AML Policy

ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM

 

INTRODUCTION

The purpose of these Guidelines for Anti-Money Laundering (AML), Combating Terrorist Financing (CFT) and Sanctions measures is to ensure that: INTERNETCASHBANX Ltd (Company) has internal guidelines to prevent the use of its business for Money Laundering and Terrorist Financing and internal guidelines for implementation of international sanctions.
These Guidelines have been adopted to ensure that the Company complies with the rules and regulations set out in the Measures against Money Laundering Act (the “MAMLA”) and the Combating Terrorism Financing Measures Act (CTF Act), DIRECTIVE (EU) 2015/849 and Directive (EU) 2018/843 and other applicable legislation.
These Guidelines are subject to a review by the Management Board at least annually. Proposal for a review and the review of these Guidelines may be scheduled more frequently by the decision of the Company’s Money Laundering Reporting Officer (MLRO).
These Guidelines shall be accepted and approved by the resolution of the Company’s Management Board.
DEFINITIONS
Beneficial Owner means a natural person who, taking advantage of their influence, makes a transaction, act, action, operation or step or exercises control in another manner over a transaction, act, action, operation or step or over another person and in whose interests or for whose benefit or on whose account a transaction or act, action, operation or step is made. In the case of a legal entity, the Beneficial Owner is a natural person whose direct or indirect holding, or the sum of all direct and indirect holdings in the legal person, exceeds 25 percent, including holdings in the form of shares or other forms of bearer.
Business relationship shall mean a business, professional or commercial relationship between a customer and financial institutions or other obliged entities which are connected with their professional activities and which is expected, at the time when the contact is established, to have an element of duration.
Company means legal entity with following data:
  • company name: INTERNETCASHBANX Ltd;
  • registration country: Bulgaria;
  • registration number: 207324804; 
  • address: Burgas, Chataldzha str., 20, Bulgaria, 8002;
  • email: payment@internetcashbanx.com.
Custodian Virtual Currency Wallet means Virtual Currency Address(es) generated with the public key for storing and managing Virtual Currencies entrusted to the Company but remaining their property.
Customer means a natural person or a legal entity which has the Business Relationship with the Company or a natural person or legal entity with which the Company enters into the Occasional Transaction.
Employee means the Company´s employee and any other person who is involved in application of these Guidelines in the Company.
Guidelines – this document including all annexes as provided above. The Guidelines include inter alia the Company’s internal control procedure regarding the Guidelines and the Company’s risk assessment policy regarding risk-based approach for ML/TF risks.
Management Board means management board of the Company. If the Company has no management board – the manager of the Company shall be considered as the Management Board member and he or she shall be responsible for the Management Board duties in the context of the Guidelines.
MLRO means Money Laundering Reporting Officer, who is appointed to the Company as a person responsible for receiving internal disclosures and making reports to the SANS and other duties as described above. 
Monetary Operation means any payment, transfer or receipt of money. 
Money Laundering (ML) means the concealment of the origins of illicit funds through their introduction into the legal economic system and transactions that appear to be legitimate. There are three recognized stages in the Money Laundering process:
  • placement, which involves placing the proceeds of crime into the financial system;
  • layering, which involves converting the proceeds of crime into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds;
  • integration, which involves placing the laundered proceeds back into the economy to create the perception of legitimacy.
Occasional Transaction means the transaction performed by the Company in the course of economic or professional activities for the purpose of provision of a service or sale of goods or distribution thereof in another manner to the Customer outside the course of an established Business Relationship.
PEP means a natural person who performs or has performed prominent public functions and with regard to whom related risks remain.
Sanctions mean an essential tool of foreign policy aimed at supporting the maintenance or restoration of peace, international security, democracy and the rule of law, following human rights and international law or achieving other objectives of the United Nations Charter or the common foreign and security Policy of the European Union. Sanctions include:
  • international Sanctions which are imposed with regard to a state, territory, territorial unit, regime, organization, association, group or person by a resolution of the United Nations Security Council, a decision of the Council of the European Union or any other legislation imposing obligations on Bulgaria;
  • sanctions of the Minister of Foreign Affairs, the Minister of Interior, the Chairperson of the State Agency for National Security or the Prosecutor General, the Council of Ministers which are authorised to adopt, supplement and modify the list of persons to be covered by the LMFT (Law on Measures against Financing of Terrorism) measures.
International Sanctions may ban the entry of a subject of an international Sanction in the state, restrict international trade and international transactions, and impose other prohibitions or obligations.
The subject of Sanctions is any natural or legal person, entity, or body, designated in the legal act imposing or implementing Sanctions, with regard to which the Sanctions apply.
Terrorist Financing (TF) means the financing and supporting of an act of terrorism and commissioning thereof as well as the financing and supporting of travel for the purpose of terrorism in the meaning of applicable legislation.
Equivalent Third Country  – a country, which is not a Member State of European Economic Area but applying an equivalent regime to the EU corresponding (AML) framework.
Virtual Currency means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes Money Laundering Act (the “MAMLA”) and the Combating Terrorism Financing Measures Act (CTF Act); Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive; Article 1(18) of Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.
Virtual Currency Address means address/account generated from letters, numbers and/or symbols in the blockchain, by which the blockchain allocates the Virtual Currency to the owner or recipient.
SANS - Bulgarian State Agency for National Security
 

AML/CTF REGULATION

The Company is guided by the following regulations in the development of these Guidelines and in the implementation of its activities:
International Convention for the Suppression of Terrorist Bombings – Adopted by the United Nations General Assembly on December 15, 1997.
United Nations Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances – Held in Vienna on December 20, 1988.
United Nations Convention against Transnational Organized Crime – Adopted by the United Nations General Assembly resolution 55/25 on November 15, 2000.
The Basel Declaration – Approved on December 28, 1988, by the Basel Committee on Banking Regulation and Supervision.
Financial Action Task Force (FATF) 40 Recommendations – Established in a report by FATF on February 6, 1990, in Paris. These recommendations, last updated in February 2023, focus on preventing money laundering and countering terrorist financing.
Commission Delegated Regulation (EU) 2016/1675 – July 14, 2016, supplementing Directive (EU) 2015/849 of the European Parliament and of the Council. It identifies high-risk third countries with strategic deficiencies.
Fourth Anti-Money Laundering Directive (Directive 2015/849/EU) – Enacted on May 20, 2015, aimed at preventing the use of the financial system for money laundering or terrorist financing. It amends Regulation (EU) No 648/2012 of the European Parliament and of the Council and repeals Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJEU 5 June 2015, No. L 141/73).
Fifth Anti-Money Laundering Directive (Directive 2018/843/EU) – Enacted on May 30, 2018, amending Directive (EU) 2015/849 on the prevention of the use of the financial system for money laundering or terrorist financing, and Directives 2009/138/EC and 2013/36
Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937
As well as a number of other international legal acts and acts of national legislation.
 

