KYC & AML Policy Bitpapa.com
(User Agreement Terms and Conditions for the provision of services by Bitpapa.com)
20 Aug 2024
- GENERAL
This Policy on Anti-Money Laundering and combating the Financing of Criminal or Terrorist Acts (“AML Policy” or this “Policy”) is adopted by Bitpapa.com, a company incorporated under the laws of the Republic of Seychelles “Seychelles” (the “Company” or “Bitpapa.com”), as of the date written above, to be executed and observed by the Company, its employees, affiliates and service providers in order to achieve full compliance with the relevant anti-money laundering legislation.
All services of the the “Company” or “Bitpapa.com” are provided by Tech Labs BDC Ltd
Certificate: 241844
Incorporated: 08/05/2024
Registered Office: House of Francis, Room 303, Ile Du Port, Mahe, Seychelles
Registered Address: House of Francis, Room 303, Ile Du Port, Mahe, Seychelles
The Company is a provider of digital asset exchange services, including, but not limited to, custodian wallet services for crypto assets.
This Policy should be read in conjunction with these instruments, in any conflict between the contents of this Policy and said Instruments, the latter shall prevail.
All amounts denominated in this Policy in the Republic of Seychelles shall be read to include the equivalent amounts in any other currency or digital currency, as traded at the date of the relevant transaction.
This Policy aims to provide specific instructions on how personnel of the Company should perform actions, mandate internal procedures, and provide general guidelines for the instruction, control and training within the Company and its affiliates, in connection with the mitigation and handling of ML/TF risks.
This Policy shall act as binding guidelines to all relevant Company personnel, and all such personnel must be aware of, and adhere to, this Policy.
Bitpapa.com service operates on the basis of the legislation of Seychelles, as well as ratified international agreements:
- International standards on combating money laundering and the financing of terrorism & proliferation (Financial Action Development Group against Money Laundering – FATF, February 2023;
- Specially Designated Nationals And Blocked Persons List (SDN) Human Readable Lists OFAC, (the “Regulation”) and other legal guidelines given by 8.1.1.Guidance for a risk-based approach to virtual assets and virtual asset service providers (FATF), the European Parliament and of the Council (the “Instruments”);
- Consolidated AML - CFT Act 2020 to 19th May 2022;
- The FSA Advisory pursuant to Section 4(1)(m) of the Financial Services Authority Act, 2013, 10 January 2023;
- Section 41(3) of the Anti-Money Laundering and Countering the Financing of Terrorism Act (“AML/CFT Act”);
- Regulation 16 of the Anti-Money and Countering the Financing of Terrorism Regulations, 2020 (“AML/CFT Regulations”) - FATF High Risk Countries;
- National AML-CFT Strategy Document
The Seychelles Financial Services Authority - https://fsaseychelles.sc/legal-framework/legislations
1.2. The Company warns Users against attempts to use the Company's products/services in order to legalize funds obtained by criminal means, finance terrorism, proliferation of weapons of mass destruction, fraud, purchase of prohibited goods and services, illegal actions of any other kind. The Company also warns Users against attempts to hide information linking them to sanctions lists of legal entities and individuals, countries and others.
1.3. The AML/KYC policy is drawn up by the Company in accordance with international and national standards in order to prevent the legalization (laundering) of proceeds of crime, the financing of terrorism, drug and human trafficking, prevent the proliferation of weapons of mass destruction, corruption and bribery, as well as timely action in case of any suspicious activity by Users of the Site https://Bitpapa.com.market/ ("Site") and/or products/services of the Company. The AML/KYC policy establishes control systems and mechanisms to prevent the involvement of the Company and/or products/services of the Company in the legalization (laundering) of proceeds of crime and/or in the financing of terrorism, the proliferation of weapons of mass destruction, and/or violation of established sanctions restrictions, preservation and maintenance of the Company's reputation when interacting with Users, counterparties and representatives of authorized bodies.
1.4. This AML/KYC Policy describes the main standards, principles, rules and approaches used by the Company to study Users and counterparties, carry out measures to manage the risks of laundering (legalization) of proceeds from crime, financing of terrorism, proliferation of weapons of mass destruction, sanctions to manage the risks of countries.
