bank secrecy act (bsa)/anti-money laundering … llc – bsa/aml program 2017 – 2 table of...

TokenLot,LLC–BSA/AMLProgram2017–1

BankSecrecyAct(BSA)/Anti-MoneyLaundering(AML)Program

APPROVEDBY

TokenLot,LLCBSAOfficerTokenLot,LLCBoardofDirectors


TABLEOFCONTENTS

1. BankSecrecyAct(BSA)/Anti-MoneyLaundering(AML)Policy.....................................................3

2. ChangeControlLog.....................................................................................................................4

3. ComplianceDate.........................................................................................................................4

4. Definitions..................................................................................................................................44.1 FinancialCrimesEnforcementNetwork(FinCEN).............................................................................44.2 CurrencyTransactionReport(CTR)...................................................................................................54.3 SuspiciousActivityReport(SAR)......................................................................................................5

5. Purpose......................................................................................................................................5

6. ApplicabilityandScope...............................................................................................................5

7. Roles/Responsibilities.................................................................................................................57.1 BoardofDirectors............................................................................................................................57.2 DesignatedComplianceOfficer........................................................................................................57.3 TokenLotEmployeesandContractors..............................................................................................6

8. Requirements.............................................................................................................................68.1 Overview.........................................................................................................................................68.2 BSAComplianceOfficer....................................................................................................................68.3 BSA/AMLProgram...........................................................................................................................7

8.3.1 RegistrationofMoneyServicesBusiness(MSB)..................................................................................78.3.2 KnowYourCustomer(KYC)/CustomerDueDiligence(CDD)Policy.....................................................78.3.3 SurveillanceandMonitoringPolicy.....................................................................................................88.3.4 OfficeofForeignAssetsControl(OFAC)Screening.............................................................................88.3.5 Non-OFACWatchlistScreening...........................................................................................................98.3.6 CurrencyExchangesofMoreThan$1,000..........................................................................................98.3.7 MonetaryInstrumentLog....................................................................................................................98.3.8 Updates.............................................................................................................................................108.3.10 AMLTraining.................................................................................................................................108.3.11 IndependentTesting.....................................................................................................................10

8.4 CurrencyTransactionReport(CTR).................................................................................................118.4.1 CTRRecordRetention........................................................................................................................11

8.5 SuspiciousActivityReport(SAR)Policy..........................................................................................118.5.1 SARRecordRetention........................................................................................................................11

8.6 RecordRetention...........................................................................................................................128.7 EmergencyNotificationtoLawEnforcement..................................................................................128.8 LawEnforcementInformationRequests........................................................................................128.9 FinCEN314(a)Requests.................................................................................................................128.10 NationalSecurityLetters................................................................................................................13


8.11 GrandJurySubpoenas...................................................................................................................13

9. ConflictResolution/Escalation..................................................................................................13

10. Exceptions.............................................................................................................................13

11. ReviewSchedule...................................................................................................................13

12. SeniorManagerApproval......................................................................................................14

1. BankSecrecyAct(BSA)/Anti-MoneyLaundering(AML)Policy

ItisthepolicyofTokenLot,LLC(“TokenLot”)toprohibitandactivelypreventmoneylaunderingandanyactivitythatfacilitatesmoneylaunderingorthefundingofterroristorcriminalactivitiesbycomplyingwithallapplicablerequirementsundertheBankSecrecyAct(BSA)anditsimplementingregulations.Money laundering isgenerallydefinedas“engaging inactsdesignedtoconcealordisguise thetrueoriginsofcriminallyderivedproceedsso that theproceedsappear tohavederived from legitimateoriginsorconstitutelegitimateassets.”Generally,money launderingoccurs in threestages. Illicitproceeds firstenter the financialsystematthe"placement"stage,wherefundsgeneratedfromcriminalactivitiesareconverted intomonetaryinstruments,suchasmoneyordersortraveler'schecks,ordeposited intoaccountsat financial institutions.At


