Bit2Go

Laws & Regulations

Last Updated: April 11, 2025

Anti-Money Laundering (AML) Policy

As a money services business registered and operating in the United States, Bit2go is committed to ensuring that our operations are not used for money laundering, terrorist financing, or other illegal activities. This policy is established and implemented in accordance with the U.S. Bank Secrecy Act, the USA PATRIOT Act, and the requirements of the Financial Crimes Enforcement Network (FinCEN), forming a strict AML compliance program. We will continuously evaluate and improve our AML policy to ensure compliance with the latest regulatory requirements.

1. Scope of Application

This Anti-Money Laundering policy applies to all company employees, agents, partners, and any third parties engaged in business related to the company, including but not limited to customers, business affiliates, and contractors. The company is committed to complying with all applicable anti-money laundering laws and regulations in all jurisdictions where it operates.

2. Legal Basis

This AML policy is formulated and implemented in compliance with the following key laws, regulations, and guidelines:

Bank Secrecy Act: This act requires financial institutions, including MSBs, to identify and report money laundering and other suspicious activities, ensuring effective compliance and monitoring systems.

USA PATRIOT Act: Especially Sections 315 and 326, which require financial institutions to enhance customer due diligence, identify suspicious transactions, and conduct risk assessments on all customers.

FinCEN Regulations: FinCEN requires MSBs to register, report, and maintain records to ensure transparency in financial transactions and assist in preventing the flow of illicit funds.

3. Definitions of Money Laundering and Terrorist Financing

3.1 Definition of Money Laundering

Money laundering is the process of converting illegally obtained proceeds into seemingly legitimate funds through a series of transactions, thereby concealing their origin and legitimizing them. It may involve various types of criminal activities, including drug trafficking, fraud, embezzlement, and corruption. Through money laundering, criminals aim to turn 'dirty money' into 'clean money' usable for legitimate purposes.

3.2 The Three Stages of Money Laundering

Money laundering generally consists of three key stages: Placement, Layering, and Integration.

Placement Stage: This is the initial stage of money laundering, involving the introduction of illegally obtained funds into the legitimate financial system. This is typically done through:

Depositing cash into bank accounts;

Purchasing high-value assets such as real estate, luxury goods, or artwork;

Making large bets at casinos and then legitimizing the 'winnings';

Masking the source of funds through fictitious business transactions.

Layering Stage: This stage involves creating a complex web of financial transactions to move funds across multiple accounts, countries, or investment vehicles, dispersing the money and obscuring its origin. The purpose of layering is to make the source of funds difficult to trace. Common methods include:

Multiple international wire transfers;

Buying and selling financial instruments (e.g., stocks, bonds);

Creating shell or fake companies to conduct transactions;

Using cryptocurrency for anonymous transfers.

Layering is the core of the money laundering process, where criminals repeatedly use complex transactions to disguise the illicit origin of the funds.

Integration Stage: At this point, the funds have become difficult to trace due to layering. Criminals reintroduce the 'cleaned' money into the economy as legitimate income. This can be done through:

Investing in legitimate businesses or real estate;

Purchasing legal financial products;

Falsifying loans or contracts to legitimize the funds;

Engaging in large-scale business transactions or investments.

3.3 Common Methods of Money Laundering

Cash-intensive businesses: Launderers may use or control businesses with high cash flow (such as restaurants or gas stations) to mix illicit funds with legitimate income.

Trade-based laundering: Using fake invoices or inflating the value of goods to disguise fund transfers.

Fake loans or investments: Criminals may use fictitious loan agreements or investment structures to legalize funds and direct them back to themselves.

Cryptocurrency: Due to its anonymity, cryptocurrency has become a new avenue for laundering. Criminals can convert illegal funds into virtual assets via crypto transactions.

3.4 Definition of Terrorist Financing

Terrorist financing refers to the direct or indirect provision of funds to terrorist organizations or for terrorist activities. These funds may originate from legal or illegal sources, with the distinction being their use—to support terrorism. Unlike money laundering, the funds involved in terrorist financing are not necessarily illegally obtained and may come from donations, legitimate businesses, or even government sources.

