Trueplay Inventions Inc.

PROGRAMME ON KYC AND AML/CFT COMPLIANCE

(last update 07/12/2021)

Table of Acronyms

AML (Anti Money Laundering) A set of procedures, laws, or regulations designed to stop the practice of generating income through illegal actions. In most cases, money launderers hide their actions through a series of steps that make money coming from illegal or unethical sources appear like it was earned legitimately. ML behavior is usually detected using a combination of transaction analysis (amounts, patterns, frequency, etc.) also called client profiling and name screening to identify specific counterparties to be handled as “high-risk” (e.g., Politically Exposed Persons)
Blockchain Digitized, decentralized, public ledger of all cryptocurrency transactions
CDD Client Due Diligence
CFT (Counter-Terrorism Financing) Money laundering is the process where cash raised from criminal activities is made to look legitimate for re-integration into the financial system, whereas the term FT cares little about the source of the funds; the scope is defined by what the funds are to be used for terrorist activity. It may involve funds raised from legitimate sources, such as personal donations and profits from businesses and charitable organizations, as well as from criminal sources, such as the drug trade, the smuggling of weapons and other goods, fraud, kidnapping, and extortion. Detection of FT usually involves comparing counterparties’ names against official sanction watchlists (e.g., OFAC, EU, UN, etc.)
CIP Client Identification Procedures
Cryptocurrency Digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets
Crypto wallet Storage of the public and private keys which can be used to receive or spend the cryptocurrency
DApp Decentralized application
DAFM The Dutch Authority for the Financial Markets.
DNB De Nederlandsche Bank, the central bank of the Netherlands.
ETH Ethereum Virtual Currency
Etherscan Block explorer, search, API, and analytics platform for Ethereum, a decentralized smart contracts platform
FAA Financial Advisers Act
FT Financing of Terrorism – generally refers to activities that provide financing or financial support to individual terrorists, it may not involve proceeds of criminal conduct but is rather an attempt to conceal either the origin of the funds or their intended use.
Hash Part of the block hashing algorithm which is used to write new transaction into the blockchain through the mining process
KYC (Know Your Client) Know your client refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients to do business with them. The objective of the KYC is to prevent institutions from being used by criminal elements, intentionally or unintentionally, for ML/FT financing activities. The process of KYC entails identifying the client and verifying their identity by using reliable and independent documents or information at onboarding time and on a recurrent basis after that (frequency is based on the ongoing counterparty risk level)
KYT (Know Your Transactions) KYT is a set of procedures and processed aiming at detecting ML and CFT in incoming/outgoing transactions processed by a financial institution. Regarding process, both name matching (sender and recipient) and client profiling (amounts, patterns, and frequency) are used in the detection approach
MAS Monetary Authority of Singapore
ML Money Laundering – is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets
Nods Devices on a blockchain network, that is, in essence, the foundation of the technology, allowing it to function and survive
OFAC Office of Foreign Assets Control
PEP Politically Exposed Person
RBA Risk-based approach
SAR Suspicious Activity Reporting
SEC US Securities and Exchange Commission
Token Sale Token Sale
USDT Cryptocurrency asset issued on the Bitcoin blockchain via the Omni Layer Protocol, backed by a U.S Dollar held in the reserves of the Tether Limited and can be redeemed through the Tether Platform
VC Virtual currency
VCPPS VC payment products and services

Processing overview issues

Introduction

The rapid development, increasing functionality, growing adoption and global nature of VCPPS, activities of which may be carried out without seeming to be based in any particular jurisdiction, have caused the improvement of worldwide AML/CFT regulatory regimes that focus on VCPPS. To keep up with best practices of worldwide AML/CFT regimes and to comply with them, Trueplay Inventions Inc. of House of Francis, Room 303, Ile Du Port, Mahe, Seychelles (hereinafter – “we”, “Company”, “TRUEPLAY INVENTIONS”) reveals its Programme (hereinafter – “Programme”) that aims to conduct integrity supervision of its clients and their activities.

The Financial Action Task Force (hereinafter – “FATF”) has issued the report “Virtual Currencies: Key Definitions and Potential AML/CFT Risks”, the “Guidance for a risk-based approach: virtual currencies” and the “A Guide to Digital Token Offerings” issued by MAS as of May 26, 2020 to emerge best practices for regulatory issues arising in respect of ML/FT and other crime risks associated with VCPPS that must be identified and mitigated. Existing and upcoming AML regulations such as 4th and 5th EU AML Directive, FATF guidelines or local governments’ and financial authorities’ regulations require entities active at the intersection of digital currencies and traditional financial system to implement appropriate policies.

Compliance with these documents is essential to provide effective application of international AML/CFT standards concerning VCPPS.

The Programme makes AML assessment of its clients both when onboarding them as well as on each of their transaction. The evaluation of the clients and their operations is performed by TRUEPLAY INVENTIONS with the following conclusion. Based on a Programme analysis model TRUEPLAY INVENTIONS can decide which transaction or crypto source history should be passed and which should be rejected. TRUEPLAY INVENTIONS builds customized AML and financial risk models meeting the most restrictive regulatory and performance requirements, providing economic operators with the required assurance for their business continuity.

TRUEPLAY INVENTIONS actively participates in domestic and international efforts to combat ML, FT, and other financial crimes. The Company complies with all the applicable laws and regulations relating to such activities and seeks all available means to prevent being utilized as a conduit for such illicit funds.

The Programme describes general and legal aspects of the TRUEPLAY INVENTIONS identification procedures and describes measures and efforts that TRUEPLAY INVENTIONS takes to comply with applicable regulations. By this Programme, the Company wishes to:

  • comply with applicable laws and regulatory guidelines;
  • implement the international AML/CFT standards provided by FATF;
  • establish an RBA towards assessing and managing the ML/FT risks concerning VCPPS;
  • evaluate clients, transactions, and services offered with an RBA and to mitigate ML/FT and other crime risks;
  • provide multi-level procedures to identify and verify clients properly;
  • manage the risk associated with dealing with clients who may violate the requirements of Programme;
  • improve internal procedures and technology for suspicious activity monitoring and reporting;
  • ensure the periodical holding of AML/CFT training to inform a target audience with relevant AML/CFT procedures.

The Programme will be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls.

Purpose and status of the Programme

The Programme itself is not a legally binding document, nor it has a status of any legal instrument under FATFA regulations. The Programme does not have or aim to have any legal effect as well. The Programme does not replace laws and regulations or policy and supervisory rules on the issues concerned therein. The examples presented in the Programme are not exhaustive and cannot cover every eventuality. They serve as a guide for the explanation and application of statutory obligations.

The Programme applies to each TRUEPLAY INVENTIONS client and complements international AML/CFT regulations. All the related to this sphere laws clarify the various obligations and provide tools for the implementation of all and each obligation referred hereunder.

In this Programme, reference is made to international (non-binding) guidance documents of the FATF, the EU (Directive (EU) 2015/849, Regulation (EU) 2015/847, Delegated Regulation (EU) 1675/2016 etc.) and other countries and organizations laws of which are not less stricter then FATF`s documents related with AML/CFT issues. While the guidance documents issued by these organizations are mostly directed at specific sectors, much of the information they contain can also be useful for other sectors. The following Programme aims to cover all the best worldwide practices of AML/CFT laws.

Key elements of the Programme

I. General framework for integrity

A. Integrity of business operations

Clients` and their operations integrity is one of the pillars of trust and is thus a prerequisite for the Company`s proper business conduction. Thus, the integrity is an explicit norm within financial supervision that sets out the statutory requirements for monitoring integrity of business operations. The key here is that clients should avoid becoming involved in acts that are against the law and/or are regarded as improper in society, and that they safeguard the integrity of their business operations. Controlling integrity risks is a central tenet of the transposition of this Programme together with international AML/CFT regulations into practical rules. For the avoidance of doubt, the integrity risks are understood among other things as the risk of ML and FT. Altogether, international AML/CFT regulations prescribe a control framework for this, aimed at controlling integrity risks.

