This policy details how Block Capital UAB (the company) will manage the risks posed by money laundering and ensure a consistent approach within the company.

The company will operate under Lithuanian Financial Crime Investigation Service’s supervision and, as such, will act following the anti-money laundering rules as defined by the authority.

The company has zero tolerance for money laundering and is committed to mitigating the risks of money laundering. The company will take the necessary preventative actions and will promptly investigate any suspicion of money laundering occurring.

The company is obligated to implement anti-money laundering (AML) requirements within its business. Every member is committed to complying with all the necessary rules to achieve the highest standards of AML and Know Your Customer (KYC) to alleviate the risk of potential facilitation of financial crimes.

For the purpose of this policy, money laundering also includes any activities relating to terrorist financing and implemented KYC measures.

2. Definitions and abbreviations

“Beneficial owner” shall mean a natural person who owns or controls the Customer (if the Customer is a legal entity or a foreign company) and/or a natural person on whose behalf a transaction or activity is carried out.

The Beneficial Owner shall mean: (A) for a legal entity:

a natural person who owns or controls, directly or indirectly, a legal entity through a sufficient share of that legal entity’s stock or voting rights, including bearer shares, other than public limited companies listed on regulated markets that are subject to requirements for disclosure of information about own business on a par with the European Union legislation or equivalent international standards, or who otherwise controls it. A natural person who holds 25% and one share or a stake of more than 25% in the Customer’s equity shall be considered the direct beneficial owner. A natural person or persons who control a company or a group of companies holding 25% and one share or a stake of more than 25% in the Customer’s equity shall be considered an indirect beneficial owner(s);

a natural person in an executive position if no person specified in Clause (a) above has been identified or if there is any doubt that the person who has been identified is the beneficial owner;

(B) for a trust structure: a) the settlor; b) the trustee; c) the protector, if any; d) the natural person benefiting from the legal person or entity not having legal personality, or where such a person has yet to be determined, the group of persons in whose main interest that legal person or entity not having legal personality are set up or operate; e) any other natural person who controls the trust structure, available direct or indirect property, or other means;

(C) for a trust-like legal entity that administrates and allocates funds, a natural person who holds a position on a par with the position specified in Clause (B) above.

“Close associate” shall mean: 1) a natural person who, together with a person who performs or performed Prominent Public Functions, participates in the same legal entity, or maintains other business relations; or 2) a natural person who is the only Beneficial Owner of legal entity or an unincorporated organization established or operating de facto with the intention to receive economic gain or other personal benefits with a person who performs or performed Prominent Public Functions.

“Immediate family members” shall mean a spouse, a person with whom partnership has been registered, parents, siblings, grandparents, grandchildren, children and children’s spouses, and persons with whom children have registered partnership (children’s cohabitants).

“Money Laundering” shall mean an intentional conduct consisting of:

The conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, to conceal or disguisethe illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s action;

The concealment or disguise of the nature, source, location, disposition, movement, or rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such activity;

The acquisition, possession or use of property, knowing that such property was derived from criminal activity or from participation in such an activity; and/or

Participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions referred to in paragraphs (A), (B) and (C).

“Politically exposed persons” (politically vulnerable (affected) persons) shall mean natural persons who are or have been entrusted with prominent public functions and immediate family members or persons known to be close associates of such persons. Prominent Public Functions shall mean the following functions in the Republic of Lithuania, EU, and international or foreign state institutions:

(A) the Head of the State, the Head of the Government, a minister, a vice-minister or a deputy minister, the State Secretary, the Chancellor of the Parliament or the Government or a ministry;

(B) a member of the Parliament;

(C) a member of the Supreme Court, the Constitutional Court or any other judicial authority whose decisions are not subject to appeal;

(D) the mayor of a municipality, the head of a municipal administration;

(E) a member of the management body of the supreme national audit and control body or the chairman, deputy chairman, or member of the board of a central bank;

(F) an ambassador, a chargé d’affaires ad interim or a high-ranking military officer;

(G) a member of a managing or supervisory body of a state-controlled entity, public limited company, or private limited company where the state owns a stock entitling it to more than 1⁄2 of all votes at a general meeting of shareholders of said entity or company;

(H) a member of a managing or supervisory body of a municipal entity, public limited company, or private limited company where the municipality owns a stock entitling it to more than 1⁄2 of all votes at a general meeting of shareholders of said entity or company and which is considered a large company under the Company Law of the Republic of Lithuania;

(I) the head or deputy head or member of a managing or supervisory body of an international intergovernmental organization;
(J) the head, deputy head, or member of a managing body of a political party.

“Property” shall mean things, securities, other financial instruments, other assets and interests, products of intellectual activity, information, actions and outcomes of actions, other property- and non-property-related valuables, as well as any other physical or not physical, movable, or immovable, tangible or intangible property and documents or instruments of proof of title to such property or the related rights existing in whatever (including electronic and digital) form.

“Terrorist financing” shall mean the provision or collection of funds, by any means, with the intention that they should be used (or in the knowledge that they are to be used) in full or in part, in order to carry out a terrorist offence.

“Virtual Currency” shall mean a value represented in the digital form, which is not issued nor guaranteed by a central bank or an official authority, not necessarily dependent on an official currency, has no legal status of an official currency or money but is accepted by natural persons or legal entities as an instrument of exchange, which is digitally transferable, preservable, or tradable.

2.1 Abbreviations

AML – Anti-money laundering;

CTF – Combating terrorist financing;

EU – European Union;

FATF – Financial Action Task Force, an intergovernmental body whose purpose is to develop and promote broad AML/CTF standards, both at national and international levels;

FCIS – Financial Crime Investigation Service, the financial intelligence unit in Lithuania;

OFAC – Office of Foreign Assets Control, a department of the United States Treasury;

PEP – Politically Exposed (natural) Person (Politically Vulnerable (Affected) Person);

SAR – Suspicious Activity Report;

EDD – Enhanced Due Diligence;

ODD – Ongoing Due Diligence;

CDD – Customer Due Diligence.

3. Regulatory Environment

The AML control framework is built around adherence to Lithuanian and E.U requirements (which

happen to be the most comprehensive) because these regimes are the most relevant to the company‘s

operations. We will also comply with any higher standard applicable in any jurisdictions that so

specify.

3.1 The Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania (AML Law)

The AML Law sets out the main AML and CTF requirements to be followed by the company.

