Last Updated: December 2022
1. General Provisions
1.1. These rules of procedure for prevention of money laundering and terrorist financing, and compliance with international sanctions (hereinafter Rules) lay down requirements, inter alia, for screening the Clients (as defined in section 2.7) in order to prevent entering into deals involving suspected Money Laundering and Terrorist Financing, and to ensure identification and reporting of such in case of existence of a risk determined by the Company.
1.2. The obligation to observe the Rules rests with the Management Board members and employees of the Company, including temporary staff, agents of the Company who initiate or establish Business Relationship (as defined in section 2.6) (hereinafter all together called as Representative). Every Representative must confirm awareness of the Rules with a signature.
1.3. Also, any service providers with whom the Company has entered into a contract for fulfilling its AML/CTF/KYC or other obligations under the law is obliged to observe the Rules. Before choosing any service provider, a due diligence based on publicly available data shall be carried out by the Company, as well as through review (and negotiations) regarding the service contract, for making sure that the service provider is fit and proper for fulfilling its obligations. The service provider shall report to and shall be subject to supervision by the CO. Where the term “Company” or “Representative” is stipulated in the Rules, the relevant service provider shall be meant (unless otherwise agreed with the relevant service provider). As such, the Company does not foresee any major risks for outsourcing the fulfilment of its obligation.
1.4. The Rules are primarily based on the regulation of The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (hereinafter the Regulations) and on the regulations of KYC legislation applicable and international sanctions acts.
1.5.Exhibits of the Rules are integral part of the Rules. However, if there are any contradictions between the Rules and Exhibit(s), the Rules shall prevail.
2.1. The definitions used in the Rules are defined as follows. If any of the definitions are defined differently in the applicable law (for example, if any of those definitions should be amended by the law), the definition as defined in the applicable law shall have priority over the definitions stated in the Rules.
2.2. Money Laundering means:
2.2.1. the conversion or transfer of property derived from criminal activity or property obtained instead of such property for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions;
2.2.2. the acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein;
2.2.3. the concealment of the true nature, origin, location, manner of disposal, relocation or right of ownership of property acquired as a result of a criminal activity or property acquired instead of such property or the concealment of other rights related to such property.
Money Laundering also means participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the activities stipulated above. Money Laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country. Money Laundering is regarded as such also where the details of a criminal activity which generated the property to be laundered have not been identified.
2.3. Terrorist Financing – acts of financing and supporting of an act of terrorism and commissioning thereof as well as the financing and supporting of travel for the purpose of terrorism.
2.4. Compliance Officer or CO – representative appointed by the Management Board responsible for the effectiveness of the Rules, conducting compliance over the adherence to the Rules and serving as contact person of the Authorities.
2.5. Authorities – the relevant authorities of the countries of the applicable law for the purposes of the compliance with the AML/CTF/KYC procedures.
2.6. Business Relationship – a relationship of the Company established in its economic and professional activities with the Client.
2.7. Client – a natural or legal person, who uses services of the Company.
2.8. Beneficial Owner.
2.8.1. Beneficial Owner is a natural person:
126.96.36.199. who, via ownership or other type of control, has the final dominant influence over a natural or legal person; or
188.8.131.52. in whose interests, for the benefit of whom or in whose name a transaction or operation is made.
2.8.2. Where a Beneficial Owner cannot be identified in the manner specified in section 2.8.1, the Beneficial Owner of a company is a natural person whose direct or indirect shareholding or the total shareholding of all of the direct and indirect shareholdings in the company exceeds 25 per cent, including shareholdings in the form of bearer shares or otherwise.
2.8.3. ‘Direct shareholding’ means that a natural person personally holds shares in a company. ‘Indirect shareholding’ means that a natural person holds shares in a company via one or multiple persons or a chain of persons.
2.8.4. Where, after all possible means of identification have been exhausted, the person specified in section 2.8.1 or 2.8.2 cannot be identified and there is no ground for calling the existence of such person into doubt or where there are doubts as to whether the identified person is the Beneficial Owner, the natural person who holds the position of a senior managing official is deemed to be the Beneficial Owner.
2.8.5. Where several persons meet the terms provided for in section 2.8.4, including where there are several senior managing officials, several senior management bodies or where another legal persons holds shares in a company via one or several persons or chains of persons, the person(s) who exercise(s) actual control over the company and make(s) strategic decisions in the company or, upon absence of such persons, perform(s) day-to-day and regular management is (are) considered the Beneficial Owner(s).
2.8.6. Where the Beneficial Owner of a company is a trustee, all of the persons specified in section 2.8.7 are considered beneficial owners.
2.8.7. In the case of a trust or a legal arrangement, the Beneficial Owner is: the settlor of the trust or the establisher of the arrangement; the trustee; the person ensuring and controlling the preservation of property, where such person has been appointed; the beneficiary, or where the beneficiary or beneficiaries are yet to be determined, the class of persons in whose main interest such triste or arrangement has been set up or operates; any other person who in any way exercises ultimate control over the property of the trust or arrangement.
2.8.8. In the case of a person or an association of persons not specified in sections 2.8.2 and 2.8.7, the members of the management board or the chairman of the management board may be designated as the Beneficial Owner(s), taking into account section 184.108.40.206.
2.9. Politically Exposed Person or PEP – a politically exposed person means a natural person who performs or has performed prominent public functions and with regard to whom related risks remain.
At least the following persons are deemed to perform prominent public functions: head of State or head of government; minister, deputy minister or assistant minister; member of a legislative body; member of a governing body of a political party; judge of the highest court of a country; auditor general or a member of the supervisory board or executive board of a central bank; ambassador, envoy or chargé d’affaires; high- ranking officer in the armed forces; member of an administrative, management or supervisory body of a state-owned enterprise; director, deputy director and member of a management body of an international organisation. Regardless of the previous sentence, middle-ranking or more junior officials are not considered as PEPs.
‘Family member’ of a PEP means their: spouse or a person considered to be equivalent to a spouse; parent; child; child’s spouse or a person considered to be equivalent to a spouse.
‘Person known to be close associates’ of a PEP means a natural person who is: known to have joint beneficial ownership of a legal person or trust with a PEP; known to have close business relations with a PEP; the beneficial owner of a legal person or trust set up in the interests of a PEP.
2.10. Company – StealthEx Ltd.
2.11. Management Board or MB – management board of the Company.
2.12. Cryptoasset – or a “virtual currency” means a cryptographically secured digital representation of value or contractual rights that uses a form of distributed ledger technology and can be transferred, stored or traded electronically;
3. Description of Activities of the Company
3.1. The Company provides services of exchanging a virtual currency against a fiat currency (and vice versa), a virtual currency against a virtual currency and a virtual currency wallet service.
3.2. The Company is a subject to authorisation by the Authorities.
4. Compliance Officer
4.1. The MB shall appoint a CO whose principal tasks are to:
4.1.1. monitor the compliance of the Rules with the relevant laws and compliance of the activity of the Representatives with the procedures established by the Rules;
4.1.2. compile and keep updated the data regarding countries with low tax risk, high and low risk of Money Laundering and Terrorist Financing and economical activities with great exposure to Money Laundering and Terrorist Financing;
4.1.3. carry out training, instruct and update the Representatives on matters pertaining to procedures for prevention of Money Laundering and Terrorist Financing;
4.1.4. report to the MB once a year in a written form (or more frequently, if necessary) on compliance with the Rules, and on circumstances with a suspicion of Money Laundering or Terrorist Financing;
4.1.5. collect, process and analyse the data received from the Representatives or Clients concerning suspicious and unusual activities;
4.1.6. collaborate with and report to the Authorities on events of suspected Money Laundering or Terrorist Financing, and respond to enquiries of the Authorities;
4.1.7. make proposals on remedying any deficiencies identified in the course of checks.
4.2. The CO must meet all the requirements, prescribed by the Regulations, and appointment of the CO shall be coordinated with the Authorities. If, as a result of a background check carried out by the Authorities, it becomes evident that the CO’s credibility is under suspicion due to their previous acts or omissions, the Company may extraordinarily terminate the CO’s employment contract due to the loss of credibility.
4.3. The CO reports to the MB of the Company and has the competence, means and access to relevant information across all the structural units of the Company.
4.4. Tasks of the CO can be performed by a department, therefore provisions of section 4.2 will apply accordingly.
5. Application of Due Diligence Measures
5.1. The Company shall determine and take due diligence (hereinafter: DD) measures using results of conducted risk assessment (see section 11), and provisions of risk assessment in accordance with the applicable law.
