Trueplay Inventions Inc.
(last update 07/12/2021)
AML (Anti Money Laundering) | A set of procedures, laws, or regulations designed to stop the practice of generating income through illegal actions. In most cases, money launderers hide their actions through a series of steps that make money coming from illegal or unethical sources appear like it was earned legitimately. ML behavior is usually detected using a combination of transaction analysis (amounts, patterns, frequency, etc.) also called client profiling and name screening to identify specific counterparties to be handled as “high-risk” (e.g., Politically Exposed Persons) |
Blockchain | Digitized, decentralized, public ledger of all cryptocurrency transactions |
CDD Client | Due Diligence |
CFT (Counter-Terrorism Financing) | Money laundering is the process where cash raised from criminal activities is made to look legitimate for re-integration into the financial system, whereas the term FT cares little about the source of the funds; the scope is defined by what the funds are to be used for terrorist activity. It may involve funds raised from legitimate sources, such as personal donations and profits from businesses and charitable organizations, as well as from criminal sources, such as the drug trade, the smuggling of weapons and other goods, fraud, kidnapping, and extortion. Detection of FT usually involves comparing counterparties’ names against official sanction watchlists (e.g., OFAC, EU, UN, etc.) |
CIP | Client Identification Procedures |
Cryptocurrency | Digital asset designed to work as a medium of exchange that uses cryptography to secure its transactions, to control the creation of additional units, and to verify the transfer of assets |
Crypto wallet | Storage of the public and private keys which can be used to receive or spend the cryptocurrency |
DApp | Decentralized application |
DAFM | The Dutch Authority for the Financial Markets. |
DNB | De Nederlandsche Bank, the central bank of the Netherlands. |
ETH | Ethereum Virtual Currency |
Etherscan | Block explorer, search, API, and analytics platform for Ethereum, a decentralized smart contracts platform |
FAA | Financial Advisers Act |
FT | Financing of Terrorism – generally refers to activities that provide financing or financial support to individual terrorists, it may not involve proceeds of criminal conduct but is rather an attempt to conceal either the origin of the funds or their intended use. |
Hash | Part of the block hashing algorithm which is used to write new transaction into the blockchain through the mining process |
KYC (Know Your Client) | Know your client refers to due diligence activities that financial institutions and other regulated companies must perform to ascertain relevant information from their clients to do business with them. The objective of the KYC is to prevent institutions from being used by criminal elements, intentionally or unintentionally, for ML/FT financing activities. The process of KYC entails identifying the client and verifying their identity by using reliable and independent documents or information at onboarding time and on a recurrent basis after that (frequency is based on the ongoing counterparty risk level) |
KYT (Know Your Transactions) | KYT is a set of procedures and processed aiming at detecting ML and CFT in incoming/outgoing transactions processed by a financial institution. Regarding process, both name matching (sender and recipient) and client profiling (amounts, patterns, and frequency) are used in the detection approach |
MAS | Monetary Authority of Singapore |
ML | Money Laundering – is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets |
Nods | Devices on a blockchain network, that is, in essence, the foundation of the technology, allowing it to function and survive |
OFAC | Office of Foreign Assets Control |
PEP | Politically Exposed Person |
RBA | Risk-based approach |
SAR | Suspicious Activity Reporting |
SEC | US Securities and Exchange Commission |
Token Sale | Token Sale |
USDT | Cryptocurrency asset issued on the Bitcoin blockchain via the Omni Layer Protocol, backed by a U.S Dollar held in the reserves of the Tether Limited and can be redeemed through the Tether Platform |
VC | Virtual currency |
VCPPS | VC payment products and services |
The rapid development, increasing functionality, growing adoption and global nature of VCPPS, activities of which may be carried out without seeming to be based in any particular jurisdiction, have caused the improvement of worldwide AML/CFT regulatory regimes that focus on VCPPS. To keep up with best practices of worldwide AML/CFT regimes and to comply with them, Trueplay Inventions Inc. of House of Francis, Room 303, Ile Du Port, Mahe, Seychelles (hereinafter – “we”, “Company”, “TRUEPLAY INVENTIONS”) reveals its Programme (hereinafter – “Programme”) that aims to conduct integrity supervision of its clients and their activities.
The Financial Action Task Force (hereinafter – “FATF”) has issued the report “Virtual Currencies: Key Definitions and Potential AML/CFT Risks”, the “Guidance for a risk-based approach: virtual currencies” and the “A Guide to Digital Token Offerings” issued by MAS as of May 26, 2020 to emerge best practices for regulatory issues arising in respect of ML/FT and other crime risks associated with VCPPS that must be identified and mitigated. Existing and upcoming AML regulations such as 4th and 5th EU AML Directive, FATF guidelines or local governments’ and financial authorities’ regulations require entities active at the intersection of digital currencies and traditional financial system to implement appropriate policies.
Compliance with these documents is essential to provide effective application of international AML/CFT standards concerning VCPPS.
The Programme makes AML assessment of its clients both when onboarding them as well as on each of their transaction. The evaluation of the clients and their operations is performed by TRUEPLAY INVENTIONS with the following conclusion. Based on a Programme analysis model TRUEPLAY INVENTIONS can decide which transaction or crypto source history should be passed and which should be rejected. TRUEPLAY INVENTIONS builds customized AML and financial risk models meeting the most restrictive regulatory and performance requirements, providing economic operators with the required assurance for their business continuity.
