RULES FOR THE PREVENTION OF MONEY LAUNDERING AND / OR TERRORIST FINANCING
I. GENERAL PROVISIONS
1. These Rules for The Prevention of Money Laundering and / or Terrorist Financing (hereinafter – the Rules) are prepared to ensure the prevention of money laundering and terrorist financing in activity of Venice Swap UAB (hereinafter – the Company).
2. The Rules describe how the Company will organize and ensure the adequate anti-money laundering and counter terrorism financing procedures. The implementation of the Rules will ensure that the name, reputation and financial integrity of the Company, whilst ensuring compliance with all necessary laws and regulations.
3. The provisions of the Rules must be adhered to by all operations, organisation and staff of the Company.
4. The Rules are prepared in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania (hereinafter – the Law), Description of the Procedure for Suspension of Suspicious Monetary Operations or Transactions and Submission of Information on Suspicious Monetary Operations or Transactions to the Financial Crime Investigation Service under the Ministry of the Internal Affairs of the Republic of Lithuania approved by the Decision No. 1V-701 of the Minister of Internal Affairs of 16 October 2017 and other applicable legal acts of the Republic of Lithuania.
5. Unless the Rules state otherwise, all terms used therein have the meaning indicated in the Law and other applicable legal acts.
II. DEFINITIONS
6. Unless otherwise required by the context, the following terms beginning in a capital letter shall be taken to have the following definitions:
6.1. Beneficial Owner – a natural person, who is the owner of a Customer (a legal person) or controls the Customer, and/or a natural person for the benefit of which a transaction or activity is being conducted. The Beneficial Owner is considered to be:
a) In a legal person:
(i) a natural person who owns the legal person or who controls it either directly or indirectly by owning a sufficient percentage of the legal person’s shares or voting rights, including bearer shares and control through other means, other than a company listed on a regulated market that is subject to disclosure requirements consistent with EU law or subject to equivalent international standards which ensure adequate transparency of ownership information;
(ii) a natural person holding 25 % plus one share or an ownership interest of more than 25% in the legal person is considered to be a direct owner. A natural person holding 25 % plus one share or an ownership interest of more than 25 % in a legal entity or entities which control or hold 25 % plus one share or an ownership interest of more than 25 % in a legal entity is considered to be an indirect owner;
(iii) a natural person performing the role of the senior manager if the person in point (i) above cannot be determined or there are doubts on whether the person determined is the Beneficial Owner;
b) in the case of trusts:
(i) the settlor;
(ii) the trustee(s);
(iii) the protector, if any
(iv) the beneficiaries, or where the individuals benefiting from the legal arrangement or entity have yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates;
(v) any other natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means;
6.2. in the case of legal entities such as foundations, and legal arrangements similar to trusts, the natural person(s) holding equivalent or similar positions to those referred to in point (b);
6.3. CEO – Chief Executive Officer of the Company;
6.4. EU Member State – a member state of the European Union or the European Economic Area;
6.5. FCIS – The Financial Crime Investigation Services under the Ministry of the Interior of the Republic of Lithuania;
6.6. Politically Exposed Person (PEP) – a natural person who is carrying out or has carried out Prominent Public Functions, their Close Family Members and Close Associates. A person who has not carried out Prominent Public Functions during at least the last year by the date of entering the Business relationship or making of a transaction or such a person’s Close Family Members or Close Associate are not considered as politically exposed persons;
6.7. Prominent Public Functions – functions which are listed in Article 19(2) of the Law or are included on the list of prominent public functions published by the FCIS;
6.8. Responsible Employee – an employee appointed by the CEO who is responsible for the implementation of measures for the prevention of money laundering and / or terrorist financing in accordance with the Rules;
6.9. Suspicious Financial Operation – a monetary transaction, which is performed with funds, which are suspected to have been received (either directly or indirectly) from criminal activities or from participating in such activities or/and are related to terrorist financing;
6.10. Third Country – a country which is not a member state of the European Union or the European Economic Area;
6.11. Virtual Currency – an instrument with a digital value but no legal currency or monetary status, which is not authorized or guaranteed by a central bank or other public authority and which is not necessarily pegged to currency but which is recognized by natural or legal persons as an exchange instrument and which is transferable and sold electronically;
6.12. Virtual Wallet – public key addresses which are generated for virtual currency addresses for the storage and management of virtual currencies entrusted to other natural or legal persons (third parties) but remaining in their ownership.
III. THE SCOPE OF THE COMPANY’S SERVICES
7. The Company serves as a global online platform for trading digital assets, and provides its Customers with a digital asset trading platform. As further detailed in Article 3 below, Users must register and open an account with Venice Swap, and deposit Digital Assets into their account prior to trading. Users may, subject to the restrictions set forth in these Terms, apply for the withdrawal of Digital Assets.
8. The Company’s relations with its Customers is a subject to an agreement that is concluded with the Company’s Customers and which govern the Company’s provided services, as well as other obligations of both the Company and its Customers.
IV. CUSTOMER IDENTIFICATION
9. The Company takes all necessary, proportionate measures in order to identify its Customer and to verify the identity of the Customer and Customer’s Beneficial Owners. The Company takes measures and determine identity of the Customer or his representative in the following cases:
9.1. before establishing a Business relationship;
9.2. before conducting one or several related Virtual Currency transactions (exchanges) or allowing a deposit of Virtual Currency on a Virtual Wallet the value of which is equal to or exceeds EUR 700,00 at the time of the transaction and/or deposit;
9.3. if there is suspicion that information previously provided about the Customer or his representative is incorrect and/or incomplete;
9.4. in any other case, when there are suspicions that an act of money laundering and / or terrorist financing is, was or will be carried out.
10. The Company establishes Customer’s identity only remotely, i. e. when the Customer is not physically present.
11. While establishing the Customer’s identity, the Company shall:
11.1. receive an identity document of the Republic of Lithuania or a foreign state or a residence permit in the Republic of Lithuania or a driving licence issued in a EU Member State in accordance with the requirements laid down in Annex I to Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences (recast), which contains the following data:
a) name / names;
b) surname/surnames;
c) personal number (in the case of a foreigner: date of birth (where available – personal number or any other unique sequence of symbols granted to that person, intended forersonal identification), the number and period of validity of the residence permit in the Republic of Lithuania and the place and date of its issuance (applicable to foreigners);
d) photograph;
e) signature (except for the cases where it is optional in the identity document);
f) citizenship (except for the cases where it is optional in the identification document).
11.2. assess whether the Customer’s identity documents are valid and the photographs are matching;
11.3. verify whether there are any circumstances to apply enhanced Customer due diligence. If such circumstances are present the procedures for enhanced Customer due diligence accordingly shall be followed;
11.4. find out whether the Customer will act on his own behalf or someone else’s interests;
11.5. establish the identify the representative of the Customer in the same manner as the identity of the Customer;
11.6. receive information that allows a clear understanding of the purpose and intended nature of the Business Relationship between the Customer and the Company;
11.7. receive additional documents with the necessary information, if additional information is required from the Customer;
11.8. check whether the Customer or Customer's Beneficial Owner is included in the list of people that are financially sanctioned by Lithuania, European Union (EU sanctioned person list) and United Nations;
11.9. use reliable and independent sources to verify whether the Customer or Customer's Beneficial Owner is a PEP.
