AML/KYC SYSTЕM!
AML/KYC SYSTЕM (ANTI-MONEY LAUNDERING / CUSTOMER TRUSTWORTHINESS CHECK) AND INTERNATIONAL FINANCIAL SANCTIONS PROCEDURES
INTERNAL CONTROL MEASURES FOR THE IMPLEMENTATION OF THE AML LAW
DEFINITIONS AND ABBREVIATIONS
1.2 Client – a natural or legal person to whom the Company provides services.
1.3 Money laundering – concealment or disguise of the true nature, source, location, location, transfer, possession or other rights regarding property obtained as a result of criminal activity or property obtained from it. Modification, transfer, acquisition, possession or use for the purpose of concealment, concealment of the illegal origin of property or assistance to a person who participated in criminal activity in order to avoid the legal consequences of his/her actions. Money laundering also occurs when the criminal activity that led to the acquisition of property used for money laundering occurred on the territory of another State.
1.4 Terrorist financing refers to the distribution or receipt of funds, according to articles of the Criminal Code, for planning or ordering the execution of actions that are terrorist, or for the financing of terrorist organizations, or possession of information that such funds are used for these purposes.
1.5 International sanctions are measures of unarmed influence determined by the European uniоn, the United Nations, another international organization or the Government of the Republic for the purpose of achieving or maintaining peace, preventing conflicts and strengthening international security, as well as supporting and strengthening democracy, the rule of law, human rights and international law.
1.6 A Politically vulnerable person (PEP) is an individual who performs or has performed important functions of a state body, including the role of the head of the country, head of government, minister and deputy or assistant minister, member of parliament or similar legislative body, member of the party leadership, member of the Supreme Court, member of the board of directors, administrative or executive officer of a state enterprise, head of an international organization, deputy head and member of a governing body or similar institution.
1.8 A PEP family member is an individual who is considered the equivalent of the spouse(s) of this person, the child of this person and a person who is considered the equivalent of the spouse(s) of this person or the parent of this person.
1.9 A person close to PEP – it means an individual who, according to publicly available information, is the beneficial owner or co-owner of a legal entity or enterprise with a citizen of the country or a local resident, has close business relations with a citizen of the country or a local resident, or an individual who is the sole beneficial owner of a legal entity or an enterprise that, according to publicly available information, was successfully established in favor of a citizen of the country or a local resident.
1.10 The AML Law – describes measures of assistance in suppressing the legalization of illegal income declarations.
GENERAL PROVISIONS
2.1 This Manual has been prepared on the basis of the AML Law and the International Sanctions Law and is intended for internal use.
2.2 This Guide sets out internal security measures to comply with the requirements of due diligence to prevent money laundering and terrorism, as well as the requirements of international sanctions, and the detection of suspicious and non-standard transactions.
2.3 The Company’s employees must be familiar with and strictly follow the requirements of the AML Law, international sanctions, instructions on the identification of money laundering, terrorist financing and suspicious transactions, and other instructions to comply with the requirements of the AML Law and this Manual.
2.4 The Company’s employees must independently familiarize themselves with amendments to laws and other legislative acts.
2.5 The Board of Directors of the Company is obliged to implement these instructions for all employees.
2.6 The Company’s employees are obliged to confirm the reading of these instructions.
2.7 The Company’s employees are personally responsible for compliance with the requirements of the AML Law in accordance with the procedure provided for by law.
CUSTOMER RELATIONS AND IDENTIFICATION
3.1 The Company’s employees must apply the following rules of conduct every time before entering into a business relationship with a Client.
3.2 The Company does not establish relations with the client by working with an authorized representative of an individual.
3.3 The Client – an individual is identified as follows:
3.3.1 The Client is identified on the basis of an identity document, a copy of the page with personal data and photos that are stored in the Company’s client database. Identification of the following documents is carried out: identity card, passport of a foreigner, residence permit or driver’s license; a citizen of another country – a travel document (passport).
3.3.2 The following data should be recorded for each client:
3.3.2.1 First and last name.
3.3.2.2 Personal number, date and place of birth.
3.3.2.3 Name, number, date of issue and the name of the issuing authority for the document used to identify and verify a person.
