEVEL
- Type: Single choice
- Choices:
  - LOW
    - Label DE: Risiko 0 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)
  - MEDIUM
    - Label DE: Risiko 1 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)
  - HIGH
    - Label DE: Risiko 2 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)
COUNTRY_RISK_BUSINESS_TYPE
- Type: Multi-choice
- Label DE: LÄNDERRISIKO (Geschäftstätigkeit)
- Choices:
  - CUSTOMER
    - Label DE: [Ort der Geschäftstätigkeit] Vertragspartei
  - OWNER
    - Label DE: [Ort der Geschäftstätigkeit] an Vermögenswerten wirtschaftlich berechtigte Person
COUNTRY_RISK_BUSINESS_LEVEL
- Type: Single choice
- Choices:
  - LOW
    - Label DE: Risiko 0 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)
  - MEDIUM
    - Label DE: Risiko 1 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)
  - HIGH
    - Label DE: Risiko 2 gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)
INDUSTRY_RISK_TYPE
- Type: Multi-choice
- Label DE: BRANCHENRISIKO
- Choices:
  - CUSTOMER
    - Label DE: [Art der Geschäftstätigkeit] Vertragspartei
  - OWNER
    - Label DE: [Art der Geschäftstätigkeit] an Vermögenswerten wirtschaftlich berechtigte Person
INDUSTRY_RISK_LEVEL
- Type: Single choice
- Choices:
  - TRANSPARENT
    - Label DE: Dem Mitglied gut bekannte, klar um rissene, transparente und einfach verständliche Geschäftstätigkeit
  - HIGH_CASH_TRANSACTION
    - Label DE: Geschäftstätigkeit mit hohen Bargeldtransaktionen
  - NOT_WELL_KNOWN
    - Label DE: Dem Mitglied eher unbekannte Tätigkeit
  - HIGH_RISK_TRADE
    - Label DE: Waffen-/Rüstungshandel, Rohedelsteine- und Diamantenhandel, Schmuckhandel, internationaler Handel mit exotischen Tieren, Casino- und Lotteriegewerbe, Erotikgewerbe
  - UNKNOWN_INDUSTRY
    - Label DE: Keinerlei persönliche Kenntnisse des Mitglieds zur Branche der Vertragspartei
CONTACT_RISK_LEVEL
- Type: Multi-choice
- Label DE: KONTAKTRISIKO: Kontaktformen zur Vertragspartei/an Vermögenswerten wirtschaftlich berechtigten Person
- Choices:
  - LOW
    - Label DE: Persönliche Bekanntschaft zwischen Mitglied und Vertragspartei/an Vermögenswerten wirtschaftlich berechtigter Person vor Geschäftsaufnahme seit mehreren Jahren (min. 2 Jahre)
  - MEDIUM
    - Label DE: Vertragspartei/an Vermögenswerten wirtschaftlich berechtigte Person war dem Mitglied vor Geschäftsaufnahme nicht seit mehreren Jahren (min. 2 Jahre) persönlich bekannt, aber (a) keine Geschäftsaufnahme unter Abwesenden oder (b) zumindest Einführung/Vermittlung des Kunden durch eine Vertrauensperson
  - HIGH
    - Label DE: Vertragspartei/an Vermögenswerten wirtschaftlich berechtigte Person persönlich unbekannt und Geschäftsaufnahme unter Abwesenden (Korrespondenzbeziehung) sowie keine Einführung/Vermittlung des Kunden durch eine Vertrauensperson
RISK_RATIONALE
- Type: Multi-line text
- Label DE: Begründung für abweichende Risikobewertung
HIGH_RISK
- Type: Checkbox (yes/no)
- Label DE: [Risikoklassifizierung] Geschäftsbeziehung mit erhöhtem Risiko
HIGH_RISK_ACCEPTANCE_DATE
- Type: Checkbox (yes/no)
- Label DE: Die Zustimmung einer vorgesetzten Person / Stelle oder der Geschäftsführung zur Aufnahme einer Geschäftsbeziehung mit erhöhtem Risiko wurde eingeholt am:

vqf_902_5 ¶

Filled out by: AML officer only

Purpose: Customer profile

Form Demo: Link

Differences from VQF form:

Attributes:

BIZREL_PROFESSION :: Text
BIZREL_FINANCIAL_CIRCUMSTANCES :: Text
BIZREL_ORIGIN_NATURE :: Text
BIZREL_ORIGIN_AMOUNT :: Text
BIZREL_ORIGIN_CATEGORY :: List[
  'SAVINGS' | 'OWN_BUSINESS' |
  'INHERITANCE' | 'OTHER']
when BIZREL_ORIGIN_CATEGORY contains 'OTHER' {
  BIZREL_ORIGIN_CATEGORY_OTHER :: Text
}
BIZREL_ORIGIN_DETAIL :: Text
BIZREL_PURPOSE :: Text
BIZREL_DEVELOPMENT :: Text
BIZREL_FINANCIAL_VOLUME :: Text
BIZREL_FINANCIAL_BENEFICIARIES_FULL_NAME :: Text
// (end FIXME)
BIZREL_THIRDPARTY_RELATIONSHIP :: Text
BIZREL_THIRDPARTY_AMLA_FILES :: Text
BIZREL_THIRDPARTY_REFERENCES :: Text
BIZREL_FURTHER_INFO :: Text

BIZREL_PROFESSION
- Type: Multi-line text
- Label DE: [Geschäftliche Aktivitäten] Beruf, geschäftliche Aktivitäten etc. (frühere, aktuelle, evtl. geplante)
BIZREL_FINANCIAL_CIRCUMSTANCES
- Type: Multi-line text
- Label DE: [Finanzielle Verhältnisse] Einkommen und Vermögen, Verpflichtungen (geschätzt)
BIZREL_ORIGIN_NATURE
- Type: Multi-line text
- Label DE: [Herkunft der eingebrachten Vermögenswerte] Art, Betrag und Währung der eingebrachten Vermögenswerte
BIZREL_ORIGIN_CATEGORY
- Type: Multiple choice
- Label DE: [Herkunft der eingebrachten Vermögenswerte] Art, Betrag und Währung der eingebrachten Vermögenswerte
- Choices:
  - SAVINGS
    - Label DE: Ersparnis
  - OWN_BUSINESS
    - Label DE: Eigener Geschäftsbetrieb
  - INHERITANCE
    - Label DE: Erbschaft
  - OTHER
    - Label DE: Anderes, was?
BIZREL_ORIGIN_CATEGORY_OTHER
- Type: Multi-line text
- Label DE: Andere Herkunft:
BIZREL_ORIGIN_DETAIL
- Type: Multi-line text
- Label DE: [Herkunft der eingebrachten Vermögenswerte] Detaillierte Beschreibung der wirtschaftlichen Herkunft der in die Geschäftsbeziehung eingebrachten Vermögenswerte
BIZREL_PURPOSE
- Type: Multi-line text
- Label DE: Zweck des Geschäfts- bzw. der Geschäftsbeziehung
BIZREL_DEVELOPMENT
- Type: Multi-line text
- Label DE: Angaben über die geplante Entwicklung der Geschäftsbeziehung und der Vermögenswerte
BIZREL_VOLUME
- Type: Multi-line text
- Label DE: Insbesondere bei Kassa-, Geld- und Wertübertragungsgeschäften mit Stammkunden: (1) Angaben zum üblichen Geschäftsvolumen (2) Angaben zu den Begünstigten (Name, Vorname, Adresse, Bankverbindung)
BIZREL_THIRDPARTY_RELATIONSHIP
- Type: Multi-line text
- Label DE: Beziehung der Vertragspartei zu wirtschaftlich berechtigten Personen, Kontrollinhaber, Begünstigten, Bevollmächtigten und weiteren in die Geschäftsbeziehung involvierten Personen
BIZREL_THIRDPARTY_AMLA_FILES
- Type: Multi-line text
- Label DE: Verbindungen zu anderen GwG-Files
BIZREL_THIRDPARTY_REFERENCES
- Type: Multi-line text
- Label DE: Introducer / Vermittler / Referenzen
BIZREL_FURTHER_INFO
- Type: Multi-line text
- Label DE: Sonstige aus Sicht des Mitglieds relevante Informationen

vqf_902_9 ¶

Filled out by: AML officer or customer

Purpose: Establish the identity of the beneficial owner.

Form Demo: Link

Differences from VQF form 902.9:

The VQF form can only be filled out by the customer. We also allow the AML officer to fill out this form, but then require an attached version signed by the customer.