12. The Company shall verify the identity of the Customer and the Beneficial Owner on the basis of documents, data or information obtained from both the Customer and also a reliable and independent source. The Customers and the Beneficial Owners shall be always screened at least through these lists:
12.1. Consolidated list of persons, group and entities subject to EU financial sanctions;
12.2. United Nations Security Council Consolidated List;
12.3. Consolidated Sanctions List (Non-SDN Lists);
12.4. Foreign Sanctions Evaders (FSE) List.
Remote Customer identification
13. The Company establishes Customer’s (natural person’s or legal person representative’s) identity remotely by using the following measures:
13.1. when using information from third parties about the Customer or the beneficial owner in accordance with the procedure laid down in the Law;
13.2. when information about the Customer’s identity is confirmed with a qualified electronic signature supported by a qualified certificate for electronic signature which conforms to the requirements of Regulation (EU) No 910/2014;
13.3. when using electronic means allowing direct video streaming in one of the following ways:
a) the original of the identity document or an equivalent residence permit in the Republic of Lithuania is recorded at the time of direct video streaming and the identity of the Customer is validated using at least an advanced electronic signature which conforms to the requirements laid down in Regulation (EU) No 910/2014;
b) the facial image of the Customer and the original of the identity document or an equivalent residence permit in the Republic of Lithuania shown by the Customer is recorded at the time of direct video streaming.
14. In every case establishing Customer’s identity remotely by using measures specified in paragraph 13 is allowed only when there are all conditions laid down in the Law.
15. The Remote Customer identification procedure is performed by SUM AND SUBSTANCE LTD incorporated and registered in England with company number 09688671, whose registered office is at 30 St. Mary Axe, London, England, EC3A 8BF. Service Provider's Contact: Name: Yakov Sever. Email: js@sumsub.com.
16. When establishing Customer’s identity remotely, the Company shall:
16.1. verify whether there are any circumstances to apply enhanced Customer due diligence. If such circumstances are present the procedures for enhanced Customer due diligence accordingly shall be followed;
16.2. assess whether the Customer provides copies of valid identity documents or corresponding travel documents which photographs are matching. This requirement does not apply if the identity is being determined using a qualified electronic signature;
16.3. find out whether the Customer will act on his own behalf or someone else’s interests;
16.4. verify whether a representative has legal permit or power of attorney to act in the name of the Customer;
16.5. to receive additional documents with the necessary information, if additional information is required from the Customer;
16.6. check whether Customer or Customer’s beneficiary is included in the list of people that are financially sanctioned by Lithuania, European Union (EU sanctioned person list) and United Nations;
16.7. use reliable and independent sources to verify whether the Customer is a PEP.
17. In all cases when using third parties’ information to establish Customer’s identity remotely the Company shall ensure that:
17.1. the third party shall upon request immediately provide information and data on the Customer and/or the Customer’s Beneficial Owner required in order to comply with the requirements of the Law;
17.2. the third party shall upon request immediately provide relevant copies of identification and verification data and other relevant documentation on the identity of the Customer or the Customer's Beneficial Owner.
18. By using the Third Party for the purposes of the Customer's identification, the Company assumes the responsibility to fully evaluate the Customer's identification information collected by the third party and to decide separately on the Customer's acceptability to the Company. In all cases, the Company ensures that the information about the Customer collected by the third party is reviewed by the responsible employees of the Company. This process in all cases includes, but is not limited to:
18.1. evaluation of all information about the Customer provided by the third party;
18.2. assessment of the adequacy and reliability of the information (e.g. whether the document is clearly visible, whether there are any questions/suspicions related to the identity, etc.);
18.3. making a decision on the acceptability of the Customer to the Company;
18.4. assessment of the need to apply enhanced Customer due diligence;
18.5. determining the need to apply other means of Customer due diligence.
19. If the Customer is represented by another person, the Company shall request proof of power of attorney and, if possible, check its validity (i.e. if the Customer or its representative has the right to issue such a power of attorney), expiry date, actions that representative can undertake in the name of the Customer. Power of attorney shall comply with rules established in the Civil Code of the Republic of Lithuania. In case the power of attorney is given by the Customer natural person, such power of attorney on behalf of the Customer shall be certified by the notary.
V. ESTABLISHING BENEFICIAL OWNER’S IDENTITY
20. The Company shall always establish the identity of Beneficial Owner of the Customer (in accordance to the requirements laid out in the Law and these Rules).
21. The Customer shall submit the following data on the Beneficial Owner:
21.1. name/names;
21.2. surname/surnames;
21.3. personal identification number or in the case of a foreigner – date of birth (where available – personal number or any other unique sequence of symbols granted to that person, intended for personal identification, the number and period of validity of the residence permit in the Republic of Lithuania and the place and date of its issuance);
21.4. citizenship.
22. The Company’s employees shall verify the documents and information about the Beneficial Owner provided by the Customer on the basis of documents, data or information obtained from a reliable and independent source. Such actions of the Company shall include a request to the Customer to specify public sources in which the information about the Beneficial Owner could be attested. The Customer shall confirm the accuracy of the data presented with a signature and a seal (if he is required have a seal in accordance with the legal acts regulating his activities).
23. In all cases (when the identity of the Beneficial Owner is established both through the physical presence of the Customer as well as in the absence thereof), the Company shall be required to collect and provide, upon request of the FCIS, the following data on the Beneficial Owner:
23.1. personal identity data of the Beneficial Owner;
23.2. evidence of verification of the information provided by the Customer with reliable and independent sources;
23.3. data on the management structure of the Customer (legal entity).
24. The data submitted by the Customer shall be validated using electronic identification means issued in the European Union which operate under the electronic identification schemes with the assurance levels high or substantial, or with a qualified electronic signature supported by a qualified certificate for electronic signature which conforms to the requirements of Regulation (EU) No 910/2014, or using electronic means allowing direct video streaming.
VI. PROHIBITION TO ENTER INTO A BUSINESS RELATIONSHIP
25. It is forbidden to start Business relationship if the Customer and / or his representative:
25.1. fails to submit the data confirming his identity;
25.2. submits not all the data or where the data are incorrect;
25.3. avoids submitting the information required for establishing his identity;
25.4. conceals the identity of the Beneficial Owner or avoids submitting the information required for establishing the identity of the Beneficial Owner or the submitted data are insufficient for that purpose;
25.5. the Company, due to the Customer’s actions or omissions, is not able to ensure proper compliance with the Law and the related legal acts.
26. In such cases, specified in paragraph 25, the Company shall, upon assessment of the threat posed by money laundering and/or terrorist financing, decide on the appropriateness of forwarding a report on a Suspicious Financial Operation or transaction to the FCIS.
27. In cases when the Company’s employee identifies at least one case specified in paragraph 25, such employee has to inform the Responsible Employee. The Responsible Employee shall, upon assessment of the threat posed by money laundering and terrorist financing, decide on the appropriateness of forwarding a report on a suspicious monetary operation or transaction to the FCIS.
28. If the Company is unable to comply with points above, the Company shall not conduct business relations with such Customer. In these cases, the Responsible Employee of the Company has to evaluate possible money laundering and / or terrorist financing threat and inform the CEO and FCIS.
29. If the Customer avoids or declines a request by the Company to provide information on source of assets, money and etc., the Responsible Employee has to inform the CEO. In that case CEO shall make a decision to terminate Business relationship with the Customer and the Responsible Employee shall inform FCIS. The Responsible Employee has a responsibility to take immediate action to interrupt money laundering and / or terrorist financing.
30. Information gained identifying the Customer and beneficiary owner, monitoring Customer activities has to be documented either physically or electronically.
VII. CUSTOMER CLASSIFICATION FOR DUE DILIGENCE PURPOSES
31. All Customers should be classified according to the risks of being involved in money laundering and / or terrorist financing.
32. Risk categorization shall encompass three different Customers risk levels.
33. Such categorization shall be based on multiple parameters, including, but not limited to:
33.1. Customer’s identity;
33.2. Customer’s residency (registration place, if Customer is a legal entity);
33.3. nature of business activity;
33.4. actual location of business activities;
33.5. Customer’s (legal entity’s) ownership and complexity of control structure;
33.6. nationality of Beneficial Owner;
33.7. volume and nature of transactions carried out by the Customer;
33.8. social / financial status.
