Prevention of Money Laundering
AML Risk Management Manual
Prevention of Money Laundering & Terrorist Financing AML Risk Management Manual
Manual Applicability: Provision of Administrative Services
The Responsibilities of the Board of Directors
Money Laundering Compliance Officer
Duties of the AMLCO
Identification of Risks
Design and Implementation of Measures and Procedures to Manage and Mitigate the Risks
Dynamic Risk Management
Relevant International Organisations
Client Acceptance Policy
General Principles of the CAP
Criteria for Accepting New Clients (Based on their respective risk)
Normal Risk Clients
High Risk Clients
Not Acceptable Clients
Client Categorisation Criteria
Low Risk Clients
Normal Risk Clients
High Risk Clients
Client Due diligence and Identification Procedures
Application of Client Due Diligence and Identification Procedures
Transactions that Favour Anonymity
Failure or Refusal to Submit Information for the Verification of Clients’ Identity
Time of Application of the Due Diligence and Client Identification Procedures
Construction of a Profile and General Client Identification and Due Diligence Principles
Further Obligations for Client Identification and Due Diligence Procedures
Simplified Client Identification and Due Diligence Procedures
Enhanced Client Identification and Due Diligence (High Risk Clients)
Non Face-to-Face Clients
‘Politically Exposed Persons’ Accounts
Clients from Countries Which Inadequately Apply FATF’s Recommendations
Client Identification and Due Diligence Procedures (Specific Cases)
Natural Persons Residing in Estonia
Natural Persons Not Residing in Estonia
Unincorporated Businesses, Partnerships and Other Persons with no Legal Substance
Nominees or Agents of Third Persons
Reliance on Third Persons for Client Identification and Due Diligence Purposes
On-going Monitoring Process
Recognition and Reporting of Suspicious Transactions/Activities to the FIU
Reporting of Suspicious Transactions to the FIU
Anti-Money Laundering Compliance Officer’s Report to the FIU
Submission of Information to the FIU
Format of Records
Certification and Language of Documents
Employees’ Obligations, Education and Training
Education and Training
Employees’ Education and Training Policy
Money Laundering Compliance Officer Education and Training Program
For the purposes of this Manual, unless the context shall prescribe otherwise:
“Money laundering” means:
- the conversion or transfer of property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions;
- the acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein;
- the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such an activity.
- Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.
- Knowledge, intent or purpose required as an element of the activities referred to in the first three subsections of this section may be inferred from objective facts.
- Money laundering is regarded as such also where the details of a criminal activity which generated the property to be laundered have not been identified.
“Terrorism financing” means acts of financing of terrorism as defined in § 237 of the Penal Code of Estonia.
“Beneficial Owner” means the natural person or natural persons, who:
“Client” means any legal or physical person aiming to conclude a business relationship with the Company.
“FIU” means Financial Intelligence Unit of Estonia.
“Compliance officer” or “AMLCO” means a representative appointed by the Board of Directors of the Company who is responsible for the effectiveness of the execution of the rules hereto, conducting compliance over the adherence to the rules and serving as a contact person of the FIU.
“Company” means BITCHANGEOÜ (incorporated in Estonia with registration number 14338665), a provider of trust and company services, provider of a service of exchanging a virtual currency against a fiat currency, providers of a virtual currency wallet service.
“Act” means the Money Laundering and Terrorist Financing Prevention Act, passed 26.10.2017.
“Transaction” means any cash flow or payment order or virtual currency wiring between a Client and the Company.
“Politically exposed person” or “PEP” means a natural person who is or who has been entrusted with prominent public functions including a head of State, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d'affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a State-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organisation, except middle-ranking or more junior officials. The aforesaid definition also means a person is or who has been entrusted with prominent public functions in Estonia, another contracting state of the European Economic Area or an institution of the European Union.
“Family member” means the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a child and their spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a parent of a politically exposed person or local politically exposed person.
“Person known to be close associate” means a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person or a local politically exposed person; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person or local politically exposed person.
“High-risk third country” means a country specified in a delegated act adopted on the basis of Article 9(2) of Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.
“Equivalent third country” means a country not a Member State of European Economic Area but applying an equivalent regime to the European Union corresponding (AML) framework.
“Virtual currency” means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive.
The purpose of the Manual is to document the Company’s internal practice, measures, procedures and controls relevant to the prevention of Money Laundering and Terrorist Financing.
