AML (Anti Money Laundering) Policy

1. INTRODUCTION AND DEFINITIONS

1a. Policy Statement

CryptoForce DMCC has implemented a strict policy to proactively prevent and prohibit money laundering as well as any activities that facilitate money laundering or the financing of terrorist or criminal acts. CryptoForce DMCC is fully committed to complying with all relevant requirements outlined in UAE AML and CFT law and its implementing regulations.

1b. Definitions

Money laundering refers to engaging in actions aimed at concealing or disguising the true origins of proceeds derived from illegal activities. These actions are intended to make the funds appear legitimate or to transform them into assets with legitimate origins. Typically, money laundering occurs in three stages. Initially, cash obtained through criminal means enters the financial system during the “placement” stage. This involves converting the cash into monetary instruments like money orders or traveler’s checks, or depositing it into financial institution accounts. Subsequently, during the “layering” stage, the funds are transferred or moved between various accounts or financial institutions to further distance them from their criminal source. Finally, in the “integration” stage, the funds are reintroduced into the economy, used to purchase legitimate assets, or utilized to finance other criminal activities or legitimate businesses. While cash deposits in securities accounts are rare, the securities industry has its own unique role in money laundering. It can be exploited to launder funds acquired elsewhere or generate illicit funds through fraudulent activities. Examples of such fraudulent activities include insider trading, market manipulation, Ponzi schemes, cybercrime, and other investment-related fraudulent practices.

Terrorist financing, on the other hand, may not involve proceeds from criminal activities but rather aims to conceal the origin and intended use of funds, which could be for criminal purposes. Unlike traditional criminal organizations, terrorist financiers may obtain funds from legitimate sources. These sources can include foreign government sponsors, business ownership, personal employment, and even charitable donations. While the motivation behind money laundering and terrorist financing may differ, the methods used to fund terrorist operations can be similar or identical to those employed by other criminals to launder money. It is important to note that funding for terrorist attacks does not always require large sums of money, and the associated transactions may not be overly complex.

2. LAWS AND REGULATIONS

CryptoForce DMCC’s comprehensive AML policies, procedures, and internal controls have been meticulously designed to ensure strict adherence to all applicable AML/CFT regulations. CryptoForce DMCC is committed to regularly reviewing and updating these policies, procedures, and internal controls to account for any changes in regulations or developments within the business. This proactive approach ensures that the measures remain effective and aligned with the evolving landscape of anti-money laundering practices. The laws and regulations mentioned below are considered in all processes.

UAE Federal Law No. 20 of 2018: Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations (AML Law)
Full compliance with the regulations and guidelines set forth by VARA
Cabinet Resolution No. 10 of 2019: Implementing Regulations of Federal Law No. 20 of 2018 (AML Regulations)
UAE Federal Law No. 7 of 2014: Combating Terrorism Crimes
UAE Federal Penal Law No. 3 of 1987 as amended (Penal Code)
UAE Federal Penal Procedures Law No. 35 of 1992 as amended (Penal Procedures Law)
Regulations regarding declaration by travellers entering or leaving the UAE carrying cash and monetary or financial bearer instruments (issued in 2011)
UAE Federal Law No. 5 of 2012: Combating Cyber Crimes
UAE Central Bank Regulations Concerning Procedures for Anti-Money Laundering, in particular Circular No. 24/2000 and its amendments by Notices No. 1045/2004 and 2922/2008

3. OBLIGATIONS

Identify risks related to criminal acts within its business
Conduct a comprehensive assessment of potential risks associated with criminal activities such as money laundering, terrorist financing, and the proliferation of weapons of mass destruction
To report unusual or suspicious transactions to the Financial Intelligence Unit (FIU) at the Central Bank of UAE
To train our staff regularly and ensure that they are educated and updated on policies and procedures
Consider factors such as customer profiles, transaction volumes, geographic regions, and emerging trends in the cryptocurrency industry
Conduct different levels of KYC depending on customer type
Continuously review and assess any identified risks
Regularly monitor and evaluate the effectiveness of risk management strategies
Stay updated on evolving risks and regulatory requirements to ensure proactive mitigation measures
Ensure that the company complies with Virtual Assets Regulatory Authority (VARA) regulations
Record keeping of customer and transaction data or a minimum of 5 years while ensuring the confidentiality of the data
Adhering to the las and regulations defined by the Financial Action Task Force (FATF)
Develop and implement internal controls and policies to effectively manage these risks
Establish robust internal control frameworks tailored to the specific risks identified
Define clear policies, procedures, and guidelines that outline the responsibilities and expectations of employees regarding risk management and compliance
Establish appropriate due diligence requirements
Design and implement thorough due diligence procedures for customer onboarding and ongoing monitoring
Include verification of customer identities, source of funds, and beneficial ownership information
Conduct enhanced due diligence for high-risk customers, such as politically exposed persons (PEPs) or those in jurisdictions with higher AML risks
Comply with relevant United Nations (UN) directives concerning the suppression of financing terrorism and proliferation of weapons of mass destruction
Familiarize and align AML practices with applicable UN directives and resolutions
Implement measures to prevent transactions that may contribute to the financing of terrorism or the proliferation of weapons of mass destruction
Ensure robust systems and processes are in place to detect and report any suspicious activities related to these risks