3.3.2.4 Address of the place of residence.
3.3.2.5 Contact details: email address and phone number.
3.3.2.6 Does or has the person performed the functions of PEP.
3.3.2.7 Whether the person is a PEP partner or a member of his family.
3.3.3 The following documents are required to identify the client:
3.3.3.2 A document confirming the address of the place of residence. Such a document may be a utility bill, a bank statement on the account balance or other similar documents that indicate the address and were issued earlier than 3 months before.
3.4 The Client – legal entity is identified as follows:
3.4.1 The Client is identified on the basis of an extract from the Commercial Register, which was issued earlier than 3 months before, certified and, if possible, apostilled.
3.4.2 The following data should be recorded for each legal entity:
3.4.2.1 Name
3.4.2.2 Registration number and date of registration.
3.4.2.3 Legal address and actual address.
3.4.2.4 Data of the representative, shareholders and beneficial owner.
3.4.2.5 Contact details: email address and phone number.
3.4.2.6 For each individual as part of a legal entity (for example, director, shareholders, beneficiary owner) – the data and documents indicated in paragraph 3.3.
RISK ASSESSMENT AND DETERMINATION OF THE LEVEL OF IMPLEMENTED CONTROL MEASURES
4.1 When establishing business relations with a Client, the Company must assess the degree of risk of money laundering and terrorist financing, and, accordingly, sеlect and implement appropriate due diligence measures.
4.2 The following categories should be taken into account when assessing the level of risk of money laundering and terrorist financing:
4.2.1 Geographical risk.
4.2.2 Client risk.
4.2.3 Operational risk.
4.3 Geographical risk is considered high if the client or the transaction has a known connection with the following countries or territories:
4.3.1 Countries and territories that have been subject to UN or European uniоn sanctions, embargoes or other similar measures.
4.3.2 Countries without appropriate measures to prevent money laundering and terrorist financing.
4.3.3 Countries that, according to reliable data, are involved in supporting terrorism or have a high level of corruption.
4.3.4 Information about high-risk countries can be found at http://www.fatf-gafi.org/countries/#high-risk
4.4 The Client’s risk is considered high if the client:
4.4.1 is a PEP, a member of his family or a person close to PEP. The Company’s employees are obliged to establish whether the clients are specified persons before establishing business relations with the Client and making a transaction.
4.4.2 Is included by the UN or the European uniоn in the list of persons subject to international financial sanctions. The company’s employees have a duty to track this information before establishing a business relationship, with the verification of customer data.
4.4.3 Is an individual who was previously suspected of involvement in money laundering or terrorist financing.
4.5 The operational risk is considered high if:
4.5.1 A person who is not one of the parties to the transaction will pay for the transaction.
4.5.2 The conclusion of a transaction is required, one of the purposes of which should be to hide the list of actual participants in the transaction.
4.5.3 It is required to conclude a transaction that does not have a clearly justified commercial, economic, tax or legal purpose.
4.5.4 Virtual currencies always come from different addresses or money is transferred from different accounts.
4.5.5 Amounts in virtual currency or money are not standard for the client.
4.5.6 Each time the client receives different virtual currencies.
4.6 The risk of money laundering or terrorist financing is considered high if, for any reason, there is a suspicion that the client or the transaction concluded by the client may be related to money laundering or terrorist financing.
4.7 The Company does not offer services and does not establish relationships with customers if:
4.7.1 These are citizens of high-risk countries (http://www.fatf-gafi.org/countries/#high-risk ).
4.7.2 These are persons from the list of international financial sanctions.
4.7.3 These are PEP, their family members or persons close to them.
4.7.4 Persons who were previously suspected of involvement in money laundering or terrorist financing.
4.8 In respect of risks not listed in clause 4.7, enhanced due diligence measures should be applied to the client.
IT RISKS AND THEIR CONTROL
5.1 Risks associated with the technologies used:
5.1.1 Information leakage;
5.1.2 Providing false information;
5.1.3 Malicious software and cyber attack;
5.1.4 Risks associated with the operation of the information systеm.
5.2 In order to reduce the risk of information leakage, the Company’s employees are obliged to:
5.2.1 Use only internal servers of private limited liability companies;
5.2.2 Use the software approved and installed by the Board of Directors of the Company, which is constantly updated;
5.2.3 Use the Company’s hardware. The use of proprietary hardware, including external media, is strictly prohibited.
5.3 To reduce the risk of providing false information:
5.3.1 In order to confirm the data with the Client, the Company must negotiate in person or during a video conference.
5.3.2 In case of suspicion of providing false information, it is necessary to request supporting documents from the Client.
