Rules FAQ
orRegister
Log In Register Rules of exchange FAQ

AML/KYC policy

The Terms and Conditions
Privacy Policy
Complaint Policy
AML/KYC policy
The Terms and Conditions
Privacy Policy
Complaint Policy
AML/KYC policy

I. REGULATION AGAINST LEGITIMISATION OF PROCEEDS OF CRIME AND FINANCING OF TERRORISM


  1. Introduction


The company The MyXchange Inc. (hereinafter referred to as the “Company” only) is a legal entity, incorporated in compliance with the applicable provisions of the Act No. 89/2012, the Civil Code, as subsequently amended, and the Act No. 90/2012 on Commercial Corporations, as subsequently amended. The Company conducts its business including activities amended by the Act No. 253/2008 on selected measures against legitimisation of proceeds of crime and financing of terrorism (hereinafter referred to as “ZAML” only), dealing with identification and verification of clients entering into business with the Company, together with observations of the nature, scope and other characteristics of business transactions performed by the Company in order to efficiently prevent legitimisation of proceeds of crime and financing of terrorism (hereinafter referred to as “money laundering” only) via a financial institution. The prerequisites in this manner include continuous monitoring of transactions, with emphasis laid on the frequency and scope of certain deviations from the regular business practices of its client.


  1. Purpose of Internal Regulation


The internal regulation amends procedures followed by the Company to prevent money laundering within, to comply with its obligation to disclose information to the Financial Analytical Unit (”FAU”) and determines the anti money-laundering system and measures accordingly. When defining its internal principles, the Company concedes to the respected standards listed in the summary published by FAU. The scope of this internal regulation also spans to cover procedures to ensure performance of duties per ZPMS.


  1. Definition of Certain Terms


Identification details of a physical person: all the names and surnames, personal identification number or date of birth (if the first has not been assigned), place of birth, gender, permanent or temporary residency and citizenship;

of a freelance entrepreneur: all the names and surnames, personal identification number or date of birth (if the first has not been assigned), place of birth, gender, permanent or temporary residency and citizenship, business name, any specific suffix or other identification characteristics, point of business and business registration number;

of a legal entity: business name or company name including the distinguishing suffix or other identification characteristics, registered office address, business registration number or any similar code assigned abroad, their executives or members are identified with all their names and surnames, personal identification number or date of birth (if the first one has not been assigned) date of birth, place of birth, gender, permanent or other residency and citizenship.


Legitimisation of Proceeds of Crime

any action aimed towards concealment of illegal origin of any economic benefit arising from criminal acts with the intention to present such property gains in compliance with the law, whereas such actions would include mainly the following:

  • conversion or transfer of property knowingly obtained from crime in order to ensure its concealment disguise to aid the entity involved in performance of such activity avoid the legal consequence of their actions;

  • concealment or disguise of the actual nature, resource, location or movement of the property or handling of the latter or any changes in rights relevant to such property knowingly obtained from any act of crime;

  • acquisition, possession, use of handling of property knowingly obtained from any act of crime, or;

  • criminal conspiracy or any other form of collaboration in order to pursue the actions defined under items 1-3 above.



Financing of Terrorism

  1. accumulation of provision of funds or other assets to be knowingly used, fully or partially, for commission of any criminal act of terrorism, a terrorist attack or any act of crime to enable or aid perpetration of such crime or to support a person or a group of persons preparing for perpetration of such crime; or

  2. any act aimed towards reward or indemnification or a perpetrator committing a criminal act of terror, a terrorist attack or any act of crime to enable or aid perpetration of such crime, or any person close to such perpetrator, or even collection of funds intended for such reward or indemnification purposes,

  3. financing to support distribution of the weapons of mass destruction, which shall be interpreted as collection or provision of funds or other assets be knowingly used, fully or partially, by the distributor of weapons of mass destruction or utilised to support distribution of such weapons in a manner contradictory to the requirements stipulated by international law.


Non-Transparent Ownership Structure

situation disabling accurate identification of the true owner of the client company

  1. using data from the Companies Register,

  2. using data from the Companies Register or any similar register established in the country of registration of the particular entity or any similar register in the country of origin of a foreign entity not listed in the Companies Register in Estonia; or an officially certified Memorandum of Association or another deed of foundation of such foreign entity, containing any amendments thereto in case its country of registration uses no such register,

  3. using information from a trustworthy source considered reasonably credible by the Company.


Ownership structure of a client company cannot be considered non-transparent, if its shares are listed or if this is a foreign joint-stock company with its shares accepted for public dealing.


Business Transaction

any act performed between the Company and the client, if aimed at handling of property of the client or rendering of any service to the client, e.g. a payment transaction.


Business Relationship

any contractual relationship between the Company and the client with the aim of handle property of the client or render any services to the client, if the very establishment of such contractual relationship clearly reflects any evidently repeated supplies with respect to all the relevant circumstances. Evidently repeated supplies shall also include entering into a business transaction with a third party.


Politically Exposed Person

  1. a physical person appointed to a significant public office with nationwide competency, especially a chief of state, a prime minister, a head of the central public administration authority or their deputy (secretary, assistant secretary), a member of Parliament, a political party executive, a chief of any municipal authority, any judge from the Supreme Court, a Constitutional Court or any other supreme judicial authority, whose decision may not be generally appealed to seek any legal remedy, save for certain exemptions, a member of bank council of Central Bank, a high-ranking office of armed forces, brigade, any member or substitute, in a legal entity, of any statutory body of a business corporation under government control, an ambassador or a head of diplomatic mission or a physical person holding or having held a similar office in another country, in any institution of the European Union or any international organisation.


  1. a physical person who is a close person to the person identified under paragraph a),

  2. is a shareholder or the Actual Owner of the same legal entity or even a trust or any similar legal body incorporated in accordance with a foreign law as a person listed under item a) or the affected entity is known to keep a close business relationship with the person listed under item a), or

  3. is the Actual Owner of a legal entity or a trust or any similar legal body in accordance with a foreign law that is known to have been established for the benefit of the person listed under item a).


Identity Document

a citizen’s identification card, passport, driver’s licence or any other document issued by the public authorities, stating the name and surname, date of birth and showing the evident appearance of its holder, or even another detail enabling identification of the person submitting such document as its legitimate holder.


Order from Client

An order submitted by a client to proceed with a payment transaction or any other act performed by a client to cause the Company handle any assets of the client.

Actual Owner

The Actual Owner is a physical person with actual or legal entitlement for direct or indirect exercise of decisive powers in any legal entity, trust or legal body without a legal personality. Subject to compliance with terms and conditions defined in the first clause, the assumed Actual Owner

  1. of a commercial corporation would always be a physical person

    1. holding more than 25% of voting rights in such commercial corporation solely or in consonance with other entities or holding more than 25% of shares in such corporation

    2. controlling the entity defined under item a) solely or with other associates

    3. supposed to receive at least 25% of the profit generated by such commercial corporation, or

    4. holding an office in its statutory body, representing a legal entity in such body or holding any office similar to membership in any statutory body, unless they are the Actual Owner or could be identified using provisions under items a) to c),

  2. in any society, public service organisation, private housing association, church, religious society or any legal entity established in line with the law amending the status of church or religious societies it would be any physical person

    1. holding more than 25% of their voting rights

    2. supposed to receive at least 25% of funds distributed by them, or

    3. holding an office in its statutory body, representing a legal entity in such body or holding any office similar to membership in any statutory body, unless they are the Actual Owner or could be identified using provisions under items a) or b),

  3. in any foundation, endowment fund, trust fund or any other legal body without legal personality it would be a physical person or the Actual Owner of a legal entity in position of,

    1. a founding member,

    2. a fiduciary,

    3. a beneficiary,

    4. a person on whose behalf such a foundation, institute, endowment fund, trust fund or any other legal body without legal personality has been founded, unless a beneficiary has been identified; and

    5. a person authorised to supervise administration of such a foundation, institute, endowment fund, trust fund or any other legal body without legal personality.