TRUEPLAY INVENTIONS actively participates in domestic and international efforts to combat ML, FT, and other financial crimes. The Company complies with all the applicable laws and regulations relating to such activities and seeks all available means to prevent being utilized as a conduit for such illicit funds.
The Programme describes general and legal aspects of the TRUEPLAY INVENTIONS identification procedures and describes measures and efforts that TRUEPLAY INVENTIONS takes to comply with applicable regulations. By this Programme, the Company wishes to:
The Programme will be reviewed and updated on a regular basis to ensure appropriate policies, procedures, and internal controls.
The Programme itself is not a legally binding document, nor it has a status of any legal instrument under FATFA regulations. The Programme does not have or aim to have any legal effect as well. The Programme does not replace laws and regulations or policy and supervisory rules on the issues concerned therein. The examples presented in the Programme are not exhaustive and cannot cover every eventuality. They serve as a guide for the explanation and application of statutory obligations.
The Programme applies to each TRUEPLAY INVENTIONS client and complements international AML/CFT regulations. All the related to this sphere laws clarify the various obligations and provide tools for the implementation of all and each obligation referred hereunder.
In this Programme, reference is made to international (non-binding) guidance documents of the FATF, the EU (Directive (EU) 2015/849, Regulation (EU) 2015/847, Delegated Regulation (EU) 1675/2016 etc.) and other countries and organizations laws of which are not less stricter then FATF`s documents related with AML/CFT issues. While the guidance documents issued by these organizations are mostly directed at specific sectors, much of the information they contain can also be useful for other sectors. The following Programme aims to cover all the best worldwide practices of AML/CFT laws.
Clients` and their operations integrity is one of the pillars of trust and is thus a prerequisite for the Company`s proper business conduction. Thus, the integrity is an explicit norm within financial supervision that sets out the statutory requirements for monitoring integrity of business operations. The key here is that clients should avoid becoming involved in acts that are against the law and/or are regarded as improper in society, and that they safeguard the integrity of their business operations. Controlling integrity risks is a central tenet of the transposition of this Programme together with international AML/CFT regulations into practical rules. For the avoidance of doubt, the integrity risks are understood among other things as the risk of ML and FT. Altogether, international AML/CFT regulations prescribe a control framework for this, aimed at controlling integrity risks.
As a minimum, TRUEPLAY INVENTIONS declares that the control framework for integrity risks (integrity of clients and their business operations) under this Programme comprises the following:
Control framework for integrity risks is the fundamental part of RBA hereunder. Such RBA chapter under the Programme detailing and systemize all the important elements of the mentioned framework.
Ethical business culture and ethical conduct are vital to the effectiveness of integrity control measures. Ethical conduct is a professional, individual responsibility in which the individual and/or the company are aware and take proper account of the rights, interests, and wishes of other stakeholders, display an open and transparent attitude, and are willing to take responsibility and render account for their decisions and actions. An ethical culture denotes a climate and atmosphere in which the Company behaves or acts, including in a broader sense, in a way that it can explain and account for – not just according to the letter of the law, but also in the spirit of the law.
Ethical business culture principles pierce through the Programme and its provisions.
To guarantee the integrity of business operations, it is essential for the Company to know who its clients are, whether their business is legal, and with whom Company`s clients cooperate (and for what purpose such cooperation is used). The Company wants to follow the international AML/CFT regulations under which it is mandatory to operate an adequate client due diligence system to know its clients and to avoid engaging in business relationships with persons who could damage trust in the Company. Client due diligence standards are relevant not only for ensuring the integrity of the business operations of the Company as a whole, but also specifically for combating ML and FT.
The Company`s client due diligence incorporates procedures, processes, and measures in relation to:
Client due diligence chapter herein contains all the important elements, deeply describes the procedure of such audit and gives a precise understanding of with what clients only the Company is ready to cooperate.
To the maximum possible extent the Company can relate to, taking into account international AML/CFT provisions and the legal status of the Company, it is possible to:
These measures are intended to prevent undesirable transactions and to combat terrorism only. The Company ensures that it can identify nature of clients` relationships. The Company subsequently ensures that it does not provide any of its services to those relationships that are forbidden under international AML/CFT legislation and that the Company can freeze client`s assets.
Local laws and regulations to promote the integrity of business operations or, more specifically, to prevent ML and FT, may differ markedly between jurisdictions. In case the Company operates internationally, it will follow the set of global minimum standards for the implementation of integrity policy and procedures, which apply to the entire group. It means that the integrity control measures will, in any event, apply to all client`s business operations, all functional activities, and all clients worldwide. The Company may operate in jurisdictions where local laws and regulations set lower integrity standards than the global AML/CFT minimum standards. The Company will then apply the group’s higher standards to the offices and branches in those jurisdictions. If local laws and regulations impose higher standards for integrity control measures than the minimum standards, the Company will reassess its minimum standards and adjust them where necessary.
Under the international requirements, the Company has adopted an RBA towards assessing and managing the ML and FT risks. It means that the Company applies to the maximum possible extent all the measures prescribed by the laws. Therefore, we can ensure that measures to prevent or mitigate ML and FT are commensurate with the identified risks. This will allow resources to be allocated in the most efficient ways. The principle is that resources should be directed accordingly to priorities so that the greatest risks receive the highest attention.