Attributes:

SUBMITTED_BY :: 'AML_OFFICER' | 'CUSTOMER'
info DECL_BENEFICIAL_OWNER
CONTRACTING_PARTY :: String
BENEFICIAL_OWNER_LIST[].FULL_NAME :: String
BENEFICIAL_OWNER_LIST[].BIRTHDATE :: Date
BENEFICIAL_OWNER_LIST[].DOMICILE :: AddressString
BENEFICIAL_OWNER_LIST[].NATIONALITY :: CountryCodeString
when SUBMITTED_BY = 'AML_OFFICER' {
  ATTACHMENT_SIGNED_DOCUMENT :: File
}
when SUBMITTED_BY = 'CUSTOMER' {
  info NOTICE_WRONG_DECLARATION
  SIGN_NAME :: String
  SIGN_DATE :: Date
}
info NOTICE_CHANGES

SUBMITTED_BY
- Type: Single choice
- Choices:
  - AML_OFFICER
    - Description: AML officer submits the form In this case, a scanned document signed by the contracting party must be attached.
  - CUSTOMER
    - Description: The customer submits the form. In that case, the customer vouches for correctness by inputting their name and date of signing.
CONTRACTING_PARTY
- Type: Multi-line text
- Label EN: Contracting party (name and address)
- Label DE: Vertragspartner (Name und Adresse)
BENEFICIAL_OWNER_LIST[].FULL_NAME
- Type: Single line text
- Label DE: Name, Vorname
BENEFICIAL_OWNER_LIST[].BIRTHDATE
- Type: Date entry
- Label DE: Geburtsdatum
BENEFICIAL_OWNER_LIST[].NATIONALITY
- Type: Country code
- Label DE: Nationalität
BENEFICIAL_OWNER_LIST[].DOMICILE
- Type: Multi-line text
- Label DE: Effektive Wohnsitzadresse
SIGN_NAME
- Type: Single-line text
- Label EN: Signed by:
- Label DE: Unterzeichnet von:
SIGN_DATE
- Type: Single-line text (pre-filled with current date)
ATTACHMENT_SIGNED_DOCUMENT
- Label DE: Scan des vom Kunden unterschriebenen Formulars.

Strings:

DECL_BENEFICIAL_OWNER
- DE: Der Vertragspartner erklärt hiermit, dass die nachfolgend aufgeführte(n) Person(en) an den in die Geschäftsbeziehung eingebrachten Vermögenswerten wirtschaftlich berechtigt ist/sind. Ist der Vertragspartner selber allein an diesen Vermögenswerten wirtschaftlich berechtigt, so sind nachstehend seine Personalien festzuhalten:
NOTICE_WRONG_DECLARATION:
- DE: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Handlung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs).
NOTICE_CHANGES
- DE: Der Vertragspartner verpflichtet sich, Änderungen jeweils unaufgefordert mitzuteilen.

Others:

When filled out by the customer, the form must contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law.

vqf_902_11 ¶

Filled out by: Customer or AML officer on behalf of customer.

Purpose: Determine the controlling person of an operational legal entity or partnership.

Form Demo: Link

Differences from VQF form 902.11:

The VQF form can only be filled out by the customer. We also allow the AML officer to fill out this form, but then require an attached version signed by the customer.

Attributes:

title TITLE_VQF_902_11
info INFO_VQF_902_11
SUBMITTED_BY :: 'AML_OFFICER' | 'CUSTOMER'
CONTRACTING_PARTY :: Text
CONTROL_REASON :: 'HAS_25_MORE_RIGHTS' | 'OTHER_WAY' | 'DIRECTOR'
CONTROLLING_LIST[].FULL_NAME :: Text
CONTROLLING_LIST[].DOMICILE :: Text
THIRD_PARTY_OWNERSHIP :: Boolean
when SUBMITTED_BY = 'AML_OFFICER' {
  ATTACHMENT_SIGNED_DOCUMENT :: File
}
when SUBMITTED_BY = 'CUSTOMER' {
  info NOTICE_WRONG_DECLARATION
  SIGN_NAME :: String
  SIGN_DATE :: Date
}

SUBMITTED_BY
- Type: Single choice
- Choices:
  - AML_OFFICER
    - Description: AML officer submits the form In this case, a scanned document signed by the contracting party must be attached.
  - CUSTOMER
    - Description: The customer submits the form. In that case, the customer vouches for correctness by inputting their name and date of signing.
CONTRACTING_PARTY
- Type: Multi-line text
- Label EN: Contracting party (name and address)
- Label DE: Vertragspartner (Name und Adresse)
CONTROLLING_LIST[].LEVEL
- Type: Single choice
- Label DE: Der Vertragspartner erklärt hiermit, (das Zutreffende ankreuzen) …
- Choices:
  - HAS_25_MORE_RIGHTS
    - Label DE: … dass die nachfolgend aufgeführte(n) Person(en) am Vertragspartner Anteile (Kapitals- oder Stimmrechtsanteile) von 25 % oder mehr halten
  - OTHER_WAY
    - Label DE: … falls die Kapitals- oder Stimmrechtsanteile nicht festgestellt werden können oder falls keine Kapitals- oder Stimmrechtsanteile von 25% oder mehr bestehen, erklärt der Vertragspartner hiermit, dass die nachträglich aufgeführte Person(en) auf andere Weise die Kontrolle über den Vertragspartner ausübt/ausüben;
  - DIRECTOR
    - Label DE:
      