The goal of terrorist financing is to provide resources for terrorist organizations to conduct operations, recruit members, procure weapons, and spread ideology. Therefore, even if the source of funds is legal, terrorist financing is still subject to strict enforcement due to the illegal use of those funds.

3.5 Process of Terrorist Financing

Fundraising: Terrorist financing sources are diverse and include:

Legal sources: Legitimate income such as personal donations, funds from charitable organizations, and business profits. These sources make terrorist financing harder to detect and trace.

Illegal sources: Drug trafficking, kidnapping and extortion, arms smuggling, and counterfeit goods trading.

Government or international aid: In some cases, terrorist organizations may gain access to public or aid funds through corruption or deception.

Funds Transfer: Terrorists use various methods to move funds globally to avoid detection. Common methods include:

International remittances through banks or financial institutions;

Using unregulated remittance systems such as the Hawala network to bypass traditional banking channels;

Anonymous transfers via cryptocurrency;

Channeling funds through charities or non-profit organizations.

Use of Funds: The ultimate goal of terrorist financing is to purchase weapons, support terrorist acts, promote extremist ideologies, recruit personnel, train militants, and build infrastructure.

3.6 Unique Challenges of Terrorist Financing

Mix of legal and illegal funds: Terrorist financing often involves legitimate business income or personal donations, making it hard to distinguish from lawful financial activity.

Small and frequent transactions: Terrorist financing often uses small sums to avoid large transaction monitoring systems, making detection more difficult.

Cross-border networks and informal systems: Terrorists use global financial networks and informal systems (like Hawala) or underground banking to transfer funds quickly, anonymously, and without trace.

Unpredictable fund flows: Unlike money laundering, terrorist financing does not always return to the organization, but is used directly to fund acts of terror, making the final destination of the funds hard to anticipate or control.

3.7 Common Channels of Terrorist Financing

Fake charitable organizations: Terrorists use fraudulent charities or NGOs to solicit donations and funnel funds to terrorist groups.

Illegal trade: Terrorist groups engage in drug, weapon, and counterfeit goods trafficking to generate funds.

Criminal activities: Kidnapping, extortion, and blackmail are common fundraising tactics used by terrorist organizations.

Money laundering: Terrorists may also launder money to legitimize illegal proceeds and support terrorist operations.

4. Anti-Money Laundering Compliance Program

4.1 Designation of an AML Compliance Officer

At the core of the AML compliance program is the designation of an experienced and empowered AML Compliance Officer. The officer’s responsibilities include:

Duties and Authority: Responsible for implementing and managing the AML program, ensuring all business operations comply with relevant regulations and internal policies. Reports directly to senior management to ensure the effectiveness and enforcement of AML policies. Maintains communication with regulatory agencies (such as FinCEN) to ensure the company is informed of and complies with the latest regulatory changes. Evaluates and updates the company’s AML policies and adjusts measures based on evolving risks.

Training and Knowledge: The Compliance Officer must undergo comprehensive AML training and possess sufficient knowledge and experience in financial regulations, understanding the complexities of the financial system, common money laundering techniques, and how to identify suspicious activities. The officer should also receive regular external training to keep up with the latest regulatory changes and money laundering threats.

4.2 Customer Due Diligence (CDD)

Customer due diligence is a critical step to prevent the company from transacting with individuals or institutions involved in money laundering or terrorist financing. CDD includes identifying the customer’s identity, assessing the customer’s risk level, and continuously monitoring their transaction behavior. Specific steps include:

Identity Verification (KYC): Before establishing any business relationship, the company must verify the customer's identity. This typically includes collecting government-issued identification documents (such as passports, ID cards, driver's licenses) and verifying their address. For legal entities, the company must verify the Beneficial Owner to ensure understanding of who ultimately controls the company and its funds.

Risk Assessment: The company should assess the customer’s risk based on factors such as business type, geographic location, and transaction volume. High-risk customers may include Politically Exposed Persons (PEPs), customers from high-risk countries, or those conducting large volumes of cash transactions. Enhanced Due Diligence (EDD) should be applied to high-risk customers, including more frequent monitoring and investigation into the source of funds.

