Topic: Mt.Gox AML/KYC Process Explained (Read 11160 times)

Government kills!

Non-governmental terrorism, organized crime, and nut job mass shooters combined have a couple of hundred million in body count to go to match government as the number one cause of bulk megadeath.

The US government also conducted radiation experiments on its citizens without their knowledge or consent from the 50s throughout the early 70s according to the San Jose Mercury and LA Times.

Be nice to have the same transparency for BFL customers right?

In regards to a letter being sent by registered mail, the certificate provider StartSSL does that too. I have renewed my Class 2 validation with them a few times, and since I have no phone bill (employer pays it), I have had to get a registered letter sent from Israel every 2 years. It works great, and I think it's a good way to do it.

Hi All,

I apologise for the delayed response. I'll now answer what questions I can:

@Serge - A driver's license with printed address is fine as long as it was issued within the last 3 months. If not, we need an alternate form of proof of residence.

@Ente - Unfortunately, I cannot discuss the specific mechanisms which trigger an account flagging in detail for obvious reasons - making this information generally available would allow those who do want to perform illegal activities to find loopholes and fly just below the radar. I'm very sorry I can't give a better answer than this.

@Bruno - I'm unfortunately not that clever. In hindsight, it would have been far better to create this information thread on a Monday when I could respond to everyone in a timely manner. I'd also like to clarify that I'm very far removed from our PR department, and only created this thread to help explain to users how our AML process works, dispel some common misconceptions, and hopefully make my job easier by reducing the number of incorrectly submitted account verification requests.

Now, to answer your question specifically:

We do not allow users under 18 to use our service as per our ToS. With regards to Zhou Tong, I've discussed it with Zhou and he's very kindly allowed us to share his personal circumstances - in his case, we received written consent and documents from his parents so that he could continue to keep an account with us, as he did indeed create an account before we had our ToS.

@dancupid - Essentially, all personal information collected by us enters into the same "pool" of data, which is a secure data store where files are kept for 5 years as legally required. We can't delete records from here, unfortunately.

@Bitco - The Japanese requirements are fairly obtuse as they've been written specifically with Japanese citizens in mind. They basically boil down to:

• A valid photographic identification document must be collected and,
• A letter must be sent by registered mail to the user's address as proof of residence.

We are currently working on putting in place a system that will let users receive registered mail to prove their residential address, but for now we are collecting alternate forms of proof of residence documents. We are very sorry for the inconvenience. With regards to returning funds, we absolutely do return funds as soon as any AML investigation is completed, unless legally required to pass the funds onto law enforcement pending additional investigation. There is no situation in which Mt.Gox will keep customer funds for itself as part of an AML investigation.

@CryptoCoinMedia - We are currently looking at outsourcing and partially automating our AML operations, although this has more to do with efficiency than transparency. We'd be very happy to hear any opinions our users might have on this point, actually. Would you prefer to provide personal information to Mt.Gox directly, or a trusted third party?

I would finally like to thank repentance for the excellent information he has also been providing throughout both threads, which is always accurate and useful.

If anyone has any additional questions, please feel free to ask.

It's not exactly like that because there's nothing inherently illegal about pointing you to public information regarding the rules.  The FinCEN website is full of information about the rules, cases where people have been prosecuted a a result of data received by FinCEN and cases where FSPs have been fined for failing to comply with and enforce AML requirements (the last is especially interesting because it helps clarify FinCEN's actual expectations as opposed to vague, broad principles).

Similarly, AUSTRAC's website is also full of information about the various types of reports which need to be filed with them and under what circumstances.  There's nothing "secret" about the rules - there are entire sections of the website devoted to explaining them (this is necessary because the Act itself and the Rules Instrument are quite confusing).

If it seems like services often go above and beyond what is required by the relevant AML/CTF/KYC requirements, it's because the cases where service providers have been fined and/or prosecuted demonstrate that the regulating bodies expect a much higher level of customer identification and transaction monitoring than their "all about your obligations" type material for reporting entities first implies.