1.5. To fulfill the procedures provided for in this AML/KYC Policy, the Company develops and implements an internal system for assessing the level of risks of the User and their operations, determines the minimum necessary set of requirements, procedures, mechanisms, reports, systems and control measures for managing the Company's risks. Such documents comply with this AML/KYC Policy, but are confidential information of the Limited Access Company.
1.6. In order to perform the procedures provided for in this AML/KYC Policy, the Company has the right to use the services of third-party suppliers.
1.7. Stricter procedures are used for Users and high-risk transactions.
1.8. The Company ensures compliance with the requirements of this AML/KYC Policy and applicable law by all employees of the Company.
1.9. Prevention of legalization (laundering) of proceeds of crime, financing of terrorism and proliferation of weapons of mass destruction is one of the main duties and goals of the Company. As part of this activity, the Company guarantees that it:
- identifies its Users and/or counterparties and ensures that they are really the persons they say they are by requesting an identity document containing all the necessary details;
- identifies and checks the permanent address of Users and/or counterparties by providing a recently issued document;
- monitors transactions and business relationships to identify unusual and/or suspicious transactions;
- collects, evaluates and examines information related to suspicious transactions and reports suspicious transactions to the relevant competent authorities;
- constantly monitors all suspicious activity reports and works closely with the relevant competent authorities.
- stores copies of documents and information that are necessary to comply with the requirements of due diligence, confirming evidence and records of transactions necessary to identify transactions and confirming records of correspondence with Users and/or counterparties and other persons with whom business relations are maintained for at least 5 years after the end of the business relationship between the Company and the User and/or counterparty or after the date of a one-time transaction;
- ensures that all employees are fully aware of their legal obligations under the Law on Combating the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism, and are sufficiently trained in the relevant KYC and AML procedures, as well as what is a suspicious activity and the process of internal information about such activities of the Responsible Employee of the Company.
- uses all available resources and information to ensure the investigation of all suspicious activities.
- THE OFFENCE OF MONEY LAUNDERING
The crime of money laundering is not restricted to operations connected with money obtained from drug trafficking but include many types of criminal activity that can yield proceeds. This includes among others terrorism, fraud, robbery or theft, forgery, smuggling, counterfeiting, and extortion.
The definition of money laundering is set forth in Articles 1 and 2 of the Regulation as follows:
- Transferring or moving proceeds or conducting any transaction with the aim of concealing or disguising their illegal source.
- Concealing or disguising the true nature, source or location of the proceeds as well as the method involving their disposition, movement, ownership of or rights with respect to said proceeds.
- Acquiring, illegal possessing or using proceeds upon receipt.
- Assisting the perpetrator of the predicate offense to escape punishment,
- Any financial or banking transaction aimed at concealing or changing the source of illegally obtained funds, by passing it through the financial and banking system in order to make it appear as originating from legitimate sources, and then re-pumping and investing it illegally - money laundering
- “Illegal Organisations” means organisations whose establishment is criminalized or which exercise a criminalized activity.
- “Financing Illegal Organisations” means any physical or legal action aiming at providing funding to an illegal organisation, or any of its activities or its members.
- “Funds” means assets in whatever form, tangible or intangible, movable or immovable including national currency, foreign currencies, documents or notes evidencing the ownership of those assets or associated rights in any forms including electronic or digital forms or any interests, profits or income originating or earned from these assets.
- “Proceeds” means funds generated directly or indirectly from the commitment of any crime or felony including profits, privileges, and economic interests, or any similar funds converted wholly or partly into other funds.
- “Means” implies any means used or intended to be used to commit an offence or felony.
- "Terrorism financing" means any acts mentioned in OFAC, including acquisition, collection, obtainment or facilitation of obtainment of funds for the purpose of using same although aware that they will be used, in part or in whole, in the commission of a terrorist offence, along with acquisition, possession, use, managing, keeping, investment, replacement or dealing in the funds for the purpose of concealing or camouflaging their truth, origin or illegal purpose.
