The counterparty may be either the crypto service provider's own customer or a third party:
- A customer may send cryptos to or receive cryptos from their own (external) wallet not managed by the crypto service provider.
- A customer may receive cryptos from or send cryptos to a third person.
- The provider must establish the identity and place of residence of the counterparty and screens it against the sanctions lists (and this should not produce a hit).
- The provider must establish that this person or legal entity is actually the recipient or the sender.
The law does not stipulate a specific procedure for verification that the person or legal entity whose identity and place of residence have been established is actually the recipient or sender. The procedure must, however, offer adequate safeguards for screening counterparties.
For example, providers can whitelist external wallets using technological means. We have encountered various practices, such as:
- providing a crypto address to the customer (whether or not as a custodian)
- screen sharing or video conferencing at the time of logging in
- signing a transaction or sending back a small amount of cryptos to the provider on request
Other measures which may help to reduce risks but in isolation are most likely insufficient to comply with the Sw include:
- Laying down in a contract or terms of use that trading is only permitted using one’s own crypto addresses
- Investigating and monitoring (whitelisted) crypto addresses using pre- and post-transaction monitoring software
- Blocking crypto addresses linked to illegal activities and addresses sanctioned by the US Office of Foreign Assets Control (OFAC)