the "layering" stage, the funds are transferred or moved into other assets, accounts, or other financialinstitutions to further separate themoney from its criminal origin. At the "integration" stage, the funds arereintroduced into the economyandused topurchase legitimate assets or to fundother criminal activities orlegitimatebusinesses.Terroristfinancingmaynotinvolvetheproceedsofcriminalconduct,butratheranattempttoconcealeithertheoriginofthefundsortheirintendeduse,whichcouldbeforcriminalpurposes.Legitimatesourcesoffundsareakey difference between terrorist financiers and traditional criminal organizations. In addition to charitabledonations, legitimate sources include foreign government sponsors, business ownership, and personalemployment.Althoughthemotivationdiffersbetweentraditionalmoneylaunderersandterroristfinanciers,theactual methods used to fund terrorist operations can be the same as or similar to methods used by othercriminalsto launderfunds.Fundingforterroristattacksdoesnotalwaysrequire largesumsofmoneyandtheassociatedtransactionsmaynotbecomplex.TokenLot’sBSA/AMLpoliciesand internalcontrolsaredesignedtoensurecompliancewithallapplicableBSAregulationsandwillbereviewedandupdatedonaregularbasistoaccountforbothchangesinregulationsandchangesinTokenLot’sbusinessmodel.2. ChangeControlLog

Version ChangeDate Author SummaryofChanges

1.0 July9th,2017 BSAOfficer

Know Your Customer/Customer Due Diligence Policy: Identifies customer andtransactional information collected and recorded, as well as the verification ofcustomer identification and government filings in accordance with regulatoryexpectations.ThePolicydetailstherisk-basedtiersystemusedtodeterminethespecificinformationandidentificationtobecollected,recorded,andverified.

1.0 July9th,2017 BSAOfficerEnhanced Due Diligence Policy: Identifies the process for classifying high riskcustomers; the specific customer information and supporting documentation tobeobtainedandreviewed;and,thefrequencyofreview.

1.0 July9th,2017 BSAOfficerSurveillance/MonitoringPolicy:Identifiesalertroutinesthatscreencustomerandtransactional informationforpotentiallysuspiciousorunusualactivity,aswellastheprocessforreviewingthealertroutines.

1.0 July9th,2017 BSAOfficerSuspicious Activity Report Policy: Identifies the process for uniformly preparingandfilingsuspiciousactivityreports(SARs),SARsformarijuana-relatedbusinesses,andContinuedActivitySARfilings.

3. ComplianceDate

TheBankSecrecyAct(BSA)/Anti-MoneyLaundering(AML)ProgramwasimplementedonJuly9th,2017.4. Definitions

4.1 FinancialCrimesEnforcementNetwork(FinCEN)


A Bureau of the United States Department of Treasury charged with implementing and enforcing the BankSecrecyAct(BSA)andanti-moneylaundering(AML)regulations.

4.2 CurrencyTransactionReport(CTR)

A report tobe filed electronicallywith FinCENwhena customerof TokenLot transacts over $10,000 cash viasingletransactionormultipletransactionsthataggregatetoover$10,000inasingleday.

4.3 SuspiciousActivityReport(SAR)

A report to be filed electronically with FinCEN when TokenLot detects unusual or suspicious activity or hasreasontobelieveunusualorsuspiciousactivityhasoccurred.5. Purpose

Thepurposeof theBSA/AMLProgram is toestablishaprocedure forTokenLot tooperate incompliancewithFinCENregulationsregardinganti-moneylaundering,suspiciousactivity,andotherreportingresponsibilities.OnMarch18,2013,FinCENreleasedguidancerequiringpersonsadministratingorexchangingvirtualcurrenciestoregisterasamoneyservicesbusiness(MSB),specificallyamoneytransmitter,andthuscomplywithFinCENMSBregulatoryrequirementstoestablishanAMLprogram,completecertaingovernmentfilings,andretainrecordsforpresentationasrequired.Reference: FinCEN Guidance FIN-2013-G001 “Application of FinCEN's Regulations to Persons Administering,Exchanging,orUsingVirtualCurrencies.”SeeSection13.7foracopyoftheFinCENGuidance.6. ApplicabilityandScope