Country of Origin

a country

  1. of nationality of the physical person,

  2. of long-term or permanent residency of the physical person, or

  3. hosting the registered office, branch, organisational unit or business premises of a legal entity.


  1. Identification of Business Contractors


Prior to entering into any contractual relationships with a business contractor or any financial institution, the Company is liable for obtaining the documents and data listed below for proper verification to comply with the “get to know your partner” principle.


Prior to entering into a contract, a business contractor is obliged to provide the following details:

  • business name

  • registered office address

  • mailing address

  • details of contact person

  • contact phone number, E-mail address

  • list of end owners (physical persons), stating their names and residency addresses or persons holding at least 10% of shares in the business contractor


A business contractor is obliged to present the following documents:

  • an original or a certified copy of the extract from Companies Register or any instrument proving the existence of the Company that may not be older than 1 year, foreign entities shall provide the same supplemented with an apostille

  • a list of members of the Board of Directors or officials in statutory body(ies), unless such details are included in the extract from the Companies Register

  • a document proving that the Company has not issued any bearer shares.


Any contract with a business contractor may be signed by the managing director only after a proper inspection of the details and documents presented; such inspection shall be conducted by a compliance officer of the Company. For any remotely concluded contracts, e.g. by mail, any signatures of beneficiaries must be certified and even appended with apostilles in case of foreign entities.


  1. Mandatory Client Identification


The Company proceeds with identification of its client(s) for any transaction value exceeding the amount of EUR 1,000, while this check must be conducted once the transaction value has become obvious, at the latest. The Company further proceeds with such identification checks for any suspicious transaction and in case a Framework Agreement has been signed.

  1. Client Identification Procedures

    1. Face to Face Identification


The Company verifies identity of its clients prior to entering any Framework Agreement in case the transaction value exceeds the amount of EUR 1,000 or in case of suspicious transactions. The first identification check of a client, who is a physical person acting solely or on behalf of any legal entity, is conducted by an employee of the Company in person. The exceptions applicable to such situations have been defined below.


When performing a Business Transaction worth EUR 15,000 or more, where its purposes cannot be clearly identified from the order submitted (e.g. a payment order submitted via e-mail is not appended with the relevant invoice), the authorised employee shall raise an inquiry aimed at the source (origin) of funds used in the Business Transaction as well as the intended objective of such transaction. These details must be then registered in the business system with respect to the Business Transaction performed.


      1. Physical Person Identification


When entering into a Business Relationships with a client - physical person - the authorised employee of the Company proceeds with identification of such client by means of recording and verification of the relevant identification details obtained from an identity document of such client, if listed therein (i.e. all the names and surnames, personal identification number (if assigned) or their date of birth, place of birth, gender, permanent or other residency address and citizenship; any freelance entrepreneurs will be also verified with their business name, any business identification suffix or other characteristics, point of business and business registration number) and they also need to record the type and number of identity document or even the issuing authority and the expiry date, while also matching the appearance of such person with their photograph in the said identity document.


Throughout the client identification check, the authorised employee further explores and records any facts regarding potential political exposure of the client or any person acting on their behalf, as they may be subject to any international sanctions also imposed by Estonia in accordance with the applicable law on imposition of international sanctions.

      1. Legal Entity Identification


When entering into a Business Relationship with a client - legal entity - the authorised employee of the Company proceeds with client identification by performing the tasks below:

  • recording and verification of identification details pertaining to the legal entity from a proof of its existence (business or trading name including the suffix or other characteristics, business registration number or any similar code assigned to enterprises abroad);

  • performing identification of physical persons (e.g. any statutory body or a member thereof), acting on behalf of the legal entity when entering into the Business Relationship with the Company and/or conducting Business Transactions on behalf of the client; the authorised employee hence verifies and records identification details contained in identity documents of such physical person(s) (i.e. all the names and surnames, personal identification number (if assigned) or date of birth, place of birth, gender, permanent or other residency and citizenship details), recording the type and number of such identity document or even its issuing authority and expiry date, while also matching the appearance of such person with their photograph in the said identity document;

  • physical persons holding offices within statutory bodies of a legal entity, yet not acting within the said Business Relationship, are subject to verifications of details required to prove their identity. These details include the data available from public resources, generally from the Companies Register, i.e. especially the name, surname, date of birth and address.


Any legal entity acting as a statutory body in the client, being a member in such statutory body or controlling the client will be subject to the identification check in a manner similar to the client verification.


Throughout the client identification check, the authorised employee further explores and records any facts regarding potential political exposure of the client or any person acting on their behalf, including the Actual Owner and all members of its statutory body, as they may be subject to any international sanctions also imposed by Estonia in accordance with the applicable law on imposition of international sanctions.

Identity Document Reproduction

The process applied for identification of a physical person (the client or their authorised representative) with their Country of Origin outside Estonia runs with the primary procurement of identification data from copies of the relevant parts of their identity document containing such details and recording the type and number of the said identity document or even its issuing authority and expiry date. An identification check of a physical person (client or their authorised representative), whose country of origin is different from Estonia) is conducted using identification details obtained primarily from the copy of their identity document.


Should the affected physical person refuse to grant the Company their consent to make a copy of their identity document, the authorised employee of the Company conducting the identification check using a transcript of the identification details to the extent defined herein.


A copy (scan) of an identity document is made in writing and in such manner to preserve the relevant identification details legible and fit for storage throughout the period defined hereby and it must also contain a copy showing the picture of the physical person subject to identification check at such quality standard to enable verification of match or appearance accordingly.


The authorised employee of the Company, conducting the identification check of the client, is obliged to record such fact into the information system of the Company and enter the data into the contractual documentation, duly counter-signed by the authorised employee, used among materials for establishment of a Business Relationship between the Company and the client.


    1. Identification Arrangements

Whenever requested by the client or the Company, the client identification check can be conducted by a notary public or any public administration contact point.

The notary public or the public administration point execute the relevant identification certificate, containing details stipulated by § 10 section 2 of ZAML. The identification certificate will be appended with copies of identity documents and those parts of documents used for identification purposes that provide the identification details within the scope required, as well as the type and number of identity document, the issuing country or authority, the expiry date and a copy of the application, if submitted in writing. With this method of client identification employees, the output is also appended with the original copy of the power of attorney or a certified copy thereof. The said appendices will be joined into a bundle to the identification certificate.

    1. Client identification during remote conclusion of contracts


For a Business Relationship comprising provision of payment services and concluded on a remote basis in compliance with the Act No. 89/2012, the Civil Code, as subsequently amended (hereinafter referred to as the “CC” only), the Company may proceed with identification of their client using the following methods:

  1. the first payment within the Business Relationship will be effected via an account held under the name of client at a credit institution or a foreign credit institution operating within the territory of a member to the European Union or the European Economic Area;

  2. the client supplies the Company with a copy of the document proving existence of an account held under the name of client, as defined under item a), (e.g. an account statement, a copy of account agreement);

  3. the client supplies the Company with i) a copy of the relevant parts of the identity document; and ii) at least one copy of another supporting document (e.g. passport, driver’s licence, invoice for supply of electricity or communication services…), allowing for discovery of identification details of the client, as well as the type and number of the identity document, its issuing country or authority, together with its expiry date; is the client is a legal entity, the latter shall supply the Company with copies of documents defined under this item, i.e. copies of documents from the person (or persons, as the case may be) authorised to act on behalf of the client - legal entity.

Compliance with the above-mentioned requirements will be verified by the front office assistant to find out, whether the information available does not reveal any of the clients, products or transactions a higher risk of abuse for legitimisation of proceeds of crime and financing of terrorism; the assessment is based mainly on provisions of the Framework Agreement and screening of the client using the data within the relevant lists (see the Appendix No. 1 hereto).