The Manual is developed and periodically updated by the AMLCO based on the general principles set up by the Company’s Board of Directors (hereinafter the ‘Board’) in relation to the prevention of Money Laundering and Terrorist Financing.
All amendments and/or changes of the Manual must be approved by the Board.
The Manual shall be communicated by the AMLCO to all the employees of the Company that are responsible for the application of the practices, measures, procedures and controls that have been determined herein.
The Manual has been prepared to comply with the provisions of the Act and all the relevant guidelines of the FIU.
3. Manual Applicability: provision of services.
The Manual applies to all various types of services provided by the Company to the clients.
In this respect, the AMLCO shall be responsible to update the Manual so as to comply with FIU’s further requirements, as applicable, regarding the Client Identification and Due Diligence Procedures which the Company must follow.
4. The Responsibilities of the Board of Directors
The responsibilities of the Board in relation to the prevention of Money Laundering and Terrorist Financing include the following:
5. Money Laundering Compliance Officer
The AMLCO shall belong hierarchically to the higher ranks of the Company’s organisational structure so as to command the necessary authority. The AMLCO shall lead the Company’s Money Laundering compliance procedures and processes and report to Senior Management. The AMLCO shall also have access to all relevant information necessary to perform his/her duties.
The level of remuneration of the AMLCO shall not compromise his objectivity. BITCHANGE OÜ AMLCO is Mr. Aleksandr Bezus.
5.2. Duties of the AMLCO
All company’s employees shall report to the AMLCO their knowledge of suspicion of transactions involving money laundering terrorist financing.
The AMLCO shall be part of the management of the Company so as to command the necessary authority. The AMLCO shall lead the Company’s Money Laundering Compliance procedures and processes and report to the Senior Management of the Company.
Once a Company’s employee has report his/her suspicion to the AMLCO he/she shall be considered to have fully satisfied his/her statutory requirements, according to the Act.
The AMLCO shall always approve the client file before accepting a new client.
The duties of the AMLCO include the following:
(a) To design, based on the general policy principles of the Company, the internal practice, measures, procedures and controls relevant to the prevention of money laundering and terrorist financing, and describe and explicitly allocate the appropriateness and the limits of responsibility of each department that is involved in the abovementioned;
(b) To develop and establish the clients’ acceptance policy and submit it to the Board for consideration and approval;
(c) To prepare/update the risk management and procedures Manual to deal, inter alia with cases which could be related to money laundering and terrorist financing (hereinafter, the ‘AML Manual’);
(d) To monitor and assess the correct and effective implementation of the policy, the practices, measures, procedures and controls of point (a) above, and, in general, the implementation of the AML Manual of point (c) above. In this respect, the AMLCO shall give appropriate monitoring mechanisms. In cases that weaknesses are identified in the application of the required practices, measures, procedures and controls, the AMLCO shall give appropriate guidance for corrective measures and, where deemed necessary, inform the Board;
(e) To receive information from the Company’s employees which is considered to be knowledge or suspicion of money laundering and terrorist financing activities or might be related with such activities. The information shall be received in a written report form called the “internal suspicion report”;
(f) To examine and assess the information received as per (e) above, in the light of other relevant information and discuss the circumstances of the case with the informer and his/her managers. The evaluation of the information of point (e) above shall be done on a report (hereinafter, the “Internal Evaluation Report”);
(g) If following the evaluation described in point (f) above, AMLCO decision is to notify the FIU;
(h) If following the evaluation described in point (f) above, the MLCO decides not to notify the FIU, then he/she shall provide sufficient explanations as to the reasons for such a decision. The said reasons shall be clearly recorded on the AMLCO’s internal evaluation report;
(i) To be a contact person with the FIU, upon commencement of and during an investigation as a result of filing a report to the FIU according to point (g) above;
(j) To ensure the preparation and maintenance of the lists of clients categorised following a risk-based approach, which shall contain the names of clients, their company number (if applicable);
(k) To detect, record and evaluate, at least on an annual basis, all risks arising from existing and new clients and update and amend the systems and procedures applied by the Company for the effective management of the aforementioned risks;
(l) To evaluate the systems and procedures applied by a third person on whom the Company may rely for client identification and due diligence purposes, and approve the cooperation with it, as applicable;
(m) To provide advice and guidance to the employees of the Company on subjects related to money laundering and terrorist financing;
(n) To respond to all requests and queries from the FIU, to provide all requested information and to fully cooperate with the FIU;
6. Risk-Based Approach
6.1 General Policy
The Company shall apply appropriate measures and procedures, by adopting a risk-based approach, so as to focus its effort in those areas where the risk of Money Laundering and Terrorist Financing appears to be comparatively higher.