4. PROCEDURES

4a. Know Your Customer (KYC)

Our company recognizes the critical importance of implementing different levels of Know Your Customer (KYC) procedures for different customers. By tailoring the KYC process to the specific risk profiles of each customer, we can effectively mitigate potential threats and ensure compliance with regulatory requirements. High-risk customers undergo a more rigorous and detailed KYC assessment, enabling us to identify and address any suspicious activities promptly. At the same time, low-risk customers experience a streamlined process, facilitating a seamless onboarding experience. Additionally, our company implements separate KYC procedures for individual customers and corporate entities, acknowledging the unique requirements and characteristics of each category. This approach allows us to maintain compliance and transparency while catering to the diverse needs of our valued clients.

In the upcoming diagram, we illustrate the rationale guiding our decision-making process to determine the appropriate KYC level when dealing with a Real Person*

* an individual, not a corporate entity

The specifics of each KYC level provided below will provide a comprehensive understanding of our approach. These detailed descriptions will elucidate the varying requirements and scrutiny applied to individual customers, ensuring a robust and effective KYC framework.

Standard KYC – Individual

CryptoForce will establish and verify the identity of any counterparty with or for whom it acts or proposes to act. CryptoForce may update its counterparty identification policies, procedures, systems, and controls, considering its risk assessment related to the counterparty. The following list should be considered as guidance regarding the type of information and evidence that CryptoForce must obtain to establish and verify the identity of a counterparty before conducting any transactions or entering into any business relationships:

Full name
Date of birth
Citizenship
Current residential address
Official I.D
Source of funds

Enhanced KYC- Individual

We employ enhanced KYC measures when the transaction amount exceeds 10,000 USD or when we perceive a higher risk associated with the customer. These precautionary steps enable us to conduct more thorough due diligence, ensuring enhanced security and regulatory compliance.

In this scenario, in addition to the standard KYC procedure, the customer must either provide proof of source of funds, or be willing to receive/send money only through bank transfers (no cash)

Ultimate KYC- Individual

We enforce our highest level of security, referred to as the “Ultimate KYC,” when transactions exceed 100,000 USD or when we identify a significant risk related to the customer. These stringent measures involve thorough due diligence, ensuring robust security and strict compliance with regulatory standards.

In this scenario, in addition to the standard KYC, the customer must provide the following:

Proof of source of funds (must be certified)
Proof of address (must be certified)
Physical ID (original or certified)

In the forthcoming diagram, we outline the reasoning that governs our decision-making process to determine the suitable KYC level for corporate entities.

At our company, we apply consistent KYC levels to both corporate and individual customers. The logic behind the categorization process remains the same for all. However, for corporate customers, we require additional certified documents to verify their identity and legitimacy. This approach ensures a thorough and professional verification process, fostering trust and compliance with regulatory standards for all our valued customers. These additional documents are:

Certificate of Incorporation
Certificate of Incumbency
Memorandum of Articles
Board Resolution:
- Introducing us to the representative who is dealing with us directly, and
- Confirming that the company is authorized to buy and sell crypto assets

4b. Sanctions and Transactions screening

To ensure compliance with relevant sanctions imposed on individuals and entities, CryptoForce has implemented a system that screens customer names against sanctions lists issued by regulatory bodies. These bodies include the Virtual Assets Regulatory Authority (VARA, the UN Security Council (UNSC), the Office of Foreign Assets Control (OFAC), the Office of Financial Sanctions Implementation (OFSI), the European Union (EU) list, Financial Action Task Force (FAFT), and the local terrorist list issued by the UAE Supreme Council for National Security. This screening process extends to all parties involved in transactions to guarantee adherence to sanctions obligations.

