FOR INTERNAL USE ONLY AML/KYC AND INTERNATIONAL FINANCIAL SANCTIONS PROCEDURES
INTERNAL CONTROLS FOR THE IMPLEMENTATION OF THE AML LAW
1. DEFINITIONS AND ABBREVIATIONS
1.1 The company is Digital Exchange LLC, identification number: 412759457.
1.2 Client – a natural or legal person to whom the Company provides services.
1.3 Money laundering is the concealment or disguise of the true nature, source, location, location, transfer, possession or other rights regarding property derived from or derived from criminal activity. Altering, transferring, acquiring, possessing or using for concealment purposes, concealing the illicit origin of property, or assisting a person who has engaged in criminal activity to avoid the legal consequences of his/her actions. Money laundering also occurs when the criminal activity that led to the acquisition of property used for money laundering took place in the territory of another state.
1.4 Terrorist financing means the distribution or receipt of funds, under the articles of the Criminal Code, for the planning or commissioning of activities that are terrorist, or for the financing of terrorist organizations, or the possession of information that such funds are used for these purposes.
1.5 International sanctions are non-military measures determined by the European Union, the United Nations, another international organization or the government of the Republic with the aim of achieving or maintaining peace, preventing conflicts and strengthening international security, as well as supporting and strengthening democracy, the rule of law, human rights and international rights.
1.6 A Politically Exposed Person (PEP) is an individual who performs or has performed important functions of a public authority, including the role of leader of the country, head of government, minister and deputy or assistant minister, member of parliament or similar legislator, member of the party leadership, member of the Supreme Court, a member of the board of directors, an administrative or executive officer of a state-owned enterprise, the head of an international organization, a deputy head and a member of a governing body, or a similar institution.
1.7 Local PEP is an individual, defined in clause 1.6, who performs or has performed essential functions of a public authority of Georgia.
1.8 A PEP Family Member is an individual who is considered equivalent to that person"s spouse, child of that person, and a person who is considered to be the equivalent of that person"s spouse or parent.
1.9 Person close to a PEP - means an individual who is publicly known to be the beneficial owner or co-owner of a legal entity or business with a national or local resident, has a close business relationship with a national or local resident, or an individual , which is the sole beneficial owner of a legal entity or enterprise that, according to publicly available information, was successfully established in favor of a citizen of the country or a local resident.
1.10 AML Law - Describes measures to help suppress the legalization of an illegal income declaration.
2. GENERAL PROVISIONS
2.1 This Guide has been prepared on the basis of the AML Law and the International Sanctions Law and is intended for internal use.
2.2 This Guide sets out internal security measures to comply with due diligence requirements for the prevention of money laundering and terrorism, as well as international sanctions requirements, and to detect suspicious and irregular transactions.
2.3 Employees of the Company must be familiar with and strictly follow the requirements of the AML Law, international sanctions, instructions for identifying money laundering, terrorist financing and suspicious transactions, and other instructions in order to comply with the requirements of the AML Law and this Guide.
2.4 Employees of the Company should independently familiarize themselves with additions to laws and other legislative acts.
2.5 The Board of Directors of the Company is required to implement these guidelines for all employees.
2.6 Employees of the Company are required to acknowledge reading these instructions.
2.7 Employees of the Company are personally responsible for compliance with the requirements of the AML Law in accordance with the procedure provided for by law.
3. CUSTOMER RELATIONSHIPS AND IDENTIFICATION
3.1 Employees of the Company must apply the following rules of conduct each time before entering into a business relationship with a Client.
3.2 The Company does not establish a relationship with a client by working with an authorized representative of an individual.
3.3 Client - an individual is identified as follows:
3.3.1 The client is identified on the basis of an identity document, a copy of the page with personal data and a photo that is stored in the Company"s client database. The identification of the following documents is carried out: for citizens of Georgia - Georgian passport, identity card, foreigner"s passport, residence permit or driver"s license; a citizen of another country - a travel document (passport).
3.3.2 The following data should be recorded for each client:
188.8.131.52 Name and surname.
184.108.40.206 Personal number, date and place of birth.
220.127.116.11 Name, number, date of issue and name of the issuing authority for the document used to identify and verify a person.
18.104.22.168 Residential address.
22.214.171.124 Contact details: email address and phone number.
126.96.36.199 Performs or has performed PEP functions.
188.8.131.52 Whether the person is a PEP partner or family member.
3.3.3 The following documents are required for customer identification:
184.108.40.206 Identity document. In the case of a citizen of Georgia - a passport of a citizen of Georgia, an identity card, a foreigner"s passport, a residence permit, a driver"s license issued in Georgia. In the case of a citizen of another country, a travel document or passport.