Further, the AMLCO shall monitor and evaluate, on an on-going basis, the effectiveness of the measures and procedures of Section 6 of the Manual.
The adopted risk-based approach that is followed by the Company, and described in the Manual, has the following general characteristics:
The risk-based approach adopted by the Company, and described in the Manual, involves specific measures and procedures in assessing the most cost effective and appropriate way to identify and manage the Money Laundering and Terrorist Financing risks faced by the Company.
Such measures include:
The application of appropriate measures and the nature and extent of the procedures on a risk-based approach depends on different indicators. Such indicators include the following:
The AMLCO shall be responsible for the development and implementation of the policies, procedures and controls on a risk-based approach.
6.2 Identification of Risks
The risk-based approach adopted by the Company involves the identification, recording and evaluation of the risks that have to be managed.
The Company shall assess and evaluate the risks it faces, for the use of the Administrative and Ancillary Services for the purpose of Money Laundering or Terrorist Financing. The particular circumstances of the Company determine suitable procedures and measures that need to be applied to counter and manage risk.
In the cases where the services that the Company provides are relatively simple, involving relatively few clients or clients with similar characteristics, then the Company shall apply such procedures which are able to focus on those clients who fall outside the 'norm'.
The Company shall be, at all times, in a position to demonstrate to FIU that the extent of
measures and control procedures it applies are proportionate to the risk it faces for the use of
the administrative and ancillary services, for the purpose of Money Laundering and
6.2.2 Company Risks
The following, inter alia, are sources of risks which the Money Laundering and Terrorist Financing:
(a) Risks based on the clients nature:
(b) Risks based on the clients behaviour:
(c) Risk based on the clients initial communication with the Company:
Detailed basis for risk categorization mention in s.7.4 of this Manual.
6.3 Design and Implementation of Measures and Procedures to Manage and Mitigate the Risks
Taking into consideration the assessed risks, the Company shall determine the type and extent of measures it will adopt in order to manage and mitigate the identified risks in a cost effective manner.
These measures and procedures include:
In this respect, it is the duty of the AMLCO to develop and constantly monitor and adjust the
Company's policies and procedures with respect to the Client Acceptance Policy and Client
Due Diligence and Identification Procedures of Sections 6 and 7 of the Manual, respectively, as well as via a random sampling exercise as regards existing clients. These actions shall be duly documented.
6.4 Dynamic Risk Management
Risk management is a continuous process, carried out on a dynamic basis. Risk assessment is not an isolated event of a limited duration. Clients' activities, as well as the services provided by the Company, change. The same applies to the activities used for money laundering or terrorist financing.
In this respect, it is the duty of the AMLCO to undertake regular reviews of the characteristics of existing clients, new clients, services as well as the measures, procedures and controls designed to mitigate any resulting risks from the changes of such characteristics. These reviews shall be duly documented.
6.5 Relevant International Organisations
For the development and implementation of appropriate measures and procedures on a risk based approach, and for the implementation of Client Identification and Due Diligence Procedures, the AMLCO shall consult data, information and reports that are published in the following relevant international organisations:
(a) FATF (Financial Action Task Force’s) – www.fatf-gafi.org
(b) The Council of Europe Select Committee of Experts on the Evaluation of Anti-Money Laundering (c) Measures (hereinafter ‘MONEYVAL’)- www.coe.int/moneyval
(d) The EU Common Foreign & Security Policy (CFSP) http://europa.eu/rapid/press-release_IP-19-781_en.htm
(e) The UN Security Council Sanctions Committees- www.un.org/sc/committees
(f) The International Money Laundering Information Network (IMOLIN)- www.imolin.org
(g) The International Monetary Fund (IMF)- www.imf.org
The Client Acceptance Policy (hereinafter the ‘CAP’), following the principles and guidelines described in this Manual, defines the categorisation and acceptance criteria for clients, to be followed by the Company.
The AMLCO shall be responsible for applying all the provisions of the CAP. In this respect, the heads of the Legal Departments shall also be assisting the AMLCO with the implementation of the CAP, as applicable.
7. General Acceptance Policy
The Client Acceptance Policy (hereinafter the ‘CAP’), following the principles and guidelines described in this Manual, defines the categorisation and acceptance criteria for clients, to be followed by the Company.
