Loading...

AML/KYC Policy

1.Introduction

1.1 Anti-money laundering

Moneylaundering is the process of taking criminal proceeds and disguisingtheir illegal source in anticipation of ultimately using the criminalproceeds to perform legal and illegal activities The United Nations defines money laundering as “any act to disguise thesource of money or assets derived from criminal activity. ”Essentially, money laundering is the process whereby“ dirty money”–produced through criminal activity is transformed into “cleanmoney,” the criminal origin of which is difficult to trace. Thereare three recognized stages in the money laundering process:

  • Placement involves placing the proceeds of crime in the financial system.
  • Layering involves converting the proceeds of crime into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds. This stage may involve transactions such as the buying and selling of stocks, commodities or property.
  • Integration involves placing the laundered proceeds back in the economy to create the perception of legitimacy.

1.2 Know your customer

KnowYour Customer is the process of verifying the identity of customer. The objective of KYC guidelines is to prevent financial institutionsfrom being used by criminal elements for money laundering activities.It also enables companies to understand its customers and theirfinancial dealings to serve them better and manage its risksprudently.

KYC is the means of identifying and verifying the identity of thecustomer through independent and reliantsource of documents, data or information. For the purpose ofverifying the identity of:

  • Individual customers, company will obtain the customer’s identity information, address and a recent photograph. Similar information will also have to be provided for joint holders and mandate holders.
  • Non-Individual customers – company will obtain identification data to verify the legal status of the entity, operating address, the authorized signatories and beneficial owners.

Informationis also required on the nature of employment/business that thecustomer does or expects toundertake and the purpose of opening of the account with thefinancial institution.

2. Compliance department

Company’scompliance department implements and enforces internal policies aswell as Anti Money Laundering (AML), Bank Secrecy Act (BSA)and Office of Foreign Assets Control (OFAC) compliance.

Compliancedepartment is built with the following tasks in mind:

  • Carrying out the existing verification and monitoring protocols;
  • Improving existing compliance procedures to keep up with the constantly evolving threats of financial fraud;
  • Monitoring employee and partner activity for KYC/AML compliance;
  • Providing regular and comprehensive compliance training for all members of the department;
  • Providing appropriate storage and safety of all records.

3. Internal verification and monitoring tools

Thecompany has developed a set of instruments that are used byCompliance officers to verify the identities of the users and tomonitor the transactional and trading activity on the platform.

3.1 KYC system

3.1.1 Automatic risk management

KYCsystem gathers and analyses the data provided by our users. It alsoperforms automatic checks against third-party sources. The followingis performed automatically upon each application submission:

  • Basic data check (date of birth, ID issue date, ID expiry date, proof of residence issue date);
  • Risk alerts (IP address, VPN, phone number, OFAC/PEP sanction lists, notifications from payment providers, social media, other 3rd party sources)
  • Automatic check of each new application against the exchange’s database of users and fraud cases.
3.1.2 KYC tool

KYCtool is a piece of software used to verify the identities of users.It provides a summary of the information automatically analyzed bythe KYC system and allows the CO to perform an additional manualcheck of the user’s application form.

Theaccess to the KYC system is split into 2 levels: Complianceapprentice and Compliance officer.

Apprenticeaccess level does not allow to make final decisions and is usedduring the probation period. All actions are logged and performedunder the guidance of a senior member of the team.

ComplianceOfficers perform the following checks during KYC:

  • sanction lists screening;
  • internal user database check (screening of duplicate accounts, cohabiting customers, etc.);
  • MRZ/barcode validity check;
  • Customer date of birth;
  • ID issue/expiry dates;
  • Proof of residence issue date;
  • IP location; use of VPN, proxies;
  • Document image metadata check (photoshop, creation timestamp, last edit timestamp.

Thesystem automatically screens our customers againstConsolidated OFAC sanction list upon the first submissionof a KYC application;

Manualscreenings are performed during the KYC application review by theCompliance officers:

  • UK financial sanctions;
  • EU financial sanctions;
  • Consolidated United Nations sanctions list.

Thereis no simplified due diligence process in place.

3.1.3 Enhanced due diligence

EDDis performed when a customer reaches each of the deposit volumethresholds ($500, $2000, $5000, $7000, $10 000) or when a customer’sdaily activity does not match the customer profile and thus raisessuspicion. During EDD we request a confirmation of the source offunds and reevaluate the KYC profile of the customer. Depending onthe volume of the cumulative deposit, adverse media is performed, andthe customer is rescreened against the sanctions and PEP lists.Depending on the profile of the customer, the following may berequested:

  • Confirmation of mining activity;
  • Confirmation of prior purchase of cryptocurrencies;
  • Bank statement;
  • Salary slip;
  • Copies of contracts confirming the payments for services or goods;
  • Source of wealth confirmation (ownership of real estate, confirmation of inheritance, etc.).
3.1.4 Video verification

Asa part of the Enhanced Due Diligence process, company reserves aright to conduct a live video verification session beginning with the$5000 threshold. Live video verification is a quick and solid optionto confirm a person’s identity. It greatly reduces the risk of fakephotos and documents being presented by the client due to the natureof this channel of communication.

