Statement on inspection in Codicu ApS (money laundering area)
In March 2020, the Danish Financial Supervisory Authority inspected Codicu ApS. The inspection was an investigation of the money laundering area. The inspection included the company’s risk assessment, policies, business procedures, customer due diligence procedures, monitoring of private and business customers as well as notifications to the Money Laundering Secretariat.
Risk assessment and summary
The company offers exchange between Danish kroner and the virtual currency Bitcoin to both private and business customers. The company does not offer virtual wallets, and the company’s customers can thus have neither Bitcoin nor Danish kroner deposited with the company. In connection with an exchange, however, the company’s customers must make the payment of Bitcoin or Danish kroner to the company via bank transfer, after which the company makes the payment to the customer again via bank transfer. The company does not offer cash transactions or use of payment cards.
The Danish Financial Supervisory Authority assesses that the company’s inherent risk of being used for money laundering or terrorist financing is normal to high in relation to the average of financial companies in Denmark. In the assessment, the Danish Financial Supervisory Authority has placed special emphasis on the company offering a simple service, switching between Bitcoin and Danish kroner using a bank transfer. It is also included in the Danish FSA’s assessment that each exchange is documented on Bitcoin’s blockchain, which is publicly available, and that this documentation can thus not be manipulated by the company or by third parties. Conversely, the company’s customer portfolio consists exclusively of distance customers.
Based on the inspection, three areas have given rise to supervisory reactions.
The company is instructed to revise the company’s risk assessment so that it identifies and assesses the risk that the company will be used for money laundering and terrorist financing. In doing so, the company must ensure that the risk assessment uncovers the company’s risk separately for money laundering and terrorist financing.
The company is also instructed to draw up a policy in the area of money laundering which is based on the company’s risk assessment, sets the company’s overall strategic goals in the area of money laundering, and contains the principled decisions on how the company should be set up to counter the risks of money laundering and terrorist financing.
Finally, the company is instructed to revise the business procedures so that they indicate specific activities that must be performed.