The AMLCO shall be responsible for applying all the provisions of the CAP. In this respect, the heads of all departments of the Company shall also be assisting the AMLCO with the implementation of the CAP, as applicable.
7.1 General Principles of the CAP
The General Principles of the CAP are the following:
7.2 Criteria for Accepting New Clients (based on their respective risk)
This Section describes the criteria for accepting new clients based on their risk categorisation.
7.2.1 Normal Risk Clients
The Company shall accept clients who are categorised as normal risk clients as long as the general principles under Section 6 of the Manual are followed.
7.2.2 High Risk Clients
The Company shall accept clients who are categorised as high risk clients as long as the general principles under Section 6 of the Manual are followed.
Moreover, the Company, when dealing with high risk clients, shall apply the enhanced client identification and due diligence measures as well as the Due Diligence and Identification Procedures for the specific types of high risk clients in accordance to Section of the Manual as applicable.
7.3 Not Acceptable Clients
Clients who fail or refuse to submit the requisite data and information for the verification of identity and the creation of a company profile, without adequate justification, are not acceptable for establishing a business relationship with the Company.
7.4 Client Categorisation Criteria
This Section defines the criteria for the classification of clients based on their risk. The AMLCO shall be responsible for such classification of clients, into one of three (3) types set below:
7.4.1 Low Risk Clients
The following types of clients can be classified as low risk clients with respect to the Money
Laundering and Terrorist Financing risk which the Company faces:
1) a contracting state of the European Economic Area;
2) a third country that has effective AML/CFT systems;
3) a third country where, according to credible sources, the level of corruption and other criminal activity is low;
4) a third country where, according to credible sources such as mutual evaluations, reports or published follow up reports, AML/CFT requirements that are in accordance with the updated recommendations of the Financial Action Task Force (FATF), and where the requirements are effectively implemented.
It is provided that, in the cases mentioned above, the Company has to gather sufficient information to establish if the client qualifies as a low-risk client. In this respect, the AMLCO shall be responsible to gather the said information. The said information shall be duly documented and filed, as applicable, according to the recording keeping procedures described in Section 11of the Manual.
The client information updating is required every 5 years.
7.4.2 Normal Risk Clients
The following types of clients can be classified as normal risk clients with respect to the Money Laundering and Terrorist Financing risk which the Company faces:
(a) Face-to-face client;
(b) Existing well known client;
(c) Client represented by well-known Business Partner;
(d) Companies that have open bank account in EU banks for more than 3 years;
(e) Clients that are resident in geographical areas of lower risk (third countries that having effective AML/CFT system; third countries identified by credible sources as having a low level of corruption or other criminal activity).
(f) Any client who does not fall under the 'low risk clients' or 'high risk clients' categories set in Sections 7.4.1 and 7.2.2, respectively.
The client information updating is required every 3 years.
7.4.3 High Risk Clients
The following types of clients can be classified as high risk clients with respect to the Money Laundering and Terrorist Financing risk which the Company faces:
The client information updating is required every 6 months.
8. Client Due Diligence and Identification Procedures
8.1 Application of Client Due Diligence and Identification Procedures
The Company shall duly apply client identification procedures and client due diligence measures in the following cases:
In this respect, it is the duty of the AMLCO to apply the relevant Client Due Diligence Identification Procedures described in Section 7 of the Manual for the four (4) cases mentioned above. Furthermore the departments responsible to collect and file the relevant client identification documents shall to do so in accordance to the recording keeping procedures described in Section 10.1 of the Manual.
Further, the AMLCO shall be responsible to maintain at all times and use during the application of Client Due Diligence and Identification Procedures template-checklists (Appendix 1 of the Manual) with respect to required documents and data from potential clients, as per the requirements of the Act.
8.2 Transactions that Favour Anonymity
In the case of clients' transactions via internet, telephone, fax or other electronic means where the client is not present so as to verify the authenticity of his/her identification documents, or his/her signature, or the fact that he is the Ultimate Beneficial Owner, the Company applies reliable methods, procedures and control mechanisms so as to ensure such verifications.
8.3 Failure or Refusal to Submit Information for the Verification of Clients' Identity
Failure or refusal by a client to submit, before the establishment of a business relationship, the requisite data and information for the verification of his identity and the creation of his / his company profile, without adequate justification, constitutes elements that may lead to the creation of a suspicion that the client is involved in money laundering or terrorist financing activities. In such an event, the Company shall not proceed with the establishment of the business relationship or the execution of the occasional transaction while at the same time the AMLCO considers whether it is justified under the circumstances to submit a report to the Financial Intelligence Unit, according to Section 10 of the Manual.