5.4 To reduce the risks of malicious software and cyber attacks:
5.4.1 The systеm is constantly checked to identify suspicious and unusual transactions.
5.4.2 systеm security tests are performed on an ongoing basis.
5.4.3 Software that is constantly updated is used to detect malicious software and fight viruses.
5.5 To reduce the risks associated with the operation of the information systеm:
5.5.1 The safety infrastructure of the network and the server is used.
5.5.2 A separate primary server and a backup server are used. For security reasons, the main server and the backup server are located in different locations.
5.5.3 The Company’s information systеm is certified according to the PCI/DSS standard.
5.6 According to the need, but at least once a year, information security training is organized for the Company’s employees.
APPLICATION OF DUE DILIGENCE MEASURES
6.1 Special attention should be paid to the actions of individuals or Clients involved in the transaction and circumstances that indicate or may imply money laundering or terrorist financing, including complex, expensive and non-standard transactions that do not have a reasonable economic purpose.
6.2 Applicable due diligence measures:
6.2.1 Identification of the client or the person involved in the transaction on the basis of documents and data submitted by him/her and via videoconference.
6.2.2 Identification of the beneficial owner.
6.2.3 Obtaining information about the Client’s business relations, the purpose and nature of the transaction.
6.2.4 Continuous monitoring of the client’s business relations, including control of transactions concluded in the course of business relations, regular verification of identification data, updating of relevant documents, data and information and, if necessary, identification of the source and origin of funds used in the transaction.
6.3 When conducting a comprehensive legal audit, the facts that will be established are usually determined on the basis of the original documents submitted by the client. If the original document cannot be obtained, notarized or officially certified documents may be used, including documents certified by a lawyer. If it is impractical, taking into account the degree of risk, a copy of the original document must be sealed and/or signed by its author, and can be transmitted electronically (in a re-submitted written form). A copy cannot be trusted if there is doubt about its compliance with the original.
6.4 Verification may rely on information that is written in a format corresponding to a commercial registry, a credit institution or a branch of a foreign credit institution or a credit institution that is registered in another country where there are equal requirements for AML/KYC.
6.5 The above-mentioned due diligence measures should be applied before starting a business relationship or concluding a transaction.
6.6 The identity of the Client can be established and the information provided can be verified during the start of a business relationship or the conclusion of a transaction, if this is necessary to prevent disruption of the normal course of business, and if the risk of money laundering or terrorist financing is low. In such a case, due diligence measures should be completed as soon as possible after the first contact has been established and before any mandatory measures are taken.
6.7 Where possible, an individual or a Client involved in a transaction or professional activity should be required to certify with his/her signature the accuracy of the information and documents submitted for conducting due diligence measures.
APPLICATION OF EXTENDED DUE DILIGENCE MEASURES
7.1 Due diligence measures should be implemented in an expanded scope if:
7.1.1 The identity of the individual or client involved in the transaction is established and information is provided from a place that does not correspond to the location of the audited individual or client.
7.1.2 Identification or verification raises doubts or suspicions about the authenticity of the document, or it is not possible to identify the owner(s)- beneficiary.
7.1.3 In essence, the situation implies a high risk of money laundering or terrorist financing.
7.2 An employee of the company must apply at least one of the following measures of extended due diligence:
7.2.1 Identification and verification of information obtained from additional documents, data or information obtained from a reliable and independent source, or from the commercial register of a credit institution or a branch of a foreign credit institution or credit institution that is registered or does business in a country where there are equal requirements for AML/KYC, and if the identity of an individual is established in this credit institution in the presence of this individual.
7.2.2 Introduction of electronic delivery of documents for their reliability and verification of the accuracy of the information contained therein, including their notarization or official confirmation of the accuracy of the collected data, or a document issued by a credit institution referred to in paragraph 7.2.1.
7.2.3 Making the first payment to an account opened in the name of an individual involved in the transaction with a credit institution, which is registered or operates in a country that has the same AML/KYC requirements.
IDENTIFICATION PEP
8.1 When establishing a business relationship (after the conclusion of a consumer agreement), the Client fills out a form in which he/she enters the basic mandatory data necessary for identification and verification, and mandatory by law.