A risk-based approach includes:
The Company has designed the following Programme to identify the risks to which it may be exposed. Risks are not static: both internal and external factors can cause the risks for the Company to change. For example, the activities of the Company or its clients may be expanded, certain trends may occur within the financial and economic world, or legislation and regulations may be amended. The Company also determines whether the proposed risk control measures are effective. If they are not, the Company amends them. If the Company cannot control identified risks concerting a certain activity of its client, the Company will adjust such activity or will end the activity within its services. As a minimum, a systematic integrity risk assessment means that the Company performs the assessment periodically.
The Company prepares a profile for each new client based on risk categorization (the nature and level of the risk they present). The higher the risks, the more efforts the Company should make to mitigate them. The client profile may contain information relating to client’s identity, social/financial status, nature of business activity, information about his clients’ business and their location, etc. Clients may be categorized into low, medium and high risk. For example, individuals (other than high net worth individuals) and entities whose identities and sources of wealth can be easily identified and transactions in whose accounts by and large conform to the known transaction profile of that kind of clients may be categorized as low risk. Salaried employees, government-owned companies, regulators, etc. fall into this category. For this category of clients, it is sufficient to meet just the basic requirements of verifying identity.
In Risk assessment procedure, the Company has adopted the Red flags. Red flags that signal possible ML or FT include, but are not limited to:
Together with general Red Flags provided above, the Company understands that there may be number of other risks such as clients themselves, their activities (services they provide, etc.), countries and geographical risks (countries or regions where Company`s clients are established or conduct their activities) that are important to be assessed as well. When preparing a risk assessment, the Company looks at the characteristics of different types of clients, such as sectors and professions, residency or assets and source of income. It also looks at how the contact with clients is generally established and how Company`s services are offered. The Company monitors the risks that stem from the client/product and client/country combinations and takes the finding into account, first, when setting up the systematic risk assessment and again in defining the client`s risk profile and monitoring the relationship. When defining a client`s risk profile, all specific characteristics of that client are also taken into account. Ultimately, the Company should have insight into the rationality and reality of the transactions and clients and their activities in general.
Possible indicators of country or geographical risk:
Product/service risks:
Possible indicators of client risks:
When an employee of the Company detects any Red Flag or other activity that may be suspicious, he or she will notify the Compliance Officer (more about it below). Under the direction of the Compliance Officer, the Company will determine whether or not and how to investigate the matter further. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or informing the authorities.
After the Risk assessment, the Company then divides its entire client base into risk categories. The Company takes into account all factors described herein.
Potential risk indicators of a business relationship with a client:
The Company will maintain records on clients and have a system in place, either software or manual-based, to track risk levels, completed reviews, changes in activity or documents.
Client profiles will also be reviewed in cases of suspicious activity, change in beneficial ownership, negative media exposure or whenever it is deemed warranted.
Client details and profiles will be periodically reviewed proportionate to the risk level of the client. The Company compiles a risk profile of the client based on the CDD. This risk profile is dynamic and can, therefore, change over time. A review serves to determine whether the client still meets the defined risk profile. To that end, the Company should periodically update all client data, including the client`s risk profile, contact information and ultimate beneficial owner(s). The basic principle is that the frequency and depth of the review depend on the risks presented by the client.
The Company is required to monitor its business relationships constantly and to ensure that the particulars of the client, the ultimate beneficial owner and other persons about whom data have been collected are kept up to date. To this end, the Company will periodically update the information about the client and, if necessary, the client`s risk profile using adequate, risk-based measures.
Reviews will occur:
Also, the review may occur in the following cases:
For low-risk clients, a review may take place when:
For high-risk clients, a review of the specific risks will in practice be carried out (once or several times per year) and, for example, in the case of:
Clients` profile risk classifications:
– Reasonably able to identify and verify client account activity, business operations.
– Predictable behavior or low-value payments received/sent.
Possibility to pose a certain risk as a result of business activity, residence, dubious reasons for the business relationship.
High
– Client is operating from a jurisdiction known for financial secrecy, corruption, political/economic instability or no legal requirements for opening business.
– Client with a large distance between account/operations and location of incorporation.
– Clients in high-risk businesses or with high net worth (gambling/money transfer services, maybe NGO/charities, individuals).
– Unclear business structures or lack of transparency in company`s structure.
– Dubious client reputation as seen from open sources.
If it comes to clients, the Company uses the following risk classification regarding their business activities:
Risk category | Examples |
---|---|
Low risk | • Services for private clients that do not impose serious risks. • Standard services for small business (low level of clients` activities). |
Medium risk | • Services for private clients that may impose certain risks. • Routine and standard activities (not suspicious). |
High risk | • Complex structured financing transactions or collateral arrangements with private clients. • PEPs or clients are conducting transactions involving PEPs. • Products and services that by their nature are susceptible to inappropriate use (e.g., back-to-back loans, large cash deposits, commercial real estate activities). • Clients with transactions to/from countries that are subject to sanctions (including trade sanctions), free trade zones, offshore centers, tax havens, countries which as part of the ICRG process appear on the FATF watch list. • Clients with frequent, non-routine, complex treasury and private products and services. • Non-routine, cross-border payments by non-clients through clients` accounts. • Activities in jurisdictions that are weakly regulated regarding combating ML/FT. |
The Company does not embark on a business relationship with the client or breaks an existing relationship at the earliest opportunity in case of assessed too high risk, or such assessment fails and the Company thus unable to determine precisely who its clients are and what goals they are trying to reach. While the failure of a client due diligence procedure will often occur during the acceptance phase, the Company may identify potentially unacceptable risks during a periodic review of the client`s risk profile.