During the business relationship, a client fails or refuses to submit, within a reasonable timeframe. the required verification data and information according to Section 7 of the Manual, the Company shall terminate the business relationship with the client while at the same time shall examine whether it is justified under the circumstances to submit a report to the Financial Intelligence Unit, according to Section 10 of the Manual.
The provisions of this section are not applied where the Company has notified the Financial Intelligence Unit of the establishment of a business relationship, transaction or an attempted transaction in accordance with the procedure provided for in § 49 of the Act and section 10 of the Manual and received from the Financial Intelligence Unit a specific instruction to continue the business relationship, the establishment of the business relationship or the transaction.
8.4 Time of Application of the Due Diligence and Client Identification Procedures
With respect to the timing of the application of the Due Diligence and Client Identification
Procedures, the AMLCO shall be responsible for the application of the following provisions:
8.5 Construction of a Profile and General Client Identification and Due Diligence Principles
It is noted that no single form of identification can be fully guaranteed as genuine or representing correct identity and, consequently, the identification process will generally need to be cumulative.
For the purposes of the provisions relating to identification procedures and client due diligence requirements, proof of identity is satisfactory if:
The Company, where necessary may request and obtain additional data and information regarding the client business activities or the source of wealth.
The Company shall apply each of the Client Due Diligence Measures and Identification Procedures aforementioned, but may determine the extent of such measures on a risk-sensitive basis depending on the type of client and business relationship. The Company shall be able to demonstrate to FIU that the extent of the measures is appropriate in view of the risks of the use of Administrative and Ancillary Services for the purposes of Money Laundering and Terrorist Financing.
The construction of the clients profile according to the provisions above shall be undertaken by the AMLCO. In this respect, the data and information collected for the construction of the profile shall be fully documented and filed, as applicable.
8.6 Further Obligations for Client Identifications and Due Diligence Procedures
In addition to the aforesaid principles, the Company, and specifically the AMLCO shall:
Despite the obligation described in point (a) above and while taking into consideration the level of risk, if at any time during the business relationship the Company becomes aware that reliable or adequate data and information are missing from the profile of the client, then the Company takes all necessary action, by applying the client identification and due diligence procedures set out in the Manual, to collect the missing data and information, the soonest possible, so as to identify the client and update and complete the client's profile.
8.7. Simplified Client Identification and Due Diligence Procedures
With respect to the provisions of the Act for simplified client identification and Due Diligence Procedures, the following shall apply:
- identification of the beneficial owner;
- understanding of business relationships, an occasional transaction or act and, where relevant, gathering information thereon;
- gathering information on whether a person is a politically exposed person, their family member or a person known to be close associate;
- execution of a long-term contract with the client in writing, electronically or in a form reproducible in writing;
- payments accrue to the obliged entity in the framework of the business relationship only via an account held in a credit institution or the branch of a foreign credit institution registered in the Estonian commercial register or in a credit institution established or having its place of business in a contracting state of the European Economic Area or in a country that applies requirements equal to those of Directive (EU) 2015/849 of the European Parliament and of the Council;
The Company may choose the extent of performance of the duty and the need to verify the information and data used therefore with the help of a credible and independent source.
The Company shall not consider that clients represent a low risk of money laundering or terrorist financing if there is information available to suggest that the risk of money laundering or terrorist financing may not be low.
8.8 Enhanced Client Identification and Due Diligence (High Risk Clients)
8.8.1 General Provisions
The AMLCO shall apply enhanced due diligence measures with respect to the clients categorised as high risk clients according to the criteria set in sections 7.2.2 and 7.4.3 of this Manual.
These measures include the following:
Below are described due diligence and identification procedures with respect to high risk clients:
8.8.2. Non Face-to-Face Clients
The AMLCO shall apply the following with respect to non-face-to-face clients:
1. In situations where a client, especially a non-resident of Estonia, requests the establishment of a business relationship through mail, telephone, or the internet without presenting himself for a personal interview, the Company must follow the established client identification and due diligence procedures, as applied for clients with whom it comes in direct and personal contact and obtain exactly the same identification information and documents.
However, due to the difficulty in matching the client with the collected identification data, the Company shall apply additional verification measures such as: obtaining of notary certification of identification documents and proof of address, or as an alternative for notary certification - a selfie of the owner of such documents, so as to effectively mitigate the risks associated with such business relationship.
