AML (Anti Money Laundering) Policy
1. INTRODUCTION AND DEFINITIONS
1a. Policy Statement
CryptoForce has implemented a strict policy to proactively prevent and prohibit money laundering as well as any activities that facilitate money laundering or the financing of terrorist or criminal acts. CryptoForce is fully committed to complying with all relevant requirements outlined.
1b. Definitions
Money laundering refers to engaging in actions aimed at concealing or disguising the true origins of proceeds derived from illegal activities. These actions are intended to make the funds appear legitimate or to transform them into assets with legitimate origins. Typically, money laundering occurs in three stages. Initially, cash obtained through criminal means enters the financial system during the “placement” stage. This involves converting the cash into monetary instruments like money orders or traveler’s checks, or depositing it into financial institution accounts. Subsequently, during the “layering” stage, the funds are transferred or moved between various accounts or financial institutions to further distance them from their criminal source. Finally, in the “integration” stage, the funds are reintroduced into the economy, used to purchase legitimate assets, or utilized to finance other criminal activities or legitimate businesses. While cash deposits in securities accounts are rare, the securities industry has its own unique role in money laundering. It can be exploited to launder funds acquired elsewhere or generate illicit funds through fraudulent activities. Examples of such fraudulent activities include insider trading, market manipulation, Ponzi schemes, cybercrime, and other investment-related fraudulent practices.
Terrorist financing, on the other hand, may not involve proceeds from criminal activities but rather aims to conceal the origin and intended use of funds, which could be for criminal purposes. Unlike traditional criminal organizations, terrorist financiers may obtain funds from legitimate sources. These sources can include foreign government sponsors, business ownership, personal employment, and even charitable donations. While the motivation behind money laundering and terrorist financing may differ, the methods used to fund terrorist operations can be similar or identical to those employed by other criminals to launder money. It is important to note that funding for terrorist attacks does not always require large sums of money, and the associated transactions may not be overly complex.
2. LAWS AND REGULATIONS
CryptoForce comprehensive AML policies, procedures, and internal controls have been meticulously designed to ensure strict adherence to all applicable AML/CFT regulations. CryptoForce is committed to regularly reviewing and updating these policies, procedures, and internal controls to account for any changes in regulations or developments within the business. This proactive approach ensures that the measures remain effective and aligned with the evolving landscape of anti-money laundering practices. The laws and regulations mentioned below are considered in all processes.
3. OBLIGATIONS
- Identify risks related to criminal acts within its business
- Conduct a comprehensive assessment of potential risks associated with criminal activities such as money laundering, terrorist financing, and the proliferation of weapons of mass destruction
- To report unusual or suspicious transactions to the Financial Intelligence Unit (FIU) at the Central Bank
- To train our staff regularly and ensure that they are educated and updated on policies and procedures
- Consider factors such as customer profiles, transaction volumes, geographic regions, and emerging trends in the cryptocurrency industry
- Conduct different levels of KYC depending on customer type
- Continuously review and assess any identified risks
- Regularly monitor and evaluate the effectiveness of risk management strategies
- Stay updated on evolving risks and regulatory requirements to ensure proactive mitigation measures
- Ensure that the company complies with Virtual Assets Regulatory Authority (VARA) regulations
- Record keeping of customer and transaction data or a minimum of 5 years while ensuring the confidentiality of the data
- Adhering to the las and regulations defined by the Financial Action Task Force (FATF)
- Develop and implement internal controls and policies to effectively manage these risks
- Establish robust internal control frameworks tailored to the specific risks identified
- Define clear policies, procedures, and guidelines that outline the responsibilities and expectations of employees regarding risk management and compliance
- Establish appropriate due diligence requirements
- Design and implement thorough due diligence procedures for customer onboarding and ongoing monitoring
- Include verification of customer identities, source of funds, and beneficial ownership information
- Conduct enhanced due diligence for high-risk customers, such as politically exposed persons (PEPs) or those in jurisdictions with higher AML risks
- Comply with relevant United Nations (UN) directives concerning the suppression of financing terrorism and proliferation of weapons of mass destruction
- Familiarize and align AML practices with applicable UN directives and resolutions
- Implement measures to prevent transactions that may contribute to the financing of terrorism or the proliferation of weapons of mass destruction
- Ensure robust systems and processes are in place to detect and report any suspicious activities related to these risks
4. PROCEDURES
4a. Know Your Customer (KYC)
Our company recognizes the critical importance of implementing different levels of Know Your Customer (KYC) procedures for different customers. By tailoring the KYC process to the specific risk profiles of each customer, we can effectively mitigate potential threats and ensure compliance with regulatory requirements. High-risk customers undergo a more rigorous and detailed KYC assessment, enabling us to identify and address any suspicious activities promptly. At the same time, low-risk customers experience a streamlined process, facilitating a seamless onboarding experience. Additionally, our company implements separate KYC procedures for individual customers and corporate entities, acknowledging the unique requirements and characteristics of each category. This approach allows us to maintain compliance and transparency while catering to the diverse needs of our valued clients.
In the upcoming diagram, we illustrate the rationale guiding our decision-making process to determine the appropriate KYC level when dealing with a Real Person*
* an individual, not a corporate entity
The specifics of each KYC level provided below will provide a comprehensive understanding of our approach. These detailed descriptions will elucidate the varying requirements and scrutiny applied to individual customers, ensuring a robust and effective KYC framework.
