Mt.Gox AML/KYC Process Explained

[Bitcoin Oz]

not at all.  educate customers so they can structure their own tx's so as not to attract attention.

In some jurisdictions that is highly illegal.

You can't be seriously suggesting that merely learning about the state's arbitrary rules about money transactions is itself against their rules, can you?

Learning no. Teaching yes!

Yeah, I can see how that would work:

"Follow the rules!"
"What rules?"
"Sorry, as per rules, I'm not allowed to teach you."
"Oh, ok, fuck you."

I think they make the rules up as they go ?

[1714924498]

1714924498

[1714924498]

1714924498

[cypherdoc]

In some jurisdictions that is highly illegal.

You don't have to qualify that statement by saying "some" jurisdictions.

according to this logic the State should just take down all Speed Limit signs on freeways and ticket all vehicles over the "allowed" MPH.

[galambo]

according to this logic the State should just take down all Speed Limit signs on freeways and ticket all vehicles over the "allowed" MPH.

That's not what your asking for.

You are asking for advice on how to evade the law when you are knowingly doing something illegal. Which, knowing what I know about governments, is illegal in every jurisdiction.

If you are not doing anything illegal then why do you care if a SAR gets filed?

In fact, if you are a "libertarian" you should be rejoicing that the government's databases are being filled with useless information.

[cypherdoc]

according to this logic the State should just take down all Speed Limit signs on freeways and ticket all vehicles over the "allowed" MPH.

That's not what your asking for.

You are asking for advice on how to evade the law when you are knowingly doing something illegal. Which, knowing what I know about governments, is illegal in every jurisdiction.

If you are not doing anything illegal then why do you care if a SAR gets filed?

In fact, if you are a "libertarian" you should be rejoicing that the government's databases are being filled with useless information.

you're assuming the worst.

i am, in fact, doing nothing illegal.  i, as a fully legal user of Bitcoin, am very interested in not attracting attention if i don't have to.  there's nothing wrong with wanting to fly under the radar.

do you, as a fully compliant taxpayer i assume, not mind undergoing an IRS audit if its not necessary?

[galambo]

you're assuming the worst.

i am, in fact, doing nothing illegal.  i, as a fully legal user of Bitcoin, am very interested in not attracting attention if i don't have to.  there's nothing wrong with wanting to fly under the radar.

do you, as a fully compliant taxpayer i assume, not mind undergoing an IRS audit if its not necessary?

If you're not breaking the law, then why are you asking for advice on how to break the law? Which alone could put you in prison for 5 years.

Because you are a Bitcoin user I'm going to assume that the amounts of currency you deal in would never have any chance of triggering a CTR or SAR, ever, by itself. Why would you admit to successfully seeking advice from your bank on how to structure? Which, by the way, was likely only your bank humoring you and immediately writing up a SAR after you left.

[cypherdoc]

If you're not breaking the law, then why are you asking for advice on how to break the law? Which alone could put you in prison for 5 years.

on the contrary.  i'm asking how to stay within the parameters of the law. 

Because you are a Bitcoin user I'm going to assume that the amounts of currency you deal in would never have any chance of triggering a CTR or SAR, ever, by itself. Why would you admit to successfully seeking advice from your bank on how to structure? Which, by the way, was likely only your bank humoring you and immediately writing up a SAR after you left.

stop making so many assumptions.  its very reasonable for anyone to want to know how to avoid unnecessary attention.

[Inaba]

Oh oh oh... lord have mercy, do not go there, Galambo.  The defense of "If you don't have anything to hide, then why do you care if we invade your privacy?" will fall on deaf ears around here.  Not only is it complete crap as a defense, it's just plain wrong morally.

Lets take my example - I would like to avoid it - not because of anything illegal, I would just like to get my money in a timely fashion.  They can scrutinize my transactions all they want; they are perfectly legal.  However, I am out $26,000 (now $10,000) for more than a month for essentially nothing.  I've followed the protocols, sent in the required documents, etc... yet I can't access my money because I sent the wrong value amount for a transaction.  If I had sent a lesser amount or a different amount, then I'd already have my money.  Nothing illegal going on anywhere.

Yeah... the "If you've got nothing to hide" defense is not going to fly.