5.2. The Representatives shall pay special attention to circumstances that refer to Money Laundering and/or Terrorist Financing, as well as Know Your Client compliance procedure.
5.3. Depending on the level of the risk of the Client and depending on the fact whether the Business Relationship is an existing one or it is about to be established, the Company shall apply either normal DD measures (see section 6), simplified DD measures (see section 8) or, in addition to normal DD measures, the enhanced DD measures (see section 10). The Company shall also apply continuous DD measures to ensure ongoing monitoring of Business Relationships (see sections 5.8-5.11).
5.4. DD measures shall include the following procedures:
i. identifying the Client and verifying its identity using reliable, independent sources, documents or data, including information technology means;
ii. identifying and verifying of the representative of the Client and the right of representation;
iii. identifying and verifying the Client's Beneficial Owner (if the Client’s information on beneficial owners must, in accordance with the statutes with the applicable law, be submitted to the state or be registered there, the Company must obtain a relevant registration certificate or registry extract and retain it);
iv. assessing and, as appropriate, obtaining information on the purpose of the Business Relationship. This means that the Representative must understand the Business Relationship and, where relevant, gather information thereon. The Representative must understand the purpose of the Business Relationship, identifying, inter alia, the permanent seat, place of business or place of residence, profession or field of activity, main contracting partners, payment habits, whether they act for or on behalf of another and, in the case of a legal person, also the experience of the of the Client;
v. conducting ongoing DD on the Client's business to ensure the Company’s knowledge of the Client and its source of funds is correct;
vi. obtaining information whether the Client is a PEP or PEP’s family member or PEP’s close associate.
5.5. The Company shall establish the source of wealth of the Client, where appropriate.
5.6. Payments made in fiat money shall only made to bank accounts held in the name of the Client.
5.7. To comply with the DD obligation, as well as the KYC procedure, the Representatives shall have the right and obligation to:
i. request appropriate identity documents to identify the Client and its representatives;
ii. request documents and information for applying any required DD measures, including regarding the activities of the Client and legal origin of funds;
iii. request information about Beneficial Owners of a legal person;
iv. screen the risk profile of the Client, select the appropriate DD measures, assess the risk whether the Client is or may become involved in Money Laundering or Terrorist Financing;
v. re-identify the Client or the representative of the Client, if there are any doubts regarding the correctness of the information received in the course of initial identification.
5.8. The objective of the continuously applied DD measures is to ensure on-going monitoring of the Clients. Conducting ongoing monitoring of the Business Relationship by the Representative includes:
i. checking of transactions made in the Business Relationship in order to ensure that the transactions are in concert with the knowledge of the Client (which the Company has), its activities and risk profile;
ii. keeping up-to-date the documents, data or information, obtained during taking DD measures;
iii. identifying the source and origin of the funds used in a transaction;
iv. paying particular attention to Client’s conduction, leading to criminal activity or Money Laundering or Terrorist Financing or that is likely to be linked with Money Laundering or Terrorist Financing, including to complex, high-value and unusual transactions and transaction patterns that do not have a reasonable or visible economic or lawful purpose or that are not characteristic of the given business specifics. Upon performance of this duty, inter alia, the nature, reason and background of the transactions as well as other information that allows for understanding the substance of the transactions must be identified and more attention must be paid to these transactions;
v. paying particular attention to the Business Relationship or transactions, if the Client is from or is a citizen or is a resident of or the seat of a Client being a legal person or the seat of the payment service provider of the payee is in such country or territory that is located in a third country, which is included in the list of risk countries (see Exhibit 1).
5.9. Annual review of a Client being a legal entity is carried out regularly once a year. Updated data shall be recorded in the Company’s Client database.
5.10. The Representative updates the data of a Client, who is either a legal person or a natural person, i.e. takes appropriate DD measures every time when:
i. the Client addresses the Company with the request to amend a long-term contract during the term of its validity;
ii. upon identification and verification of the information there is reason to suspect that the documents or data gathered earlier are insufficient, have changed or are incorrect. In this case, the Representative may conduct a face-to-face meeting with the Client;
iii. the Company has learned through third persons or the media that the activities or data of the Client have changed significantly.
5.11. The Representative shall evaluate the substance and the purpose of the Client’s activities, in order to establish the possible links with Money Laundering or Terrorist Financing. The evaluation should result in an understanding about the purpose of the Business Relationship for the Client, the nature of the Client’s business, the risk levels of the Client and, if necessary, the sources of funds.
5.12. Together with taking into account all other relevant circumstances, the following indicators, inter alia, may refer to Money Laundering and Terrorist Financing, upon which presence the Representative may have an obligation to notify the CO and the CO an obligation to notify the Authorities (as established in section 13):
5.12.1. when entering to the Business Relationship:
220.127.116.11. it becomes known that the Client has been engaged in Money Laundering or Terrorism or other criminal offenses and there are other indications of a negative background and the Business Relationship is likely to be used for criminal purposes;
18.104.22.168. there is reason to believe that forged or incorrect documents were presented or there where efforts to conceal the Beneficial Owners;
5.12.2. if during the Business Relationship the behaviour of the Client and transactions changes, including where:
22.214.171.124. the scope of the transactions changes;
126.96.36.199. the location of making of the transactions changes;
188.8.131.52. the time of making the transactions changes;
5.12.3. in the case of incoming payment with value of more than 1000 USD, the name of the payee does not correspond to the name of the account holder;
5.12.4. not enough explanations or documents are provided which are necessary for conducting DD measures or the submitted explanations or documents are not viable;
5.12.5. in one transaction (or with several related transactions) the Client buys or sells virtual currency worth more than 32 000 USD;
5.12.6. the origin of the virtual currencies is unknown;
5.12.7. there is a single large purchase or sale of (or regular buying or selling of) virtual currencies using a service that makes it difficult to identify one or more counterparties to a virtual currency transaction, such as a drum or mixing service (tumbler, mixer);
5.12.8. in one transaction (or with several related transactions) PEP buys or sells virtual currency worth more than 10 000 USD;
5.12.9. virtual currency transaction uses the services of intermediaries that guarantee / complicate the impossibility or difficulty of identifying a person (for example, service providers who allow personal data not to be passed on to law enforcement authorities).
6. Normal Due Diligence Measures
6.1. The Company shall conduct normal DD in the following cases (if not provided otherwise in the Rules):
i. before and upon each establishment of a new Business Relationship;
ii. upon verification of information gathered while applying DD measures or in the event of insufficiency or suspected incorrectness of the documents or information gathered previously in the course of carrying out DD measures;
iii. upon suspicion of Money Laundering or Terrorist Financing.
6.2. In the course of conducting normal DD measures, the Representative shall apply the measures of DD as provided for in section 5.4.
6.3. The Company shall not provide services without establishing a Business Relationship.
6.4. The Company shall not provide services that can be used without identifying the person participating in the transaction and without verifying the submitted information. The Company shall open an account and keep an account only in the name of the account holder. The Company shall not conclude a contract or make a decision to open an anonymous account or a savings book.
6.5. It is prohibited to establish a Business Relationship, if:
6.5.1. The Company is unable to apply DD measures required by the Regulations; or
6.5.2. upon suspicion of Money Laundering or Terrorist Financing; or
6.5.3. if a Client’s capital consists of bearer shares or other bearer securities to the extent of more than 10 per cent.
6.6. The above (section 6.5) does not apply where after the notification of the Authorities (see section 13) the Company receives specific instruction from the Authorities to continue the Business Relationship, the establishment of the Business Relationship or the transaction.
6.7. In addition, the Representative gathers enough information on the beneficiaries of a trust fund or a legal arrangement (which is not a legal person), which have been determined based on certain characteristics or type, in order to be certain that it is able to identify the beneficiary at the time of making a payment or once the beneficiary exercises their rights.
7. Identification of a Person
7.1. Upon implementing DD measures the following person(s) shall be identified:
i. Client – a natural or a legal person; In case of a legal person, all relevant statutory documentation shall be requested;
ii. Representative of the Client – an individual who is authorized to act on behalf of the Client;
iii. Beneficial Owner of the Client;
iv. PEP – if the PEP is the Client or a person connected with the Client (see section 2.9).