FinCEN’sBSA/AMLregulatoryrequirementsareapplicabletoTokenLotunderFinCENGuidanceFIN-2013-G001.TokenLot operates an online brokerage for Initial Coin Offering (“ICO”) tokens. The provision of this servicemeetsthedefinitionofamoneyservicesbusiness(MSB)asdefinedbyFinCEN.7. Roles/Responsibilities

TherolesandresponsibilitiesapplicabletoTokenLot’sBSA/AMLcomplianceareasfollows:

7.1 BoardofDirectors

TokenLot’s Board of Directors (“Board”) is responsible for approving the BSA/AML Program and associatedinitiatives.TheBoardalsooverseestheComplianceOfficerandoverallperformanceoftheinitiativesassociatedwiththeBSA/AMLProgram,includingday-to-dayoperations,training,monitoring,andupdates.

7.2 DesignatedComplianceOfficer

TokenLot’sDedicatedComplianceOfficerisresponsibleforleadingtheday-to-daycomplianceactivitiesandensuringthefollowing:

(1) TheBSA/AMLProgramisdevelopedandimplementedeffectively(2) TheBSA/AMLProgramisupdatedasnecessary


(3) TokenLot provides ongoing training of appropriate persons concerning their responsibilitiesundertheBSA/AMLProgram

(4) TokenLotusesindependenttestingtomonitorandmaintaintheBSA/AMLProgram.

TheDesignatedComplianceOfficerisresponsibleforoverseeingtheanalysisanddispositionofanyattemptedor completed transactions that raise AML concerns. The Designated Compliance Officer is responsible foranalysis and disposition of any attempted or completed transactions that may require reporting to FinCEN,including, but not limited to, Suspicious Activity Report (SAR) filings and Currency Transaction Report (CTR)filings. Furthermore, the Designated Compliance Officer is responsible for analysis and disposition of anyattemptedor completed transactions that raiseanobligation to file a report togovernmentalofficialsor lawenforcement.TheDesignatedComplianceOfficer is responsible forprovidingTokenLotwith interpretationsoftherequirementsoftheBSA/AMLProgramandforresolvingconflictsthatmayarisethereto.

7.3 TokenLotEmployeesandContractors

TokenLot must comply with legal and regulatory requirements designed to detect and prevent moneylaunderingandterroristfinancingactivities.TheAMLProgramstateswhatemployeesandcontractorsmustdoinordertofulfillTokenLotcomplianceobligations.FailuretofollowtheAMLProgramorsupportingpoliciesandprocedures thereto violates TokenLotpolicy andmay violate the law.Violationof this programmay result interminationofemploymentorcontractualrelationship.Violationofthelawmayresultincivilpenaltiesand/orcriminalprosecution.In connectionwith their duties, employees, contractors, and volunteers of TokenLotwill thoroughly considerwhether attempted or completed transactions are potentially suspicious or unusual and escalate any suchinstancestotheDedicatedComplianceOfficerwithinone(1)businessday.8. Requirements

8.1 Overview

Asstatedinprevioussections,TokenLotisrequiredto:

(1) DesignateaComplianceOfficerforthepurposesoftheBSA/AMLProgram(2) Develop and implement a written anti-money laundering program reasonably designed to

preventTokenLotfrombeingusedtofacilitatemoneylaunderingorterroristfinancing(3) Filereportsregardingcertaintransactions(e.g.,currencyinexcessof$10,000)(4) Filereportsofsuspiciousorunusualactivity(5) Engageinmonitoring,testing,andtrainingrelatingtotheBSA/AMLProgram(6) RegularlyupdatethepoliciesassociatedwiththeBSA/AMLProgram(7) RespondtoinformationrequestsfromFinCENand/orlawenforcement(8) Takeothersteps,asrequired,toestablishandmaintaincompliancewithFinCENregulations8.2 BSAComplianceOfficer

TokenLot hereby affirms Eli LeWitt as the Designated Compliance Officer for the purposes of the BSA/AMLProgram.