(Potentially) unacceptable risks:
Together with RBA, client due diligence is one of the most important parts of the following Programme. Even though RBA may partly contain some issues related to client due diligence, still, the following part is an integral and key one as to the clients` audit. Client due diligence is mandatory in cases defined herein. The Company will take additional measures in cases where there is a higher risk of ML or FT. All this emphasizes the responsibility of the Company: it will put its best efforts to indicate the techniques used in ML and FT of current developments and risk indicators associated with the use of cryptocurrency.
Client due diligence enables the Company to identify the client, verify its identity, identify the ultimate beneficial owner of the client and verify the ownership and control structure of the group to which a client belongs, determine the purpose and envisaged nature of the business relationship and investigate the source of assets used in the business relationship or transaction.
The Company reserves the right to collect Client’s identification information for KYC and AML/CFT Policy purposes and to safeguard its reputation. Clients may be identified using a multi-level system.
The Company may, as part of registration and authorization process:
The Company shall collect the following information about each client:
Even after KYC approval the Company may conduct additional checks and ask for further documents from trusted Company`s persons (CEOs, COOs, Shareholders, etc.).
We will require sufficient information from each client when registering to enable the client to be identified; utilize risk-based measures to verify the identity of each client when registering; record client’s identification information and the verification methods and results; and compare client identification information with government-provided lists of suspected terrorists, once the government has issued such lists. Internal lists will also be used, whether developed by the Company or other third-parties.
Based on the risk, we will ensure that we have a reasonable belief that we know the true identity of our client by using risk-based procedures to verify and document the accuracy of the information we get about our clients, but in any case, complying with the statutory requirements.
Basic Level. Transactions up to 3,000 (three thousand) USDT equivalent. Identification required: phone number, country of residence, proof of identity (e.g., driver’s license, passport or government-issued ID).
Standard Level. Transactions over 3,000 (three thousand) up to 10,000 (ten thousand) USDT equivalent. Identification required: phone number, country of residence, proof of identity, and proof of a residential address (e.g., utility bill no more than three months old).
Advanced Level. Transactions over 10,000 (ten thousand) USDT equivalent. Identification required: phone number, country of residence, proof of identity, proof of a residential address, ID confirmation photo (e.g., a selfie with one of proofs identity documents).
Basic Level. Transactions up to 10,000 (ten thousand) USDT equivalent. Identification required: address (principal place of business and/or other physical location), proof of legal existence (e.g., state certified articles of incorporation or certificate of formation, unexpired government-issued business license, trust instrument or other comparable legal documents as applicable), proof of identity (e.g., driver’s license, passport or government-issued ID) for each individual beneficial owner that owns 10% or more, as well as all account signatories;
Standard Level. Transactions over 10,000 (ten thousand) USDT up to 50,000 (fifty thousand) USDT equivalent. Identification required: address, proof of legal existence, proof of identity for each beneficial owner that owns 10% or more, as well as all account signatories;
Advanced Level. Fiat transactions over 50,000 (fifty thousand) USDT equivalent. Identification required: address, proof of legal existence, proof of identity for each beneficial owner that owns 10% or more, as well as all account signatories, proof of identity and proof of residential address for a director of a company.
The Company reserves the right to require additional information if considered necessary and the right to require additional information or documents at any time to verify the client’s identification and operations. Information will be requested exclusively from trusted Company`s persons (CEOs, COOs, Shareholders, etc.).
In case of client verification failure, the Company may take the appropriate measures: (1) refuse the registration of the client’s account; (2) if there are funds on the account, return them to the client (3) determine whether it is necessary to inform law enforcement authority in accordance with applicable laws and regulations.
In case of client verification failure, the Company may take the appropriate measures: (1) refuse the registration of the client’s account; (2) if there are funds on the account, return them to the client (3) determine whether it is necessary to inform law enforcement authority in accordance with applicable laws and regulations.
These Sanction lists search allows to scan the names of clients among the main world sanction lists such as: United Nations Sanctions (UN), Australian Sanctions, Bureau of Industry and Security (the U.S.), EU Financial Sanctions, Office of the Superintendent of Financial Institutions (Canada), OFAC – Specially Designated Nationals (SDN), UK Financial Sanctions (HMT), U.S. Consolidated Sanctions.
The Company reserves the right to maintain an internal list of wallet addresses, associated companies, and cooperate with other third-parties which have identified this information to mitigate reputational risk.
Verification of identity requires multi-factor authentication, layered security, and other controls to ensure a meaningful client identity confirmation process based on transaction amount or other factors.
The Company may use various verification methods including, but not limited to:
In case of client verification failure, we may take the appropriate measures: (1) refuse the registration of the account; and (2) determine whether it is necessary to inform law enforcement authority in accordance with applicable laws and regulations.
As was previously mentioned, the Company also looks at whether the client is acting for himself or someone else. The aim is to assess whether someone is acting as a front man in their name but on behalf of (criminal) third parties. If it is clear that the client is acting for someone else, such third party qualifies as “client” (“the natural or legal person […] who has a transaction effected”), then the Company will make its best effort to apply CDD obligations with regard to that person.
