BITCHANGE    OÜ


Prevention of Money Laundering

&

Terrorist Financing

AML Risk Management Manual

    

Prevention of Money Laundering & Terrorist Financing AML Risk Management Manual


1.

General Definitions

2.

Introduction

3.

Manual Applicability: Provision of Administrative Services

4.

The Responsibilities of the Board of Directors

5. 

5.1. 

5.2.

Money Laundering Compliance Officer

General

Duties of the AMLCO

6.

6.1.

6.2.

6.2.1

6.2.2.

6.3.


6.4.

6.5.

Risk-Based Approach

General Policy

Identification of Risks

General/Principles

Company Risks

Design and Implementation of Measures and Procedures to Manage and Mitigate the Risks

Dynamic Risk Management

Relevant International Organisations

7.

7.1.

7.2.

7.2.1.

7.2.2.

7.3.

7.4.

7.4.1.

7.4.2.

7.4.3.

Client Acceptance Policy

General Principles of the CAP

Criteria for Accepting New Clients (Based on their respective risk)

Normal Risk Clients

High Risk Clients

Not Acceptable Clients

Client Categorisation Criteria

Low Risk Clients

Normal Risk Clients

High Risk Clients

8.

8.1.

8.2.

8.3.

8.4.

8.5.


8.6.

8.7.

8.8.

8.8.1.

8.8.2.

8.8.3.

8.8.4.

8.8.5.

8.9.

Client Due diligence and Identification Procedures

Application of Client Due Diligence and Identification Procedures

Transactions that Favour Anonymity

Failure or Refusal to Submit Information for the Verification of Clients’ Identity

Time of Application of the Due Diligence and Client Identification Procedures

Construction of a Profile and General Client Identification and Due Diligence Principles

Further Obligations for Client Identification and Due Diligence Procedures

Simplified Client Identification and Due Diligence Procedures

Enhanced Client Identification and Due Diligence (High Risk Clients)

General Provisions

Non Face-to-Face Clients

Trust Accounts

‘Politically Exposed Persons’ Accounts

Clients from Countries Which Inadequately Apply FATF’s Recommendations

Client Identification and Due Diligence Procedures (Specific Cases)

8.9.1.

8.9.2.

8.9.3.

8.9.4.

8.9.5.

8.10.

Natural Persons Residing in Estonia

Natural Persons Not Residing in Estonia

Unincorporated Businesses, Partnerships and Other Persons with no Legal Substance

Legal Persons

Nominees or Agents of Third Persons

Reliance on Third Persons for Client Identification and Due Diligence Purposes

9.

9.1.

9.2.

On-going Monitoring Process

General

Procedures

10.

10.1.

10.2.

10.3.

Recognition and Reporting of Suspicious Transactions/Activities to the FIU

Reporting of Suspicious Transactions to the FIU

Anti-Money Laundering Compliance Officer’s Report to the FIU

Submission of Information to the FIU

11.

11.1.

11.2.

11.3.

Record-Keeping Procedures

General

Format of Records

Certification and Language of Documents

12.

12.1.

12.2.

12.2.1.

12.2.2.

Employees’ Obligations, Education and Training

Employees’ Obligations 

Education and Training

Employees’ Education and Training Policy 

Money Laundering Compliance Officer Education and Training Program

13.

Appendices





  1. General Definitions


For the purposes of this Manual, unless the context shall prescribe otherwise:


Money laundering” means:

- the conversion or transfer of property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions;

- the acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein;

 - the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such an activity.


Money laundering also means participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the activities referred to in subsection 1 of this section.


- Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.


 - Knowledge, intent or purpose required as an element of the activities referred to in the first three subsections of this section may be inferred from objective facts.


 - Money laundering is regarded as such also where the details of a criminal activity which generated the property to be laundered have not been identified.


Terrorism financing” means acts of financing of terrorism as defined in § 237 of the Penal Code of Estonia.


Beneficial Owner” means the natural person or natural persons, who: 


  1. Takes advantages of his influence, exercises control over a transaction, operation or another person and in whose interests of favour or on whose account a transaction , act, action, operation or step or over another person and in whose interests or favour or on whose account a transaction or act, action, operation or step is made.
  2. Ultimately owns or control a legal person through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that person, including through bearer shareholdings, or through control via other means.
    Direct ownership is a manner of exercising control whereby a natural person holds a shareholding of 25 per cent plus one share or an ownership interest of more than 25 per cent in a company. Indirect ownership is a manner of exercising control whereby a company which is under the control of a natural person holds or multiple companies which are under the control of the same natural person hold a shareholding of 25 per cent plus one share or an ownership interest of more than 25 per cent in a company.
  3. Senior managing official is deemed as a beneficial owner in the case, where it is impossible to identify the person specified in point (a) after applying of all possible attempts of such identification 
  4. In the case of a trust, civil law partnership, community or legal arrangement, the beneficial owner is the natural person who ultimately controls the association via direct or indirect ownership or otherwise and is such associations’: settlor or persons who has handed over property to the asset pool, trustee or manager or possessor of the property, person ensuring and controlling the preservation of property, where such person has been appointed or the beneficiary , or where the beneficiary or beneficiaries have yet to be determined, the class of persons in whose main interest such association is set up or operates.
  5. In other cases prescribed by the Act.


Client” means any legal or physical person aiming to conclude a business relationship with the Company.


FIU” means Financial Intelligence Unit of Estonia.


Compliance officer” or “AMLCO” means a representative appointed by the Board of Directors of the Company who is responsible for the effectiveness of the execution of the rules hereto, conducting compliance over the adherence to the rules and serving as a contact person of the FIU. 


Company” means BITCHANGEOÜ (incorporated in Estonia with registration number 14338665), a provider of trust and company services, provider of a service of exchanging a virtual currency against a fiat currency, providers of a virtual currency wallet service.


Act” means the Money Laundering and Terrorist Financing Prevention Act, passed 26.10.2017.


Transaction” means any cash flow or payment order or virtual currency wiring between a Client and the Company. 


Politically exposed person” or “PEP” means a natural person who is or who has been entrusted with prominent public functions including a head of State, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d'affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a State-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organisation, except middle-ranking or more junior officials. The aforesaid definition also means a person is or who has been entrusted with prominent public functions in Estonia, another contracting state of the European Economic Area or an institution of the European Union.


Family member” means the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a child and their spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a parent of a politically exposed person or local politically exposed person.


Person known to be close associate” means a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person or a local politically exposed person; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person or local politically exposed person.


High-risk third country” means a country specified in a delegated act adopted on the basis of Article 9(2) of Directive (EU) 2015/849 of the European Parliament and of the Council on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC.


Equivalent third country” means a country not a Member State of European Economic Area but applying an equivalent regime to the European Union corresponding (AML) framework.


Virtual currency” means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp. 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive.