Ongoing Monitoring: The company must continuously monitor customer transactions to ensure they are consistent with the customer's business and risk profile. If abnormal behavior is detected or inconsistent with known information, further investigation should be undertaken. Ongoing monitoring also requires regularly updating customer due diligence information, especially for high-risk customers, to ensure the company maintains up-to-date information.

4.3 Enhanced Due Diligence (EDD)

Enhanced due diligence primarily applies to customers or transactions identified as high risk and generally includes the following additional steps:

Source of Funds Investigation: For high-risk customers, the company must obtain more detailed information regarding the source and intended use of funds. For example, if the customer is a business, the company should understand its revenue sources, main clients, and fund flow.

Additional Identity Verification: The company may require the customer to provide additional identification documents or background information to verify their identity.

Increased Transaction Monitoring Frequency: The company will monitor the customer’s transactions more frequently to identify suspicious behavior. Special attention must be given to large cash transactions or frequent cross-border transfers.

Special Attention to High-Risk Countries and Industries: The company will pay particular attention to transactions related to high-risk countries (such as those listed on FinCEN’s sanctions list) or high-risk industries (such as gambling or cryptocurrency trading).

4.4 Suspicious Activity Monitoring and Reporting

Financial institutions must monitor all transactions to identify potential money laundering and terrorist financing activities and submit reports when suspicious activities are detected. Key elements of transaction monitoring and reporting include:

Transaction Monitoring Systems: The company should deploy transaction monitoring systems to analyze transaction behavior in real-time and identify potential money laundering activities. These systems automatically flag large or frequent transactions, transactions involving high-risk countries, and structuring behaviors (intended to avoid currency transaction reporting thresholds).

Suspicious Activity Report (SAR): If suspicious activity is identified, the Compliance Officer is responsible for submitting a SAR to the Financial Crimes Enforcement Network (FinCEN). The report must be submitted within 30 days of identifying the suspicious activity. SAR filings are confidential and legally protected; the company must not inform the customer or any related parties about the submission.

Currency Transaction Report (CTR): When cash transactions exceeding $10,000 are received or processed in a single day, the company must submit a CTR to FinCEN detailing the transaction. Monitoring and reporting cash transactions help reduce the risk of money laundering through large cash operations.

4.5 Recordkeeping

Recordkeeping is a vital component of AML compliance. Under U.S. law, financial institutions must retain all relevant due diligence and transaction records to ensure traceability during regulatory investigations.

Retention Period: According to the Bank Secrecy Act, the company must retain all AML-related records for at least five years. This includes customer due diligence documents, transaction records, and copies of SARs and CTRs.

Content to Retain: Customer Identity Verification Documents: All materials related to KYC and EDD. Transaction Records: Detailed information of all large or suspicious transactions. Internal Audit and Compliance Review Records: Including audit reports, compliance checks, and documentation of corrective actions.

Electronic and Paper Storage: The company must ensure that records are properly stored and can be archived electronically or in paper format, and be readily accessible when needed.

4.6 Employee Training

Regular employee training is essential to ensure that all employees understand and can effectively implement AML policies. The training should cover the following areas:

Training Content: Definitions and impacts of money laundering and terrorist financing; how to identify potential suspicious activities and common techniques; usage of transaction monitoring systems; how to handle and submit Suspicious Activity Reports (SARs) and Currency Transaction Reports (CTRs); updates on the latest laws, regulations, and internal policies.

Training Frequency: All employees, especially frontline staff (e.g., relationship managers, transaction processors), must receive AML training at least once a year. New employees should receive specialized AML training upon onboarding.

Assessment and Evaluation: The company should regularly assess employees’ understanding of AML policies to ensure they can apply them correctly in practice.

4.7 Independent Audit and Compliance Testing

To ensure the effectiveness of the AML compliance program, the company must arrange regular independent audits and internal compliance testing. These tests help identify weaknesses or gaps in policy implementation and enable timely improvements.