8.8.3 Trust accounts
The AMLCO shall apply the following when the Company establishes a business relationship with trusts:
8.8.4 “Politically Exposed Persons” Accounts
The Company shall apply the following with respect to its dealings with “Politically Exposed
The Company shall pay more attention when the said persons originate from a country which is widely known to face problems of bribery, corruption and financial irregularity and whose anti-money laundering Laws and regulations are not equivalent with international standards.
With regard to the issue of corruption, one useful source of information is the Transparency International Corruption Perceptions Index which can be found on the website of Transparency International at www.transparency.org.
With regard to the issue of adequacy of application of the 40+9 recommendations of the FATF, the Company shall retrieve information from the country assessment reports prepared by the FATF or other regional bodies operating in accordance with FATF's principles (e.g. Moneyval Committee of the Council of Europe) or the International Monetary Fund.
BITCHANGE OÜ utilises the IDenfy system and conducts internet and social media check of a company and related individuals, as a standard approach.
8.8.5. Clients from Countries which Inadequately Apply FATF's Recommendations
8.9 Client Identification and Due Diligence Procedures (Specific Cases)
The AMLCO shall ensure that the appropriate documents and information with respect to the following cases shall be duly obtained, as applicable and appropriate:
8.9.1 Natural persons residing in Estonia
1.The Company shall obtain the following information to ascertain the true identity of the natural persons residing in Estonia:
The verification of the potential client's identity shall be made by a reference to an original document which is issued by a reliable source and carries the potential client's photo (identity card, passport and etc.) The Company shall retain a copy of the passport/identity card. After presented the Company shall keep copies of the pages containing all relevant information which is certified by the Company as true copy of the original document.
8.9.2 Natural persons not residing in Estonia
For prospective clients who are not normally residing in Estonia, it is important that, as far as possible, the same verification procedures to those for clients who are residents of Estonia (see above) should be carried out and the same information obtained.
Prospective clients shall be requested to provide information on public positions which they hold or held in the last twelve months as well as whether the prospective client is a close relative or associate of such individual in order to verify if the prospective client is a politically exposed person.
For prospective clients who are not residing in Estonia, passports shall always be requested and, if available, official identity cards issued by the competent authorities of their country of origin are obtained and certified true copies of the pages containing the relevant information from the said documents are obtained and kept in customers' files.
Furthermore, if in doubt of the genuineness of any document (passport, national identity card or documentary evidence of the address) the Company shall seek verification of the identity with an Embassy or the Consulate of the issuing country or a reputable credit or financial institution situated in the prospective client's country of residence.
Verification details should be requested covering true name or names used, current permanent address and verification of signature. Alternatively, verification correspondence from a known (verifiable) organisation authority (e.g. University, Lawyers' Association, or tax authority) shall suffice.
The Company can place reliance on third parties for the implementation of potential clients’ identification provided that the third party makes immediately available all data and information, which must be certified true copies of the originals that were collected in the course of applying customer identification and due diligence procedures.
It is important that the documents/data obtained are in either original form or in certified true copy form. In the case that the documents/data are certified true copies by a different person than the. Company itself or by a third party mentioned above, the documents /data must be notarised.
If an original document / its certified copy is unavailable, the authenticity of such document shall be proved by the photo of a natural person bearing the relevant document.
In addition to the aim of preventing Money Laundering and Terrorist Financing, the abovementioned information is also essential for implementing the financial sanctions imposed against various persons by the United Nations and the European Union. In this respect, passport's number, issuing date and country as well as the client's date of birth always appear on the documents obtained, so that the Company would be in the position to verify precisely whether a client is included in the relevant list of persons subject to financial sanctions which are issued by the United Nations or the European Union based on a United Nations Security Council's Resolution and Regulation or a Common Position of the European Union's Council respectively.
8.9.3 Unincorporated Businesses, Partnerships and Other Persons with no Legal Substance
1. In the case of unincorporated businesses, partnerships and other persons with no legal substance, the identity of the Directors, partners, Beneficial Owners and other individuals who are authorised to manage the company shall be verified according to the procedures set in Sections 8.9.1 and 8.9.2.
In addition, in the case of partnerships, the original or a certified true copy of the partnership's registration certificate shall be obtained.
2. The Company shall obtain documentary evidence of the head office address of the business, ascertains the nature and size of its activities and receives all the information required according to Section 7.5 for the creation of the economic profile of the business.