The definition of money laundering covers those operations where a person knows, or should have reason to believe, that the money with which they are concerned is derived, obtained or realized, directly or indirectly, from an unlawful activity as described above. It is only necessary that the person should have knowledge or reasonable grounds for knowledge of the unlawful source of the funds to be guilty of the offence. “Positive knowledge” is not the test; knowledge may be inferred from objective factual circumstances. Concerning companies it is sufficient that a director, officer, employee or agent of the body corporate acting in the course of his employment or agency had that state of mind. Guilty knowledge of any employee can result in an offence being committed by the employer (as well as by the employee).
- THIRD PARTIES
3.1. To perform some of its business functions, the Company may involve third-party service providers or interact with counterparties. The Company makes every effort to study such a service provider / counterparty and its activities, as well as to determine, to the extent possible, its reputation (whether there are any initiated investigations and lawsuits against any such third-party service providers). The company also determines whether the third-party supplier has received all the necessary licenses, permits and approvals before establishing a business relationship with such third-party service provider.
3.2. The Company does not establish relations with the service provider and/or counterparty that are included in the sanctions lists or registered/located in prohibited territories/jurisdictions or that are under the control of such persons.
- INTERNAL CONTROLS, POLICIES AND PROCEDURES
4.1. All Company employees must undergo AML training in a manner, scope and frequency appropriate to their role in the Company. The Company must set forth internal policies, controls and procedures, including the employee AML training, so that it can effectively manage the risks identified and mitigate them, and to review and update them continuously, and apply this to all subsidiaries and affiliates in which the Company holds a majority stake.
- IDENTIFICATION REQUIREMENTS AND KYC PROCEDURES
5.1. Each person who applies to become a user of the Company’s services (“Client”) shall undergo an onboarding process comprised of a questionnaire, which shall include the Client’s identification as well as certain additional information about the Client and its planned business relationship with the Company (the “KYC Questionnaire”), of an external review, flagging possible reputational ML/TF risks associated with the Client (the “Screening”) and of an identification through documentation submitted by the Client (the “Identification”) (together the “KYC Process”).
5.2. The Company shall document and preserve any information and documents gathered in the KYC process, in a manner making it possible to respond fully and without unreasonable delay to relevant inquiries from competent authorities.
5.3. The KYC Process shall be accomplished following the KYC principle, according to which the operating profile, purpose of operation, beneficial owner of the Client and, if necessary, the source and origin of the funds used in the transaction and other similar information essential for the establishment of a business relationship shall be identified in addition to the identity of the Client itself. The KYC shall provide the necessary information for determining the Client’s initial risk profile.
The Company may use third party service providers during the KYC process and/or ongoing monitoring.
KYC Questionnaire
Any person applying to become a Client shall complete a short questionnaire to provide the Company with the basic information about itself, as the Company shall determine required considering the client’s circumstances (the “KYC Questionnaire”), including regarding:
a. General Information
– Client’s purpose and intent in the establishment of the business relationship;
– Client’s anticipated size of transactions;
– Client’s sources of income, fortune and assets;
– Client’s occupation or field of activity;
– Client’s permanent seat (place of residence/place of business);
– Client’s main contracting partners (if relevant);
– Identity of the beneficial owner (if necessary);
– Client’s telecommunication contact details;
– Any additional information which seems relevant in connection to a specific Client or group of Clients
– Full name;
– Personal identification code, or, if none, the date and place of birth;
– Whether the Client is himself a politically exposed person or related to one (“PEP”);
Screening
The details of the Client, as provided in the KYC Questionnaire, shall be screened against updated ‘watchlists’ (the “Screening”). The specific watchlists to be used for the Screening shall be determined by the Compliance Officer, and shall include, inter alia, sanction lists published by national and international authorities, lists of ML/TF suspicious persons published or held by third parties, and lists of identified PEPs.
Identification
Prior to entering into a business relationship, the Client must be identified by providing the Company with the information detailed in the KYC Questionnaire, backed with a copy of the following documents (the “Identifying Documents”):
Any individual who must be identified under this Policy shall present one of the following identifying documents:
i. A document issued for digital identification of a person;
ii. Valid travel document issued in a foreign country; or-
iii. Valid driver’s license.