3.2 Resolution No. V-240 of December 5th of 2014 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania “On the Approval of the List of Criteria for Money Laundering and Suspicious or Unusual Monetary Operations or Transactions Identification” (List of suspicious criteria)

The FCIS list of suspicious criteria sets out the non-exhaustive list of factors that may indicate that

the transaction is suspicious or unusual. Resolution No. V-5 of January 10th of 2020 of the Director

of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of

Lithuania “On the Approval of Guidelines for the Depositary virtual currency wallet operators and

virtual currency exchange operators to prevent money laundering and/ or terrorist financing”

(Guidelines).

The Guidelines supports the AML Law by providing virtual assets service providers with additional

guidance on how to comply with the AML Law.

3.3 Resolution No. V-273 of October 20th of 2016 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of The Republic of Lithuania “On the Approval of Guidelines for the Supervision of Financial Crimes for the Implementation of International Financial Sanctions in the Field of Regulations of the Ministry of Internal Affairs of the Republic of Lithuania”

Financial Sanction Guidelines provides information on how to comply with international financial

sanctions.

3.4 State Security Department’s List of Terrorist Financing Criteria

Terrorist financing criteria provides a non-exhaustive list of criteria that may help to identify terrorist

financing.

3.5 EU/EEA and Other International Laws

UK/EU/EEA laws and regulations applicable to Block Capital UAB include, but are not limited to:

Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering and terrorism financing.
Regulation (EU) N° 2015/847 of the European Parliament and of the Council of May 20, 2015, on information accompanying transfers of funds;

3.6 Financial Action Task Force (FATF) 40+9 Recommendations

The FATF 40+9 recommendations are non-binding industry guidance conveying a wide range of

advised practices in relation to AML and CTF controls. The company follows the principles laid down in

the 40+9 recommendations.

3.7 International Financial Sanctions

A number of global financial sanctions regimes apply including those of Lithuania, European

Union, United States (OFAC) and United Nations.

3.8 Regulatory guidance related to Virtual Currencies

Block Capital UAB will take into account the recommendations of the European Banking Authority

(“EBA”), in particular, those set forth in the EBA “Opinion on ‘virtual currencies’,” dated 4 July 2014

and in the FATF guidance for a risk-based approach to virtual currencies, dated June 2015.

4. Definition of Money Laundering and Terrorist Financing

Money laundering is the process by which criminals attempt to conceal the true origin and

ownership of the proceeds of their criminal activities. If undertaken successfully, it also allows them

to maintain control over those proceeds and, ultimately, to provide a legitimate cover for their source

of income. The risks to the financial sector primarily involve being used to facilitate this process,

whether knowingly or unwittingly.

Terrorist Financing is all dealings with funds or property which are, or are likely to be, used for the

purposes of terrorism, even if the funds are “clean” in origin.

For the purpose of this policy, money laundering also includes any activities relating to terrorist

financing.

4.1 Key stages of money laundering

Money laundering is generally broken down into in three distinct stages:

Placement – this is the first stage in the money laundering operation and involves the physical disposal of the initial proceeds derived from illegal activity, e.g., placing cash in the conventional financial system;

Layering – this second stage involves separating the illicit proceeds from their source by creating complex layers of financial transactions designed to disguise the audit trail and provide anonymity;

Integration – the final stage involves providing an apparent legitimacy to the criminally derived wealth. If the layering process has succeeded, integration schemes place the laundered proceeds back into the economy in such a way that they re-enter the financial system appearing as normal business funds.

Crypto-assets may be involved in any of the stages of money laundering:

Predicate crime: for example, raising funds through illegal activity by selling illegal goods or

services in return for crypto-assets;

Placement: converting crypto-assets into fiat currencies within a traditional financial system;

Layering: Converting fiat assets into crypto-assets, exchanging crypto-assets (including

through mixers), conversion between crypto-assets and converting crypto-assets into fiat

currencies or precious metals. Large amounts of crypto-assets may be split into less

conspicuous, smaller sums stored in many custodian wallets. These sums are then converted

into fiat through cryptocurrency exchange platforms, or alternatively through ‘clean’ wallets

in return for commission.

Moving, converting or placing illegal funds;

Layering assets through a series of conversions or movements to distance them from their Source;

Integrating funds into the legitimate economy. The launderer might choose to invest the funds into real estate, luxury assets, or business ventures.

4.2 Money Laundering and Terrorist Financing Offences

A money laundering offence may be committed if a person:

Conceals, disguises, or transfers criminal property;
Enters into or becomes involved in an arrangement which he knows, or suspects facilitates the acquisition, retention, use or control of criminal property on behalf of another person;
Acquires, uses or has possession of the criminal property.

In the case of terrorism financing, an offence is committed if there is involvement in providing money,

or other property, to be used for the purposes of terrorism, even if the funds are clean in origin.

4.2.1 Failure to disclose

Employees of companies subject to the AML Law, such as Block Capital UAB, would commit an offence if they fail to make a disclosure to the authorities or in the form of an internal report to the MLRO in cases where they have knowledge or suspicion that money laundering or terrorism financing is occurring.

4.2.2 Tipping Off

An offence of “Tipping off” is committed when anyone discloses to a person who is the subject of a suspicious report, or a third party, that a disclosure has been made to the MLRO or the

authorities or that an investigation is being carried out, as this could prejudice the investigation.

Making enquiries of a client, to verify identity or to ascertain the source of funds for a particular

transaction will not trigger a tipping-off offence before a suspicious activity report has been

submitted in respect of that client. If a suspicious activity report has been made, great care should

be taken to ensure the client does not become aware of that fact.

4.3 Consequences of non-compliance

Non-compliance with the money laundering obligations by employees is considered a serious

offence and may lead to immediate dismissal.

Failure to comply with the money laundering obligations may also result in a criminal penalty

(including imprisonment).

A breach of these rules could cause significant damage to the reputation of the company and its employees. Failure to comply by an employee may also expose the company to penalties, censure and enforcement action (including the imposition of fines) by the FCIS or other regulatory bodies.

5. Risk management and Controls

In accordance with various provisions of the applicable regulations, Block Capital UAB customers due

diligence measures and AML/CTF controls will involve the use of evidence-based decision-making

in order to target the risks of money laundering and terrorism financing.

Block Capital UAB will categorise each customer relationship into either high, medium or low risk

and tailor due diligence measures, KYC requirements and approval protocols based on these

categories. The risk category of each customer relationship must be based on the assessment of the

ML/TF risks posed by the customer, including information about the nature of the business relationship,

associated countries or geographic areas, products or services offered to such customers, service

delivery channels, transactional volumes, consistency of behavioural patterns, account tenure,

preferred payment or funding methods used, and other pertinent factors.

