Юридические аспекты и compliance¶
Правовая структура¶
Twin Bridge работает как ОсОО в Кыргызской Республике со статусом "IT-продукт", что освобождает от необходимости получения крипто-лицензии. Деятельность классифицируется как техническая агрегация, а не как VASP (Virtual Asset Service Provider).
Regulatory positioning
Twin Bridge позиционируется как "технологическая платформа агрегации", аналогично Booking.com в туризме — мы не оказываем финансовые услуги, а соединяем лицензированных участников рынка.
Обоснование отсутствия крипто-лицензии¶
Критерии VASP (НЕ применимы к Twin Bridge)¶
| VASP активность | Twin Bridge деятельность | Статус |
|---|---|---|
| Custody крипто-активов | Не храним crypto, только API routing | ✅ НЕ VASP |
| Exchange services | Не проводим обмен, связываем провайдеров | ✅ НЕ VASP |
| Transfer services | Не переводим активы, только информация | ✅ НЕ VASP |
| ICO/STO управление | Не связано с эмиссией токенов | ✅ НЕ VASP |
Правовое обоснование¶
Legal reasoning
Twin Bridge = Software-as-a-Service платформа для API агрегации:
- Обрабатываем только метаданные (курсы, статусы, routing information)
- НЕ касаемся real money movement — это делают лицензированные партнёры
- Аналогия: PayPal vs PayPal Commerce Platform — мы второе
- Revenue model: технологические комиссии, не финансовые услуги
Нормативная база по валютам¶
KGS (Кыргызский сом)¶
- Регулятор: Национальный банк Кыргызской Республики (НБКР)
- Статус: FATF white list, либеральное IT-законодательство
- Лицензии партнёров: обменники КР с лицензиями НБКР
- Compliance требования: KYC/AML через партнёров, отчётность в НБКР
- Twin Bridge обязательства: Техническая отчётность, мониторинг партнёров
RUB (Российский рубль)¶
- Регулятор: Центральный банк Российской Федерации (ЦБ РФ)
- Статус: Sanctions considerations, regulatory complexity
- Лицензии партнёров: 50+ обменников с лицензиями ЦБ РФ
- Compliance требования: 115-ФЗ (AML), валютное законодательство РФ
- Sanctions screening: OFAC/EU lists проверки обязательны
- Twin Bridge risk: Санкционные риски, требует enhanced due diligence
RUB Regulatory Risks
Санкционные ограничения могут усиливаться. План митигации:
- Geographic isolation: RUB operations в separate legal entity (КР или Армения)
- Enhanced screening: OFAC, EU, UK sanctions lists проверка
- Compliance buffer: 20% compliance budget allocation для RUB
FATF Compliance Framework¶
Anti-Money Laundering (AML)¶
Twin Bridge следует risk-based approach согласно FATF Recommendations:
Risk Assessment Matrix: | Risk Factor | Low | Medium | High | |-------------|-----|--------|------| | Customer type | Лицензированные провайдеры | Small providers | Unlicensed entities | | Geographic risk | КР, Казахстан | Узбекистан, Грузия | High-risk jurisdictions | | Transaction size | <$1K | $1K-$10K | >$10K | | Volume patterns | Consistent | Seasonal spikes | Unusual patterns |
AML Procedures: 1. Customer Due Diligence (CDD) — Know Your Customer для всех провайдеров 2. Enhanced Due Diligence (EDD) — для high-risk categories 3. Transaction Monitoring — automated suspicious activity detection 4. Suspicious Activity Reporting (SAR) — в НБКР при threshold превышении
Know Your Customer (KYC)¶
Модель: Pass-through KYC + Independent verification
Required documents: - Corporate registration documents - Financial licenses (payment institution, EMI, banking) - Beneficial ownership information (UBO) - AML/CTF policies documentation - Insurance coverage confirmation
Verification process: - Legal entity verification через commercial databases - License verification с регуляторами - Sanctions screening (OFAC, EU, UN lists) - Ongoing monitoring quarterly updates
Required documents:
- НБКР/ЦБ РФ лицензия на обменные операции
- State registration documents
- Tax compliance certificates
- AML officer appointment documentation
- Insurance coverage (профессиональная ответственность)
Verification process: - License verification с НБКР/ЦБ РФ directly - On-site visits для top-10 partners - Monthly compliance reporting - Annual compliance audit
KYC Technology Stack
Automated verification: Jumio/Trulioo для document verification
Sanctions screening: Dow Jones Risk & Compliance автоматический screening
Monitoring: Custom algorithms + manual review для suspicious patterns
Договорная структура¶
Провайдеры (Provider Service Agreement)¶
Ключевые секции: - Service Level Agreement (SLA): 99.9% uptime, <200ms latency - Data Processing Agreement: GDPR compliance для EU providers - Liability allocation: Limited liability, insurance requirements - Termination clauses: 30-day notice, data retention/deletion - Dispute resolution: Singapore arbitration (SIAC) для international disputes
Revenue terms: - Commission: Индивидуальный % от объёма транзакций - Billing: Monthly invoicing, NET-30 payment terms - Currency: USD equivalent, settled в preferred currency
Обменники (Exchange Partner Agreement)¶
Ключевые секции: - Partnership terms: Non-exclusive, revenue sharing model - Compliance obligations: KYC/AML adherence, regulatory reporting - Technical integration: API specifications, testing requirements - Performance metrics: Response time, success rate, dispute resolution
Revenue terms: - Commission: Индивидуальный % от объёма транзакций - Settlement: Weekly payouts, local currency (KGS/RUB) - Performance bonds: $5K deposit для top-tier partners
Contract Templates
Все договоры базируются на ISDA templates (адаптированные для crypto) + местное законодательство КР/РФ.