      … falls auch diese Person(en) nicht festgestellt werden kann/können, oder diese Person(en) nicht besteht/bestehen, erklärt der Vertragspartner, dass die nachfolgend aufgeführte(n) Person(en) die Geschäftsführung ausüben.
CONTROLLING_LIST[].FULL_NAME
- Type: Single line text
- Label DE: Name, Vorname
CONTROLLING_LIST[].BIRTHDATE
- Type: Date entry
- Label DE: Geburtsdatum
CONTROLLING_LIST[].DOMICILE
- Type: Multi-line text
- Label DE: Effektive Wohnsitzadresse
THIRD_PARTY_OWNERSHIP
- Type: Choice yes/no
  - Label DE: Ist eine Drittperson an den auf dem Konto/Depot liegenden Vermögenswerten wirtschaftlich berechtigt?
- Choices:
  - false
    - Label DE: Nein
  - true
    - Label DE: Ja. => Die entsprechenden Angaben zur wirtschaftlichen Berechtigung sind durch das Ausfüllen eines separaten Formulars VQF Dok Nr. 902.9 zu erheben.
SIGN_NAME
- Type: Single-line text
- Label EN: Signed by:
- Label DE: Unterzeichnet von:
SIGN_DATE
- Type: Single-line text (pre-filled with current date)
ATTACHMENT_SIGNED_DOCUMENT
- Label DE: Scan des vom Kunden unterschriebenen Formulars.

Strings

NOTICE_WRONG_DECLARATION:
- DE: Die vorsätzliche Angabe falscher Informationen in diesem Formular ist eine strafbare Hand lung (Urkundenfälschung gemäss Artikel 251 des Schweizerischen Strafgesetzbuchs).
TITLE_VQF_902_11
- DE: Feststellung des Kontrollinhabers an nicht operativ tätigen juristischen Personen und Personengesellschaften (K)
INFO_VQF_902_11
- DE: (bei operativ tätigen juristischen Personen und Personengesellschaf ten als Vertragspartner sowie sinngemäss bei operativ tätigen juristischen Personen und Personengesellschaf ten als wirtschaf tlich Berechtigte)

Measure after submission from the customer: If CONTROLLING_ENTITY_THIRD_PERSON is true, vqf_902_9 needs to be filled out.

Others:

When filled out by the customer, the form must contain a notice that filling this form with incorrect information is a punishable offence (document forgery) according to Swiss law.

vqf_902_12 ¶

Purpose: Declaration for foundations.

This form will not be supported for the TOPS MVP. Foundations will either not be accepted as customers or the AML officer will need to submit a PDF form.

vqf_902_13 ¶

Purpose: Declaration for trusts.

This form will not be supported for the TOPS MVP. Trusts will either not be accepted as customers or the AML officer will need to submit a PDF form.

vqf_902_14 ¶

Filled out by: AML officer only.

Purpose: Special clarifications regarding the customer. This form is filled out by at the initiative of the AML officer or in response to an alert.

Form Demo: Link

Attributes:

INCRISK_REASON :: Text
INCRISK_MEANS :: 'GATHERING' | 'CONSULTATION' | 'ENQUIRIES' | 'OTHER'
when INCRISK_MEANS_OTHER = 'OTHER' {
  INCRISK_MEANS_OTHER :: Text
}
INCRISK_SUMMARY :: Text
INCRISK_DOCUMENTS :: Text
INCRISK_RESULT :: (
  'NO_SUSPICION' | 'SUBSTANTIATED_SUSPICION' |
  'SIMPLE_SUSPICION' | 'OTHER')
if INCRISK_REASON = 'OTHER' {
  INCRISK_RESULT_OTHER :: Text
}