Independent Audit: Conducted by an independent third-party organization or the internal audit department to thoroughly review the AML program and ensure all processes and procedures meet regulatory requirements. Audit reports should be submitted directly to senior management to ensure compliance recommendations are promptly implemented.

Compliance Testing: The company should regularly conduct internal compliance testing, simulating suspicious transaction scenarios to ensure the AML system can effectively identify and handle such transactions.

4.8 Senior Management Support and Governance

The successful implementation of the AML compliance program relies on the support of senior management. Senior management must ensure the AML policies are adequately resourced and that the Compliance Officer has sufficient authority to manage AML work.

Board Responsibilities: The Board should regularly review AML policies and procedures to ensure they meet the latest regulatory requirements and make necessary adjustments based on audit reports and compliance reviews.

Resource Allocation: Management must provide sufficient human, technical, and financial resources for the AML compliance program to ensure effective operation of systems and training.

5. Risk-Based Approach

5.1 Overview of the Risk-Based Approach

The Risk-Based Approach (RBA) refers to the practice where MSBs design and implement AML procedures based on the risk levels associated with customers, transactions, and geographic locations. Its core principle is to assess risks, prioritize high-risk customers and activities, and apply appropriate control measures to mitigate those risks. Compared to a 'one-size-fits-all' compliance approach, this method offers greater flexibility and targeting, enabling companies to manage resources more efficiently and prevent financial crimes.

5.2 Legal Basis and Regulatory Requirements

Under the U.S. Bank Secrecy Act (BSA) and the Patriot Act, MSBs are required to establish comprehensive AML programs that include a risk-based approach. FinCEN specifically mandates that cryptocurrency-related MSBs must adopt appropriate AML controls based on the nature and risk level of their business. Key regulatory requirements include:

Bank Secrecy Act (BSA): Requires MSBs to implement effective AML programs to identify and report suspicious activities.

Patriot Act: Requires financial institutions to conduct due diligence on customers, especially applying stricter scrutiny to high-risk customers.

FinCEN Guidelines: Specify that cryptocurrency-related MSBs must perform customer identity verification (KYC) and conduct ongoing transaction monitoring and risk assessments.

5.3 Key Elements of Risk Assessment

Under the risk-based approach, MSBs need to identify and assess risks associated with cryptocurrency transactions, mainly in the following areas:

Customer Risk:

Customer Identity Verification (KYC): Identifying and verifying customers' identities is the foundation of RBA. Special attention should be paid to:

High-net-worth individuals, especially those unable to provide proof of the source of funds.

Politically Exposed Persons (PEPs) or their family members and close associates.

Customers from high-risk countries or regions (e.g., those under international sanctions or non-cooperative in AML efforts).

Customer Background and Transaction Purpose: Understand the customer's economic background, source of funds, transaction purposes, and whether they align with the declared identity. MSBs should investigate further if the customer's behavior does not match their stated identity.

Transaction Risk:

Large or Frequent Transactions: Large transactions or multiple small transactions within a short time (structured transactions) may indicate money laundering. MSBs should set monitoring thresholds and alert mechanisms based on customers’ transaction histories, amounts, and frequency.

Anonymous Transactions: Using transaction methods that do not provide identity information (such as certain decentralized exchanges) increases money laundering and terrorist financing risks. MSBs should closely monitor such transactions and prioritize reviewing behaviors that may bypass AML policies.

Cross-border Transactions: Cryptocurrency transactions often span multiple jurisdictions with varying regulatory environments, especially involving high-risk or unregulated countries. MSBs must pay special attention to customers who frequently conduct cross-border transactions or transfer large cross-border funds.

Geographic Risk:

High-Risk Countries: FinCEN and FATF (Financial Action Task Force) publish lists of high-risk countries, including sanctioned states and those with weak AML systems, which form a core part of geographic risk assessment. Customers or transactions associated with these countries require special attention.

Regional Payment Systems: MSBs should consider regional payment habits and cryptocurrency usage. For example, in some countries, cryptocurrency is commonly used to bypass capital controls, increasing transaction risks.