8.3 BSA/AMLProgram

TokenLotherebyestablishesawrittenBSA/AMLProgram.Broadlyspeaking,thegoalsoftheBSA/AMLProgramareasfollows:

(1) AssesstheuniverseoftransactionsinwhichTokenLotengages(2) Developanunderstandingoftheattributesofthetransactionsinordertodifferentiatebetween

routine, commonplace transactions in which TokenLot engages, and suspicious or unusualtransactionsthatmaywarrantSARfiling

(3) Develop a culture and process within TokenLot to identify transactions that may warrantescalationtotheBSAComplianceOfficer

(4) AdjusttheBSAProgram,asnecessary,tomaintaincompliancewithevolvingrequirements.

8.3.1 RegistrationofMoneyServicesBusiness(MSB)

FederalTokenLot is registered with FinCEN as a money services business (MSB) in accordance with “Application ofFinCEN's Regulations to Persons Administering, Exchanging, or Using Virtual Currencies” (FIN-2013-G001)..Renewal ofMSB registration is due within two (2) calendar years or sooner under certain circumstances asidentifiedbyFinCEN.SeeSection13.8forFinCENMSBregistration.

8.3.2 KnowYourCustomer(KYC)/CustomerDueDiligence(CDD)Policy

TokenLot established a KYC/CDD Policy in order to mitigate the risk of being used, intentionally orunintentionally,bycriminalelementsformoneylaunderingactivities.TheKYC/CDDPolicyenablesTokenLottoknowandunderstanditscustomerandhis/herfinancialdealings.TheKYC/CDDPolicyidentifiesthespecificcustomerandtransactioninformationcollectedandrecorded,aswellastheverificationofcustomeridentificationandgovernmentfilingsinaccordancewithregulatoryexpectations(seeKnowYourCustomer/CustomerDueDiligencePolicy).

8.3.2.1 CustomerNoticeofKYC/CDD

TokenLotwill providenotice to all prospective customers that informationwill be requestedof them to helpmitigate risksassociatedwithmoney laundering,and toverify their identitiesas requiredby federal law. Thenoticeshallreadasfollows: ImportantInformationAboutProceduresforConductingTransactions

Tohelpthegovernmentfightthefundingofterrorismandmoneylaunderingactivities,federallawmayrequire us to obtain, verify, and record information that identifies each person who conducts atransactioninvolvingthesaleorexchangeofvirtualcurrencies.Whatthismeansforyou


Whenyouconductatransactionwithus,wemayaskforyourname,address,dateofbirth,andotherinformationthatwillallowustoidentifyyou,includingyourSocialSecuritynumber.Wemayalsoasktoseeyourdriver’slicenseorotheridentifyingdocuments.

TokenLotshallcommunicatetheabovenoticeviaconspicuoustextonthedigitalscreensofeachofitskiosks,aswellasphysicalsignageonorneareachkiosk.

8.3.3 SurveillanceandMonitoringPolicy

TokenLotestablishedaSurveillanceandMonitoringPolicy to identifyand flagpotential suspiciousorunusualactivity for reviewandprovide for the timelySAR filingof suchactivity ifultimatelydeterminedsuspiciousorunusual.TheSurveillanceandMonitoringPolicyidentifiesspecificalertroutinesdevelopedtoscreencustomerand transactional information for potentially suspicious or unusual activity. The alert routines monitorcustomersforunusualsize,volume,orpatternoftransactions,taking intoaccountriskfactorsand“redflags”appropriatetoTokenLot’sbusinessmodel(seeSurveillanceandMonitoringPolicy).

8.3.4 OfficeofForeignAssetsControl(OFAC)Screening

The Office of Foreign Assets Control (OFAC) of the United States Department of Treasury administers andenforceseconomicandtradesanctionsagainst targetedforeigncountriesandgroupsof individuals, terrorismsponsoring organizations, and international narcotics traffickers based on U.S. foreign policy and nationalsecuritygoals.