[repentance]

Yeah, I can see how that would work:

"Follow the rules!"
"What rules?"
"Sorry, as per rules, I'm not allowed to teach you."
"Oh, ok, fuck you."

It's not exactly like that because there's nothing inherently illegal about pointing you to public information regarding the rules.  The FinCEN website is full of information about the rules, cases where people have been prosecuted a a result of data received by FinCEN and cases where FSPs have been fined for failing to comply with and enforce AML requirements (the last is especially interesting because it helps clarify FinCEN's actual expectations as opposed to vague, broad principles).

Similarly, AUSTRAC's website is also full of information about the various types of reports which need to be filed with them and under what circumstances.  There's nothing "secret" about the rules - there are entire sections of the website devoted to explaining them (this is necessary because the Act itself and the Rules Instrument are quite confusing).

If it seems like services often go above and beyond what is required by the relevant AML/CTF/KYC requirements, it's because the cases where service providers have been fined and/or prosecuted demonstrate that the regulating bodies expect a much higher level of customer identification and transaction monitoring than their "all about your obligations" type material for reporting entities first implies.

Here's a list of cases where service providers have been fined for not adequately complying with AML/CTF/KYC requirements.

http://www.fincen.gov/news_room/ea/

Notice that even though Western Union was compliant in reporting "bright line" suspicious activity, it was still fined for having inadequate systems in place to detect and report structuring.  Notice also that these fines have been applied as consent orders.  That basically means that the services are accepting the government's interpretation of their obligations as being legally correct.  The day will probably come when someone challenges such interpretations and the actual legal obligations of services are clarified by a court.  Until that happens, though, services will continue to be cautious because the consequences of getting the whole "risk-based assessment" thing wrong are so huge.

Here's a list of cases where FinCEN data has played a role in the prosecution of people for various financial crimes.  You'll notice that not all of these involve what people traditionally think of as "money laundering".  That's because many FATF member countries now regard using money from "any serious crime" as money laundering rather than specifying certain types of crimes as predicate offences.

http://www.fincen.gov/news_room/rp/sar_case_example_list.html?catid=00005

And here's a basic flow chart regarding ongoing customer due diligence requirements in Australia.

http://www.austrac.gov.au/img/ocdd_large.jpg

Here's a basic primer on reporting obligations and what triggers them in Australia.

http://www.austrac.gov.au/rg_9.html#ifti

http://www.austrac.gov.au/rg_9.html#faq

[MtGox_Dylan]

Hi All,

I apologise for the delayed response. I'll now answer what questions I can:

@Serge - A driver's license with printed address is fine as long as it was issued within the last 3 months. If not, we need an alternate form of proof of residence.

@Ente - Unfortunately, I cannot discuss the specific mechanisms which trigger an account flagging in detail for obvious reasons - making this information generally available would allow those who do want to perform illegal activities to find loopholes and fly just below the radar. I'm very sorry I can't give a better answer than this.

@Bruno - I'm unfortunately not that clever. In hindsight, it would have been far better to create this information thread on a Monday when I could respond to everyone in a timely manner. I'd also like to clarify that I'm very far removed from our PR department, and only created this thread to help explain to users how our AML process works, dispel some common misconceptions, and hopefully make my job easier by reducing the number of incorrectly submitted account verification requests.

Now, to answer your question specifically:

We do not allow users under 18 to use our service as per our ToS. With regards to Zhou Tong, I've discussed it with Zhou and he's very kindly allowed us to share his personal circumstances - in his case, we received written consent and documents from his parents so that he could continue to keep an account with us, as he did indeed create an account before we had our ToS.

@dancupid - Essentially, all personal information collected by us enters into the same "pool" of data, which is a secure data store where files are kept for 5 years as legally required. We can't delete records from here, unfortunately.

@Bitco - The Japanese requirements are fairly obtuse as they've been written specifically with Japanese citizens in mind. They basically boil down to:

• A valid photographic identification document must be collected and,
• A letter must be sent by registered mail to the user's address as proof of residence.

We are currently working on putting in place a system that will let users receive registered mail to prove their residential address, but for now we are collecting alternate forms of proof of residence documents. We are very sorry for the inconvenience. With regards to returning funds, we absolutely do return funds as soon as any AML investigation is completed, unless legally required to pass the funds onto law enforcement pending additional investigation. There is no situation in which Mt.Gox will keep customer funds for itself as part of an AML investigation.

