1. Introduction
1.1. Purpose
A major commitment of the Cryptoro OU's and its subsidiaries (hereinafter “the Group”) is to maintain the highest level of ethical and professional behavior, having zero tolerance towards illegal and irregular acts affecting its reputation and credibility.
The AML/CFT Policy of the Group is issued with the aim to ensure the carrying out of activities in compliance with the national and international legal requirements and the legislation regarding Anti Money Laundering and Terrorism financing, to ensure the observance of the prudential practices and in order to promote high ethical and professional standards and prevent the Group from being used intentionally or unintentionally in illegal or criminal activities performed by its customers.
Money laundering is:
● the conversion or transfer of property, knowing that such property
is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person involved in the commission of
such activity to evade the legal consequences of his actions;
● concealing or disguising the true nature, sources, locations, dispositions, movements, rights in regards to assets or ownership of property, knowing that such property is derived from criminal activity or from an act of participation in such activity;
● the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such activity;
● participation, association to commit, attempts to commit, and aiding, abetting, facilitating and counselling the commission of any of the acts referred to in the preceding paragraphs.
Terrorist financing is the provision or collection of funds, by any means, directly or indirectly, with the intention that they should be used or in the knowledge that they are to be used, in full or in part, in order to commit any of the offences within the meaning of Articles 1 to 4 of Council Framework Decision 2002/475/JHA of 13th of June 2002 on combating terrorism .
1.2. Scope
This policy applies to all Cryptoro OU activities, including the Konto Exchange activity.
It applies to the following people and entities:
● The governing bodies of Cryptoro OU and any subsidiaries of Cryptoro OU, staff and consultants of Cryptoro OU group companies, regardless of their position, rank or seniority (hereinafter referred to as"Cryptoro OU governing bodies and staff");
● Contractors, subcontractors, consultants, suppliers, beneficiaries and, in general, relevant people or entities involved in the activities of Cryptoro OU and Konto Exchange (hereinafter referred to as the "Project Parties"); 4. Consultants, suppliers, service providers and other people or entities in which Cryptoro OU holds equity interests or which are wholly or partially owned by Cryptoro OU; and
● All counterparties and other people through whom Cryptoro OU conducts
business (collectively referred to herein as "Cryptoro OU's other counterparties and partners").
2. Policy principles and rules
2.1. Risk Management Activities
The primary purpose of the risk management approach is to ensure identification, assessment and scoring of risks, action planning and mitigation of the potential risks the Group may be exposed to, in relation to laundering of proceeds of crime and financing of terrorism. To that end, the Group has developed procedures like “Know Your Customer”.
2.1.1. KYC
Accordingly, the Group performs necessary controls and takes additional measures with respect to the identification and verification of the identity and address details of (potential) customers; the consistency of the income levels of customers, the sources of income of the customer; the possibility of the customers being included on national/international sanctions lists etc.
The Group does not establish any business relations or perform the transaction requested if the proof of identification and verification is not made or sufficient information about the purpose of the business relations is not obtained; and the business relation will be terminated, when the identification and verification of the customer is not performed where it is required to be conducted in case of any suspicion related to sufficiency and accuracy/authenticity of the previously obtained identity details of the customer.
The standard customer due diligence process to be performed by the Group, at a minimum, as part of “Know your customer” measures includes:
- Identification and verification/authentication of the customer’s identity details, address, ultimate beneficial owners, authorized representatives in accordance with legal legislation and the internal policies,
- Screening of the customers in case of the risk of them being on international sanctions lists,
- Determination of whether the customer and any related parties of the customer are a politically exposed person (PEP), or related/linked to a politically exposed person, - Determination of whether the customer acts on behalf and/or account of other persons.
Enhanced due diligence measures are applied for customers during customer acceptance processes or subsequently. Enhanced due diligence involves the gathering of additional information to ensure that the person or entity is not participating in any improper or illicit conduct. This information should include, but is not limited to, the source of the funds, the source of the individual or company’s wealth, and the individual’s occupation or the type of business.
2.1.2. Risk Assessment Methodology
All customers should undergo an assessment process in respect of potential risks of laundering of proceeds of crime and the associated risks as part of the minimum standards set out under AML/CFT Policy.
2.2. Monitoring and Control Activities
For the purposes of prevention of laundering of proceeds of crime and financing of terrorism, the Group carries out a monitoring and control process, at a minimum, in relation to: High-risk customers and transactions, transactions with the risky countries, complex and unusual transactions.
2.3. Reporting of suspicious transactions
Suspicious transaction means presence of any information, suspicion or any matter which would require suspicion about the fact that the assets subject to a transaction, performed or attempted to be performed with or through the Group’s products, have been obtained illegally, or are used for unlawful purposes, or are used by any terrorist organizations, terrorists or financiers of terrorism within such scope, or are related or associated with them.
The Group shall not provide any information to any person, including the persons who are a party to the relevant transaction, other than the information provided to the courts during the course of any trial or the authorities as required by laws and regulations.
2.4. Retention of documentation
The Group retains any documents associated with its obligations in line with the requirements of the applicable laws and regulations and the relevant legislation on GDPR.
2.5. Training activities
Training activities are planned in coordination with internal procedures and organized for the entire staff of the Group as on-site (classroom learning) or off-site (e-learning programs, reminders and awareness messages).
3. Final provisions
The Compliance Department is responsible for the evaluation and annual review of the Policy and, if deemed necessary, proposes amendments in order to recognize changes of the respective regulatory framework and continually improve operational efficiency and effectiveness.