Any copies (scans) of identity documents must be produced in such manner to preserve the relevant identification details legible and fit for storage throughout the period defined hereby and it must also contain a copy showing the picture of the physical person subject to identification check at such quality standard to enable verification of match or appearance accordingly.


Remote identification of clients is applied in case of clients, products or specific transactions associated with lower risks only. A low-risk client would be a person/entity classed for the Risk Profile No. 1 (see Chapter 8. Risk Assessment and Client Risk Profile: II. Client Risk Profiles). The method for remote identification of clients does not apply in case of politically exposed person(s).

    1. Acceptance of Identification by Third Party (Financial Institution)

      1. Acceptance of identification conducted by a third party


Pursuant to § 11 section. 1 par. a) and b) of ZAML, the authorised employee of the Company does not have to perform identification of any client using the method described above in case such identification as well as procurement of information about the purpose or intended nature of any Business Transaction or a Business Relationship and revelation of the Actual Owner has been performed by another financial institution that adheres to similar rules and accepts additional measures in the money laundering domain to the ones adopted by the Company, while the latter is also guaranteed supply of information, including copies of the relevant documents on client identification, purpose and intended nature of the Business Transaction or Business Relationship and the identity of Actual Owner from the said financial institution performing the identification or procurement of the relevant details.

The Company shall not accept any information for client identification purposes, any data on the nature of Business Transaction or a Business Relationship or revelation of the Actual Owner in case of doubt about correctness or completeness of such details.

The financial institutions eligible to supply identification details to the Company include banks, savings or credit unions, central depositories, security traders, investment companies, insurance companies, reinsurance companies.


Acceptance of identification details from any financial or credit undertaking does not relieve the client from their obligation to complete the Framework Agreement to undergo the risk assessment process compliant with AML regulations.


The Company then saves such data about their clients, including the copies of the relevant documents. The data must be saved at the Company prior to execution of the Business Transaction, i.e. prior to commencement of a payment transaction or any similar service.


The rules amending client identification by a third party apply to clients, products or specific transactions associated with lower risks only. A low-risk client would be a person/entity classed for the Risk Profile No. 1 (see Chapter 8. Risk Assessment and Client Risk Profile: II. Client Risk Profiles). The rules for acceptance of a third-party identification do not apply in case of politically exposed person(s).

    1. Common Provisions on Client Identification


Politically Exposed Person

The employee authorised for contracting performs the identification process to verify, whether the client or their authorised representative is a politically exposed person. Therefore, they have to prove, whether the client has signed/authorised their declaration contained within the business terms and conditions regarding their political exposure status.


Sanctioned Entity

The employee authorised for contracting and contract reviews proceeds with the identification process by verifying potential appearance of the client in any list of sanctioned entities or persons suspected of collaboration with terrorists and support of terrorism; for any legal entity, the group of identified persons includes the persons participating in management or operation of the legal entity (members of any statutory body, actual owners, other parties involved in a particular transaction or business relationship) or their potential origin from any country subject to international sanctions (see the Appendix No. 1 hereto).


Identification of Client’s Agent

In case the client grants their power of attorney to appoint their agent at the establishment of Business Transaction or Business Relationship, such agent will be subject to identification identical with the client identification process as well as against the duly presented power of attorney issued by the client, containing officially certified signatures by the principal and the agent accordingly.


Throughout any Business Relationship with the client, the employees of Company involved in direct or indirect negotiations with the client proceed with verification of the validity and completeness of identification data pertaining to the client and recording of their potential changes.


Should the employee of Company entering into any Business Relationship suspect the client to disguise the real party to the dealings or to actually obscure any third party, they will invite the client to present the relevant power of attorney.


    1. Simplified Identification and Check of Client(s)

Identification or checks of clients may be conducted by the Company in a simplified manner with respect to client categories associated with a potentially lower risk of abuse for legitimisation of proceeds of crime of financing of terrorism; that is for checks and identification of the clients listed below:

  1. credit or financial institutions,

  2. foreign credit or financial institutions operating within the country imposing obligations within the domain of fighting against legitimisation of proceeds of crime and financing of terrorism adequate to the requirements stipulated by the European Union and subject to proper supervision with respect to compliance with such obligations,

  3. any company, whose securities have been endorsing for trading in a controlled market, and subject to requirements for data publication adequate to mandatory requirements applicable within the European Union,

  4. a central public authority of Estonia or any higher territorial administrative unit, or

  5. any client

  1. assigned with significant public office in compliance with regulations of the European Union,

  2. whose identification details are available in public domain and there is no reason to doubt their correctness,

  3. whose activities are transparent,

  4. whose accounting books provide a true and diligent reflection of the bookkeeping data and financial situation,

  5. who is reporting to either any authority of the European Union or authorities within an European Union member state or the European Economic Area or who has implemented other suitable verification procedures to ensure proper supervision over his activities.


Under such circumstances, the employee authorised for entering into the particular Business Relationship proceeds with verification of compliance with the requirements defined above, procurement of identification data of the client to be recorded into the information system of the Company together with verification, whether the information available to the Company does not reveal any of the clients, services or Business Transactions as a higher risk of abuse for legitimisation of proceeds of crime or financing of terrorism.


Should any data contained within the identification details of the client change in course of the Business Relationship, the client is obliged to notify the Company accordingly without any unnecessary delay. Any changes to the identification details shall be recorded into the electronic information of the Company by the back office staff and this fact will be saved into the file kept for the relevant client.


The detailed procedure specifying such information and the method of its procurement from the client to be followed by the Company during the identification process applicable to a Business Relationship has been stipulated by a special methodology implemented by the Company (the internal directive themed Rules Amending Provision of Payment Services).


The simplified client identification is applied to clients, products or specific transactions in associated with lower risks only. A low-risk client would be a person/entity classed for the Risk Profile No. 1 (see Chapter 8. Risk Assessment and Client Risk Profile: II. Client Risk Profiles). The method for simplified identification and check of clients does not apply in case of politically exposed person(s).


  1. Performance of Client Checks


The Company is obliged to perform client checks:

  1. prior to execution of any transactions without a Business Relationship,

    1. once it has become evident a certain transaction reaches the value of EUR 15,000 or higher, at the latest,

    2. when dealing with a politically exposed person,

    3. when dealing with a person resident in a country to be considered a high-risk area pursuant to classification implemented by the European Commission or for another reason,

  2. prior to performance of a transaction bearing symptoms of dubious business, regardless of its threshold value,

  3. prior to establishment of a Business Relationship (e.g. by entering into a Framework Agreement),

  4. in course of a Business Relationship,

in case a payment is split into several independent supplies, the transaction or payment value will equal to their sum provided such supplies are mutually linked.


The client will provide the obliged entity with information required for performance of the transaction, including submission of the relevant documents. to serve the purpose of this law, the obliged entity may obtain copies or extracts from any documents submitted and process such data to meet the requirements defined by ZAML. Processing and recording of the data pertaining to client(s) into the Company’s information system fall within the responsibility of the employee dedicated to client identification.


When performing a client check, the Company procures the following:

  1. identification details of the client

  2. details of the purpose and intended nature of any Business Transaction or any Business Relationship with the client;

  3. investigation of the ownership and management structures of their client and its actual owner in case of legal entity; together with implementation of measures towards establishment and verification of the actual owner’s identity. When performing a check on their client, the Company proceeds with investigations and recording of identification details pertaining to the Actual Owner to verify their identity and the procedure of their investigation;

  4. information required for performance of continuous monitoring of the Business Relationship, including reviews of Business Transactions conducted throughout the Business Relationship in order to verify compliance of Business Transactions performed with the details of the client and their risk profile already known to the Company;

  5. information about the source of funds intended for Business Transactions;

  6. potential appearance of the client in any list of sanctioned entities or persons suspected of collaboration with terrorists and support of terrorism; for any legal entity, the group of identified persons includes the persons participating in management or operation of the legal entity (members of any statutory body, actual owners, other parties involved in a particular transaction or business relationship) or their potential origin from any country subject to international sanctions (see the Appendix No. 1 hereto);

  7. as well as measures appropriate to determine the source of assets of a politically exposed person.