2. Introduction


The purpose of the Manual is to document the Company’s internal practice, measures, procedures and controls relevant to the prevention of Money Laundering and Terrorist Financing.


The Manual is developed and periodically updated by the AMLCO based on the general principles set up by the Company’s Board of Directors (hereinafter the ‘Board’) in relation to the prevention of Money Laundering and Terrorist Financing.


All amendments and/or changes of the Manual must be approved by the Board.


The Manual shall be communicated by the AMLCO to all the employees of the Company that are responsible for the application of the practices, measures, procedures and controls that have been determined herein.


The Manual has been prepared to comply with the provisions of the Act and all the relevant guidelines of the FIU. 


3. Manual Applicability: provision of services.


The Manual applies to all various types of services provided by the Company to the clients.

In this respect, the AMLCO shall be responsible to update the Manual so as to comply with FIU’s further requirements, as applicable, regarding the Client Identification and Due Diligence Procedures which the Company must follow.


4. The Responsibilities of the Board of Directors


The responsibilities of the Board in relation to the prevention of Money Laundering and Terrorist Financing include the following:


  1. To determine, record and approve the general policy principles of the Company in relation to the prevention of Money Laundering and Terrorist Financing and communicate them to the AMLCO;
  2. To appoint the AMLCO, and where necessary, assistant AMLCOs and determine their duties and responsibilities which are stated in this Manual;
  3. To approve the management and procedures Manual, which is communicated to all employees of the Company responsible for the application of the practices, measures, procedures and controls that have been determined;
  4. To ensure that all requirements of the Act are applied, and assure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement;
  5. To ensure that the AMLCO and his/her assistant(s), if any, and any other person who has been assigned with the duty of implementing the procedures for the prevention of Money Laundering and Terrorist Financing have complete and timely access to all data and information concerning clients’ identity, documents (as and where applicable) and other relevant files and information maintained by the Company so as to be fully facilitated in the effective execution of their duties, as included herein;
  6. To ensure that all employees are aware of the person who has been assigned the duties of the AMLCO, as well as his/her assistant(s) (if any), to whom they report any information concerning transactions and activities for which they have knowledge or suspicion that might be related to money laundering and terrorist financing;
  7. To establish a clear and quick reporting chain based on which information regarding suspicious activities is passed without delay to the AMLCO for its explicit prescription in the Manual;
  8. To ensure that the AMLCO has sufficient resources, including competent staff and technological equipment’s, for the effective discharge of his duties;
  9. To inform The Financial Intelligence Unit about the appointment of the Compliance officer in accordance with the requirement of (5) § 17 of the Act;


5. Money Laundering Compliance Officer 

5.1. General

The AMLCO shall belong hierarchically to the higher ranks of the Company’s organisational structure so as to command the necessary authority. The AMLCO shall lead the Company’s Money Laundering compliance procedures and processes and report to Senior Management. The AMLCO shall also have access to all relevant information necessary to perform his/her duties.

The level of remuneration of the AMLCO shall not compromise his objectivity. BITCHANGE OÜ AMLCO is Mr. Aleksandr Bezus.


5.2. Duties of the AMLCO

All company’s employees shall report to the AMLCO their knowledge of suspicion of transactions involving money laundering terrorist financing.

The AMLCO shall be part of the management of the Company so as to command the necessary authority. The AMLCO shall lead the Company’s Money Laundering Compliance procedures and processes and report to the Senior Management of the Company.

Once a Company’s employee has report his/her suspicion to the AMLCO he/she shall be considered to have fully satisfied his/her statutory requirements, according to the Act.

The AMLCO shall always approve the client file before accepting a new client.

The duties of the AMLCO include the following:

(a) To design, based on the general policy principles of the Company, the internal practice, measures, procedures and controls relevant to the prevention of money laundering and terrorist financing, and describe and explicitly allocate the appropriateness and the limits of responsibility of each department that is involved in the abovementioned;


(b) To develop and establish the clients’ acceptance policy and submit it to the Board for consideration and approval;

(c) To prepare/update the risk management and procedures Manual to deal, inter alia with cases which could be related to money laundering and terrorist financing (hereinafter, the ‘AML Manual’);

(d) To monitor and assess the correct and effective implementation of the policy, the practices, measures, procedures and controls of point (a) above, and, in general, the implementation of the AML Manual of point (c) above. In this respect, the AMLCO shall give appropriate monitoring mechanisms. In cases that weaknesses are identified in the application of the required practices, measures, procedures and controls, the AMLCO shall give appropriate guidance for corrective measures and, where deemed necessary, inform the Board;

(e) To receive information from the Company’s employees which is considered to be knowledge or suspicion of money laundering and terrorist financing activities or might be related with such activities. The information shall be received in a written report form called the “internal suspicion report”;

(f) To examine and assess the information received as per (e) above, in the light of other relevant information and discuss the circumstances of the case with the informer and his/her managers. The evaluation of the information of point (e) above shall be done on a report (hereinafter, the “Internal Evaluation Report”);

(g) If following the evaluation described in point (f) above, AMLCO decision is to notify the FIU;

(h) If following the evaluation described in point (f) above, the MLCO decides not to notify the FIU, then he/she shall provide sufficient explanations as to the reasons for such a decision. The said reasons shall be clearly recorded on the AMLCO’s internal evaluation report;

(i) To be a contact person with the FIU, upon commencement of and during an investigation as a result of filing a report to the FIU according to point (g) above;

(j) To ensure the preparation and maintenance of the lists of clients categorised following a risk-based approach, which shall contain the names of clients, their company number (if applicable);

(k) To detect, record and evaluate, at least on an annual basis, all risks arising from existing and new clients and update and amend the systems and procedures applied by the Company for the effective management of the aforementioned risks;

(l) To evaluate the systems and procedures applied by a third person on whom the Company may rely for client identification and due diligence purposes, and approve the cooperation with it, as applicable;

(m) To provide advice and guidance to the employees of the Company on subjects related to money laundering and terrorist financing;

(n) To respond to all requests and queries from the FIU, to provide all requested information and to fully cooperate with the FIU;


6. Risk-Based Approach

6.1 General Policy

The Company shall apply appropriate measures and procedures, by adopting a risk-based approach, so as to focus its effort in those areas where the risk of Money Laundering and Terrorist Financing appears to be comparatively higher.

Further, the AMLCO shall monitor and evaluate, on an on-going basis, the effectiveness of the measures and procedures of Section 6 of the Manual.

The adopted risk-based approach that is followed by the Company, and described in the Manual, has the following general characteristics: 

  1. Recognises that the money laundering or terrorist financing threat varies across clients, countries and services;
  2. Allows the Board to differentiate between clients of the Company in a way that matches the risk of their particular business, source of wealth, country of residence;
  3. Allows the Board to apply its own approach in the formulation of policies, procedures and controls in response to the Company's particular circumstances and characteristics;
  4. Helps to produce a more cost-effective system;
  5. Promotes the prioritisation of effort and actions of the Company in response to the likelihood of Money Laundering and Terrorist Financing occurring through the use of the administrative and ancillary services.