34. The following Customer risk classification is used:
34.1. Low risk Customers:
a) in the cases specified by the European Supervisory Authorities and the European Commission.
b) in the cases where the Customers are legal persons whose securities are admitted to trading on a regulated market in one or more EU Member States;
c) in the cases where the Customers are entities of public administration – state and municipal institutions and institutions, the Bank of Lithuania;
d) in the cases where the Customer is a financial institution covered by the Law (or a financial institution registered in another European Union Member State).
e) the Customer is identified as low risk in accordance with the Company’s Risk Assessment Procedure.
34.2. Medium risk Customers:
a) all other Customers not identified as low or high risk.
34.3. High risk Customers – the Customer are categorized as high-risk Customer if one of the following criteria is applicable:
a) the Customer or his / her representative or at least one of the Customer’s Beneficial Owners is a PEP;
b) during the identification procedure the Customer avoids performing actions necessary for the verification of his / her identity and providing information about him / herself;
c) at the request of the Company, the Customer did not provide the documents evidencing the financial activities (documents evidencing the transactions concluded or being concluded by the Customer and other documents evidencing the financial activities performed or being performed by the Customer);
d) the Responsible Employee of the Company establishes existence of the features unusual to the ordinary activities performed by the Customer (performance of monetary operations with larger amounts, complex transactions, transactions are carried out in an unusual pattern etc.);
e) the Customer’s age, official position, status and / or financial condition (low income of the Customer when compared with the extent of the Customer’s financial activities) do not comply objectively with the financial activities performed by the said Customer;
f) if a suspicion is raised during the monitoring of Customer’s business relations with the Company.
g) the Customer is determined to be of a high risk in accordance with the Company’s Risk Assessment Procedure.
34.4. Unacceptable risk Customers
a) Unacceptable risk Customers who meet at least one of the risk criteria, for which 100 points are awarded in accordance to the Individual customer money laundering and terrorist financing risk assessment processes and factors disclosed in the Annex No. 2 of the Rules, are not acceptable to the Company and the Company should not enter into business relations with them. However, the Company may enter into business relations with all other Customer of Unacceptable risk only after receiving the approval of the Company’s CEO with a written justification detailing how the Company will manage the risk posed by such Customer.
VIII. IDENTIFICATION OF POLITICALLY EXPOSED PERSONS
35. Before establishing a business relationship with the Customer, the Company must take measures to determine whether the Customer and the Beneficial owner is a PEP.
36. The Company shall consider its Customers to be PEP’s when at least one of the following criteria is met:
36.1. a citizen on the Republic of Lithuania or the European Union declares that they have been entrusted with Prominent Public Functions or that they are Close Family Members or Close Associates of such a person (as defined in section I of the Rules);
36.2. the Company’s employees determine that the natural person is a PEP by using public sources and / or by obtaining such information from third parties, such sources may include, but are not limited to the Chief Official Ethics Commission and commercial databases which list PEP’s;
36.3. a representative of a legal person declares that the shareholders (natural persons) of the legal person have been entrusted with Prominent Public Functions or that they are Close Family Members or Close Associates of such a person.
37. If the Customer or at least one of its Beneficial Owners are determined to be PEP, the Company shall apply the Enhanced Establishment of the Identity in accordance with the procedure set forth in this Section IX of the Rules.
IX. ENHANCED CUSTOMER IDENTIFICATION PROCEDURE
38. The enhanced Customer identification is performed:
38.1. where transactions or Business relationships are carried out with PEP’s;
38.2. in the cases indicated by the European supervisory authorities and the European Commission;
38.3. if according to the risk assessment and management procedures established by the Company a higher risk of money laundering and / or terrorist financing is determined. When assessing the risks of money laundering and / or terrorist financing, it is necessary to assess the risk factors of possible increased money laundering and / or terrorist financing identified in these Rules.
39. When applying enhanced Customer identification procedure for Customers that are PEP’s, the Company shall:
39.1. identify whether the Customer and / or the Beneficial Owner of the Customer are PEP’s;
39.2. get consent from the CEO of the Company to start or maintain Business relationship with that Customer, when he becomes a PEP;
39.3. take adequate measures in order to determine the source of assets and funds involved in Business relationship and contracts;
39.4. ensure identification of unusual transactions and regular review of the information about such Customer and its Transactions that the Company holds;
39.5. maintain enhanced activity monitoring of PEP’s.
40. When a PEP stops holding important public positions, the Company shall, for at least 12 months, continue to consider the ongoing risks of that person and apply appropriate measures at the risk level, until it is determined that the person concerned no longer has the risk inherent in the Customer being considered a PEP.
41. When applying enhanced Customer identification procedure in the cases specified by the European Supervisory Authorities and the European Commission, the Company shall choose the measures referred to in the documents of the European Supervisory Authorities and the European Commission which identify such cases.
42. When applying enhanced Customer identification procedure if according to the Risk assessment procedure (Annex 1) a high risk of money laundering and / or terrorist financing is determined, the Company shall in all cases:
42.1. collect additional information on the Customer and / or its Beneficial Owner;
42.2. collect additional information about the nature of the Business relationship.
42.3. collect information about the purpose of the planned and / or executed Transactions.
43. Additionally, the Company in its discretion may apply any of the following measures in addition to the measures described in point 41 of the Rules:
43.1. take necessary measures to identify the source of the Customer’s and Beneficial Owner’s funds and assets related to the Business relationship or Transaction;
43.2. obtain approval of CEO for establishing or continuing the Business relationship;
43.3. conduct enhanced ongoing monitoring of the Business relationship by increasing the number and timing of control applied, and by categorising types of Transactions that will need further investigation.
44. It is required to re-establish Customer’s identity using enhanced Customer identification procedure if:
44.1. the Customer knowingly provides wrong information about beneficiary or himself;
44.2. the Customer hides information.
X. ASSESMENT OF THE RISK
45. The Company shall assess the risk of the operations being used for money laundering and terrorist financing.
46. The risk assessment shall be conducted on an annual basis.
47. Risk Assessment Procedure provided in Annex No. 1 outlines the principal methodology which shall be used to conduct and update the risk assessment for purposes of anti-money laundering and terrorist financing prevention.
48. Before conducting and during the performance Business Relationship with the Customer, the Company performs an assessment of the risk of money laundering and terrorist financing posed by a specific Customer. The risk of money laundering and / or terrorist financing is assessed by distinguishing the following types of risks:
48.1. customer risk;
48.2. country’s and / or geographical risk;
48.3. distribution channels risk;
48.4. the risk of services provided.
49. The assessment of the risk of money laundering and / or terrorist financing posed by the Customer is provided in Annex No. 2 of the Rules.
XI. PERIODIC UPDATE OF CUSTOMER’S INFORMATION
50. By considering the Customer categorisation the Customer’s information shall be updated and the Customer’s identity shall be verified repeatedly:
50.1. if the Customer is low risk Customer – every 2 years;
50.2. if the Customer is medium risk Customer – every year;
50.3. if the Customer is high risk Customers – every 6 months.
51. The Customer categorisation to the respective risk group shall be registered. When necessary, the data shall be updated.
52. Screening of financial sanctions and other restrictive measures and PEPs shall be conducted at least twice a year for all Customers.
XII. MONITORING, PRESENTATION OF INFORMATION TO THE FCIS, DETERMINATION AND SUSPENSION OF SUSPECTED MONEY OPERATIONS AND TRANSACTIONS
53. The Company gathers information about the Customer risk profile and expected behaviour when the Customer applies for Company’s services. The gathered information provides information about the expected behaviour of the Customer and a baseline for identification of suspicious activity.
54. Transaction Monitoring must be conducted through:
54.1. monitoring, where transactions are monitored and stopped (if needed) in real time;
54.2. retrospective monitoring, which involves analysis of transactions that have already been processed.