The Company obtains the said information to the extent required for assessment of potential risk concerning legitimisation of proceeds of crime and financing of terrorism depending on the type of client and the type and scope of the service provided. The adequate level of client checks or verification of compliance with requirements applicable to exemption from identification and inspection procedures shall be explained by the obliged entity to the person authorised for performance of compliance checks with respect to the risks mentioned above.


The said information is procured mainly by means of client questionnaires included in Framework Agreements or during performance of a Business Transaction, and further pursuant to potential inquiries made with the client by the authorised employee of the Company. Any such information procured during a Business Relationship is obtained from the information system of the Company.



In case any funds change their owner (see below), the Company is obliged to ask the client to provide one of the documents listed below:

        1. a copy of commercial invoice used for payment/debit order

        2. a payment order in favour of a third party (PP3)


The said information obtained will be used for assessment of risk factors that is within the scope required for evaluation of a potential risk concerning legitimisation of proceeds of crime and financing of terrorism depending on the type of client, business relationship, product and business transaction. The outcome of such evaluation will be recorded into the Company’s information system.


Description of transactions associated with change of funds’ owners.

  1. Payment into an account held by a third party.

  2. Debit order towards any third-party funds in favour of the client.

The Company obtains the said information to the extent required for assessment of potential risk concerning legitimisation of proceeds of crime and financing of terrorism depending on the type of client and the type and scope of the service provided. The adequate level of client checks or verification of compliance with requirements applicable to exemption from identification and inspection procedures shall be explained by the obliged entity to the person authorised for performance of compliance checks with respect to the risks mentioned above.


Procedures for Continuous Monitoring of Business Relationship


Transactions performed with clients are subject to continuous monitoring conducted by employees of the Company. Should any particular Business Transaction within a Business Relationship show at least one of the factors mentioned below, this fact shall be notified to the Compliance Officer, who decides on further procedure and performance of the Business Transaction:

  • the client wishes to proceed with a transaction exceeding EUR 1,000,000 (or its equivalent in a different currency),

  • the client originates/has moved its registered office into/from a country assigning the client with the risk profile Tier 2 or Tier 3,

  • the client wishes to proceed with exchange of one of the following currencies: Russian ruble, Ukrainian hryvnia, Vietnamese dong, Belarusian ruble.


The Compliance Officer is also responsible for execution and assessment of an annual list of transactions performed/prevented in line with the provisions herein, the list is then submitted to the statutory body of the Company for compliance check purposes.

  1. Risk Assessment and Risk Profiles of Clients


The information obtained by the Company during identification and checks on client is used for classification of clients with respect to the risk concerning legitimisation of proceeds of crime and financing of terrorism, determination of compliance requirements for entering into a Business Relationship or termination an existing Business Relationship with a client, in order to drafts the so called Risk Profile for each client pursuant to the risk factors mentioned below, whereas the procurement of such information during a Business Relationship with a specific client or continuous investigation of such information throughout a Business Relationships with any client as well as the procedure adopted with respect to clients showing any risk factor will be determined by the Company.


The investigation of risk profile of any client follows a specific Framework Agreement presented to every new client to enable opening of a new electronic money account and provision of any services associated therewith.


  1. Risk Classification of Client Types with Respect to Risk Factors


Risk factors relevant to entering into a Business Relationship:

  1. When the actual owner of client cannot be identified;

  2. unclear purpose and reason for entering into a Business Relationship;

  3. unclear origin of funds available to the client (client declaring to have obtained such funds as a cash prize from a casino or cash received as a present, etc.);

  4. any company not conducting any economic activity;

  5. the client is a company registered within the so called off-shore zones;

  6. the client is under direct or indirect control by an entity registered in the so called off-shore zones;

  7. the registered office of client or customer or any entity with direct or indirect control thereof is situated in the so-called office house (formal relocations of registered offices into cities and large office buildings (the so called “office houses”), especially to Prague. Their aim is to achieve the minimum probability of inspection conducted by the local revenue office.);

  8. any fact raising suspicion, whether the client acts on their own or they intended to disguise their actions conducted on behalf of a third party;

  9. contact details for multiple client accounts are identical;

  10. the permanent residency address of any client or their authorised representative is based at a municipal authority or

  11. there are other facts implying the client wishes to perform a dubious transaction.



Further factors relevant to entering into any Business Relationship associated with a higher risk:

  1. the fact that any of the countries of client’s origin or the country of origin of the Actual Owner of client or any authorised agent thereof acting on their behalf is a country with insufficient or even missing measures implemented to combat legitimisation of proceeds of crime or financing of terrorism or a country defined as a hazard in the assessment conducted by this institution (see the Appendix No. 1 hereto);

  2. the fact that any of the countries of client’s origin or the country of origin of the Actual Owner of client or any authorised agent thereof acting on their behalf is a country subject to any sanctions, embargoes or any similar restraining measures (see the Appendix No. 1 hereto);

  3. the fact that any of the countries of client’s origin or the country of origin of the Actual Owner of client or any authorised agent thereof acting on their behalf is a country identified as a country suffering from severe corruption level or any other crime, as reported by trustworthy information sources (see the Appendix No. 1 hereto);

  4. the country of origin of the entity/person performing a Business Transaction with the client is a country with insufficient or even missing measures implemented to combat legitimisation of proceeds of crime or financing of terrorism or a country defined as a hazard in the assessment conducted by this institution;

  5. entry of the client, Actual Owner of the client or any entity/person performing a Business Transaction with the client, in a list of persons and movements subject to imposed sanctions;

  6. performance of a Business Relationships under unusual circumstances;

  7. the client makes use of products or transactions likely to aid anonymity;

  8. the client is a commercial corporation involving shareholders or members or a corporation issuing bearer shares;

  9. the client makes vast use of cash money for their business operations;

  10. the personal asset holder tool utilised in this case is a legal entity, a trust fund or another legal arrangement without a legal personality;

  11. the fact that information available to this institution shows the scope of business pursued by the client is associated with a higher risk concerning legitimisation of proceeds of crime or financing of terrorism;

  12. the client’s ownership structure seems unusual or too complex with respect to the nature of their business.



The degree of risk at individual factors differs and some of them (e.g. unclear origin of funds of classification of any client among sanctioned entities) are considered signs of dubious transactions.


A risk profile will be drafted using the information provided by the client when entering into the relevant contract, which is mainly through Section V. Other Framework Agreements. Assessment of risk factors applicable to entering of any Business Relationship is conducted by the back office staff.


Risk factors may be also recognised pursuant to a check or inspection throughout an existing Business Relationship. The method and frequency of checks are described in Chapter 7 - Client Inspection method - in this internal regulation.


Risk factors during a Business Relationship and individual Business Transactions

The Company continues of risk factor supervision even in course of a particular Business Relationship. Clients are obliged to report any changes with authoritative effects on their Business Relationship with the Company. The Company may assign a client with the Risk Client classification during a Business Relationship, although such client might have been identified as a non-risk entity at entering into the Business Relationship, such client may be also moved into a higher Risk Category. This classification or re-classification are performed in compliance with client risk assessment rules provided the client have been identified with the following risk factors:


  1. the client’s ownership structure becomes non-transparent (the final owner - physical person - cannot be identified);

  2. the registered office of client or any entity/person exercising direct or indirect control over the client is situated within the so called off-shore zone;

  3. the registered office of client or any entity/person with direct or indirect control over the client has been relocated into any so called office house;

  4. the company ceases its economic activity;

  5. any fact raising suspicion, whether the customer acts on their own or they intended to disguise their actions conducted on behalf of a third party;

  6. other facts implying the customer wishes to perform a Dubious Transaction.