The risk-based approach adopted by the Company, and described in the Manual, involves specific measures and procedures in assessing the most cost effective and appropriate way to identify and manage the Money Laundering and Terrorist Financing risks faced by the Company.

Such measures include:

  1. Identifying and assessing the Money Laundering and Terrorist Financing risks emanating from particular clients or types of clients, services, and geographical areas of operation of its clients;
  2. Managing and mitigating the assessed risks by the application of appropriate and effective measures, procedures and controls;
  3.  Continuous monitoring and improvements in the effective operation of the policies, procedures and controls.

The application of appropriate measures and the nature and extent of the procedures on a risk-based approach depends on different indicators. Such indicators include the following:


  1. The scale and complexity of the services offered;
  2. Geographical spread of the services and clients;
  3. The nature (e.g. non face-to-face) and economic profile of clients as well as of services offered;
  4. The nature of business activities and source of wealth;
  5. The volume and size of transactions;
  6. The degree of risk associated with each area of services;
  7. The country of origin and destination of clients' funds;




The AMLCO shall be responsible for the development and implementation of the policies, procedures and controls on a risk-based approach.


6.2 Identification of Risks


6.2.1 General/Principles


The risk-based approach adopted by the Company involves the identification, recording and evaluation of the risks that have to be managed.

The Company shall assess and evaluate the risks it faces, for the use of the Administrative and Ancillary Services for the purpose of Money Laundering or Terrorist Financing. The particular circumstances of the Company determine suitable procedures and measures that need to be applied to counter and manage risk.


In the cases where the services that the Company provides are relatively simple, involving relatively few clients or clients with similar characteristics, then the Company shall apply such procedures which are able to focus on those clients who fall outside the 'norm'.


The Company shall be, at all times, in a position to demonstrate to FIU that the extent of

measures and control procedures it applies are proportionate to the risk it faces for the use of

the administrative and ancillary services, for the purpose of Money Laundering and

Terrorist Financing.


6.2.2 Company Risks


The following, inter alia, are sources of risks which the Money Laundering and Terrorist Financing:

 (a) Risks based on the clients nature:

  1. Clients from high risk countries known for high level of corruption or organised crime or trafficking;
  2. Clients engaged in transactions which involve significant amounts of cash;
  3. PEPs;
  4. Companies incorporated in offshore centres;
  5. Companies with bearer shares.


(b) Risks based on the clients behaviour:

  1. Client transactions where there is no apparent legal financial/commercial rationale;
  2. Situations where the origin of wealth and/or source of funds is not verified; 
  3. Unwillingness of clients to provide information on the Beneficial Owners of a legal person.

(c) Risk based on the clients initial communication with the Company:

  1. Non face-to-face clients;
  2. Clients introduced by a third person.


Detailed basis for risk categorization mention in s.7.4 of this Manual.



6.3 Design and Implementation of Measures and Procedures to Manage and Mitigate the Risks


Taking into consideration the assessed risks, the Company shall determine the type and extent of measures it will adopt in order to manage and mitigate the identified risks in a cost effective manner.


These measures and procedures include:


  1. Adaption of the Client Due Diligence Procedures in respect of clients in line with their assessed Money Laundering and Terrorist Financing risk;
  2. Requiring the quality and extent of required identification data for each type of client to be of a certain standard (e.g. documents from independent and reliable sources, third person information, documentary evidence);
  3. Obtaining additional data and information from the clients, where this is appropriate for the proper and complete understanding of their activities and source of wealth and for the effective management of any increased risk emanating from the particular business relationship or the occasional transaction;
  4. On-going monitoring of high risk clients' transactions and activities, as and when applicable.


In this respect, it is the duty of the AMLCO to develop and constantly monitor and adjust the

Company's policies and procedures with respect to the Client Acceptance Policy and Client

Due Diligence and Identification Procedures of Sections 6 and 7 of the Manual, respectively, as well as via a random sampling exercise as regards existing clients. These actions shall be duly documented.


6.4 Dynamic Risk Management


Risk management is a continuous process, carried out on a dynamic basis. Risk assessment is not an isolated event of a limited duration. Clients' activities, as well as the services provided by the Company, change. The same applies to the activities used for money laundering or terrorist financing.


In this respect, it is the duty of the AMLCO to undertake regular reviews of the characteristics of existing clients, new clients, services as well as the measures, procedures and controls designed to mitigate any resulting risks from the changes of such characteristics. These reviews shall be duly documented.


6.5 Relevant International Organisations


For the development and implementation of appropriate measures and procedures on a risk based approach, and for the implementation of Client Identification and Due Diligence Procedures, the AMLCO shall consult data, information and reports that are published in the following relevant international organisations:


(a) FATF (Financial Action Task Force’s) – www.fatf-gafi.org

(b) The Council of Europe Select Committee of Experts on the Evaluation of Anti-Money Laundering (c) Measures (hereinafter ‘MONEYVAL’)- www.coe.int/moneyval

(d) The EU Common Foreign & Security Policy (CFSP) http://europa.eu/rapid/press-release_IP-19-781_en.htm

(e) The UN Security Council Sanctions Committees- www.un.org/sc/committees

(f) The International Money Laundering Information Network (IMOLIN)- www.imolin.org

(g) The International Monetary Fund (IMF)- www.imf.org


The Client Acceptance Policy (hereinafter the ‘CAP’), following the principles and guidelines described in this Manual, defines the categorisation and acceptance criteria for clients, to be followed by the Company.

The AMLCO shall be responsible for applying all the provisions of the CAP. In this respect, the heads of the Legal Departments shall also be assisting the AMLCO with the implementation of the CAP, as applicable.


7. General Acceptance Policy


The Client Acceptance Policy (hereinafter the ‘CAP’), following the principles and guidelines described in this Manual, defines the categorisation and acceptance criteria for clients, to be followed by the Company.

The AMLCO shall be responsible for applying all the provisions of the CAP. In this respect, the heads of all departments of the Company shall also be assisting the AMLCO with the implementation of the CAP, as applicable.



7.1 General Principles of the CAP


The General Principles of the CAP are the following:


  1. The Company shall classify clients into various risk categories and, based on the risk perception, decide on the acceptance criteria for each category of client;
  2. Where the client is a prospective client, services shall be provided only after the relevant Due Diligence and Identification Measures and Procedures have been conducted, according to the principles and procedures set out in Section 7 of the Manual;
  3. All documents and data described in Section 7 of the Manual must be collected before accepting a new client;
  4. No business relationship shall be established between the Company and anonymous or fictitious names(s);
  5. No transactions shall be made unless the prospective client is approved by the AMLCO.