55. Transaction monitoring is monitoring of Customer’s operations (transactions) in order to understand the nature of operations (transactions) and their consistency with the knowledge that the Company has about its Customer, Customer’s risk profile. It is mandatory to investigate transactions that at least:
55.1. match criteria for operations (transactions) considered suspicious by the FCIS (https://www.e-tar.lt/portal/lt/legalAct/a664b2107ecd11e4bc68a1493830b8b9/asr);
55.2. match criteria for transactions possibly related to terrorist financing by the State Security Department (http://www.fntt.lt/data/public/uploads/2016/10/vsdkriterijai.pdf);
55.3. match operations (transactions) on Company’s own list of risk indicators, including all transactions involving the EU’s High Risk Third Countries and Financial Action Task Force “black list” and “grey list” countries. It is prohibited to enter into business relationship with Customers having relation to these countries;
55.4. are complex, unusually large, conducted in an unusual manner, or have structure without obvious economic or legitimate reason.
55.5. are unusual given what the Company knows about the Customer.
56. Operations (transactions) monitoring is performed in real time when outgoing or incoming operations (transactions) are stopped for their revision. Such stops occur based on pre-set scenarios and are clearly marked as subject to ongoing monitoring. Transactions alerted through dedicated scenarios should be properly investigated, and all actions should be documented. In cases where the Company is not able to conduct abovementioned investigation, the Company may apply following risk-mitigating measures:
56.1. refuse to process all or selected transaction(s);
56.2. refuse to provide new or existing products or services;
56.3. terminate the business relationship;
56.4. file a suspicious monetary transactions or transactions report to the FCIS.
57. The Company has identified indicators, presented below, which shall lead to an inquiry to find out more information about the rationale of the activity. When adequate information about the rationale behind the transaction or behaviours is collected and if the explanation seems reasonable a transaction may be performed. The Company shall notify the FCIS of cases in which the Company:
57.1. knows, receives information or has reasonable grounds to suspect that money laundering and / or terrorist financing has been, is being or will be committed or has been attempted;
57.2. suspects or has reasonable grounds to suspect that Customer’s funds are derived from criminal activity;
57.3. suspects or have reasonable grounds to suspect that transactions or activities involve terrorist financing.
58. Operations (transactions) can be released and processed if they do not raise suspicions of money laundering, terrorist financing, tax evasion or other illicit activities because:
58.1. activity is usual to the Customer;
58.2. data on such operation (transaction) is available from documents received prior to transaction and is in line with the Company’s expectations; or
58.3. information provided by the Customer demonstrates economic reason, is accurate and lacks further suspicions;
58.4. further suspicions.
59. Investigations must be conducted on all transactions that demonstrate the evidence of one or several of following aspects:
59.1. unusually large operations (transactions);
59.2. operations (transactions) conducted in an unusual manner;
59.3. operations (transactions) conducted with Customer or counterparties from countries outside the Europe Union, which:
a) appear on the Europe Union’s list of high risk third countries;
b) appear on Financial Action Task Force’s either “grey list” or “black list”.
60. In the course of the continuous monitoring of operations (transactions) and business relationships of the Customers, the Company shall, in all cases:
60.1. carry out a revision of data on the identity of the Customers, their representatives and Beneficial Owners;
60.2. perform inspections of transactions concluded during the business relationship in order to ensure that the transactions being performed would correspond to the Company’s knowledge of the Customer, his business, the nature of risk and knowledge of the source of funds;
60.3. take immediate measures to prevent money laundering and/or terrorist financing.
61. When suspicious activity is identified, or the Customer otherwise has a suspicious behaviour or pattern that indicates a risk for money laundering, the Company shall seek to investigate the behaviour and to provide a rationale for the identified suspicious behaviour by asking the Customer for additional information to rule out inappropriate behaviour or attempt to launder money. Examples of questions that could be asked:
• What is the purpose of the requested financing?
• Where does the income / revenue come from?
• Why do you want the money to be transferred to this specific account?
• Etc.
62. Each employee of the Company shall immediately report to the Responsible Employee of any suspicious operations (transactions). Such report shall be made before carrying out the operation (transaction).
63. Retrospective monitoring is part of operations (transactions), which involves review of operations (transactions) that have been already processed in order to spot unusual patterns or possible interconnected transactions. It is important to ensure that proper scenarios are in place that would flag all unusual transactions, as next opportunity to review those will present itself only during Ongoing Due Diligence (ODD).
64. When investigating operations (transactions) in retrospective monitoring, the focus should be on following:
64.1. complex operations (transactions);
64.2. unusually large operations (transactions);
64.3. operations (transactions) made in an unusual manner;
64.4. operations (transactions) involving conducted with Customer or counterparties from countries outside the Europe Union, which:
a) appear on the Europe Union’s list of high risk third countries;
b) appear on Financial Action Task Force’s either “grey list” or “black list”.
65. All retrospective monitoring investigations must end with the conclusion on whether the operation (transaction) is unusual or not. Retrospective monitoring involves:
65.1. review of Customer’s information obtained during its onboarding or most recent ODD;
65.2. review of Customer’s information/documentation obtained and conclusions made during previous transaction monitoring activities (if any);
65.3. review of Customer’s operations (transactions) over the period of last 12 (twelve) months and counterparties with whom Client conducted those transactions;
65.4. review of documents submitted by the Customer during the course of investigation;
65.5. review of specific groups of Customers and their activities;
65.6. review of other relevant information to determine whether transaction could be deemed as usual.
66. Investigations of flagged transactions must be conducted to determine whether such transactions are unusual and may pose a money laundering or terrorist financing risk. The process must involve:
66.1. finding out the reasoning behind the operation (transaction) and its legitimacy;
66.2. collection of supporting documentation related to operation (transaction);
66.3. determination whether provided reasoning and supporting documentation can indicate the usual and legitimate nature of such operation (transaction):
a) operation (transaction) involves counterparties that are by their nature, experience, size, number of employees, etc. capable of conducting such transaction and are dealing in the complimentary line of business;
b) source of funds of such operation (transaction) (if asked) is clear and well-documented;
c) adverse media screening of counterparties does not indicate any potential issues;
d) operation (transaction) does not indicate potential violations of sanctions;
e) operation (transaction) does not indicate other illicit activities;
66.4. determination whether the investigated operation (transaction) can be considered as usual or should still be considered as unusual.
67. When considering whether the source of funds information is clear and well-documented, the Company shall determine whether the exact source of the specific funds used in the operation (transaction) is fully explained. The Company shall at least review the:
67.1. information consistency – the information provided by the Customer should be consistent across all documents. Any discrepancies should be clarified by the Costumer;
67.2. the completeness of the information – the documents should cover the entire amount in question. If the Customer claims that funds come from multiple sources, each source’s documents should be provided by the Customer;
67.3. the relevance of the information / documents – the provided documents must be directly related to the declared source of funds
68. In cases where the Company does not understand the economic rationale or lawful purpose or doubts the veracity of the information it has been given, the Company must apply additional measures. Such measures may include:
68.1. taking reasonable and adequate measures to understand the background and purpose of these operations (transactions), for example by establishing the source and destination of the funds;
68.2. monitoring the business relationship and subsequent transactions more frequently and with greater attention to detail.
69. Investigations conducted towards Customers as part of retrospective monitoring should involve review of Customer’s operations (transactions) and their conformity with know your customer information the Company has on the Customer and determination whether:
69.1. operations (transactions) do not demonstrate indicators of possible shell company activity as described on the FCIS website;
69.2. there are no unusual operations (transactions);
69.3. counterparties besides those collected during onboarding or the most recent ODD do not present increased risk in terms of entity (charities, non-profit organizations, trusts, PEPs, shell/shelf companies, nominees, high-risk industries, etc.), geographic risk or product risk.
