A Beginner’s Guide to Operating Your Own Bitcoin ATM and complying on AML

By Joe Ciccolo, the Founder & President of BitAML

February 9, 2017


Originally published here.

Graciously republished with permission.


There’s a great deal of excitement around the Bitcoin ATM space. And why not? Terminals are popping up all over the United States, and around the world.

Since this time last year, the number of Bitcoin ATMs has risen by over 55 percent. Of this growth, 20 percent has occurred in first quarter of 2016 alone. Every day, two new terminals come online somewhere in the world.

The appetite among both consumers and bitcoin ATM operators is undeniable. Consumers enjoy a simple, user-friendly, and familiar onramp. The sale of fiat paper currency for bitcoin can be completed within a matter of seconds.

To the consumer, especially bitcoin regulars, these new age vending machines have become a popular alternative to bitcoin exchanges, which tend to suffer from longer processing times, stricter controls, and arguably colder customer service.

For operators, the barriers to entry are much lower in comparison to most bitcoin business models, not just bitcoin exchanges. Rather than coding an app and developing cumbersome infrastructure, as an operator you simply purchase your technology from a bitcoin ATM manufacturer.

All that’s left to do is find a location and plug ‘er in, right? Wrong! Ordering and taking delivery of your terminal should be one of the last steps in your business planning. First and foremost on the agenda should be creating an anti-money laundering (AML) compliance program. That should be step one!

Yes, that’s right, I said it…“AML compliance should be step one.” All too often, aspiring operators call me because their Bitcoin ATM is arriving tomorrow and they heard something about needing AML compliance.

Strange as this may sound, it happens all the time.

While operating a Bitcoin ATM is an exciting and potentially lucrative business, the terminal is not going to make you any money collecting dust in your apartment while you scramble to get your compliance affairs in order.

So, where does a future Bitcoin ATM operator begin?

Below are four key elements around which to build your compliance strategy prior to launch.

1. Identify and research money transmitter requirements in the state or states within which you plan to operate your terminal(s)

It’s important to understand that some states are friendlier to Bitcoin ATMs, or Bitcoin in general, than others. This could mean the difference between a comprehensive and costly state licensure process or a less burdensome exemption under a state money transmitter law. The differences are as vast as they are ever-changing.

States continue to evolve their application of existing and antiquated money transmission laws. As we speak, several states have pending legislation aimed at redefining money transmission so as to accommodate bitcoin companies.

That said, it’s vital to understand the requirements in your state. For starters, the non-profit bitcoin research and advocacy group, Coin Center, publishes a helpful real-time state regulatory tracker.

2. Register as a money services business (MSB) with the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), the country’s financial intelligence unit and arbiter of federal AML laws

It might be difficult to believe, but registering with FinCEN, the nation’s top money laundering watchdog, might be the easiest compliance task.

It’s literally a “check-the-box” activity. Indeed, in contrast to the permission-based state licensure process, at the federal level, entities merely register with FinCEN via the online portal. The process can typically be completed in under an hour.

While registering with FinCEN is a simple exercise, it comes with much responsibility. By checking the boxes, so to speak, you are agreeing to be regulated by FinCEN and thus meet certain requirements to the satisfaction of regulators.

This includes, among other things, registering at the state-level, if applicable; developing and implementing an AML program; retaining certain transactional information; and, reporting suspicious activity and getting certain required customer details for transactions of more than $10,000, called the customer transaction report or CTR.  

3. Develop and implement an AML program

FinCEN regulation requires implementation of a written AML program.

But the obligations go much further than that to be truly considered in compliance. An effective AML program is one designed to prevent your bitcoin ATM from being used to facilitate money laundering activities.

Each AML program must be in writing and address, at minimum, the “four pillars” as follows: 

·         Incorporate policies, procedures, and internal controls reasonably designed to assure compliance with the Bank Secrecy Act (BSA). In some federal and state arenas, best practices include instituting potentially expensive transaction monitoring and sanctions screening systems to capture patterns typically too complex for manual techniques.

·         Designate a compliance officer responsible for day-to-day compliance with the BSA and AML program. The compliance officer must possess expertise requisitely equaling the risk of the particular ATM, including considering where it will be located, the types of customers that may be exchanging through it and corresponding regions and the size of individual or cumulative transactions passing through the ATM.

·         Provide ongoing, targeted training to appropriate personnel concerning their responsibilities under the AML program. The training, while also including broad-based red flags inculcating classic money laundering techniques, should also be tailored to the risk of that ATM or to the risks various frontline, business or compliance teams will encounter.

·         Provide for an independent review or audit of your AML program on an annual basis, at minimum. This is one of the trickier areas of AML compliance. Typically, these can be done by someone else in the company, but not the person who also manages the AML program. This can also be done by qualified third-party consultants.

FinCEN provides bitcoin ATM operators with detailed information on each of the “four pillars,” including specific recordkeeping and reporting requirements.

4. Test your AML program, customer and transactional controls

Alright, you have a robust AML program in place. Now it’s time to test your AML controls before going live.

Start by running some sample transactions from your bitcoin wallet through the terminal(s). Be sure to test your thresholds to ensure that proper know your customer (KYC) requirements are triggered, as well as any “red flag” indicators of potentially suspicious or unusual activity.

Be sure to confirm that customer and transaction information is properly obtained and recorded. In so doing, document your findings, especially any subsequent changes to your AML program as a result of this testing.

This is one of the most oft-criticized areas of the AML program applicable to a broad array of entities considered financial institutions under federal financial crime compliance rules. If you find problems, document those, but also quickly and clearly document the changes you made to improve operations and be, in your best estimation, in compliance.

And as we said, don’t be afraid to get a second opinion. You might think you have done a great job, but only because you are new to compliance and don’t realize you are dealing with a detailed, nuanced field with both senior compliance officers creating advanced programs to counter criminals and increasingly nitpicky state and federal examiners. Just remember that it’s better a consultant tells you what areas to improve, rather than a regulator.  


The above elements should help you jump start your AML compliance, and ultimately the launch of your bitcoin ATM business.

The importance of compliance from day one cannot be overstated. Further, compliance should grow with your business not be an afterthought or a mere check box in your overall business plan.

Compliance is in many ways is an ethos; it’s how you conduct your business. That’s why BitAML has partnered with key groups, including ACFCS, to deliver free educational compliance resources to new and aspiring bitcoin entrepreneur.

This includes our most recent e-book, “An Introduction to Bitcoin ATM AML Compliance.” Like 99Bitcoins (where this piece was originally published), we believe in translating bitcoin, or in this case bitcoin compliance, into plain English.