CUSTOMER DUE DILIGENCE MEASURES

Customer due diligence (CDD) measures are required for verifying the identity of a new or existing Customer as a well-performing risk-based ongoing monitoring of the Business Relationship with the Customer. The CDD measures consist of 2 levels, including standard and enhanced due diligence measures, as specified below.

Main Principles

The CDD measures are taken and performed to the extent necessary considering the Customer’s risk profile and other circumstances in the following cases:
  • upon establishment of the Business Relationship and during the ongoing monitoring of the Business Relationship;
  • upon executing or mediating of Occasional Transaction(s) outside the Business Relationship;
  • upon verification of information gathered while applying due diligence measures or in the case of doubts as to the sufficiency or truthfulness of the documents or data gathered earlier while updating the relevant data;
  • upon suspicion of Money Laundering or Terrorist Financing, regardless of any derogations, exceptions or limits provided for in these Guidelines and applicable legislation.
The Company does not establish or maintain the Business Relationship and does not perform the transaction if:
  • the Company is not able to take and perform any of required CDD measures;
  • the Company has any suspicions that the Company’s services or transaction will be used for Money Laundering or Terrorist Financing;
  • the risk level of the Customer or of the transaction does not comply with the Company’s risk appetite.
In the case of receiving information in foreign languages within the framework of CDD implementation, the Company may request to demand translation of the documents to another language applicable for the Company. The use of translations should be avoided in situations where the original documents are prepared in a language appliable for the Company.
Achieving CDD is a process that starts with the implementation of CDD measures. When that process is complete, the Customer is assigned documented individual risk level which shall form the basis for follow-up measures, and which is followed up and updated when necessary.
The Company has applied CDD measures adequately if the Company has the inner conviction that they have complied with the obligation to apply due diligence measures. The principle of reasonability is observed in the consideration of inner conviction. 
This means that the Company must, upon the application of CDD measures, acquire the knowledge, understanding and assertation that they have collected enough information about the Customer, the Customer’s activities, the purpose of the Business Relationship and of the transactions carried out within the scope of the Business Relationship, the origin of the funds, etc., so that they understand the Customer and the Customer’s (business) activities, thereby taking into account the Customer’s risk level, the risk associated with the Business Relationship and the nature of such relationship. Such a level of assertation must make it possible to identify complicated, high-value and unusual transactions and transaction patterns that have no reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features of the business in question.

The Services Provided

The Company’s main economic activity is the provision of exchange services. For this reason, the Company offers to their Customers the following transaction types:
·      providing virtual currency exchange service, which allows the Customer to exchange, virtual currency to another one;
·      providing exchange service, which allows the Customer to exchange, virtual currency to fiat currency; and
·      providing exchange service, which allows the Customer to exchange, fiat currency to virtual currency.
The Company provides the aforementioned services including but not limited to virtual currencies: BTC; USDT (ERC20); USDT (TRC20); TRX; ETH; DOGE; LTC.

The Verification of Information used for the Customer’s Identification

Verification of the information for the Customer’s identification means using data from a reliable and independent source to confirm that the data is true and correct, also confirming, if necessary, that the data directly related to the Customer is true and correct. This, inter alia, means that the purpose of verification of information is to obtain reassurance that the Customer, who wants to establish the Business Relationship is the person they claim to be.
The reliable and independent source (must exist cumulatively) is verification of the information obtained in the course of identification:
  • which originates from two different sources;
  • which has been issued by (identity documents) or received from a third party or a place that has no interest in or connections with the Customer or the Company, i.e. that is neutral (e.g. information obtained from the Internet is not such information, as it often originates from the Customer themselves or its reliability and independence cannot be verified);
  • the reliability and independence of which can be determined without objective obstacles and reliability and independence are also understandable to a third party not involved in the Business Relationship; and
  • the data included in which or obtained via which are up to date and relevant and the Company can obtain reassurance about this (and reassurance can in certain cases also be obtained on the basis of the two previous clauses).

Application of Standard Due Diligence Measures (level 1)

Standard due diligence (SDD) measures are applied to all Customers where CDD measures must be applied in accordance with the Guidelines.
SDD measures must be carried out for each Customer on a mandatory basis, regardless of the amount of the transaction. In circumstances where enhanced due diligence measures are required (as described below), EDD will be conducted in addition to SDD.
Where, in the course of performing ongoing monitoring of the Customer’s Business Relationships, it is established that the risk of ML and/or TF is no longer low, the Company must apply the relevant level of CDD measures.
When applying SDD measures, the Company must obtain the following data of the Customer who is a natural person:
  • Name and surname;
  • Date of birth;
  • Email;
  • Country of nationality;
  • Taxpayer Identification Number;
  • Address of residence;
  • Type of identity document;
  • Number of identity document, date of issue and expirty;
  • Photo of the identity document;
  • Selfies with the relevant document;
  • Document proving the address of residence of the Customer (utility bill, home telephone bill, internet bill, property rental agreement, fines and court documents, bank statement);
  • Document confirming the source of funds and source of wealth (the list of acceptable documents is listed below).
Standard due diligence measures are mandatory for legal person verification entities regardless of the amount of the transaction for which the Company must obtain the following data of the Customer:
  • Name of the director or authorised person;
  • Name;
  • Registration number;
  • Country of incorporation;
  • Legal address;
  • Email;
  • Company website.
The Customer is also required to upload to the system:
  • Certificate of incorporation (or registry card of the relevant register or document equivalent with an aforementioned documents or relevant documents of establishment of the Customer);
  • License of the legal entity (if applicable);
  • Document proving the identity of the authorised representative (s), director (s), shareholder (s) and UBO (s) of the Company;
  • Selfies with the relevant document
  • Document proving the address of residence of the authorised representative (s), director (s), shareholder(s) and UBO (s) of the Company
  • Document confirming the relationship (authorisation) of the company's representative with the legal person;
  • Document confirming the source of funds and source of wealth of the legal entity (the list of acceptable documents is listed below);
  • Document confirming the actual address of the legal entity.
The following standard due diligence measures should be applied:
  • identification of the Customer and verification of the submitted information based on information obtained from a reliable and independent source;
  • identification and verification of a representative of the Customer and their right of representation;
  • identification of the Beneficial Owner and, for the purpose of verifying their identity, taking measures to the extent that allows the Company to make certain that it knows who the Beneficial Owner is, and understands the ownership and control structure of the Customer;
  • understanding of Business Relationship, transaction or operation and, where relevant, gathering information thereon;
  • gathering information on whether the Customer is PEP, their family member or a person known to be close associate;
  • monitoring of the Business Relationship.
The CDD measures specified above must be applied before establishing the Business Relationship or performing transaction. The exact instruction for application standard due diligence measures is provided in the Guidelines.