220.127.116.11 A document confirming the address of the place of residence. Such a document may be a utility bill, a bank statement on the account balance or other similar documents that indicate the address and were issued earlier than 3 months before.
3.4 Client - legal entity is identified as follows:
3.4.1 The client is identified on the basis of an extract from the Commercial Register, which was issued earlier than 3 months before, certified and, if possible, apostilled.
3.4.2 For each legal entity, the following data should be recorded:
18.104.22.168 Registration number and date of registration.
22.214.171.124 Legal address and actual address.
126.96.36.199 Details of the representative, shareholders and beneficial owner.
188.8.131.52 Contact details: email address and phone number.
184.108.40.206 For each individual within a legal entity (eg director, shareholders, beneficial owner) - the data and documents indicated in paragraph 3.3.
4. RISK ASSESSMENT AND CONTROL LEVEL DETERMINATION
4.1 When establishing a business relationship with a Client, the Company must assess the risk of money laundering and terrorist financing, and, accordingly, select and implement appropriate due diligence measures.
4.2 The following categories should be taken into account when assessing the level of risk of money laundering and terrorist financing:
4.2.1 Geographic risk.
4.2.2 Client risk.
4.2.3 Operational risk.
4.3 Geographic risk is considered high if the client or transaction has a known connection to the following countries or territories:
4.3.1 Countries and territories subject to UN or European Union sanctions, embargoes or other similar measures.
4.3.2 Countries without appropriate measures to prevent money laundering and terrorist financing.
4.3.3 Countries that are known to be involved in support of terrorism or have a high level of corruption according to reliable data.
4.3.4 Information on high-risk countries can be found at http://www.fatf-gafi.org/countries/#high-risk
4.4 Client risk is considered high if the client:
4.4.1 Is a PEP, a family member or close associate of a PEP. Employees of the Company are required to determine whether the clients are specified persons before establishing a business relationship with the Client and making a transaction.
4.4.2 Listed by the UN or the European Union in the list of persons subject to international financial sanctions. Company employees have a duty to track this information before establishing a business relationship, with verification of customer data.
4.4.3 Is an individual who has previously been suspected of being involved in money laundering or terrorist financing.
4.5 Operational risk is considered high if:
4.5.1 A person who is not one of the parties to the transaction will pay for the transaction.
4.5.2 A transaction is required, one of the purposes of which should be to hide the list of actual participants in the transaction.
4.5.3 A transaction is required that does not have a clearly justified commercial, economic, tax or legal purpose.
4.5.4 Virtual currencies always come from different addresses or money is transferred from different accounts.
4.5.5 Amounts in virtual currency or money are not standard for the client.
4.5.6 Each time the client receives different virtual currencies.
4.6 The risk of money laundering or terrorist financing is considered high if, for any of the reasons, there is a suspicion that the client or the transaction concluded by the client may be related to money laundering or terrorist financing.
4.7 The Company does not offer services and does not establish relationships with customers if:
4.7.1 These are citizens of high-risk countries (http://www.fatf-gafi.org/countries/#high-risk).
4.7.2 These are individuals on the list of international financial sanctions.
4.7.3 These are PEPs, their family members or those close to them.
4.7.4 Persons previously suspected of being involved in money laundering or terrorist financing.
4.8 For risks not listed in clause 4.7, enhanced due diligence measures must be applied to the client.
5. IT RISKS AND THEIR CONTROL
5.1 Risks associated with the technologies used:
5.1.1 Leakage of information;
5.1.2 Providing false information;
5.1.3 Malware and cyber attack; 5.1.4 Risks associated with the operation of the information system.
5.2 To reduce the risk of information leakage, the Company"s employees are required to:
5.2.1 Use only internal servers of private limited companies;
5.2.2 Use software approved and installed by the Board of Directors of the Company, which is updated on an ongoing basis;
5.2.3 Use Company hardware. Use of your own hardware, including external media, is strictly prohibited.
5.3 To reduce the risk of providing false information:
5.3.1 To confirm the data with the Client, the Company must negotiate in person or during a video conference.
5.3.2 In case of suspicion of providing false information, it is necessary to request supporting documents from the Client.
5.4 To reduce the risk of malware and cyber attacks:
5.4.1 The system is constantly monitored to identify suspicious and unusual transactions.
5.4.2 System security tests are performed on an ongoing basis.
5.4.3 The software, which is constantly updated, is used to detect malware and fight viruses.
5.5 To reduce the risks associated with the operation of the information system:
5.5.1 Protective network and server infrastructure is used.
5.5.2 Separate main server and backup server are used. For security purposes, the main server and the backup server are located in different locations.
5.5.3 The information system of the Company is certified according to the PCI/DSS standard.
5.6 According to the need, but at least once a year information security training is organized for the employees of the Company.