The assessment of the risk level to be assigned to a customer will take place before the customer is

able to use Block Capital UAB services and subsequently, On a weekly basis. During the business

relationship, Block Capital UAB continues monitoring the development of the risks and adapts its

assessment according to any significant change affecting customer risk categorization.

Block Capital UAB’s adaptation of a risk-based approach determines the extent of the client due

diligence measures, the frequency of the due diligence activities and, where applicable, the required

level of approval needed to accept or decline the customer relationship.

5.1 Customer Risk Assessment

The company will assess the risk for each client taking into account the purpose of the account or

relationship, the level of assets involved or the size of transactions to be undertaken and the

regularity or duration of the business relationship.

The client risk assessment will also take into account customer risk factors (including the nature of

business), product, service, transaction or delivery channel risk factors and geographical risk factors.

Low-Risk Customer risk factors:

a) Public companies listed on a stock exchange and subject to disclosure requirements (either

by stock exchange rules or through law or enforceable means), which impose requirements

to ensure adequate transparency of beneficial ownership;

b) Public administrations or enterprises;

c) Customers that are residents in geographical areas of lower risk.

High-Risk Customer risk factors:

a) The business relationship is conducted in unusual circumstances;

b) Customers that are residents in geographical areas of higher risk;

c) Legal persons or arrangements that are personal asset-holding vehicles;

d) Politically Exposed Persons;

e) Companies that have nominee shareholders or shares in bearer form;

f) The ownership structure of the company appears unusual or excessively complex given the

nature of the company’s business;

g) Customer Is involved in crypto asset mining operations (either directly or indirectly through

relationships with third parties) that takes place in a high-risk jurisdiction, relate to higher-risk

crypto-assets (such as privacy coins) or where its organisation gives rise to higher risk;

h) Customer Uses VPN, TOR, encrypted, anonymous or randomly generated email or a

temporary email service;

i) Customer Requests an exchange to or from cash, privacy coins or anonymous electronic

money;

j) Customer Requests an exchange to or from a state-sponsored virtual currency that may be

used to avoid sanctions;

k) The results of a blockchain analysis indicate a higher risk.

Low-Risk Product, service, transaction, or delivery channel risk factors:

a) Product parameters or measures that lower the provider’s exposure to risk, such as

limitations on transactions or account balance;

b) The customer requests an exchange and either the source of or destination for the money is

the customer’s own account with a bank in a jurisdiction assessed by the company as low risk;

c) The customer requests an exchange and either the source of or destination for the crypto asset is the customer’s own wallet that has been whitelisted or otherwise determined as

low-risk;

d) The customer requests an exchange and either the source of or destination for the crypto

asset relates to low-value payments for goods and services;

e) The results of a blockchain analysis indicate a lower risk.

High-risk Product, service, transaction, or delivery channel risk factors:

a) Products or transactions that might favour anonymity (e.g. Privacy coins);

b) Non-face-to-face business relationships or transactions, without certain safeguards;

c) Payment received from unknown or un-associated third parties;

d) Privacy or anonymity – offered by some, unregulated, crypto asset systems and providers to

transact without being fully identified;

e) Cross-border nature of the product;

f) Decentralised nature of the product;

g) Customer ability to operate more than one account with the provider;

h) Customer ability to operate accounts on behalf of third parties;

i) The previous or subsequent transaction is a peer-to-peer crypto asset transfer;

j) The crypto asset comes from or is associated with, the darknet or other illegal/high-risk

sources, such as an unregulated exchange, or is associated with market abuse, ransomware,

hacking, fraud, Ponzi schemes, sanctioned Bitcoin addresses or gambling sites;

k) The results of a blockchain analysis indicate a higher risk;

l) A significant proportion of the crypto assets held or used in a transaction is associated with

privacy-enhancing features or products and services that potentially obfuscate transactions

or undermine a company‘s ability to know its customers and implement effective AML/CTF

controls, such as Mixers or tumblers; Obfuscated ledger technology; Internet Protocol (IP)

anonymizers; Ring signatures; Stealth addresses; Ring confidential transactions; Atomic

swaps; Non-interactive zero-knowledge proofs; Privacy coins;

m) A significant proportion of the crypto assets held or used in a transaction is associated with

second-party escrow services.

Low Geographical risk factors:

a) Lithuania based;

b) Third countries having effective Anti-Money Laundering systems;

c) Third countries identified by credible sources as having a low level of corruption or other

criminal activity;

e) Third countries which, on the basis of credible sources such as mutual evaluations, detailed

assessment reports or published follow-up reports have requirements to combat money

laundering and terrorist financing and effectively implementing those requirements.

High Geographical risk factors:

a) Countries identified by credible sources, such as mutual evaluations, Financial Action Task

Force (FATF) or other similar regional organizations, detailed assessment reports or

published follow-up reports, as not having effective Anti-Money Laundering and/or Counter Terrorist Financing systems.

b) Countries identified by credible sources as having significant levels of corruption or other

criminal activity;

c) Countries subject to sanctions, embargos or similar measures issued by, for example, the

European Union or the United Nations;

d) Countries providing funding or support for terrorist activities, or that have designated

terrorist organisations operating within their country.

Clients will be classified into a risk category – high, medium, or low risk. Clients that are identified

with any high-risk factors will have to undergo Enhanced Due Diligence.

Block Capital UAB differentiates its customers based on their legal form and the type of products or

services used by them:

Individual customers (natural persons, individual entrepreneurs and freelancers), Business customers (legal entities) using Block Capital UAB products to conduct their commercial activities (e.g. export and import transactions).
While on an exceptional basis, Block Capital UAB may take on business customers (legal entities), they remain a small percentage of the client portfolio. Block Capital UAB‘s target market is individuals however customer due diligence procedures are in place to ensure that the risk related to business customers are adequately managed.

6. Customer Due Diligence

Customer due diligence (CDD) measures are required for verifying the identity of a new or existing Customer as a well-performing risk-based ongoing monitoring of the Business Relationship with the Customer.

The CDD measures consist of 2 levels, including enhanced due diligence measures. Customers are categorized based on risk profile into low, medium, high and very high-risk customers.