Application of Enhanced Due Diligence Measures (level 2)

In addition to standard due diligence measures, the Company applies enhanced due diligence (EDD) measures in order to manage and mitigate an established risk of Money Laundering and Terrorist Financing in the case where the risk is established to be higher than usual.
The Company always applies EDD measures, when:
  • the Customer’s risk profile indicates high risk level of ML / TF;
  • a single transaction of natural person or several transactions in an amount equal to or exceeding EUR 15,000 (transactions may be carried out in any currency, the equivalent amount of which is equal to or exceeds EUR 15,000);
  • upon identification of the Customer or verification of submitted information, there are doubts as to the truthfulness of the submitted data, authenticity of the documents or identification of the Beneficial Owner;
  • the Customer is from such country or territory or their place of residence or seat or the seat of the payment service provider of the payee is in a country or territory that, according to credible sources such as mutual evaluations, reports or published follow-up reports, has not established effective AML/CFT systems that are in accordance with the recommendations of the FATF.
Prior to applying EDD measures, the Company’s Employee ensures that the Business Relationship or transaction has a high risk and that a high-risk rate can be attributed to such Business Relationship or transaction. Above all, the Employee assesses prior to applying the EDD measures whether the features described above are present and applies them as independent grounds (that is, each of the factors identified allows application of EDD measures with respect to the Customer).
When applying EDD measures where a single transaction of natural person or several transactions in an amount equal to or exceeding EUR 15,000, the Company must apply the following measures:
  • obtaining information on the source of funds and source of wealth of the Customer;
  • perform ongoing monitoring of the Business Relationship with the Customer by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;
When applying EDD measures where the Customer is from such country or territory or their place of residence or seat or the seat of the payment service provider of the payee is in a country or territory that, according to credible sources such as mutual evaluations, reports or published follow-up reports, has not established effective AML/CFT systems that are in accordance with the recommendations of the FATF, the Company must apply the following measures:
  • obtaining the approval of the Management Board member for establishing Business Relationships with the Customer or continuing Business Relationships with them;
  • obtaining information on the source of funds and source of wealth of the Customer and their Beneficial Owner;
  • perform ongoing monitoring of the Business Relationship with the Customer by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.
In any other cases when EDD measures must be applied, the amount of EDD measures and the scope shall be determined by the Employee, who is applying such measures. The following additional and relevant due diligence measures may be followed:
  • verification of information additionally submitted upon identification of the Customer based on additional documents, data or information originating from a credible and independent source;
  • gathering additional information on the purpose and nature of the Business Relationship or transaction and verifying the submitted information based on additional documents, data or information that originates from a reliable and independent source;
  • gathering additional information and documents regarding the actual execution of transactions made in the Business Relationship in order to rule out the ostensibility of the transactions;
  • gathering additional information and documents for the purpose of identifying the source and origin of the funds used in a transaction made in the Business Relationship in order to rule out the ostensibility of the transactions;
  • the making of the first payment related to a transaction via an account that has been opened in the name of the Customer participating in the transaction in a credit institution registered or having its place of business in a contracting state of the European Economic Area or in a country where requirements equal to those of Directive (EU) 2018/843 of the European Parliament and of the Council are in force;
  • gathering additional information about the Customer and its Beneficial Owner, including identification of all owners of the Customer, incl. those whose shareholding is below 25%;
  • gathering information on the origin of the funds and wealth of the Customer and its Beneficial Owner;
  • improving the monitoring of the Business Relationship by increasing the number and frequency of the applied control measures and by choosing transaction indicators or transaction patterns that are additionally verified;
  • obtaining the approval of the Management Board member for performing transactions or establishing business relationship with new and existing Customers.
In the case of application of EDD measures, the Company reassesses the Customer’s risk profile no later than every six months.

The identification of the Customer’s representative and their right of representation

The representative of the Customer shall be identified as the Customer, who is a natural person in accordance with these Guidelines. The Company must also identify and verify the nature and scope of the right of representation of the Customer. The name, date of issue and name of issuer of the document that serves as a basis for the right of representation must be ascertained and retained, except in case, when the right of representation was verified using information originating from the relevant register.
The Company must observe the conditions of the right of representation granted to the legal entity’s representatives and provide services only within the scope of the right of representation.
In case the right of representation of the Customer (legal person) is evident from the registry extract, Articles of Association or equivalent documents evidencing the identity of the Customer (legal person), a separate document of authorisation (e.g. a Power of Attorney) should not be required.