Where a natural person purports to act as a representative of a client, the Company also checks whether this person is authorized to represent the client, for example, where a natural person purports to act as the director of a legal person. Where a natural person claims to indirectly represent a legal person (which legal person would be the client), the chain of representative authority is established. If such authority is established, the client will be the subject of the client due diligence measures section herein, while the natural person acting as the representative will be identified and his identity verified. If the representative is not seen in person, the Company can develop a procedure to establish with certainty who acts for the client and to verify that the person concerned is duly authorized. The Company will then, in any event, require a declaration of identity from the officers of the client with whom it has direct contact, including those with whom it develops the procedure referred to and will verify that declaration.
A client due diligence process comparable with that for legal persons is carried out for unincorporated partnerships. An unincorporated partnership can be described as a community of persons established using an agreement. An unincorporated partnership does not possess legal personality and is therefore not the party with which a business relationship is entered into or which has a transaction effected. The Company identifies the partners, and where applicable takes adequate, risk-based measures to verify their capacity as partners. The Company establishes which natural persons can exert material influence or have material interests or exert a high degree of influence on the important decisions of the unincorporated partnership and who can exercise effective control over the policy of the unincorporated partnership. When establishing the control structure, persons who are authorized to manage the partnership also fall under the client due diligence, and the Company identifies them. The Company takes risk-based and adequate measures to verify the capacity of these persons as partners. The identity of the natural persons who qualify as equivalent to ultimate beneficial owners is verified using a risk-based approach. Verifying the identity of all partners will in some cases be impossible in practice, for example in the case of an “open limited partnership”.
A trust does not possess legal personality and is therefore not the party with which a business relationship is entered into, or that has a transaction effected. Consequently, a trust does not qualify as a client. The trustee is regarded as the client. In the case of a trust, the usual steps must be taken in respect of client due diligence, but the founders of the trust, the trustees, the protector and the beneficiaries must also be known to the Company. The client must submit a statement of their identity, and the Company must verify these stated identities.
In principle, identification and verification are completed before the business relationship is established and the service provision commences. However, there are exceptions in cases where the provision of services should not be interrupted. In these exceptional cases, the purpose of the law should still be kept in mind to prevent the Company’s services from being used for ML or FT. This is subject to the condition that the risk of ML or FT is low and that the Company will verify identity as soon as possible after the first contact with the client.
The Company may only enter into a business relationship and to provide its services if it has conducted the full CDD, such CDD has led to the envisaged result, and the Company is in possession of all identification and verification details and other information. The Company need not carry out the client due diligence itself but can arrange for this to be carried out by another company.
For any possible future needs, the Company may keep (copies of) the relevant documents available to show them at its first request. If the other company has carried the Company`s due diligence for Company`s client, the Company may request copies of the relevant documents. The Company may always do more on the grounds of its internal procedures than legislation requires.
It is prohibited to enter into a business relationship or carry out a transaction or provide Company`s services if no CDD has been performed or if the CDD, including the review of the ultimate beneficial owner, has not produced the intended result. There is a statutory obligation to terminate the business relationship if it is not possible to comply with statutory obligations. The Company reports these instances to relevant authorities if there are also indications that the client is involved in ML or FT.
If unable to terminate the business relationship, the Company should take further adequate measures to perform CDD.
By gathering information about the purpose and envisaged nature of the business relationship, the Company will be able to estimate any risks that may arise from the provision of services to the client. Usually, part of the required information will already have been obtained during contact with the client before the establishment of a business relationship. Also, the purpose of the relationship will be apparent from the services or products used by the client. Additional queries from the Company can be aimed at obtaining clarification on the product client or service recipient. In increased-risk situations, purpose and nature inquiries should also establish what type of transactions (including number, frequency, and size) the client intends to perform and with whom.
In cases where there is a higher risk of ML or FT, the Company takes supplementary measures. These measures vary according to risk. When accepting clients who fall under high-risk criteria described herein, the Company may take additional steps of assessment. The Company must, therefore, do more than simply check whether the client or other stakeholders appear(s) on the sanction lists, whether their identity documents are genuine, and whether the client appears in Company`s internal or external warning systems. Such supplementary information may relate to the reputation of the client or the UBO, but also of persons with whom they are associated. This includes the acquisition and assessment of information about business activities as well as (negative) background information on the client. Also, in the context of enhanced CDD, the Company`s examinations of the client`s source of funds should be more profound.
In the case of higher risk, the Company will not simply accept the information submitted by the client at face value but will where possible check the information by relying on independent and credible sources and will, in any event, carry out a credibility check.
The Company should identify every client`s ultimate beneficial owner (UBO). An ultimate beneficial owner is always a natural person. This requirement is not only relevant when the client is a legal entity, such as a legal person, foundation or trust: if the client is a natural person over which another natural person can exercise actual control, then that other person qualifies as UBO. Performing a client due diligence for the ultimate beneficial owner is a statutory requirement
Documents that can be used to verify the identity of the ultimate beneficial owner:
The following verification measures can be taken for low-risk clients:
Business relationships with and providing services to PEPs require additional measures as they entail a higher risk of reputational damage and other risks. Also, the provision of services to PEPs demands special attention within the framework of international policy to combat corruption. Business relationships with PEPs, particularly those from countries where corruption is widespread, may expose the financial sector, in particular, to significant reputational and/or legal risks. Examples are passive corruption (taking bribes) or misappropriation of public funds. The Company, therefore, needs to take risk-based procedures and measures to be able to identify PEPs, and consequently determine the source of wealth and of funds that are used with the business relationship or transaction and keep the business relationship under constant supervision.