INCRISK_REASON
- Type: Free-form, multi-line text.
- Label DE: [Grund für die besonderen Abklärungen] Beschreibung der Umstände/Transaktionen, die zu den besonderen Abklärungen geführt haben
INCRISK_MEANS
- Type: Single choice
- Choices:
  - GATHERING
    - Label DE: Einholen Auskunft von Vertragspartei, an Vermögenswerten wirtschaftlich berechtigten Person, Kontrollinhaber
  - CONSULTATION
    - Label DE: Konsultation öffentlicher Quellen und Datenbanken
  - ENQUIRIES
    - Label DE: Erkundigung bei vertrauenswürden Dritten (z.B. Depotbank)
  - OTHER
    - Label DE: Andere, welche?
- Label DE: Verwendete Mittel zur Abklärung
INCRISK_MEANS_OTHER
- Type: Free-form, multi-line text
- When: INCRISK_MEANS = 'OTHER'
- Label DE: Erklärung zu anderem Mittel
INCRISK_SUMMARY
- Type: Fee-form, multi-line text.
- Label DE: Zusammenfassung und Plausibilisierung der eingeholten Informationen (=> Die Ergebnisse der Abklärungen sind zu dokumentieren und auf ihre Plausibilisierung zu überprüfen.)
INCRISK_DOCUMENTS
- Type: Fee-form, multi-line text.
- Label DE: Eingeholte/eingesehene Unterlagen
INCRISK_RESULT
- Type: Single Choice
- Choices:
  - NO_SUSPICION
    - Label DE: Sachverhalt konnte plausibilisiert werden, kein begründeter Verdacht nach Art. 9 GwG (evtl. Anpassung Kun- denprofil (VQF Dok. Nr. 902.5) und/oder Risikoprofil (VQF Dok. Nr. 902.4))
  - REASONABLE_SUSPICION
    - Label DE: Begründeter Verdacht nach Art. 9 GwG, Meldepflicht an MROS
  - SIMPLE_SUSPICION
    - Label DE: Einfacher Verdacht nach Art. 305ter Abs. 2 StGB, Melderecht an MROS
  - OTHER
    - Label DE: Anderes, was?
INCRISK_RESULT_OTHER
- Type: Free-form, multi-line text
- When: INCRISK_RESULT = 'OTHER'
- Label DE: Erklärung zu anderem Verdacht

vqf_902_15 ¶

Purpose: Declaration for life insurance companies.

This form will not be supported for the TOPS MVP. Life insurance companies will either not be accepted as customers or the AML officer will need to submit a PDF form

Derived Properties and Events (AML Officer)¶

When the AML officer submits a form, the AML SPA will derive some pre-defined properties and events from the filled-in form attributes. The AML Officer can change (override) these derived properties and events.

Assumptions:

Properties are always calculated only based on new attributes and the previous properties. They are never calculated from older attribute collections or the current rules.

The AML officer can always override derived properties or events.

In the future, we might derive rules from properties, but we don’t do that right now.

The derivation is defined in pseudo-code. The following special variables/functions are available:

oldProps: Previous properties of the account (before the decision)
newProps: New properties of the account (i.e. the derived properties)
form: Form attributes of the AML form submitted by the AML officer
emit(evt): Function that marks an event as emitted
propBecameTrue(prop): Helper predicate that returns true iff a property was false or undefine before (in oldProps) and is now true (in newProps).
propBecameFalse(prop): Helper predicate that returns true iff a property was true before (in oldProps) and is now false or undefined (in newProps).

vqf_902_1_officer ¶

Properties:

newProps.AML_ACCOUNT_OPEN = true;

Events:

if (propBecameTrue(AML_ACCOUNT_OPEN)) {
  emit(INCR_ACCOUNT_OPEN);

  const isPep = (
    newProps.AML_FOREIGN_PEP ||
    newProps.AML_DOMESTIC_PEP ||
    newProps.AML_INTERNATIONAL_ORG_PEP
  );

  if (isPep) {
    emit(INCR_PEP);
  }

  if (newProps.AML_FOREIGN_PEP) {
    emit(INCR_FOREIGN_PEP);
  }

  if (newProps.AML_DOMESTIC_PEP) {
    emit(INCR_DOMESTIC_PEP);
  }

  if (newProps.AML_INTERNATIONAL_ORG_PEP) {
    emit(INCR_INTERNATIONAL_ORG_PEP);
  }

  if (newProps.AML_HIGH_RISK_CUSTOMER) {
    emit(INCR_HIGH_RISK_CUSTOMER);
  }

  if (newProps.AML_HIGH_RISK_COUNTRY) {
    emit(INCR_HIGH_RISK_COUNTRY);
  }
}

vqf_902_4 ¶

properties:

newProps.AML_FOREIGN_PEP = form.PEP_FOREIGN;
newProps.AML_DOMESTIC_PEP = form.PEP_DOMESTIC;
newProps.AML_INTERNATIONAL_ORG_PEP = form.PEP_INTERNATIONAL_ORGANIZATION;
newProps.AML_HIGH_RISK_CUSTOMER = form.RISK_CLASSIFICATION_LEVEL == "HIGH_RISK";
newProps.AML_HIGH_RISK_COUNTRY = form.COUNTRY_RISK_NATIONALITY_LEVEL == "HIGH";