As a minimum, TRUEPLAY INVENTIONS declares that the control framework for integrity risks (integrity of clients and their business operations) under this Programme comprises the following:

  • systematic assessment of integrity risks;
  • formulation of a strategy;
  • adoption of an adequate policy aimed at risk control and integrity of action;
  • translation and implementation of the policy principles into procedures and measures;
  • systematic testing and assessment of the adequacy of the control environment, if necessary followed by modifications to that control environment.

Control framework for integrity risks is the fundamental part of RBA hereunder. Such RBA chapter under the Programme detailing and systemize all the important elements of the mentioned framework.

B. Ethical business culture

Ethical business culture and ethical conduct are vital to the effectiveness of integrity control measures. Ethical conduct is a professional, individual responsibility in which the individual and/or the company are aware and take proper account of the rights, interests, and wishes of other stakeholders, display an open and transparent attitude, and are willing to take responsibility and render account for their decisions and actions. An ethical culture denotes a climate and atmosphere in which the Company behaves or acts, including in a broader sense, in a way that it can explain and account for – not just according to the letter of the law, but also in the spirit of the law.

Ethical business culture principles pierce through the Programme and its provisions.

C. Client due diligence

To guarantee the integrity of business operations, it is essential for the Company to know who its clients are, whether their business is legal, and with whom Company`s clients cooperate (and for what purpose such cooperation is used). The Company wants to follow the international AML/CFT regulations under which it is mandatory to operate an adequate client due diligence system to know its clients and to avoid engaging in business relationships with persons who could damage trust in the Company. Client due diligence standards are relevant not only for ensuring the integrity of the business operations of the Company as a whole, but also specifically for combating ML and FT.

The Company`s client due diligence incorporates procedures, processes, and measures in relation to:

  • the identification and verification of the identity of clients;
  • the acceptance and risk assessment of clients;
  • the monitoring of clients, accounts, and transactions.

Client due diligence chapter herein contains all the important elements, deeply describes the procedure of such audit and gives a precise understanding of with what clients only the Company is ready to cooperate.

D. Sanctions regulations

To the maximum possible extent the Company can relate to, taking into account international AML/CFT provisions and the legal status of the Company, it is possible to:

  • freeze clients` assets in case of a reasoned request from a competent authority;
  • to inform competent authority about suspicious clients and/or their transactions;
  • to oppose specific restrictions on clients` possibilities within Company`s services and infrastructure.

These measures are intended to prevent undesirable transactions and to combat terrorism only. The Company ensures that it can identify nature of clients` relationships. The Company subsequently ensures that it does not provide any of its services to those relationships that are forbidden under international AML/CFT legislation and that the Company can freeze client`s assets.

E. Foreign branches and subsidiaries

Local laws and regulations to promote the integrity of business operations or, more specifically, to prevent ML and FT, may differ markedly between jurisdictions. In case the Company operates internationally, it will follow the set of global minimum standards for the implementation of integrity policy and procedures, which apply to the entire group. It means that the integrity control measures will, in any event, apply to all client`s business operations, all functional activities, and all clients worldwide. The Company may operate in jurisdictions where local laws and regulations set lower integrity standards than the global AML/CFT minimum standards. The Company will then apply the group’s higher standards to the offices and branches in those jurisdictions. If local laws and regulations impose higher standards for integrity control measures than the minimum standards, the Company will reassess its minimum standards and adjust them where necessary.

Practical design.

Under the international requirements, the Company has adopted an RBA towards assessing and managing the ML and FT risks. It means that the Company applies to the maximum possible extent all the measures prescribed by the laws. Therefore, we can ensure that measures to prevent or mitigate ML and FT are commensurate with the identified risks. This will allow resources to be allocated in the most efficient ways. The principle is that resources should be directed accordingly to priorities so that the greatest risks receive the highest attention.

A risk-based approach includes:

  • Risk Assessment (including the identification of the vulnerabilities);
  • Risk Monitoring;
  • Managing and Mitigation the risks (including designing and implementing the risk management process);
  • Monitoring, reviewing and improving the effectiveness of control.

A. Introduction.

The Company has designed the following Programme to identify the risks to which it may be exposed. Risks are not static: both internal and external factors can cause the risks for the Company to change. For example, the activities of the Company or its clients may be expanded, certain trends may occur within the financial and economic world, or legislation and regulations may be amended. The Company also determines whether the proposed risk control measures are effective. If they are not, the Company amends them. If the Company cannot control identified risks concerting a certain activity of its client, the Company will adjust such activity or will end the activity within its services. As a minimum, a systematic integrity risk assessment means that the Company performs the assessment periodically.

The Company prepares a profile for each new client based on risk categorization (the nature and level of the risk they present). The higher the risks, the more efforts the Company should make to mitigate them. The client profile may contain information relating to client's identity, social/financial status, nature of business activity, information about his clients' business and their location, etc. Clients may be categorized into low, medium and high risk. For example, individuals (other than high net worth individuals) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known transaction profile of that kind of clients may be categorized as low risk. Salaried employees, government-owned companies, regulators, etc. fall into this category. For this category of clients, it is sufficient to meet just the basic requirements of verifying identity.

B. Risk Assessment.

In Risk assessment procedure, before establishing relationships with a client, the Company assess the following general factors:

  • Location of the individual or business (offshore, onshore countries);
  • Occupation of the individual or nature of business;
  • Purpose of the business transactions or relationship;
  • The expected pattern of activity regarding transaction types, volume, and frequency;
  • Expected origination of payments and method of payment;
  • Articles of incorporation, partnership agreements, and business certificates;
  • Understanding the clients of the Company’s clients;
  • Identification of ultimate beneficial owners of an account or the Company’s client;
  • Details of other personal and business relationships the Company’s client maintains;
  • Type of business structure;
  • Approximate salary or annual sales;
  • AML policies and procedures in place;
  • Third-party documentation;
  • Negative news through review of media sources.

C. Risk Monitoring.

In all cases, the Company assesses the following risks (including but not limited to):

  • Transactions with distinctive patterns - high-value addresses (clients with high-value balance; clients with high-value historical balance; clients maintaining high-value balance for a long period);
  • AML reporting thresholds (clients with single incoming transactions equal to or exceeding 15000 EUR/10 000 USD; clients with significant part of single incoming transactions equal to or exceeding 15 000 EUR/10 000 USD; clients with single outgoing transactions equal to or exceeding 15 000 EUR/10 000 USD; clients with significant part of single outgoing transactions equal to or exceeding 15 000 EUR/10 000 USD);
  • Transactions with distinctive patterns – round amounts (clients with a significant part of incoming transactions executed in round digital currencies amounts; clients with a significant part of outgoing transactions executed in round digital currencies amounts);
  • Transactions with distinctive patterns – significant transaction fees (clients with large value incoming transactions executed with a fee speeding up the transaction; clients with significant part of incoming transactions executed with a fee speeding up the transaction; clients with large value outgoing transactions executed with a fee speeding up the transaction; clients with a significant part of outgoing transactions executed with a fee speeding up the transaction);
  • Transactions impending track of funds – new addresses transactions (clients with transactions incoming from new addresses; clients with transactions outgoing to new addresses; clients with a significant part of incoming transactions executed from new addresses; clients with significant part of outgoing transactions executed to new addresses);
  • Transactions with distinctive patterns – significant transactions value (clients with incoming transactions the value of which is significantly higher than network average; clients with outgoing transactions the value of which is significantly higher than network average; clients with significant part of incoming transactions the value of which is significantly higher than network average; clients with significant part of outgoing transactions the value of which is significantly higher than network average);
  • Initial Coin Offerings (clients receiving funds from Initial Coin offering payment address; clients sending funds to Initial Coin Offerings; clients sending funds to multiple Initial Coin Offerings; clients creating Initial Coin Offering smart contract);
  • Transactions with distinctive patterns – inconsistent transactions patterns (clients with value peaks of incoming transactions; clients with value peaks of outgoing transactions);
  • Transactions with distinctive patterns – accumulating funds (clients accumulate funds for a long period);
  • Transactions impeding track of funds – passing funds through miners (clients with incoming transactions passing significant fees to miners; clients with a significant part of incoming transactions passing significant fees to miners; clients with outgoing transactions passing significant fees to miners; clients with a significant part of outgoing transactions passing significant fees to miners);
  • Transactions impending track of funds – transactions impossible to decrypt (clients with transactions impossible to decrypt);
  • Transactions impeding track of funds – structuring payment`s (clients with multiple small transactions incoming from another address in a short period of time; clients with a significant part of multiple small transactions incoming from another address in a short period of time; clients with multiple small transactions outgoing to another address in a short period of time; clients with significant part of multiple small transactions outgoing to another address in a short period of time; clients with multiple small transactions incoming from multiple other addresses in a short period of time; clients with significant part of multiple small transactions incoming from multiple other addresses in a short period of time; clients with multiple small transactions outgoing to multiple other addresses in a short period of time; clients with significant part of multiple small transactions outgoing to multiple other addresses in a short period of time);
  • Transactions impeding track of funds – rapid movement of funds (clients with quickly released incomes; clients with a significant part of transactions constituting quickly released incomes);
  • Industry risk – not regulated activity (client is a nonprofit organization; client is a foundation; client is a charity; client is a cloud mining pool; client is a tipping service; client is anonymity service);
  • AML reporting thresholds – structured deposits (clients with a significant part of single incoming transactions just below 15 000 EUR/10 000 USD; clients with a significant part of single outgoing transactions just below 15 000 EUR/10 000 USD);
  • Direct links to crime and fraud offences (clients linked with weapon trade or trafficking; with crime against person; with drug trade; with darknet markets; with ransom and extortion; with scams and investment frauds; with Ponzi schemes; with mixers and tumblers; with shutdown or inactive service; with tax evasion; with deep web; with cybercrimes).