6.1 Customer Identification and Verification

6.1.1. Identification

The company must only obtain the following data of the Customer who is a natural person:

name(s) and surname(s);
personal number/date of birth;
citizenship
country of residence
signature or

in case of the Customer, which is a legal entity, the following data:

business name;
legal form;
registration number, if such number has been issued;
beneficial owners (holds 25% +1 shares or more);
head office (address) and address of actual operation;
the Customer´s representative name(s), surname(s) and personal number or date of birth; and ensure that the first payment be carried out through an account with a credit institution, where the credit institution is registered in EEA or in a Third Country which imposes requirements equivalent to those laid down in the relevant law and is supervised by competent authorities for compliance with those requirements.

The following valid identity documents which contain the data specified above may be used as the basis for the identification of a natural person:

an identity document of the Republic of Lithuania;
an identity document of a foreign state;
a residence permit in the Republic of Lithuania;
a driving license issued in a state of the European Economic Area in accordance with the requirements laid down in Annex I to Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licenses (recast).

The Customer, who is a natural person, cannot use a representative in the course of the business relationship or Occasional Transaction with the Company.

The Company identifies the Customer which is a legal entity and their representative and retains the following data on the Customer:

business name or name;
legal form;
registration number, if such number has been issued;
name(s) and surname(s), personal number (in the case of a foreigner – date of birth or where available – personal number or any other unique sequence of symbols granted to that person, intended for personal identification) and citizenship of the director(s) or member(s) of the Management Board or member(s) of another equivalent body, and their authorities in representing the Customer;
an extract of registration and its date of issuance;
head office (address) and address of actual operation.

The following documents issued by a competent authority or body not earlier than six months before their use may be implied for identification of the Customer:

registry card of the relevant register; or
registration certificate of the relevant register; or
a document equivalent to the aforementioned documents or relevant documents of the establishment of the Customer.

The Company verifies the correctness of the Customer’s data specified above, using information originating from a credible and independent source for that purpose. Where the Company has access to the relevant register of legal entities, the submission of the documents specified above does not need to be demanded from the Customer.

The identification of the Customer’s representative and their right to representation

The representative of the Customer shall be identified as the Customer, who is a natural person in accordance with this Policy. The Company must also identify and verify the nature and scope of the right of representation of the Customer. The name, date of issue and name of issuer of the document that serves as a basis for the right of representation must be ascertained and retained, except in cases, when the right of representation was verified using information originating from the relevant register.

The Company must observe the conditions of the right of representation granted to the legal entity’s representatives and provide services only within the scope of the right of representation. The authorization has to be in line with the requirements of the Lithuanian Civil Code. The authorization issued abroad has to

be legalized or bear an Apostille. In case the right of representation of the Customer (legal person) is evident from the registry extract, Articles of Association or equivalent documents evidencing the identity of the Customer (legal person), a separate document of authorization (e.g. a Power of Attorney) should not be required.

The identification of the Customer’s Beneficial Owner

The Company must identify the Beneficial Owner of the Customer and take measures to verify the identity of the Beneficial Owner to the extent that allows the Company to make sure that they know who the Beneficial Owner is. The Company collects the following data regarding the Customer’s Beneficial Owner(s):

name(s) and surname(s);
personal number;
citizenship.

The Company shall request from the Customer information to the Customer’s Beneficial Owner (e. g. providing the Customer with an opportunity to specify their Beneficial Owner when collecting data about the Customer).

The Company doesn´t establish the Business Relationship, if the Customer, who is a natural person has Beneficial Owner who is not the same person as the Customer.

Political Exposed Person’s identification

The Company shall take measures to ascertain whether the Customer, the Beneficial Owner of the Customer or the representative of this Customer is a PEP, their family member19 or close associate20 or if the Customer has become such a person.

The Company shall request from the Customer information to identify if the Customer is a PEP, their family member or a close associate (e. g. providing the Customer with an opportunity to specify the relevant information when collecting data about the Customer). The Company shall verify the data received from the Customer by making inquiries in relevant databases or public databases or making inquiries or verifying data on the websites of the relevant supervisory authorities or institutions of the country in which the Customer has a place of residence or seat. PEP must be additionally verified using an international search engine (e. g. Google) and the local search engine of the Customer’s country of origin, if any, by entering the Customer’s name in both Latin and the local alphabet with the Customer’s date of birth.

The Company shall identify close associates and family members of PEPs only if their connection with PEP is known to the public or if the Company has reason to believe that such a connection exists. Where the Customer who is a PEP no longer performs important public functions placed upon them, the Company shall at least within 12 months take into account the risks that remain related to the Customer and apply relevant and risk sensitivity-based measures as long as it is certain that the risks characteristic of PEPs no longer exist in the case of the Customer.

Identification of the purpose and nature of the business relationship or a transaction

The Company shall understand the purpose and nature of establishing a Business Relationship or performing a transaction. Regarding the services provided, the Company may request from the Customer the following information for understanding the purpose and nature of the Business Relationship or transaction:

whether the Customer will use the services of the company for their own needs or will represent the interests of another person;
contact information;
information on the registered address and actual living address of the Customer;
the estimated transactions turnover with the Company per calendar year;
the estimated source of funds used in the Business Relationship or transaction; • if the Business Relationship or transaction is related to the Customer´s performance of economic or professional activities and which activities they are;
information on the source of funds related to the Business Relationship or transaction, if the number of transactions (incl. expected amount) exceeds the established limit.

The company shall apply additional measures and collect additional information to identify the purpose and nature of the Business Relationship or an Occasional Transaction in cases where:

there is a situation that refers to high value or is unusual and/or
where the risk and/or risk profile associated with the Customer and the nature of the Business Relationship gives reason for the performance of additional actions to be able to appropriately monitor to Business Relationship later.

If the Customer is a legal entity, in addition to the aforementioned Company shall identify the Customer´s area of activity, where the Company shall understand what the Customer deals with and intends to deal with in the course of the Business Relationship and how this corresponds to the purpose and nature of the Business Relationship in general and whether it is reasonable, understandable and plausible.

6.1.2 Verification

Verification of the information for the Customer’s identification means using data from a reliable and independent source to confirm that the data is true and correct, also confirming, if necessary, that the data directly related to the Customer is true and correct. This, inter alia, means that the purpose of verification of information is to obtain reassurance that the Customer, who wants to establish the Business Relationship is the person they claim to be.

The reliable and independent source (must exist cumulatively) is verification of the information obtained in the course of identification:

which originates from two different sources;
which has been issued by (identity documents) or received from a third party or a place that has no interest in or connections with the Customer or the Company, i.e. that is neutral (e.g. information obtained from the Internet is not such information, as it often originates from the Customer themselves or its reliability and independence cannot be verified);
the reliability and independence of which can be determined without objective obstacles and reliability and independence are also understandable to a third party not involved in the Business Relationship; and
the data included in which or obtained via which are up to date and relevant and the Company can obtain reassurance about this (and reassurance can in certain cases also be obtained on the basis of the two previous clauses).