7.2. Identification of a Client being a natural person and a representative of a Client
7.2.1. Before and upon establishing the relationship with the Client, the Company shall identify and verify the natural person (the Client or representative of the Client) while being present at the same place as the natural person. If not, the natural person can be identified and verified as follows (presuming that “E-identification” is not obligatory, as established in sections 8.1- 8.2):
184.108.40.206. on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions and using at least two different sources for verification of data; or
220.127.116.11. on the basis of a document specified in section 7.7.1, which has been authenticated by a notary or certified by a notary or officially and using at least two different sources for verification of data.
7.2.2. Verification must be made whether or not such person is a PEP (see section 7.6).
7.2.3. A new Client and, if necessary, an existing Client shall confirm the correctness of the submitted information.
7.3. Identification of a Client being a legal person
7.3.1. To identify a Client who is a legal person, the Representative shall take the following actions:
check the information concerning a legal person by accessing the relevant electronic databases (e-commercial register);
i. if it is not possible to obtain an original extract from the register or the respective data, documents are requested (extract from the relevant registry, certificate of registration or equivalent document) which are certified or authenticated by a notary public or authenticated officially for verification of the identity of the legal person, or data is used which is obtained from other reliable and independent sources on condition that information is obtained from at least two different sources;
ii. the representative of a foreign legal person is requested to present an identity documents and a document evidencing of his/her power of attorney, which has been notarised or authenticated pursuant to an equal procedure and legalised or authenticated by a certificate substituting for legalisation (apostille), unless otherwise prescribed by an international agreement;
iii. on the basis of the information received from the representative of the foreign legal person, it is controlled whether or not the legal person could be linked with a PEP (see section 7.6);
iv. if the seat of a Client being a legal person is located in a third country, which is included in the list of risk countries (see Exhibit 1), this is reported to the CO, who shall decide the additional measures to be applied to identifying and background checking of the person.
7.3.2. The document presented for identification of a legal person shall set out at least the following:
i. business name, registry code (number), date of registration, seat and address;
ii. names and authorisations of members of the management board or the head of branch or the other relevant body, and their authorisation in representing the legal person.
7.3.2. A legal representative of a new Client (subsequently as required) shall confirm the correctness of the submitted information and data.
7.4. Consequences of insufficient identification of a Client
7.4.1. Should the Representative establish that the identification of a Client is insufficient, the Representative shall:
i. promptly apply the enhanced DD measures pursuant to the Rules;
ii. notify the CO of the failure to implement normal DD in a timely manner;
iii. assess the risk profile of the Client and notify the CO and/or the MB for the purposes of the provisions in section 13.3.
7.5. Identification of the Beneficial Owner of the Client
7.5.1. Registration and assessment of the Beneficial Owner(s) of a legal person is mandatory.
7.5.2. In order to establish the Beneficial Owner, the Representative shall take the following actions:
i. gather information about the ownership and control structure of the Client on the basis of information provided in pre-contractual negotiations or obtained from another reliable and independent source;
ii. in situations, where no single person holds the interest or ascertained level of control to the extent of no less than 25 per cent (see section 2.9), the principle of proportionality is applied to establish the circle of beneficiaries, which means asking information about persons, who control the operations of the legal person, or otherwise exercise dominant influence over the same;
iii. if the documents used to identify a legal person, or other submitted documents do not clearly identify the Beneficial Owners, the respective information is recorded (i.e. whether the legal person is a part of a group, and the identifiable ownership and management structure of the group) on the basis of the statements made by the representative of the legal person, or a written document under the hand of the representative;
iv. to verify the presented information, enquiries are made to the respective registers, and an annual report or another appropriate document to be presented is requested;
v. if no natural person is identifiable who ultimately owns or exerts control over a Client and all other means of identification are exhausted, the senior managing official(s) may be considered to be the Beneficial Owner(s);
vi. companies established in low tax rate regions are paid extra attention (see Exhibit 1).
7.6. Identification of Politically Exposed Person
7.6.1. The Representative shall implement the following measures to establish whether or not a person is a PEP:
i. asking the Client to provide necessary information and thereby, also explanation is given to the Client about the definition of the PEP;
ii. making an enquiry or checking the data on websites of the respective supervisory authorities or institutions of the country of location of the Client.
7.6.2. The matter of whether to establish a Business Relationships with a PEP, or a person associated with him or her, and the DD measures applied to such person shall be decided by the MB.
7.6.3. If a Business Relationship has been established with a Client, and the Client or its Beneficial Owner subsequently turns out to be or becomes a PEP, the CO and the MB shall be notified of that.
7.6.4. In order to establish a Business Relationship with a PEP or a company connected with that person, it is necessary to:
i. take enhanced DD measures (see section 10);
ii. establish the source of wealth of this person;
iii. monitor the Business Relationship on a continual basis.
7.6.5. Respective remark must be made in the Company’s database of Clients on documents of such person in the form of notation “Politically Exposed Person”.
7.7. Documents that can be used for identification
7.7.1. The following documents can be used for identification of a natural person:
i. a document issued pursuant to the Identity Documents Act 2010 (i.e. an immigration document, a United Kingdom passport (within the meaning of the Immigration Act 1971);
ii. a passport issued by or on behalf of the authorities of a country or territory outside the United Kingdom or by or on behalf of an international organisation;
iii. a document that can be used (in some or all circumstances) instead of a passport;
iv. a licence to drive a motor vehicle granted under Part 3 of the Road Traffic 1988 or under Part 2 of the Road Traffic (Northern Ireland) Order 1981;
v. or a driving licence issued by or on behalf of the authorities of a country or territory outside the United Kingdom or other document permitted for person identification in accordance with the applicable laws.
7.7.2. The Representative shall make a copy of the page of identity document which contains personal data and photo.
7.7.3. In addition to an identity document, the representative of a Client shall submit a document in the required format certifying the right of representation.
7.7.4. Legal person and its passive legal capacity shall be identified and verified on the basis of the following documents:
i. in case of legal persons registered in the England and Wales and branches of foreign companies registered in the England and Wales, the identification shall be conducted on the basis of an extract of a registry card of applicable commercial register;
ii. foreign legal persons shall be identified on the basis of an extract of the relevant register or a transcript of the registration certificate or an equal document, which has been issued by competent authority or body not earlier than six months before submission thereof.
7.7.5. If original documents are not used for identification, the Representative shall control and verify data by using at least two reliable and independent sources.
7.8. For a Client that is a natural person (and for a representative of a Client being a legal person), the following data shall be recorded:
i. name of the Client;
ii. personal identification code (in case of absence the date and place of birth and place of residence);
iiii. information regarding identification and verification of the right of representation and the scope thereof. If the right of representation does not arise from law, name of the document used for establishing and verification of the right of representation, the date of issue and the name or name of the issuing party.
7.9. The Representative verifies the correctness of the data specified in sections 7.8 i-ii using information originating from a credible and independent source for that purpose.
7.10. For a Client that is a legal person, the following data shall be recorded:
i. name of the Client;
ii. registry code (or registration number and registration date) of the Client;
iii. the names of the director, members of the management board or other body replacing the management board, and their authorisation in representing the legal person;
iv. details of the telecommunications.
7.11. The Representative verifies the correctness of the data specified in sections 7.10 i-ii using information originating from a credible and independent source for that purpose.
7.12. A representative of a legal person of a foreign country must, at the request of the Representative, submit a document certifying his or her powers, which has been authenticated by a notary or in accordance with an equal procedure and legalised or certified by a certificate replacing legalisation (apostille), unless otherwise provided for in an international agreement.
8.1. Additionally, in some cases it is mandatory to conduct the identification of a person and verification of data using information technology means (“E-Identification”).
8.2. E-Identification is mandatory where the application of the DD measures in establishing a Business Relationship does not take place in the physical presence of the person and where:
8.2.1. the Client is from a non-EEA country or not from United Kingdom or their place of residence or seat is in such a country; or
8.2.2. the total amount of outgoing payments related to the transaction or service contract per calendar month exceeds 15,000 USD in the case of a Client who is a natural person or 25,000 USD in the case of a Client who is a legal person.
8.3. For E-Identification the following can be used:
8.3.1. a document issued by United Kingdom for digital identification of a person; or
8.3.2. another means of electronic identification of a high assurance level.
8.4. Where a person is a foreign national, the identity document issued by the competent authority of the foreign country must be used for the identification of the person and verification of data in addition to the means specified in section 8.3.
8.5. Additionally, information originating from a credible and independent source is used for identifying a person and verifying data. To identify a person and verify data, the Company has the right to use personal identification data entered in the database of identity documents.