Sanctions Compliance¶
OFAC (US Treasury) Compliance¶
Screening requirements: - SDN List: Specially Designated Nationals daily screening - Sectoral sanctions: Russian financial institutions restrictions - Geographic sanctions: Crimea, Donetsk, Luhansk prohibition
Technical implementation: - Real-time screening: API integration с OFAC databases - Transaction blocking: Auto-block при match найден - Compliance reporting: Weekly OFAC compliance reports - Legal advice: US sanctions counsel on retainer
EU Sanctions Compliance¶
Additional screening: - EU Consolidated List — broader than OFAC scope - Russian individuals/entities — more extensive coverage - Financial sector restrictions — correspondent banking limitations
Стратегия снижения рисков¶
- Geographic IP blocking для sanctioned territories
- Enhanced customer screening для Russian entities
- Transaction pattern analysis для sanctions evasion detection
- Regular database updates (daily OFAC/EU list refresh)
- Separate legal entities для RUB vs KGS operations
- Enhanced compliance officer с sanctions expertise
- Legal opinions от US/EU sanctions counsel
- Insurance coverage для sanctions-related liability
SOC2 Compliance Roadmap¶
Year 1: SOC2 Type I (Design)¶
Timeline: Months 9-12
Key requirements:
- Access controls: Role-based permissions, 2FA mandatory
- Data encryption: At-rest и in-transit encryption
- Incident response: Documented procedures, escalation matrix
- Vendor management: Third-party risk assessment
- Change management: Code review, deployment controls
Estimated cost: $75K (consultant + audit + implementation)
Year 2: SOC2 Type II (Operational Effectiveness)¶
Timeline: Months 13-24 Additional requirements: - Continuous monitoring: 12 months operational evidence - Penetration testing: Quarterly security assessments - Business continuity: Disaster recovery procedures - Training programs: Security awareness training
Estimated cost: $25K annual (ongoing audit + maintenance)
Privacy Compliance¶
GDPR (EU Providers)¶
Data Processing Agreement включает: - Lawful basis: Legitimate business interest - Data minimization: Only necessary transaction metadata - Retention periods: 7 years для financial records, 3 years для logs - Data subject rights: Access, rectification, erasure procedures - Cross-border transfers: Standard Contractual Clauses (SCCs)
Local Privacy Laws¶
Кыргызстан: Закон "О персональных данных" — basic requirements Россия: 152-ФЗ "О персональных данных" — stricter localization requirements
Data Localization
Russian data localization может потребовать physical servers в РФ для RUB operations.
Mitigation: Partner с local data centers или separate RUB infrastructure.
Terms of Service & Privacy Policy¶
Terms of Service (ToS)¶
Key sections: - Service description: API aggregation, не financial services - User obligations: Compliance with local laws, accurate information - Liability limitations: Limitation of liability, force majeure clauses - Termination rights: Platform access suspension/termination conditions - Governing law: Кыргызская Республика law, English version controls
Privacy Policy¶
Key disclosures: - Data collection: Transaction metadata, KYC information - Data usage: Service provision, compliance, analytics - Data sharing: With authorized partners, regulatory authorities - User rights: Access, correction, deletion requests - International transfers: Cross-border data processing disclosures
Intellectual Property Strategy¶
Trademark Protection¶
- "Twin Bridge" — trademark application в КР, РФ, key jurisdictions
- Domain registration: .com, .kg, .ru domains secured
- Logo/branding: Registered design protection
Trade Secrets Protection¶
- API architecture: Proprietary routing algorithms
- Partner database: Relationships and performance data
- Compliance procedures: Internal processes and methodologies
- NDA templates: For employees, contractors, partners
Patent Considerations¶
Potential patentable innovations: - Cross-border payment routing algorithms - Multi-currency risk assessment methods - Sanctions compliance automation systems
Strategy: Defensive patents для IP protection, не для litigation
Regulatory Monitoring & Government Relations¶
Regulatory Change Monitoring¶
KR Monitoring: - НБКР regulations: Monthly updates, direct regulator contact - IT law changes: "IT-статус" compliance requirements - Tax implications: Corporate tax, VAT considerations
RUB/RF Monitoring: - ЦБ РФ regulations: Валютное законодательство changes - AML requirements: 115-ФЗ updates, enhanced measures - Sanctions developments: US, EU, UK sanctions expansion
Government Relations Strategy¶
- НБКР engagement: Regular compliance meetings, regulatory clarity requests
- Industry associations: Crypto/fintech associations membership
- Legal counsel: Local legal advisors в КР и РФ on retainer
- Compliance consultants: Big 4 firms для regulatory guidance
Regulatory Advantage
Proactive compliance approach дает competitive advantage — мы готовы к regulatory changes раньше конкурентов.
Навигация: ← Команда | Главная → | ISO 31000 Legal Risk Management