Establishing the Identity of Relevant Persons
Where the Client is a legal entity, the identities of the following persons (the “Relevant Persons”) must be established, through the measures prescribed above, in addition to the identity of the Client itself:
a. Beneficial Owners
The Client shall provide the Company with the information required to identify its beneficial owner. The following persons shall be considered as “beneficial owners”, whose identity must be established in addition to the identity of the Client itself, for the purposes of this Policy:
i. A natural person who, taking advantage of their influence, makes a transaction, act, action, operation or step or otherwise exercises control over a transaction, act, action, operation or step or over another person and in whose interests or favor or on whose account a transaction or act, action, operation or step is made;
ii. If any Controlling Person is not a natural person, any natural person who is to be regarded as controlling (in the sense given in paragraph (i) above) is such a Controlling Person;
iii. If no Controlling Persons can be determined in accordance with paragraphs (i) and (ii) above, the highest managing director or officer of the Client.
b. Representative
Where a person who is not the Client (e.g. signatory or representative) establishes the business relationship, the Client shall provide the Company with the following:
i. The identity of the natural person(s) who establish the business relationship (the “Representative”), in addition to that of the Client;
ii. Documents setting the Representative’s authority (e.g. Power of Attorney) must be obtained and documented.
c. Where the business relationship is established by a trustee, nominee, protector, receiver, etc., all relevant documents establishing or confirming such person carrying out such a position must also be obtained and documented.
If there is any doubt regarding the authenticity or the legal force of a relationship referred to under this Section, further information, documents and/or proof should be obtained, and the business relationship shall not commence prior to such relationship being clarified.
Based on the information gathered via the KYC Process, the Company shall assemble an individual profile of the Client upon entry into a business relationship (the “Client Profile”). The Client Profile shall allow the Company to understand the Client’s financial background, the origin of the Assets, and the purpose of the business relationship, as well as to check their plausibility in terms of legitimacy, or to identify circumstances that require particular clarification. Based on the Client Profile the Company shall preform a risk assessment, to determine the Client’s risk profile and the necessary corresponding mitigating due diligence measures to be taken (the “Risk Profile”).
ONGOING AML REQUIREMENTS
Ongoing Monitoring
a. Ongoing Monitoring of Transactions
Every transaction which is undertaken by a Client with the Company shall be electronically monitored and reviewed to ensure that they are in concert with the Client’s initial declared scope and purpose for the establishment of the business relationship and coherent with the Client’s Risk Profile and transaction history (the “IT Monitoring”). Said monitoring shall identify transactions which should be more thoroughly examined, based, among others, on frequency of transactions, forming or breaking of any pattern of behavior, size of transaction, etc., taking into account the profile of the specific Client, and the observed characteristics of relevant groups of Clients.
Where a transaction is flagged as unusual or suspicious of ML/TF, the Compliance Function shall manually review the findings, assess the risks and operate according to its findings. After the aforementioned review is undertaken, the Risk Function shall document the transaction and the results of its review in the Client’s AML File.
If the Risk Function determines that a transaction is suspicious of ML/TF, it shall provide a Report of Suspicion as detailed below.
b. Ongoing Monitoring of Business Relationships
i. All Business Relationships
A. Screening
The details of Clients (as well as those of their Relevant Persons) shall undergo a Screening, at least:
i) Where the Client’s Risk Profile is Low – every 3 months;
ii) Where the Client’s Risk Profile is Medium – every 2 months;
iii) Where the Client’s Risk Profile is High – every month;
B. The IT Monitoring procedures shall be conducted on an ongoing basis, identifying not only suspicious transactions, but also other issues related to the Clients and the business relationships which should raise awareness. Once such an issue is flagged by the IT Monitoring, the Compliance Function shall immediately review it manually.
C. The Compliance Function shall periodically review all existing business relationship to identify any changes which seem to have occurred in connection with the Clients, conduct a more overreaching review of the different transactions made with it over the entire business relationship, and identify any unusual or suspicious details which might have been missed in the review of specific transactions as described above.