Duringthe procedure Compliance Officer asks the client to:

  • present an ID (both sides if relevant);
  • present a proof of residence;
  • tilt/turn the documents to show that they are intact and untampered with, which also allows to check the holographic elements of the ID.

ComplianceOfficer also pays close attention to the client’s behavior andtakes note of any suspicious occurrences.

Thevideo call file is saved and securely stored as a part of theclient’s KYC profile.

3.2 AML system

TheAML system is an internal tool designed for the AML officers tomonitor and control the transactional and trading activity on theplatform. AML officers also have access to the data provided duringthe identity verification and are trained to revise a user’s KYCdata set if a user’s activity raises suspicion.

3.2.1 Automatic risk management

TheAML system automatically checks all deposit and withdrawaltransactions against a set of thresholds, designed to monitor theflow of transactions and to detect suspicious activity. A third-partytool is used to automatically display a risk score for BTC and ETHtransactions.

TheAML system also analyses each user’s day-to-day activity based on aregularly updated set of rules and algorithms. If a user’s activityis flagged by the AML system, it is then reviewed by an AML officerwho makes the final decision.

3.2.2 AML tool

TheAML tool displays the transactional activity on the exchange in realtime and allows AML officers to act on the transactions flagged formanual processing. It also provides each user’s financial summarycomposed by the AML system in case a deeper investigation isrequired.

TheAML tool also displays all users that reach certain thresholds:

  • $500
  • $2 000
  • $5 000
  • $7 000
  • $10 000
  • $15 000 and higher

AMLofficers perform an additional review of the user’s profile wheneach threshold is reached. The main objectives are to gatheradditional information about the user and further reduce the risk ofa stolen identity being used. Depending on the threshold, AML officermay perform the following:

  • KYC profile review;
  • Transaction history review;
  • PEP list search;
  • Social media search;
  • Adverse media search;
  • Google search.

AMLofficer may also request:

  • Source of funds/income confirmation;
  • AML questionnaire to be filled out by the user.

Thefinal decision is made depending on the result of this additionalinformation review. AML officer may suspend trading and/or depositoperations for a user if there are sufficient reasons for suspicion.Operations may also be suspended if a user refuses to or simply doesnot respond to additional information requests.

Theaccess to the AML system is split into 2 levels: AML apprentice andAML officer.

Apprenticeaccess level does not allow to make final decisions and is usedduring the probation period. All actions are logged and performedunder the guidance of a senior member of the team.

4. KYC Protocol

4.1 Personal verification

Thecompany has established strict KYC procedures in order to make theexchange less attractive for financial criminals.

Inorder to pass individual verification a user must provide:

  • Full name
  • Date of birth
  • Photo id issue country
  • Photo id serial number
  • Photo id issue date
  • Photo id expiry date (if available)
  • Residential address

Auser also must upload:

  • An image of a photo id (driver license, passport or a national id card)
  • An image of a proof of residence (bank statement, utility bill, tax return, or another document issued by a government or a reliable licensed entity)
  • A selfie with a photo id and a sign stating ‘company name + current date’

Allthe information is checked for correctness and consistency bothautomatically and manually. Identity verification is approved whenall provided information is in order and a CO has a sufficient reasonto believe that the actual owner of the identity documents isproviding them.

4.2 Corporate verification

Complianceofficers follow the general rules described in the company’s KYC/AML policy when onboarding legal entities.

Thefollowing steps are specific to the corporate onboarding. The processstarts with receiving a filled-out application form from a corporateclient.

4.2.1 Corporate verification flow

Complianceofficer performs the following:

  • Analyses the application form;
  • Determines the company's legal status;
  • Searches for information about the company in open sources;
  • Identifies the business model and the purpose of opening an account on the platform;
  • Identify the company's source of funds;
  • Determines the executive body (director, the board of directors, CEO);
  • Verifies the identity of the person authorized to manage the corporate account;
  • Verifies the identities of UBO(s);
  • Requests additional documents and information.

