Details of compliance and safety controls across the Libra network
A. Association will create a comprehensive Compliance Program
The Association will implement a comprehensive Compliance Program designed to meet or exceed relevant laws and requirements. At a minimum, the Compliance Program will:
- Designate a Chief Compliance Officer.
- Designate a committee with oversight reporting responsibilities.
- Develop written AML/CFT/sanctions compliance policies and procedures based on a risk assessment and approved by the board of directors of the Association (and/or the boards of directors of its subsidiaries).
- Perform risk-based due diligence on all Members, Designated Dealers, and Regulated and Certified VASPs.
- Periodically revise the AML/CFT/sanctions programs as appropriate, based on periodic risk assessments
and evolving regulatory requirements.
- Create an FIU-function to facilitate monitoring for potential suspicious and sanctioned activity on the
Libra network, increasing the safety and compliance of the network.
- Designate a function such as Internal Audit that meets the standards of independence required to
conduct periodic independent reviews of the Association’s AML/CFT/ sanctions compliance programs.
- Perform relevant employee training.
B. Association will set mandatory standards for unrestricted use of the Libra payment system
The Association and/or one of its subsidiaries will set mandatory standards for Members, Designated Dealers, Regulated VASPs, and Certified VASPs for entry on the Libra network. Entities that meet these standards may transact on the Libra network without being subject to transaction and address balance limits, or, in some cases, may be subject to higher limits than those assigned to Unhosted Wallets.
C. Association will conduct due diligence on Association Members and Designated Dealers
The Association and/or one of its subsidiaries will conduct due diligence on all future Members before their admission to the Association and on potential Designated Dealers prior to entering into written agreements with them.
This due diligence will be conducted against Association-set standards for Members and Designated Dealers, as appropriate, designed to ensure high levels of compliance, reputability, and trustworthiness. This due diligence will include, but not be limited to, a review of each Member’s or Designated Dealer’s:
- Entity status
- Sanctions screening
- Negative news
- Beneficial owners and control persons
- Adherence to applicable AML/CFT/sanctions compliance regulatory requirements (if any)
- Licenses and registrations
- Entity location and the geographic reach of its customer base
During this due diligence, the Association and/or one of its subsidiaries will also verify that all Designated Dealers fulfill requirements with respect to capitalization and expertise in foreign exchange markets and that all Designated Dealers will, in turn, conduct due diligence on their downstream counterparties in the Libra payment system.
In addition to conducting its due diligence review for future Members and Designated Dealers, the Association and/or one of its subsidiaries will also conduct periodic, ongoing risk-based due diligence of existing Members and Designated Dealers.
D. Association will distribute Libra Coins through regulated Designated Dealers
Libra Networks will mint Libra Coins intended for distribution to the market only with Designated Dealers and will redeem Libra Coins only from those Designated Dealers. These Designated Dealers will be regulated, well-capitalized financial institutions that will have the right — pursuant to a contract with Libra Networks — to purchase Libra Coins from and sell Libra Coins to Libra Networks. In turn, these entities will buy Libra Coins from and sell Libra Coins to exchanges and OTC dealers to facilitate the market in Libra Coins for end users. Libra Networks will mint and burn Libra Coins with the Designated Dealers and will not have any contractual relationship with any exchanges or end users, save for certain contingent contractual rights that may exist in the context of Emergency Operations.
E. Only Regulated or Certified VASPs will be allowed to transact on the network without transaction and address balance limits
The Association expects that most people will interact with the Libra payment system through VASPs. VASPs will facilitate transactions by their users and may record some transactions internally on their own books instead of on the Libra Blockchain. Regulated VASPs and Certified VASPs, as described below, will be permitted to use the Libra payment system without being subject to the transaction and address balance limits for Unhosted Wallets (described below).
A Regulated VASP is a VASP that is registered or licensed as a VASP in a FATF member jurisdiction, or any entity that is registered or licensed in a FATF member jurisdiction and is permitted to perform VASP activities under such license or registration.
An entity that seeks treatment as a Regulated VASP must submit a request for approval to the Association or one of its subsidiaries containing at minimum:
- Proof of licensing or registration in a FATF member jurisdiction where such license or registration permits the licensee or registrant to perform VASP activities;
- Representation that the entity has obtained all licenses and registrations required in the jurisdiction in which it is located and operates. Based upon the information provided by the entity and the performance
of appropriate risk-based due diligence on the entity, the Association or one of its subsidiaries will verify that the entity is properly licensed or registered as a VASP in a FATF member jurisdiction, or is an entity that is registered or licensed in a FATF member jurisdiction and is permitted to perform VASP activities under such license or registration;
- Demonstration of a reasonable risk-based regulatory compliance program and controls.