8.3.4.1 SpeciallyDesignatedNationals(SDN)

TokenLotscreensusersagainstOFAC’sSpeciallyDesignatedNationals(SDN)List.Intheeventamatchhasbeendetermined,TokenLotwillcontactOFACviahotline,aswellasrefuseanypendingorfuturetransactions.TokenLotmonitorsfinancialtransactionsperformedbyorthroughitsnetworkandagentstodetectthosethatinvolveanyentityorpersonsubjecttoOFAClawsandregulations.Ingeneral,OFACregulationsrequirethefollowing:

• Blockingaccountsandotherpropertyofspecifiedcountries,entities,andindividuals• Prohibitingorrejectingunlicensedtradeandfinancialtransactionswithspecifiedcountries,entities,and

individuals.Intheeventamatchhasbeendetermined,TokenLotwillcontactOFACviahotline,aswellasrefuseanypendingorfuturetransactions.

8.3.4.2 SanctionsProgramsandCountryInformation

TokenLot screens user information and transactional information to determine if it involves individuals andentitieswithtiestoOFAC-sanctionedgeographicregionsandgovernments(e.g.,addressandgovernment-issuedidentification).OFACadministersanumberofU.S.economic sanctionsandembargoes that targetgeographicregions and governments. Some programs are comprehensive in nature, block the government, and includebroad-basedtraderestrictions,whileotherstargetspecificindividualsandentities.


TokenLot shall refer to the Sanctions Programs and Country Information page on the official website of theOfficeofForeignAssetsControlforinformationonspecificprograms.Ingeneral,OFACregulationsrequirethefollowing:

• Blockingaccountsandotherpropertyofspecifiedcountries,entities,andindividuals• Prohibitingorrejectingunlicensedtradeandfinancialtransactionswithspecifiedcountries,entities,and

individuals.Intheeventamatchhasbeendetermined,TokenLotwillcontactOFACviahotline,aswellasrefuseanypendingorfuturetransactions.

8.3.5 Non-OFACWatchlistScreening

TokenLotmonitors financial transactions performed by or through its kiosk to detect those that involve anyentityorpersonsubjecttothefollowingwatchlists:

• UnitedStatesBureauofIndustryandSecurity• UnitedStatesBureauofInternationalSecurityandNonproliferation• UnitedStatesDirectorateofDefenseTradeControls• UnitedStatesCentralIntelligenceAgency–ChiefsofStateandCabinetMembers• UnitedKingdom–HerMajesty’sTreasury• Canada–OfficeoftheSuperintendentofFinancialInstitutions• EuropeanUnion–EuropeanExternalActionServices• Australia–DepartmentofForeignAffairsandTrade• UnitedNations• Japan–TheMinistryofEconomy• China–StateSecretariatforEconomicAffairs

Intheeventamatchhasbeendetermined,TokenLotwillrefuseanypendingorfuturetransactionsandreportthetransaction,asprescribed.

8.3.6 CurrencyExchangesofMoreThan$1,000

TokenLotwillrecordeachexchangeofcustomerU.S.dollar-denominatedcashforcryptocurrencytotalingmorethan $1,000, and each exchange of customer cryptocurrency for U.S. dollar-denominated cash totalingmorethan $1,000. This record includes both customer and transaction information. See Section 13.1 for a SampleCurrencyExchangeRecord.

8.3.7 MonetaryInstrumentLog

TokenLot will record each exchange of customer U.S. dollar-denominated cash for bitcoin-denominatedcryptocurrencytotaling$3,000-$10,000inclusive,andeachexchangeofbitcoin-denominatedcryptocurrencyforU.S.dollar-denominatedcashtotaling$3,000-$10,000 inclusive.Thisrecord includescustomerandtransactioninformation, as well as government-issued identification and verification information. See Section 13.2 for aSampleMonetaryInstrumentLog.


8.3.8 Updates

TokenLot will update the BSA/AML Program on an annual basis, at minimum, to ensure compliance withregulatoryrequirementsandadaptationtoevolvingrisk.