Dependingon the results of the initial document review, a Compliance officermay additionally do the following:

  • Identify the UBO(s) source of funds and/or source of wealth;
  • Review the client’s KYC/AML Compliance program.
  • Test the client's platform to check if it matches the procedures described in the client’s KYC/AML program;
  • Request and review the documents confirming the client’s commercial activity (contracts, invoices, cargo custom declarations, confirmation of mining activity, etc.).
4.2.2 Verification of the executive body

Complianceofficer requests the following documents to verify identities of UBOsand other executives:

  • A valid photo ID (passport, driver’s license, national ID card);
  • A recent (issued within 3 months) proof of residence (bank statement, utility bill, tax return);
    A compliance officer may request the following in order to confirm the source of individual funds:
  • Personal bank statement confirming the transfer
  • Confirmation of a salary, savings, investment activity;
  • Personal tax return.
4.2.3 Confirmation of the company’s source of funds

Complianceofficer requests documents from the following list to verify thesource of company’s funds:

  • Company annual financial report;
  • Company tax return;
  • Confirmation of business activity (contracts, invoices, bank statements, shipping documents);
  • Corporate account bank statements;
  • Loan agreement;
  • Bank statements confirming the transfer of funds from the lender's bank account to the company's bank account.

Ifthird-party funds will be used for deposits (legal entity’scustomers’ funds):

  • Company's KYC/AML program;
  • Compliance officer must check if the KYC/AML procedures on the client’s platform match the ones described in the KYC/AML program (CO registers an account on the client’s platform and confirms that the KYC/AML procedure is in place).
4.2.4 Reasons to reject a corporate application

Acompliance officer must reject an application if:

  • A legal entity is inactive;
  • It is not possible to identify and verify the UBO(s);
  • It is not possible to confirm the source of company funds.

5. Suspicious activity

Compliancestaff is trained to detect, investigate and resolve cases ofsuspicious user activity.

Generally,suspicious activity is detected on the stage of onboarding,post-onboarding or is based on a user’s transactional activity.

Redflags are signs of possible fraudulent activity.

Red flag Description
Transactions without an apparent purpose. Customers activity appears to have no economic or business purpose.

Example: A customer deposits fiat and then withdraws fiat to another account, without engaging in trading.
Large transactions with no sufficient confirmation of the source of funds. A user refuses to provide a confirmation of the source of funds used for the deposit.
Transfers between affiliate accounts without an apparent purpose or in a repeating similar manner. This may be a sign of layering, a process where the origin of illicitly obtained funds is concealed by a series of complex financial transactions.

Example: a customer makes a fiat deposit to their account, buys and immediately sells a cryptocurrency and then initiates fiat withdrawals to different accounts.
Transactions just below the threshold. Regular transactions or a series of transactions right below the reporting or EDD thresholds.
Transactions do not match the customer's stated purpose of account or nature of business. ustomer's activity does not match with the stated purpose of an account. This red flag mostly applies to corporate customers as they usually describe the purpose of opening an account during onboarding.

Example: a customer stated 'trading' as a purpose of an account, but only engages in deposits and withdrawals.
A substantial difference in historical or expected activity and actual user’s activity. Examples:
• The size of the transaction is not consistent with the historical or expected activity.
• The frequency of transactions is not consistent with the historical or expected activity.
• The general pattern of transactions has changed.
Seemingly unnecessary or frequent changes to payment instructions. A customer regularly changes the sources of funding.
A customer regularly changes withdrawal destinations.
Transfers to/from unrelated third parties. Example: a fiat deposit from a legal entity is sent to a natural person's account.
Money transfers to/from high-risk jurisdictions without previous history of relations with such jurisdictions. A customer starts transacting to or from foreign banks.
Accounts used as a temporary repository for funds. The customer appears to use an account as a temporary repository for funds that will be transferred out of the platform. There is little account activity.

Whileperforming identity verification KYC officers note and report casesof suspicious activity, such as:

  • A user is reluctant to provide some of the required information
  • A user provides unusual, unfamiliar or suspicious identity documents
  • A user provides data that matches the data previously provided by another user
  • A user is found in a PEP list
  • A user is found in an OFAC list

Supportstaff reports any cases when a user asks unusual questions about thecompany’s KYC/AML procedures.

AMLofficers are obliged to perform an in-depth investigation in case of:

  • Transactions without trading activity
  • Trading activity with no apparent economic value
  • Unexpected activity in regard to the user’s historical activity
  • A user is unwilling to disclose the source of funds/income
  • Transaction volume inconsistent with user’s source of funds/income
  • Transactions to/from third persons/entities

6. Suspicious activity report

Company’spersonnel are trained to report all suspicious transaction activitiesto the Compliance officer regardless of the amount. It is the job ofpersonnel to identify and report suspicious activity to theCompliance officer and to assist in filling out the SAR form.