Such reviews shall take place at least:
– For Low Risk Profile Clients – once every 18 months;
– For Medium Risk Profile Clients – once every 12 months;
– For High Risk Profile Clients – once every 6 months;
D. The Compliance Officer shall perform routine sampling of the AML Files, reviewing the appropriateness and completeness of such Files and the processes documented therein.
ii. Medium Risk Profile Business Relationships
In addition to the reviews undertaken in accordance with paragraph (i) above, the Compliance Officer shall review, at least once per year, each business relationship of Medium Risk Profile Clients.
iii. High Risk Profile Business Relationships
In addition to the reviews undertaken in accordance with paragraphs (i) and (ii) above, the AML Board Member shall annually review and decide on the continuation of any High Risk Profile business relationship.
c. Identifying ‘Suspicious’ Business Relationships/Transactions
The reviews described above shall aim at detecting:
i. any discrepancies between the information previously gathered (as documented in the Client’s AML File) and any information which is currently known or is available to the Company (e.g. any updates or changes which have occurred in the Client’s details);
ii. any discrepancies between the Client Profile and the transactions undertaken by it (e.g. transactions which do not seem to match the Client’s financial status or expected scope of business); and
iii. any other suspicious behaviour or pattern (e.g. transactions with no visible business logic, frequent purchase/sell/transfer of funds).
If any of the above is detected by an employee, whether as part of a routine review by the Compliance Function, or by any other means, it shall immediately be reported to the Compliance Officer.
An employee does not need to have evidence that money laundering is taking place in order to have a suspicion of such money laundering. All employees will be encouraged to seek advice from their manager and/or the Compliance Officer if they have any queries.
d. Change in Risk Levels
If, at any time after the establishment of the business relationship, there is a reason to alter the Client’s Risk Level, this issue shall be brought before the Compliance Officer, who may decide on this issue and alter such Risk Level, or bring it before the Board to do the same.
Such reasons may include, inter alia:
– New information regarding the Client that has come up during Screening;
– Suspicion regarding the Client has been rising by one of the Company’s employees;
– The Company becomes aware of any new and relevant information.
e. Inactive Business Relationship
Where a Client does not perform any transaction with the Company for a period exceeding 6 months, such Client will become an ‘inactive client’ and the Company will cease performing all ongoing measures described above. Where an inactive Client wishes to perform another transaction, the Company shall perform the necessary reviews to revalidate its status before completing such transaction.
Registration and Storage of Data
a. The Company shall register all the Client’s information obtained in the KYC Process and DD procedures in the Company’s Clients database, including all data regarding Company decisions on approval or refusal of establishment of business relationship or a transaction.
b. The respective data shall be stored in a format reproducible in writing and, if required, shall be made accessible by all appropriate staff of the Company.
c. Documents which serve as the basis for the identification of a Client or Client representative, and documents serving for the establishment of a business relationship shall be kept and stored by the Company for at least five (5) years following the termination of the business relationship, or as otherwise required by applicable law.
REPORTING SUSPICIOUS BUSINESS RELATIONSHIPS/TRANSACTION
Report to the Compliance Officer
Internal reporting of any suspicious matters in connection with this Policy shall be made immediately by the individual having such suspicions (regardless of whether or not such individual is a part of the Compliance Function) to the Compliance Officer.
The Compliance Officer shall analyze the content of the information received and forward the respective information to the AML Board Member.
Evaluation of Suspicion
The Compliance Officer, upon receiving a report (or in any other manner becoming aware of any suspicion of ML/TF), shall immediately review such suspicion, evaluate its merits, and conclude what actions shall be taken in connection therewith. In doing so, the Compliance Officer may consult the Compliance Function, the employee who reported the suspicion, the Board, or any other person within the Company.
The actions which the Compliance Officer may decide to be taken may vary depending on the circumstances, and include any action mentioned in this Policy. These include, but are not limited to:
i. no-action;
ii. instructing the Compliance Function to conduct further review;
iii. reclassification of the Risk Level of the business relationship;
iv. immediate termination of negotiations aimed at establishing the business relationship;
v. reporting to the AML Board Member; and
vi. reporting to authorities, as further described below.
Report to the relevant authority
The Compliance Officer is responsible for determining when a report to the relevant authority is to be made, and for making the report.
The relevant authority shall be notified of any suspicious and unusual transactions, regardless of whether the transaction is made in a single payment or several related payments over the course of a year.
The Client who is reported to the relevant authority as being suspicious, may not be informed of the same. It is also prohibited to inform any third persons, including other employees, of the fact that information has been reported to the relevant authority, and the content of the reported information, except for the AML Board Member/Compliance Officer.