7.2 Criteria for Accepting New Clients (based on their respective risk)


This Section describes the criteria for accepting new clients based on their risk categorisation.


7.2.1 Normal Risk Clients


The Company shall accept clients who are categorised as normal risk clients as long as the general principles under Section 6 of the Manual are followed.


7.2.2 High Risk Clients


The Company shall accept clients who are categorised as high risk clients as long as the general principles under Section 6 of the Manual are followed.


Moreover, the Company, when dealing with high risk clients, shall apply the enhanced client identification and due diligence measures as well as the Due Diligence and Identification Procedures for the specific types of high risk clients in accordance to Section of the Manual as applicable.


7.3 Not Acceptable Clients


Clients who fail or refuse to submit the requisite data and information for the verification of identity and the creation of a company profile, without adequate justification, are not acceptable for establishing a business relationship with the Company.




7.4 Client Categorisation Criteria


This Section defines the criteria for the classification of clients based on their risk. The AMLCO shall be responsible for such classification of clients, into one of three (3) types set below:


7.4.1 Low Risk Clients

The following types of clients can be classified as low risk clients with respect to the Money

Laundering and Terrorist Financing risk which the Company faces:


  1.  Legal persons covered by the EU Directive;
  2. Listed companies who are regulated by a relevant authority in Estonia;
  3. Public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership;
  4. Credit institutions or financial institutions acting on its own behalf or a credit institutions or financial institutions located in a contracting state of the European Union Area or a third country, which in its country of location is subject to requirements equal to those established in Directive (EU) 2015/849 of the European Parliament and of the Council and subject to state supervision;
  5. Persons who are residents of the following countries or geographical areas:

1) a contracting state of the European Economic Area;

2) a third country that has effective AML/CFT systems;

3) a third country where, according to credible sources, the level of corruption and other criminal activity is low;

4) a third country where, according to credible sources such as mutual evaluations, reports or published follow up reports, AML/CFT requirements that are in accordance with the updated recommendations of the Financial Action Task Force (FATF), and where the requirements are effectively implemented.


It is provided that, in the cases mentioned above, the Company has to gather sufficient information to establish if the client qualifies as a low-risk client. In this respect, the AMLCO shall be responsible to gather the said information. The said information shall be duly documented and filed, as applicable, according to the recording keeping procedures described in Section 11of the Manual.


The client information updating is required every 5 years. 


7.4.2 Normal Risk Clients


The following types of clients can be classified as normal risk clients with respect to the Money Laundering and Terrorist Financing risk which the Company faces:

(a) Face-to-face client;

(b) Existing well known client;

(c) Client represented by well-known Business Partner;

(d) Companies that have open bank account in EU banks for more than 3 years;

(e) Clients that are resident in geographical areas of lower risk (third countries that having effective AML/CFT system; third countries identified by credible sources as having a low level of corruption or other criminal activity).

(f) Any client who does not fall under the 'low risk clients' or 'high risk clients' categories set in Sections 7.4.1 and 7.2.2, respectively.


The client information updating is required every 3 years. 


7.4.3 High Risk Clients


The following types of clients can be classified as high risk clients with respect to the Money Laundering and Terrorist Financing risk which the Company faces:


  1. Clients whose own shares or those of their parent companies (if any) have been issued in bearer form;
  2. Trusts, Foundations & Charities;
  3. Clients acting through a third person;
  4. PEPs';
  5. Companies deal with electronic gambling / gaming (internet);
  6. Clients engaged in transactions which involve significant amounts of cash;
  7. Clients from countries which inadequately apply FATF's recommendations;
  8. Any other clients that their nature entail a higher risk of money laundering or terrorist financing;
  9. Any other client determined by the Company itself to be classified as such.


The client information updating is required every 6 months. 



8. Client Due Diligence and Identification Procedures


8.1 Application of Client Due Diligence and Identification Procedures


The Company shall duly apply client identification procedures and client due diligence measures in the following cases:


  1. upon establishment of a business relationship;
  2. upon making or mediating occasional transactions outside a business relationship where a cash payment of over 15 000 euros or an equal amount in another currency is made, regardless of whether the financial obligation is performed in the transaction in a lump sum or in several related payments over a period of up to one year, unless otherwise provided by law;
  3. upon verification of information gathered while applying due diligence measures or in the case of doubts as to the sufficiency or truthfulness of the documents or data gathered earlier while updating the relevant data;
  4. upon suspicion of money laundering or terrorist financing, regardless of any derogations, exceptions or limits provided for in the Act.


In this respect, it is the duty of the AMLCO to apply the relevant Client Due Diligence Identification Procedures described in Section 7 of the Manual for the four (4) cases mentioned above. Furthermore the departments responsible to collect and file the relevant client identification documents shall to do so in accordance to the recording keeping procedures described in Section 10.1 of the Manual.


Further, the AMLCO shall be responsible to maintain at all times and use during the application of Client Due Diligence and Identification Procedures template-checklists (Appendix 1 of the Manual) with respect to required documents and data from potential clients, as per the requirements of the Act.


8.2 Transactions that Favour Anonymity


In the case of clients' transactions via internet, telephone, fax or other electronic means where the client is not present so as to verify the authenticity of his/her identification documents, or his/her signature, or the fact that he is the Ultimate Beneficial Owner, the Company applies reliable methods, procedures and control mechanisms so as to ensure such verifications.


8.3 Failure or Refusal to Submit Information for the Verification of Clients' Identity


Failure or refusal by a client to submit, before the establishment of a business relationship, the requisite data and information for the verification of his identity and the creation of his / his company profile, without adequate justification, constitutes elements that may lead to the creation of a suspicion that the client is involved in money laundering or terrorist financing activities. In such an event, the Company shall not proceed with the establishment of the business relationship or the execution of the occasional transaction while at the same time the AMLCO considers whether it is justified under the circumstances to submit a report to the Financial Intelligence Unit, according to Section 10 of the Manual.


During the business relationship, a client fails or refuses to submit, within a reasonable timeframe. the required verification data and information according to Section 7 of the Manual, the Company shall terminate the business relationship with the client while at the same time shall examine whether it is justified under the circumstances to submit a report to the Financial Intelligence Unit, according to Section 10 of the Manual.

The provisions of this section are not applied where the Company has notified the Financial Intelligence Unit of the establishment of a business relationship, transaction or an attempted transaction in accordance with the procedure provided for in § 49 of the Act and section 10 of the Manual and received from the Financial Intelligence Unit a specific instruction to continue the business relationship, the establishment of the business relationship or the transaction.