Here's a list of cases where service providers have been fined for not adequately complying with AML/CTF/KYC requirements.

http://www.fincen.gov/news_room/ea/

Notice that even though Western Union was compliant in reporting "bright line" suspicious activity, it was still fined for having inadequate systems in place to detect and report structuring.  Notice also that these fines have been applied as consent orders.  That basically means that the services are accepting the government's interpretation of their obligations as being legally correct.  The day will probably come when someone challenges such interpretations and the actual legal obligations of services are clarified by a court.  Until that happens, though, services will continue to be cautious because the consequences of getting the whole "risk-based assessment" thing wrong are so huge.

Here's a list of cases where FinCEN data has played a role in the prosecution of people for various financial crimes.  You'll notice that not all of these involve what people traditionally think of as "money laundering".  That's because many FATF member countries now regard using money from "any serious crime" as money laundering rather than specifying certain types of crimes as predicate offences.

http://www.fincen.gov/news_room/rp/sar_case_example_list.html?catid=00005

And here's a basic flow chart regarding ongoing customer due diligence requirements in Australia.

http://www.austrac.gov.au/img/ocdd_large.jpg

Here's a basic primer on reporting obligations and what triggers them in Australia.

http://www.austrac.gov.au/rg_9.html#ifti

http://www.austrac.gov.au/rg_9.html#faq

Oh oh oh... lord have mercy, do not go there, Galambo.  The defense of "If you don't have anything to hide, then why do you care if we invade your privacy?" will fall on deaf ears around here.  Not only is it complete crap as a defense, it's just plain wrong morally.

Lets take my example - I would like to avoid it - not because of anything illegal, I would just like to get my money in a timely fashion.  They can scrutinize my transactions all they want; they are perfectly legal.  However, I am out $26,000 (now $10,000) for more than a month for essentially nothing.  I've followed the protocols, sent in the required documents, etc... yet I can't access my money because I sent the wrong value amount for a transaction.  If I had sent a lesser amount or a different amount, then I'd already have my money.  Nothing illegal going on anywhere.

Yeah... the "If you've got nothing to hide" defense is not going to fly.

on the contrary.  i'm asking how to stay within the parameters of the law. 


stop making so many assumptions.  its very reasonable for anyone to want to know how to avoid unnecessary attention.

If you're not breaking the law, then why are you asking for advice on how to break the law? Which alone could put you in prison for 5 years.

Because you are a Bitcoin user I'm going to assume that the amounts of currency you deal in would never have any chance of triggering a CTR or SAR, ever, by itself. Why would you admit to successfully seeking advice from your bank on how to structure? Which, by the way, was likely only your bank humoring you and immediately writing up a SAR after you left.

you're assuming the worst.

i am, in fact, doing nothing illegal.  i, as a fully legal user of Bitcoin, am very interested in not attracting attention if i don't have to.  there's nothing wrong with wanting to fly under the radar.

do you, as a fully compliant taxpayer i assume, not mind undergoing an IRS audit if its not necessary?

That's not what your asking for.

You are asking for advice on how to evade the law when you are knowingly doing something illegal. Which, knowing what I know about governments, is illegal in every jurisdiction.

If you are not doing anything illegal then why do you care if a SAR gets filed?

In fact, if you are a "libertarian" you should be rejoicing that the government's databases are being filled with useless information.

according to this logic the State should just take down all Speed Limit signs on freeways and ticket all vehicles over the "allowed" MPH.

I think they make the rules up as they go ?

Yeah, I can see how that would work:

"Follow the rules!"
"What rules?"
"Sorry, as per rules, I'm not allowed to teach you."
"Oh, ok, fuck you."

Then they couldnt entrap people and confiscate their money 

You can't be seriously suggesting that merely learning about the state's arbitrary rules about money transactions is itself against their rules, can you?

As usual its the little guy that suffers, meanwhile the rampant criminality shown by wall st bankers continues to go unpunished.....

Since I don't know the laws of every country in the world I refrained from making a statement that claimed more knowledge than I possess. It's highly illegal in at least one jurisdiction.

You don't have to qualify that statement by saying "some" jurisdictions.

A great deal of this information is publicly available on the websites of FinCEN and other AML/CTF regulators.  Because it's such a complex area, there are even flow charts, Power Point presentations, and newsletters highlighting current trends.  There are also a great many summaries of cases which have been prosecuted using FinCEN data.

In some jurisdictions that is highly illegal.