Requirement for confirmation of source of funds and source of wealth

Source of Funds (SOF) is the origin of the money involved in a transaction. It is the specific activity or event that generates the money a customer uses to conduct a transaction.
To verify the source of funds, the Customer is required to provide one (or more) of the following documents:
Employment income: recent pay slips; employment agreement with indicated salary; latest tax declaration; bank statement displaying the payments.
Loan: details of the loan (amount, date, purpose, name, and address of lender); loan agreement; details on any security; bank statement displaying the payments.
Other income sources (e.g. pension, scholarship, cryptocurrency trading): details of income (nature, amount, date); supporting documents; bank statement displaying the payments.
Cryptocurrency trading: proof of cryptocurrency trading; crypto wallet statement.
Source of Wealth (SOW) is about understanding a customer’s overall financial status. It looks at how customers accumulated their total wealth over time, including their past earnings, investments, inheritance, and any business dealings that have contributed to their current wealth.
To verify the source of wealth, the Customer is required to provide one (or more) of the following documents:
Savings: bank statement; supporting documents indicating the origin of savings/deposits (e.g. previous employment agreement, loan agreement, etc.)
Sale of property: details of the property sold (address, date of sale, sale value, parties involved); copy of the contract of sale; title deed from the land registry; bank statement displaying the payments.
Sale of shares or other investments: copy of contract; sale value of sold shares and name of the stock exchange; statement of account from the agent; transaction receipt/confirmation; shareholder’s certificate; bank statement displaying the payments.
Dividends: dividend resolution; tax declaration; investment portfolio; bank statement displaying the payments.
Inheritance: details of the inheritance (total amount, name of the deceased, date of death, relationship to client); copy of the will; solicitors details; tax clearance documents.
Gift: details of the gift (total amount, date received, relationship to the client); certified identification documents of the donor; donor’s source of wealth; bank statement displaying the payments.
Other income sources: details of income (nature, amount, date); supporting documents; bank statement displaying the payments.
Cryptocurrency holding: proof of holding cryptocurrency; crypto wallet statement.

Requirements for documents to be submitted by the Сustomer

All documents provided by the Сustomer must be checked for compliance with the following criteria:
  • The document is valid
  • The document is provided in expanded form
  • All characters are readable
  • The corners are not cut
  • Provided all pages of the document (e.g. in case of ID card or residence permit - both sides of the document must be uploaded)
  • A document confirming the address of residence shall not be older than 3 months.
By uploading a selfie with an identity document, the Customer must ensure that the photo of the uploaded document and the document on the selfie must match; the photo is not blurred, the user's face on the photo and on the document is clearly visible and matches; all characters of the identity document on the selfie are legible; the document is fully visible on the photo, the edges are not cropped.
The Company shall regularly check and update the documents, data and information collected within the course of the implementation of CDD measures and update the Customer´s risk profile. The regularity of the checks and update must be based on the risk profile of the Customer and the checks must take place at least:
·        once semi-annually for the high-risk profile Customer;
·        once annually for the medium-risk profile Customer;
·        once every two years for the low-risk profile Customer.
The collected documents, data and information must also be checked if an event has occurred which indicates the need to update the collected documents, data and information.
 

POLITICALLY EXPOSED PERSONS (PEP'S)

A Politically Exposed Person (PEP) is a natural person who is or who has been entrusted with prominent public functions and includes the following:
  • heads of State, heads of government, ministers, and deputy or assistant ministers;
  • members of parliament or of similar legislative bodies;
  • members of the governing bodies of political parties;
  • members of supreme courts, of constitutional courts, or of other high-level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;
  • members of courts of auditors or the boards of central banks;
  • ambassadors, chargés d'affaires, and high-ranking officers in the armed forces;
  • members of the administrative, management, or supervisory bodies of State-owned enterprises;
  • directors, deputy directors, and members of the board or equivalent function of an international organization.
The functions described in the points do not extend to cover duties delegated to mid-level or junior personnel.
Politically Exposed Person's (PEP) Family members include the following:
  • the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person;
  • the children and their spouses, or persons considered to be equivalent to a spouse, of a politically exposed person;
  • the parents of a politically exposed person. 'Persons are known to be close associates' means natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations, with a politically exposed person;
  • natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person.
Politically Exposed Persons (PEPs), their Family members, and known close associates of PEPs do not fall within the risk appetite, thus the Company does not allow these types of Customer to have access to the Services.
 

MONITORING FOR SUSPICIOUS ACTIVITY AND TRANSACTIONS

The Company shall monitor the Customer’s Activity to ascertain the activities or facts that indicate criminal activities, Money Laundering or Terrorist Financing or the relation of which to Money Laundering or Terrorist Financing is probable, incl. complicated, high-value and unusual transactions and transaction patterns that do not have any reasonable or obvious economic or legitimate purpose or that are uncharacteristic of the specific features of the business in question. In the course of monitoring the Customer's activities the Company shall constantly assess the changes in the Customer’s activities and assess whether these changes may increase the risk level associated with the Customer, giving rise to the need to apply EDD measures.
In the course of the ongoing monitoring of the Suspicious Transactions, the Company applies the following measures: 
  • screening i.e., monitoring transactions in real-time;
  • monitoring i.e., analyzing transactions later.
The objective of screening is to identify suspicious and unusual transactions and transaction patterns.
The screening of the transactions is performed automatically and includes the following measures (including but not limited):
  • the scoring of Virtual Currency wallets where the Virtual Currency shall be sent in accordance with the Customer´s order;
  • the scoring of Virtual Currency wallets from which the Virtual Currency is received.
If the Customer gives request for transaction to the Virtual Currency wallet with high-risk score (e.g. wallets related to fraud, crime, etc.), the transaction shall be manually approved by the Employee, who shall assess, before the approval, the necessity to apply any additional CDD measures (e. g. applying EDD measures, asking source and origin of funds or asking additional information regarding the transaction).
When monitoring transactions the Employee shall assess transaction with a view to detect activities and transactions that:
  • deviate from what there is reason to expect based on the CDD measures performed, the services provided, the information provided by the Customer and other circumstances (e.g. Virtual Currency sending each time to new Virtual Currency wallet, volume of transactions exceeding limit);
  • without deviating according to previous clause, may be assumed to be part of a Money Laundering or Terrorist Financing;
  • may affect the Customer´s risk profile score.
In the case, where the aforementioned fact is detected, the AML Officer shall postpone any transaction of the Customer until further review and decision regarding this.
In addition to aforementioned, the Employee shall review the Company's transactions regularly (at least once per week) to ensure that there are no transactions and transaction patterns that are complicated, high-value and unusual and that have no reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features. 
The Company identifies the source and origin of the funds used in transaction(s) if necessary. The need to identify the source and origin of funds depends on the Customer’s previous activities as well as other known information. Thereby the identification of the source and origin of the funds used in transaction shall be performed in the following cases:
  • such a check is provided for in this Guideline;
  • the transactions do not correspond to the information previously known about the Customer;
  • the Company wants to or should reasonably consider it necessary to assess whether the transactions correspond to the information previously known about the Customer;
  • the Company suspects that the transactions indicate criminal activities, Money Laundering or Terrorist Financing or that the relation of transactions to Money Laundering or Terrorist Financing is probable, incl. complicated, high-value and unusual transactions and transaction patterns that do not have any reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features of the business in question.