Further factors relevant to entering into any Business Relationship associated with a higher risk:

  1. the Country of Origin of the Client or their Actual Owner or their authorised agent acting on behalf of the client has been changed to a country with insufficient or even missing measures implemented to combat legitimisation of proceeds of crime or financing of terrorism or a country defined as a hazard in the assessment conducted by this institution (see the Appendix No. 1 hereto); Appendix No. 1 hereto);

  2. the Country of Origin of the person conducting a Business Transaction with the client has changed to a country with insufficient or even missing measures implemented to combat legitimisation of proceeds of crime or financing of terrorism or a country defined as a hazard in the assessment conducted by this institution;

  3. the customer, the Actual Owner of customer or any person acting as an agent thereof, the final recipient of the subject matter of Business Transaction or the Actual Owner of entity/person performing the Business Transaction with the client or the person performing the Business Transactions with the client, has been entered into a list of persons and movements subject to imposed sanctions;;

  4. performance of a Business Relationship under unusual circumstances;


Throughout a particular Business Relationship, the client is obliged to notify the Company of any changes with essential effect on their established Business Relationship (i.e. change of identification details etc.) Following such notification, the employee responsible for Business Relationship with such client shall assess the potential risk factor and proceed similarly as during establishment of the Business Relationship.


Risk factors occurring in course of a Business Relationship are controlled mainly via the business information system of the Company, the Framework Agreement and screening of data in the relevant lists (see the Appendices No. 1 and 2 hereto). The responsibility for such checks is vested into the back office staff.


  1. Client Risk Profiles

With respect to the risk factors mentioned above, the Company holds classification of its customers into AML profiles defined below:


Tier 1 - non-risk (client) profile – assigned to clients not showing any risk signs, as defined by the AML risk factors, when entering into a Business Relationship (contract) and throughout the subsequent business cooperation


Tier 2 - risk (client) profile – assigned to clients identified with one or more risk factors, which, however, do not rule out potential Business Relationships, once assessed properly. The obliged entities must pay more attention to these clients in terms of higher monitoring over their business activities with the aim to reveal deviations or potential signs of dubiousness. These clients are also subject to more frequent updates of the clients’ questionnaire (AML, relevant section of the Framework Agreement) once in every 36 months.


Tier 3 - unacceptable (client) profile – assigned to clients identified with one or more risk factors rendering the client unacceptable with respect to AML measures, as revealed by a proper assessment. This client may not be allowed to enter into any contractual relationship.


AML checks are integrated in the internal information system. Every newly entered template, person, company or country are subject to checks with respect to regularly updated lists of sanctioned and risk entities provided on the FAU website. Any positive outcome of this check will be distributed to selected staff of the Company and the Compliance Officer.


Any customer identified with one or more risk factors will be labelled in the business information system by the authorised employee of the Company. Any risk factors discovered at a client shall be reported to the Compliance Officer, who cooperates with the employee responsible to assess the factor as assign it to the risk category Tier 2 or 3. Occurrence of multiple risk factors at any client and assignment of such entity into the Tier 2 within risk classification then increases the requirements for frequency of monitoring aimed at the business operations conducted by such customer, such supervision will be performed by persons serving such customer and the internal inspection departments. Individual cases will be assessed on individual basis in a broader sense. The designated employee of the Company and the Compliance Officer hence proceed with assessment of individual cases against the relevant documentation presented, the type of client, the purpose of Business Transaction, regularity and duration of the Business Relationship, the type of product, the value and method of Business Transaction performance, opinion of the client, the information and materials generally available or even references from other resources, while also considering any higher risk factors. The Compliance Officer shall consider the status of such client with priority, together with their potential scope of business and the option to abuse products or services of the Company implying occurrence of crime. The client risk assessment (Tier No. 2 or 3) is then always conducted in a manner comprehensive and diligent with respect to a specific customer; that is subject to consideration of all circumstances and options to abuse services of the Company for any criminal activity. Any client subject to international sanctions exercised by the government of Estonia and applicable to financial operations will be always classed on the risk profile Tier No. 3.


The Compliance Officer proceeds with identification and assessment of risks concerning legitimisation of proceeds of crime and financing of terrorism that may occur within operations conducted by the Company. The said list of risk is executed in writing and always reflects types of transactions and Business Relationships associated with operations conducted by the Company.


Any risk client will be also subject to higher demands for proofs and documents relevant to any signs of dubious transaction. Specific requirements for monitoring of client’s activities and demands for explanations, together with any additional documents are determined individually and in line with instructions provided by the Compliance Officer (that is especially submission of individual invoices pertaining to transactions performed by a risk client and the associated explanations provided with regard to specific transactions etc.).


For any foreign entities, the person responsible for contracting and identification of the client shall request collaboration from the Compliance Officer of the Company. The latter is obliged to make a random verification, whether such entity/person does originate from any country subject to sanctions imposed by the EU or any dangerous countries, the up-to-date list of which has been determined by the (EU) Commission Order No. 2016/1675 dated July 14th 2016; and it is available at www.mfcr.cz/fau. The Compliance Officer is further obliged to verify whether such country has been entered into the list of jurisdictions executed by the OECD forum, distinguishing between 4 categories of countries per their degree of compliance with the AML legal regulations. For any country found in the section “Partially compliant“, the client will be assigned with AML profile in Tier No. 2, any country found within the section “Non-Compliant“ means the client is assigned with the AML profile in Tier No. 3, otherwise the clients will be assigned with AML profiles in Tier No. 1 accordingly. See the following link for the list of jurisdictions: http://www.oecd.org/tax/transparency/exchange-of-information-on-request/ratings/#d.en.342263.


The list of risk clients is maintained by the Company’s Team Leader, who is also responsible for its regulation updating and continuous reporting of such details to the Company’s staff serving the client or engaged into direct or indirect dealings with such client.


  1. Risk Factors of Company’s Products and Services

The Company exercises supervision of risk factors associated with abuse of its products and services for legitimisation of proceeds of crime. Following any facts discovered during a Business Relationship, the Company might assign a client with the Risk Client classification during a Business Relationship, although such client might have been identified as a non-risk entity at entering into the Business Relationship, such client may be also moved into a higher Risk Category.


The Company issues electronic money and conducts payment transactions associated therewith. An electronic money account enables crediting of electronic money issued by the Company against any funds received from the relevant client or the reverse exchange of electronic money into funds.


The client may then potentially abuse the services when using payment services associated with electronic money; that is conducting of particular transactions and during operation of the electronic money account. The mutual coherence among these services is so high that abuse of any service would usually result in abuse of another. Options to abuse of products and services of the Company during operation of an electronic money account exist during transfer of funds into any accounts held by third parties and involved in money laundering activities or even financing of terrorism or when the client transfers the funds obtained through such crime into their account or any third-party account(s). Those transfers are intended to obliterate the illegal origin of the funds or even to effect the funds for these purposes directly. Abuse may comprise the so-called structuring, i.e. amounts effected by the client are tight below the control threshold or the transaction performed is not typical for the particular client (unusual amount of special terms and conditions imposed). Other means of abuse may include counterfeit identification documents or insufficient checks conducted by the authorised employee of the Company or even their assistance with such criminal activity (involvement of the so-called “insider”).



The Company acts as a small-scale issuer of electronic money, issuing electronic money and conducting transactions associated therewith. When rendering its services, the Company considers the following options to abuse its services for money laundering purposes.

  1. regarding the value of Business Transactions (payment transactions) performed

    1. Business Transactions performed and not typical for the particular customer, deviating from the transaction history of such customer;

    2. the client requests performance of a Business Transaction with no evident economic reason;

    3. the volume of Business Transactions performed does not correspond with the customer’s income;

    4. transactions of this client show the so called structuring pattern i.e. payments effected by a single client into/from a client account, where the client proceeds with 3 and more payments within 5 business days and none of these exceeds the amount of EUR 15,000;

    5. payments coming into the client’s account exceeding CZK 5 mio. from any person different to the holder of client’s account;

  2. with involvement of insiders

    1. the risk concerning involvement of insiders (employees of the Company) into criminal activities, where the employees tend to assist with concealment or even laundering of illegal money.