A review is carried out both on acceptance and periodically to determine whether the client and the ultimate beneficial owner of the client qualify as PEPs. This applies equally to natural persons who may exert considerable influence on, hold considerable interests in and/or may strongly influence further reaching decisions of the unincorporated partnership, or who can control the partnership’s policy to an essential degree.
To determine whether a particular client or ultimate beneficial owner is a PEP, the Company may in low-risk situations consult public sources or obtain information from its branch in the country of residence of the relevant client. For institutions with a sizeable international client base, it may be efficient to use lists provided by recognized commercial organizations.
The decision to enter into a business relationship with a PEP or to conduct a transaction for a PEP should be taken or approved by persons authorized by the Company to do so. This also applies to a decision to continue a relationship with a client who becomes a PEP. Senior management grants such approval.
Taking into account the Company`s business clients, their use of cryptocurrency, and currently existing mismatches and loopholes in the international tax framework, the Company aims to provide its services in the way that will not cause the additional possibilities of aggressive tax planning models use.
The main indicators to spot the possible use of aggressive tax planning models are:
Altogether, each level separately and the combination of such levels could stand as indicators for the Company which potentially identify the relevance of aggressive tax planning models.
Taking into account specific package of authority related with tax issues (especially aggressive tax planning models), the Company may only, in accordance with Monitoring and Reporting unusual transactions sections of this Programme, report the respective tax authorities on the availability of described above indicators or their combination on its own or on respective request.
The principle when entering into a relationship with a client is that, if necessary, the Company knows the source of the funds that will be used in the business relationship or transaction. The Company should record statements and documentary evidence in client files and ask further questions where necessary. The fact that the funds originate from a regulated institution does not imply that the institution itself need not carry out a due diligence review. To determine the plausibility that the funds originate from a legal source, the Company should identify specific indicators which determine the depth of the review. The Company can consider combinations of indicators, such as the amount involved, the reason given for the source of the funds, age, and profession or business activities of the client, country of origin or destination of the funds, and the provided product or service. In the case of life insurance, this could, for example, mean a very high initial premium or top-up payments. In high-risk situations, especially, it is appropriate that the plausibility of the source of funds be determined and recorded using independent and credible sources.
To verify the source of the funds used in the business relationship, it may also be necessary, especially for high-risk clients, to have an understanding of the client`s asset position. Where clients spread their assets, it is also necessary for the Company to be aware of the other assets to be able to define a correct risk profile. The Company should document its review of the source of funds.
Certain clients will require confirmation as to the source of funds before they can make a transaction. These are:
Clients requested to confirm the source of funds should provide:
The Company reserves the right to carry out due diligence via analysis of the blockchain to verify past transactions, including cross-checking against any “blacklisted” wallets associated with historical illegal behavior (such as the Mt.Gox theft or wallets linked to cyber-extortion). This may include using Coinfirm for due diligence purposes. With some cryptocurrencies (such as XRP and some altcoins), blockchain analysis may not be possible, in which case the client will be expected to provide independent verification of historical transactions.
For high-value transactions, the Company`s staff also reserve the right to verify that the cryptocurrency wallet from which a client is sending cryptocurrency or to which Company is asked to send cryptocurrency belongs to that client. This will typically consist of a small pilot transfer of cryptocurrency to the client wallet which the client will transfer back to evidence of client wallet control.
The Compliance Officer should be consulted in each source of funds request and, following receipt of relevant documentation, his/her consent obtained before any transaction may take place.
During the client acceptance process, the Company draws up a risk profile and expected transaction pattern of the client. For the duration of the relationship, it is important that the client checks periodically whether the client still fits his/her risk profile and whether the transaction pattern is in line with expectations. The Company may tailor the frequency and intensity of the reviews to the client`s risk classification.
In addition to periodically updating its client data, the Company should also monitor clients` accounts and transactions. Monitoring allows the Company to gain and maintain insight into the nature and background of clients and their financial conduct. Among other things, the purpose of this monitoring is to detect any changes in the transaction pattern and the possible occurrence of situations that present an enhanced risk. The Company pays particular attention to unusual transaction patterns and transactions which by their nature carry a higher risk of ML or FT. The company should check systematically whether there are any unusual or suspicious patterns or activities. For instance, transactions should be assessed to determine whether they are usual for the client in question.
Examples of focus areas for monitoring:
Monitoring of the relationship with the client and their transactions may be tailored to the type of relationship between the client and their risk profile. If the policy establishes a long-term relationship with the beneficiary (e.g., in the case of annuity payments), continual monitoring of the payouts has no added value, as the Company itself makes these payments. For ordinary current accounts, the intensity of the monitoring effort might be lower than for (related) accounts of major international organizations.
In the case of virtual money/money transfers, the Company will especially investigate the connection between particular transactions to identify unusual transactions (with an organized background). The Company affecting virtual money/money transfers should as a minimum analyze transactions using the method described below for the effective identification of unusual transactions.
Examples of monitoring methods:
Clients willing to use the Companies service accept the companies use of internal transaction systems.
1. To identify information on a client in a wallet transaction, the Company might:
2. After clients’ verification the Company might check what country they are paying from:
If the Company has found transactions that do not fit the expected pattern or serve no economic or legal purpose, it will investigate the background and purpose of these transactions. The Company will pay particular attention to unusual transaction patterns and transactions which by their nature carry a higher risk of ML or FT. The findings will be recorded in the client file. If a transaction is suspected of being linked to ML or FT, it will be reported to the respective authorities.