CryptoForce maintains a continuous process of “Transaction Monitoring” aimed at identifying transactions that exhibit unusual or potentially suspicious characteristics based on customer profiles and behavior. The initial line of defense consists of frontline staff who have the authority to promptly escalate any detected abnormal behavior or transactions using internal communication channels. Additionally, the second line of defense conducts a comprehensive review of transactions, including enhanced monitoring of customer transactions and behavior, to reinforce the effectiveness of the monitoring process.

4c. Staff Training

At CryptoForce, empowering our employees at all levels is at the core of our organizational values. We recognize that comprehensive AML (Anti-Money Laundering) training is crucial to establish a robust AML/CTF (Counter-Terrorist Financing) governance framework throughout the company. Upon joining CryptoForce, new employees undergo an intensive AML policy and procedures training program within their first 30 days. This initial training covers the fundamentals of AML regulations, identification of suspicious activities, customer due diligence, and reporting procedures. To reinforce their understanding and practical application, employees engage in interactive exercises, case studies, and scenario-based simulations. To foster a culture of continuous improvement, we conduct annual AML training sessions for all staff members. These sessions incorporate the latest developments in AML regulations, industry best practices, and emerging trends in financial crimes. The training materials are regularly updated to reflect the evolving landscape of AML/CTF measures. Furthermore, we encourage active participation in training sessions, allowing employees to share their insights, ask questions, and discuss real-world scenarios they may encounter. This collaborative approach enhances the learning experience and empowers employees to make informed decisions while safeguarding CryptoForce and its clients. In addition to the scheduled training, employees have access to a range of resources, including reference materials, online courses, and expert guidance. Regular reminders and communication ensure that AML compliance remains at the forefront of their daily activities.

4d. Record Keeping and Confidentiality

At CryptoForce, we place utmost importance on adhering to strict record-keeping practices, aligning with the regulations set forth by the Central Bank of the UAE. To achieve this, we follow a detailed procedure for document retention and confidentiality. Document Collection and Verification: When onboarding new customers, we collect and verify their identification documents as per the KYC process. This includes government-issued IDs, utility bills, and other relevant documents to establish their identity and legitimacy. Secure Storage: All customer identification documents and transaction records are stored in a highly secure and encrypted database. Access to this data is strictly limited to authorized personnel only, ensuring confidentiality and preventing unauthorized access. Data Backup and Disaster Recovery: To protect against data loss, we regularly backup our records and have robust disaster recovery protocols in place. This ensures that our data remains intact and accessible even in unforeseen circumstances. Retention Period: We strictly adhere to the regulatory requirement of retaining customer records for a minimum period of five years. This retention period begins from the date of the customer’s last transaction or the termination of the business relationship. Data Purging: At the end of the retention period, we carefully and permanently purge customer records in a manner compliant with data protection regulations. This ensures that personal information is appropriately disposed of, respecting customers’ privacy rights. Confidentiality and Non-Disclosure: Our employees undergo thorough training on the importance of data confidentiality and non-disclosure. They are bound by strict confidentiality agreements to protect customer information and maintain the highest level of privacy. Compliance Monitoring: Regular internal audits and compliance checks are conducted to ensure that our record-keeping procedures align with regulatory requirements. Any discrepancies or issues identified are promptly addressed and rectified. Customer Information Requests: In case of legitimate requests from regulatory authorities or law enforcement, we cooperate fully while ensuring compliance with data protection laws and privacy rights. By diligently following this procedure, CryptoForce upholds a strong commitment to compliance, transparency, and the protection of our customers’ information. Our record-keeping practices demonstrate our dedication to maintaining a secure and trustworthy environment, fostering trust and confidence among our valued clients.