70. The Company shall notify the FCIS about the Customer's suspicious (and not only executed, but also intended to be executed suspicious) transactions (irrespective of the size of the transaction), taking into account:
70.1. criteria for identifying money laundering and suspicious monetary transactions or transactions related to the Customer behaviour:
a) during the establishment of business relations, the Customer or his representative avoids providing the information necessary to determine his identity, hides the identity of the beneficiary or avoids providing the information necessary for determining the beneficiary, presents documents with doubtful authenticity, etc.;
b) it is difficult to obtain information or documents from the Customer necessary for the monitoring of business relations: it is difficult to contact the Customer, the Customer is often changing its place of residence and contact information; no one responds when trying to call to the phone number provided by the Customer or his representative or it is permanently disabled; the Customer or his representative does not answer e-mails;
c) the Customer is not able to answer the questions asked about his / her financial activity or planned financial activity, its nature, and behaves too nervously;
d) the Customer declares his willingness to end the business relations with the Company when asked to provide the information necessary for monitoring his business relations;
e) the Customer refuses to provide data on the origin of money or attempted to do so and / or to substantiate it by appropriate documents.
f) several companies are registered at the address of the Customer or their representative.
70.2. criteria related to monetary transactions or transactions executed by the Customer or his representative:
a) monetary transactions or transactions do not correspond to the regular cooperation with the Company;
b) customer identification data and information on performed Virtual Currency exchange operations or transactions in Virtual Currency, if the value of such monetary operations or transaction is equal to or exceeds EUR 15 000,00 or the equivalent amount in foreign or virtual currency notwithstanding whether the transaction is in one or more related monetary transactions. Several interconnected monetary transactions shall be considered to be several Virtual Currency exchange operations or transactions in Virtual Currency in one day, where the total amount of transactions and transactions is equal to or exceeds EUR 15 000,00 or the equivalent amount in foreign or virtual currency at the time of the transaction;
c) the Customer performs monetary transactions or transactions without a clear economic basis;
d) the Customer performs monetary transactions or transactions where it is difficult or impossible to identify the beneficiary;
e) the Customer, the Customer's representative, a person who is beneficiary of a monetary transaction or transaction, is subject to financial sanctions in accordance with the Law on the Implementation of Economic and Other International Sanctions of the Republic of Lithuania;
f) the age, current position, financial status of the Customer (the Customer's income / revenue is small compared to the amount of his financial activity), objectively does not correspond to the financial activity performed by this Customer.
71. The Company shall inform the FCIS about monetary transactions that do not meet any of the criteria mentioned above if the Company has a suspicion of a monetary transaction and / or Customer’s activity. The suspicion may be caused by various objective and subjective circumstances, for example, the Customer carries out monetary transactions that are unusual for his activity, provides incorrect information about himself or a monetary transaction, and avoids providing additional information (documents).
72. Suspicious monetary transactions or transactions are objectively determined by focusing on the Customer’s activities that by their nature may relate to money laundering and / or terrorist financing, also by the Customer and beneficiary identification and continuous monitoring of the Customer's Business relationships, including transactions, which were concluded during such relationships. In assessing whether a monetary operation or transaction is suspicious, the Company is not required to determine whether there is a criminal offense. The subjective allegations made by the employee of the Company are sufficient for the assessment.
73. If the employee of the Company finds that a monetary transaction or transaction performed by the Customer is suspicious, regardless of the amount of such transaction, immediately suspends this transaction and no later than within 3 business hours informs the CEO of the suspended transaction.
74. In case of knowledge or suspicion of suspicious monetary transactions or transactions, the Company shall immediately notify the FCIS, no later than within three working hours after such knowledge or suspicion, if the Company knows or suspects that any value asset is directly or indirectly received from or involved in a criminal offense, also if the Company knows or suspects that the assets is intended to support one or several terrorists or a terrorist organization.
75. The Company, upon receipt of a written instruction from the FCIS to suspend suspicious monetary transactions or suspicious transactions performed by the Customer, suspends these transactions from the time of notification or the moment of the specified circumstances up to 10 business days. The Responsible Employee of the Company submits instructions to the required employees of the Company.
76. If the Company does not receive an obligation to perform a temporary restriction of ownership within 10 working days from the receipt of the prescribed notification or receipt of a written instruction in accordance with the procedure established by the Code of Criminal Procedure of the Republic of Lithuania, the monetary transaction or transaction shall be renewed. The Responsible Employee of the Company submits instructions to the appropriate employees of the Company.
77. Upon receipt of the FCIS notification that the suspension of a monetary transaction or transaction may interfere with the investigation of money laundering or terrorist financing and other criminal acts related to money laundering and / or terrorist financing, the Company shall not suspend suspicious monetary transactions or suspicious transactions performed by the Customer and renew suspended monetary transactions or transactions from the time of notification or the moment of the specified circumstances.
78. A notification to the FCIS regarding a suspicious monetary transaction or transaction shall include:
78.1. the identity of the Customer, his representative (if the monetary transaction is performed or the transaction is concluded through a representative);
78.2. criteria approved by the FCIS, according to which a monetary transaction or transaction is identified as suspicious;
78.3. a suspicious monetary transaction or a suspicious transaction;
78.4. the date of the suspicious monetary transaction or the suspicious transaction, the description of the assets in the transaction (money, etc.) and its value (amount of money, currency in which the monetary transaction or transaction is performed, etc.);
78.5. account management methods;
78.6. contact information (phone numbers, email addresses, contact persons, their telephone numbers, e-mail addresses) of the Customer, his representative (if the monetary transaction is carried out or the transaction is concluded through a representative);
78.7. the date and time of suspicious monetary operation or suspicious transaction suspension;
78.8. a description of the assets the Customer cannot manage or use from suspicious monetary transaction or suspicious transaction suspension (location and other information describing the asset);
78.9. if the suspicious monetary transaction or transaction has not been stopped, – the reasons for not stopping it;
78.10. another relevant information in the opinion of the Company.
79. A notification regarding information about suspicious monetary transactions or suspicious transactions shall be submitted to the FCIS upon joining the Information System of FCIS and by filling in an electronic form for providing information on suspicious financial transactions or suspicious transactions approved by the Director of the FCIS (hereinafter – the Information provision form) according to the guidelines for completing the information form approved by the Director of the FCIS.
80. When there is no possibility of joining the FCIS's information system and completing the Information provision form due to technical reasons, and also in urgent cases, the Company may submit information by telephone, fax or e-mail. The information provided on the phone must be described and no later than the next business day after the submission of the information by telephone submitted in writing, fax or e-mail.
XIII. REGISTRIES MANAGEMENT
81. The Company shall keep a register of:
81.1. monetary transactions and transactions described in the Law;
81.2. reported and suspicious monetary transactions or transactions determined in accordance with the criteria given in paragraph 70;
81.3. the Customers with whom transactions or Business relationships were terminated under the circumstances specified in Article 18 of the Law or under any other circumstances related to violations of the procedure for the prevention of money laundering and / or terrorist financing.
82. The Responsible Employee of the Company shall enter the following information into the registries:
82.1. the data confirming the identity of the Customer, his representative (if any) (first name and surname, date of birth, personal identification number or other unique character assigned to this person for identifying the person / legal entity name, legal form, business address, company code if such code is given).
82.2. data on a monetary transaction or transaction – the date of execution of the transaction, description of the assets underlying the transaction (Virtual Currency, money, etc.) and its value (amount of money, currency of a monetary transaction or transaction, etc.).
83. In addition to the data specified in the paragraph 82 of these Rules, the data on the beneficiary (name, surname, date of birth, personal identification code or other unique character assigned to this person, for the purpose of which is given to the person) shall be entered in the registry of suspicious monetary transactions and transactions and also which FCIS approved criteria for identifying the Customer's monetary transaction or transaction as a suspicious transaction or transaction this data meets.
84. Customers’ with whom transactions or Business relationships were terminated under the circumstances specified in paragraph 18 of the Law or under any other circumstances related to violations of the procedure for the prevention of money laundering and / or terrorist financing information on the origin of assets, other supplementary data or other information related to violations of the procedures for the prevention of money laundering and / or terrorist financing, the data specified in paragraph 81.1 of these Rules, as well as the data on the beneficiary (name, surname, date of birth, personal identification number or other unique character sequence assigned to this person for identifying him) shall be entered in the registry and also the reasons for which transactions or Business relationships was terminated in circumstances specified in this paragraph and / or in circumstances related to violations of the procedure for the prevention of terrorist financing. The following information shall also be kept in register:
84.1. Information of Beneficial Owners (full name, personal code or date of birth, citizenship);
84.2. Information on the reasons for termination of the transaction with the respective Customer.
85. The data in the registry shall be recorded in chronological order on the basis of a monetary transaction or transaction according to documents or other legally valid documents related to the execution of monetary transactions or transactions, immediately, but not later than within 3 business days after the execution of a monetary transaction or the conclusion of a transaction, when the data are entered in the registry in chronological order not later than within 7 business days after the occurrence or disclosure of the specified circumstances.