Events:

if (oldProps.AML_ACCOUNT_OPEN) {
  if (propBecameTrue(AML_FOREIGN_PEP) {
    emit(INCR_FOREIGN_PEP);
  }
  if (propBecameTrue(AML_DOMESTIC_PEP) {
    emit(INCR_INTERNATIONAL_ORG_PEP);
  }
  if (propBecameTrue(AML_DOMESTIC_PEP) {
    emit(INCR_DOMESTIC_PEP);
  }
  if (propBecameFalse(AML_FOREIGN_PEP) {
    emit(DECR_FOREIGN_PEP);
  }
  if (propBecameFalse(AML_DOMESTIC_PEP) {
    emit(DECR_INTERNATIONAL_ORG_PEP);
  }
  if (propBecameFalse(AML_DOMESTIC_PEP) {
    emit(DECR_DOMESTIC_PEP);
  }
  const wasPep = (
    oldProps.AML_DOMESTIC_PEP ||
    oldProps.AML_FOREIGN_PEP ||
    oldProps.AML_INTERNATIONAL_ORG_PEP);
  const isPep = (
    newProps.AML_DOMESTIC_PEP ||
    newProps.AML_FOREIGN_PEP ||
    newProps.AML_INTERNATIONAL_ORG_PEP);
  if (wasPep && !isPep) {
    emit(DECR_PEP);
  }
  if (!wasPep & isPep) {
    emit(INCR_PEP);
  }
  if (propBecameTrue(AML_HIGH_RISK)) {
    emit(INCR_HIGH_RISK);
  }
  if (propBecameFalse(AML_HIGH_RISK)) {
    emit(DECR_HIGH_RISK);
  }
}

vqf_902_14 ¶

Properties:

if (INCRISK_RESULT == "SIMPLE_SUSPICION") {
  newProps.AML_INVESTIGATION_STATE = "REPORTED_SUSPICION_SIMPLE";
} else if (INCRISK_RESULT == "SUBSTANTIATED_SUSPICION") {
  newProps.AML_INVESTIGATION_STATE = "REPORTED_SUSPICION_SUBSTANTIATED";
} else if (INCRISK_RESULT == "NO_SUSPICION") {
  newProps.AML_INVESTIGATION_STATE = "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION";
} else if (INCRISK_RESULT == "OTHER") {
  newProps.AML_INVESTIGATION_STATE = "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION";
} else {
  not_reached();
}

Events:

if (oldProps.AML_INVESTIGATION_STATE == "NONE" ||
    oldProps.AML_INVESTIGATION_STATE == "INVESTIGATION_PENDING" ||
    oldProps.AML_INVESTIGATION_STATE == null) {
  if (newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SIMPLE" ||
      newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SUBSTANTIATED" ||
      newProps.AML_INVESTIGATION_STATE == "INVESTIGATION_COMPLETED_WITHOUT_SUSPICION") {
    emit(INCR_INVESTIGATION_CONCLUDED);
  }
  if (newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SUBSTANTIATED")
    emit(MROS_REPORTED_SUSPICION_SUBSTANTIATED);
  }
  if (newProps.AML_INVESTIGATION_STATE == "REPORTED_SUSPICION_SIMPLE")
    emit(MROS_REPORTED_SUSPICION_SIMPLE);
  }
}

Derived Properties and Events (Customer/KYC forms)¶

When the customer submits an AML form, the AML program that checks the form can also derive properties and events.

Examples for this are:

When the customer selects a correspondence language, a property could be set to store the correspondence language.
When the customer fills out a form that requires the AML officer to check the form, a property could be used to indicate which manual verification from the AML officer is still pending.