8.6. The preconditions of identification of a person and data verification are the following:
8.6.1. usage of highly reliable technical means, which guarantee truthful identification of a person and make it possible to prevent the alteration or misuse of the forwarded data;
8.6.2. upon the identification of a person and verification of person’s identity, in addition to the usage the identity document allowing digital identification (as described in section 8.3), information technology means must be used which have a working camera, microphone, the hardware and software required for digital identification and an internet connection of an adequate quality. Information technology means that allow to compare biometric data may be used;
8.6.3. a natural person or the legal representative of a legal person must identify themselves when entering the information system specified by the Company and confirm upon the establishment of a Business Relationship that they have read the information about the use of information technology means on the website of Company or in the specified information system and agree to the conditions of identification of a person and verification of person’s identity with information technology means;
8.6.4. a natural person or the legal representative of a legal person confirms with upon the establishment of a Business Relationship that:
18.104.22.168. he or she carries out the procedures personally (unless otherwise provided in the Rules);
22.214.171.124. the data submitted by him or her in the identification questionnaire and in the course of the interview are true and complete, and he or she is aware of the consequences associated with the submission of incorrect, misleading or incomplete information upon the establishment of a Business Relationship;
126.96.36.199. he or she meets the conditions established by the Company for the establishment of the Business Relationships.
8.6.5. also, a natural person or the legal representative of a legal person must:
188.8.131.52. agree with the application of the England and Wales law;
184.108.40.206. show to the Representative in front of the camera the personal data page of the valid travel document issued by the foreign country.
8.7. The identification of a person and verification of person’s identity via E-identification upon the establishment of the Business Relationship is considered unsuccessful if:
8.7.1. the natural person or the legal representative of a legal person has intentionally submitted data that does not correspond to the identification data entered in the identity documents database or do not coincide with the information or data obtained with other procedures; or
8.7.2. the session expires (i.e. when the natural person or the legal representative of the legal entity has not completed any activities in the used information system during a period of 15 minutes) or is interrupted during the identification of a person, the identification questionnaire or the interview, or the information flow that transmits synchronised sound and image does not comply with the requirements set out in section 8.11; or
8.7.3. the natural person or the legal representative of a legal person has not given the confirmations stipulated in sections 8.6.3-8.6.5; or
8.7.4. the natural person or the legal representative of a legal person refuses to comply with the Representative’s instructions specified in sections 8.11.2-8.11.3; or
8.7.5. the natural person or the legal representative of a legal person uses the assistance of another person without the Representative’s permission; or
8.7.6. there are circumstances that give rise to suspicions of money laundering or terrorist financing.
8.8. In the event the E-Identification is unsuccessful as described in section 8.7, the Company rejects the application of the natural person or the legal representative of a legal person for opening an account. Also, in the event of the circumstances set out in sections 8.6.1 and 8.6.6, the Company sends a notice to the Authorities.
8.9. For the quality of information flow transmitting synchronised sound and image, these minimal technical requirements are followed:
8.9.1. the information system allows for digital identification of a person and digital signing;
8.9.2. the Representative verifies the quality of its own and, if possible, the Client’s information flow and ensures the transmission of clear, recordable and reproducible synchronised sound and image, which is sufficient to understand the transmitted content unambiguously and reliably.
8.10. As regards to recording and reproducibility of recording, the following requirements are fulfilled:
8.10.1. the information flow containing image and sound is recorded in such a manner that allows for it to be reproduced with a quality equal to the initial transmission of synchronised sound and image;
8.10.2. the information flow that contains image and sound shall be recorded with the time stamp, the Client’s IP address, the personal identification code of the person to be identified, if there is no personal identification code, then the birth date and place and country of residence, whilst the time stamp must be tied to the data concerning it in such a manner that any later changes in data, the person who made the changes, and the time, manner and reason thereof can be identified;
8.10.3. in the manner specified in section 8.10.2, the Representative shall record the data collected with identification questionnaires and of the following procedures: (a) the identification of the person; (b) the unsuccessful identification of a person and verification of person’s identity data as set out in section 8.7; (c) the carrying out of the mandatory real-time interview;
8.10.4. the recording shall start with the identification of the person and ends when the data specified in section 8.10.3 have been collected and the procedures specified in the same section have been carried out. The data specified in section 8.10.3 shall be reproducible within five years of the end of the Business Relationship;
8.10.5. The Company has the right to record the identification questionnaire as specified in section
8.13 as a data stream containing image and sound.
8.11. For framing the face and document of a person, the following requirements are fulfilled:
8.11.1. upon identification of a person and verification of person’s identity data, the person’s head and shoulders must be visible and framed. The face must be clear of shadows and uncovered, and clearly distinguishable from the background and other objects, and recognisable;
8.11.2. the Company may instruct the person to change his or her body position and place themselves and the document in the frame to make it possible to identify the person and verify person´s identity, including to view the data or images on the document;
8.11.3. the Representative has the right to require the removal of items covering the head or face and glasses or compliance with any other instructions of the Representative given in order to guarantee the identification of a person and verification of person’s identity data.
8.12. The Company prepares the Client profile and the risk profile as a part thereof on the basis of the Rules and the identification questionnaire, interview and other accessible information, and the systematised collection and analysis of data and clarification of facts. The Client profile and risk profile shall be prepared in a format that can be reproduced in writing.
8.13. When carrying out the E-Identification, the Representative shall use an identification questionnaire.
8.13.1. For a natural person, the identification questionnaire is used to ascertain a natural person’s residential address, activity profile, area of activity, purpose and nature of establishment of a business relationship, connection of the person’s economic or family interests with United Kingdom, expected volumes of the services used by the person in appropriate cases, the beneficial owner, whether the person is a PEP and other important information.
8.13.2. For a legal person, the identification questionnaire is used to ascertain the legal person’s business name, registry code, location and places of operation, including branches located in foreign countries, the entity’s legal form, legal capacity, lawful and contractual representatives, beneficial owner(s) and, if appropriate, whether the beneficial owner is a PEP, economic connections with third countries, most important business partners, the legal person’s activity profile, main and secondary areas of activity, purpose and nature of establishment of a business relationship and other important information.
8.13.3. With the Representative’s permission, the natural person or the legal representative of a legal person may use the assistance of another person to eliminate any technical problems when the identification questionnaire is carried out.
8.13.4. The Representative must assess the answers given in the identification questionnaire and record his or her opinion and the circumstances that are the basis thereof in the client profile and risk profile specified in section 8.12.
8.14. In order to collect and verify the information and data required for the determination of the Client profile, the Representative carries out an interview. The conditions for conducting the interview are the following:
8.14.1. during the interview the Representative asks partly structured questions, proceeding from the results of the identification questionnaire;
8.14.2. the interview is carried out in real time;
8.14.3. with the permission of the Company, the natural person or the legal representative of a legal person may use the assistance of another person to eliminate any technical problems when the interview is carried out;
8.14.4. the Representative must assess the Client’s reaction during the interview, the reliability of the obtained information and data and compliance with the information and data obtained with other procedures, and record his or her opinion and the circumstances that are the basis thereof in the Client’s profile and risk profile specified in section 8.12.
8.15. The Company has an obligation to establish procedural rules for identification of a person and verification of person’s identity data with information technology means, which contain at least the following:
8.15.1. the guidelines for carrying out the procedure of identification of a person with information technology means, including requirements for identification of a person and verification of the submitted data;
8.15.2. the guidelines for preparation of the identification questionnaire;
8.15.3. the guidelines for preparation of the questions of the mandatory real-time interview and for carrying out the interview;
8.15.4. technical requirements for the quality of the information flow transmitting synchronised sound and image, and for the inspection thereof;
8.15.5. requirements for the collection and updating of submitted data and preservation of data and recordings;
8.15.6. measures for inspecting the performance of the guidelines specified in sections 8.15.1- 8.15.6.
8.16. The obligations established in section 8.15, shall be carried out by the respective service provider pursuant to the AML/CTF procedure established by the service provider.
8.17. The Representative must give an opinion of the results of the procedures specified in sections 8.6, 8.13 and 8.14 and make a proposal to the CO about the regime of monitoring business relationships to be applied to the Client. The opinion of the Representative is the basis on which the decision to establish a Business Relationship is made.
9. Simplified Due Diligence Measures
9.1. Simplified DD measures may be taken where according to the risk assessment (section 11) the risk of Money Laundering or Terrorist Financing is lower than usual.