86. Registers shall be kept confidential and no data may be disclosed publicly. The Responsible Employee shall provide the information kept in the registers only to CEO or persons authorised by the CEO, FCIS or public authorities.
87. The Responsible Employee shall take all the necessary measures to protect the information in the registers, including analysis of risks, maintenance and update of the data processing systems, ensuring proper functioning of such systems, arranging backup copies of the information kept in the registers, and other necessary measures.
XIV. DATA RETENTION AND RECORD KEEPING
88. The CEO of the Company is responsible for protecting the data in registries from unauthorized destruction, alteration or use.
89. The registry’s data and a copy of the Customer's or beneficiary’s identity documents, the live video transmission (live streaming) files and other details obtained at the Customer's identification, accountancy and / or contract documentation (original documents) are kept for 8 years from the end date of transactions or business relations with the Customer.
90. Documents and data confirming a monetary transaction or transaction, or other legally valid documents and data related to the execution of monetary operations or the conclusion of transactions shall be kept for 8 years from the date of the monetary transaction or the conclusion of the transaction.
91. The correspondence of business relations with the Customer shall be kept for 5 years from the date of the closing date of the transactions or business relations with the Customer in paper form or in electronic form.
92. Records of the results of the investigation of complex or unusually large transactions and unusual patterns of transactions specified in Article 17 of the Law shall be stored for 5 years in paper or electronic form.
93. The storage period may be extended for a maximum period of 2 years, when there is a motivated reason provided by the competent authority.
94. The documents and information referred to shall be stored, regardless of whether the monetary transactions or transactions are domestic or international; business relations with the Customer are ongoing or have expired. Moreover, the documents and information referred to shall be stored in such a way as to enable the recovery of specific monetary transactions or transactions, and to provide the information contained therein, if necessary, to the FCIS or other competent authorities.
XV. INFORMATION PROTECTION AND RESPONSIBILITY
95. Employees of the Company are prohibited from communicating to the Customer or other persons or by other means to let them understand that information about the Customer's monetary transactions or transactions concluded, or the investigation conducted in relation to them, is submitted to the FCIS or to another supervisory authority. This paragraph of the Rules does not prohibit for the Company to:
95.1. exchange information between financial institutions registered in the territory of the Member States of the European Union as well as those registered in the territory of third countries which are subject to requirements equivalent to those laid down in the Law if these entities belong to the same group of companies;
95.2. exchange information between auditors, accounting or tax advisory services, notaries, notaries representatives and the persons who has the right to perform notarial acts and lawyers and lawyer assistants registered in the territory of the Member States of the European Union and also registered in the territory of third countries subject to requirements equivalent to the requirements set out in the Law if these entities carry out their professional activities as one legal person or as several persons having joint owners and management or as several persons whose activities are subject to general control;
95.3. exchange information between financial institutions, auditors, accounting or tax advisory services, notaries, notaries representatives and the persons who has the right to perform notarial acts and lawyers and lawyer assistants in cases involving the same Customer and the same transaction involving two or more of the entities referred to in this paragraph if they are registered in the territory of a Member State of the European Union or in the territory of a third country subject to requirements equivalent to those laid down in the Law and if they belong to the same category of profession and have an equivalent level of professional secrecy and personal data protection.
96. In the cases indicated in paragraph 90 of these Rules:
96.1. the exchange of information is permitted only to prevent money laundering and / or terrorist financing;
96.2. exceptions to the transmission of the information provided are not valid if a separate decision of the European Commission has been adopted;
96.3. when exchanging information with entities registered in third countries and providing personal data to these entities, the provision of personal data must comply with the requirements of the laws protecting personal data.
97. The Company or its employees are not liable for the breach of contractual obligations or damage to the Customer if this is due to a monetary operation or a suspension of a transaction.
98. Employees of the Company who are willing to notify the FCIS of suspicious monetary transactions or transactions executed by the Customer shall not be held liable.
XVI. RESPONSIBILITIES
99. The Responsible Employee who carries out the prevention measures specified in the Rules is appointed by the CEO. In cases where a Responsible Employee is unable to perform its tasks, the CEO is considered to be the Responsible Employee.
100. The Responsible Employee of the Company oversees the evaluation, guidance, and reporting of risks related to money laundering and terrorist financing and is responsible for:
100.1. managing registries;
100.2. risk assessment and management;
100.3. suspension of suspicious transactions or monetary transactions;
100.4. familiarisation of the Company’s employees with these Rules;
100.5. organisation of periodic training on money laundering and/or terrorist financing prevention for the Company’s employees;
100.6. the implementation of measures to prevent money laundering and terrorist financing; and
100.7. support of communication with FCIS;
100.8. annual reports to the CEO, as indicated in the paragraph 102 of the Rules;
100.9. proper performance of other functions assigned to the Responsible Employee in these Rules and other internal documents of the Company.
100.10.
101. When performing the functions assigned to him, the Responsible Employee has the right to familiarize himself with all the information available to the Company, necessary for the performance of the Responsible Employee's functions, including information on the identification of the Company’s customers, and their operations (transactions). The Responsible Employee must regularly seek to participate in training (courses, seminars, internships, etc.) on the prevention of money laundering and/or terrorist financing.
102. Before appointing a Responsible Employee, the CEO shall assess his competence, work experience and qualifications in the field of money laundering and terrorist financing, level and type of education, improvement of professional qualifications, nature and duration of professional activity or work experience, other factors that may affect the person’s competence. The CEO shall ensure an appropriate separation of functions of the Responsible Employee in order to avoid conflicts of interest which increase or might increase the risk of money laundering and / or terrorist financing.
103. The Responsible Employee of the Company has the opportunity to obtain all information necessary for the performance of his functions, including access to information related to identification of the Customer, his representative and beneficiary, information about the Customer's knowledge, monetary transactions and transactions, and other information.
104. Upon appointment of a Responsible Employee, the Company shall immediately, but no later than within 7 business days, inform the Financial Crime Investigation Service about the appointment of such a person.
105. The Responsible Employee of the Company shall promptly respond to requests for information from the FCIS and ensure that this information is provided within 14 business days (if the instructions in some cases specify shorter deadlines for the provision of information to the FCIS, such information must be provided within shorter time limits).
106. The Responsible Employee of the Company shall submit a written report at least once a year to the CEO of the Company about the execution of functions related to prevention of money laundering and / or terrorist financing.
107. The Responsible Employee of the Company shall familiarise himself and other employees of the Company with these Rules and with the legal acts regulating prevention of money laundering and liability for the failure to comply with measures of prevention of money laundering.
108. Other employees who find that the transaction may be suspicious, has detected signs of money laundering and / or terrorist financing shall notify the Responsible Employee of the Company who shall take the necessary steps to investigate the operation and inform the CEO and FCIS if necessary.
109. The CEO is responsible for:
109.1. getting acquainted and acquaint the Company’s employees with legal acts regulating money laundering and terrorist financing prevention and responsibility for non-implementation of money laundering and terrorist financing prevention measures;
109.2. ensuring that money laundering and terrorist financing risk management procedures are consistent with the scope and nature of the Company's operations;
109.3. assign the Responsible Employee for implementation of measures on prevention of money laundering and terrorist financing risks. The Responsible Employee shall directly report to the CEO of the Company;
109.4. reviewing of the Responsible Employee's annual reports indicated in paragraph 102 of the Rules of the ensuring their completeness, seriousness and accuracy;
109.5. ensuring that the internal control systems implemented in the Company allow, through secure channels and ensuring full confidentiality of requests, to respond promptly to the requests of the FCIS regarding the provision of information specified in these Rules, and to ensure the provision of this information within 14 working days from the receipt of the request (if the Rules or the relevant legal acts require in certain cases, shorter deadlines for submitting information to the FCIS, such information must be submitted within shorter deadlines).