TBD: Spec this fully

Reporting ¶

GwG File List ¶

VQF requires a list of all open and closed GwG files. To satisfy this requirement, we need a table of all AML accounts with the following colums (see VQF 902.8):

File number (for us, probably the payto hash sufficies, otherwise we need to take some row ID)
Contracting party (internal alias is also okay, but we don’t have an internal alias anyway)
Notes
PEP status (yes/no)
Creation date
Closing date

Event Reporting (VQF)¶

The VQF self-declaration contains the following questions that we need to answer with statistics derived via events:

Original German Text:

3. Anzahl der betreuten GwG-Files

3.1. GwG-Files für dauernde Geschäftsbeziehungen (gemäss Art. 7 lit. b SRO-Reglement)

3.1.1. Anzahl der am 01.01.20XX betreuten GwG-Files

3.1.2. Zwischen 01.01.20XX und 31.12.20XX hinzugekommene GwG-Files

3.1.3. Anzahl der während des Jahres 20XX betreuten GwG-Files
(Relevante Zahl für die jährliche GwG-File Gebühr / Jahresrechnung)

3.1.4. Zwischen 01.01.20XX und 31.12.20XX beendigte GwG-Files

3.1.5. Anzahl der am 31.12.20XX betreuten GwG-Files (gerechnet ab dem 01.01.20XX)

4. Angaben zu Kundenstruktur, Produkten, Betriebsstruktur

4.1. Führten Sie im Jahre 2024 Geschäftsbeziehungen mit erhöhtem Risiko (Art. 58 SRO-Reglement)?

4.2. Falls bei Ziff. 4.1 mit "Ja" geantwortet, bei wie vielen davon handelt es
sich um politisch exponierte Personen (PEP)? (nummerische Anzahl)

4.3. Wie viele von den genannten PEP sind ausländische PEP?
(nummerische Anzahl)

4.4. Falls bei Ziff. 4.1 mit "Ja" geantwortet, wie viele weitere
(zusätzlich zu den in Ziff. 4.2 / PEP genannten)
Geschäftsbeziehungen mit erhöhten Risiken führten Sie?
(nummerische Anzahl)

4.5. Total der Geschäftsbeziehungen mit erhöhtem Risiko

4.6. Führten Sie im Jahre 2024 Geschäftsbeziehungen mit
Vertragspartnern oder wirtschaftlich berechtigten Personen mit
Nationalität oder Domizil/Sitz in einem Land mit Risikostufe
"High" gemäss VQF-Länderliste (VQF Dok. Nr. 902.4.1)?

5. Meldungen an die Meldestelle (MROS)

5.1. Meldepflicht (Art. 9 Abs. 1 GwG) (nummerische Anzahl)
5.2. Melderecht (Art. 305ter Abs. 2 StGB) (nummerische Anzahl)
5.3. Total der an die Meldestelle (MROS) und den VQF erfolgten MROS-Meldungen


English Translation

TBD.

Based on this, we have the following statistics:

Number of open accounts on January 1st (self-declaration 3.1.1)
- Implemementation: evtcount(INCR_ACCOUNT_OPEN, start=0, end=jan_first_20xx) - evtcount(DECR_ACCOUNT_OPEN, start=0, end=jan_first_20xx)
Number of newly opened accounts between 01.01.20XX and 31.12.20XX (self-declaration 3.1.2.)
- Implemementation: evtcount(INCR_ACCOUNT_OPEN, start=jan_first_20xx, end=dec_last_20xx)
Number of AML files managed during the year 20XX (self-declaration 3.1.3.)
- All accounts ever opened except the ones that were closed before 20xx
- Implemementation: evtcount(INCR_ACCOUNT_OPEN, start=0, end=dec_last_20xx) - evtcount(DECR_ACCOUNT_OPEN, start=0, end=jan_first_20xx)
Number of AML files closed between 01.01.20XX and 31.12.20XX (self-declaration 3.1.4)
- Implemementation: evtcount(DECR_ACCOUNT_OPEN, start=jan_first_20xx, end=dec_last_20xx)
Were there business relationships in the year 20XX with high risk? (self-declaration 4.1)
- Implementation: evtcount(INCR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) - evtcount(DECR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) > 0
Of those, how many were with PEPs? (self-declaration 4.2.)
- Implementation: evtcount(INCR_PEP, start=0, end=dec_last_20xx) - evtcount(DECR_PEP, start=0, end=dec_last_20xx)
Of those PEPs, how many were with foreign PEPs? (self-declaration 4.3.)
- Implementation: evtcount(INCR_FOREIGN_PEP, start=0, end=dec_last_20xx) - evtcount(DECR_FOREIGN_PEP, start=0, end=dec_last_20xx)
Number of other additional (other than PEPs and foreign PEPs) high-risk business relationships in 20XX (self-declaration 4.4.)
- Implementation: Difference between 4.5. and 4.2
Number of high-risk business relationship n total in 20xx (self-declaration 4.5.)
- Implementation: evtcount(INCR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx) - evtcount(DECR_HIGH_RISK_CUSTOMER, start=0, end=dec_last_20xx)
Number of reports (substantiated suspicion) to MROS during 20xx (self-declaration 5.1)
- Implementation: evtcount(REPORTED_SUSPICION_SUBSTANTIATED, range=year_20xx)
Number of reports (simple suspicion) to MROS during 20xx (self-declaration 5.2)
- Implementation: evtcount(REPORTED_SUSPICION_SIMPLE, range=year_20xx)
Total number of reports to MROS during 20xx (self-declaration 5.3)
- Implementation: evtcount(REPORTED_SUSPICION_SIMPLE, range=year_20xx) + evtcount(REPORTED_SUSPICION_SUBSTANTIATED, range=year_20xx)

