This means they must not only adequately control and document compliance with the Wwft requirements, but also document in their policy how they put sound and ethical operational management into practice. This concerns the institution's internal workings. For instance, an institution could document how it prevents itself or its staff from becoming involved in conflicts of interests, criminal offences or other breaches of the law. It must also document how certain business processes and business risks are controlled, setting out, for example, how it deals with outsourcing of important business processes, such as elements of customer identification. Lastly, institutions are also expected to have a clear division of tasks and governance structure. In this connection, we refer to Section 23i of the Wwft, which deals with the transparent control structure, and Section 2d of the Wwft, which requires independent and effective compliance and audit functions in proportion to an institution's nature and size.
Sound and ethical operational management
- Relevant for:
- 12 november 2019
Section 23j of the Wwft obligates crypto service providers to safeguard sound and ethical operational management.