8.9.4. Legal Persons
Before a business relationship shall be established, measures should be taken by way of a company search and/or other commercial enquiries to ensure that the applicant company has not been, or is not in the process of being, dissolved, struck-off, wound-up or terminated. In the case of locally incorporated companies, identification should aim at verifying the identity of:
(a) The company;
(b) The company directors;
(c) The company shareholders.
The company's business profile in terms of the nature and scale of its activities shall also be established.
For the verification of the identity of corporate clients, the Company requests and obtains, inter alias, original or certified true copies of the following documents:
The identities of the persons stated in points (b) and (c) above, have to be verified in accordance with the procedures of identity verification of natural or legal persons.
In the case where the registered shareholders act as nominees of the beneficial shareholders, a copy of the trust deed/agreement concluded between the nominee company shareholder and the beneficial shareholder.
Where deemed appropriate under the circumstances, a search of the file at the Companies' Registry should be made.
For legal persons incorporated outside Estonia, the Company requests and obtains documents similar to the above.
As an additional due diligence measure, on a risk-sensitive basis, the Company shall carry out (when deemed necessary) a search and obtain information from the records of the Registrar of Companies of Estonia (for domestic companies) or from a corresponding authority in the company's (legal person's) country of incorporation (for foreign companies) and/or request information from other sources in order to establish that the applicant company (legal person) is not, nor is in the process of being dissolved or liquidated or struck off from the registry of the Registrar of Companies and that it continues to be registered as an operating company in the records of the Registrar of Companies of Estonia or by an appropriate authority outside Estonia.
In the case of a client-legal person that requests the establishment of a business relationship and whose direct/immediate and principal Shareholder is another legal person, registered in Estonia or abroad, the Company, before establishing a business relationship, shall verify the ownership structure and the identity of the natural persons who are the Beneficial Owners and/or control the other legal person.
The identity of the Ultimate Beneficial Owners must be verified in accordance with the procedures of identity verification of natural persons.
Apart from verifying the identity of the Beneficial Owners, the Company shall identify the persons who have the ultimate control over the legal person's business. In the cases that the ultimate control rests with the persons who have the power to manage the legal person without requiring authorisation and who would be in a position to override the internal procedures of the legal person, the Company shall verify the identity of the natural persons who exercise ultimate control as described above even if those persons have no direct or indirect interest or an interest of less than 25 per cent in the legal person's ordinary share capital or voting rights.
In cases where the Beneficial Owner of a legal person, requesting the establishment of a business relationship, is a trust set up in Estonia or abroad, the Company shall implement the following procedure:
8.9.5. Nominees or agents of third persons
l. The Company shall take reasonable measures to obtain adequate documents, data or information for the purpose of establishing and verifying the identity, according to the procedures set in Section 8 of the Manual, of:
(a) The nominee or the agent of the third person, and
(b) Any third person on whose behalf the nominee or the agent is acting.
2. In addition, the Company shall obtain a copy of the authorisation agreement that has been concluded between the interested parties.
8.10. Reliance on Third Persons for Client Identification and Due Diligence Purposes
l. The Company may rely on third persons for the implementation of Client Identification and Due Diligence Procedures, provided that:
2. For the purposes of this Section of the Manual, third person means credit institutions or financial institutions or auditors or independent legal professionals or person providing trust and administrative services included in the definition of the term ‘Business Activities’, falling under the EU Directive and the Act and which:
3. Further to point 2 above, third person for the purposes of this Section of the Manual may also be any other person who is engaged in financial business, or accountants or independent legal professionals or persons providing to third parties trust and administrative services as included in the definition of the term ‘Business Activities’ and who operate in countries outside the EEA and which according to a relevant decision of the Advisory Authority, have been determined that they impose equivalent procedures and measures for the prevention of Money Laundering and Terrorist Financing to those laid down by the EU Directive and the Act.
It is provided that the abovementioned third persons have to fulfil the requirements set out in points 2(a) and 2(b) above.
4. The Company may rely on third persons only at the outset of establishing a business relationship for the purpose of verifying the identity of their clients. According to the degree of risk, any additional data and information for the purpose of updating the client's profile, is obtained from the natural persons (Directors, Beneficial Owners) who control and manage the activities of the client and have the ultimate responsibility of decision making as regards to the management of funds and assets.