D. Managing and Mitigation the risks.

In Risk assessment procedure, the Company has adopted the Red flags. Red flags that signal possible ML or FT include, but are not limited to:

  • Clients – Insufficient or Suspicious Information;
  • Provided unusual or suspicious identification documents that cannot be readily verified;
  • Failure and/or unclearness in provision of complete information about the nature and purpose of business, prior banking relationships, anticipated account activity, officers, and directors or business location;
  • Refusal to identify a legitimate source for funds or information is false, misleading or substantially incorrect;
  • The background is questionable or differs from expectations based on business activities;
  • A client with no discernible reason for using Company’s service;
  • Avoidance of reporting and recordkeeping;
  • Refusal in provision of information needed to file reports or fails to proceed with the transaction;
  • Pushing own employees not to file required reports or not to maintain required records;
  • “Structures” deposits, withdrawals or purchase of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements;
  • The unusual concern with the Company’s compliance with government reporting requirements and Company’s AML/CFT policies, this Programme;
  • Lack of own internal AML/CFT policies
  • Certain funds transfer activities;
  • Crypto/Wire transfers to/from financial secrecy havens or high-risk geographic location without an apparent business reason
  • Numbers of small, incoming crypto/wire transfers or deposits made using checks and money orders. Almost immediately withdrawn or wired out in a manner inconsistent with Client’s business or history. May indicate a Ponzi scheme;
  • Crypto/Wire activity that is unexplained, repetitive, unusually large or shows unusual patterns or with no apparent business purpose;
  • Activity inconsistent with the business;
  • Activity in high-risk business sectors;
  • Transactions patterns show a sudden change inconsistent with normal activities;
  • Unusual transfers of funds or journal entries among accounts without any apparent business purpose;
  • Maintenance of multiple accounts, or maintenance of accounts in the names of family members or corporate entities with no apparent business or another purpose;
  • An agent that acts on behalf of undisclosed principal and refuses to provide information.

Together with general Red Flags provided above, the Company understands that there may be number of other risks such as clients themselves, their activities (services they provide, etc.), countries and geographical risks (countries or regions where Company`s clients are established or conduct their activities) that are important to be assessed as well. When preparing a risk assessment, the Company looks at the characteristics of different types of clients, such as sectors and professions, residency or assets and source of income. It also looks at how the contact with clients is generally established and how Company`s services are offered. The Company monitors the risks that stem from the client/product and client/country combinations and takes the finding into account, first, when setting up the systematic risk assessment and again in defining the client`s risk profile and monitoring the relationship. When defining a client`s risk profile, all specific characteristics of that client are also taken into account. Ultimately, the Company should have insight into the rationality and reality of the transactions and clients and their activities in general.

Possible indicators of country or geographical risk:

  • Countries or geographic areas subject to sanctions, embargoes or comparable measures, for example, imposed by the United Nations, the European Union or the United States.
  • Countries or geographic areas identified by credible sources (e.g., the FATF, the IMF or the World Bank) as lacking an appropriate system for preventing ML/FT. The ICRG (International Cooperation Review Group) process of the FATF provides a useful tool: after each of its meetings, the FATF publishes lists of countries which in its opinion lack an adequate system for combating ML and FT. These lists are published on the FATF’s website (http://www.fatf-gafi.org).
  • Countries or geographic areas identified by credible sources as providing funding for or otherwise supporting terrorist activities.
  • Countries or geographic areas identified by credible sources (e.g., Transparency International) as having a high level of corruption or other criminal activity.
  • Countries or geographic areas characterized by political instability.
  • Countries or geographic areas that are known as offshore financial centers.

Product/service risks:

  • Services identified by internationally recognized and credible sources as being services that are vulnerable for ML, FT and other integrity risks, such as international correspondent banking services, trade finance and (international) private banking activities.
  • Services involving trading in and delivery of banknotes and precious metals.
  • Services that inherently foster anonymity or can readily cross international borders, such as online banking and other services, stored value cards, private investment companies and trusts.
  • New or innovative products or services that are not provided directly by the client but via the client.
  • Consultancy companies where it is difficult to verify that the transaction is matched by a specific consideration in the form of a service or product.
  • Business or commercial real estate activities.
  • Transport or export financing or insurance for goods that can be subject to sanctions.

Possible indicators of client risks:

  • Clients who conduct their business relationships or transactions (or have them conducted) under unusual circumstances, such as an unexplained geographic distance between the Company and the location of the client, frequent and unexplained transfers of accounts to different institutions and frequent and unexplained movements of funds between accounts in various geographic locations.
  • Clients where the structure or characteristics of the entity or relationship make it difficult to identify the true owner or controlling interests.
  • Charities and other not-for-profit organizations (especially those operating on a cross-border basis) which are not subject to any form of monitoring or supervision.
  • Gatekeepers’ such as accountants, lawyers or other professionals holding accounts or acting on behalf of their clients, and where the Company relies on the gatekeeper for the supply of information.
  • Use of intermediaries who are not (or not sufficiently) subject to AML/CFT measures or who are not supervised.
  • Clients who qualify as Politically Exposed Persons (PEPs).
  • Clients who are active in sectors associated with increased risk of corruption, such as real estate, construction or oil, gas or other energy industries.
  • Clients who receive news coverage related to financial-economic crime issues, since this negative publicity can have an impact on the Company.
  • Foreign feeders: clients who are introduced to trust offices by Foreign Service providers, especially from countries with a (presumed) duty of secrecy.
  • Several ultimate beneficial owners (UBO) of target companies between whom there is no economic relationship.
  • Provision of services to companies with active branches abroad.
  • “UBO-UBO structures” in combination with advisory services or trading activities, possibly via a conduit company. A UBO-UBO structure is one where the UBO of the company providing the (consultancy) service or product is the same natural person as the UBO of the company that makes the payment (company receiving the service/product).

When an employee of the Company detects any Red Flag or other activity that may be suspicious, he or she will notify the Compliance Officer (more about it below). Under the direction of the Compliance Officer, the Company will determine whether or not and how to investigate the matter further. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or informing the authorities.

After the Risk assessment, the Company then divides its entire client base into risk categories. The Company takes into account all factors described herein.

E. Monitoring, reviewing and improving the effectiveness of control.

Potential risk indicators of a business relationship with a client:

  • The reason for entering into the relationship;
  • The amounts to be deposited by the client or the size or purpose of the transactions to be affected;
  • The degree to which the client may fall under specific supervision (e.g., a financial institution);
  • The intensity and duration of the client relationship;
  • Knowledge of the client`s background, such as country of origin; and
  • The use of “corporate vehicles” or other structures that have no demonstrable (commercial) purpose and create complexity or lack of transparency.