Event Reporting (TOPS)¶

The following event-based statistics are custom-defined by us and shown in the AML officer dashboard.

Number of accounts that are opened:
- Implementation: evtcount(INCR_ACCOUNT_OPEN) - evtcount(DECR_ACCOUNT_OPEN)
Number of new GwG files in the last year.
- Implementation: evtcount(INCR_ACCOUNT_OPEN, range=last_year)
Number of GwG files closed in the last year
- Implementation: evtcount(DECR_ACCOUNT_OPEN), range=last_year)
- Note: we only close GwG files after 1 year of inactivity, so implementation not exactly pressing …
Number of GwG files of high-risk customers
- Implementation: evtcount(INCR_HIGH_RISK) - evtcount(INCR_HIGH_RISK)
Number of GwG files managed with “increased risk” due to PEP status
- Implementation: evtcount(INCR_PEP) - evtcount(DECR_PEP)
Number of MROS reports based on Art 9 Abs. 1 GwG (per year)
- Implementation: evtcount(MROS_REPORTED_SUSPICION_SUBSTANTIATED, range=last_year)
Number of MROS reports based on Art 305ter Abs. 2 StGB (per year)
- Implementation: evtcount(MROS_REPORTED_SUSPICION_SIMPLE, range=last_year)
Number of customers involved in proceedings for which Art 6 GwG did apply
- Implementation: evtcount(INCR_INVESTIGATION, range=last_year)

Suspicious Transaction Reporting ¶

Also called TmeR (“Transaktionen mit erhoehtem Risiko”). We define fixed criteria that apply to all customers.

Examples:

sudden increase in volume (monthly volume exceeding previous year’s, plus above 100,000 CHF)

https://bugs.taler.net/9639

Sanction Lists ¶

When a new customer is onboarded, they are checked against a sanction list.

FIXME: How is this refleced in the forms? Or is it a property?

https://bugs.taler.net/n/9053

Implementation Gaps ¶

Auditing:

For the yearly audit, it would be convenient (and probably also necessary) to show all information we have on an exchange AML account (=GwG file in VQF terminology) on a single, printable page.

Moving logic into the AML programs:

For vqf_902_1_officer, it would be great if an AML program could check that required forms have actually been submitted.
For MROS reporting, submission of the vqf_902_14 should run an AML program that sets the events/properties based on the form.

Open Questions ¶

Do we use Boolean attributes or always 'YES' | 'NO' to be extensible in the future?
General forms question: Are attributes first stored and then validated or the other way around? If first stored: What if the AML program fails to run?
We need a generic way to show INFO to a customer (e.g. asking for more documents)

FAQ ¶

Q: What’s the difference between the controlling entity and beneficiary owner?
- A: Controlling entity: Natural person(s) with at least 25% ownership or voting rights (direct or indirect, alone or colletively). Beneficial owner: Natural person(s) who enjoy the benefits of ownership even though the title to some form of property is in another name.
Q: How is the “file note” (German: “Aktennotiz”) handled?
- A: Two ways: Each AML customer account can have a note as a property. For more complex notes (attachments, more sensitive information), a generic_note form should be submitted by the AML officer.
Q: What’s the difference between simple/substantiated suspicion?

A: Simple suspicion is a suspicion according to Art 305ter Abs. 2 StGB. It is a suspicion that may be reported (“Melderecht”). A substantiated suspicion is according to Art. 9 GwG and must be reported (“Meldepflicht”)

References ¶

Taler-Exchange AML flows (git, PDF)
VQF forms (VQF Website)
GANA form attributes (git)
taler-typescript-core forms implementation (git)