Compliance FAQS

General Bytes tries to facilitate ease of reporting & compliance with local ordinances. Many features have been incorporated over the years towards this end. This article endeavors to provide more details describing these features.

AML/KYC

Anti-Money Laundering (AML) efforts are put forth by various governments in an attempt to restrict the flow of cryptocurrencies between individuals. Operators in most jurisdictions are now required to Know Your Customer (KYC) - that is to identify who is at the receiving end of a transaction.

These requirements vary by area, and privacy laws affect the implementation. General Bytes CAS software permits you to collect a wide range of documents and details, meeting (if not exceeding) your local demands. You can then set purchase limits that fall within the approved guidelines set by your applicable government.

Inspecting & approving each & every customer that approaches your BATMs can be a substantial burden, but alternatives to manual processing exist.

Onfido is an example of an automated KYC service. They interact with your customer, and (can) automatically identify & authorize your customer as “known”, therefor complying with the KYC portion of most government requirements.

• Contextual help: https://generalbytes.atlassian.net/l/c/TE8rNDVs

Transaction Scoring is a dynamic method for reducing (or eliminating) criminal transactions. Other transactions (such as gambling sites) are still permitted, though noted as such.

CAS AML/KYC settings are described in context here: https://generalbytes.atlassian.net/l/c/DZww0i8C

Sanction Lists

CAS uses sanction lists to identify government sanctioned customers attempting to acquire authorization to conduct a transaction. These lists are published by the respective government agencies and downloaded automatically by CAS every 24 hours.

Currently, these sanction lists are automatically applied;

1. OFAC, https://www.treasury.gov/ofac/downloads/sanctions/1.0/sdn_advanced.xml

2. EU,

3. Canada,

4. Czech Republic.

The customer’s name is checked against the sanction list every time there is a transaction being executed (buy or sell). If there is a match, the transaction is not processed (Operator doesn’t send coins or, Operator doesn’t dispense cash).

The customer’s crypto wallet address is also checked against the OFAC sanction list. The sanction list can be also manually checked by the Operator (for that Identity). The Operator may also receive notifications each time a sanctioned Identity/address tries to initiate a transaction.

The precise implementation of OFAC list comparison: OFAC Sanctions Source Code (on Github)

Only the customer’s first and last name is used. If the customer provides only one word it is considered to be their last name. Middle names are unused. The customer’s entry is also tested for gibberish.

OFAC scoring (100% = fail, 50% => passes):

1. Last name matches, but first name doesn’t match = 50%.

2. Both last name and first name matches = 100%.

3. When only last name is provided and matches = 100%.

4. Wallet address fully matches (case insensitive) = 100%.

For more information about watchlist implementation:

Blacklists

Blacklists are a static method of blocking customers & wallet addresses. The lists may be customized based on your experiences or information received from a third-party source.

CAS Blacklists are described in context here: https://generalbytes.atlassian.net/l/c/UrqHJcpr