5. Further to point 3 above, in the case where the third person of subparagraph (1) is an Accountant or an independent legal professional or a trust and company services provider from a country which is a member of the EEA or a third country that the Advisory Authority has determined to be applying procedures and measures for the prevention of Money Laundering and Terrorist Financing equivalent to the EU Directive and the Act, then the Company, before accepting the client identification data verified by the said third person, shall apply the following additional measures/procedures:
The AMLCO shall be responsible for the implementation of the provisions mentioned in this Section of the Manual.
9. On-Going Monitoring Process
The AMLCO shall be responsible for maintaining as well as developing the on-going monitoring process of the Company.
The procedures of on-going monitoring shall include the following:
10. Recognition and reporting of Suspicious Transactions/Activities to the FIU
10.1 Reporting Suspicious Transactions to the FIU
The Company, in cases of suspicion of money laundering or terrorist financing, reports, through the AMLCO, such suspicion to the FIU in accordance with point (g) of Section 5.2 and Section 9 of the Manual.
10.2. Anti-Money Laundering Compliance Officer’s Report to the FIU
All reports of the AMLCO submitted via the online form of the Financial Intelligence Unit or via the X-road service.
After the submission of a suspicious report, the Company may subsequently wish to terminate its relationship with the client concerned for risk avoidance reasons. In such an event, the Company exercises particular caution, according to § 51 of the Act, not to alert the client concerned that a suspicious report has been submitted to the FIU. Close liaison with the FIU is, therefore, maintained in an effort to avoid any frustration to the investigations conducted.
After submitting the suspicious report, the Company adheres to any instructions given by the FIU and, in particular, as to whether or not to continue or suspend a particular transaction or to maintain the particular account active.
Furthermore, after the submission of a suspicious report, the clients' profile is placed under the close monitoring of the AMLCO.
10.3. Submission of Information to the FIU
The data used for identifying the person and verifying the submitted information and, if any, copies of the documents are added to the report.
Requirements for the contents and form of a notice submitted to the FIU and the guidelines for the submission of a report are established by the authorised governmental body of Estonia.
11. Record-Keeping Procedures.
The Compliance Department of the Company shall maintain records of the client identification documents obtained during the Client Identification and Due Diligence Procedures, as applicable.
The documents/data mentioned above shall be kept for a period of at least five (5) years, which is calculated after the termination of the business relationship.
It is provided that the documents/data mentioned above, which may be relevant to on-going investigations shall be kept by the Company until the FIU confirms that the investigation has been completed and the case has been closed.
11.2 Format of Records
The Compliance Department shall retain the documents/data mentioned in Section 10.1 of the Manual, other than the original documents. Their Certified true copies that are kept in a hard copy form, stored in fire proof cabinets or in other forms, such as electronic form, provided that the Compliance Department shall be able to retrieve the relevant documents/data without undue delay and present them at any time, to the FIU, after a relevant request.
In case the Company will establish a documents/data retention policy, the AMLCO shall ensure that the said policy shall take into consideration the requirements of the Law and the Directive.
11.3 Certification and Language of Documents
1. The documents/data obtained, shall be in their original form or in a certified true copy form, or confirmed by the method described in point (d) subsection 2 section 8.8.2.
2. A true translation shall be attached in the case that the documents of point (l) above are in a language other than Estonian, Russian or English.
Each time the Company shall proceed with the acceptance of a new client, the employee who contacts the client, shall be responsible for ensuring compliance with the provisions of points 1 and 2 above.
12. Employees’ Obligations, Education and Training
12.1 Employees’ Obligations
12.2.1 Employees' Education and Training Policy
The AMLCO shall ensure that the Company’s employees are fully aware of their legal obligations according to the Act and the EU Directive, by introducing a complete employees' education and training program.
The timing and content of the training provided to the employees of the various departments will be determined according to the needs of the Company. The frequency of the training can vary depending on the amendments of legal and/or regulatory requirements, employees' duties as well as any other changes in the financial or legal system of Estonia.
The internal training program delivered by the AMLCO aims at educating the Company's employees on the latest developments in the prevention of Money Laundering and Terrorist Financing, including the practical methods and trends used for this purpose.
The training program will have a different structure for new employees, existing employees and for different departments of the Company according to the services that they provide. On-going training shall be given at regular intervals so as to ensure that the employees are reminded of their duties and responsibilities and kept informed of any new developments.
12.2.2 Money Laundering Compliance Officer’s Education and Training Program
The Senior Management of the Company shall be responsible for the AMLCO of the Company to attend external training. Based on his/her training, the AMLCO will then provide training to the employees of the Company.