8.4 Time of Application of the Due Diligence and Client Identification Procedures


With respect to the timing of the application of the Due Diligence and Client Identification

Procedures, the AMLCO shall be responsible for the application of the following provisions:


  1. The verification of the identity of the client and the beneficial owner shall be performed before the establishment of a business relationship or the carrying out of a transaction.
  2. By way of derogation from point (a) above, the verification of the identity of the client and the Beneficial Owner may, in cases where the risk of money laundering or terrorist financing occurring is low, be completed during the establishment of a business relationship if this is necessary in order not to interrupt the normal conduct of business. In such situations these procedures shall be completed as soon as possible after the initial contact and before any transactions are conducted.
  3. Identification procedures and client due diligence requirements shall be applied not only to all new clients but also to existing clients at appropriate times, depending on the level of risk of being involved in money laundering or terrorist financing.


8.5 Construction of a Profile and General Client Identification and Due Diligence Principles



  1. Sufficient evidence of identity of the current or intended Beneficial Owner(s) of the client. Verification of identification shall be based on reliable data and information issued or obtained from independent and reliable sources. The Company may use the same verification data, document or information for verifying the client's identity and residential address.


  1. The data and information that are collected subsequently to the establishment of the business relationship, with the aim of constructing the client's profile are recorded and retained in the client's file along with all other documents as well as all internal records of meetings with the respective client. The said form is updated regularly or whenever new information emerges that needs to be added to the profile of the client.


It is noted that no single form of identification can be fully guaranteed as genuine or representing correct identity and, consequently, the identification process will generally need to be cumulative.


For the purposes of the provisions relating to identification procedures and client due diligence requirements, proof of identity is satisfactory if:


  1. It is reasonably possible to establish that the client is the person he claims to be; 
  2. And the person who examines the evidence is satisfied, in accordance, with the procedures followed under this Manual that the client is actually the person he claims to be.


The Company, where necessary may request and obtain additional data and information regarding the client business activities or the source of wealth.


The Company shall apply each of the Client Due Diligence Measures and Identification Procedures aforementioned, but may determine the extent of such measures on a risk-sensitive basis depending on the type of client and business relationship. The Company shall be able to demonstrate to FIU that the extent of the measures is appropriate in view of the risks of the use of Administrative and Ancillary Services for the purposes of Money Laundering and Terrorist Financing.


The construction of the clients profile according to the provisions above shall be undertaken by the AMLCO. In this respect, the data and information collected for the construction of the profile shall be fully documented and filed, as applicable.


8.6 Further Obligations for Client Identifications and Due Diligence Procedures


In addition to the aforesaid principles, the Company, and specifically the AMLCO shall:


  1. Ensure that the client identification records remain completely updated with all relevant identification data and information throughout the business relationship;
  2. Examine and check, on a regular basis, the validity and adequacy of the client identification data and information, especially those concerning high risk clients.


The procedures and controls of point (a) in Section 5.2 of the Manual also determine the timeframe during which the regular review, examination and update of the client identification is conducted. The outcome of the said review shall be recorded in a separate note/form which shall be kept in the respective client file.


Despite the obligation described in point (a) above and while taking into consideration the level of risk, if at any time during the business relationship the Company becomes aware that reliable or adequate data and information are missing from the profile of the client, then the Company takes all necessary action, by applying the client identification and due diligence procedures set out in the Manual, to collect the missing data and information, the soonest possible, so as to identify the client and update and complete the client's profile.


8.7. Simplified Client Identification and Due Diligence Procedures


With respect to the provisions of the Act for simplified client identification and Due Diligence Procedures, the following shall apply:


  1. Where the client is categorised as a low-risk client (according to the criteria set in Section 7.4.1 of the Manual) the verification of the identity of the client and the Beneficial Owner may be completed during the establishment of a business relationship if this is necessary not to interrupt the normal conduct of business and where the risk of money laundering or terrorist financing occurring is low. In such situations these procedures shall be completed as soon as possible after the initial contact and before any transactions are conducted.
  2. Upon implementation of the following measures:

- identification of the beneficial owner;

- understanding of business relationships, an occasional transaction or act and, where relevant, gathering information thereon;

- gathering information on whether a person is a politically exposed person, their family member or a person known to be close associate;

- execution of a long-term contract with the client in writing, electronically or in a form reproducible in writing;

- payments accrue to the obliged entity in the framework of the business relationship only via an account held in a credit institution or the branch of a foreign credit institution registered in the Estonian commercial register or in a credit institution established or having its place of business in a contracting state of the European Economic Area or in a country that applies requirements equal to those of Directive (EU) 2015/849 of the European Parliament and of the Council;
- the total value of incoming and outgoing payments in transactions made in the framework of the business relationship does not exceed 15 000 euros a year,


The Company may choose the extent of performance of the duty and the need to verify the information and data used therefore with the help of a credible and independent source.


The Company shall not consider that clients represent a low risk of money laundering or terrorist financing if there is information available to suggest that the risk of money laundering or terrorist financing may not be low.


8.8 Enhanced Client Identification and Due Diligence (High Risk Clients)


8.8.1 General Provisions


The AMLCO shall apply enhanced due diligence measures with respect to the clients categorised as high risk clients according to the criteria set in sections 7.2.2 and 7.4.3 of this Manual.

These measures include the following:


  1. With respect to transactions or business relationships with PEPs, the Company shall:
  2. Have appropriate risk-based procedures to determine whether the client is a PEP;
  3. Have Senior Management approval for establishing business relationships with such clients;
  4. Take adequate measures to establish the source of wealth and source of funds that are involved in the business relationship;
  5. Conduct enhanced on-going monitoring of the business relationship.
  6. Take supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by a credit or financial institution


Below are described due diligence and identification procedures with respect to high risk clients:


8.8.2. Non Face-to-Face Clients


The AMLCO shall apply the following with respect to non-face-to-face clients:


1. In situations where a client, especially a non-resident of Estonia, requests the establishment of a business relationship through mail, telephone, or the internet without presenting himself for a personal interview, the Company must follow the established client identification and due diligence procedures, as applied for clients with whom it comes in direct and personal contact and obtain exactly the same identification information and documents.


However, due to the difficulty in matching the client with the collected identification data, the Company shall apply additional verification measures such as: obtaining of notary certification of identification documents and proof of address, or as an alternative for notary certification - a selfie of the owner of such documents, so as to effectively mitigate the risks associated with such business relationship.


8.8.3 Trust accounts


The AMLCO shall apply the following when the Company establishes a business relationship with trusts: 


  1. Ascertain the legal substance, the name and the date of establishment of the trust and verify the identity of the Trustee and Beneficial Owners, according to the client identification procedures prescribed in throughout Section 8 of this Manual.
  2. Ascertain the nature of activities and the purpose of establishment of the trust as well as the source and origin of funds requesting the relevant extracts from the trust deed and any other relevant information from the Trustees. All relevant data and information shall be recorded and kept in the client's file.