XVII. ANTI-BRIBERY AND CORRUPTION PRINCIPLES OF THE COMPANY
110. The Company has a zero tolerance of bribery and corruption and the company is committed to conducting its affairs fairly, honestly and openly. The Company will not tolerate any breach of contractual provisions relating to the prevention of bribery and corruption.
111. The Company will avoid undertaking business with any entity or person who does not commit to doing business without bribery or corruption.
112. By adopting a culture in which bribery and corruption is never acceptable, the Company wishes to uphold and enhance its reputation for transacting business competitively, fairly and by doing so bolster the confidence of its stakeholders and Customers.
113. All the employees of the Company must consider any potential bribery and corruption risks inherent in their day-to-day business and adequately implement relevant procedures and controls aimed at negating such risks.
114. Any employee asked to make a bribe or payment that they consider to be a bribe and a breach of these Rules and must report the matter to the Responsible Employee or the CEO immediately. No employee will suffer any form of adverse consequence of making such an escalation.
XVIII. TRAINING AND AWARENESS
115. All employees of the Company shall be duly informed about the money laundering and terrorist financing risks to which the Company is or could be exposed, taking into account the broader national and international environment in which the Company operates, and about the reasons why it is necessary to reduce such risks. Therefore, the Responsible Employee is responsible for employees training in order to keep staff informed of the existing and/or potential risks, including money laundering and terrorist financing methods, trends and typologies, as well as of the risk-based approach implemented by the Company to prevent, reduce and manage these risks.
116. The Responsible Employee shall ensure that the internal reporting procedures adopted by the Company are brought to the attention of all staff, including the members of the management bodies, any temporary or seconded employees as well as officers and employees of any service provider to whom the Company has outsourced one or more functions (if any kind of functions are outsourced).
117. The training program provided by the Responsible Employee shall include appropriate training workshops or seminars taking into account the tasks performed by the persons concerned and their exposure to money laundering and terrorist financing risks.
XIX. FINAL PROVISIONS
118. These Rules may be amended, supplemented or revoked by decision of the CEO of the Company.
119. These Rules shall be reviewed periodically (at least once a year) or upon any substantial events related to the operation of the Company or changes to applicable laws, and shall be amended accordingly to ensure proper implementation of the money laundering and terrorist financing prevention measures, its effectiveness and relevancy. The Responsible Employee is responsible for the timely revision of the Rules and the preparation and submission of draft amendments to the CEO.
120. The Company conducts special training for the employees of the Company on issues related to the prevention of money and terrorist financing, as well as the proper implementation of these Rules.
121. All employees of the Company shall be familiarized with these Rules by signing it.
ANNEXES:
1. Risk Assessment Procedure;
2. Individual customer money laundering and terrorist financing risk assessment processes and factors.
Annex No. 1
RISK ASSESSMENT PROCEDURE
This Risk Assessment Procedure (hereinafter – the Procedure) describes the assessment of risk the Company is being exposed to Money Laundering (hereinafter - ML) and / or Terrorism Financing (hereinafter – TF).
ML/TF risks may occur at different stages taking place one after another or all at the same time: (i) illegal funds are introduced into financial system (placement); (ii) layers of transactions are created to hide the origin of the funds (layering); and (iii) a legitimate purpose is created for the criminal proceeds (integration).
Procedure for conducting an anti-money laundering (hereinafter - AML) and counter terrorism financing (hereinafter - CTF) risk assessment
The Company analyses the risks of ML and TF in context with the most important aspects of the business and the workflows of the Company.
The aim of such analysis is to highlight the factors affecting this risk and to analyse in which stage (placement, layering or integration) the Company is most vulnerable.
The Company’s methodology for conducting an AML and CTF risk assessment consists of the following steps:
(a) Analysis of the regulatory acts related to AML/CTF. The review focuses on recent regulatory enforcements for non-compliance with AML and CTF laws and regulations;
(b) Quantitative data is gathered from the Company’s business systems such as portfolio data and reviewed with emphasis on changes in the portfolio;
(c) Permanent communication is conducted between employees of the Company with the aim to identify procedural issues or concerns related to AML/CTF as well as to gather insight as input data for the analysis. Moreover, identification of new products or significant changes in processes and procedures are gathered through intense communication with project managers responsible for any recent relevant projects affecting key processes.
(d) Current AML/CTF risk assessment is updated based on gathered information. The risk assessment is updated within, at least, the following areas:
(i) Geography
(ii) Products
(iii) Customers
(iv) Distribution channels
Such areas of risk factors are elaborated below.
1. RISK FACTORS REGARDING THE GEOGRAPHY
1.1. When analysing the risk of ML and TF from a geographical perspective the following factors areas considered:
1.1.1. Negative risk impact factors:
1.1.1.1. If a country is subject of EU sanctions;
1.1.1.2. The country is one of the countries on the list of high risk and other monitored jurisdictions published by and the Financial Action Task Force (http://www.fatf-gafi.org/countries/)
1.1.1.3. The country on the list of third countries with strategic deficiencies in their anti-money laundering and counter-terrorist financing frameworks published by the European Commission
1.1.1.4. Has a weak or non-existent AML/CTF legislation;
1.1.1.5. Has a high Corruption Perception Index.
1.1.2. Positive risk impact factors:
1.1.2.1. Is a member of the European Union or the European Economic Area;
1.2. The Company intends to enter into Business relationships only with the Customers who are residing and having citizenship / are registered in the EU Member State. Thus, the negative factors mentioned in paragraph 1.1.1 will be evaluated upon analysis of (i) the country in which the Beneficial Owners of the Customer reside and / or have citizenships, (ii) the countries that are Customer’s or its Beneficial Owners’ main place of business, (iii) the countries to which the Customer and / or its Beneficial Owners have relevant personal or business links, or financial or legal interests.
1.3. If at least one of the negative risk impact factors described in paragraph 1.1.1 are found to be present, the geographical risk shall be considered to be too high and the Company shall not enter into a business relationship with the Customer.
1.4. If the positive risk impact factors described in paragraph 1.1.2 are found to be present, the geographical risk shall be considered to be low.
1.5. If none of the positive negative or negative risk impact factors described in paragraphs 1.1.1 or 1.1.2 are found to be present, the geographical risk shall be considered to be medium.
2. RISK FACTORS REGARDING THE PRODUCTS
2.1. The Company offers a limited range of services – crypto-to-crypto and crypto-to-fiat exchange. These products by themselves have limited functionality and are therefore considered to be of a low MT/TF risk.
2.2. The main risk associated is fraud and tax evasion. The Company will take measures to determine the source of fund that the Customer carries out an operation with.
2.3. Overall, given the characteristics of the Company’s products, the Company concludes that the Company’s products imply a low - medium risk of being used for ML/TF purposes.
2.4. Prior to offering any other product, the Company has to evaluate the risks that they pose and assign a risk category to the product. Areas that have to be assessed prior to the assignment of a risk category to a new product include, but are not limited to:
2.4.1. The level of transparency or opaqueness that the product affords,
2.4.2. The complexity of the product;
2.4.3. The value and size of the product.
3. RISK FACTORS REGARDING THE CUSTOMERS
3.1. Every new customer shall go through the KYC process according to the Rules. Their risk profile is classified as low, medium or high risk for ML/TF based on criteria set out in the Rules.
