Objectives of the policy:
- Prevent Izibits OÜ from being used for financial crime so as to comply with all applicable legal requirements;
- To ensure that the most appropriate action is taken by Izibits OÜ to mitigate the risks associated with financial crime.
Introduction and key concepts
There is a wide range of legislation and regulations which we, as a financial services firm, must comply with. In all cases not specified in this policy, Izibits OÜ follows the guidelines set by the Money Laundering and Terrorist Financing Prevention Act (passed 26.10.2017)
Estonian Cryptocurrency Exchanges are defined in the Estonian law as Providers of Alternative Means of Payment, licensed as an Estonian Financial Institution by holding a Financial Activity License from the Estonian Financial Intelligence Unit (FIU), which is the Anti Money Laundering (AML) authority in Estonia with the ability to grant, revoke and supervise financial activity licenses. The AML and KYC requirements of the service providers are subject to are set forth in the Estonian Money Laundering and Terrorist Financing Act and other legal guidelines given by the Estonian Minister of Finance.
Any breaches of our procedures relating to the prevention of money laundering and the combating of terrorist financing will be dealt with severely and may be treated as gross misconduct.
No financial sector business can consider itself immune from the possibility of being used to further financial crime and we must carefully consider risks to our business and devise appropriate procedures with due regard to these risks. Such procedures will enable us to comply with the applicable legislative and regulatory requirements.
Izibits OÜ complies with the high standards of legislation of the Republic of Estonia in the field of Anti-money laundering and countering the financing of terrorism politics.
In order to establish business relations within the framework of crypto acquiring cooperation, the client must be fully verified.
AML policy includes a number of measures by which the company ensures the safety of activities.
1. Due diligence – Individual approach
Simplified Due Diligence
- the Client can be identified on the basis of publicly available information;
- the ownership and control structure of the Client is transparent and constant;
- the operations of the Client and their accounting or payment policies are transparent;
- Client reports to and is controlled by an authority of executive power of Estonia or a contracting state of the European Economic Area, another agency performing public duties, or an authority of the European Union.
Simplified Due Diligence:
- obtaining fewer elements of customer dentification data, seeking less robust verification of the customer’s identity;
- not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring the purpose and nature from the type of transactions or business relationship established;
- verifying the identity of the customer and the beneficial owner after the establishment of the business relationship (e.g. if transaction values rise above a defined monetary threshold);
- reducing the frequency of customer identification updates in case of business relationship;
- reducing the degree and extent of on- going monitoring and scrutiny of transactions, based on a reasonable monetary threshold.
Enhanced Due Diligence
The risk level of the Client is higher if:
- the Client is a person associated with a PEP;
- the Client is PEP or local PEP;
- the actual place of residence or employment or business of a Client is in a country, which is included in the list of risk countries;
- the Client is suspected to be or to have been linked with a financial offence or other suspicious activities;
- the Client is a non-resident individual, whose place of residence or activities is in a country, which is listed in the list of risk countries;
- when suspicion arises regarding truthfulness of the provided data and/or of authenticity of the identification documents regarding the Client or its Beneficial Owners;
- in a situation with higher risk of Money Laundering and terrorists financing;
- in case of companies that have nominee shareholders or shares in bearer form;
Enhanced Due Diligence:
obtaining and corroborating additional identifying information from a wider variety or more robust sources and using the information to inform the individual customer risk profiling;
carrying out additional searches (e.g. verifiable adverse internet searches) to better inform the individual customer risk profiling;
where appropriate, undertaking further verification procedures on the customer or beneficial owner to better understand the risk that the customer or beneficial owner may be involved in criminal activity;
verifying the source of funds or wealth involved in the transaction or business relationship to be satisfied that they do not constitute the proceeds from crime;
evaluating the information provided with regard to the destination of funds and the reasons for transaction;
seeking and verifying additional information from the customer about the purpose and intended nature of the transaction or the business relationship.