6. APPLICATION OF DUE DUE DISCUSSION MEASURES
6.1 Particular attention must be paid to the activities of individuals or Clients involved in the transaction and circumstances that indicate or may imply money laundering or terrorist financing, including complex, expensive and unusual transactions that have no reasonable economic purpose.
6.2 Applicable due diligence measures:
6.2.1 Identification of the client or the person involved in the transaction based on the documents and data provided by him/her and via videoconference.
6.2.2 Identification of the beneficial owner.
6.2.3 Obtaining information about the business relations of the Client, the purpose and nature of the transaction.
6.2.4 Continuous monitoring of the client"s business relationships, including the control of transactions entered into during the course of the business relationship, regular verification of identification data, updating of relevant documents, data and information and, if necessary, identification of the source and origin of the funds used in the transaction.
6.3 In due diligence, the facts to be established are usually determined on the basis of the original documents provided by the client. If the original document cannot be obtained, notarized or legally certified documents may be used, including documents certified by a lawyer. If it is impractical, given the degree of risk, a copy of the original document must be sealed and / or signed by its author, and may be transmitted electronically (in resubmitted written form). A copy cannot be trusted if there is any doubt as to its conformity with the original.
6.4 Verification may rely on information that is written in a format consistent with a commercial register, a credit institution or branch of a foreign credit institution, or a credit institution that is registered in another country where there are equal AML/KYC requirements.
6.5 The aforementioned due diligence measures must be applied before a business relationship or transaction is entered into.
6.6 The identity of the Client may be identified and the information provided may be verified at the time of initiating a business relationship or concluding a transaction if necessary to prevent business disruption and if the risk of money laundering or terrorist financing is low. In such a case, due diligence measures should be completed as soon as possible after first contact has been made and before any mandatory action is taken.
6.7 Where possible, an individual or Client involved in a transaction or professional activity should be required to certify with his/her signature the accuracy of the information and documents submitted for due diligence measures.
7. APPLICATION OF EXTENDED DUE DILIGENCE MEASURES
7.1 Due diligence measures should be implemented on an enhanced scale if:
7.1.1 The identity of the individual or client involved in the transaction is established and the information is provided from a location that does not correspond to the location of the individual or client being verified.
7.1.2 Identification or verification raises doubts or suspicions about the authenticity of the document, or it is not possible to identify the beneficial owner(s).
7.1.3 In essence, the situation implies a high risk of money laundering or terrorist financing.
7.2 A company employee must apply at least one of the following enhanced due diligence measures:
7.2.1 Identification and verification of information obtained from additional documents, data or information obtained from a reliable and independent source, or from the commercial register of a credit institution or a branch of a foreign credit institution or a credit institution that is registered or conducts business in a country where there are equal AML/KYC requirements, and if the identity of an individual is established in this credit institution in the presence of this individual.
7.2.2 Implementation of electronic delivery of documents for their authenticity and verification of the accuracy of the information contained in them, including their notarization or official confirmation of the accuracy of the data collected, or a document issued by a credit institution referred to in clause 7.2.1.
7.2.3 Making the first payment to an account opened in the name of the individual involved in the transaction with a credit institution that is registered or operates in a country that has the same AML/KYC requirements.
8. PEP IDENTIFICATION
8.1 When establishing a business relationship (after concluding a consumer agreement), the Client fills out a form in which he/she enters the basic mandatory data necessary for identification and verification, and mandatory by law.
8.2 Among other information, the Client must indicate whether he, his family member or a close associate of a PEP (Political Exposed Person).
8.3 If the Client"s family member or close associate is a PEP, the Client must also provide that person"s details.
8.4 Information about PEP is checked by employees of the Company based on information from public sources, for example, from the website https://namescan.io/FreePEPCheck.aspx
9. IDENTIFICATION OF THE PERSON SUBJECTED TO INTERNATIONAL SANCTIONS
9.1 When establishing a business relationship (after concluding a consumer agreement), the Client fills out a form in which he/she enters the basic mandatory data necessary for identification and verification, and mandatory by law.
9.2 According to the information provided by the Client, an employee of the Company checks the international sanctions applicable to the Client.
10. IDENTIFICATION OF SUSPECTED MONEY LAUNDERING
10.1 This section sets out the circumstances that indicate suspicion of money laundering, to which employees of the Company should pay special attention.
10.2 "Self-delivery". Suspicious signs:
10.2.1 The appearance and behavior of a person does not correspond to the essence of the transaction concluded by this person, or his / her behavior is questionable.
10.2.2 The person is unable to sign documents or uses third party assistance for this purpose. 10.2.3 The person has already been suspected of a “double game”.