Red Flags

The Company shall monitor the Customer’s Activity for unusual size, volume, pattern or type of transactions, taking into account risk factors and red flags that are appropriate to our business. Red flags that signal possible money laundering or terrorist financing include, but are not limited to:

Potential Red Flags in Customer Due Diligence and Interactions with Customers

·      The Customer provides the firm with unusual or suspicious identification documents that cannot be readily verified or are inconsistent with other statements or documents that the Customer has provided. Or, the Customer provides information that is inconsistent with other available information about the Customer. This indicator may apply to account openings and to interaction subsequent to account opening.
·      The Customer is reluctant or refuses to provide the firm with complete customer due diligence information as required, which may include information regarding the nature and purpose of the Customer’s business, prior financial relationships, anticipated account activity, business location and, if applicable, the entity’s officers and directors.
·      The Customer refuses to identify a legitimate source of funds or information is false, misleading or substantially incorrect.
·      The Customer is domiciled in, doing business in or regularly transacting with counterparties in a jurisdiction that is known as a bank secrecy haven, tax shelter, high-risk geographic location (e.g., known as a narcotic producing jurisdiction, known to have ineffective AML/Combating the Financing of Terrorism systems) or conflict zone, including those with an established threat of terrorism.
·      The Customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.
·      The Customer has no discernable reason for using the firm’s service or the firm’s location (e.g., the customer lacks roots to the local community or has gone out of his or her way to use the firm).
·      The Customer has been rejected or has had its relationship terminated as a customer by other financial services firms.
·      The Customer’s legal or mailing address is associated with multiple other accounts or businesses that do not appear related.
·      The Customer appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information.
·      The Customer is publicly known or known to the firm to have criminal, civil or regulatory proceedings against him or her for crime, corruption or misuse of public funds, or is known to associate with such persons. Sources for this information could include news items, the Internet or commercial database searches.
·      The Customer’s background is questionable or differs from expectations based on business activities.
·      The Customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, with no apparent business or other purpose.

Potential Red Flags in Money Movements

·      The Customer “structures” deposits or purchases of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements, and may state directly that they are trying to avoid triggering a reporting obligation or to evade taxing authorities.
·      The Customer seemingly breaks funds transfers into smaller transfers to avoid raising attention to a larger funds transfer. The smaller funds transfers do not appear to be based on payroll cycles, retirement needs, or other legitimate regular deposit and withdrawal strategies.
·      The Customer’s account shows numerous currency, money order (particularly sequentially numbered money orders) or cashier’s check transactions aggregating to significant sums without any apparent business or lawful purpose.
·      The Customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.
·      Wire transfers are made in small amounts in an apparent effort to avoid triggering identification or reporting requirements.
·      There is wire transfer activity that is unexplained, repetitive, unusually large, shows unusual patterns or has no apparent business purpose.
·      The Customer uses a personal/individual account for business purposes or vice versa.
·      There are frequent transactions involving round or whole amounts purported to involve payments for goods or services.
·      Upon request, a Customer is unable or unwilling to produce appropriate documentation to support a transaction, or documentation appears doctored or fake.
·      A dormant account suddenly becomes active without a plausible explanation (e.g., large deposits that are suddenly wired out).
·      Wire transfer activity, when viewed over a period of time, reveals suspicious or unusual patterns, which could include repetitive transactions or circuitous money movements.

Other Potential Red Flags

·      The Customer is reluctant to provide information needed to file reports to proceed with the transaction.
·      The Customer exhibits unusual concern with the firm’s compliance with government reporting requirements and the firm’s AML policies.
·      The Customer tries to persuade an employee not to file required reports or not to maintain the required records.
·      Law enforcement has issued subpoenas or freeze letters regarding a Customer or account at the securities firm.
·      The Customer makes high-value transactions not commensurate with the Customer’s known income or financial resources.
·      The stated business, occupation or financial resources of the Customer are not commensurate with the type or level of activity of the Customer.
·      The Customer does not exhibit a concern with the cost of the transaction or fees (e.g., surrender fees, or higher than necessary commissions).
Upon detection of any red flag, or other activity that may be suspicious, AML Officer shall determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing an appropriate report to SANS.

Tax evasion, Tax Fraud

Tax evasion and Tax fraud represent intentional efforts to avoid paying the full amount of taxes owed to the government. They encompass deceitful actions aimed at sidestepping tax obligations, whether entirely or partially. Tax fraud involves a purposeful intent to deceive and involves identifiable material components.
The offense of tax fraud can be constituted:
  • voluntary omission or deliberate error in declarations;
  • concealment of taxable amounts;
  • organizing insolvency to evade Tax payment; or
  • employing other tactics to hinder Tax collection.

Bribery and Corruption

Bribery and Corruption encompass actions wherein an individual improperly offers, promises, or provides an undue advantage to influence another person's conduct of their duties. This undue advantage may be in the form of monetary or non-monetary benefits and is intended to induce the recipient to perform, delay, or neglect their duties, thereby acting in a manner contrary to principles of honesty and integrity. Conversely, it constitutes a corrupt practice for an individual to accept or seek such an advantage in the context of their responsibilities.
Special attention should be directed towards individuals susceptible to engaging in corrupt practices. Notably, those leveraging their influence for personal gain perpetrate acts of money laundering when they Deposit or utilize funds received improperly or convert advantages acquired through their authoritative positions into monetary assets.
 