4e. AML Compliance Person Duties

The Anti-Money Laundering (AML) Program Compliance Person in our company possesses a comprehensive understanding of AML/CFT (Counter-Financing of Terrorism) regulations, and they are well-qualified through their experience, knowledge, and training. This individual assumes full responsibility for overseeing the company’s AML program. Below are the highlighted responsibilities of the AML Program Compliance Person, along with the corresponding procedures designed to fulfill these duties: Qualification and Appointment:The AML Program Compliance Person is appointed based on their expertise, experience, and qualifications in AML/CFT. They actively engage in continuous professional development, attending industry seminars and workshops to stay abreast of evolving compliance requirements. Understanding AML/CFT Regulations: The AML Compliance Person conducts comprehensive reviews of AML/CFT laws, regulations, and guidelines. They meticulously study regulatory updates and consult with industry experts to gain an in-depth understanding of compliance nuances. Monitoring Compliance: To ensure ongoing adherence to AML obligations, the AML Compliance Person establishes a robust monitoring system. They conduct regular internal audits and assessments, using specialized AML software and data analytics tools to identify potential compliance gaps. Communication and Training: The AML Compliance Person develops a structured AML training program for employees. They deliver engaging training sessions, utilizing case studies and real-world examples to enhance employees’ understanding of AML principles and suspicious activity detection. Risk Assessments: For effective risk assessment, the AML Compliance Person collaborates with relevant departments to gather data on transaction patterns and customer profiles. They conduct in-depth risk analyses and create risk heatmaps to pinpoint high-risk areas that require focused attention. Record Keeping: The AML Compliance Person designs a meticulous record-keeping system, ensuring all AML-related documents and reports are organized, accessible, and easily auditable. They leverage digital solutions to securely store and manage sensitive data. Suspicious Activity Reports (SARs): To streamline SAR filing, the AML Compliance Person establishes a standardized reporting process. They create detailed SAR templates and conduct regular training for staff involved in reporting, emphasizing the importance of timely and accurate submissions. Reporting and Accountability: The AML Compliance Person prepares comprehensive reports for senior management and regulatory authorities. They present the findings of audits, risk assessments, and AML program effectiveness evaluations, showcasing the company’s commitment to compliance and proactive risk management. Through these meticulous strategies, the AML Program Compliance Person ensures a proactive and effective AML/CTF governance framework within the company. Their proactive approach, continuous monitoring, and dedication to staying ahead of compliance requirements contribute to a robust and trustworthy AML program that safeguards CryptoForce and its clients from financial crime risks.

5. 3 LAYERS OF IMPLEMEION

At CryptoForce, we take a comprehensive and layered approach to ensure the highest level of security and compliance in all our processes. The backbone of this approach lies in the three layers of execution that work cohesively to safeguard our operations. At the frontline, our staff plays a pivotal role in detecting and reporting potential suspicious activities. Our staff undergoes rigorous AML training, equipping them to identify red flags and promptly report any suspicious transactions to the AML Compliance officer. Additionally, they are well-versed in utilizing the third-party software specializing in transaction monitoring within crypto wallets. Through this training, they ensure the accurate collection of necessary customer data and transactions, enabling smooth integration with our AML Compliance processes. The AML Compliance officer serves as the central figure overseeing every aspect of our compliance efforts. This certified professional brings a wealth of experience and expertise to the role, ensuring that our AML procedures are up-to-date and in full adherence to regulatory guidelines. They meticulously monitor all processes, analyzing reports from the frontline staff and cross-referencing them with the findings of the third-party software. This hands-on approach guarantees that any potential risks are promptly addressed, and we remain continuously vigilant against financial crimes. Finally, the third-party software specializing in crypto wallet transaction monitoring serves as the ultimate line of defense. Equipped with cutting-edge technology, this software assesses the legitimacy of wallets and transactions in real-time. Its advanced algorithms and extensive databases enable rapid detection of suspicious activities, strengthening our overall AML efforts. The seamless integration of this specialized software into our AML Compliance framework provides an additional layer of protection, enhancing the security of our operations. Through the dynamic collaboration of our frontline staff, AML Compliance officer, and third-party software, CryptoForce establishes an impenetrable defense against potential risks. This layered execution approach ensures that every process in our company operates with the utmost transparency, security, and compliance, safeguarding our business, clients, and stakeholders from the ever-evolving threats of financial crimes in the crypto ecosystem.

6. CONCLUSION

CryptoForce is fully committed to maintaining a secure and compliant environment by implementing stringent measures to prevent money laundering, terrorist financing, and illicit activities. Our comprehensive AML policy emphasizes accepting payments exclusively from authorized and recognized banks to mitigate the risk of receiving funds from potentially non-compliant sources. Rigorous KYC procedures ensure a clear understanding of our customers and associated risks, reducing the likelihood of engaging in transactions with individuals or entities involved in illicit activities. With a designated AML Compliance Person overseeing our program, we continuously update and adapt our policies to stay in line with evolving regulations and best practices. Our overarching goal is to foster a trusted business environment while upholding the highest standards of integrity and combating financial crimes.