Products and services of the Company are also associated with higher risk factors, including the following:

  1. utilisation of transactions potentially supporting anonymity,

  2. incoming payments from unknown entities or any third parties different from associates, or

  3. new products or new business procedures, including new distribution systems and application of new or developing technologies to new or existing products.

Risk factors of clients and services may show certain mutual diffusions, which means these always need to be considered with respect to their correlation.


Monitoring of Risk Factors

The Company eliminates risks both by means of its automated business information system, regular random checks and by employing the four eyes principle.


The business information system tracks full transaction history on any account of the client and lists their transactions. It also holds all the identification details with instant search for any transactions assigned to individual clients, this prevents anonymization of individual transactions.


The back office staff keep track of payments featuring the so-called structuring, where a client sends 3 and more payments under EUR 15,000 each during 5 business days. These occurrences are reported to the Compliance Officer, who is responsible for assessment of such transactions and settings further steps to be followed.


Traceability of clients and the relevant staff members also reduces the option to involve a so-called “insider” to participate in the client’s illegal activities. All the Business Transactions performed by a particular client are subject to monitoring by the Company, who is able to assign these to the individual client and own employees for reciprocal checks. Any operations conducted by an employee suspected of “insider” activity can be always monitored.


Other risk factors are then subject to random checks during regular quarterly inspections conducted by the Compliance Officer (see the Compliance Rules internal regulation). These checks are then summarised in the compliance report covering the relevant period.


Any new products and services, distribution channels or technological procedures always require prudent approach with attention to any options for money laundering with respect to their unproven nature, where the Company may not be able to cover all the anti money laundering options. Introduction of new products, services or technologies is controlled by means of procedures against legitimisation of proceeds of crime and financing of terrorism that are imposed by the Compliance Officer.


  1. Rules of individual client treatment


Following its individual treatment practices exercised with clients, the Company places each client (physical person) into the same category as the client (legal entity) actually represented by the first client mentioned above. When accepting orders labelled with the individual client treatment (IPK) characteristic, one needs to distinguish clearly, whether the client is acting on their own as a physical person (FO) only or representing any legal entity (PO), whom the physical person represents. Orders submitted by these persons cannot be merged, exchanged or split.


  1. Entering into Business Relationship, Refused Transactions


The Company refuses to enter into a Business Transaction or a Business Relationship under the following circumstances:

  • the client refused to undergo their identification;

  • the client has not supplied the data required for their identification and check;

  • in case the employee of Company entering into a Business Relationship adopts any suspicion throughout or during execution of any Business Transaction the client to disguise the real party to the dealings or to actually obscure any third party, they will invite the client to present the relevant power of attorney, which the client fails to do;

  • the client refuses to provide collaboration during the inspection process;

  • the client cannot be identified or checked for any other reason;

  • The employee of Company performing identification or check of the client has certain doubts about credibility of information provided by the client or the documents submitted;

  • the client is a person subject to international sanctions in the financial domain exercised by the government of Estonia (see Appendix No. 1 hereto);

  • when dealing with a politically exposed person, where the origin of assets intended for their Business Transaction remains unknown;

  • with missing consent from an executive or managing director, when dealing with a politically exposed person.


Should the Company discover any of the facts mentioned above during any Business Relationship, the Company terminates processing of the particular Business Transaction for the client or even proceeds with termination of their Business Relationship.


  1. Definition of Dubious Transaction


A dubious transactions is defined as a business transaction performed under circumstances raising suspicion of attempts for legitimisation of proceeds of crime or any suspicion implying the funds used within such Business Transaction are intended for financing of terrorism or any other relevance between the Business Transaction and financing of terrorism, i.e. the Business Transaction features certain signs, even merely implying that the funds used therein originate from any criminal activity or these should be used for any crime perpetration or even used for committing any act of terrorism or other activities associated with terrorism (hereinafter referred to as a “Dubious Transaction” only). The Company does not have to be aware of the exact nature of crime or the perpetrator, same as any other facts showing the signs of any criminal activity; however, these must be borne in mind when assessing a Dubious Transaction.


General signs of dubious transaction

  1. Problems with client identification

  2. The client demands and offers unusual conditions

  3. The transaction is atypical for the particular client

  4. Documents presented by the customer seem counterfeit or defective in any other way or their appearance is certainly questionable

  5. The client is nervous during face-to-face negotiations for whatever reason

  6. The client is accompanied by another person and observed

  7. The client acts as a middleman

  8. There is no evident economic, material or legal reason for the particular transaction or its relevance to the regular business operations of the client cannot be identified

  9. Unusual methods employed for transfer of higher cash volumes

  10. Striving towards minimum contact with financial institutions and authorising agents to handle such interaction using a power of attorney

  11. Any transaction that is non-transparent with respect to its economic objective or making an illogical impression, where its very design may indicate an illegal act

  12. Any transaction associated with quick subsequent withdrawal of invested funds, unless logically justified by regular business operations of the client

  13. Any transaction aimed outside the regular business operations or the usual group of clients and Business Transactions of a particular financial institution with no evident explanation as to why the specific transaction is aimed at the specific financial institution.

  14. Any transaction resulting in the fact that any accounts kept passive for a long term have suddenly started showing enormous activity without any clear reason

  15. The client has provided the financial institution with any untrue or misleading information or deliberately refuses to disclose or provide the Company with regular data and information required for the particular Business Transaction or the Company is supplied with data and information that is difficult to verify or appear untrustworthy.

  16. The Business Transaction is executed with a risk client.


Signs of Dubious Transactions when issuing electronic money and provision of payment services associated therewith

  1. Unusual requirements for performance of Business Transactions, especially with respect to the type of client, their existing business operations, the subject matter, scope and settlement method relevant to a particular Business Transaction, the purpose of accounting opening and line of business performed by the customer

  2. Any Business Transaction or payments using currencies rare in this country (e.g. Russian ruble, Ukrainian hryvnia, Vietnamese dong, Belarusian ruble)

  3. Payments incoming into the payment account without any Business Transaction performed and subsequent transfer of these funds to other accounts

  4. Payment transactions from/into risk and sanctioned countries

  5. The client changes their contact details or instructions relevant to their transaction without giving any reasons

  6. A group of clients performing similar transactions

  7. The information available implies the client has certain ties with any perpetrators of crime

  8. The client is represented by their plenipotentiary for unclear reasons

  9. Transactions performed by the client show a seasonal pattern and there is no evident legal reason for that

  10. The client is submitting documents issued by a foreign institution that can be barely verified

  11. The frequency of transactions or their volumes do not correspond with the material situation of the client


The indices to identify a Dubious Transactions always include the following signs:


  • the client or the Actual Owner of the client is a person(entity subject to international sanctions exercised by Estonia in accordance with the Act No. 69/2006 on Carrying Out of International Sanctions as subsequently amended,

  • the actual or intended subject matter of the Business Transaction comprises goods or services subject to sanctions exercised by Estonia in accordance with the Act on Carrying Out of International Sanctions; or

  • the client refuses to undergo an inspection or provision of Identification Details of the person/entity, on whose behalf the client acts (under such circumstances, the Company does not enter into any Business Relationship or Business Transaction with the client).


Dubious Transactions can be especially identified using the following:

    1. continuous monitoring of transactions conducted by an employee of the Company with attention to the frequency and scope of deviations from the regular mode

    2. continuous interaction with the customer and awareness of the Company’s employee about the customer’s environment

    3. information provided by a third party (press, internet, etc.)

    4. monitoring of operations via the business information system of the Company.