8.3.9 AMLTraining

TokenLotmandatesallemployeesandcontractorsparticipatein,complete,andadheretoitsBSA/AMLtrainingasaconditionofcontinuedemployment.Tothatend,TokenLothasdevelopedandimplementedaformalAMLcompliance training program that incorporates the requirements of the Bank Secrecy Act (BSA), the USAPATRIOTAct,anti-moneylaunderinglaws,andotherapplicablefederalandstatelawsandregulations.TokenLothastailoreditsongoingemployeetrainingbasedonitsriskprofile.TokenLotfacilitatesthetrainingprogramviaane-learningmodule.Thetrainingcoursematerialsexaminehowtoidentifyredflagsandsignsofmoneylaunderingthatariseduringthecourseofone'sduties,whattodooncetheriskisidentified,individualandcollectiverolesinTokenLot’scomplianceeffortsandhowtoperformthem,recordretentionobligations,andthedisciplinaryconsequences(includingcivilandcriminalpenalties)fornon-compliancewithanti-moneylaunderinglawsandregulations.TokenLotrequirestrainingforallemployeesandcontractorsasfollows:

(1) Every new employee and contractor must be trained on TokenLot’s compliance policies andproceduresbeforetheemployeecommenceswork

(2) EveryemployeeandcontractoralreadyactivelyundertheemployofTokenLotshallbetrainedwithinthirty(30)daysoftheBSA/AMLProgramapprovaldate

(3) Every employee and contractor must be retrained, at minimum, on an annual basis goingforwardandasrequiredbychanginglawsandregulations.

Further,wheneverpossible,TokenLotencouragesandsponsorsofficer,employee,andcontractorparticipationintargetedandrelevantAMLcompliancetrainingcourses,seminars,conferences,andotheropportunities.

8.3.9.1 AMLTrainingRecords

TokenLot shall maintain a detailed log of its AML training activities, including participation in its e-learningmoduleandanyoftheabove-referencedtrainingopportunities.SeeSection13.5forAMLTrainingLog.

8.3.10 IndependentTesting

TokenLotwillarrangeforindependenttestingofitsBSA/AMLProgramonanannualbasis.Thistestingmaybeperformedbyathird-partyorbyanemployeeofTokenLototherthantheComplianceOfficer.Testing performed by TOkenLot personnel must be conducted by someone other than the BSA ComplianceOfficer or anyone who engaged in the BSA/AML functions under review. His/her/their qualifications shouldinclude,atleast,aworkingknowledgeofBSAregulationsandregulatoryrequirements.


As a general matter, independent testing of TokenLot’s BSA/AML Program will include, at a minimum: (1)evaluating the overall integrity and effectiveness of TokenLot’s BSA/AML Program; (2) evaluating TokenLot’spoliciespertaining toBSA/AML reportingand recordkeeping requirements; (3)evaluating the implementationandmaintenance of TokenLot’s KYC/CDD Program; (4) evaluating TokenLot’s transactions; (5) evaluating theadequacy of TokenLot’s staff training program; (6) evaluating TokenLot’s systems, whether automated ormanual, for identifying potential suspicious activity; (7) evaluating TokenLot’s system for reporting suspiciousactivity;and(8)evaluatingTokenLot’sresponsetopreviouslyidentifieddeficiencies,ifany(seeSection13.6foraSampleTestingLog).

8.4 CurrencyTransactionReport(CTR)

InadditiontoanyothertransactionreportingobligationsthatapplytoTokenLot,undertheBSA/AMLProgram,TokenLot must file FinCEN Form 112 “Currency Transaction Report” (CTR) in connection with coveredtransactions.FinCENForm112“CurrencyTransactionReport”(CTR)isusedgenerallytoreportcashtransactionsin excess of $10,000or a series of related cash transactions that,when aggregated, exceed$10,000. For thepurposes of this reporting requirement, cash means “U.S. or foreign currency.” Regardless of the type oftransaction,theremustbeover$10,000cashtotriggerthereportingrequirement.SeeSection13.4foraCTRRetentionChecklist.FinCEN has electronic means for completing and filing CTRs. A CTR must be filed no later than fifteen (15)calendardaysafterthedateofthetransaction(s).