6.2 Main Principles of CDD

The CDD measures are taken and performed to the extent necessary considering the Customer’s risk profile and other circumstances in the following cases:

upon establishment of the Business Relationship and during the ongoing monitoring of the Business Relationship;
upon executing or mediating Occasional Transaction(s) outside the Business Relationship, where the value of the transaction(s) amounts to 1.000 EUR or more (or an equal amount in other assets) within 24 hours;
upon verification of information gathered while applying due diligence measures or in the case of doubts as to the sufficiency or truthfulness of the documents or data gathered earlier while updating the relevant data;
upon suspicion of Money Laundering or Terrorist Financing, regardless of any derogations, exceptions or limits provided for in this Policy and applicable legislation.

The Company does not establish or maintain the Business Relationship and does not perform the transaction if:

the Company is not able to take and perform any of the required CDD measures;
the Company has any suspicions that the Company’s services or transactions will be used for Money Laundering or Terrorist Financing;
the risk level of the Customer or of the transaction does not comply with the Company’s risk appetite;
In the case of receiving information in foreign languages within the framework of CDD implementation, the Company may request to demand translation of the documents to another language applicable to the Company. The use of translations should be avoided in situations where the original documents are prepared in a language applicable to the Company. Achieving CDD is a process that starts with the implementation of CDD measures. When that process is complete, the Customer is assigned documented individual risk level which shall form the basis for follow-up measures, and which is followed up and updated when necessary.

6.3. Main Principles of EDD

The Company always applies EDD measures, when:

the Customer’s risk profile indicates the high or very high-risk level of ML /TF;
upon identification of the Customer or verification of submitted information, there are doubts as to the truthfulness of the submitted data, authenticity of the documents or identification of the Beneficial Owner;
where cross-border correspondent relationships are commenced with the Customer, which is a financial institution of the Third Country;
in the case of the performance of a transaction or Business Relationship with the PEP, the family member of the PEP or a person known to be a close associate of the PEP;
where transactions or Business Relationships are carried out with natural persons residing or legal persons established in high-risk Third Countries as identified by the European Commission;
the Customer is from such country or territory or their place of residence or seat or the seat of the payment service provider of the payee is in a country or territory that, according to credible sources such as mutual evaluations, reports or published follow-up reports, has not established effective AML/CFT systems that are in accordance with the recommendations of the FATF.

Prior to applying EDD measures, the Company’s Employee ensures that the Business Relationship or transaction has a high or very high-risk and that a high-risk rate can be attributed to such Business Relationship or transaction. Above all, the Employee assesses prior to applying the EDD measures whether the features described above are present and applies them as independent grounds (that is, each of the factors identified allows the application of EDD measures with respect to the Customer).

When applying EDD measures where the cross-border correspondent relationship is commenced with the Customer, which is a financial institution of a Third Country, the Company must apply the following measures:

gather sufficient information about the Customer to fully understand the nature of its business and to determine from publicly available information the reputation of the Customer and the quality of supervision;
assess control mechanisms for AML of the Customer and the entity receiving funds;
obtain approval from the Management Board member before establishing new correspondent relationships;
document the respective responsibilities of the Customer;
be satisfied that the Customer has carried out proper Customer due diligence (including verification of the identity of the Customer having direct access to accounts of the Customer and performance of other Customer due diligence actions) and that it is able to provide the relevant Customer identification data to the Company upon its request.

When applying EDD measures, where transactions or Business Relationships are carried out with the PEP, the family member of the PEP or a person known to be a close associate of the PEP, the Company must apply the following measures:

obtain approval from the Management Board member before establishing Business Relationship with such a Customer or continuing the Business Relationship with the Customer when he or she becomes a PEP;
take adequate measures to establish the source of wealth and source of funds that are involved in the Business Relationship or transaction;
perform ongoing monitoring of the Business Relationship with the Customer by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.

When applying EDD measures where transactions or Business Relationships are carried out with natural persons residing or legal persons established in high-risk Third Countries as identified by the European Commission, the Company must apply the following measures:

obtaining additional information on the Customer and on their Beneficial Owner;
obtaining additional information on the intended nature of the Business Relationship;
obtaining information on the source of funds and source of wealth of the Customer and their Beneficial Owner;
obtaining information on the reasons for the intended or performed transactions;
obtaining the approval of the Management Board member for establishing Business Relationships with the Customer or continuing Business Relationships with them;
perform ongoing monitoring of the Business Relationship with the Customer by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;
ensuring that the first payment be carried out through an account in the Customer’s name with a credit institution, where the credit institution is registered in EEA or in a Third Country which imposes requirements equivalent to those laid down in the applicable law and is supervised by competent authorities for compliance with those requirements.

In any other cases when EDD measures must be applied, the amount of EDD measures and the scope shall be determined by the Employee, who is applying such measures. The following additional and relevant due diligence measures may be followed:

verification of information additionally submitted upon identification of the Customer based on additional documents, data or information originating from a credible and independent source;
gathering additional information on the purpose and nature of the Business Relationship or transaction and verifying the submitted information based on additional documents, data or information that originates from a reliable and independent source;
gathering additional information and documents regarding the actual execution of transactions made in the Business Relationship;
gathering additional information and documents for the purpose of identifying the source and origin of the funds used in a transaction made in the Business;
the making of the first payment related to a transaction via an account that has been opened in the name of the Customer participating in the transaction in a credit institution registered or having its place of business in a contracting state of the European Economic Area or in a country where requirements equal to those of Directive (EU) 2015/849 of the European Parliament and of the Council is in force;
the application of CDD measures regarding the Customer or their representative while being at the same place as the Customer or their representative;
gathering additional information about the Customer and its Beneficial Owner, including identification of all owners of the Customer, incl. those whose shareholding is below 25%;
gathering information on the origin of the funds and wealth of the Customer and its Beneficial Owner;
improving the monitoring of the Business Relationship by increasing the number and frequency of the applied control measures and by choosing transaction indicators or transaction patterns that are additionally verified;
obtaining the approval of the Management Board member for performing transactions or establishing business relationships with new and existing Customers;

The Employee shall notify about EDD measures applied within 2 working days after the start of applying the EDD measures by sending a relevant notification to the MLRO.