Accordingto the SAR guidance provided by NCA, a Compliance Officer must submita SAR as soon as he ‘knows’ or ‘suspects’ that a person isengaged in money laundering or dealing in criminal property.Compliance officer is to submit the report through the NCA’selectronic SAR Online system. It is accessible through a link on theNCA website (www.nationalcrimeagency.gov.uk) or directly athttps://www.ukciu.gov.uk/saronline.aspx

SARprocedure:

  • The person reporting a suspicious transaction will describe it in as much detail as possible to the Compliance officer. The person will gather and provide to the Compliance officer copies of all supporting documentation relating to the transaction.
  • The Compliance officer will review the transaction and customer information to confirm that the file is complete and to request any additional information that might be available regarding the transaction and individual(s) involved in the transaction. The Compliance officer will make an assessment of whether it is appropriate for the business to file a SAR. The SAR will be written and edited to ensure that it is complete and well formed. The SAR will generally be filed at that point.
  • If a SAR referral is not to be filed, documentation of the reasoning for not filing the SAR will be written down and maintained; this helps protect the business in the event it is later audited and the transaction(s) questioned.

Thebusiness, including its officers, directors, employees or agents areprohibited from informing any person involved in the suspicioustransaction that a SAR is, will be, or has been filed. Theinformation of a SAR filing is confidential and specific informationshould not be disclosed or discussed with anyone except on a need toknow basis.

7. Blocked countries

  • Afghanistan
  • Barbados
  • Bosnia and Herzegovina
  • Burundi
  • Cuba
  • Ethiopia
  • Iran
  • Iraq
  • Laos
  • Lebanon
  • Libya
  • Myanmar
  • Nauru
  • North Korea
  • Pakistan
  • Palestine
  • Somalia
  • South Sudan
  • Sudan
  • Syria
  • The Central African Republic
  • The Democratic Republic of the Congo
  • Uganda
  • USA
  • Vanuatu
  • Yemen
  • Zimbabwe

8. Know your employee

Thecompany performs a check of the identity of the future employees thatis consistent with the user verification check. A background check isalso performed if required for a specific position.

Accessto the sensitive data is split into roles, all agent actions aremonitored and logged in the system. All employees are trained in thebasics of IT security and use sufficient passwords for access tocomputers and to the actual software. 2FA is a must for allaccesses.

9. Know your vendor

Thecompany performs a check of all partners to make sure that partners’KYC and AML compliance programs are in line with the company’s ownpolicies.

Wemonitor our vendors for:

  1. possible business and operational risks, by assuring
  • Continuous communication about any changes to policies, rules, terms, conditions, pricing, etc.;
  • Weekly, monthly and quarterly review of transactional activity;
  • Daily account monitoring;
  • Account reconciliation (integrity and consistency between transactions and transfers);
  • Annual assessment of overall vendor portfolio.
  1. regulatory and money laundering risks, by assuring
  • Risk assessment and scoring of each vendor;
  • Daily monitoring of vendor activity and operational quality;
  • Continuous communication about ongoing regulatory changes;
  • Quarterly and annual risk assessment of vendors.

Thecompany will also require copies of incorporation documents andperform an OFAC check of the partner company in case such a needarises. Regular monitoring of activity and risk assessment isperformed for all partner companies.

10. Training

Company’scompliance training aims to provide training on the subjects ofregulatory requirements, compliance policies and procedures.

Thetraining program makes sure that:

  • All employees who deal with KYC or AML procedures receive appropriate training
  • All employees who deal with KYC or AML procedures go through evaluation
  • Training is continuous and provides information on new developments and relevant changes in respective regulations
  • New money-laundering schemes are analyzed
  • Cases of existing money-laundering schemes getting adopted by bad actors in crypto space are analyzed
  • The training program is regularly managed and updated.

Chiefcompliance officer or a compliance supervisor performs a monthlytraining for all compliance officers to make sure that they are up todate in regard to the changes made to the internal procedures andsoftware.

Chiefcompliance officer or a compliance supervisor performs a quarterlytraining for all appropriate employees in regard to the changes ordevelopments in the KYC and AML policies and procedures. Evaluationof the knowledge of the KYC and AML policies also takes place.

Thetraining program includes:

  • Money laundering typology and methods. An overview of money laundering schemes evolvement with an emphasis on the usage of these schemes in the crypto-related space. Actual cases and examples are reviewed;
  • Suspicious activity monitoring. An overview of 'red flags' that compliance officers should pay attention to when performing all types of internal monitoring. Provides information on the actions to take in case of suspicious transaction patterns or activity encountered during the CDD and EDD procedures;
  • Know your customer. Focuses on identifying, verifying and recording new customer information. Provides information on the actions to take in case of suspicious activity during the KYC onboarding;
  • Federal legislation. Provides information on current changes and developments in the federal anti-money laundering laws and regulations.

11. Account termination

Thecompany reserves a right to block a user’s account in case ofviolation of the platform’s Terms of Use.