8.4.1 CTRRecordRetention

TokenLotwillmaintainacopyofanyCTRitoriginates,aswellasanysupportingdocumentation,foraperiodoffive(5)yearsfromthedateoffiling.

8.5 SuspiciousActivityReport(SAR)Policy

InadditiontoanyothertransactionreportingobligationsthatapplytoTokenLot,undertheBSA/AMLProgram,TokenLotmustfileaSuspiciousActivityReport(SAR)toreporttransactionsthatareorappeartobesuspicious,unusual, or both, as well as any possible violations of law or regulation, including activities associated withmarijuana-relatedbusinesses.TokenLotestablishedaSuspiciousActivityReport(SAR)PolicyforthetimelyanduniformpreparationandfilingofSARs,.TheSARPolicydetailstheSARfillingprocess,criteria,relevantcustomerandtransactionalinformationtobeincluded,filingdeadlines,theconfidentialityrequirement,andfrequencyforcontinuedactivityreview(seeSuspiciousActivityReportPolicy).

8.5.1 SARRecordRetention

TokenLot will maintain a copy of any SAR it originates (including joint reports), as well as any supportingdocumentation,foraperiodoffive(5)yearsfromthedateoffiling.Supporting documentation must be identified as such and maintained by TokenLot. TokenLot will make allsupportingdocumentationavailable toFinCEN,orany federal, state,or local lawenforcementagency,orany


federal regulatory authority that examines TokenLot for compliancewith the Bank Secrecy Act, or any stateregulatoryauthorityadministeringastate lawthat requiresTokenLot tocomplywith theBankSecrecyActorotherwise authorizes the state authority to ensure that TOkenLot complieswith the Bank Secrecy Act, uponrequest.SeeSection13.3foraSARRetentionChecklist.

8.6 RecordRetention

TokenLotwillretainBSA/AMLrecordsforaperiodoffive(5)years,atminimum.Theserecordswillbefiledorstoredinsuchawayastobeaccessiblewithinareasonableperiodoftime.Theretentionofrecordsincludes,butisinnowaylimitedto,thefollowing:

(1) FinCEN Registration — MSBs must maintain copies of their FinCEN registration form andregistrationnumberassignedtothebusiness, includinganyrenewalorsubsequentforms(seeSection8.3.1).

(2) CurrencyExchangeRecord—MSBsmustmaintaincertainrecordsforeachcurrencyexchangeinexcessof$1,000(seeSection8.3.6).

(3) Monetary Instrument Log — MSBs must maintain certain information for each purchase ofmonetaryinstruments,suchascurrency,$3,000-$10,000,regardlessofthemethodofpayment(seeSection8.3.7).

(4) FinCEN 314(a) Requests—MSBsmustmaintain copies of the requested individual, entity, ororganization;logsshowingthedateoftherequestandthenumberofaccountssearched;and,anotationofwhetherornotamatchwasdetermined(seeSection8.9).

8.7 EmergencyNotificationtoLawEnforcement

Insituationsinvolvingviolationsthatrequireimmediateattention,suchasterroristfinancingorongoingmoneylaundering schemes, TokenLot will immediately contact an appropriate law enforcement authority. If anindividualorentityappearsonOFAC’sSDNList(SeeSection8.3.4.1),TokenLotwillcalltheOFACHotlineat(800)540-6322. Other relevant law enforcement contacts include: FinCEN’s Financial Institution Hotline (866) 556-3974.

8.8 LawEnforcementInformationRequests

FinCENrequiresTokenLottocomplywithinformationsharingrequestsregardingaccountsandtransactions.Inthe event TokenLot receives such a request, TokenLot will respond to the request in a timely manner andcooperatecompletelyandthoroughlywithFinCEN’sinquiry.

