AML/CFT Policy Outline (CASP-style)
Risk-based AML/CFT framework for a crypto-asset service provider: governance, CDD/KYC/KYB, screening, on-/off-chain monitoring, Travel Rule, sanctions, STR/SAR.
Contents (short)
- Governance & roles (Board, MLRO/CO, lines of defence)
- Business risk assessment (customers, products, channels, geography, transactions)
- Customer acceptance policy
- CDD/KYC for individuals; KYB & beneficial ownership for entities
- PEP/sanctions/adverse media screening; hit resolution workflow
- Risk scoring & EDD triggers
- Ongoing monitoring (on-/off-chain typologies; case management)
- Travel Rule (Rec. 16): data exchange & self-hosted addresses
- Sanctions compliance; asset freeze / blocking
- STR/SAR reporting & tipping-off controls
- Recordkeeping & data protection (GDPR alignment)
- Training & awareness; independent review/audit
- Outsourcing/reliance; high-risk countries; policy management
- Annexes: KYC/KYB checklists, risk matrix, alerts workflow, STR template, training log
Download & next steps
Grab the skeleton, then adapt thresholds, EDD triggers, alert queues and Travel Rule flow to your stack and regulator. We can help align it to your license scope.