8.8.4 “Politically Exposed Persons” Accounts


The Company shall apply the following with respect to its dealings with “Politically Exposed

Persons”:


  1. The establishment of a business relationship with persons holding important public positions in a foreign country and with natural persons closely related to them, may expose the Company to enhanced risks, especially if the potential Client seeking to establish a business relationship is a PEP, a member of his immediate family or a close associate that is known to be associated with a PEP.


The Company shall pay more attention when the said persons originate from a country which is widely known to face problems of bribery, corruption and financial irregularity and whose anti-money laundering Laws and regulations are not equivalent with international standards.


  1. In order to effectively manage such risks, the Company shall assess the countries of origin of its clients in order to identify the ones that are more vulnerable to corruption or maintain Laws and regulations that do not meet the 40+9 requirements of the FATF, according to Section 7.4.3 of the Manual.


With regard to the issue of corruption, one useful source of information is the Transparency International Corruption Perceptions Index which can be found on the website of Transparency International at www.transparency.org.


With regard to the issue of adequacy of application of the 40+9 recommendations of the FATF, the Company shall retrieve information from the country assessment reports prepared by the FATF or other regional bodies operating in accordance with FATF's principles (e.g. Moneyval Committee of the Council of Europe) or the International Monetary Fund.


  1. The definition of a PEP is provided under Section 1 of the Manual. 
  2. Without prejudice to the application, on a risk-sensitive basis, of enhanced client due diligence measures, where a person has ceased to be entrusted with a prominent public function within the meaning stated in section of 1 of the Manual above for a period of at least one year, the Company shall not be obliged to consider such a person as politically exposed.
  3. All the aforesaid measures of enhanced due diligence applied to a PEP shall be also applied to his/her Family member.
  4. All the aforesaid measures of enhanced due diligence applied to a PEP shall be also applied to a Person known to be his/her close associate.
  5. The Company adopts the following additional due diligence measures when it establishes a business relationship with a PEP:
  6. The Company puts in place appropriate risk management procedures to enable it to determine whether a prospective client is a PEP. Such procedures may include, depending on the degree of risk, the acquisition and installation of a reliable commercial electronic database for PEPs, seeking and obtaining information from the client himself or from publicly available information. In the case of legal entities and arrangements, the procedures will aim at verifying whether the Beneficial Owners, and persons authorised to act on behalf of the legal entities and arrangements constitute PEPs. In case of identifying one of the above as a PEP, then automatically the legal entity or arrangement should be subject to the relevant procedures specified in this Section of the Manual;
  7. The decision for establishing a business relationship with a PEP is taken by the Senior Manager of the Company and the decision is then forwarded to the AMLCO. When establishing a business relationship with a client (natural or legal person) and subsequently it is ascertained that the persons involved are or have become PEPs, then an approval is given for continuing the operation of the business relationship by the Senior Manager of the Company which is then forwarded to the AMLCO;
  8. Before establishing a business relationship with a PEP, the Company shall obtain adequate documentation to ascertain not only the identity of the said person but also to assess his business reputation (e.g. reference letters from third parties);
  9. The Company shall create the profile of the client by obtaining the information specified in Section 8.5. The details of the expected business and nature of activities of the client forms the basis for the future monitoring of the profile. The profile shall be regularly reviewed and updated with new data and information. The Company shall be particularly cautious and most vigilant where its clients are involved in businesses which appear to be most vulnerable to corruption such as trading in oil, arms, cigarettes and alcoholic drinks;
  10. The account shall be subject to annual review in order to determine whether to allow its continuance of operation. A short report shall be prepared summarising the results of the review by the person who is in charge of monitoring the profile report shall be submitted for consideration and approval to the Board and filed in the client's personal file.


BITCHANGE OÜ utilises the IDenfy system and conducts internet and social media check of a company and related individuals, as a standard approach.


8.8.5. Clients from Countries which Inadequately Apply FATF's Recommendations


  1. The FATF 40+9 Recommendations constitute the primary internationally recognised standards for the prevention and detection of Money Laundering and Terrorist Financing.
  2. The Company shall apply the following with respect to clients from countries which inadequately apply FATF's recommendations:
  3. Exercise additional monitoring procedures and pay special attention to business relationships and transactions with persons, physical or legal, from countries which do not apply or apply inadequately the aforesaid recommendations;
  4. With the aim of implementing the above, the AMLCO shall consult the country assessment reports prepared by the FATF (http://www.fatf-gafi.org), the other regional bodies that have been established and work on the principles of FATF [e.g. Moneyval Committee of the Council of Europe (www.coe.int/moneyval)] and the International Monetary Fund (www.imf.org). Based on the said reports, the MLCO assesses the risk from transactions and business relationships with persons from various countries and decides of the countries that inadequately apply the FATF’s recommendations. According to the aforesaid decision of the AMLCO, the Company applies, when deemed necessary, enhanced due diligence measures for identifying and monitoring transactions of persons originating from countries with significant shortcomings in their legal and administrative systems for the prevention of Money Laundering and Terrorist Financing.



8.9 Client Identification and Due Diligence Procedures (Specific Cases)


The AMLCO shall ensure that the appropriate documents and information with respect to the following cases shall be duly obtained, as applicable and appropriate:


8.9.1 Natural persons residing in Estonia


1.The Company shall obtain the following information to ascertain the true identity of the natural persons residing in Estonia:


  1. True name and/or names used as these are stated on the official identity card or passport.
  2. Current permanent address in Estonia (a recent, dated within the last 3 months of the applicant's signature, utility bill such as fixed-line phone, water, electricity);
  3. Date and place of birth;
  4. Profession or occupation;
  5. Passport or ID number (expiring not less than 6 months from the date received);
  6. Telephone and fax numbers , e-mail address, if any;
  7. Nationality.

The verification of the potential client's identity shall be made by a reference to an original document which is issued by a reliable source and carries the potential client's photo (identity card, passport and etc.) The Company shall retain a copy of the passport/identity card. After presented the Company shall keep copies of the pages containing all relevant information which is certified by the Company as true copy of the original document.




8.9.2 Natural persons not residing in Estonia


For prospective clients who are not normally residing in Estonia, it is important that, as far as possible, the same verification procedures to those for clients who are residents of Estonia (see above) should be carried out and the same information obtained.


Prospective clients shall be requested to provide information on public positions which they hold or held in the last twelve months as well as whether the prospective client is a close relative or associate of such individual in order to verify if the prospective client is a politically exposed person.


For prospective clients who are not residing in Estonia, passports shall always be requested and, if available, official identity cards issued by the competent authorities of their country of origin are obtained and certified true copies of the pages containing the relevant information from the said documents are obtained and kept in customers' files.


Furthermore, if in doubt of the genuineness of any document (passport, national identity card or documentary evidence of the address) the Company shall seek verification of the identity with an Embassy or the Consulate of the issuing country or a reputable credit or financial institution situated in the prospective client's country of residence.