8.9 FinCEN314(a)Requests

FinCEN regulation under Section 314(a) enables federal, state, local, and foreign (European Union) lawenforcementagencies,throughFinCEN,toreachouttomorethan39,000pointsofcontactatmorethan16,000financialinstitutionstolocateaccountsandtransactionsofpersonsthatmaybeinvolvedinterrorismormoneylaundering.FinCENreceivesrequestsfromlawenforcementanduponreview,sendsnotificationstodesignatedcontactswithin financial institutions across the country once every two (2)weeks, informing them that newinformationhasbeenmadeavailableviaasecureInternetwebsite.Therequestscontainsubjectandbusiness


names, addresses, and asmuch identifying data as possible to assist the financial industry in searching theirrecords.TokenLotwill respond to a Financial Crimes EnforcementNetwork (“FinCEN”) 314(a) request by immediatelyquerying its records to determine whether the individual, entity, or organization named in the 314(a) hasengaged in any transactional activities. TokenLot is obligated toquery its records fordatamatches, includingaccounts maintained by the named subject during the preceding twelve (12) months and transactionsconductedwithinthelastsix(6)months.FinCENhaselectronicmeansforreportinga314(a)matchviaitsweb-based314(a)SecureInformationsharingSystem. FinCEN requiresmatches to be reported no later than fourteen (14) calendar days after the date ofrequest.Ifthesearchdoesnotuncoveranymatchingofaccountsortransactions,TokenLotisnotobligatedtoreplytothe314(a)request.

8.10 NationalSecurityLetters

TokenLotwillrespondtoNationalSecurityLetters(“NSLs”)toobtainfinancialrecords,amongotherthings,byqueryingitsrecordstodeterminewhethertheindividual,entity,ororganizationnamedinanNSLhasengagedinanytransactionalactivities.TokenLotisrequiredtoreportmatchesnolaterthanfourteen(14)calendardaysafterthedateofrequest.ThereceiptofanNSLishighlyconfidential.No member of TokenLot will disclose to any person that a government authority or the FBI has sought orobtainedaccess to recordsofeach individual, entity,ororganizationnamed in theNSL. If a SAR is filedafterreceivinganNSL,theSARwillnotcontainanyreferencetothereceiptorexistenceoftheNSL.

8.11 GrandJurySubpoenas

Uponreceiptofagrandjurysubpoenaconcerningacustomer,TokenLotwillconductareviewofthatcustomerandhis/heractivities.Ifthereviewuncoverssuspiciousorunusualactivity,TokenLotwillfileaSARinaccordancewith the SARPolicy (See SARPolicy). If a SAR is filed after receiving a grand jury subpoena, the SARwill notcontainanyreferencetothereceiptorexistenceofthesubpoena.RegardlessofthedecisiontofileaSAR,nomember of TokenLot will disclose to any person, including the named individual, of the existence of thesubpoenaoritscontents.9. ConflictResolution/Escalation

IntheeventofaquestionregardingtheoperationorimplementationoftheBSA/AMLProgram,orintheeventTokenLot staff requirean interpretation relating to theProgram, theconflictor interpretation requestwillbeescalatedtotheBSAComplianceOfficer,whowillresolvetheconflictorprovidetheinterpretation.10. Exceptions

TherearenoexceptionspermittedtotheBSA/AMLProgram.11. ReviewSchedule


TokenLot’s BSA/AML Programwill be reviewed and updated, atminimum, on an annual basis. TokenLotwillreview and update its BSA/AML Program following any material changes to business operations, companyownership,orboth.12. SeniorManagerApproval

TokenLot’sBSA/AMLProgrammustbeapprovedinwritingbyamemberofSeniorManagement.Senior Management has approved this BSA/AML Program in writing as reasonably designed to achieve andmonitor TokenLot’s ongoing compliance with the requirements of the Bank Secrecy Act (BSA) and theimplementingregulationsthereunder.

bank secrecy act (bsa)/anti-money laundering … llc – bsa/aml program 2017 – 2 table of...

Documents