In the case of the application of EDD measures, the Company reassesses the Customer’s risk profile no later than every six months.

7. Implementation of Sanctions

The Republic of Lithuania follows the measures taken by the European Union, the United Nations and

the United States which are implemented through the Law on the Implementation of Economic and

Other International Sanctions. These measures include a list of individuals and entities who/which

are subject to sanctions. The Ministry of Foreign Affairs coordinates the implementation of

international sanctions in Lithuania and provides information about it.

The company will follow Instructions for the supervision of the appropriate administration

of International Financial Sanctions in the field of Regulation of the Financial Crime Office under

the Ministry of the Interior of the Republic of Lithuania approved by the FCIS Director

on October 20th 2016 by Resolution No. V-273 “On the approval of the supervisory instructions in

the field of regulation of the Financial Criminal Office of the Republic of Lithuania in the field of

regulation on the implementation of international financial sanctions”, therefore, the company must:

provide information about the implementation of financial sanctions to the FCIS and the Ministry of Foreign Affairs of the Republic of Lithuania;
provide the FCIS with all data necessary for monitoring;
appoint employee(s) who would organise the implementation of financial sanctions, be in charge of termination of disposal of accounts, regular updates of the list of entities which are under financial sanctions, report to the FCIS and other authorities responsible for the monitoring of the implementation of international sanctions.

The company screens all customers against sanctions lists. Any type of transaction, involving sanctioned individuals or groups is prohibited as a blocked transaction. Customers that are flagged by our sanctions screening process will be unable to perform any transactions until it is determined they are not sanctioned individuals. If the Company identifies a person who is a subject of Sanctions or that the transaction intended or carried out by them is in breach of Sanctions, the Company shall apply Sanctions and inform the FCIS thereof within 3 hours.

Procedure for identifying the subject of Sanctions and a transaction violating Sanctions.

The Company shall use at least the following sources (websites) to verify the Customer´s relation to Sanctions:

European Union Consolidated List (https://data.europa.eu/euodp/en/data/dataset/consolidated-list-of-persons-groups-and-entities-subject-to-eu-financial-sanctions)
US OFAC Non-SDN Entity List (https://sanctionssearch.ofac.treas.gov/)
US OFAC Sanctions (https://sanctionssearch.ofac.treas.gov/)
US OFAC’s Specially Designated Nationals & Blocked Persons Politically Exposed Persons (https://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx)
United Nations Consolidated List (https://www.un.org/securitycouncil/content/un-sc-consolidated-list)

In addition to mentioned sources, the Company may use any other sources by the decision of the Employee who is applying CDD measures.

The client’s identifying information is checked on the EU Sanctions Online Map (https://www.sanctionsmap.eu/#/main). The Sanctions Card offers a centralized sanctions accounting system that reflects the UN and EU sanctions regimes and is a convenient way for the Company to obtain the information it needs. The Sanctions Map indicates the types of sanctions, the legislation or the resolution that adopted the specific restrictive measures, provides an extensive search mechanism, as well as detailed explanations, such as which goods are prohibited from entering the country or territory, etc. The results of the research shall be documented in the research section of the client, indicating the results of the research and the date of the research.

The Company shall perform the abovementioned verification on an ongoing basis during an established Business Relationship. The frequency of the ongoing verifications depends on the Customer’s risk profile:

• once per week for the high-risk profile Customer;

• once per month for the medium-risk profile Customer;

• once per quarter for the low-risk profile Customer.

If the Employee has doubts that a person is a subject of Sanctions, the Employee shall immediately notify the MLRO or the Management Board member. In this case, the MLRO or the Management Board member shall decide whether to ask or acquire additional data from the person or notify the FCIS immediately of their suspicion.

Actions when identifying the Sanctions subject or a transaction violating Sanctions

If the Employee of the Company becomes aware that the Customer who is in Business Relationship or is performing a transaction with the Company, as well as a person intending to establish the Business Relationship or to perform a transaction with the Company, is the subject of Sanctions, the Employee shall immediately notify the MLRO or the Management Board member, about the identification of the subject of Sanctions, of the doubt thereof and the measures are taken.

The MLRO or the Management Board member shall refuse to conclude a transaction or proceeding, shall take measures provided for in the act on the imposition or implementation of the Sanctions and shall notify immediately the FCIS of their doubts and the measures taken.

When identifying the subject of the Sanctions, it is necessary to identify the measures that are taken to Sanction this person. These measures are described in the legal act implementing the Sanctions, therefore it is necessary to identify the exact sanction that is implemented against the person to ensure the legal and proper application of measures.

8. Politically Exposed Persons

Individuals who have, or have had, a high political profile, or hold, or have held public office, can pose a higher money laundering risk to Company, as their position may make them vulnerable to corruption. This risk also extends to members of their immediate families and to know close associates. PEP status itself does not, of course, incriminate individuals or entities. It does, however, put the client, or the beneficial owner, into a higher risk category. When conducting client research, ascertain whether the client or its true beneficiary is not a politically significant person, at least in the following way:

https://rupep.org/en/
https://dilisense.com/en_US
https://www6.vid.gov.lv/PNP

When Company establishes a relationship with politically exposed persons, it shall:

Identify using the KYC process to identify whether a customer is a PEP individual;
Have a formalized approval process for establishing such relationships; ensure that the internal procedures provide for enhanced due diligence measures;
Implement routine PEP checks of existing customers that may fall into this category at a later date;
Maintain a PEP register for Clients who fall into this category; and
Conduct enhanced ongoing monitoring of the relationship.

Once a customer’s application has been approved by Company, their information is rescreened on a weekly basis. This will ensure that Company is able to take appropriate action as quickly as possible, should the classification of the Customer’s status change.

9. Monitoring

It is the company’s obligation to comply with applicable AML laws and regulations and to cooperate with law enforcement authorities in the investigation of money laundering or other criminal activity. Under this policy, each employee has a responsibility to protect the company from money laundering and other criminal activity by monitoring for unusual or potentially suspicious activity by customers, as well as Company employees, and reporting such activity appropriately.

9.1 Monitoring of Business Relationships

The Company shall monitor established Business Relationships where the following ongoing due diligence (ODD) measures are implemented:

ensuring that the documents, data, or information collected in the course of the application of due diligence measures are updated regularly and in the case of trigger events, i.e., primarily the data concerning the Customer, their representative (incl. the right of representation) and Beneficial Owner as well as the purpose and nature of the Business Relationship;
ongoing monitoring of the Business Relationship, which covers transactions carried out in the business relationship to ensure that the transactions correspond to the Company’s knowledge of the Customer, their activities and risk profile;
identification of the source and origin of funds used in the transaction(s).