Steps to identify customers and check whether they are who they say they are. Request and obtain the following:
For natural person:
- Full name;
- DOB (Date of birth);
- Phone number;
- If the turnover exceeds 1,000 euros, we will also ask to provide a selfie with a passport (ID) in hand or scan copy of ID;
- If the turnover exceeds 25 000 euros, we will also ask for a Skype conversation.
For legal person:
- name or business name of the legal person;
- identifying all beneficial owners, where applicable, and taking reasonable measures to verify their identity;
- obtaining information on the purpose and intended nature of the business relationship;
registry code or registration number and the date of registration;
names of the director, members of the management board or other body replacing the management board, and their authorization in representing the legal person;
- details of the telecommunications of the legal person;
- detailed description of business processes;
- registry card of the relevant register.
Additionally, Izibits OÜ may request customers AML/KYC policy (for example for ICO projects and more cryptocurrencies).
Depending on the results of due diligence, the list of documents may be changed by discretion of Izibits OÜ.
Transactions are possible only after passing the verification procedures.
2. Ongoing monitoring
Ongoing monitoring on a risk basis means the scrutiny of transactions to determine whether those transactions are consistent with the MVTS provider’s information about the customer and the nature and purpose of the business relationship, wherever appropriate. Monitoring also involves identifying changes to the customer profile (for example, their behaviour, use of products and the amount of money involved), and keeping it up to date, which may require the application of enhanced CDD measures. Monitoring transactions is an essential component in identifying transactions that are potentially suspicious. Transactions that do not fit the behaviour expected from a customer profile, or that deviate from the usual pattern of transactions, may be potentially suspicious.
Izibits OÜ is obliged to report to the Financial Intelligence Unit in the event of suspicion of money laundering or terrorist financing.
4. Requirements for compliance officer
Responsibility for the consistency and effectiveness of AML/CFT controls is clearly allocated to an individual of sufficient seniority within the MVTS provider to signal the importance of ML/TF risk management and compliance, and that ML/TF issues are brought to senior management’s attention. This includes the appointment of a skilled compliance officer at management level.
5. Independent audit function
By the end of 2018, when the turnover of the customer exceeds the threshold of 20, Izibits OÜ plans to contract with independent audit service to test the AML/CFT programme with a view to establishing the effectiveness of its AML/CFT policies and processes and the quality of its risk management across its operations, departments, branches and subsidiaries, both domestically and, where relevant, abroad.
By the end of this year, Izibits OÜ will sign a contract with a service providing services for the evaluation of financial transactions on the Internet for suspicion from the point of fraud and offering recommendations for their further processing.
Thus, Izibits OÜ is guided by the following standards:
- Establishing and maintaining a Risk Based Approach towards assessing and managing the money laundering and terrorist financing risks to the company;
- Establishing and maintaining risk-based customer due diligence, identification, verification and know your customer procedures, including enhanced due diligence;
- Establishing and maintaining risk based systems and procedures to monitor on-going customer activity;
- Procedures for reporting suspicious activity internally and to the relevant law enforcement authorities as appropriate;
- Maintenance of appropriate records for the minimum prescribed periods;
- Training and awareness for all relevant employees.
7. AML Employee training program
All Employees are expected to be fully aware of the Izibits’s anti-money laundering policies and procedures.
To ensure the continued adherence to Izibits’s anti-money laundering policies and procedures, all Employees are required to reconfirm their awareness of the contents of this Compliance Manual by signing the acknowledgement form annually, or more frequently, as required by the Compliance Officer.
- At a time specified by the Compliance officer, to undertake training programs on antimoney laundering policies and procedures;
- To get trained in how to recognize and deal with transactions which may be related to money laundering;
- To timely escalate and report the matter to the Compliance Officer;
- To get themselves acquainted with Anti Money Laundering Rules &
- Be aware of FATF recommendations;
- To comply with the requirements of Rules & Regulations.