The Company retains client and transaction data. This concerns all data obtained during the CDD process, e.g., copies of identity documents, account particulars, correspondence, memos of conversations about and with the client, transactions effected by and other services provided to that client. The client file should also reveal how the decision-making process surrounding client acceptance has taken place, e.g., in the case of the high-risk client.
For legal entities, records should include the particulars of the natural persons representing the legal entity vis-à-vis the Company. For the ultimate beneficial owner, the person’s identity and the method by which it was verified should be recorded. If a client acts as a trustee, the Company also records data in a retrievable manner concerning the founders, trustees and ultimate beneficial owners. Where a client acts as a partner in an unincorporated partnership, the Company should record the particulars of all partners, the persons authorized with respect to the management of the unincorporated partnership and the persons who can exert considerable influence on or have considerable interests in the partnership.
The purpose of the data retention obligation is to enable the authorities to gain an understanding of a client`s activities, e.g., in the event of a (criminal) investigation. The various records and files should, therefore, be easily accessible to the supervisory authorities. It makes no difference whether the data are stored electronically or as a physical document.
The Company undertakes the duty to report an actual or intended unusual transaction. The Company will report a transaction if it has reason to suspect that the transaction may be related to ML or FT. The Company will consider whether a particular transaction needs to be reported because of a possible link to ML or FT. The Company thus has its responsibility for the adequate reporting of unusual transactions. The Company should also assess whether there is a connection between two or more transactions. This can be done on the basis of the type of transaction and the amounts involved. If a connection is shown to exist, these transactions could be reported.
The definition of a transaction is intended to make clear that an unusual transaction by the client or by a third party acting on behalf of the client must always be reported if the Company has become aware of in the course of providing services to that client.
Processes for detecting unusual transactions:
In addition to the indicators, the ‘gut feeling’ of Company`s employees are also important.
For the purposes of this Programme suspicious activity may be defined as the transaction which (1) is greater than 2,000 (two thousand) USD; (2) involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity; (3) is designed, whether through structuring or otherwise, to avoid any recordkeeping or reporting requirements of the regulations; (4) has no business or apparent lawful purpose; or (5) facilitates criminal activity, including the use of the Company in such actions.
The Company reserves the right to refuse service and end the relationship if the client is known to have used 1) cryptocurrency tumblers or mixing services 2) services or currencies with a primary focus on anonymity (such as Monero or Darkwallet) 3) other services or currencies aiming to obscure transaction origins or flows.
The Compliance Officer shall decide whether a transaction is potentially suspicious and if considered a necessary consult with the Company’s senior management to decide as to whether the transaction meets the definition of suspicious activity.
The Compliance Officer shall file a report, including supporting documentation, to notify the appropriate law enforcement authority in situations involving violations requiring immediate attention, such as FT, continued ML schemes or other financial crime.
The Company also reserves the right to file a voluntary report for any suspicious transaction that we determined as a potential violation of any law or regulation, but that is not required to be reported by us.
The Compliance Officer maintains a copy of such report as well as all supporting documentation in accordance with regulatory requirements
The fact of report filling shall be kept strictly confidential. In no event should the parties involved in the suspicious activity be told of the filing. Discussion of suspicious activity should be limited between employees.
The Company also reserves the right to freeze immediately and without prior notice the funds or other assets of clients if they conduct potential ML/FT or sanction-related transactions, following applicable laws and regulations.
For terrorist screening, the Company may adopt automatic screening systems. The Company should freeze immediately and without prior notice the funds or other assets of designated persons and entities, following applicable laws and regulations.
In cases of sanctioned countries/businesses, the Company has the right to freeze assets and report to authorities if a sanctions breach is identified.
A Suspicious Activity Report (SAR) must be submitted, when applicable, to the relevant authorities taking into account regulatory timelines, formats, or content.
The purpose of a SAR is to outline to the authorities why particular transactions or activity is suspicious. Information within a SAR should contain:
1. Introduction
Outlining why the transaction is considered suspicious/unusual by including information such as client, where funds are going (counterparty), value and date.
2. Body
The body should provide a background with information on the client such as business nature, what jurisdiction it operates in, its clients.
It is also important to establish where the funds are going or coming from. The counterparty should then be mentioned (if applicable) with the same information if available, also including information found from open sources such as negative news or company information.
The point is to identify the client so that the authorities have a clear picture on which parties are involved in the report, and what they do.
3. Summary
A summary will outline what the key findings were, and why it is that the activity is unusual. A reason could be that there is no known business relationship between the client and the payer, there is no justification for the payment, the party is not-transparent, etc.
(I) Ethereum
Basic documents that show a financial background and origin of almost all assets is cryptocurrency wallet. To receive approval that this particular cryptocurrency wallet belongs to a particular person the wallet should be signed by a particular signed method.
We can easily verify any Ethereum signed message signature. We need to have the Ethereum address, generated signature and the message that has to be verified. The provider may also choose to SAVE the verified signed message which will then be accessible via a Public URL.
For instance: The sign method calculates an Ethereum specific signature with: sign(keccak256(“\x19Ethereum Signed Message:\n” + len(message) + message))). By adding a prefix to the message makes the calculated signature recognizable as an Ethereum specific signature. This prevents misuse where a malicious DApp can sign arbitrary data (e.g., transaction) and use the signature to impersonate the victim.
Note, the address to sign with must be unlocked.
