Abstract

Sanctions, Know Your Customer (KYC), and Anti-Money Laundering (AML) risk refer to the potential for non-compliance with regulatory requirements, exposure to sanctioned entities or countries, and involvement in illicit financial activities. Given the open nature of the blockchain space and Endaoment’s core values and commitment to compliance, it is essential to establish clear processes for adhering to KYC/AML policies and addressing erroneous or maliciously broadcast blockchain transactions. Effective management of these risks is critical to maintaining our 501(c)(3) status, ensuring regulatory compliance, and upholding the trust of our stakeholders and donors.

Policy Statement

Endaoment is committed to providing regulatory-compliant accounts for approved and KYC’d users while preventing any non-compliant activity from sanctioned entities. We manage sanctions, KYC, and AML risks through regular compliance analysis, operational hardness testing, and legal reviews. Our approach includes stringent verification processes, continuous monitoring of transactions, and adherence to practices that prevent involvement with sanctioned individuals or entities. Additionally, we maintain comprehensive incident reporting procedures to ensure timely and effective responses to any compliance breaches or suspicious activities. Compliance with this policy is mandatory for all employees, contractors, board members, and representatives acting on behalf of Endaoment.

Risk Management Strategy

Risk Assessment

  1. Sanctions Screening
    • Automatically review all transactions in real-time against the current list of Office of Foreign Assets Control (OFAC) sanctioned wallets.
    • Conduct OFAC screenings for all third parties and potential employees during onboarding and periodically thereafter.
  2. KYC Verification
    • Endaoment reserves the right to implement KYC procedures for donors as needed, which may include collecting information such as full names and residential addresses for tax and compliance purposes.
    • For donations at or above $100,000 USD equivalent, Endaoment will apply a level of scrutiny appropriate to the donation amount, conducting any necessary checks to ensure compliance and security, as is deemed necessary by the Board and Executive Team.
    • Customer due diligence and enhanced due diligence will be conducted at Endaoment’s discretion to verify the identity and authenticity of donors when deemed necessary.
  3. AML Monitoring
    • Continuously monitor transactions for suspicious activity based on velocity, pattern recognition, and suspect restrictions.
    • Employ advanced analytics to detect and prevent money laundering activities.

Risk Mitigation

  1. Regular Compliance Analysis
    • Perform ongoing compliance assessments to ensure adherence to KYC and AML regulations.
    • Update compliance protocols in response to evolving regulatory requirements and industry best practices.
  2. Operational Hardness Testing
    • Conduct regular operational hardness testing to evaluate the resilience of our KYC/AML systems against potential threats and vulnerabilities.
  3. Legal Review Processes
    • Engage legal experts to review policies, procedures, and transactions to ensure full compliance with relevant laws and regulations.
  4. Transaction Monitoring and Reporting
    • Implement robust transaction monitoring systems to detect and report suspicious activities promptly.
    • Maintain detailed records of all transactions and compliance activities to facilitate audits and regulatory reviews.

Operational Controls

Policies and Procedures

  • Documentation
    • All sanctions, KYC, and AML policies and procedures are thoroughly documented, with both internal and external-facing components where relevant.
  • Annual Review
    • Conduct an annual review of policies, updating them as necessary to reflect current best practices and regulatory changes.

Specific Sanctions, KYC, and AML Controls

  1. OFAC Screening
    • Automatically review all transactions in real-time against the OFAC sanctioned wallets list.
    • Conduct screenings for all third parties and potential employees during onboarding and periodically thereafter.
  2. KYC Screening
    • Require donors to provide full names and residential addresses to complete tax forms.
    • For anonymous gifts of $250,000 USD equivalent or more, implement mandatory KYC/AML checks and follow-ups.
    • Utilize donor information for tax receipt issuance and on all relevant tax documentation.
  3. Transaction Monitoring
    • Automatically review all transactions in real-time.
    • Manually review any suspicious activity based on velocity, pattern recognition, and suspect restrictions.
  4. Multisignature Wallet Use
    • Regularly confirm the integrity and operational security of all multisignature wallets used by staff on a monthly basis.
  5. Compliance Standards for Vendor Management
    • Implement stringent controls and regular reviews of vendor relationships to ensure compliance with Endaoment’s sanctions, KYC, and AML standards.
  6. Complaints Process & Communications Monitoring
    • Establish documented procedures for responding to all expressions of dissatisfaction from any source.
    • Ensure timely escalation of complaints, inclusion of contact details, and responses within two weeks.
  7. Codeowner Review Controls
    • Maintain control of the Control Owners Module to oversee governance-related code and ensure compliance with internal standards.
  8. ADA Compliance
    • Ensure all policies are created with ADA compliance in mind and follow WCAG 2.1 guidelines.
    • Train employees on ADA guidelines, particularly those involved in the hiring process, to ensure proper accommodations are made.

Segregation of Roles

  • Segregation of Duties
    • Ensure that critical sanctions, KYC, and AML procedures and systems have segregated duties to prevent any single individual from having full control over any process without oversight.
  • Approval Processes
    • Maintain segregated claim diligence and approval processes to uphold checks and balances.