The Company will maintain records on clients and have a system in place, either software or manual-based, to track risk levels, completed reviews, changes in activity or documents.

Client profiles will also be reviewed in cases of suspicious activity, change in beneficial ownership, negative media exposure or whenever it is deemed warranted.

Client details and profiles will be periodically reviewed proportionate to the risk level of the client. The Company compiles a risk profile of the client based on the CDD. This risk profile is dynamic and can, therefore, change over time. A review serves to determine whether the client still meets the defined risk profile. To that end, the Company should periodically update all client data, including the client`s risk profile, contact information and ultimate beneficial owner(s). The basic principle is that the frequency and depth of the review depend on the risks presented by the client.

The Company is required to monitor its business relationships constantly and to ensure that the particulars of the client, the ultimate beneficial owner and other persons about whom data have been collected are kept up to date. To this end, the Company will periodically update the information about the client and, if necessary, the client`s risk profile using adequate, risk-based measures.

Reviews will occur:

  • High-risk profiles – Once a year
  • Medium-risk profiles – Once every 2 years
  • Low risk – Once every 3 years

Also, the review may occur in the following cases:

For low-risk clients, a review may take place when:

  • the client requests a new service or product, or in the case of client contact which presents an opportunity to carry out the client due diligence procedure;
  • the characteristics of the client change (e.g., relocation to a high-risk jurisdiction);
  • alerts have been received relating to incidents or transactions.

For high-risk clients, a review of the specific risks will in practice be carried out (once or several times per year) and, for example, in the case of:

  • possible signs are suggesting a higher risk. Examples are the manner in which accounts are used, or specific transactions are effected as viewed from the consolidated position of the client in question.

Clients` profile risk classifications:

Low:

- Reasonably able to identify and verify client account activity, business operations.

- Predictable behavior or low-value payments received/sent.

Medium:

Possibility to pose a certain risk as a result of business activity, residence, dubious reasons for the business relationship.

High

- Client is operating from a jurisdiction known for financial secrecy, corruption, political/economic instability or no legal requirements for opening business.

- Client with a large distance between account/operations and location of incorporation.

- Clients in high-risk businesses or with high net worth (gambling/money transfer services, maybe NGO/charities, individuals).

- Unclear business structures or lack of transparency in company`s structure.

- Dubious client reputation as seen from open sources.

If it comes to clients, the Company uses the following risk classification regarding their business activities:

Risk category

Examples

Low risk
  • Services for private clients that do not impose serious risks.
  • Standard services for small business (low level of clients` activities).
Medium risk
  • Services for private clients that may impose certain risks.
  • Routine and standard activities (not suspicious).
High risk
  • Complex structured financing transactions or collateral arrangements with private clients.
  • PEPs or clients are conducting transactions involving PEPs.
  • Products and services that by their nature are susceptible to inappropriate use (e.g., back-to-back loans, large cash deposits, commercial real estate activities).
  • Clients with transactions to/from countries that are subject to sanctions (including trade sanctions), free trade zones, offshore centers, tax havens, countries which as part of the ICRG process appear on the FATF watch list.
  • Clients with frequent, non-routine, complex treasury and private products and services.
  • Non-routine, cross-border payments by non-clients through clients` accounts.
  • Activities in jurisdictions that are weakly regulated regarding combating ML/FT.

The Company does not embark on a business relationship with the client or breaks an existing relationship at the earliest opportunity in case of assessed too high risk, or such assessment fails and the Company thus unable to determine precisely who its clients are and what goals they are trying to reach. While the failure of a client due diligence procedure will often occur during the acceptance phase, the Company may identify potentially unacceptable risks during a periodic review of the client`s risk profile.

(Potentially) unacceptable risks:

  • Problems in verifying the identity of the client or the UBO;
  • Clients who wish to remain anonymous or who provide fictitious identity details;
  • Shell banks (banks incorporated in a jurisdiction where they have no physical presence);
  • Clients whose name corresponds to a name on the EU sanctions list;
  • Clients (individuals) who are not at least 18 (eighteen) years of age.
  • Clients with respect to whom it appears, based on further information, that the combination of client and products to be used entails unacceptable risks;
  • Clients with adverse media feedback (negative mentions in traditional news media and publicly available information).
  • Clients who are not willing to provide information or who provide insufficient information (or submit inadequate documentation for verification purposes) about their nature and background, in particular, the source of their assets (or the origin of the funds);
  • Clients who operate in or are incorporated in such jurisdictions as Algeria, Bangladesh, Bolivia, China, Ecuador, Iceland, India, Indonesia, Kyrgyzstan, Morocco, Nepal, Thailand, Vietnam (zones where cryptocurrency activities are banned; the list of jurisdictions to be revised in accordance with “Programme updates and review” paragraph herein);
  • The client`s organizational structure and/or the purpose of the structure of which the object company is a part is (are) found upon examination to be complex or non-transparent, given the nature of the client`s activities, without there being a logical commercial explanation for this;
  • Professional counterparties who lack the required authorization referred to as “illegal financial undertakings”.

II Clients due diligence

Together with RBA, client due diligence is one of the most important parts of the following Programme. Even though RBA may partly contain some issues related to client due diligence, still, the following part is an integral and key one as to the clients` audit. Client due diligence is mandatory in cases defined herein. The Company will take additional measures in cases where there is a higher risk of ML or FT. All this emphasizes the responsibility of the Company: it will put its best efforts to indicate the techniques used in ML and FT of current developments and risk indicators associated with the use of cryptocurrency.

Client due diligence enables the Company to identify the client, verify its identity, identify the ultimate beneficial owner of the client and verify the ownership and control structure of the group to which a client belongs, determine the purpose and envisaged nature of the business relationship and investigate the source of assets used in the business relationship or transaction.

A client due diligence procedure is carried out for all clients, including existing clients, if:

  • there are indications that the client is involved in ML or FT;
  • the Company doubts the reliability of information obtained previously from the client;
  • the risk of an existing client`s involvement in ML or FT gives cause to do so.
  • there is a heightened risk of ML or FT due to the country where the client lives;
  • a one-off virtual currency transfer is affected.

A. Client Identification/Verification KYC level

The Company reserves the right to collect Client’s identification information for KYC and AML/CFT Policy purposes and to safeguard its reputation. Clients may be identified using a multi-level system.

The Company may, as part of registration and authorization process:

  • cross-check the names of clients against compliance databases such as the OFAC Specially Designated Nationals lists, governmental watch lists, or against internal lists;
  • review open-source news material relating to the Client;
  • require clients to provide proof of identification;
  • not permit any transactions to be made with incomplete registration and authorization process.

The Company shall collect the following information about each client:

Individuals:

  • Full name;
  • Cryptocurrency wallet address;
  • Telephone;
  • Email address;
  • Residential address;
  • Copy (front and back) of ID;
  • Data collected from ID: date of birth, nationality, ID scan;
  • Personal photo (with ID in hand);
  • A description of the source of funds;
  • PEP check with filters like Worldcheck.

Business:

  • Summary of information requested/gathered;
  • Company name;
  • Wallet address;
  • Company address;
  • Description of business activities;
  • Government-issued business registration number or tax identification number;
  • Copy of a recent trade register extract or similar document;
  • Authorized representative.

Even after KYC approval the Company may conduct additional checks and ask for further documents from trusted Company`s persons (CEOs, COOs, Shareholders, etc.).

We will require sufficient information from each client when registering to enable the client to be identified; utilize risk-based measures to verify the identity of each client when registering; record client’s identification information and the verification methods and results; and compare client identification information with government-provided lists of suspected terrorists, once the government has issued such lists. Internal lists will also be used, whether developed by the Company or other third-parties.

Based on the risk, we will ensure that we have a reasonable belief that we know the true identity of our client by using risk-based procedures to verify and document the accuracy of the information we get about our clients, but in any case, complying with the statutory requirements.