10.3 The person cannot explain the need for this service.
10.4 A person requests an unreasonably high bid.
10.5 Non-standard cash transaction.
10.6 Separate large or occasional small transactions with virtual currency, if such activity is inconsistent with human economic activity or is unusual.
10.7 Money received for virtual currency is transferred to a third party or to a bank account in another country.
10.8 The person does not provide data and / or explanations about the transaction.
10.9 A large volume of virtual currencies is exchanged in case they do not correspond to the usual course of business of this person or are unusual.
10.10 The person cannot be identified or is trying not to provide information to you.
10.11 A person tries to enter into a fictitious transaction.
10.12 When creating a long-term relationship with clients, a person wants to pay only in cash.
10.13 There is a suspicion that a person is acting in someone"s interests.
10.14 A person wants to pay in cash for more than 10,000 euros.
10.15 A person repeatedly pays in cash for amounts above 10,000 euros.
10.16 Payment is made through a bank established in a tax-exempt territory.
11. WITHDRAWAL OF CONTRACT AND TRANSACTION
11.1 The Company does not conclude a contract and does not make a transaction:
11.1.1 With persons under the age of 18.
11.1.2 With authorized representatives of the client - an individual.
11.1.3 With a person who refuses to provide information and documents referred to in paragraph 3 of these Guidelines, or provides less information than necessary, or tries to hide something.
11.1.4 With a person suspected of provocation.
11.1.5 With the person who submitted the documents, or about whom the Company received information confirming the suspicion of money laundering or terrorist financing.
11.1.6 With a person subject to international financial sanctions.
11.1.7 With a person who is a PEP or whose family member is a PEP, or he/she is a person close to a PEP.
11.1.8 With a person who was previously suspected of being involved in money laundering or terrorist financing.
11.1.9 With a citizen of a high-risk country http://www.fatf-gafi.org/countries/#high-risk.
12. COLLECTION, STORAGE AND PROTECTION OF DATA
12.1 After entering into a transaction, an employee of the Company is obliged to register the following information:
12.1.1 Details of the person involved in the transaction, in accordance with paragraph 3 of this Guide.
12.1.2 Date or period of the transaction.
12.1.3 Description of the content of the transaction.
12.1.4 Information about the refusal to establish a business relationship or enter into a transaction.
12.1.5 Information about the refusal to establish business relations or conclude a transaction at the initiative of the Client.
12.1.6 Information about the termination of the business relationship, including the inability to apply due diligence measures.
12.1.7 The service of exchanging virtual currency in exchange for cash, the amount in the currency, the amount of money resulting and the exchange rate.
12.1.8 Exchange rate of a virtual currency against another virtual currency, currency amount, other currency amount and exchange rate.
12.1.9 When opening an account in virtual currency - its type, number and name of the currency.
12.2 The Company must keep the following documents for at least five (5) years after the end of the business relationship or the conclusion of the last transaction:
12.2.1 Information for the identification and verification of data and documents.
12.2.2 Correspondence with the Client.
12.2.3 Data collected in the course of monitoring business relationships.
12.2.4 Data on suspicious and non-standard transactions.
12.2.5 Transaction documents.
12.3 Employees of the Company are obliged to apply the rules for the protection of personal data when collecting and storing data and documents. The collected data may only be processed for the purposes of preventing money laundering and terrorist financing. The processing of data in a manner that does not correspond to this purpose is strictly prohibited.
13. NOTICE TO THE FINANCIAL MONITORING SERVICE
13.1 If an employee of the Company discovers an act or circumstances that indicate money laundering or terrorist financing, or there is suspicion or certainty that it is money laundering or terrorist financing, this should be immediately reported to the MLRO (Anti-Money Laundering Inspector) of the company.
13.2 It is forbidden to inform the client about the transfer of MLRO information.
13.3 The MLRO officer must attach copies of documents on which the transaction is based, as well as copies of documents on the basis of which the person can be identified, to the completed notification form. The notice may be accompanied by copies of other documents substantiating the nature of the transaction.
14 INTERNAL CONTROL AND TRAINING
14.1 Compliance with the requirements of the AML Law, the International Sanctions Law and legislation established thereunder is monitored and managed by the Board of Directors of the Company.
14.2 Risk assessment and client identification are carried out by specially trained employees of the Company, and all this is managed by the Board of Directors of the Company.
14.3 The activities of the Clients and transactions with them are checked by specially trained employees of the Company, and all this is managed by the Board of Directors of the Company.
14.4 The Board of Directors of the Company is responsible for training the personnel of the Company in the field of prevention of money laundering and terrorist financing and compliance with the requirements of international sanctions.
14.5 Employees are required to independently review amendments to laws and other legislation.
14.6 Training of the Company"s employees takes place as needed, but at least once a year.