9.2. Whether simplified DD measures can be applied must always be decided case-by-case taking into account all the circumstances. The risk may be considered lower than usual (but this must be decided case- by-case) if the Client is:
9.2.1. a company listed on a regulated market which is subject to disclosure obligations that establish requirements for ensuring sufficient transparency regarding the Beneficial Owner; or
9.2.2. a legal person governed by public law; or
9.2.3. a governmental authority or another authority performing public functions; or
9.2.4. an authority; or
9.2.5. a credit institution or a financial institution, acting on behalf of itself, located in a third country (see Exhibit 1), which in the country of location is subject to equal requirements and the performance of which is subject to state supervision;
9.2.6. resident/ from/or its’s place of residence or seat is the following:
220.127.116.11. a contracting state;
18.104.22.168. a third country that has effective AML/CFT systems;
22.214.171.124. a third country where, according to credible sources, the level of corruption and other criminal activity is low;
126.96.36.199. a third country where, according to credible sources such as mutual evaluations, reports or published follow-up reports, AML/CFT requirements that are in accordance with the updated recommendations of the Financial Action Task Force (FATF), and where the requirements are effectively implemented.
9.3. Upon identifying and screening of such Clients, the following circumstances, if present concurrently, can also point to a low level of risk (but again, this must be decided case-by-case):
9.3.1. the Client can be identified on the basis of publicly available information;
9.3.2. the ownership and control structure of the Client is transparent and constant;
9.3.3. the operations of the Client and their accounting or payment policies are transparent.
9.4. Most importantly, the application of simplified DD measures is permitted to the extent that the Company ensures sufficient monitoring of transactions, acts and Business Relationships, so that it would be possible to identify unusual transactions and allow for notifying of suspicious transactions.
9.5. The way how the DD measures can be applied in a simplified manner, is the following. However, the way how DD measures are applied are decided case-by-case by the Representative.
9.5.1. The identity of a Client or of the Client’s representative may be verified on the basis of information obtained from a credible and independent source also at the time of establishment of the Business Relationship, provided that it is necessary for not disturbing the ordinary course of business (as standard, this must be done before establishment of the Business Relationship). In such an event the verification of identity must be carried out as quickly as possible and before the taking of binding measures.
9.5.2. For identifying and verifying the PEP and the Beneficial Owner, also as regards to understanding the purpose of the Business Relationship – the Representative may choose the extent of performance of the duty and the need to verify the information and data used therefore with the help of a credible and independent source.
9.5.3. Monitoring of the Business Relationship can be applied in accordance with the simplified procedure, provided that in addition to establishing one factor characterising a lower risk (listed in section 9.1) the following criteria are met:
188.8.131.52. a long-term contract has been concluded with the Client in writing, electronically or in a form reproducible in writing; and
184.108.40.206. payments accrue to the Company in the framework of the Business Relationship only via an account held in a credit institution or the branch of a foreign credit institution registered in the United Kingdom commercial register or in a credit institution established or having its place of business in a contracting state of the EEA or in a country that applies requirements equal to those of Directive (EU) 2015/849; and
220.127.116.11. the total value of incoming and outgoing payments in transactions made in the framework of the Business Relationship does not exceed 15,000 USD a year.
9.6. DD measures can also be applied in a simplified manner as follows:
9.6.1. adjusting the quantity of information obtained for identification, verification or monitoring purposes, for example by:
18.104.22.168. verifying identity on the basis of information obtained from one reliable, credible and independent document or data source only; or
22.214.171.124. assuming the nature and purpose of the Business Relationship because the product is designed for one particular use only.
9.6.2. adjusting the quality or source of information obtained for identification, verification or monitoring purposes, for example by:
126.96.36.199. accepting information obtained from the Client rather than an independent source when verifying the Beneficial Owner’s identity (this is not, however, permitted in relation to the verification of the Client’s identity); or
188.8.131.52. where the risk associated with all aspects of the relationship is very low, relying on the source of funds to meet some of the DD measures requirements, for example where the funds have been transferred from an account in the Client’s name at a firm
10. Enhanced Due Diligence Measures
10.1. Enhanced DD measures must be taken in cases where the risk level of the Client is higher (section 11). Enhanced DD measures are applied in addition to normal DD measures as established in section 5.4.
10.2. The Representative shall establish the Client’s risk profile and determine the risk category in accordance with the Rules (see section 11). The risk category may be altered during the course of the Business Relationship, taking into consideration the changes in data gathered.
10.3. The Representative, who upon entering into a Business Relationship with a new Client, detects that there is at least one of the following high-risk characteristics present in respect of a Client, shall consult with and report to the CO, and shall take the DD measures set out in the Rules.
10.4. The Representative shall always apply enhanced DD measures in the following situations:
10.4.1. when suspicion arises regarding truthfulness of the provided data and/or of authenticity of the identification documents regarding the Client or its Beneficial Owners;
10.4.2. the person participating in the transaction or professional act made in economic or professional activities, the person using the professional service or the Client is:
10.4.2.1. a PEP, their family member or a close associate;
10.4.2.2. from a high-risk third country or their place of residence or seat or the seat of the payment service provider of the payee is in a high-risk third country (see Exhibit 1);
10.4.3. in case of companies that have nominee shareholders or shares in bearer form;
10.4.4. the Client or the person participating in the transaction or the person using the professional service is from such country or territory or their place of residence or seat or the seat of the payment service provider of the payee is in a country or territory that, according to credible sources such as mutual evaluations, reports or published follow-up reports, has not established effective AML/CTF systems that are in accordance with the recommendations of the Financial Action Task Force, or that is considered a low tax rate territory;
10.4.5. in case of a cross-border correspondent relationship with a respondent institution of a third country (i.e. not United Kingdom).
10.5. In addition, the following factors are regarded as indicating a higher risk of money laundering and terrorist financing. If at least two of such factors are present, enhanced DD measures are applied. The factors are the following:
10.5.1. the Business Relationship foundations are based on unusual factors, including in the event of complex and unusually large transactions and unusual transaction patterns that do not have a reasonable, clear economic or lawful purpose or that are not characteristic of the given business specifics;
10.5.2. the Client is a legal person or a legal arrangement, which is engaged in holding personal assets;
10.5.3. the Client is a cash-intensive business;
10.5.4. the ownership structure of the Client company appears unusual or excessively complex, given the nature of the company’s business;
10.5.5. the Client is a third country national who applies for residence rights or citizenship in United Kingdom in exchange of capital transfers, purchase of property or government bonds, or investment in corporate entities in United Kingdom;
10.5.6. provision of a product or making or mediating of a transaction that might favour anonymity;
10.5.7. payments received from unknown or unassociated third parties;
10.5.8. a Business Relationship that is established in a manner whereby the Customer, the Customer’s representative is not met physically in the same place and whereby E- Identification is not applied as a safeguard measure;
10.5.9. new products and new business practices, including new delivery mechanism, and the use of new or developing technologies for both new and pre-existing products;
10.5.10. where the Client, a person involved in the transaction or the transaction itself is connected with a high-risk third country (see Exhibit 1).
10.6. In general cases, enhanced DD measures shall include monitoring of the Business Relationship more frequently than usual (including reassessment of a risk profile of a Client not later than 6 months after establishment of the Business Relationship) and at least one of the following measures:
10.6.1. identification and verification of a Client on the basis of additional documents, data or information, which originates from a reliable and independent source;
10.6.2. identification and verification of a Client while being present at the same place;
10.6.3. obtaining additional information on the purpose and nature of the Business Relationship and verification from a reliable and independent source. For example, obtaining information on:
10.6.3.1. the number, size and frequency of transactions that are likely to pass through the account, to enable the Company to spot deviations that might give rise to suspicion (in some cases, requesting evidence may be appropriate);
10.6.3.2. why the Client is looking for a specific product or service, in particular where it is unclear why the Client’s needs cannot be met better in another way, or in a different jurisdiction;
10.6.3.3. the destination of funds;
10.6.3.4. the nature of the Client’s or beneficial owner’s business, to enable the Company to better understand the likely nature of the business relationship;
10.6.4. gathering additional information and documents regarding the actual execution of transactions made in the Business Relationship in order to rule out the ostensibility of the transactions;
10.6.5. gathering additional information and documents for the purpose of identifying the source and origin of the funds used in a transaction made in the Business Relationship in order to rule out the ostensibility of the transactions;
10.6.6. the making of the first payment related to a transaction via an account that has been opened in the name of the person or the Client participating in the transaction in a credit institution registered or having its place of business in a contracting state with the level of protection equal to the required.