  1. Dubious transaction assessment process


Application of the “know your client” principle, i.e. identification and check of the client with further monitoring of the nature, volume and other characteristics of any Business Transactions conducted by such client; this is the essential rule for revelation of Dubious Transactions to promote efficient prevention of money laundering and financing of terrorism via this Company. This knowledge is based on continuous monitoring of Business Transactions with attention to the frequency and scope of certain deviations from the regular business practices of the client. Identification of Dubious Transactions requires individual assessments of characteristics pertaining to particular Business Transactions.


When performing assessment and evaluation of Dubious Transactions, the Company’s employees focus mainly on:

  • Business Transactions conducted by risk clients;

  • Business Transactions of politically exposed persons;

  • Business Transactions containing any of the sign to identify Dubious Transactions.

While special attention would be dedicated to:

  • the nature of Business Transaction and circumstances relevant to its performance;

  • the nature and volume of usual Business Transactions performed by the client;

  • the Risk Profile assigned to the client.



Should any Business Transaction performed show any of the “individual dubious characteristics”, it does not necessarily need to be a truly dubious transaction, yet it must still be subject to a comprehensive assessment.


Fundamental liability for monitoring of Business Transactions of the client remains with the employee providing a service to the client o behalf of the Company. This is also related to the potential involvement of such employee into legitimisation of proceeds of crime and financing of terrorism (the so-called insider) and the associated risk of letting the client proceed with such Dubious Transaction due to aid by such employee. The business information system of this Company enables traceability of individual employees dealing with particular clients to perform specific Business Transactions. Should any employee be suspected of insider activity, the business information system of the Company enables monitoring of their operations.


Should the client proceed with any change to nature of their Business Transactions of if there is a significant increase in the number or volumes of Business Transactions when compared to a similar past period; or when compared to the estimates made by the employee entering into the particular Business Relationship, rendering the employee of the Company liable for investigation in the cause of such progress. In case of any doubts, the employee of this Company is entitled to ask the client for submission of documents proving reasons for such changes.


Details of any client and their Business Transactions are recorded by the Company using their electronic information system and the electronic file maintained for each customer. The details of a particular client and their Business Transactions kept within the electronic information system are accessible by all staff of the Company rendering any services to the client on behalf of the Company or involved in dealing with such client directly/indirectly.


The information and data pertaining to clients maintained within the electronic files are available to the back office staff on request placed with the Compliance Department, providing such files to any other persons following a properly justified request. The persons responsible for proper keeping of these electronic files are the back office staff.


Each electronic file contains mainly the following data and documents:


    1. any contractual documents concluded with the client;

    2. any potential power of attorney issued by the client to authorise the agent for operation of assets present in the client’s account;

    3. updated Identification Details (a copy of Identity Document, a certificate of good standing for a legal entity, etc.);


individual documents contained within the file must clearly identity the person and place of their procurement, as well as the method for their updating.


Should the Company identify any suspicious persons throughout the verification of persons suspect of support to terrorism in financial and business databases, these facts must be notified to FAU.


  1. Notification of Dubious Transaction


Should any employee of the Company find any Business Transaction of the client as dubious, this fact needs to be notified to the managing director responsible and the Compliance Officer via e-mail, phone or in writing immediately.


The Compliance Officer has passive access to the internal system of the Company to facilitate investigations after such notification, documentation and information of the person affected, associated with the notification of Dubious Transaction.


Their notification must include the following data:

  • identification details of the Company’s employee reporting the Dubious Transaction;

  • identification details of the client affected by such notification or even Identification Details of the person acting on behalf of the client affected by such notification;

  • description of the subject matter and substantial circumstances associated with entering into such Business Transaction,

  • the current date.


The Internal Report for notification a Dubious Transaction, containing details of the client and their Business Transactions, must be sent by the relevant employee to the Compliance Officer immediately. The Compliance Officer confirms receipt of the Internal Report for notification a Dubious Transaction by phone, e-mail or facsimile, for example, to enable a comprehensive assessment to verify such Dubious Transaction properly. For a template of the Internal Report, see the Appendix No. 3 hereto.


Should the relevant employee of the Company not find a particular Business Transaction of the client dubious, yet the transaction will still remained considered risky, the employee is obliged to enter such transaction among the risk transactions maintained by the Company and such entry and the relevant reasoning must be notified to the Compliance Officer immediately.


Should there be any evident signs of a Dubious Transaction and it has not been reported as dubious by the relevant employee of the Company, such failure will be considered a serious breach of the Company’s internal regulations.


Should the Compliance Officer find a particular Business Transaction dubious, this fact needs to be reported to the Financial Analytical Unit (hereinafter referred to as the “FAU” only) without any unnecessary delay and within the maximum period of 5 calendar days following the discovery of such Dubious Transaction. Whenever required by facts of the case, especially with imminent risk of default, the Compliance Officer shall report any Dubious Transaction following its discovery immediately.


Reporting of any Dubious Transactions must be performed in writing, by means of a registered letter, facsimile or orally as a statement delivered at a pre-defined location upon prior arrangements with FAU. The Compliance Officer shall always verify delivery of their report concerning any Dubious Transactions to FAU.



For FAU Notification Template, see the Appendix No. 2 hereto.


  1. Postponed execution of client’s order


Should any immediate processing of order submitted by the client result in frustration or substantial reduction of proceeds of crime or funds intended for financing of terrorism, the Company shall follow the order submitted by the client and showing signs of a Dubious Transaction only 24 hours later following receipt of a Dubious Transaction alert by FAU. The assets affected by such order submitted by the client will hence be secured by the Company to prevent its handling. Under such circumstances, the Compliance Officer/managing director proceeds with reporting such Dubious Transaction on the day of order receipt from the client, whereas the Dubious Transaction report will be supplemented with information advising of the client’s order being postponed.


The provisions identified by the previous clause shall not be applied, when such order cannot be postponed or if such postponement may frustrate any investigations focusing on any Dubious Transaction. The Company notifies FAU about performance of such Business Transaction immediately following its processing.


Should FAU respond to any Dubious Transaction report by extending the postponed order execution period or the time interval applicable to blocking of assets intended for performance of a Dubious Transaction, the Company proceeds with securing the assets in a manner defined within the resolution made by FAU.


Any resolution of postponement applicable to processing of any client’s order or to securing of their assets comes into legal force on the day of its announcement. Such announcement may be conducted orally, by phone, facsimile or using electronic means; however, its authentic copy must be then delivered to the Company in a hard copy form.


Should FAU not inform the Company about filing any complaint against the client within the period of 3 days following receipt of a Dubious Transaction report, the order submitted by client will be processed.


Should FAU file their complaint within the period of 3 days following receipt of the Dubious Transaction report, the postponement of client’s order processing will be extended by 3 business days following the complaint filing date, unless the party in criminal proceedings has ruled on withdrawal or blocking of the subject matter of such Dubious Transaction.


The Company shall employ suitable means of securing the assets affected by any postponed order submitted by the client in order to block such assets from any handling contradictory to the provisions herein; that shall be the following:

  • the Compliance Officer/managing director instructs the banking staff accordingly, these will be restricted from performance of any Business Transactions relevant to the Dubious Transaction report.


Once notified by FAU or once the relevant period has expired, the Compliance Office (managing director informs the relevant employee of the Company reporting such Dubious Transaction of the earliest possible date for processing of the particular order submitted by the client.


  1. Internal inspection system


Executives of the Company perform random inspections aimed at compliance with obligations vested in the Company and its employees, as stipulated herein and by ZAML.


When performing internal inspections, the Front Office supervisors proceed with:

  • investigation, testing and assessment of effectiveness and operability of the system to prevent money laundering;

  • investigation, testing and assessment and effectiveness and operability of the system for prevention of legitimisation of proceeds of crime and financing of terrorism associated with the launch of a new product or service;

  • verification of compliance of the provisions herein against legal regulations in force;

  • performance of random checks of staff to prevent occurrence of the so called “insiders”;

  • presentation of new measures to be implemented as remedies for any deficiencies found (amendments within internal regulations, improvement of the information system, enhancement of the training system, etc.).