  • Identification
  • individuals

Basic Level. Transactions up to 3,000 (three thousand) USDT equivalent. Identification required: phone number, country of residence, proof of identity (e.g., driver’s license, passport or government-issued ID).

Standard Level. Transactions over 3,000 (three thousand) up to 10,000 (ten thousand) USDT equivalent. Identification required: phone number, country of residence, proof of identity, and proof of a residential address (e.g., utility bill no more than three months old).

Advanced Level. Transactions over 10,000 (ten thousand) USDT equivalent. Identification required: phone number, country of residence, proof of identity, proof of a residential address, ID confirmation photo (e.g., a selfie with one of proofs identity documents).

  • for business

Basic Level. Transactions up to 10,000 (ten thousand) USDT equivalent. Identification required: address (principal place of business and/or other physical location), proof of legal existence (e.g., state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument or other comparable legal documents as applicable), proof of identity (e.g., driver’s license, passport or government-issued ID) for each individual beneficial owner that owns 10% or more, as well as all account signatories;

Standard Level. Transactions over 10,000 (ten thousand) USDT up to 50,000 (fifty thousand) USDT equivalent. Identification required: address, proof of legal existence, proof of identity for each beneficial owner that owns 10% or more, as well as all account signatories;

Advanced Level. Fiat transactions over 50,000 (fifty thousand) USDT equivalent. Identification required: address, proof of legal existence, proof of identity for each beneficial owner that owns 10% or more, as well as all account signatories, proof of identity and proof of residential address for a director of a company.

The Company reserves the right to require additional information if considered necessary and the right to require additional information or documents at any time to verify the client's identification and operations. Information will be requested exclusively from trusted Company`s persons (CEOs, COOs, Shareholders, etc.).

In case of client verification failure, the Company may take the appropriate measures: (1) refuse the registration of the client’s account; (2) if there are funds on the account, return them to the client (3) determine whether it is necessary to inform law enforcement authority in accordance with applicable laws and regulations.

In case of client verification failure, the Company may take the appropriate measures: (1) refuse the registration of the client’s account; (2) if there are funds on the account, return them to the client (3) determine whether it is necessary to inform law enforcement authority in accordance with applicable laws and regulations.

These Sanction lists search allows to scan the names of clients among the main world sanction lists such as: United Nations Sanctions (UN), Australian Sanctions, Bureau of Industry and Security (the U.S.), EU Financial Sanctions, Office of the Superintendent of Financial Institutions (Canada), OFAC - Specially Designated Nationals (SDN), UK Financial Sanctions (HMT), U.S. Consolidated Sanctions.

The Company reserves the right to maintain an internal list of wallet addresses, associated companies, and cooperate with other third-parties which have identified this information to mitigate reputational risk.

  • Verification

Verification of identity requires multi-factor authentication, layered security, and other controls to ensure a meaningful client identity confirmation process based on transaction amount or other factors.

The Company may use various verification methods including, but not limited to:

  • Obtaining proof of address, such as a copy of a utility bill or bank statement from the account holder;
  • Having a telephone call or video session after the registration process has begun;
  • Obtaining additional references from financial institutions;
  • Corroborating identity information received from the client, such as national identity number, profession or business function with information in third-party databases or other reliable sources;
  • Analyzing whether there is logical consistency between the identifying information provided, such as the client’s name, street address, ZIP code, telephone number, date of birth, and social security number (logical verification);
  • Obtaining a notarized copy of an individual’s birth certificate or a business’ certificate of incorporation sealed with an apostille for valid identification.
  • Lack of Verification

In case of client verification failure, we may take the appropriate measures: (1) refuse the registration of the account; and (2) determine whether it is necessary to inform law enforcement authority in accordance with applicable laws and regulations.

B. Front men, representatives, unincorporated partnerships, trusts

As was previously mentioned, the Company also looks at whether the client is acting for himself or someone else. The aim is to assess whether someone is acting as a front man in their name but on behalf of (criminal) third parties. If it is clear that the client is acting for someone else, such third party qualifies as “client” (“the natural or legal person [...] who has a transaction effected”), then the Company will make its best effort to apply CDD obligations with regard to that person.

Where a natural person purports to act as a representative of a client, the Company also checks whether this person is authorized to represent the client, for example, where a natural person purports to act as the director of a legal person. Where a natural person claims to indirectly represent a legal person (which legal person would be the client), the chain of representative authority is established. If such authority is established, the client will be the subject of the client due diligence measures section herein, while the natural person acting as the representative will be identified and his identity verified. If the representative is not seen in person, the Company can develop a procedure to establish with certainty who acts for the client and to verify that the person concerned is duly authorized. The Company will then, in any event, require a declaration of identity from the officers of the client with whom it has direct contact, including those with whom it develops the procedure referred to and will verify that declaration.

A client due diligence process comparable with that for legal persons is carried out for unincorporated partnerships. An unincorporated partnership can be described as a community of persons established using an agreement. An unincorporated partnership does not possess legal personality and is therefore not the party with which a business relationship is entered into or which has a transaction effected. The Company identifies the partners, and where applicable takes adequate, risk-based measures to verify their capacity as partners. The Company establishes which natural persons can exert material influence or have material interests or exert a high degree of influence on the important decisions of the unincorporated partnership and who can exercise effective control over the policy of the unincorporated partnership. When establishing the control structure, persons who are authorized to manage the partnership also fall under the client due diligence, and the Company identifies them. The Company takes risk-based and adequate measures to verify the capacity of these persons as partners. The identity of the natural persons who qualify as equivalent to ultimate beneficial owners is verified using a risk-based approach. Verifying the identity of all partners will in some cases be impossible in practice, for example in the case of an “open limited partnership”.

A trust does not possess legal personality and is therefore not the party with which a business relationship is entered into, or that has a transaction effected. Consequently, a trust does not qualify as a client. The trustee is regarded as the client. In the case of a trust, the usual steps must be taken in respect of client due diligence, but the founders of the trust, the trustees, the protector and the beneficiaries must also be known to the Company. The client must submit a statement of their identity, and the Company must verify these stated identities.

In principle, identification and verification are completed before the business relationship is established and the service provision commences. However, there are exceptions in cases where the provision of services should not be interrupted. In these exceptional cases, the purpose of the law should still be kept in mind to prevent the Company’s services from being used for ML or FT. This is subject to the condition that the risk of ML or FT is low and that the Company will verify identity as soon as possible after the first contact with the client.

C. Entering into a business relationship

The Company may only enter into a business relationship and to provide its services if it has conducted the full CDD, such CDD has led to the envisaged result, and the Company is in possession of all identification and verification details and other information. The Company need not carry out the client due diligence itself but can arrange for this to be carried out by another company.

For any possible future needs, the Company may keep (copies of) the relevant documents available to show them at its first request. If the other company has carried the Company`s due diligence for Company`s client, the Company may request copies of the relevant documents. The Company may always do more on the grounds of its internal procedures than legislation requires.

It is prohibited to enter into a business relationship or carry out a transaction or provide Company`s services if no CDD has been performed or if the CDD, including the review of the ultimate beneficial owner, has not produced the intended result. There is a statutory obligation to terminate the business relationship if it is not possible to comply with statutory obligations. The Company reports these instances to relevant authorities if there are also indications that the client is involved in ML or FT.

If unable to terminate the business relationship, the Company should take further adequate measures to perform CDD.

By gathering information about the purpose and envisaged nature of the business relationship, the Company will be able to estimate any risks that may arise from the provision of services to the client. Usually, part of the required information will already have been obtained during contact with the client before the establishment of a business relationship. Also, the purpose of the relationship will be apparent from the services or products used by the client. Additional queries from the Company can be aimed at obtaining clarification on the product client or service recipient. In increased-risk situations, purpose and nature inquiries should also establish what type of transactions (including number, frequency, and size) the client intends to perform and with whom.