TRAVEL RULE MEASURES

The Travel Rule, as defined by the Financial Action Task Force (FATF) Recommendation 16, is a crucial regulatory measure aimed at combating money laundering and terrorism financing (ML/TF) within the financial industry. It imposes obligations on financial institutions engaged in virtual asset (VA) transfers, including cryptocurrency companies known as Virtual Asset Service Providers (VASPs). The Travel Rule mandates VASPs to collect and share "required and accurate originator information, and required beneficiary information" with counterparties or financial institutions during or before a transaction.
The Company implements rigorous measures to ensure compliance with the Travel Rule, including:
Data Collection:
    • When dealing with transfers under the threshold, the following information is collected: the names of both the originator and the beneficiary, along with the VA wallet address or a unique transaction reference number.
    • For transfers surpassing the threshold, additional details such as the originator's account number, physical address, national identity number, etc., are required. Similarly, the beneficiary's account details must also be provided.
Compliance Workflow:
    • Before sharing any data, due diligence of counterparties is conducted to ensure compliance. The responsibilities of the originating VASP include client identification and thorough information collection. Furthermore, they must screen for sanctions compliance and actively monitor transactions for any suspicious activities.
    • The beneficiary VASP is responsible for verifying the accuracy of received information, screening for sanctions compliance, and monitoring transactions for suspicious activities.

IMPLEMENTATION OF SANCTIONS

Upon the entry into force, amendment or termination of Sanctions, the Company shall verify whether the Customer, their Beneficial Owner or a person who is planning to have the Business Relationship or transaction with them is a subject of Sanctions. If the Company identifies a person who is a subject of Sanctions or that the transaction intended or carried out by them is in breach of Sanctions, the Company shall apply Sanctions and inform the SANS.
Procedure for identifying the subject of Sanctions and a transaction violating Sanctions
The Company shall use at least the following sources (databases) to verify the Customer´s relation to Sanctions:
  • A consolidated list of EU sanctions;
  • A consolidated list of United Nations sanctions.
  • A consolidated version of the sanctions available on the website of the Ministry of Foreign Affairs.
In addition to aforementioned sources, the Company may use any other sources by the decision of the Employee who is applying CDD measures.
To verify that the persons’ names resulting from the inquiry are the same as the persons listed in a notification containing Sanction(s), their personal data shall be used, the main characteristics of which are, for a legal entity, its name or trademark, registry code or registration date, and for a natural person, their name and personal identification or date of birth.
In order to establish the identity of the persons specified in the relevant legal act or notice being the same as those identified as a result of the inquiry from databases, the Company must analyze the names of the persons found as a result of the inquiry based on the possible effect of factors distorting personal data (e. g. transcribing foreign names, different order of words, substitution of diacritics or double letters etc.).
The Company shall perform abovementioned verification on an ongoing basis in the course of an established Business Relationship. The frequency of the ongoing verifications depends on the Customer’s risk profile:
  • once per week for the high-risk profile Customer;
  • once per month for the medium-risk profile Customer;
  • once per quarter for the low-risk profile Customer.
If the Employee has doubts that a person is a subject of Sanctions, the Employee shall immediately notify the Management Board member. In this case the Management Board member shall decide whether to ask or acquire additional data from the person or notify the SANS immediately of their suspicion.
The Company shall primarily acquire additional information on their own about the person who is in Business Relationship or is performing a transaction with them, as well as the person intending to establish the Business Relationship, perform a transaction or an act with them, preferring information from a credible and independent source. If, for some reason, such information is not available, the Company shall ask the person who is in the Business Relationship or is performing a transaction or an act with them, as well as the person intending to establish a Business Relationship, perform a transaction or an act with them, whether the information is from a credible and independent source and assess the answer.
Actions when identifying the Sanctions subject or a transaction violating Sanctions
If the Employee of the Company becomes aware that the Customer which is in Business Relationship or is performing a transaction with the Company, as well as a person intending to establish the Business Relationship or to perform a transaction with the Company, is the subject of Sanctions, the Employee shall immediately notify the Management Board member, about the identification of the subject of Sanctions, of the doubt thereof and of the measures taken.
The Management Board member shall refuse to conclude a transaction or proceeding, shall take measures provided for in the act on the imposition or implementation of the Sanctions and shall notify immediately the SANS of their doubts and of the measures taken.
When identifying the subject of the Sanctions, it is necessary to identify the measures that are taken to Sanction this person. These measures are described in the legal act implementing the Sanctions, therefore it is necessary to identify the exact sanction what is implemented against the person to ensure legal and proper application of measures.
 

REFUSAL TO THE TRANSACTION OR BUSINESS RELATIONSHIP AND THEIR TERMINATION

The Company is prohibited to establish a Business Relationship and the established Business Relationship or transaction shall be terminated (unless it is objectively impossible to do) in case when:
  • the Company suspects Money Laundering or Terrorist Financing;
  • it is impossible for the Company to apply the CDD measures, because the Customer does not submit the relevant data or refuses to submit them or the submitted data gives no grounds for reassurance that the collected data are adequate;
  • the Customer who is a natural person behind whom is another, actually benefiting person, wants to establish the Business Relationship (suspicion that a person acting as a front is used);
  • the Customer´s risk profile has become inappropriate with the Company´s risk appetite (i. e. the Customer´s risk profile level is “prohibited”)
  • the Customer a natural person or an authorised person (s), UBO (s), director (s) and/or shareholder (s) (if the Customer is a legal entity) is/are a resident of Prohibited countries (list below) or other States where these Company's services cannot be provided in accordance with national legal requirements. 
  • the Customer - legal entities, conducts business activities that are unacceptable to the Company (list below)