Verification details should be requested covering true name or names used, current permanent address and verification of signature. Alternatively, verification correspondence from a known (verifiable) organisation authority (e.g. University, Lawyers' Association, or tax authority) shall suffice.

The Company can place reliance on third parties for the implementation of potential clients’ identification provided that the third party makes immediately available all data and information, which must be certified true copies of the originals that were collected in the course of applying customer identification and due diligence procedures.


It is important that the documents/data obtained are in either original form or in certified true copy form. In the case that the documents/data are certified true copies by a different person than the.  Company itself or by a third party mentioned above, the documents /data must be notarised.

If an original document / its certified copy is unavailable, the authenticity of such document shall be proved by the photo of a natural person bearing the relevant document. 


In addition to the aim of preventing Money Laundering and Terrorist Financing, the abovementioned information is also essential for implementing the financial sanctions imposed against various persons by the United Nations and the European Union. In this respect, passport's number, issuing date and country as well as the client's date of birth always appear on the documents obtained, so that the Company would be in the position to verify precisely whether a client is included in the relevant list of persons subject to financial sanctions which are issued by the United Nations or the European Union based on a United Nations Security Council's Resolution and Regulation or a Common Position of the European Union's Council respectively.



8.9.3 Unincorporated Businesses, Partnerships and Other Persons with no Legal Substance


1. In the case of unincorporated businesses, partnerships and other persons with no legal substance, the identity of the Directors, partners, Beneficial Owners and other individuals who are authorised to manage the company shall be verified according to the procedures set in Sections 8.9.1 and 8.9.2.


In addition, in the case of partnerships, the original or a certified true copy of the partnership's registration certificate shall be obtained.


2. The Company shall obtain documentary evidence of the head office address of the business, ascertains the nature and size of its activities and receives all the information required according to Section 7.5 for the creation of the economic profile of the business.


8.9.4. Legal Persons


Before a business relationship shall be established, measures should be taken by way of a company search and/or other commercial enquiries to ensure that the applicant company has not been, or is not in the process of being, dissolved, struck-off, wound-up or terminated. In the case of locally incorporated companies, identification should aim at verifying the identity of:


(a) The company;

(b) The company directors;

(c) The company shareholders.


The company's business profile in terms of the nature and scale of its activities shall also be established.


For the verification of the identity of corporate clients, the Company requests and obtains, inter alias, original or certified true copies of the following documents:


  1. The certificate of incorporation;
  2. The certificate of company directors and company secretaries / the registers of company directors and company secretaries
  3. The certificate of company shareholders / the registers of company shareholders;
  4. The certificate of registered address;
  5. The Memorandum and Articles of Association;


The identities of the persons stated in points (b) and (c) above, have to be verified in accordance with the procedures of identity verification of natural or legal persons.


In the case where the registered shareholders act as nominees of the beneficial shareholders, a copy of the trust deed/agreement concluded between the nominee company shareholder and the beneficial shareholder.


Where deemed appropriate under the circumstances, a search of the file at the Companies' Registry should be made.

For legal persons incorporated outside Estonia, the Company requests and obtains documents similar to the above.


As an additional due diligence measure, on a risk-sensitive basis, the Company shall carry out (when deemed necessary) a search and obtain information from the records of the Registrar of Companies of Estonia (for domestic companies) or from a corresponding authority in the company's (legal person's) country of incorporation (for foreign companies) and/or request information from other sources in order to establish that the applicant company (legal person) is not, nor is in the process of being dissolved or liquidated or struck off from the registry of the Registrar of Companies and that it continues to be registered as an operating company in the records of the Registrar of Companies of Estonia or by an appropriate authority outside Estonia.


In the case of a client-legal person that requests the establishment of a business relationship and whose direct/immediate and principal Shareholder is another legal person, registered in Estonia or abroad, the Company, before establishing a business relationship, shall verify the ownership structure and the identity of the natural persons who are the Beneficial Owners and/or control the other legal person.


The identity of the Ultimate Beneficial Owners must be verified in accordance with the procedures of identity verification of natural persons.

Apart from verifying the identity of the Beneficial Owners, the Company shall identify the persons who have the ultimate control over the legal person's business. In the cases that the ultimate control rests with the persons who have the power to manage the legal person without requiring authorisation and who would be in a position to override the internal procedures of the legal person, the Company shall verify the identity of the natural persons who exercise ultimate control as described above even if those persons have no direct or indirect interest or an interest of less than 25 per cent in the legal person's ordinary share capital or voting rights.


In cases where the Beneficial Owner of a legal person, requesting the establishment of a business relationship, is a trust set up in Estonia or abroad, the Company shall implement the following procedure:


  1. The Company shall ascertain the legal substance, the name and the date of establishment of the trust and verify the identity of the Trustee and Beneficial Owners, according to the procedures set in Section 8.8.3;
  2. The Company shall ascertain the nature of activities and the purpose of establishment of the trust as well as the source and origin of funds requesting the relevant extracts from the trust deed and any other relevant information from the trustees. All relevant data and information should be recorded and kept in the client's file.


8.9.5. Nominees or agents of third persons


l. The Company shall take reasonable measures to obtain adequate documents, data or information for the purpose of establishing and verifying the identity, according to the procedures set in Section 8 of the Manual, of:


(a) The nominee or the agent of the third person, and

(b) Any third person on whose behalf the nominee or the agent is acting.


2. In addition, the Company shall obtain a copy of the authorisation agreement that has been concluded between the interested parties.

8.10. Reliance on Third Persons for Client Identification and Due Diligence Purposes


l. The Company may rely on third persons for the implementation of Client Identification and Due Diligence Procedures, provided that:


  1. The third person makes immediately available all data and information, which must be certified true copies of the originals, that were collected in the course of applying Client Identification and Due Diligence Procedures;
  2. The Company applies the appropriate due diligence measures on the third person with respect to his professional registration and procedures and measures applied from the third person for the prevention of Money Laundering and Terrorist Financing, according to the provisions of the Directive.


2. For the purposes of this Section of the Manual, third person means credit institutions or financial institutions or auditors or independent legal professionals or person providing trust and administrative services included in the definition of the term ‘Business Activities’, falling under the EU Directive and the Act and which:


  1. Are subject to mandatory professional registration, recognised by the ACT; and
  2. Are subject to supervision regarding their compliance with the requirements of the EU Directive and the ACT.


3. Further to point 2 above, third person for the purposes of this Section of the Manual may also be any other person who is engaged in financial business, or accountants or independent legal professionals or persons providing to third parties trust and administrative services as included in the definition of the term ‘Business Activities’ and who operate in countries outside the EEA and which according to a relevant decision of the Advisory Authority, have been determined that they impose equivalent procedures and measures for the prevention of Money Laundering and Terrorist Financing to those laid down by the EU Directive and the Act.


It is provided that the abovementioned third persons have to fulfil the requirements set out in points 2(a) and 2(b) above.