D. High-risk situations

In cases where there is a higher risk of ML or FT, the Company takes supplementary measures. These measures vary according to risk. When accepting clients who fall under high-risk criteria described herein, the Company may take additional steps of assessment. The Company must, therefore, do more than simply check whether the client or other stakeholders appear(s) on the sanction lists, whether their identity documents are genuine, and whether the client appears in Company`s internal or external warning systems. Such supplementary information may relate to the reputation of the client or the UBO, but also of persons with whom they are associated. This includes the acquisition and assessment of information about business activities as well as (negative) background information on the client. Also, in the context of enhanced CDD, the Company`s examinations of the client`s source of funds should be more profound.

In the case of higher risk, the Company will not simply accept the information submitted by the client at face value but will where possible check the information by relying on independent and credible sources and will, in any event, carry out a credibility check.

E. Ultimate beneficial owner

The Company should identify every client`s ultimate beneficial owner (UBO). An ultimate beneficial owner is always a natural person. This requirement is not only relevant when the client is a legal entity, such as a legal person, foundation or trust: if the client is a natural person over which another natural person can exercise actual control, then that other person qualifies as UBO. Performing a client due diligence for the ultimate beneficial owner is a statutory requirement

Documents that can be used to verify the identity of the ultimate beneficial owner:

  • Public registers and other sources;
  • Relevant details or documents from the client.

The following verification measures can be taken for low-risk clients:

  • Asking about the identity of the UBO and having the UBO and/or the client`s representative sign a declaration.
  • For a majority shareholder-director, an extract from the Trade Register can be used showing the name of the 100% shareholder.

F. Politically Exposed Persons

Business relationships with and providing services to PEPs require additional measures as they entail a higher risk of reputational damage and other risks. Also, the provision of services to PEPs demands special attention within the framework of international policy to combat corruption. Business relationships with PEPs, particularly those from countries where corruption is widespread, may expose the financial sector, in particular, to significant reputational and/or legal risks. Examples are passive corruption (taking bribes) or misappropriation of public funds. The Company, therefore, needs to take risk-based procedures and measures to be able to identify PEPs, and consequently determine the source of wealth and of funds that are used with the business relationship or transaction and keep the business relationship under constant supervision.

A review is carried out both on acceptance and periodically to determine whether the client and the ultimate beneficial owner of the client qualify as PEPs. This applies equally to natural persons who may exert considerable influence on, hold considerable interests in and/or may strongly influence further reaching decisions of the unincorporated partnership, or who can control the partnership’s policy to an essential degree.

To determine whether a particular client or ultimate beneficial owner is a PEP, the Company may in low-risk situations consult public sources or obtain information from its branch in the country of residence of the relevant client. For institutions with a sizeable international client base, it may be efficient to use lists provided by recognized commercial organizations.

The decision to enter into a business relationship with a PEP or to conduct a transaction for a PEP should be taken or approved by persons authorized by the Company to do so. This also applies to a decision to continue a relationship with a client who becomes a PEP. Senior management grants such approval.

G. The use of cryptocurrency within aggressive tax planning models

Taking into account the Company`s business clients, their use of cryptocurrency, and currently existing mismatches and loopholes in the international tax framework, the Company aims to provide its services in the way that will not cause the additional possibilities of aggressive tax planning models use.

The main indicators to spot the possible use of aggressive tax planning models are:

  • Country-level (tax rates and revenues, market structure, royalty flows, treaty shopping indicators);
  • Multi-national enterprises group – level (geographical structure and relative tax burden, consolidated tax burden and profitability);
  • Firm – level (profitability; debt shares; interest payments; intangible assets; patent applications);
  • Legislation – level (jurisdiction where cryptocurrency is deemed to be in non-regulated zone or in “grey” one (not forbidden) or where there are no any specific tax obligations regarding cryptocurrency flows).

Altogether, each level separately and the combination of such levels could stand as indicators for the Company which potentially identify the relevance of aggressive tax planning models.

Taking into account specific package of authority related with tax issues (especially aggressive tax planning models), the Company may only, in accordance with Monitoring and Reporting unusual transactions sections of this Programme, report the respective tax authorities on the availability of described above indicators or their combination on its own or on respective request.

H. Source of funds

The principle when entering into a relationship with a client is that, if necessary, the Company knows the source of the funds that will be used in the business relationship or transaction. The Company should record statements and documentary evidence in client files and ask further questions where necessary. The fact that the funds originate from a regulated institution does not imply that the institution itself need not carry out a due diligence review. To determine the plausibility that the funds originate from a legal source, the Company should identify specific indicators which determine the depth of the review. The Company can consider combinations of indicators, such as the amount involved, the reason given for the source of the funds, age, and profession or business activities of the client, country of origin or destination of the funds, and the provided product or service. In the case of life insurance, this could, for example, mean a very high initial premium or top-up payments. In high-risk situations, especially, it is appropriate that the plausibility of the source of funds be determined and recorded using independent and credible sources.

To verify the source of the funds used in the business relationship, it may also be necessary, especially for high-risk clients, to have an understanding of the client`s asset position. Where clients spread their assets, it is also necessary for the Company to be aware of the other assets to be able to define a correct risk profile. The Company should document its review of the source of funds.

Certain clients will require confirmation as to the source of funds before they can make a transaction. These are:

  • Any trade from a PEP Client;
  • Any trade from a non-PEP Client with a fiat value more than 10,000 USDT;
  • Clients from operating in high-risk business sectors
  • Clients operating in high-risk jurisdictions
  • Any other transactions where there is reasonable suspicion the money is of illicit origin

Clients requested to confirm the source of funds should provide:

  • An explanation of where the funds for the trade in question have originated (from income, savings, liquidation of another asset, etc.).
  • Depending on the explanation of the source of funds, documentary evidence of the explanation, such as copy bank statements, invoices, investment account records or a solicitors’ or accountants’ letter confirming the source of funds.
  • In the case of the previous crypto-to-crypto and/or cryptocurrency-to-fiat transactions, evidence of the original crypto-to-crypto and/or fiat-to-cryptocurrency transaction and the source of the fiat funds for that original acquisition. This will include details of the original transaction or transactions, including time, date and transferor/transferee wallet details.

The Company reserves the right to carry out due diligence via analysis of the blockchain to verify past transactions, including cross-checking against any “blacklisted” wallets associated with historical illegal behavior (such as the Mt.Gox theft or wallets linked to cyber-extortion). This may include using Coinfirm for due diligence purposes. With some cryptocurrencies (such as XRP and some altcoins), blockchain analysis may not be possible, in which case the client will be expected to provide independent verification of historical transactions.

For high-value transactions, the Company`s staff also reserve the right to verify that the cryptocurrency wallet from which a client is sending cryptocurrency or to which Company is asked to send cryptocurrency belongs to that client. This will typically consist of a small pilot transfer of cryptocurrency to the client wallet which the client will transfer back to evidence of client wallet control.

The Compliance Officer should be consulted in each source of funds request and, following receipt of relevant documentation, his/her consent obtained before any transaction may take place.

I. Monitoring

During the client acceptance process, the Company draws up a risk profile and expected transaction pattern of the client. For the duration of the relationship, it is important that the client checks periodically whether the client still fits his/her risk profile and whether the transaction pattern is in line with expectations. The Company may tailor the frequency and intensity of the reviews to the client`s risk classification.

In addition to periodically updating its client data, the Company should also monitor clients` accounts and transactions. Monitoring allows the Company to gain and maintain insight into the nature and background of clients and their financial conduct. Among other things, the purpose of this monitoring is to detect any changes in the transaction pattern and the possible occurrence of situations that present an enhanced risk. The Company pays particular attention to unusual transaction patterns and transactions which by their nature carry a higher risk of ML or FT. The company should check systematically whether there are any unusual or suspicious patterns or activities. For instance, transactions should be assessed to determine whether they are usual for the client in question.

Examples of focus areas for monitoring:

  • Do the transactions serve an economic or commercial purpose?
  • Are the amounts involved exceptionally large?
  • Are the deposits, withdrawals or transfers out of proportion to the normal/expected business of the client?
  • Is the account and transaction activity in line with the activities of the client?
  • Are there transactions from and to countries with a heightened risk?

Monitoring of the relationship with the client and their transactions may be tailored to the type of relationship between the client and their risk profile. If the policy establishes a long-term relationship with the beneficiary (e.g., in the case of annuity payments), continual monitoring of the payouts has no added value, as the Company itself makes these payments. For ordinary current accounts, the intensity of the monitoring effort might be lower than for (related) accounts of major international organizations.