Prohibited business activities

  1. Gambling (including casino chip payment, gambling services, internet casino sites, Bingo) and betting services (betting).
  2. Lotteries.
  3. Prostitution, sale of Internet content of erotic and pornographic nature, intimate goods and services.
  4. Sale of counterfeit and/or falsified goods/services.
  5. Sale of precious and rare earth metals and products thereof.
  6. Sale of weapons, ammunition, military equipment, spare parts, component parts and devices for them, explosives, blasting agents, gunpowder, all types of rocket fuel, as well as special materials and special equipment for their production, special equipment for personnel of paramilitary organisations and normative and technical products for their production and operation.
  7. The sale of rocket-space systems, military communication and control systems and normative-technical documentation for their production and operation.
  8. Sale of chemical warfare agents, means of protection against them and normative-technical documentation for their production and use.
  9. Sale of uranium, other fissile materials and products from them.
  10. Sale of x-ray equipment, instruments and equipment using radioactive substances and isotopes.
  11. Sale of the results of research and development and design work, as well as fundamental exploratory research for the creation of weapons and military equipment.
  12. Sale of poisons, narcotics and psychotropic substances.
  13. Sale of waste radioactive materials.
  14. Sale of waste explosives.
  15. Sale of waste containing precious and rare-earth metals and gemstones.
  16. Sale of special and other technical means intended (developed, adapted, programmed) for surreptitious obtaining of information, normative and technical documentation for their production and use.
  17. Sale of radio electronic means (high-frequency devices, consisting of one or more radio transmitters and (or) their combinations and auxiliary equipment, designed for transmission and reception of radio waves at frequencies above 9 kHz): radio stations, radio telephones, radio navigation systems, radio identification, radio location, radio surveillance, radio interception, radio suppression, radio direction finding and cable television; auxiliary equipment designed for transmission and reception of radio waves.
  18. Sale of databases containing personal data.
  19. Sale of other goods/services, the free sale of which: is prohibited or restricted under applicable law; could have a negative effect on business reputation.

Prohibited countries

The unsupported countries or territories are Afghanistan, Albania, Angola, The Bahamas, Barbados, Belarus, Botswana, Burundi, Cambodia, Central African Republic, the Democratic Republic of Congo, Cote D'Ivoire, Crimea (Ukrainian Territory, Occupied), Cuba, Democratic People's Republic of Korea (DPRK), Donetsk region (Ukrainian Territory, Occupied), Eritrea, Gaza Strip, Ghana, Guinea Bissau, Jamaica, The Islamic Republic of Iran, Iraq, Lebanon, Liberia, Libya, Luhansk region (Ukrainian Territory, Occupied), Mali, Mauritius, Mongolia, Myanmar, Nicaragua, North Korea, Pakistan, Panama, Russian Federation, Sierra Leone, Somalia, South Sudan, Sudan, Syria, Trinidad and Tobago, Uganda, Vanuatu, Venezuela, West Bank (Palestinian Territory, Occupied), Yemen and Zimbabwe.

Prohibited Transactions

The Transaction may be carried out only with the consent of the MB if:
The Customer does not have sufficient authorizations to carry out the Transaction, or the authorizations are unclear,
The Customer’s need to carry out the Transaction has not been reasonably justified,
The management, ownership and control structure of the Customer being a legal person is unclear and/or it is structured in an unreasonably complicated way from the economic point of view, or it has changed frequently without justification,
Economic activities of a legal person or its accounting or payment practices are not transparent, the Customer may be a fictitious company or a fictitious person,
The Beneficial Owner of the Customer being legal person cannot be established,
The Customer being a legal person uses an agent or another legal person as its representative without clear authorizations (i.e. during pre-contract negotiations),
The Customer or the representative of the Customer refuses to provide information for the purposes of establishing the substance of the Transactions and assessment of the risks,
The Customer has not presented sufficient data or documents to prove legal origin of the assets and funds, after having been asked to do so,
The Customer, the Beneficial Owner of a Customer being a legal person, or another person associated with the Customer is or has been linked with organized crime, ML or TF,
The Customer, the Beneficial Owner of a Customer being a legal person, or another person associated with the Customer is or has been linked with traditional sources of income of organized crime,
International Sanctions are being applied against the Customer, the Beneficial Owner of a Customer being a legal person, or another person associated with the Customer,
The Customer has nominee shareholders or shares in bearer form.
 

REPORTING OBLIGATION

The Company must suspend the transaction disregarding the amount of the transaction (except for the cases where this is objectively impossible due to the nature of the Monetary Operation or transaction, the manner of execution thereof or other circumstances) and through its MLRO must report to the SANS on the activity or the circumstances that they identify in the course of economic activities and whereby:
  • the Company has established that the Customer is carrying out a suspicious transaction;
  • the Company knows or suspects that assets of any value are obtained directly or indirectly from criminal activity or participation in such activity;
  • the Company knows or suspects that assets are used to finance terrorism;
  • in other cases provided for by Bulgarian law and other applicable regulations.
The reports specified above must be made before the completion of the transaction if the Company suspects or knows that Money Laundering or Terrorist Financing or related crimes are being committed and if said circumstances are identified before the completion of the transaction. 
If the necessity of abovementioned report arises, the Employee to whom such necessity became known must immediately notify the Management Board and the MLRO about this.
All the reports described in this chapter shall be sent in accordance with the Company’s reporting guidelines through a secure channel ensuring full confidentiality.
The Company, a structural unit of the Company, a Management Board member, MLRO and the Employee is prohibited to inform a person, its Beneficial Owner, representative or third party about a report submitted on them to the SANS, a plan to submit such a report or the occurrence of reporting as well as about a precept made by the SANS or about the commencement of criminal proceedings.
 