5.4 Indicators of Suspicious Transactions or High-Risk Behavior

a. High-Risk Indicators in Customer Behavior

Anonymous or Pseudonymous Accounts: Customers registering with false or incomplete identity information, or using unverifiable email addresses and phone numbers. This behavior may indicate an attempt to conceal true identity and evade AML monitoring.

Use of Virtual Private Networks (VPNs) or proxy servers to hide the customer's actual geographic location.

Unwillingness to Provide Required Identity Information (KYC): Customers refusing or delaying the submission of necessary identity verification documents, or providing false or inconsistent information during the KYC process.

Politically Exposed Persons (PEPs): PEPs or individuals closely related to PEPs are generally considered high-risk customers due to their greater exposure to corruption or embezzlement. Their sources of funds should be subject to enhanced due diligence and monitoring.

Customers from High-Risk Countries: Customers whose residence or transaction origin is linked to countries or regions designated by FinCEN or FATF as high-risk, which may lack effective AML and CFT controls or be under international sanctions.

Sudden Large Transactions: A significant change in a customer’s transaction behavior, such as initiating large transactions without a prior history and being unable to provide a reasonable explanation.

Customer accounts receiving large fund inflows followed by rapid outflows, especially involving conversions between multiple cryptocurrencies.

b. High-Risk Indicators in Transaction Patterns

Frequent Structuring: Customers deliberately breaking up large transactions into multiple smaller ones to avoid regulatory scrutiny. In crypto transactions, this often involves repeated small transfers to obscure actual fund flows.

Structuring is often used to avoid currency transaction reports (CTR) by staying under legal reporting thresholds.

Complex and Non-transparent Transaction Paths: Customers move funds through multiple wallets, various cryptocurrencies, or exchanges to fragment and obscure the fund source. Such layering is a classic money laundering method aimed at making fund origins difficult to trace.

High-Frequency Cross-Border Transactions: Customers frequently engage in international transfers, particularly involving high-risk countries, which may indicate money laundering or terrorist financing.

Large Crypto-to-Fiat Conversions: Customers frequently convert large amounts of cryptocurrency into fiat currency or vice versa, especially if funds are switched rapidly between exchanges. This may signal money laundering, particularly if no clear transaction purpose is provided.

Transactions Involving Privacy Coins: Customers frequently using privacy coins (such as Monero or Zcash), which are difficult to trace due to their anonymizing features. These coins are commonly used in money laundering and terrorist financing, and MSBs should pay special attention to large or frequent transactions involving them.

c. Other High-Risk Indicators

Suspicious Activity by Cryptocurrency Exchanges: Anomalous behavior from crypto exchanges, such as large, rapid fund flows without clear commercial justification. These exchanges may be used for money laundering, especially decentralized exchanges (DEXs), where traditional AML procedures can be bypassed.

Customer Unable to Explain Source of Funds: When questioned, customers fail to provide reasonable explanations or evidence for their source of funds, particularly when inconsistent with their occupation or income level.

Sudden Spike in Account Activity: Dormant accounts suddenly receive large fund inflows or show high-frequency activity, especially multiple large crypto transfers in a short time. This may indicate account takeover or unauthorized use for laundering or illicit fund transfers.

Addresses Linked to Dark Web Transactions: Customer crypto addresses or behaviors are associated with known darknet markets or illegal trading platforms, especially those involved in drug trafficking, illegal weapons trade, or other criminal activity.

Business Models Associated with High Risk: Certain business models or industries are closely associated with high-risk activities, such as online gambling, adult services, or crypto lending platforms.

6. Restricted Customers

6.1 Customers Related to Sanctioned Countries or Regions

Individuals or entities on the OFAC sanctions list

Individuals or entities listed by the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC), including terrorist organizations, criminals, foreign government officials, etc.

Customers from sanctioned countries

Individuals or businesses from countries or regions sanctioned by the United States, including but not limited to:

North Korea, Iran, Syria, Crimea region, Cuba, Venezuela

Customers linked to terrorist organizations

Customers associated with known terrorist organizations or individuals and groups sanctioned by the United Nations, OFAC, and other international bodies.

Individuals or entities involved in terrorist financing activities or providing financial support to terrorist organizations.

