AML AND CTF POLICY
This is a short version of our Anti-money laundering (hereinafter referred to as: “AML”) and Counter-terrorist financing (hereinafter referred to as: “CTF”) Policy, which CryptoLight applies to its service. CryptoLight OÜ is Estonian company and must follow European and Estonian rules for detecting and managing financial crime. Our main two internal bylaws include:
• AML/CTF procedure for providers of a service of exchanging a virtual currency against a fiat currency;
• AML/CTF procedure for providers of a service of storing a virtual currency (wallet).
The procedures are monitored by the compliance officer and his team. The compliance team monitors the compliance of the internal rules and procedures with the relevant laws and compliance of the activity of the Representatives with the procedures established by the Rules.
As per definition from our AML policy we do not work with offshore banks and shell banks or with any country listed as “High risk”.
Estonian Cryptocurrency Exchanges are defined in the Estonian law as Providers of Alternative Means of Payment, licensed as an Estonian Financial Institution by holding a Financial Activity License from the Estonian Financial Intelligence Unit (hereinafter referred to as: “FIU”), which is the Anti Money Laundering authority in Estonia with the ability to grant, revoke and supervise financial activity licenses. The AML requirements and Know your customer (hereinafter referred to as: “KYC”) due diligence measures for the service providers are set forth in the Estonian Money Laundering and Terrorist Financing Act and other legal guidelines given by the Estonian Minister of Finance.
A cardinal part of the licensing procedure, and a significant FIU consideration for granting licenses is the quality of the Rules of Procedures which according to the Act, must be meticulously drafted by the license applicant. These Rules of Procedure must comply with the Estonian law’s various requirements, which require them, among other things, to include specification of user due diligence measures the company intends to take, assessment of money laundering risk, the manner of the collection and keeping of records, internal control rules, etc.
CryptoLight OÜ has been issued operating licenses by the Financial Intelligence Unit for:
• Providing services of exchanging a virtual currency against a fiat currency (License No. FVR000978 – https://mtr.mkm.ee/taotluse_tulemus/515313).
• Providing a virtual currency wallet service (License No. FRK000868 –
Given the above, CryptoLight aims to be fully compliant and transparent especially when it comes to detecting and monitoring financial crimes.
CryptoLight has implemented measures, which protect CryptoLight from involvement in money laundering or terrorist financing activities (hereinafter: “suspicious transactions”), by:
• performing compliant due diligence procedure (the KYC) for every user who registers on the platform,
• making risk assessment for every user that successfully passed the KYC,
• detecting suspicious transactions by risk categories and risk levels,
• monitoring suspicious transactions,
• reporting suspicious transactions to the authorities.
In order to protect us and our users from the possible financial crimes, CryptoLight shall:
• Perform Know Your Customer procedures on all users and clients (natural and legal persons) on a regular basis.
• Perform an enterprise-wide risk assessment to determine the risk profile of the Company.
• Implement internal controls throughout its operations that are designed to mitigate risks of money laundering and terrorism financing.
• Conduct a periodic AML audit.
• Provide AML training to its employees.
THE KYC AND RISK ASSESSMENT
In the user due diligence process, CryptoLight shall perform a KYC for every:
• User – a natural or legal person;
• Representative of the User – an individual who is authorized to act on behalf of the User;
• Beneficial Owner of the User;
• Politically exposed person (“PEP”) or a person connected with the PEP.
During the registration procedure, every user must provide to CryptoLight with several personal information and documents, which CryptoLight need to establish a portfolio of the user and access the risk, connected to it.
NATURAL PERSON NEEDS TO PROVIDE AT LEAST: First name, last name; Date of birth, place of birth; Home address; Phone number and email; Government issued ID document (both sides); Selfie with ID document; Proof of residence (utility bill or similar); Bank account details; Video conference; Other information and documents on the request of CryptoLight.
LEGAL PERSON NEEDS TO PROVIDE AT LEAST: Business name of the legal person; Registry code or registration number and the date of registration; ID of the shareholders (same as for the natural person identification), ID of the director(s) and/or members of the management board (same as for the natural person identification), ID’s of the representatives (same as for the natural person identification); Proof of the registered office/seat; ID’s of the beneficial owners (same as for the natural person identification); Bank statement; Proof of representation; Articles of association; Other information and documents on the request of CryptoLight.
The risk is divided to 3 LEVELS:
The risk level is normal, there are no high-risk characteristics present.
1. User is from high risk country.
2. User is local PEP or a person. associated with a PEP.
3. The legal person’s area of activity is associated with enhanced money-laundering risk.
4. The legal person is situated in a country, which is listed in the list of risk countries.
5. The legal persons activities and liability are insufficiently regulated by law, and the legality of financing of which is not easy to screen.