3.2. Customer negative risk factors which are considered to increase Customer risk are the following:
3.2.1. When Customers legal entities not having legal personality are personal asset-holding vehicles;
3.2.2. When Customer legal entity has nominee shareholders acting for another person, or shares in bearer form;
3.2.3. When Customer legal entity’s business is cash-intensive;
3.2.4. When a customer operates in a sector that is associated with a higher ML/TF risk such as casinos or dealers in precious metals;
3.2.5. When the ownership structure of the Customer legal entity appears unusual or excessively complex given the nature of the legal person’s business;
3.2.6. The Customer requests transactions that are complex, unusually or unexpectedly large or have an unusual or unexpected pattern without an apparent economic or lawful purpose or a sound commercial rationale;
3.3. The positive factors which are considered to reduce Customer risk are the following:
3.3.1. The Customer that is a legal entity has a clear ownership structure and easily identifiable beneficial owners;
3.3.2. The Customer is a legal person subject to enforceable disclosure requirements that ensure reliable information about the customer and their beneficial owners is publicly available
3.3.3. The Customer is a natural person;
3.3.4. The Customer has been in a long standing business relationship with the Company of no less than 3 years.
3.4. If one or more of the negative risk factors described in paragraph 3.2 are found to be present, the Customer risk shall be considered to be high.
3.5. If none of the negative risk factors described in paragraph 3.2 are found to be present and at least one or more of the negative risk factors 3.2 are found to be present, the Customer risk shall be considered to be low.
3.6. If none of the factors identified in paragraphs 3.2 or 3.2 are found to be present, the Customer risk is considered to be medium.
4. RISK FACTORS REGARDING THE DISTRIBUTION CHANNELS
4.1. All / most of the Company’s distribution channels shall be the Company-owned.
4.2. For the performance of KYC duties, the Company may rely on third-service provider. The customer identity is always verified by electronic means. Therefore, the Company’s main risk lies in non-compliance from agents about the performance of know-your-customer duties. These duties must be regulated in the written agreements with the agents. Furthermore, the process must be followed closely, and the agents should be informed and possibly also trained by the Company in these matters if the process is not being followed.
4.3. As the Company plans to employ identification methods where the Customer is physically present as well as reliable non-face-to-face identification, in this case the distribution channels shall risk shall be considered to be low where the Customer identification is conducted with the Customer being physically present. In cases the Customer’s identity is verified by electronic means, a medium distribution channel risk shall be considered to exist.
5. MEASURES EMPLOYED
5.1. A Customer is considered be a high risk Customer if a high risk is determined to exist in relation to any of the risk categories outlined in sections 1 – 4 of the Procedure. Accordingly, such Customers shall be grouped in the overall high risk category and the Company shall apply an enhanced customer due diligence procedure.
5.2. A Customer is considered to be a low risk Customer if high risk is not determined to exist in relation to any of the risk categories outlined in sections 1 – 4 of the Procedure and if at least 3 low risk factors are determined to exist in relation to the risk categories sections 1 – 4 of the Procedure. Accordingly, such Customers shall be grouped in the overall low risk category.
5.3. The Company shall conduct a ML/TF risk assessment of the Company periodically, but in all cases at least once a year and prior to the introduction of any new product. When conducting a ML/TF risk assessment the Company shall produce a matrix outlining the different categories of risk of each of its customers and review and if necessary update the Rules and the Risk Assessment Procedure.
5.4. If the Company identifies that a risk that has not been identified or is atypical to the current risk assessment exist, the Company shall apply an enhanced customer due diligence procedure.
6. OVERALL ML/TF RISK
6.1. The Company estimates that overall the Company faces a medium vulnerability of being used for ML and TF purposes. However there are risk areas that deserve a more thorough assessment and room to improve the monitoring and mitigation of risks.
6.2. To secure an improved risk management, the Company shall take the following actions:
6.2.1. Securing sufficient Customer knowledge at the point of first contact with new Customers.
6.2.2. Enhancing awareness and knowledge among staff through renewed training and information sessions by implementing an E-learning solution.
6.2.3. Periodically reviewing and updating the Procedure.
Annex No. 2
INDIVIDUAL CUSTOMER MONEY LAUNDERING AND TERRORIST FINANCING RISK ASSESSMENT PROCESSES AND FACTORS
1. When the Customer is being identified in the cases disclosed in paragraph 9 of the Rules, the Company assign such Customer the appropriate risk classification of money laundering and terrorist financing (hereinafter – ML/TF).
2. The Company analyses and determines the ML/TF risk posed by the Customers, taking into account the factors disclosed in the paragraph 47 of the Rules.
3. The following Customer risk classification is used by the Company:
1.1. Low ML/TF risk (≤20 risk scoring points);
1.2. Medium ML/TF risk (21 to 50 risk scoring points);
1.3. High ML/TF risk (51 to 99 risk scoring points);
1.4. Unacceptable ML/TF risk (≥100 risk scoring points).
4. With the approval of the Company’s CEO to start a business relationship with the Customer with the Unacceptable risk, Enhanced Customer Due Diligence is performed in accordance with the procedure set forth in this Section IX of the Rules.
5. The detailed criteria for assessing the individual ML/TF risk of the Customers and the corresponding scores assigned to the Client are disclosed below:
No. |
Description of the criteria |
Risk scoring points |
Client risk factors |
||
1. |
The Customer (or his representative or the Beneficial Owner) is considered to be a PEP |
50 |
2. |
The Customer (or his representative or the Beneficial Owner) is holding other known positions or has a high reputation in the public who could lead to abuse of position for personal gain (for example, being a civil servant influencing public procurement, a decision-making member or a senior sports organization, influencing the government or other decision-making bodies) |
21 |
3. |
International financial sanctions or other restrictive measures are imposed on the Customer |
100 |
4. |
The Customer is or has previously been convicted/accused/suspected of terrorism or terrorist financing |
100 |
5. |
Sanctions related to non-compliance or improper enforcement of ML/TF prevention requirements have been imposed on the client during the last five years |
51 |
6. |
The Customer was convicted, or a pre-trial investigation was initiated for criminal offenses that may pose a risk to the ML/TF (financial, proprietary offences, etc.) |
51 |
7. |
The Customer avoids providing the necessary information, tends to be anonymous, is unable or unwilling to answer questions about his/her (planned) activities, their nature, behaves nervously |
100 |
8. |
The Customer provides explanations, data or documents that cast doubt on their authenticity |
51 |
9. |
The Customer is engaged in at least one of the following activities:
|
100 |
10. |
The Customer is engaged in at least one of the following activities:
|
51 |
11. |
The Customer is under 20 years of age or is unemployed or not engaged in any commercial activity (for example, according to an individual activity certificate) |
21 |
12. |
When implementing ML/TF prevention measures, the Company discovers negative news (any publicly available information news that potentially indicates a higher ML/TF risk) about the Customer (its representative/director/Beneficial Owner) |
30 |
Geographical risk factors |
||
1. |
The Customer does not reside in EU or EEA Member State |
100 |
2. |
The Customer resides in EU or EEA Member State but is a national of the country where the FATF has identified significant deficiencies in ML/TF prevention |
100 |
3. |
The Customer resides in EU or EEA Member State but is a national the country where the EC has identified significant deficiencies in ML/TF prevention |
100 |
4. |
The Customer resides in EU or EEA Member State but is a national of the country that is the target territory (offshore jurisdiction) |
100 |
5. |
The Customer resides in EU or EEA Member State but is a national of the country subject to sanctions, embargoes or similar measures issued by the EU or the United Nations |
100 |
6. |
The Customer resides in EU or EEA Member State but is a national of the country which is a non-EU and non-EEA Member State |
51 |
7. |
The Customer is a citizen of EU or EEA Member State residing in EU or EEA Member State |
1 |
Product, services and transactions risk factors |
||
1. |
The client requests atypical, complex transactions or transactions for atypically large amounts or when the intended transaction does not have a clear economic or commercial benefit |
51 |
2. |
The client transfers more funds than required to provide the service and asks for a refund of the overpayment |
15 |
Vilnius – Lithuania, 25/08/2023
VENICE SWAP UAB