Duty to Report
A report to the relevant authority must be filed not later than within twenty-four (24) hours after discovering any activities or circumstances or arising of suspicion if the Company knows or has reasonable grounds to suspect that assets involved (or which are expected to be involved) in the business relationship,:
i. Are the proceeds of a felony or of an aggravated tax misdemeanor;
ii. Are connected to money laundering or to a criminal organisation which pursues the objective of committing crimes of violence or which aims at financial gain by criminal means;
iii. Serve the financing of terrorism;
iv. Are subject to the power of disposal of a criminal organisation; or
v. Are related to persons contained on sanction lists.
The abovementioned duty to report to the relevant authority arises whether such knowledge or suspicion arises before or after a business relationship is established (i.e. whether the Company refuses to establish the relationship or establishes it and gain such knowledge or suspicion at a later date).
A report to the relevant authority must also be made immediately if any other competent authority forwards to the Company in any manner the details of a person which they consider to be involved in unlawful activities of any kind, and the Company finds that the information regarding such person matched or is very similar to that of a Client, its controlling person, beneficial owner of the assets or authorized signatory of a business relationship or transaction. In any such event, the Company must immediately freeze the assets entrusted to it which relate to the report, until it receives an order from the competent prosecution authority, but at the most five (5) working days from the time at which the relevant report was filed with the relevant authority.
- DUE DILIGENCE
6.1. The Company is committed to recognizing, assessing and understanding ML/TF risks it may face in connection with its Clients and their transactions, and to taking appropriate measures to mitigate these risks using a risk-based approach.
6.2. The Company shall apply Client due diligence measures, to ensure the proper identification and verification of the Client or Client representatives participating in the transaction, as well as ongoing monitoring of business relationships, including transactions carried out during business relationships, regular verification of data used for identification, update of relevant documents, data or information and, when necessary, identification of the source and origins of funds used in transactions (the “Due-Diligence” or “DD” process).
Depending on the Client Risk Profile level and depending on whether the business relationship is an existing one or about to be established, the Company shall apply varying DD measures. For this reason, not all the procedures contained in this Part III shall be applicable to all Clients. Whenever the Company is unable to complete a DD measure, or doubt arises during the application of a DD measure, the Company shall automatically raise the Client’s Risk Profile Level, and apply a more stringent DD measure.
6.3. When determining the risk profile and the corresponding due diligence mitigating measures, the Company shall take into account, when relevant, the information detailed in subsection (a) and the risk assessment detailed in subsection (b):
a. Information affecting the risk profile
– Provisions of the National Risk Assessment, as published on the website of The Seychelles Financial Services Authority - https://fsaseychelles.sc/aml-cft/amlcft;
– Information regarding the nature of the business relationship and/or occasional transaction, as gathered in the KYC Process;
– The volume of the property deposited by the customer or the proprietary volume of the transaction or of transactions made during a professional act;
– The estimated duration of the business relationship;
b. Risk assessment
The risk assessment shall take into account the following risk categories, the probability and consequences of their realization and the probability of an increase in the risk:
i. Client associated risks, whose factors arise from the person or client participating in a transaction. These factors may include:
– The legal form, management structure and field of activity of the client, including whether it is a trust fund, civil law partnership or another similar contractual legal entity or a legal person with bearer shares;
– Whether the client is a PEP;
– Whether a third party (individual) is the beneficial owner;
– Whether the identity of the beneficial owner is impeded by complex and non-transparent relations;
– The residency of the client, including whether the client is registered in a low tax rate jurisdiction;
– Whether the client is included in international sanctions lists;
– Circumstances (including those identified in the course of a prior business relationship) resulting from the experience of communicating with the client, its business partners, owners, representatives and any other such persons;
– Whether the origin of the client’s assets or the source and origin of the funds used for a transaction can be easily identified;
– The type and characteristics of the client’s business;
– The possibility of classifying the client as a “typical client”; and
– Problems during the client’s identification procedures.
ii. Transaction associated risks, whose factors result from the Client’s economic activities or the exposure of a specific product or service to potential money laundering risks. These factors may include:
– The transaction involves currency exchange or purchase of precious metals;
– The transaction involves a private bank;
– The transaction involves alternative payment methods;
– The transaction involves gambling;
– The transaction involves rarities or exclusive goods;
– The transaction involves innovations;
– The transaction involves commercials; and
– The transaction involves company establishment or management.