4. The Company may rely on third persons only at the outset of establishing a business relationship for the purpose of verifying the identity of their clients. According to the degree of risk, any additional data and information for the purpose of updating the client's profile, is obtained from the natural persons (Directors, Beneficial Owners) who control and manage the activities of the client and have the ultimate responsibility of decision making as regards to the management of funds and assets.


5. Further to point 3 above, in the case where the third person of subparagraph (1) is an Accountant or an independent legal professional or a trust and company services provider from a country which is a member of the EEA or a third country that the Advisory Authority has determined to be applying procedures and measures for the prevention of Money Laundering and Terrorist Financing equivalent to the EU Directive and the Act, then the Company, before accepting the client identification data verified by the said third person, shall apply the following additional measures/procedures:


  1. The AMLCO shall assess and evaluate, according to Section 5.2 of this Manual, the systems and procedures applied by the third person for the prevention of Money Laundering and Terrorist Financing, as applicable;
  2. As a result of the assessment of point the AMLCO must be satisfied that the third person implements Client Identification and Due Diligence Systems and Procedures which are in line with the requirements of the Act and the EU Directive;
  3. The AMLCO shall maintain a separate file for every third person of the present paragraph, where it stores the assessment report of point (a) and other relevant information (for example identification details, records of meetings, evidence of the data and information of point 2 above);
  4. The commencement of the cooperation with the third person and the acceptance of client identification data verified by the third person is subject to approval by the AMLCO, according to Section 5.2 of the Manual.


The AMLCO shall be responsible for the implementation of the provisions mentioned in this Section of the Manual.


9. On-Going Monitoring Process 


9.1 General


The AMLCO shall be responsible for maintaining as well as developing the on-going monitoring process of the Company.


9.2 Procedures


The procedures of on-going monitoring shall include the following:

  1. Due diligence activities shall be conducted at least once year;
  2. Updated and recent identification documents should be obtained;
  3. Identification of activities which, as of their nature, may be associated with money laundering or terrorist financing;
  4. Investigation of unusual or suspicious activities by the AMLCO. The results of the investigations are recorded in a separate memo and kept in the file of the clients concerned.


10. Recognition and reporting of Suspicious Transactions/Activities to the FIU


10.1 Reporting Suspicious Transactions to the FIU


The Company, in cases of suspicion of money laundering or terrorist financing, reports, through the AMLCO, such suspicion to the FIU in accordance with point (g) of Section 5.2 and Section 9 of the Manual.


10.2. Anti-Money Laundering Compliance Officer’s Report to the FIU


All reports of the AMLCO submitted via the online form of the Financial Intelligence Unit or via the X-road service.


After the submission of a suspicious report, the Company may subsequently wish to terminate its relationship with the client concerned for risk avoidance reasons. In such an event, the Company exercises particular caution, according to § 51 of the Act, not to alert the client concerned that a suspicious report has been submitted to the FIU. Close liaison with the FIU is, therefore, maintained in an effort to avoid any frustration to the investigations conducted.


After submitting the suspicious report, the Company adheres to any instructions given by the FIU and, in particular, as to whether or not to continue or suspend a particular transaction or to maintain the particular account active.


Furthermore, after the submission of a suspicious report, the clients' profile is placed under the close monitoring of the AMLCO.


10.3. Submission of Information to the FIU


The data used for identifying the person and verifying the submitted information and, if any, copies of the documents are added to the report.


Requirements for the contents and form of a notice submitted to the FIU and the guidelines for the submission of a report are established by the authorised governmental body of Estonia. 


11. Record-Keeping Procedures. 


11.1. General


The Compliance Department of the Company shall maintain records of the client identification documents obtained during the Client Identification and Due Diligence Procedures, as applicable.


The documents/data mentioned above shall be kept for a period of at least five (5) years, which is calculated after the termination of the business relationship.


It is provided that the documents/data mentioned above, which may be relevant to on-going investigations shall be kept by the Company until the FIU confirms that the investigation has been completed and the case has been closed. 


11.2 Format of Records


The Compliance Department shall retain the documents/data mentioned in Section 10.1 of the Manual, other than the original documents. Their Certified true copies that are kept in a hard copy form, stored in fire proof cabinets or in other forms, such as electronic form, provided that the Compliance Department shall be able to retrieve the relevant documents/data without undue delay and present them at any time, to the FIU, after a relevant request.


In case the Company will establish a documents/data retention policy, the AMLCO shall ensure that the said policy shall take into consideration the requirements of the Law and the Directive.


11.3 Certification and Language of Documents


1. The documents/data obtained, shall be in their original form or in a certified true copy form, or confirmed by the method described in point (d) subsection 2 section 8.8.2. 


2. A true translation shall be attached in the case that the documents of point (l) above are in a language other than Estonian, Russian or English.

Each time the Company shall proceed with the acceptance of a new client, the employee who contacts the client, shall be responsible for ensuring compliance with the provisions of points 1 and 2 above.


12. Employees’ Obligations, Education and Training


12.1 Employees’ Obligations


  1. The Company's employees shall be personally liable for failure to report information or suspicion, regarding money laundering or terrorist financing;
  2. The employees must cooperate and report' without delay, anything that comes to their attention in relation to transactions for which there is a slight suspicion that are related to money laundering or terrorist financing;
  3. According to the Act, the Company's employees shall fulfil their legal obligation to report their suspicions regarding Money Laundering and Terrorist Financing, after their compliance with point (b) above.



12.2.1 Employees' Education and Training Policy


The AMLCO shall ensure that the Company’s employees are fully aware of their legal obligations according to the Act and the EU Directive, by introducing a complete employees' education and training program.


The timing and content of the training provided to the employees of the various departments will be determined according to the needs of the Company. The frequency of the training can vary depending on the amendments of legal and/or regulatory requirements, employees' duties as well as any other changes in the financial or legal system of Estonia. 


The internal training program delivered by the AMLCO aims at educating the Company's employees on the latest developments in the prevention of Money Laundering and Terrorist Financing, including the practical methods and trends used for this purpose.


The training program will have a different structure for new employees, existing employees and for different departments of the Company according to the services that they provide. On-going training shall be given at regular intervals so as to ensure that the employees are reminded of their duties and responsibilities and kept informed of any new developments.



12.2.2 Money Laundering Compliance Officer’s Education and Training Program


The Senior Management of the Company shall be responsible for the AMLCO of the Company to attend external training. Based on his/her training, the AMLCO will then provide training to the employees of the Company.


  • The main purpose of the AMLCO training is to ensure that relevant employee(s) become aware of:
  • The Act and the EU Directive;
  • The Company's Anti-Money Laundering Policy;
  • The statutory obligations of the Company to report suspicious transactions;
  • The employees own personal obligation to refrain from activity that would result in money laundering;
  • The importance of the clients' due diligence and identification measures requirements for money laundering prevention purposes.