10.7. After taking enhanced DD measures, the MB shall decide whether to establish or continue the Business Relationship with the Client in respect of whom the enhanced DD measures were taken.
10.8. Where the Company comes into contact with a high-risk third country (see Exhibit 1) via a person participating in a transaction made in the economic or professional activities, via a person participating in a professional act, via a person using a professional service, the following DD measures are applied:
10.8.1. gathering additional information about the Client and its Beneficial Owner and on the planned substance of the Business Relationship;
10.8.2. gathering information on the origin of the funds and wealth of the Client and its Beneficial Owner;
10.8.3. gathering information on the underlying reasons of planned or executed transactions;
10.8.4. receiving permission from the MB to establish or continue the Business Relationship;
10.8.5. improving the monitoring of the Business Relationship by increasing the number and frequency of the applied control measures and by choosing transaction indicators or transaction patterns that are additionally verified;
10.8.6. additionally, also one or several of the following DD measures:
10.8.6.1. winding up the branch or representation in a high-risk third country;
10.8.6.2. carrying out a special audit in a subsidiary or branch in a high-risk third country;
10.8.6.3. assessing and, where necessary, terminating a correspondent relationship with an obliged entity of a high-risk third country.
10.9. In the case of a cross-border correspondent relationship with a respondent institution of a third country or a respondent institution whereby the risk of Money Laundering or Terrorist Financing is higher, the following enhanced DD measures are applied:
10.9.1. gathering sufficient information on the respondent institution in order to fully understand the nature of the activities of the respondent institution and, based on publicly available information, make a decision on the reputation and supervision quality of the relevant institution, including by researching whether any proceedings have been initiated against the institution in connection with violation of AML/CFT legislation;
10.9.2. assessment of AML/CFT control systems implemented in the respondent institution. For example, asking AML/CTF documents, like rules of procedure, risk assessment;
10.9.3. receiving prior approval from the MB to establish a new correspondent relationship;
10.9.4. documenting the relevant duties and obligations of both institutions;
10.9.5. in the case of payable-through accounts, making certain that the respondent institution has verified the identity of the customers who have direct access to the accounts of the correspondent institution, applies due diligence measures to them at all times and, upon request is able to present the relevant due diligence measures applied to the customer.
10.10. If a person participating in a transaction made in economic or professional activities, a person participating in a professional act, a person using a professional service, a Client or their Beneficial Owner is a PEP, a family member of a PEP or a person known to be a close associate of a PEP, the following DD measures are applied in addition to the DD measures as established in section 10.6:
10.10.1. obtaining approval from the MB to establish or continue a Business Relationship with the person; and
10.10.2. applies measures to establish the origin of the wealth of the person and the sources of the funds that are used in the Business Relationship; and
10.10.3. monitors the Business Relationship in an enhanced manner. The Company should identify unusual transactions and regularly review the information it holds to ensure that any new or emerging information that could affect the risk assessment is identified in a timely fashion. The frequency of ongoing monitoring should be determined by the level of high risk associated with the relationship.
10.11. Where a PEP no longer performs important public functions placed upon them, the Company must at least within 12 months take into account the risks that remain related to the person and apply relevant and risk sensitivity-based measures as long as it is certain that the risks characteristic of PEP no longer exist in the case of the person.
11. Risk Assessment
11.1. The Representative will establish a risk profile of a Client based on information gathered under the Rules.
11.2. The Company applies the following risk categories:
i. Low risk;
ii. Normal risk;
iii. High risk.
11.3. As a default, the risk level is normal. If any of the low risk factors are present (as described above in sections 9.2-9.3), the Representative can decide, case-by-case basis, whether this Business Relationship is of a lower risk. In this case, the Client is attributed a lower degree risk and the Representative shall record it in the Company’s database of Clients and on the documents.
11.4. For every Client, who does not fall into the “normal risk” category or “low risk” category, the Representative shall record the Client’s risk category in the Company’s database of Clients and on the documents as “High risk”. Only the CO shall have the right to change the high risk category recorded for a Client.
11.5. Assessment of risk profile of natural persons
11.5.1. When establishing the risk category of a Client being a natural person, the country of residence of the Client, the region where the Client operates, and status of PEP shall be taken into account.
11.5.2. Characteristics of high risk in the case of a natural person, and the appropriate DD measures can be the following (although this must be decided case-by-case):
The actual place of residence or employment or business of a Client is in a country, which is included in the list of risk countries (see Exhibit 1), or the Client is an official citizen/resident of such country.
Ask the Client to provide additional information about the purpose of establishing the Business Relationship and his/her economic activities.
Ask the Client to provide additional information about its links with the said foreign state.
Apply section 10.8.
The Client is a person associated with a PEP.
The decision is taken by the MB. Apply sections 10.6 and 10.10.
The Client is a PEP.
Conduct an internet search about the Client.
Ask additional information and documents, which prove the legal origin of Client’s assets.
Apply sections 10.6 and 10.10.
There is information that the Client is suspected to be or to have been linked with a financial offence or other suspicious activities.
Check information about international sanctions5 or ask guidance from the CO.
Ask additional information and documents, which prove the legal origin of the Client’s assets.
The Client is a non-resident individual, whose place of residence or activities is in a country, which is listed in the list of risk countries (see Exhibit 1).
Ask the Client to provide additional documents to identify the Client and, if possible, check the Client’s data vis-à-vis the previously presented documents and information.
Verify and compare the data submitted by the Client against the additional documents, data or information, which originates from a reliable and independent source.
Apply section 10.8.
11.6. Assessment of risk profile of legal persons
11.6.1. When establishing the risk category of a legal person, assessment shall be based on the country of location of the legal person, its area of activity, the transparency of ownership structure and the management.
11.6.2. Characteristics of high risk in the case of a legal person, and the appropriate DD measures can be the following (although this must be decided case-by-case):
The Client is a legal person registered in the United Kingdom or the European Economic Area or in Switzerland, whose area of activity is associated with enhanced money- laundering risk.
Ask the Client to provide additional documents to identify it and, if possible, check the Client’s data vis-à-vis the previously presented documents and information.
Verify and compare the data submitted by the Client against the additional documents or information, which originates from
a reliable and independent source.
The Client is situated in a country, which is listed in the list of risk countries (see Exhibit 1).
Ask the Client to provide additional information about its links with the said foreign state.
Ask for additional information about the purpose of establishing the Business Relationship.
Apply section 10.8.
The legal person is a non-profit association, trust, civil law partnership or another contractual legal arrangement, whose activities and liability are insufficiently regulated by law, and the legality of financing of which is not easy to screen.
Check the authenticity of the presented documents and verify the accuracy of the data. Ask for help from the CO.
Ask the Client to provide information about relationships with credit or financing institutions, and the opinion of the respective credit or financing institution.
Ask additional information and documents, which prove the legal origin of the Client’s assets.
Gather enough information on the beneficiaries.
The representative or the Beneficial Owner of a legal person is a PEP or his or her family member.
Ask the Client to provide additional information about the need and purpose of establishing the Business Relationship.
Ask the Client to provide information about relationships with credit or financing institutions, and the opinion of the respective credit or financing institution about the Client. Conduct an internet search about the Client, being a legal person, and its Beneficial Owner.
Ask additional information and documents, which prove the legal origin of the Client’s assets.
Apply sections 10.6 and 10.10.
There is information that the person is suspected to be or to have been linked with a financial offence or other suspicious activities.
Check information about international sanctions or ask guidance from the CO.
Ask additional information and documents, which prove the legal origin of the Client’s assets.
A legal person registered outside the United Kingdom or the European Economic Area, whose field of business is associated with a high risk of Money Laundering.
A legal person registered outside the United Kingdom or the European Economic Area, who is operating outside the country of its registered location.
A legal person is operating or is registered in a low tax rate country or the place of residence, place of registration of the legal person, its owners or Beneficial Owners, or the territory of business of the legal person is situated in a country listed in the list of risk countries (see Exhibit 1).
Ask the Client to provide additional information about its links with the said foreign state.
Ask for additional information about the purpose of establishing the Business Relationship.
Verify and compare the data submitted by Client against the additional documents, data or information, which originates from a reliable and independent source (if obtaining such information is possible).
Ask additional information and documents, which prove the legal origin of the Client’s assets.
11.7. The above listed DD measures can be combined, as appropriate, in respect to other listed or non- listed risks.
11.8. The MB has determined that Business Relationships can be established with persons from countries and countries outside the United Kingdom or the European Economic Area.