iii. Country or geographical associated risks, whose factors arise from differences in the legal environment of various countries, these factors may include:
– Whether the transaction involves low tax rate jurisdictions, entailing a company registered to such jurisdiction or services provided at such jurisdictions;
– Whether the jurisdictions involved apply legal provisions that are in compliance with the international standards of AML/CFT;
– Whether the transaction involves a jurisdiction with a high crime rate (including drug-related crime rate);
– Whether the transaction involves a jurisdiction that is included in international sanction lists; and
– Whether the transaction involves a jurisdiction with high levels of corruption according to the Corruption Perceptions Index (“CPI”) published by Transparency International.
iv. Interface associated risks, whose factors arise from the channels (mainly the Internet) through which the business relationship is established, and the transactions are carried out, these factors may include:
– Whether the client is identified face-to-face;
– Whether the channel facilitates anonymity; and
– Whether the channel facilitates third party funding.
Risk profile
The conducted risk assessment shall result in a risk profile, identified through the risk factors mentioned above, and according to the following scale:
a. Low Risk Profile: risk is considered low when there are no influential risk factors in any category. The client and the transaction can be described as “typical” and transparent, and there is no suspicion that the combination of risk factors may lead to the risk of ML/TF.
b. Medium Risk Profile: risk is considered medium when there are one or more risk factors that differ from the sphere of the “typical” client, but the transaction itself is clear (i.e. there are no risk factors in the transaction associated risks category). At the same time, there is no suspicions that a combination of the risk factors may indicate of ML/TF;
c. High Risk Profile: risk is considered high when there are multiple risk factors and the transaction itself is not clear. The combination of these factors casts doubt on the transparency of the client’s identity and transactions, indicating of ML/TF.
– Any client identified as a PEP shall be classified as High Risk Profile;
The Company shall document the determination of the risk profile, update it and make the data available to competent authorities, if necessary.
Verification
The Company shall verify the identity of the Client and, in the case of legal entities, the Client’s representatives and beneficial owners, as provided through the KYC Questionnaire and Identification Documents, applying the following measures:
a. Individuals
i. Where the Client’s Risk Profile is low – A document submitted to the Company for identification shall be assessed by the Compliance Function as follows:
– Validity of the document based on the expiry date;
– The outward likeness and age of the person match the appearance of the person represented on the document;
– When relevant, the personal identification code matches the gender and age of the submitter;
ii. Where the Client’s Risk Profile is medium – in addition to the measures described above, The Compliance Officer shall describe and apply additional verification measures, which may include:
– Additional documents, data or information originating from a reliable and independent source; or
– Verification on the basis of trust services;
iii. Where the Client’s Risk Profile is high – in addition to the measures described above, the Compliance Officer shall obtain the further verification measures, which shall be approved by the AML Board Member, these may include:
– Additional documents, data or information originating from a reliable and independent source;
– A notarized or officially authenticated copy of the Identification Documents;
b. Legal Entities
i. Where the Client’s Risk Profile is low – A document submitted to the Company for identification shall be assessed by the Compliance Function by accessing the relevant register electronic database;
ii. Where the Client’s Risk Profile is medium – in addition to the measures described above, the Compliance Officer shall describe and apply additional verification measures, which may include:
– Obtaining additional documents, data or information originating from a reliable and independent source;
– Verification on the basis of trust services;
iii. Where the Client’s Risk Profile is high – in addition to the measures described above, the Compliance Officer shall obtain the further verification measures, which shall be approved by the AML Board Member, these may include:
– Additional documents, data or information originating from a reliable and independent source;
– Obtaining corporate documents certified or authenticated by a notary or officially;
c. Verification of the Identity of Beneficial Owners
The Company shall verify the identity of the Beneficial Owner, applying the following measures:
i. Where the Client is a company listed on a regulated market, which is subject to disclosure obligations that establish requirements for ensuring sufficient transparency regarding the beneficial owner – no additional verification measures shall be required;
ii. Where the Client’s Risk Profile is low – a written statement must be obtained, confirming such persons being all of the Controlling Persons (or highest managing director or officer, in the case of (iv above) of the Client (the “Controlling Persons Statement”). The Controlling Persons Statement must be dated and signed by the person authorized by the Client to do so, on behalf of the Client and approved by the Compliance Function;
iii. Where the Client’s Risk Profile is Medium – in addition to the measure detailed in subsection (ii, enquiries to the respective registers shall be made and additional documentation identifying the Controlling Persons must be obtained. The additional documentation may include company records or annual reports clearly identifying the Controlling Persons, as approved by the Compliance Officer;
iv. Where the Client’s Risk Profile is High – in addition to the measures detailed in subsection (ii)-(iii) above, the Company shall obtain additional verification from credible sources. This verification may include information received in a format reproducible in writing from a credit institution (“CI”) registered in the Seychelles or in an equivalent third country or a branch thereof. The additional verification shall be brought before and approved by the AML Board Member.