Standard KYC – Individual
CryptoForce will establish and verify the identity of any counterparty with or for whom it acts or proposes to act. CryptoForce may update its counterparty identification policies, procedures, systems, and controls, considering its risk assessment related to the counterparty. The following list should be considered as guidance regarding the type of information and evidence that CryptoForce must obtain to establish and verify the identity of a counterparty before conducting any transactions or entering into any business relationships:
- Full name
- Date of birth
- Citizenship
- Current residential address
- Official I.D
- Source of funds
Enhanced KYC- Individual
We employ enhanced KYC measures when the transaction amount exceeds 10,000 USD or when we perceive a higher risk associated with the customer. These precautionary steps enable us to conduct more thorough due diligence, ensuring enhanced security and regulatory compliance.
In this scenario, in addition to the standard KYC procedure, the customer must either provide proof of source of funds, or be willing to receive/send money only through bank transfers (no cash)
Ultimate KYC- Individual
We enforce our highest level of security, referred to as the “Ultimate KYC,” when transactions exceed 100,000 USD or when we identify a significant risk related to the customer. These stringent measures involve thorough due diligence, ensuring robust security and strict compliance with regulatory standards.
In this scenario, in addition to the standard KYC, the customer must provide the following:
- Proof of source of funds (must be certified)
- Proof of address (must be certified)
- Physical ID (original or certified)
In the forthcoming diagram, we outline the reasoning that governs our decision-making process to determine the suitable KYC level for corporate entities.
At our company, we apply consistent KYC levels to both corporate and individual customers. The logic behind the categorization process remains the same for all. However, for corporate customers, we require additional certified documents to verify their identity and legitimacy. This approach ensures a thorough and professional verification process, fostering trust and compliance with regulatory standards for all our valued customers. These additional documents are:
- Certificate of Incorporation
- Certificate of Incumbency
- Memorandum of Articles
- Board Resolution:
- Introducing us to the representative who is dealing with us directly, and
- Confirming that the company is authorized to buy and sell crypto assets
4b. Sanctions and Transactions screening
To ensure compliance with relevant sanctions imposed on individuals and entities, CryptoForce has implemented a system that screens customer names against sanctions lists issued by regulatory bodies. These bodies include the Virtual Assets Regulatory Authority (VARA, the UN Security Council (UNSC), the Office of Foreign Assets Control (OFAC), the Office of Financial Sanctions Implementation (OFSI), the European Union (EU) list, Financial Action Task Force (FAFT), and the local terrorist list issued Supreme Council for National Security. This screening process extends to all parties involved in transactions to guarantee adherence to sanctions obligations.
CryptoForce maintains a continuous process of “Transaction Monitoring” aimed at identifying transactions that exhibit unusual or potentially suspicious characteristics based on customer profiles and behavior. The initial line of defense consists of frontline staff who have the authority to promptly escalate any detected abnormal behavior or transactions using internal communication channels. Additionally, the second line of defense conducts a comprehensive review of transactions, including enhanced monitoring of customer transactions and behavior, to reinforce the effectiveness of the monitoring process.
4c. Staff Training
4d. Record Keeping and Confidentiality
At CryptoForce, we place utmost importance on adhering to strict record-keeping practices, aligning with the regulations set forth by the Central Bank. To achieve this, we follow a detailed procedure for document retention and confidentiality.
Document Collection and Verification: When onboarding new customers, we collect and verify their identification documents as per the KYC process. This includes government-issued IDs, utility bills, and other relevant documents to establish their identity and legitimacy.
Secure Storage: All customer identification documents and transaction records are stored in a highly secure and encrypted database. Access to this data is strictly limited to authorized personnel only, ensuring confidentiality and preventing unauthorized access.
Data Backup and Disaster Recovery: To protect against data loss, we regularly backup our records and have robust disaster recovery protocols in place. This ensures that our data remains intact and accessible even in unforeseen circumstances.
Retention Period: We strictly adhere to the regulatory requirement of retaining customer records for a minimum period of five years. This retention period begins from the date of the customer’s last transaction or the termination of the business relationship.
Data Purging: At the end of the retention period, we carefully and permanently purge customer records in a manner compliant with data protection regulations. This ensures that personal information is appropriately disposed of, respecting customers’ privacy rights.
Confidentiality and Non-Disclosure: Our employees undergo thorough training on the importance of data confidentiality and non-disclosure. They are bound by strict confidentiality agreements to protect customer information and maintain the highest level of privacy.
Compliance Monitoring: Regular internal audits and compliance checks are conducted to ensure that our record-keeping procedures align with regulatory requirements. Any discrepancies or issues identified are promptly addressed and rectified.
Customer Information Requests: In case of legitimate requests from regulatory authorities or law enforcement, we cooperate fully while ensuring compliance with data protection laws and privacy rights.
By diligently following this procedure, CryptoForce upholds a strong commitment to compliance, transparency, and the protection of our customers’ information. Our record-keeping practices demonstrate our dedication to maintaining a secure and trustworthy environment, fostering trust and confidence among our valued clients.