The company shall regularly check and update the documents, data and information collected within the course of the implementation of CDD measures and update the Customer´s risk profile. The regularity of the checks and update must be based on the risk profile of the Customer and the checks must take place at least:

once in 6 months for the high-risk and very high-risk profile Customers;
once per year for the medium-risk profile Customer;
once every two years for the low-risk profile Customer.

The collected documents, data and information must also be checked if an event has occurred which indicates the need to update the collected documents, data and information.

In the course of the ongoing monitoring of the Business Relationship, the Company shall monitor the transactions concluded during the Business Relationship in such a manner that the latter can determine whether the transactions to be concluded correspond to the information previously known about the Customer (i.e., what the customer declared upon the establishment of the Business Relationship or what has become known in the course of the Business Relationship).

The Company shall also monitor the Business Relationship to ascertain the Customer’s activities or facts that indicate criminal activities, Money Laundering or Terrorist Financing or the relation of which to Money Laundering or Terrorist Financing is probable, incl. complicated, high-value and unusual transactions and transaction patterns that do not have any reasonable or obvious economic or legitimate purpose or that are uncharacteristic of the specific features of the business in question. In the course of the Business Relationship, the Company shall constantly assess the changes in the Customer’s activities and assess whether these changes may increase the risk level associated with the Customer and the Business Relationship, giving rise to the need to apply EDD measures.

9.2 Monitoring of transactions

Effective control of transactions for suspicious activity requires centrally monitoring transactions across systems and services and over longer periods of time to identify patterns that may indicate suspicious activity. The company will potentially employ automated systems and procedures to monitor fund movements and prepaid card transactions for activities and transaction patterns that may indicate that a transaction may be unusual and potentially suspicious.

Our typical rule set to identify suspicious activity:

Load count(frequency)/volume per time period;
Load activities at a quiet times of the day (e.g. overnight);
Transactions flagged with a negative balance during top-up;
Load activity on either side of midnight;
Initial top-up for a relatively small amount;
Initial top-up for a maximum limit range;
Different accounts top up with the same device name;
Different accounts signed in from the same IP address;
Account top-up performed in High-Risk countries;
Frequent exchanges to the same BTC wallet address.

9.2.1 Suspicious Transactions

The company will continuously monitor clients’ transactions to detect unusual transactions or patterns of transactions and to ensure that any unusual or suspicious activity is identified and investigated immediately.

Based on the company‘s knowledge of the client, the monitoring will look for:

Unusual behaviour – sudden and/or significant changes in transaction activity by value, volume or nature, such as a change in beneficiary or destination;
Linked relationships – identifying common beneficiaries and remitters amongst apparently unconnected accounts or clients;
High-risk countries and entities – significant increases in activity or consistently high levels of activity with higher-risk geographies and/or entities;
Other money laundering behaviours – indications of possible money laundering, such as the structuring of transactions under-reporting thresholds, transactions in round amounts, overly complex transactions;
Dormant relationships.

The company will carry out retrospective reviews on the client to ensure the business being transacted is consistent with what was anticipated when the client was taken. The frequency will depend on the risk classification of the client:

High Risk will be reviewed no less than weekly;
Medium Risk will be reviewed no less than monthly;
Low Risk will be reviewed on a real-time risk basis and yearly.

Where unusual patterns are identified, then enhanced due diligence will be carried out. Enhanced due diligence will include:

Establishing the source and destination of the funds;
Establishing the client’s source of wealth to ensure that they are not the proceeds of criminal activity and that they are consistent with The company‘s knowledge of the client and the client’s activity.

9.2.2 Employee Transaction Monitoring

Employees must be on their guard for any unusual or suspicious transactions, especially where they are not within the normal activity expected from the customer’s business. A suspicious transaction may not always be easy to recognize but will often be inconsistent with the Customer’s known activities or with the Customer’s normal business.

When monitoring transactions the Employee shall assess transactions with a view to detect activities and transactions that:

deviate from what there is reason to expect based on the CDD measures performed, the services provided, the information provided by the Customer and other circumstances (e.g. exceeding estimated transactions turnover, Virtual Currency sending each time to new Virtual Currency wallet, the volume of transactions exceeding the limit);
without deviating according to the previous clause, may be assumed to be part of a Money Laundering or Terrorist Financing;
may affect the Customer´s risk profile score.

In the case, where the aforementioned fact is detected, the Employee shall notify MLRO and postpone any transaction of the Customer until MLRO´s decision regarding this.

In addition to the aforementioned, the MLRO shall review the Company´s transactions regularly (at least once per week) to ensure that:

the Company´s Employees properly performed the aforementioned obligations;
there are no transactions and transaction patterns that are complicated, high-value and unusual and that have no reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features.

The Company identifies the source and origin of the funds used in the transaction(s) if necessary. The need to identify the source and origin of funds depends on the Customer’s previous activities as well as other known information. Thereby the identification of the source and origin of the funds used in the transaction shall be performed in the following cases:

the transactions exceed the limits established by the Company;
the transactions do not correspond to the information previously known about the Customer;
the Company wants to or should reasonably consider it necessary to assess whether the transactions correspond to the information previously known about the Customer;
the Company suspects that the transactions indicate criminal activities, Money Laundering or Terrorist Financing or that the relation of transactions to Money Laundering or Terrorist Financing is probable, incl. complicated, high-value and unusual transactions and transaction patterns that do not have any reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features of the business in question.

10. Reporting

Employees are expected to be alert to money laundering and they are responsible for reporting any

actual or suspected money laundering to the MLRO in a timely manner.

Suspicious monetary operations or transactions shall be identified:

in accordance with the criteria for the identification of suspicious monetary transactions or transactions approved by Resolution No. V-240 of December 5th of 2014 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania “On the Approval of the List of Criteria for Money Laundering and Suspicious or Unusual Monetary Operations or Transactions Identification”;
noting the activities of customers which, by their nature, may be related to money laundering and/or terrorist financing;
conducting customer’s and beneficial owner’s identification;
conducting ongoing monitoring of the customer’s business relationship, including the investigation of transactions that have occurred during that relationship.

When a suspicious monetary operation or transaction is detected, a documented investigation must

be completed, that operation or transaction must be suspended, and a report made to the FCIS

within three business hours after the suspicious activity determination. There is no minimum threshold or limit for such a report. Once a suspicious monetary operation or transaction is reported to the FCIS,

they are required to respond within ten working days. If the FCIS requests further information, then

a response to that request must be provided immediately.