Upon successful verification and a risk-based due diligence review of the VASP by the Association, one of its subsidiaries, or a vetted third-party service provider, the entity will be permitted to create Regulated VASP addresses on the Libra network. These addresses will enable a Regulated VASP to conduct its business without being subject to transaction or address balance limits. The Association may also consider assigning certain Regulated VASP addresses with transaction and address balance limits commensurate with their risk profile.
The Association or one of its subsidiaries will record and publish a directory of Regulated VASPs and their status. The entity will be required to recertify its Regulated VASP status on an annual basis, and the Association, one of its subsidiaries, or a vetted third-party service provider will also perform ongoing monitoring for any changes in the regulatory status of Regulated VASPs or other developments associated with the VASPs risk profile.
A Certified VASP is a VASP that does not qualify as a Regulated VASP but has been certified under standards established by the Association. Certified VASP status is intended to permit VASPs that operate in a FATF jurisdiction without VASP regulations or in a non-FATF member jurisdiction and meet appropriate standards to provide services on the Libra network without being subject to the same transaction and address balance limits imposed on Unhosted Wallets (described below). Any VASP from a FATF member jurisdiction that has implemented a licensing or registration regime must be licensed or registered, as appropriate, and would be subject to Regulated VASP due diligence.
The highest level of Certified VASP would be for a VASP that meets requirements as established by the Association, which are expected to be consistent in principle with those imposed under the FATF Guidance. The Association may consider establishing lower levels of certification for certain Certified VASPs with transaction and address balance limits commensurate with their risk profile.
An entity that seeks treatment as a Certified VASP will apply for certification, and demonstrate that it meets the relevant standards established by the Association and has in place a reasonable risk-based compliance program and controls. The certification could be provided by the Association, one of its subsidiaries, or by one or more vetted third-party certification providers approved by the Association. This could include, for example, a Designated Dealer that performs due diligence as part of its Know-Your-Business (KYB) program or a designated independent audit firm that charges applicants for the certification service.
The Association or one of its subsidiaries will record and publish a directory of Certified VASPs and their status. The VASP will be required to recertify its Certified VASP status on an annual basis, and the certifying entity will also perform, or will be required through another certifying entity to have performed, appropriate risk-based due diligence on the VASP and ongoing monitoring of its status.
Unhosted Wallet activity for users will be subject to transaction and address balance limits and other controls
The Association believes it is important that the Libra network permits direct access by non-VASPs, namely Unhosted Wallets, as a means of enabling financial inclusion, providing broad access to financial services, and fostering innovation and competition:
Financial inclusion: The goal of the Association is for the Libra network to be as inclusive as possible within the current regulatory framework. The network will benefit a large global underbanked and unbanked population who may not have access to a Regulated or Certified VASP, many of which will not find it commercially feasible to service these groups. The Association believes that permitting access by Unhosted Wallets will allow those without access to financial services to benefit from the secure, low-cost, and fast payment services offered by the Libra network.
Today, 1.7 billion adults globally remain outside of the financial system with no access to a traditional bank, even though one billion have a mobile phone, and nearly half a billion have internet access. Unhosted Wallets are key to addressing their needs.
Fostering innovation and competition:
Unhosted Wallets allow the Libra network to offer software developers a platform with built-in security features, such as protocol-level sanctions screening, compliance infrastructure (such as the FIU-function), access to a wide population, and a low barrier to entry. These attributes allow for increased innovation and competition, leading to higher-quality consumer wallets.
Unhosted Wallets also ensure access to innovative products powered by smart contracts. Just as a payment system helps participants settle payments and manage counterparty risk, smart contracts allow participants to agree on more complex business logic that is executed directly by the Libra network, enabling innovative applications. We expect that smart contracts have the potential to add useful functionality to the Libra network beyond its core functionality. Such smart contract modules will be made available for use and development over time, subject to approval by the Association or one of its subsidiaries, which will be granted in cases where satisfactory controls are implemented against regulatory and other risks. Unhosted Wallets ensure that all users can access these innovative services, even if they cannot find a Regulated or Certified VASP that supports that smart contract functionality.
The Association recognizes that Unhosted Wallets may pose increased compliance and financial crime risks. To address those risks, all Unhosted Wallets (i.e., all Libra Blockchain addresses other than those associated with a Regulated or Certified VASP or Designated Dealer) will be subject to additional controls.
The Libra protocol will enforce a transaction limit and a maximum address balance on each Unhosted Wallet address. Any user who wishes to transact at levels beyond these limits will be required to work with a Regulated or Certified VASP.