TRAINING OBLIGATION

The Company ensures that its MLRO and Employee (s) have the relevant qualifications for their work tasks. When an Employee is recruited or engaged, his/her qualifications are checked as part of the recruitment/appointment process by carrying out background checks.
In accordance with the requirements applicable to the Company on ensuring the suitability of Employees, the Company makes sure that such persons receive appropriate training and information on an ongoing basis to be able to fulfil the Company’s obligations in compliance with the applicable legislation. It is ensured through training that such persons are knowledgeable within the area of AML/CFT to an appropriate extent considering the person’s tasks and function. For new Employees, the training comprises a review of the content of the applicable rules and regulations, the Company’s risk assessment policy, these Guidelines and other relevant procedures.
The training for MRLO and Employee (s) must provide, first and foremost, information on all the most contemporary money laundering and terrorist financing methods and risks arising therefrom. It refers to relevant parts of the content of the applicable rules and regulations, the Company’s risk assessment, the Company’s Guidelines and procedures and information that should facilitate such MRLO and Employee (s) detecting suspected Money Laundering and Terrorist Financing. The training is structured on the basis of the risks identified through the risk assessment policy.
This training programme should therefore include, at a minimum:
(1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties;
(2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of SANS);
(3) what employees' roles are in the firm's compliance efforts and how to perform them;
(4) the firm's record retention policy; and
(5) the disciplinary consequences (including civil and criminal penalties) for non-compliance with applicable law.
Training will occur on at least an annual basis. The content and frequency of the training is adapted to the person’s tasks and function on issues relating to AML/CFT measures. If the Guidelines is updated or amended in some way, the content and frequency of the training is adjusted appropriately.
The Company develop training in our firm, or contract for it. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures and explanatory memos.
The training held is to be documented electronically and confirmed with the signature. This documentation should include the content of the training, names of participants and date of the training.
 

COLLECTION AND STORING OF DATA, LOGBOOKS

The Company automatically or through the person (incl. Employees, Management Board members and MLRO) who firstly receives the relevant information or documents shall register and retain the following data:
  • all data collected within CDD measures implementation;
  • information about the circumstances of refusal of the establishment of the Business Relationship by the Company;
  • the circumstances of the refusal to establish Business Relationship on the initiative of the Customer if the refusal is related to the application of CDD measures by the Company;
  • information on all of the operations made to identify the person participating in the transaction or the Customer´s Beneficial Owner;
  • information if it is impossible to perform the CDD measures;
  • information on the circumstances of termination of the Business Relationship in connection with the impossibility of application of the CDD measures
  • the each transaction date or period and a description of the contents of the transaction, including the transaction amount, the currency and the account number or another identifier (incl. hash of transactions in Virtual Currency and Virtual Currency wallets related to transaction);
  • information serving as the basis for the reporting obligations specified in the Guidelines;
  • data of suspicious or unusual transactions or circumstances of which the SANS was not notified (e. g. complex or unusually large transactions, transactions conducted in an unusual pattern and transactions that do not have an apparent economic or lawful purpose, Business Relationships or Monetary Operations with customers from Third Countries where measures to prevent Money Laundering and/or Terrorist Financing are insufficient or do not meet international standards according to information officially published by international intergovernmental organizations).
The data specified above shall be retained for 5 years.
Documents and data must be retained in a manner that allows for exhaustive and immediate response to the queries made by the SANS or, pursuant to legislation, other supervisory authorities, investigation authorities or the court.
The Company implements all rules of protection of personal data upon application of the requirements arising from the applicable law. The Company is allowed to process personal data gathered upon CDD implementation only for the purpose of preventing Money Laundering and Terrorist Financing and the data must not be additionally processed in a manner that does not meet the purpose, for instance, for marketing purposes.
The Company deletes the retained data after the expiry of the time period, unless the legislation regulating the relevant field establishes a different procedure. On the basis of a precept of the competent supervisory authority, data of importance for prevention, detection or investigation of Money Laundering or Terrorist Financing may be retained for a longer period, but not for more than two years after the expiry of the first time period.
The storage of log data shall be completed and kept on an electronic medium by the Management Board member, if he/she is on a business trip, or is otherwise unavailable for other valid reasons, another Employee, as indicated in the special order of the director, setting out the scope of duties and responsibilities assigned to an individual acting as a substitute.
The Employees of the Company shall be prohibited to inform, or otherwise let know, any Customer or other individuals that information on the Monetary Operations taking place, or transactions conducted by a Customer, or resulting investigation is communicated to the SANS.
 

INTERNAL CONTROL OF EXECUTION OF THE GUIDELINES

The performance of the Guidelines shall be internally controlled by the Management Board member, the MRLO or the Employee appointed by the MRLO or the Management Board for performing relevant functions (hereinafter in this chapter – Internal Control Officer). The Internal Control Officer must have the required competency, tools, and access to the relevant information in all structural units of the Company.
The Internal Control Officer shall perform internal control functions at least in the following fields:
  • the Company´s compliance with established risk assessment policy and risk appetite;
  • CDD measures implementation;
  • implementation of Sanctions;
  • the Company´s obligation to refusal to the transaction or business relationship and their termination;
  • the Company´s reporting obligation to the SANS;
  • the Company´s training obligation regarding the AML/CFT requirements;
  • the Company´s obligation for collection and preservation of data.
The exact measures for performing internal control shall be determined by the Internal Control Officer and must correspond to the Company’s size and their nature, scope and level of complexity of the activities and services provided. The Internal Control Offices must consider at least examination fields specified above. The internal control measures shall be performed at the time determined by the Internal Control Officer with the frequency set by him or her, at least once per year, if the nature of measure does not expressly provide otherwise.
The results of internal control measures implementation (hereinafter in this chapter – the Internal Control Data) shall be saved separately from other data and retained within 3 years. Only Management Board members and Internal Control Officer may have access to the Internal Control Data. Internal Control Officer may provide access to the Internal Control Data to other Employees or third parties (e. g. advisors, auditors, etc.) only with prior consent of Management Board. The persons have access to the Internal Control Data must not disclose it to anyone without prior consent of the Management Board.
The Management Board and the MRLO shall review the internal control report provided and make resolution regarding it. The Internal Control Officer shall be notified about the essence of such resolution in format which can be reproduced in writing. For this reason, the Management Board and the MRLO is obliged to:
  • analyze the results of performed internal control;
  • implement actions to eliminate deficiencies occurred.
The Company must review and, if necessary, update internal control procedure at least annually and in the following cases:
  • following the publication by the European Commission of the results of an EU-wide money laundering and terrorist financing risk assessment (available on the European Commission’s website http://ec.europa.eu);
  • after the publication of the results of the National Money Laundering and Terrorist Financing Risk Assessment;
  • in the event of significant events or changes in the management and operations of the depository virtual currency money operator and the virtual currency exchange operator.

 

Dokumenty