The company shall notify the FCIS of the customer’s identity data and information on the executed

virtual currency exchange transactions (virtual currency purchase or sale in decree currency) or

virtual currency transactions (virtual currency asset settlements) the value of a monetary operation

or transaction is equal to or greater than EUR 15 000 or currency/virtual currency equivalent,

whether the transaction is carried out in the context of one or more related monetary operations.

The value of the virtual currency is determined at the time of the monetary operation or transaction.

In the event that a customer’s monetary operation or transaction meets the requirements of the

above two paragraphs, the company shall submit a notice of suspicious monetary operation or transaction

and notification of executed virtual currencies exchange operations or transactions in virtual currency

where the value of such monetary operation or transaction is equal to or greater than EUR 15 000 or currency/virtual currency equivalent, whether or not the transaction is executed in the context of

one or more related monetary transactions to the FCIS.

It is a criminal offence for anyone, following a disclosure to the MLRO or to the

appropriate institution, to do or say anything that might either “tip off” another person that a

disclosure has been made or prejudice an investigation. When a customer’s account is the subject of

a SAR, there must be taken careful steps while communicating with the customer and additional

advice should be taken from the MLRO in order not to accidentally disclose

investigative actions to the customer.

Where there is serious suspicion, evidence, or reasonable grounds for believing that a transaction

may be deemed suspicious, employees are required to report their suspicions in accordance with the

company‘s procedures on Suspicious Transaction Reporting.

The MLRO will receive any reports or concerns relating to any suspected or actual

money laundering and will record, investigate, and report this to the relevant authorities, such as the

Financial Crime Investigation Service (FCIS), where necessary. If reports are not forwarded to the

relevant authorities, full details of the rationale for this decision will be kept on record.

All notifications made will be handled with strict confidentiality. However, please note that there

may be circumstances in which the company is required to reveal an individual’s identity, for example

where we are compelled to do so by law and therefore anonymity cannot be guaranteed.

If there are concerns about any repercussions of making a suspicious transaction report, then the

Whistleblowing Policy and Procedure should be followed for information on alternative methods of

making a report.

Failure to notify an appropriate person about criminal actions of which an employee is or should

have been aware, in breach of this policy, may be considered to be a contractual breach leading to

dismissal or personal criminal liability.

11. Training

The Company ensures that its employees, its contractors and others participating in the business on a similar basis and who perform work tasks that are of importance for preventing the use of the Company’s business for Money Laundering or Terrorist Financing (‘Relevant Persons’) have the relevant qualifications for these work tasks. When a Relevant Person is recruited or engaged, the Relevant Person’s qualifications are checked as part of the recruitment/appointment process by carrying out background checks, which are documented using a special standard form assessing Employee suitability.

In accordance with the requirements applicable to the Company on ensuring the suitability of Relevant Persons, the Company makes sure that such persons receive appropriate training and information on an ongoing basis to be able to fulfil the Company’s obligations in compliance with the applicable legislation. It is ensured through training that such persons are knowledgeable within the area of AML/CFT to an appropriate extent considering the person’s tasks and function. The training must provide, first and foremost, information on all the most contemporary money laundering and terrorist financing methods and risks arising therefrom.

The content and frequency of the training are adapted to the person’s tasks and function on issues relating to AML/CFT measures. For new employees, the training comprises a review of the content of the applicable rules and regulations.

The Employees and the Management Board members receive training on an ongoing basis under the auspices of the MLRO in accordance with the following training plan:

periodicity: at least once a year for the Management Board members. At least once a year for the Company’s Employees and Relevant Persons engaged.
scope: a review of applicable rules and regulations and other relevant procedures. Specific information relating to new/updated features in the applicable rules and regulations. Report and exchange of experience relating to transactions reviewed since the previous training.

In addition to the above, Relevant Persons are kept informed on an ongoing basis about new trends, patterns and methods and are provided with other information relevant to the prevention of Money Laundering and Terrorist Financing.

The training held is to be documented electronically and confirmed with the Relevant Person‘s signature. This documentation should include the content of the training, names of participants and date of the training.

12. Record keeping

Record keeping is an integral part of regulatory responsibility. To assist in record keeping the Company maintains an employee training log including details of their assessment results, when they were examined, when they were trained, and any reassessment necessary.

12.1 AML Records

Where applicable, the following records are retained in a log by the MLRO for anti-money laundering purposes:

Identification of clients – full details of evidence of identity for no less than five years from the end of the relationship;
Transactions – client files containing the full details of the transaction for no less than five years from the date the transaction was completed;
Internal and external reporting – full details of action taken by the MLRO for no less than five years from the creation of the record;
Information not acted upon – full details of the information considered by the MLRO, but not reported externally (i.e. to FIU) for no less than five years from the date the information was obtained;
Detailed records must be kept no less than five years from the date the transaction or customer relationship ended.

12.2 Record Accessibility

The company maintains systems that ensure records are kept in accordance with regulatory requirements. The company may keep records electronically in the operating systems or on specific storage facilities for onsite or offsite storage, or paper-based. In any case, Company will ensure that:

Records can be accessed in a reasonable time and at a minimum as required by regulation;
Records are protected against unauthorized access and accidental deletion or destruction, as per Data Protection requirements applicable in different jurisdictions.
Third-party providers used for the storage of records shall have systems and procedures in place to ensure that records are protected against unauthorized access and accidental deletion and securely stored for the required amount of time.

12.3 Record Retention

The overall principles in this respect are the following:

Records verifying identity must be kept for no less than five after the termination of a Customer relationship/agreement.
Records supporting individual transactions must be kept for no less than five years following the completion of the transaction.
Records of any report made to the compliance team (whether or not forwarded further) will be retained as part of the customer records.

12.4 Applicability

Following the regulations, Company record-keeping procedures shall enforce the retention, for the prescribed period, of the following records:

In relation to any relationship that is formed, a record indicating the nature of the evidence of the customer due diligence documents obtained, comprising a copy of or the reference to the evidence required for the identity and providing sufficient information to enable the details as to a person’s identity contained in the relevant evidence to be re-obtained;
A record containing details relating to the business relationship and to all transactions carried out by that person in the course of an established business relationship or occasional transaction which shall include the original documents or other copies which are admissible in court proceedings; and

A record of the findings of the company examination of the background and purpose of the relationships and related transactions.