6.2 Customers Whose Identity Cannot Be Verified or Who Refuse Verification

Anonymous customers:

Customers using false or unverifiable identity information, registering under aliases, or concealing their real identity through Virtual Private Networks (VPNs).

Customers who refuse to provide identity verification information:

Customers who refuse or fail to provide valid proof of identity, address, or source of funds during the Know Your Customer (KYC) process.

6.3 Customers Associated with High-Risk Industries or Illegal Activities

Dark web market users:

Customers engaged in illegal transactions through known dark web markets (e.g., Silk Road, AlphaBay), particularly transactions involving drugs, weapons, counterfeit goods, or explicit content.

Customers using cryptocurrency mixing services:

Customers who use cryptocurrency tumblers or mixers to obscure the origin of transactions. Such services are often used to launder money and conceal the flow of illicit funds.

Customers involved in illegal gambling:

Customers engaged in online gambling activities that are not licensed by U.S. or local governments, especially on illegal platforms where cryptocurrency is commonly used for payments.

6.4 High-Risk Customers Associated with Politically Exposed Persons (PEPs)

High-risk Politically Exposed Persons (PEPs):

Includes current or former senior government officials, executives of state-owned enterprises, high-ranking military officers, legislators, and judiciary members, who may be involved in corruption or money laundering due to their positions of influence.

The sources of funds for such individuals are often difficult to trace and require enhanced scrutiny.

Relatives or business associates linked to PEPs:

Individuals or entities with direct or indirect financial or business relationships with PEPs, such as relatives or long-term business partners.

6.5 Shell or Fictitious Companies

Shell companies:

Entities registered as companies without actual business operations or production, often used for money laundering, tax evasion, or fund transfers. These companies may engage in fictitious transactions or large fund flows.

Companies with false business purposes:

Companies that cannot explain their business activities or fund flows, or whose transactions do not align with their stated business scope. Such companies are often used to conceal the origins of illicit funds.

6.6 Customers from AML-Weak Jurisdictions

Customers from 'High-Risk and Non-Cooperative Jurisdictions' listed by FATF:

Customers originating from countries designated as high-risk or having weak AML frameworks by the Financial Action Task Force (FATF), including but not limited to:

North Korea, Iran, Syria, Crimea region, Cuba, Venezuela

Customers with frequent cross-border transactions involving these high-risk countries:

Customers who frequently transfer funds with high-risk countries, especially large or complex cross-border cryptocurrency transactions, are typically associated with high money laundering or terrorist financing risks.

6.7 Customers with Unexplainable Sources of Funds

Customers unable to provide legitimate sources of funds:

Customers who fail to provide credible explanations for the sources of their funds, especially when their transaction activities are inconsistent with their known financial background or occupational income. For example, low-income individuals conducting high-value crypto transactions.

Customers with unclear fund usage:

Customers whose transaction purposes are vague or whose use of funds cannot be clearly explained, and who refuse or are unable to provide detailed justifications.

6.8 Customers Engaged in Frequent Large-Scale Structuring

Structuring:

Customers deliberately breaking up large transactions into multiple smaller ones to avoid Currency Transaction Report (CTR) requirements under U.S. law or to bypass AML monitoring systems. Such patterns are commonly used to evade regulations or launder money.

6.9 Customers Involved in Terrorist Financing

Customers linked to terrorist fund flows:

Customers whose funds or transactions are connected to known terrorist organizations, or where the funds are suspected to support terrorist activities. FinCEN maintains heightened vigilance for terrorist financing risks.

Customers using cryptocurrency to finance terrorism:

Anonymous cross-border crypto transfers, particularly those directed to conflict zones or regions controlled by terrorist organizations, may indicate involvement in terrorist financing.

7.0 Customers Submitting False or Misleading Information Multiple Times

Customers submitting false identity or funding information:

Customers who repeatedly provide false identity, address, or source of funds information during account opening or transactions, or offer misleading descriptions of their business purposes.

Customers repeatedly attempting to bypass KYC procedures:

Customers who attempt to evade identity verification multiple times or trade through multiple accounts, especially those using VPNs or proxy servers to hide their identity.