11.9. More risks and technical procedure for applying DD measures are Procedure on Know Your Transaction (“KYT”). However, if there are any inconsistencies between the Rules and this Exhibit, the Rules shall be applied.
11.10. Identification and management of risks of technology and services
11.10.1. The Company uses safe technological solution for providing services.
11.10.2. The Company implements next physical and personal measures to keep safety:
184.108.40.206. all data is stored on cloud;
220.127.116.11. all secure keys are kept by the Chief Technology Officer;
18.104.22.168. developers are full-time employees, who sign a non-disclosure agreement.
11.10.3. The Company uses special technical solutions, i.e. Modular System for isolation purposes, to keep provided service in safe and keeps history of transactions. Communication among the modules is encrypted and keys are kept separately. There are system limits of amount of virtual currency, that users can operate depending on verification level and procedure. System holds certain part of the capital in hot wallets, everything else is stored on remote/cold wallet.
11.10.4. For the authorisation process the Company uses Standard SSL traffic, session encryption, user-level authentication, two-factor authentication and private data encryption by private-public key encryption.
11.10.5. For reducing the risk of any information leakage and the mitigation thereof, the Company shall, among other things:
22.214.171.124. establish and operate a management system in order to protect information from unauthorized access, loss, tampering, and leakage, etc., so the information shall only be used appropriately in accordance with its purposes;
126.96.36.199. in case of theft/taking illegal possession of the assets of the Company by hacking or other methods, suspend the service (including deposits and withdrawals), conduct a security review and advise the users to change their API key and resetting two-factor authentication;
188.8.131.52. in order to minimize damage, carry out detection and tracking simultaneously with malware inspection, also carry out log acquisition / analysis, computer and network operation status monitoring / recording, and real-time monitoring / recording of unauthorized access by intrusion detection system;
184.108.40.206. for external cyber-attacks, measures for protection, prevention, detection and tracking are installed. For any internal wrongdoings, security measures for deterrence, control, detection and tracking are established;
220.127.116.11. take any measures considered necessary by the Company (for example, if deemed appropriate by the Company, suspending the provision of service).
11.10.6. Support team of the technical solution monitors and identifies threats and reports to the MB. As a rule, the Company systematically analyses whether adoption of additional security measures is required.
12. Registration and Storage of Data
12.1. The Representative shall ensure that the Client data are registered in the Company’s Client database within the required scope.
12.2. Registration of data of a Client who is natural person
12.2.1. The following obtained data shall be recorded in the Company’s information system:
i. name, personal ID code or, in the absence of the latter, the date of birth and the place of residence or seat;
ii. the name and number of the document used for identification and verification of the identity of the person, its date of issue and the name of the issuing authority;
iii. occupation, profession or area of activity;
iv. if the Client is a natural person, the Representative shall record information about whether the person is a PEP, or is a close associate or family member of a PEP;
v. citizenship and the country of tax residency;
vi. the origin of assets.
12.2.2. In case of a representative, the following info shall be recorded:
i. same as provided for in subsections i-ii of section 12.2.1;
ii. the name of the document used for establishing and verification of the right of representation, the date of issue and the name or name of the issuing party.
12.3. Registration of data of a Client who is a legal person
12.3.1. The following information on the Client being a legal person shall be recorded:
i. name, legal form, registry code, address, date of registration and activity locations;
ii. information concerning means of communication and contact person(s);
iii. names of the members of the management board or an equivalent governing body, and their powers to represent the Client, and whether any of them is a PEP;
iv. information about the Beneficial Owners;
v. field(s) of activity (i.e. the NACE codes);
vi. name and number of the document used for identification and verification of the identity, its date of issue and the name of the issuing authority;
vii. country of tax residency of the legal person (VAT number);
viii. date of registration of the legal person in the Company’s database;
ix. purpose of the Business Relationship;
x. origin of assets (normal business operations/other).
12.3.2. The following information about the Beneficial Owner shall be recorded:
i. name, personal ID code or, in the absence of the latter, the date of birth and the place of residence or seat;
ii. type of control over the enterprise (e.g. shareholder);
iii. is the person a PEP;
iv. information about the representative as set forth under section 12.2.2.
12.3.3. Information from the B-card, i.e. the legal representatives of the Client being a legal person stated on the B-card, shall be recorded on the Client data registration sheet or the contract concluded with the Client.
12.4. The Representative shall record all the data regarding:
12.4.1. transaction date or period and description of the substance of the transaction;
12.4.2. Company’s decision to refuse establishment of the Business Relationship. The Representative shall also record all the data, if, as a result of taking DD measures, the Client refuses to establish the Business Relationship;
12.4.3. information on all of the operations made for the purpose of establishing the identity of the Client;
12.4.4. impossibility to take DD measures using information technology means;
12.4.5. termination of the Business Relationship, as a result of impossibility to take DD measures;
12.4.6. information on the circumstances of termination of a Business Relationship in connection with the impossibility of application of the DD measures;
12.4.7. information serving as the basis for the duty to report to the Authorities;
12.4.8. upon making transactions with the representative of a civil law partnership, community or another legal arrangement or with a trust or trustee, the fact that the person has such status, an extract of the registry card or a certificate of the registrar of the register where the legal arrangement has been registered.
12.5. Furthermore, the Representative shall also register the following data:
12.5.1. upon opening an account, the account type, number, currency and significant characteristics of the securities or other property;
12.5.2. upon acceptance of property for depositing, the deposition number and the market price of the property on the date of deposition or a detailed description of the property where the market price of the property cannot be determined;
12.5.3. in the case of payment intermediation, the details the communication of which is mandatory under relevant regulations;
12.5.4. in the case of another transaction, the transaction amount, the currency and the account number;
12.5.5. copies of correspondence with the Client (chats and summaries of phone calls).
12.6. Storage of Data
12.6.1. The respective data is stored in a written format and/or in a format reproducible in writing and, if required, it shall be accessible by all appropriate staff of the Company (MB, Representatives, marketing, CO etc). The data and the documents are retained in a manner that allows for exhaustively and immediately replying to the enquiries of the AUTHORITIES or, in accordance with legislation, those of other supervisory authorities, investigative bodies or courts, inter alia, regarding whether the Company has or has had in the preceding five years a Business Relationship with the given person and what is or was the nature of the relationship.
12.6.2. The originals or copies of the documents, which serve as the basis for identification of a person, and of the documents serving as the basis for establishing a Business Relationship, shall be stored for at least five (5) years following the termination of the Business Relationship. The Company does not have to retain the originals or copies of the documents serving as a basis for the identification of persons and verification of submitted information where: (i) the person was identified using E-Identification, or (ii) the document is available to the Company in an electronic database of the state at least five (5) years following the termination of the Business Relationship.
12.6.3. During the period specified in section 12.6.2, the Company shall also retain the entire correspondence relating to the performance of the duties and obligations arising from the Regulations and all the data and documents gathered in the course of monitoring the business relationship as well as data on suspicious or unusual transactions or circumstances which were not reported to the Authorities.
12.6.4. The documents prepared with regard to a transaction and the documents and data serving as the basis for the notification obligations to the Authorities shall be retained for no less than five years after making the transaction or performing the duty to report.
12.6.5. The data of the document prescribed for the E-Identification, information on making an electronic query to the identity documents database, and the audio and video recording of the procedure of identifying the person and verifying the person’s identity shall be stored at least five (5) years following the termination of the Business Relationship.
12.6.6. The relevant data is deleted after the expiry of the time limits stipulated above, unless the legislation regulating the relevant field establishes a different procedure. On the basis of a precept of the competent supervisory authority, data of importance for prevention, detection or investigation of Money Laundering or Terrorist Financing may be retained for a longer period, but not for more than five years after the expiry of the first time limit.
12.6.7. Also, the following is retained:
i. manner, time and place of submitting or updating of data and documents;
ii. name and position of the Representative who has established the identity, checked or updated the data.
13.1. Notification of the CO
13.1.1. Any circumstances identified in the Business Relationship which are unusual or suspicious or there are characteristics which point to Money Laundering, Terrorist Financing, or to the commission of related offences, or an attempt of the same the Representative shall promptly notify to the CO. The Representative shall also promptly notify the CO when a Business Relationship cannot be established, and upon occurrence of circumstances described in sections 6.5, 13.3.1, 13.3.2 and 13.3.4.