In the case of virtual money/money transfers, the Company will especially investigate the connection between particular transactions to identify unusual transactions (with an organized background). The Company affecting virtual money/money transfers should as a minimum analyze transactions using the method described below for the effective identification of unusual transactions.

Examples of monitoring methods:

  • Spot checks: targeted checks of accounts and transactions, e.g. of specific groups of clients, or of accounts and transactions earlier deemed to pose an enhanced risk.
  • Manual monitoring: clients and their financial behavior. Deviations from the client`s normal behavior are immediate to be spotted by the Company.
  • Periodic management surveys/reports: this type of monitoring is used in the case of fairly manageable numbers of clients and transactions. A daily, weekly or monthly printout of turnover, balance, exceeding of limits, fees charged and so forth may give an indication of which accounts require closer scrutiny.
  • Monitoring by hard indicators: this method is used for initial filtering on the basis of turnover, maximum balance, transaction amounts, countries of origin or destination, risk sectors, etc.
  • Intelligent transaction monitoring: this type of monitoring is often based on the profiling of each account or client. This profile may be made up of fixed rules concerning the turnover, transaction amounts, contra accounts, transaction frequency, transaction particulars, etc.
  • Behavioral monitoring: in behavioral monitoring, the Company links transaction profiles to the client`s risk profile to detect potential ML transactions. It should be possible using computer technology to expand and update profiles automatically based on old transactions, to reflect changes in current behavior.

Clients willing to use the Companies service accept the companies use of internal transaction systems.

J. Crypto or virtual money transactions.

1. To identify information on a client in a wallet transaction, the Company might:

  • Have a centralized database (possibly external, or as a service) linking wallet with the client.
  • Transact only to and from other exchanges with proper KYC/AML policies.
  • Incorporate wallet transaction details. Information that could be necessary for the transaction:
    • Individuals – Name, sum, payment description (if applicable), wallet address.
    • Businesses – Name, incorporation address, sum, geographic origin of payment.
  • Have a platform for “verified” wallets.

2. After clients’ verification the Company might check what country they are paying from:

  • Geographic location should be tied to payments. However, since IP can be obscured through a range of services, such treatment should be technologically prescribed.
  • Assessment and record-keeping

If the Company has found transactions that do not fit the expected pattern or serve no economic or legal purpose, it will investigate the background and purpose of these transactions. The Company will pay particular attention to unusual transaction patterns and transactions which by their nature carry a higher risk of ML or FT. The findings will be recorded in the client file. If a transaction is suspected of being linked to ML or FT, it will be reported to the respective authorities.

  • Record-keeping and data retention obligation

The Company retains client and transaction data. This concerns all data obtained during the CDD process, e.g., copies of identity documents, account particulars, correspondence, memos of conversations about and with the client, transactions effected by and other services provided to that client. The client file should also reveal how the decision-making process surrounding client acceptance has taken place, e.g., in the case of the high-risk client.

For legal entities, records should include the particulars of the natural persons representing the legal entity vis-à-vis the Company. For the ultimate beneficial owner, the person’s identity and the method by which it was verified should be recorded. If a client acts as a trustee, the Company also records data in a retrievable manner concerning the founders, trustees and ultimate beneficial owners. Where a client acts as a partner in an unincorporated partnership, the Company should record the particulars of all partners, the persons authorized with respect to the management of the unincorporated partnership and the persons who can exert considerable influence on or have considerable interests in the partnership.

The purpose of the data retention obligation is to enable the authorities to gain an understanding of a client`s activities, e.g., in the event of a (criminal) investigation. The various records and files should, therefore, be easily accessible to the supervisory authorities. It makes no difference whether the data are stored electronically or as a physical document.

III Reporting unusual transaction

The Company undertakes the duty to report an actual or intended unusual transaction. The Company will report a transaction if it has reason to suspect that the transaction may be related to ML or FT. The Company will consider whether a particular transaction needs to be reported because of a possible link to ML or FT. The Company thus has its responsibility for the adequate reporting of unusual transactions. The Company should also assess whether there is a connection between two or more transactions. This can be done on the basis of the type of transaction and the amounts involved. If a connection is shown to exist, these transactions could be reported.

The definition of a transaction is intended to make clear that an unusual transaction by the client or by a third party acting on behalf of the client must always be reported if the Company has become aware of in the course of providing services to that client.

Processes for detecting unusual transactions:

  • Clear internal indicators or ‘red flags’ have been identified that can help Company`s employees decide whether a transaction is unusual.
  • Unusual transaction patterns, deviating behavior on the part of the client, and activities that are illogical based on knowledge of the client or sector.
  • The Company also is responsible for detecting potentially unusual transactions, services or products.
  • Compliance is involved in assessing a possible unusual transaction and is responsible for reporting to the respective authorities.

In addition to the indicators, the 'gut feeling' of Company`s employees are also important.

For the purposes of this Programme suspicious activity may be defined as the transaction which (1) is greater than 2,000 (two thousand) USD; (2) involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity; (3) is designed, whether through structuring or otherwise, to avoid any recordkeeping or reporting requirements of the regulations; (4) has no business or apparent lawful purpose; or (5) facilitates criminal activity, including the use of the Company in such actions.

The Company reserves the right to refuse service and end the relationship if the client is known to have used 1) cryptocurrency tumblers or mixing services 2) services or currencies with a primary focus on anonymity (such as Monero or Darkwallet) 3) other services or currencies aiming to obscure transaction origins or flows.

The Compliance Officer shall decide whether a transaction is potentially suspicious and if considered a necessary consult with the Company’s senior management to decide as to whether the transaction meets the definition of suspicious activity.

The Compliance Officer shall file a report, including supporting documentation, to notify the appropriate law enforcement authority in situations involving violations requiring immediate attention, such as FT, continued ML schemes or other financial crime.

The Company also reserves the right to file a voluntary report for any suspicious transaction that we determined as a potential violation of any law or regulation, but that is not required to be reported by us.

The Compliance Officer maintains a copy of such report as well as all supporting documentation in accordance with regulatory requirements

The fact of report filling shall be kept strictly confidential. In no event should the parties involved in the suspicious activity be told of the filing. Discussion of suspicious activity should be limited between employees.

The Company also reserves the right to freeze immediately and without prior notice the funds or other assets of clients if they conduct potential ML/FT or sanction-related transactions, following applicable laws and regulations.

For terrorist screening, the Company may adopt automatic screening systems. The Company should freeze immediately and without prior notice the funds or other assets of designated persons and entities, following applicable laws and regulations.

In cases of sanctioned countries/businesses, the Company has the right to freeze assets and report to authorities if a sanctions breach is identified.

A Suspicious Activity Report (SAR) must be submitted, when applicable, to the relevant authorities taking into account regulatory timelines, formats, or content.

The purpose of a SAR is to outline to the authorities why particular transactions or activity is suspicious. Information within a SAR should contain:

1. Introduction

Outlining why the transaction is considered suspicious/unusual by including information such as client, where funds are going (counterparty), value and date.

2. Body

The body should provide a background with information on the client such as business nature, what jurisdiction it operates in, its clients.

It is also important to establish where the funds are going or coming from. The counterparty should then be mentioned (if applicable) with the same information if available, also including information found from open sources such as negative news or company information.

The point is to identify the client so that the authorities have a clear picture on which parties are involved in the report, and what they do.

3. Summary

A summary will outline what the key findings were, and why it is that the activity is unusual. A reason could be that there is no known business relationship between the client and the payer, there is no justification for the payment, the party is not-transparent, etc.

IV. Other key elements

A. Cryptocurrency Wallet Identification

(I) Ethereum

Basic documents that show a financial background and origin of almost all assets is cryptocurrency wallet. To receive approval that this particular cryptocurrency wallet belongs to a particular person the wallet should be signed by a particular signed method.

We can easily verify any Ethereum signed message signature. We need to have the Ethereum address, generated signature and the message that has to be verified. The provider may also choose to SAVE the verified signed message which will then be accessible via a Public URL.