@CryptoCoinMedia - We are currently looking at outsourcing and partially automating our AML operations, although this has more to do with efficiency than transparency. We'd be very happy to hear any opinions our users might have on this point, actually. Would you prefer to provide personal information to Mt.Gox directly, or a trusted third party?

I would finally like to thank repentance for the excellent information he has also been providing throughout both threads, which is always accurate and useful.

If anyone has any additional questions, please feel free to ask.

[rjk]

In regards to a letter being sent by registered mail, the certificate provider StartSSL does that too. I have renewed my Class 2 validation with them a few times, and since I have no phone bill (employer pays it), I have had to get a registered letter sent from Israel every 2 years. It works great, and I think it's a good way to do it.

[Bicknellski]

Well shit, so now I have to post this in two places because I don't know which thread is being monitored:

Thanks for the post MTGox_Dylan.  I think most everyone was already aware of these FAQ points, though.  That has never really been the issue, so I'm not sure what is hoped to have been accomplished by making this post, other than as a distracting measure (This would have been perhaps more effective: http://chanarchive.org/content/1_b/378881354/1328366326840.jpg).

The real problem here is, as has already been at least partially mentioned:

1. The lack of transparency in the process.
2. The lack of communication.
3. The lies and false promises made by MTGox Support Staff with regards to AML/KYC.
4. Delay after delay, ostensibly under the guise of AML.
5. The just plain ludicrous decisions (Goat as an example).  Perhaps transparency would clear these up.
6. The fact that most decisions made by MTGox seem completely arbitrary, and nothing... NOTHING pisses off customers more than arbitrary decision making.  When your actions are not predictable in a given situation, you are wrong.  Period.

So while this post is nice and all, I'm not sure what you're hoping to accomplish other than to distract from the real issues surrounding MTGox.  My situation, that has been on going since April, is still unresolved.  I am not the only one in this situation and there are plenty of others in similar situations. 

Again, this does not seem to be an AML issue, it seems to be an insolvency issue.  MTGox is unable to fund even moderate sized fiat conversions, which leads many of us to believe you guys are basically bankrupt and a disaster waiting to happen.  The fact that no one has publicly denied this (not that we'd believe you at this point anyway, given MTGox track record of lies and falsehoods) certainly does not bolster confidence in MTGox at all.

Maybe this is the wrong thread to bring any of this up, but I don't want people to be distracted by this kind of thread from the real issue of MTGox being unable to meet their obligations to even moderate sized customers, especially when you are trying to gain new customers who will end up completely screwed when the Gox house of cards comes crashing down.

Be nice to have the same transparency for BFL customers right?

[td services]

Why do AML/KYC?

 Mt.Gox handles both Bitcoin and fiat currency (Dollars, Euros, etc.) As a result, we are bound by the laws of Japan and America, along with various international regulations which cover the fiat side of our business. Very similar to how a bank in most countries must be regulated to ensure they are not facilitating money laundering, terrorist financing or the like, we are obliged to follow the same rules.

Oh please enough with the state propaganda bullshit.

Why don't you tell it like it really is. You are not obliged, you are forced under threat of violence to gather information about your customers so that governments around the world can control what your customer's money is being used for. "Money laundering, terrorist financing or the like" are victimless crimes the state invented as a way to gain even more control over the people they assert their rule over.

You can't imagine the angry thoughts that go through my mind when I read bs propaganda like this, I'm pretty sure if they already tried to attack people for thought crime I'd get the capital punishment.  

You can't imagine the angry thoughts that go through my mind when I read this bullshit libertarian and anarchistic off-topic propaganda.
just because you a little afraid kid, paranoid about the big bad government, that is actually trying to make you safe and comfortable, you don't have to spray your fuck system shit around this forum at all time.

+1

Some people on this forum are truly paranoid about anything government related...

Government kills!

Non-governmental terrorism, organized crime, and nut job mass shooters combined have a couple of hundred million in body count to go to match government as the number one cause of bulk megadeath.

The US government also conducted radiation experiments on its citizens without their knowledge or consent from the 50s throughout the early 70s according to the San Jose Mercury and LA Times.