13.1.2. The CO shall analyse and forward the respective information to the MB.
13.2. Notification of the Authorities
13.2.1. Before reporting any transaction connected with suspected Money Laundering or Terrorist Financing to the Authorities, the CO shall analyse the content of the information received, considering the Client’s current area of activity and other known information.
13.2.2. The CO shall decide whether to forward the information to the Authorities and the MB shall decide whether to terminate the Business Relationship.
13.2.3. The CO shall make a notation “AML” behind the name of the Client in the Company’s Client database or on the documents, and shall notify the Authorities promptly, but not later than within 2 business days after discovering any activities or circumstances or arising of suspicion, using the respective web-form for notifying the Authorities. Copies of the documents as set forth by guidelines of Authorities or further requested by Authorities shall be appended to the notice.
13.2.4. The Authorities shall be notified of any suspicious and unusual transactions where, including such where the financial obligation exceeding 32 000 USD or an equivalent amount in another currency is performed in cash, regardless of whether the transaction is made in a single payment or several related payments over a period of up to one year.
13.2.5. The CO shall store in a format reproducible in writing any reports received from the Representatives about suspicious circumstances, as well as all information gathered to analyse such notices, as well as other linked documents and notices to be forwarded to the Authorities, along with the time of forwarding the notice, and the information about the Representatives who forwarded the same.
13.2.6. The Client who is reported to the Authorities as being suspicious, may not be informed of the same. This means that the Company, a structural unit of the Company, a member of a management body and an employee of the Company and the Representative is prohibited to inform the Client, its beneficial owner, representative and also any third party (including other Representatives) about a report submitted on them to the Authorities, a plan to submit such a report or the occurrence of reporting as well as about a precept made by the Authorities or about the commencement of criminal proceedings (unless otherwise provided by the relevant regulations). After a precept made by the Authorities has been complied with, the Company may inform a person that the Authorities has restricted the use of the person’s account or that another restriction has been imposed.
13.2.7. Where the Company suspects or knows that Terrorist Financing or Money Laundering or related criminal offences are being committed, the making of the transaction or professional act or the provision of the official service must be postponed until the submission of a report to the Authorities. Where the postponement of the transaction may cause considerable harm, it is not possible to omit the transaction or it may impede catching the person who committed possible Money Laundering or Terrorist Financing, the transaction or professional act will be carried out or the official service will be provided and a report will be submitted the Authorities thereafter.
13.3. Postponing a transaction and termination of the Business Relationship with a Client
13.3.1. The Company shall postpone the making of a transaction until the Client has submitted the documents and information required for the application of DD measures, including for certifying the origin of the subject-matter of the transaction or for monitoring the Business Relationship.
13.3.2. The Company shall extraordinarily and unilaterally terminate the Business Relationship without observing the advance notification period, if upon refusal to issue an e-resident’s digital identity card or where its validity is suspended or where it is declared invalid on the ground provided for the relevant applicable law. Where, on the conditions described in sections 13.3.1 or 13.3.2 the omission of a transaction would be impossible or where the omission of a transaction or termination of a Business Relationship might impede efforts made to catch persons benefiting from a suspicious transaction, the Company may still make the transaction or continue the Business Relationship, informing the Authorities thereof immediately after making the transaction or deciding to continue the business relationship.
13.3.3. Where the Company has a Business Relationship with the Client in a situation provided for in section 6.5, the refusal by the Client to provide information or documents required for the application of DD measures is deemed a fundamental breach of a contract that shall be reported by the Representative to the CO, and in such case the contract(s) concluded with the Client shall be cancelled and the Business Relationship shall be terminated as soon as feasible. Also, in this case the Authorities is notified, as established in section 13.
13.3.4. The above (section 13.3.4) does not apply where after the notification of the Authorities (see section 13) the Company receives specific instruction from the Authorities to continue the Business Relationship, the establishment of the Business Relationship or the transaction.
13.3.5. The decision on terminating the Business Relationship shall be taken by the Management Board.
13.3.6. The Client shall be notified of the termination of the Business Relationship in writing, provided that it is consistent with section 13.2.6. Notation about the cancellation of the Business Relationship shall be made in the Company’s Client database or documentation, and a note “AML” shall be added to the Client’s data.
13.4. Indemnification of the Representatives
13.4.1. The Company and its Representatives shall not, upon performance of the obligations arising from the Rules and the applicable law, be liable for damage arising from a failure to carry out any transactions (by the due date) if the damage was caused to the persons in connection with notification of the Authorities of the suspicion of Money Laundering or Terrorist Financing in good faith, or for damage caused to a Client or in connection with the cancellation of a Business Relationship as provided in the Rules.
13.4.2. Fulfilment of the notification obligation by the Representative acting in good faith, and reporting the appropriate information shall not be deemed breach of the confidentiality obligation imposed by the law or the contract, and no liability stemming from the legislation or the contract shall be imposed upon the person who has performed the notification obligation.
13.4.3. Taking into account its size and nature of activities, the Company establishes an appropriate system of measures ensuring that the Representatives who report of a suspicion of Money Laundering or Terrorist Financing or of a violation of the relevant regulations within the Company are able to do so anonymously and are protected from being exposed to threats or hostile action by other employees, management body members or the Clients, in particular from adverse or discriminatory employment actions.
14.1. The Company shall ensure that all Representatives who have contacts with Clients or matters involving Money Laundering are provided with regular training and information about, inter alia, on the duties and obligations provided for in the Rules, modern methods of Money Laundering and Terrorist Financing and the related risks, the personal data protection requirements, on how to recognise acts related to possible Money Laundering or Terrorist Financing, and instructions for acting in such situations. The CO shall arrange regular training concerning prevention of Money Laundering and Terrorist Financing to explain the respective requirements and obligations.
14.2. Initial training is provided at the start of the Representative´s service. The Representatives who are communicating with the Clients directly may not start working before they have reviewed and committed to the adherence of these Rules and participated in the Money Laundering and Terrorist Financing prevention training.
14.3. Training is provided regularly, at least once a year, to all Representatives and other relevant designated staff. Training may be provided also using electronic means (conference calls, continuous e-mail updates provided confirmation on receipt and acceptance is returned and similar means).
14.4. Training materials and information shall be stored for at least three years.
15. Internal Audit and Amendment of the Rules
15.1. Compliance with the Rules shall be inspected at least once a year by the CO.
15.2. The report on the results of the inspection concerning the compliance with the measures for prevention of Money Laundering and Terrorist Financing shall set out the following information:
i. time of the inspection;
ii. name and position of the person conducting the inspection;
iii. purpose and description of the inspection;
iv. analysis of the inspection results, or the conclusions drawn on the basis of the inspection.
15.3. If the inspection reveals any deficiencies in the Rules or their implementation, the report shall set out the measures to be applied to remedy the deficiencies, as well as the respective time schedule and the time of a follow-up inspection.
15.4. If a follow-up inspection is carried out, the results of the follow-up inspection shall be added to the inspection report, which shall state the list of measures to remedy any deficiencies discovered in the course of the follow-up inspection, and the time actually spent on remedying the same.
15.5. The inspection report shall be presented to the MB, who shall decide on taking measures to remedy any deficiencies discovered.
16. No Relations with Shell Banks
16.1. ‘Shell bank’ means a credit institution or financial institution, or an institution that carries out activities equivalent to those carried out by credit institutions and financial institutions, incorporated in a jurisdiction in which it has no physical presence, involving meaningful mind and management, and which is unaffiliated with a regulated credit or financial group.
16.2. The Company shall not establish or continue correspondent relationships with shell banks and such credit institutions or financial institutions that knowingly allow shell banks use their accounts.
Exhibit 1a. Contracting states of the European Economic Area
Please refer to https://www.gov.uk/eu-eea
Exhibit 1b. Countries who have established Anti-Money Laundering requirements equivalent to the European Union AML framework
Please refer to https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international- relations_en
Exhibit 1c. List of risk countries
A country specified in a delegated act adopted on the basis of art 9(2) of EU Directive 2015/849. Current list available at: https://eur-lex.europa.eu/legal-content/ET/TXT/?uri=CELEX:02016R1675-20201001
Also, a following country or jurisdiction:
- that, according to credible sources such as mutual evaluations, detailed evaluation reports or published follow-up reports, has not established effective AML/CFT systems;
- that, according to credible sources, has significant levels of corruption or other criminal activity;
- that is subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations;
- that provides funding or support for terrorist activities, or that has designated terrorist organisations operating within their country, as identified by the European Union or the United Nations.