For instance: The sign method calculates an Ethereum specific signature with: sign(keccak256("\x19Ethereum Signed Message:\n" + len(message) + message))). By adding a prefix to the message makes the calculated signature recognizable as an Ethereum specific signature. This prevents misuse where a malicious DApp can sign arbitrary data (e.g., transaction) and use the signature to impersonate the victim.

Note, the address to sign with must be unlocked.

B. Cryptocurrency Wallet Transaction Historical Summary Report

Use the Cryptocurrency Wallet Transaction Historical Summary Report to report past item quantities, past item value, or past inventory balances. The report calculates historical balances based on a rollback date. The report rolls back all of the transactions for the item to the date you specify and prints the quantity, value, or balance as of that date. Also, the value and quantity versions let Us specify the cryptocurrency source type as in the wallet address. The report sums up the transactions for the item and reports the value or quantity by source type. This would allow Us to audit the source transaction values that have created the change from the initial transaction to the current wallet value.

C. Compliance Officer

Company has designated Mr. Oleksandr Antsyferov as its Compliance Officer. Compliance Officer is the person, duly authorized by the Company, and fully responsible for implementing and enforcing this Programme.

The business interests of the Company should in no way be opposed to the effective discharge of the above-mentioned responsibilities of the Compliance Officer. Regardless of the Company’s size or its management structure, potential conflicts of interest should be avoided. Therefore, to enable unbiased judgments and facilitate impartial advice to management, the Compliance Officer should, for example, not have business line responsibilities and should not be entrusted with responsibilities in the context of business. Where any conflicts between business lines and the responsibilities of the Compliance Officer arise, procedures should be in place to ensure compliance concerns are objectively considered at the highest level.

The duties of the Compliance Officer with respect to this Programme shall include, however, are not limited to:

  • Monitor transactions;
  • Review client profiles and relationships;
  • Establishing and updating internal policies and procedures for the completion, review, submission, and retention of all reports and records required under the applicable laws and regulations;
  • Maintaining necessary and appropriate records;
  • Monitoring transactions and determining any suspicious activity;
  • Providing the appropriate law enforcement authority with information as required under the applicable laws and regulations;
  • Arrange and track communication with appropriate law enforcement authorities on the issues described in this Programme;
  • Ensure the training of employees in this Programme;
  • Ensuring internal audits and implementing feedback on the AML/KYC Programme;
  • Ensure the accomplishment of the compliance measures described in this Programme.
  • The Compliance Officer is entitled to interact and communicate with law enforcement authorities, involved in supervision of the laws on securities. The Company is open to the cooperation and dialogue with law enforcement authorities to ensure the compliance with applicable laws and fulfilling of this Programme.

D. Indemnification

Under criminal indemnification provisions, it is ensured that data or information provided by the Company that reports an unusual transaction in good faith cannot be used in a criminal investigation or prosecution of the Company itself on suspicion of ML or FT. Also, those who have submitted the report, such as a bank employee who submitted or helped compile the report are protected from criminal investigation or prosecution as well.

Under civil indemnification provisions, it is ensured that the Company cannot be held liable under civil law for the loss suffered by another party (the client or a third party) as a result of a report as long as the Company acts on the reasonable assumption that it implements the reporting duty. For instance, claims in civil proceedings could be brought for breach of contract if the Company decided not to carry out a transaction but to report it. Legal action over an unlawful act is also possible, to claim alleged loss suffered as a result of a Company`s unusual transaction report.

The indemnification will of course only apply if the unusual transaction report has been submitted in good faith and correctly.

E. Confidentiality

The Company follows a strict duty of confidentiality. This means that the Company is obliged to observe confidentiality in respect of an unusual transaction report. Exceptions are possible in so far as they arise from the law. Put briefly, these exceptions to the obligation of confidentiality permit the Company to exchange information with units of its organization or network elsewhere and/or other Companies. The obligation of confidentiality is not only to apply to clients but also to third parties, it cannot be the intention to obstruct these systems, which help prevent the financial system from being misused for ML or FT purposes.

F. Training programs

The Company ensures that all of its officers and employees receive training on compliance issues at least once a year. New employees shall receive appropriate compliance training within 30 days of their hire date.

Depending on the target audience, the compliance training may cover only the basic matters (general information, legal framework, and other) or refer to more specific topics and issues that are relevant to the certain specialists.

The Company will adopt the timing and content of training for various sectors of staff according to its needs and the Company risk profile. Training needs will vary depending on staff functions and job responsibilities and length of service with the Company.

Training course organization and materials will be tailored to an employee’s specific responsibility or function to ensure that the employee has sufficient knowledge and information to effectively implement the Company KYC and AML/CFT policies and procedures.

Refresher training shall be provided to ensure that staff is reminded of their obligations and their knowledge and expertise are kept up to date.

All training shall be provided and updated regularly to reflect current developments and changes to laws and regulations. The scope and frequency of such training shall be tailored to the risk factors to which employees are exposed due to their responsibilities and the level and nature of risk present in the Company.

G. Internal KYC and AML/CFT audit

The Compliance Officer shall ensure the periodic independent audit of the Programme on a risk-sensitive basis and determine whether the activities of the Company related to AML law, regulations thereunder are conducted in compliance with the legislation above and policies.

The Company designated Compliance Officer, a person reporting to the Compliance Officer, or any other Company representative, cannot conduct the independent audit.

The Company management should also ensure that the audit scope and methodology are appropriate for the Company’s risk profile and that the frequency of such audits is based on risk.

The Compliance Officer shall ensure an independent audit of the Company KYC and AML/CFT Programme to be conducted at least once a year. The audit should, at a minimum, include:

  • An evaluation of the overall effectiveness and compliance of this Programme, including policies, procedures, and processes with applicable regulatory requirements;
  • An appropriate risk-based transaction testing to verify the Company adherence to the recordkeeping and reporting requirements;
  • A review of the effectiveness of the suspicious activity monitoring;
  • An assessment of the overall process for identifying and reporting suspicious activity;
  • An assessment of the effectiveness of Company’s staff in implementing the Company’s policies and procedures;
  • An assessment of the effectiveness of the Company's training of relevant personnel.

The Compliance Officer shall report the audit scope, procedures performed, transaction testing completed and findings. All audit documentation should be available for review.

Any violations, policy or procedures exceptions, or other deficiencies noted during the audit should be included in an audit report and reported to the Company Board of Directors.

H. Employees` compliance

Every Company`s employee complies with the legal requirements designed to detect and prevent ML and FT activities. This Programme states what you must do to comply with the Company compliance policy. Failure to follow this Programme violates Company`s policies and may violate applicable laws. Violation of this Programme may result in termination of person`s employment.

The Company expects all of its employees and agents to observe the following compliance standards:

  • Always conduct business in accordance with the highest ethical standards;
  • Disclose and discuss sensitive information only on a need-to-know basis.
  • Follow Company’s KYC clauses included in this Programme;
  • Always be alert to client transactions that may indicate ML or other criminal activity and take proper steps to report and/or refuse such transactions;
  • Cooperate with law enforcement authorities within the confines of the applicable law, and report any suspicious activities to the Company’s Compliance Officer;
  • Refuse to conduct transactions if a client fails to provide sufficient identification or other required information. Depending on the circumstances may file SAR as a result.

File suspicious activity reports on transactions that involve or aggregate up to 2,000 USD or more and Company knows, suspects or has reason to suspect that the transaction is being with the intent to evade the record-keeping or reporting requirements, or that the funds have originated from illegal activity.

I. Programme updates and review

This Programme, including all policies and procedures, shall be reviewed and updated or revised on the as-needed basis, however no less often than once a year. The Compliance Officer shall initiate updates or modifications to this Programme and/or Company Board of Directors should do that.

The Compliance Officer is responsible for monitoring amendments in applicable laws of the USA and EU on securities and digital assets. If the United States Congress, the United States Securities and Exchange Commission, European Parliament or other relevant body adopts changes or a decree that applies to the Company, the Compliance Officer should inform the senior management of the Company and prepare amendments in this Programme if necessary.