Use the Cryptocurrency Wallet Transaction Historical Summary Report to report past item quantities, past item value, or past inventory balances. The report calculates historical balances based on a rollback date. The report rolls back all of the transactions for the item to the date you specify and prints the quantity, value, or balance as of that date. Also, the value and quantity versions let Us specify the cryptocurrency source type as in the wallet address. The report sums up the transactions for the item and reports the value or quantity by source type. This would allow Us to audit the source transaction values that have created the change from the initial transaction to the current wallet value.
Company has designated Mr. Oleksandr Antsyferov as its Compliance Officer. Compliance Officer is the person, duly authorized by the Company, and fully responsible for implementing and enforcing this Programme.
The business interests of the Company should in no way be opposed to the effective discharge of the above-mentioned responsibilities of the Compliance Officer. Regardless of the Company’s size or its management structure, potential conflicts of interest should be avoided. Therefore, to enable unbiased judgments and facilitate impartial advice to management, the Compliance Officer should, for example, not have business line responsibilities and should not be entrusted with responsibilities in the context of business. Where any conflicts between business lines and the responsibilities of the Compliance Officer arise, procedures should be in place to ensure compliance concerns are objectively considered at the highest level.
The duties of the Compliance Officer with respect to this Programme shall include, however, are not limited to:
Under criminal indemnification provisions, it is ensured that data or information provided by the Company that reports an unusual transaction in good faith cannot be used in a criminal investigation or prosecution of the Company itself on suspicion of ML or FT. Also, those who have submitted the report, such as a bank employee who submitted or helped compile the report are protected from criminal investigation or prosecution as well.
Under civil indemnification provisions, it is ensured that the Company cannot be held liable under civil law for the loss suffered by another party (the client or a third party) as a result of a report as long as the Company acts on the reasonable assumption that it implements the reporting duty. For instance, claims in civil proceedings could be brought for breach of contract if the Company decided not to carry out a transaction but to report it. Legal action over an unlawful act is also possible, to claim alleged loss suffered as a result of a Company`s unusual transaction report.
The indemnification will of course only apply if the unusual transaction report has been submitted in good faith and correctly.
The Company follows a strict duty of confidentiality. This means that the Company is obliged to observe confidentiality in respect of an unusual transaction report. Exceptions are possible in so far as they arise from the law. Put briefly, these exceptions to the obligation of confidentiality permit the Company to exchange information with units of its organization or network elsewhere and/or other Companies. The obligation of confidentiality is not only to apply to clients but also to third parties, it cannot be the intention to obstruct these systems, which help prevent the financial system from being misused for ML or FT purposes.
The Company ensures that all of its officers and employees receive training on compliance issues at least once a year. New employees shall receive appropriate compliance training within 30 days of their hire date.
Depending on the target audience, the compliance training may cover only the basic matters (general information, legal framework, and other) or refer to more specific topics and issues that are relevant to the certain specialists.
The Company will adopt the timing and content of training for various sectors of staff according to its needs and the Company risk profile. Training needs will vary depending on staff functions and job responsibilities and length of service with the Company.
Training course organization and materials will be tailored to an employee’s specific responsibility or function to ensure that the employee has sufficient knowledge and information to effectively implement the Company KYC and AML/CFT policies and procedures.
Refresher training shall be provided to ensure that staff is reminded of their obligations and their knowledge and expertise are kept up to date.
All training shall be provided and updated regularly to reflect current developments and changes to laws and regulations. The scope and frequency of such training shall be tailored to the risk factors to which employees are exposed due to their responsibilities and the level and nature of risk present in the Company.
The Compliance Officer shall ensure the periodic independent audit of the Programme on a risk-sensitive basis and determine whether the activities of the Company related to AML law, regulations thereunder are conducted in compliance with the legislation above and policies.
The Company designated Compliance Officer, a person reporting to the Compliance Officer, or any other Company representative, cannot conduct the independent audit.
The Company management should also ensure that the audit scope and methodology are appropriate for the Company’s risk profile and that the frequency of such audits is based on risk.
The Compliance Officer shall ensure an independent audit of the Company KYC and AML/CFT Programme to be conducted at least once a year. The audit should, at a minimum, include:
The Compliance Officer shall report the audit scope, procedures performed, transaction testing completed and findings. All audit documentation should be available for review.
Any violations, policy or procedures exceptions, or other deficiencies noted during the audit should be included in an audit report and reported to the Company Board of Directors.
Every Company`s employee complies with the legal requirements designed to detect and prevent ML and FT activities. This Programme states what you must do to comply with the Company compliance policy. Failure to follow this Programme violates Company`s policies and may violate applicable laws. Violation of this Programme may result in termination of person`s employment.
The Company expects all of its employees and agents to observe the following compliance standards:
File suspicious activity reports on transactions that involve or aggregate up to 2,000 USD or more and Company knows, suspects or has reason to suspect that the transaction is being with the intent to evade the record-keeping or reporting requirements, or that the funds have originated from illegal activity.
This Programme, including all policies and procedures, shall be reviewed and updated or revised on the as-needed basis, however no less often than once a year. The Compliance Officer shall initiate updates or modifications to this Programme and/or Company Board of Directors should do that.
The Compliance Officer is responsible for monitoring amendments in applicable laws of the USA and EU on securities and digital assets. If the United States Congress, the United States Securities and Exchange Commission, European Parliament or other relevant body adopts changes or a decree that applies to the Company, the Compliance Officer should inform the senior management of the Company and prepare amendments in this Programme if necessary.