How should VASPs prepare for a GIIF control?

Virtual Asset Service Providers (VASPs, also referred to as CASPs – Crypto Asset Service Providers) in Poland are subject to stringent anti-money laundering (AML) and counter-terrorist financing (CTF) regulations. The General Inspector of Financial Information (GIIF) conducts controls to ensure compliance with these regulations. Proper preparation for a GIIF control can help VASPs navigate the control process smoothly and avoid potential penalties.

Here are key areas that Polish VASPs should focus on when preparing for a GIIF inspection:

1. Understand the Legal Framework

Familiarize yourself with the Act of 1 March 2018 on counteracting money laundering and financing of terrorism, which outlines the VASPs AML/CTF obligations in Poland. Ensure that your internal policies and procedures are aligned with these legal requirements.

2. Conduct a Self-Assessment

Perform an audit to assess your current AML/CTF compliance status. This can either be internal audit or external one, where tau.legal might be of particular help. Identify any gaps or weaknesses in your procedures and take corrective actions before the GIIF control. This self-assessment should cover all aspects of your AML/CTF program, including customer due diligence (CDD), transaction monitoring, and reporting of suspicious activities.

3. Document and Update Policies and Procedures

Ensure that your AML/CTF policies and procedures are well-documented, up-to-date, and accessible by your employees. This includes AML/CFT institution risk assessment, CDD measures and transaction monitoring processes and systems. Regularly review and update these documents to reflect any changes in regulations or business operations.

4. Train Your Staff

Provide comprehensive training to your employees on AML/CTF regulations and your internal procedures. Staff should be aware of their roles and responsibilities in ensuring compliance. This is also an area where tau.legal might help with our AML e-learning trainings.

5. Prepare for On-Site Inspection

During the GIIF's on-site inspection, controllers will review your documentation, observe your processes, and interview relevant personnel. Ensure that all necessary documents are organized and readily available. Designate a point of contact who can facilitate the inspection and provide any additional information requested by the auditors. Ask for legal advice from experienced AML/CFT specialists, if necessary.