6. The representative or the Beneficial Owner / Shareholder of a legal person is a local PEP or his / her family member.
1. User is suspected to be or to have been linked with a financial offence or other suspicious activities.
2. User is a non-resident individual, whose place of residence or activities is in a country, which is listed in the list of risk countries.
3. The representative or the Beneficial Owner / Shareholders of a legal person is a PEP or his or her family member
4. There is information that legal person is suspected to be or to have been linked with a financial offence or other suspicious activities
6. A legal person registered outside the European Economic Area, whose field of business is associated with a high risk of Money Laundering, or registered in a low tax rate country.
RISK BY USERS:
Suspicious facts such as but not limited to the: discrepancies in provided id documents, fictitious person, stolen identity, counterfeited id document, post box home address, pervious financial crime record, terrorist record, wanted person, no contact phone number, not valid documents, discrepancies in provided documents for the legal person, etc.
Politically exposed persons such as but not limited to the: prominent public functions: head of state, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a state-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organisation, except middle-ranking or more junior officials.
RISK BY COUNTRIES:
Country of residence / nationality is a country with prohibition/restriction on cryptocurrencies such as but not limited to: Afghanistan, Algeria, American Samoa, Bangladesh, Bolivia, China, Democratic Republic Of Congo, Democratic People’s Republic Of Korea (Dprk), Ecuador, Egypt, Ethiopia, Fyr Macedonia, India, Iran, Iraq, Kyrgyzstan, Pakistan, Palestine, Qatar, Saudi Arabia, Syria, Morocco, Nepal, United States Of America, Vanuatu, Vietnam, Zambia.
Resident / Citizen Of The High Risk Countries such as but not limited to: Bahrain, Yemen, Jordan, Kuwait, Lebanon, Libya, Malaysia, Mali, Mauritania, Nigeria, Oman, Somalia, Serbia, Sri Lanka, Sudan, Tunisia, Turkey, Ethnic Groups Of Caucasus Belonging To Russian Federation (Chechens, Etc.), Trinidad & Tobago.
Low Tax Or Tax-free Countries such as but not limited to: United Arab Emirates, Oman, Bahrain, Qatar, Saudi Arabia, Kuwait, Bermuda, Cayman Islands, The Bahamas, Brunei, Vanuatu, Anguilla, Belize, Costa Rica, Guatemala, Panamá, Nicaragua.
RISK BY TRANSACTIONS
CryptoLight shall inspect any outstanding transaction, which include but is not limited to the: large transactions that do not correspond to user’s source of funds and/or source of wealth, transactions to offshore or shell bank (financial institution that does not have a physical presence in any country), executing payment via non-licensed payment institution, large daily movements of fiat or virtual money, etc.
DETECTION OF SUSPICIOUS TRANSACTIONS
CryptoLight shall diligently monitor transactions for suspicious activity. Transactions that are unusual will be carefully reviewed to determine if it appears that they make no apparent sense or appear to be for an unlawful purpose.
Implemented internal controls will serve as ongoing monitoring system in order to detect the suspicious activity or transaction. When such suspicious activity is detected, CryptoLight shall determine whether a filing with any law enforcement authority is necessary. Suspicious activity can include more than just suspected money laundering attempts. Activity may be suspicious, and CryptoLight may wish to make a filing with a law enforcement authority, even if no money is lost as a result of the transaction.
CryptoLight shall initially make the decision of whether a transaction is potentially suspicious. Once CryptoLight has finished the review of the transaction details, he or she will consult with its management to make the decision as to whether the transaction meets the definition of suspicious transaction or activity and whether any filings with law enforcement authorities should be filed. CryptoLight shall maintain a copy of the filing as well as all backup documentation. The fact that a filing has been made is confidential. No one, other than those involved in the investigation and reporting should be told of its existence. In no event should the parties involved in the suspicious activity be told of the filing.
Reasonable procedures for maintaining records of the information used to verify a person’s name; address and other identifying information are required under this Policy. The following are required steps in the record keeping process:
● CryptoLight shall maintain a record of identifying information provided by the user.
● Where CryptoLight relies upon a document to verify identity, CryptoLight shall maintain a copy of the document that the Company relied on that clearly evidences the type of document and any identifying information it may contain.
● CryptoLight shall also record the methods and result of any additional measures undertaken to verify the identity of the user.
● CryptoLight shall record the resolution of any discrepancy in the identifying information obtained.
● All transaction and identification records will be maintained for a minimum period of five years.
If you have more questions, please contact us at: email@example.com
AML AND CTF POLICY