The front office supervisors have access to all the information pertaining to clients and their Business Transactions, whereas they have the right to request any information and documents necessary from any employees of the Company. The Company’s employees are obliged to provide such data as well as their full collaboration.


  1. Evaluation Report


The Compliance Officer executed their annual report to evaluate the activities undertaken by the Company aimed at prevention of money laundering (hereinafter referred to as the “Evaluation Report” only).

The Evaluation Report contains the following details:

  1. evaluation of procedures and measures implemented by the Company to prevent money laundering to confirm their appropriate efficiency;

  2. evaluation of the system with internal principles, procedures and control measures implemented by the Company with respect to any deficiencies found over the past year and identification of potential risks of the Company arising therefrom;

  3. evaluation of the internal regulations amending prevention of legitimisation of proceeds of crime to confirm their compliance with the legal regulations in force;

  4. details about reports submitted with respect to Dubious Transactions over the past year;

  5. remedy proposed to any deficiencies found in accordance with par. b);

the Evaluation Report will be discussed by the general meeting at their nearest convention following the delivery of Evaluation Report.


The Compliance officer shall execute the Evaluation Report together with updates to the Risk Assessment and status of Dubious Transactions; this update must be conducted for every new product or service.


The Evaluation Report must remain filed by the Company’s compliance department for at least 5 years.


  1. Reporting obligations of the Company


Whenever requested by FAU, the Company will honour the set period and provide the latter with details of Business Transactions relevant to the mandatory identification or subject to investigation performed by FAU, submitting documents concerning such Business Transactions or providing access to the same for the FAU staff in order to enable investigations of reported transactions and providing information about any persons/entities involved in such Business Transactions by any means.


Whenever requested by FAU, the Company shall disclose any existing or recent Business Relationship maintained with a specific physical or legal entity over the past 10 years, whom the Company was obliged to identify, also providing details to describe the nature of such Business Relationship.


  1. Filing Obligation


The Company uses its information system to acquire and store all information about any client, relevant to their Business Relationship and identification and checks of the client, verifying the validity and completeness of data with potential updates thereof.


The Company is obliged to maintain the following information and documents for a period of 10 years following termination its Relationship with their client:

  • Identification Details of the client obtained during the identification process;

  • copies of documents submitted for identification and inspection purposes;

  • details of the person conducting the first identification of client, including the date thereof;

  • documents pertaining to Business Transactions and orders of the client;

  • other information and documents relevant to a Business Relationship.


The period of 10 days commences on the first calendar day of the year following the year of the most recent operation within a Business Relationship.


For a detailed procedure amending the filing of documents, see the special internal regulation implemented by the Company.

Whenever requested by FAU or another authorised inspection body, the Company is obliged to supply the documents and information required. This information is provided by the managing director.


The Company carried out regular backup of all the approval and decision-making processes and control activities within the anti money laundering policy in such manner to enable their restoration.


  1. Confidentiality


Both the Company and its employee are obliged to remain confidential with respect to any facts learnt in relevance with any Dubious Transaction. This obligation applies towards both third parties as well as persons affected by the information disclosed.


The confidentiality obligation vested in employees of the Company shall survive any termination of their employment or any other contractual relationship with the Company or any transfer of such employees to another workplace. Disclosure of such information to public authorities and other entities in cases defined by the law shall not constitute breach of the confidentiality obligation.


The confidentiality obligation, provided the use of information disclosed is limited to prevention of legitimisation of proceeds of crime and financing of terrorism, cannot be applied to disclosure of information between financial institutions forming a consolidated group within the Company, as defined by ZPKT (the Capital Market Undertakings Act).


  1. Training of Staff


The Compliance Officer in the Company will hold at least one training session for its employees every 12 calendar months, focusing on personnel who may encounter Dubious Transactions during their regular working activity, those are mainly staff from the Sales Department.


The internal regulations of AML must be communicated to every new employee who may encounter any Dubious Transactions during his (her regular working tasks, they need to be aware of the regulations prior to their assignment to their workplace.


The training of Company’s employees then comprises mainly the following:

    1. the system of internal anti money laundering principles;

    2. typology and signs of Dubious Transactions;

    3. procedures for identification and evaluation of Dubious Transactions;

    4. determination of client’s risk profile;

    5. procedures for entering into a Business Relationship, correct procedure for identification and inspection of the client;

    6. cases of non-conclusion of a Business Relationship or non-execution of a Business Transaction;

    7. changes to the AML law, to the internal regulations comprising the system of anti money laundering internal principles;

    8. procedure for reporting of a Dubious Transaction.


The Company’s employees shall confirm their presence at the training by signing the list of attendees. Such lists of attendees and reports on completed training sessions with specification of the agenda covered are kept on file at the Company.




The relevant obligations of the Compliance Officer/managing director hence include:

  • receipt and analysis of internal reports alerting about Dubious Transactions in order to confirm their dubious nature;

  • compliance with the Company’s reporting obligation towards FAU;

  • notification of the Company’s managing director about the information provided to FAU;

  • provision for keeping of registries required;

  • provision for filing of documents relevant to Dubious Transactions;

  • arrangement of training sessions for the Company’s employees;

  • notification of FAU about changes to the system of internal principles within 30 days following their implementation by the Company;

  • execution of the Evaluation Report to be kept in file for at least 5 years.


The Compliance Officer/managing director is hence entitled to:

  • request any documents and information relevant to clients and their Business Transactions from any employees;

  • request collaboration from individual departments and employees of the Company.


The Compliance Officer/managing director is also obliged to observe the existing progress relevant to anti money laundering procedures and recommendations from the Financial Action Task Force on Money Laundering, authorities of the European Union and other international organisations working the field of anti money laundering and to ensure compliance of the Company’s internal regulations with the legal regulations in force.

The Company will notify FAU of the appointment of a contact person or their replacement, stating the first name(s), surname, office and other details necessary to establish contact including their phone number and e-mail address.



II. ASSERTION OF THE INTERNATIONAL SANCTIONS SYSTEM IN OPERATIONS OF THE COMPANY


  1. Assertion of International Sanctions


The Company conducts its business operations in accordance with the Act No. 69/2006 on Carrying Out of International Sanctions to apply a system or principles for assertion of international sanctions in order to preserve or restore international peace and security, protection of the fundamental human rights and combating terrorism.


For an updated list of persons subject to international sanctions, visit the following website http://eeas.europa.eu/archives/docs/cfsp/sanctions/docs/measures_en.pdf.


The Company has set up automatic checking of its clients originating from countries subject to international sanctions.

  1. Notification Duty


Should any employees of the Company providing payment services find out about any assets within the Company subject to international sanctions, they are obliged to report the same to the managing director, who forwards the information to FAU in terms of a proper report submitted without any unnecessary delay.

Should any of the staff members in the sales department preparing or entering into a Business Relationship become suspicious of one of the parties within the contractual relationship being subject to international sanctions or that the relationship shall involve any assets subject to international sanctions, however, when such suspicion cannot be verified in a credible manner prior or during conclusion of the contract, the notification duty defined in the previous paragraph shall incur right after conclusion of the contract.


The report detailing assets subject to international sanctions and submitted by the Company shall include the following:

  • a brief description of the assets if known to the notifying party, specification of their locations at the time of notification,

  • identification of the actual owner of such assets, if known to the notifying party,

  • whether there is an imminent risk of damage or depreciation of such assets or their utilisation in a way contradictory to the law,

  • other significant information relevant to assets,

  • the contact address, phone number and e-mail address of the Company and the person assuming responsibility on behalf of the Company.

The Company’s report shall be submitted in writing or orally, by means of a recorded statement; including phone or facsimile transmissions in case of emergency. Any report submitted in electronic form and appended with a guaranteed electronic signature shall be also considered made in writing.