The Association recognizes that bad actors may attempt to circumvent these threshold limitations and controls by creating and using multiple Unhosted Wallets to remain within the transaction and address balance limits while not operating as a Regulated or Certified VASP. The FIU-function will specifically seek to detect and deter such activity (as explained in Section H below).
F. Automated protocol-level compliance controls will apply for all on-chain activity
The Association will include certain compliance controls directly in the Libra protocol. These controls are designed to enforce certain compliance requirements for all transactions on the Libra Blockchain.
The following are some of the compliance controls that will be implemented as part of the Libra protocol:
- Sanctioned addresses: Protocol-level controls will apply to all network participants, including Unhosted Wallets and VASPs, and automatically prevent transactions involving blockchain addresses identified by authorities as associated with sanctioned persons (sanctioned blockchain addresses). In addition, these controls can be used to restrict amounts stored in sanctioned blockchain addresses.
- Sanctioned jurisdictions: Protocol-level controls will automatically prevent transactions originating from IP addresses associated with sanctioned jurisdictions.
- Unhosted Wallet limits: Protocol-level controls will enforce transaction and address balance limits on Unhosted Wallets.
- VASP certifications: Protocol-level controls will enforce certification renewal requirements on Regulated and Certified VASPs.
- Travel Rule: The Libra protocol will require Regulated and Certified VASPs to attest to compliance with the Travel Rule when transacting. An off-blockchain protocol will assist Regulated and Certified VASPs in complying with the Travel Rule (as described in Section G below).
G. Association will develop an off-blockchain Travel Rule protocol
The Association will develop an off-blockchain protocol to facilitate compliance by Regulated and Certified VASPs with applicable Travel Rule and record-keeping requirements. This protocol will facilitate the exchange of information between these Libra network participants to facilitate their own compliance and will include an open-text field to allow for the sharing of supplemental information. Unhosted Wallet addresses can use this off-blockchain protocol to submit required or requested data to Regulated and Certified VASPs. The Association will maintain a public directory of Regulated and Certified VASPs, and Regulated and Certified VASPs will publicly attest to their compliance with applicable Travel Rule and record-keeping requirements (as described in Section F above).
H. Association’s FIU-function will monitor Libra network activity and coordinate with Libra network participants
The Association and/or one of its subsidiaries will operate an FIU-function with the goal of maintaining high levels of compliance within the Libra payment system. The FIU-function will monitor Libra network activity and work with both government authorities and service providers to seek to detect and deter inappropriate use of the platform.
Cooperating with Libra network participants
Regulated and Certified VASPs and Designated Dealers operating in the Libra network will maintain their own compliance programs that will be subject to periodic reviews by the Association or one of its subsidiaries, or a vetted third-party service provider as part of its risk-based due diligence. The FIU-function will seek to coordinate with these network participants to detect and report potentially illicit or evasive activity. Subject to applicable law, the FIU-function will cooperate and coordinate with Designated Dealers, Regulated and Certified VASPs, and other network participants to gather and share risk signals and compliance insights (e.g., recognition of new typologies, addresses associated with elevated risk, and structuring).
Detecting suspicious activity and protocol compliance control evasion
An important goal of the FIU-function will be to detect suspicious activity and deter attempts to evade protocol compliance controls, which includes the evasion of sanctions geoblocking, as well as transaction and address balance limits. The FIU-function will use network analysis techniques to seek to detect suspicious activity across the Libra network and partner with service and technology providers in the blockchain monitoring space.
If any such activity is detected, the FIU-function will share elevated risk signals with network participants and with the relevant authorities as permitted or required by applicable law. Such addresses may also be restricted based upon court orders or administrative orders issued or obtained by government authorities.
I. Association will respond to identified potentially suspicious and sanctioned activity, including through reporting
When potentially suspicious and/or sanctioned activity is identified by the Association’s FIU-function, the Libra Blockchain addresses and supporting evidence may be shared with blockchain monitoring service providers and with network participants, subject to applicable law. We expect service providers will also integrate this information into their overall data set to inform network participants and regulators.
In order to deter abuse, the FIU-function will notify VASPs, as appropriate and subject to applicable law, of the Libra Blockchain addresses of Unhosted Wallets that are potentially attempting to circumvent established limits.
Reporting and law enforcement
The Association’s FIU-function will actively monitor the network and will utilize risk signals shared by Designated Dealers, Regulated and Certified VASPs, Members, and other network participants as appropriate. When potentially suspicious and sanctioned activity is detected, the FIU-function will submit appropriate reports to applicable authorities as permitted or required by applicable law.
The Association’s FIU-function will cooperate, to the extent permitted or required by applicable laws, with requests for information or assistance from law enforcement related to the use of the Libra network.