8.2 Among other information, the Client must indicate whether he, his family member or a close partner is a PEP (Politically Vulnerable Person).
8.3 If a member of the Client’s family or his close partner is a PEP, the Client must also provide the details of this person.
8.4 Information about PEP is verified by the Company’s employees based on information from public sources, for example, from the website https://namescan.io/FreePEPCheck.aspx
IDENTIFICATION OF A PERSON SUBJECTED TO INTERNATIONAL SANCTIONS
9.1 When establishing a business relationship (after the conclusion of a consumer agreement), the Client fills out a form in which he/she enters the basic mandatory data necessary for identification and verification, and mandatory by law.
9.2 According to the information provided by the Client, an employee of the Company checks the international sanctions applicable to the Client.
IDENTIFICATION OF SUSPECTED MONEY LAUNDERING
10.1 This section sets out the circumstances that indicate suspicion of money laundering, which the Company’s employees should pay special attention to.
10.2 “Self-delivery”. Suspicious signs:
10.2.1 The person’s appearance and behavior do not correspond to the essence of the transaction concluded by this person, or his/her behavior is questionable.
10.2.2 A person is unable to sign documents or uses third-party assistance for these purposes. 10.2.3 The person was already suspected of a “double game”.
10.3 A person cannot explain the need for this service.
10.4 A person requests an unreasonably high bid.
10.5 Non-standard cash transaction.
10.6 Individual large or periodic small transactions with virtual currency, if such activity does not correspond to human economic activity or is unusual.
10.7 Money received for virtual currency is transferred to an outsider or to a bank account in another country.
10.8 The person does not provide data and/or explanations about the transaction.
10.9 A large volume of virtual currencies is exchanged if they do not correspond to the usual course of business of this person or are unusual.
10.10 The person cannot be identified or tries not to provide you with information.
10.11 A person is trying to enter into a fictitious transaction.
10.12 When creating long-term relationships with clients, a person wants to pay only in cash.
10.13 There is a suspicion that a person is acting in someone’s interests.
10.14 A person wants to pay in cash in the amount of more than 10,000 euros.
10.15 A person is repeatedly paid in cash for amounts above 10,000 euros.
10.16 Payment is made through a bank established in a tax-free territory.
REFUSAL TO CONCLUDE A CONTRACT AND MAKE A DEAL
11.1 The Company does not enter into a contract and does not make a transaction:
11.1.1 With persons under 18 years of age.
11.1.2 With authorized representatives of the client – an individual.
11.1.3 With a person who refuses to provide the information and documents referred to in paragraph 3 of this Manual, or provides less information than necessary, or tries to hide something.
11.1.4 With a person suspected of provocation.
11.1.5 With the person who submitted the documents, or about whom the Company received information confirming suspicion of money laundering or terrorist financing.
11.1.6 With a person who has been subjected to international financial sanctions.
11.1.7 With a person who is a PEP or whose family member is a PEP, or he/she is a person close to PEP.
11.1.8 With a person who was previously suspected of involvement in money laundering or terrorist financing.
11.1.9 With a citizen of a high-risk country http://www.fatf-gafi.org/countries/#high-risk .
DATA COLLECTION, STORAGE AND PROTECTION
12.1 After entering into a transaction, an employee of the Company is obliged to register the following information:
12.1.1 Details of the person involved in the transaction, in accordance with paragraph 3 of this Manual.
12.1.2 Date or period of the transaction.
12.1.3 Description of the transaction content.
12.1.4 Information about the refusal to establish a business relationship or enter into a transaction.
12.1.5 Information about the refusal to establish business relations or conclude a transaction on the initiative of the Client.
12.1.6 Information on the termination of business relations, including the impossibility of applying due diligence measures.
12.1.7 Virtual currency exchange service in exchange for cash, the amount in the currency, the amount of money as a result and the exchange rate.
12.1.8 The exchange rate of the virtual currency in relation to another virtual currency, the amount in the currency, the amount in another currency and the exchange rate.