Whenever the Company establishes that the identification of a Client is insufficient, enhanced verification measures shall be applied.
Clarifications and Collection of Additional Information
For any risk indicator identified by the Company during the performance of the procedures described above, additional details and information shall be collected for the purpose of understanding and mitigating such risks. As prescribed by the competent Company function (determined in accordance with the Client’s risk level), the following measures shall be applied in connection with each risk factor identified:
a. Where the Client’s Risk Profile is Low – Compliance Function shall contact the Client for further clarifications, provision of documentation and/or proof;
b. Where the Client’s Risk Profile is Medium – in addition to the measure described above, the Compliance Function shall conduct a verification of the further information received from the Client through a reliable and independent source of information;
c. Where the Client’s Risk Profile is High – in addition to the measures described above, the Compliance Function shall conduct a thorough review of each Risk Factor and additional information received regarding it, which may include its verification through an additional second reliable and independent source of information as well as requiring further documentation from the Client, and submit the same for the review and approval of the Compliance Officer.
– For example: in the case of a Client’s High Risk Profile due to doubts regarding its source of funds, the Compliance Function may require the Client to submit bank confirmations and tax reports, conduct a verification of the documents filed, and review the plausibility of the Client’s funds in light of the additional information gathered. If the Compliance Function is convinced that the documents provided are complete and accurate, and provide sufficient comfort regarding the legitimacy of the Client’s funds, a report of the same shall be submitted to the approval of the Compliance Officer.
d. Where the Client’s is a PEP – in addition to the measures described above, a thorough review into the Client’s source of funds (regardless of any additional risk indicator applicable), and gathering of relevant documentation shall be conducted by the Compliance Officer, the results of which shall be brought for the final approval of the AML Board member.
Approval of Client Business Relationship
Upon the completion of the DD measures described above, the business relationship may be approved by the corresponding authority within the Company and established, as follows:
a. Where the Client’s Risk Profile is Low – the Compliance Function shall review the information gathered in the DD process and approve the establishment of a business relationship;
b. Where the Client’s Risk Profile is Medium – the Compliance Officer shall review the information gathered in the DD process and approve the establishment of a business relationship;
c. Where the Client’s Risk Profile is High – the AML Board Member shall review the information gathered in the DD process and approve the establishment of a business relationship.
VII. Changing the AML/KYC Policy
7.1. The Company reserves the right, at its discretion and at any time, to amend this AML/KYC Policy (as new risks are identified and new products/services are introduced in changes in applicable law) and monitor compliance with its provisions and requirements.
7.2. The current version of the AML/KYC Policy is published on the Website https://Bitpapa.com.market/
7.3. You acknowledge and agree that you are responsible for periodically reviewing the AML/KYC Policy and reviewing changes and additions.
7.4. In case of disagreement with any changes to the AML/KYC Policy, you must immediately stop using the Site and/or the Company's products/services/ Your continued use of the Site and/or the Company's products/services/ after the publication of changes to the AML/KYC Policy will be considered as your acceptance of these changes.
VIII. Obligations of the User
By using the Site and/or the Company's products/services, you warrant that you are not going to perform any prohibited actions described herein. In addition, you agree to any audits related to the investigation in accordance with the AML/KYC Policy, and also agree to cooperate fully and promptly with the Responsible Officer and other authorized persons in such an investigation. Refusal to cooperate or failure to provide the necessary information/documents may serve as a basis for suspending your service or completely refusing further service.