AML laws and regulations and corresponding duty of due diligence applies, if the service provider maintains the private key.
Custodian wallet provider: AMLA applies (Supervision & AML)
- Provision of safekeeping and enabling clients to send and receive crypto assets
- if provider orders the transfer of cryptocurrencies for clients, a payment transaction service is provided
- has access to clients’ private keys (custody), thus has power to dispose over third-party assets
- Note: includes providers whose signature is required to execute the transaction (multi-sig)
- must affiliate with an SRO or be directly subject to FINMA supervision
- triggers AMLA duty of due diligence (KYC)
- But: Relaxation for issuers of payment instruments in relation to the duty of diligence if payments < CHF 3,000 per customer/year (Art. 12(2)(d) AMLO-FINMA)
Non-custodian wallet provider: AMLA does generally not apply, if provider:
- does not keep or have access to clients’ private keys – cannot view or access clients’ wallets
- provides software but is not involved in the transfer of assets, and
- clients transfer peer-to-peer transactions without the wallet providers’ involvement
- In such constellations the provider is generally not regarded as a financial intermediary because no power of disposal over third-party assets is given. Hence, the provider is not subject to the AMLA and its duty of due diligence. Assessments must be conducted on a case by case basis.