12.1.9 When opening an account in a virtual currency – its type, number and name of the currency.
12.2 The Company must keep the following documents for at least five (5) years after the end of the business relationship or the conclusion of the last transaction:
12.2.1 Information for identification and verification of data and documents.
12.2.2 Correspondence with the Client.
12.2.3 Data collected during the monitoring of business relationships.
12.2.4 Data on suspicious and non-standard transactions.
12.2.5 Documents on operations.
12.3 The Company’s employees are obliged to apply the rules of personal data protection when collecting and storing data and documents. The collected data may be processed only for the purpose of preventing money laundering and terrorist financing. Data processing in a way that does not meet this purpose is strictly prohibited.
NOTIFICATION OF THE FINANCIAL MONITORING SERVICE
13.1 If an employee of the Company has discovered an action or circumstances that indicate money laundering or terrorist financing, or there is suspicion or confidence that this is money laundering or terrorist financing, this should be immediately reported to the MLRO (Anti–Money Laundering Inspector) of the company.
13.2 It is prohibited to inform the client about the transfer of MLRO information.
13.3 The MLRO employee must attach copies of the documents on which the transaction is based, as well as copies of documents on the basis of which a person can be identified, to the completed notification form. The notification may be accompanied by copies of other documents justifying the nature of the transaction.
INTERNAL CONTROL AND PERSONNEL TRAINING
14.1 Compliance with the requirements of the AML Law, the International Sanctions Law and the legislation established on the basis of this is monitored and managed by the Company’s Board of Directors.
14.2 The risk assessment and identification of the client are carried out by specially trained employees of the Company, and all this is managed by the Board of Directors of the Company.
14.3 The activities of Clients and transactions with them are checked by specially trained employees of the Company, and all this is managed by the Board of Directors of the Company.
14.4 The Company’s Board of Directors is responsible for training the Company’s personnel in the prevention of money laundering and terrorist financing and compliance with the requirements of international sanctions.
14.5 Employees are required to independently recheck amendments to laws and other legislation.
14.6 Training of the Company’s employees takes place as needed, but at least once a year.
Appendix 1 KYC QUESTIONNAIRE (CUSTOMER TRUSTWORTHINESS CHECKS) FOR INDIVIDUALS I. requisites
Name and surname
Date and place of birth
Tax citizenship
Taxpayer Identification Number
Address
E-mail address
Phone number
Whether the client, a member of the client’s family or a person close to him is a politically vulnerable person. If yes, specify the name and position.
documents
Passport (for EU citizens – passport or national identity card)
Confirmation of the address (bank statement with the address, utility bill)
Selfie photo with the document from point 1.
Appendix 2 KYC QUESTIONNAIRE FOR LEGAL ENTITIES I. DETAILS OF THE LEGAL ENTITY
Name
Registration number
Registration date
Tax citizenship
Taxpayer Identification Number
Legal address
Actual address
Phone number
E-mail address
Web site (if available)
Description of the type of activity
DOCUMENTS OF A LEGAL ENTITY
Certified and apostilled registration certificate, including the details of the director, shareholder and beneficiary.
Confirmation of the address (bank statement with the address, utility bill).
III. DETAILS OF THE DIRECTOR
Name and surname
Date and place of birth
tax citizenship
Taxpayer Identification Number
Address
E-mail address
Phone number
Whether the director, a family member of the director or a person close to him is a politically vulnerable person. If yes, specify the name and position.
DIRECTOR’S DOCUMENTS
Passport (for EU citizens – passport or national identity card)
Confirmation of the address (bank statement with the address, utility bill)
Selfie photo with the document from point 1.
DETAILS AND DOCUMENTS OF THE SHAREHOLDER
If the shareholder is an individual, submit the details as in section III and the documents as in section IV.
If the shareholder is a legal entity, submit the details and documents as in sections I to VI. VI. DETAILS AND DOCUMENTS OF THE BENEFICIARY 1. Details as in section III, and documents as in section IV.
AUTOMATIC AML-VERIFICATION OF ONLINE ADDRESSES INVOLVED IN TRANSACTIONS ON THE SERVICE
15.1 The Cash-bit Service has the right to request User verification if the client’s online wallet address specified in the application has a connection with the following terms: Mixing Service, Illegal Service, Fraudulent Exchange, Darknet Service, Darknet Marketplace, Ransom, Scam, Stolen Coins.
15.2 In case of confirmation of the connection, the funds will be sent to the return online wallet only after verification. The funds will be refunded minus the commission established by the rules of the exchange service.