AML Policy
Last updated on October 04, 2023
1. General provisions
- These rules of procedure for prevention of money laundering and terrorist financing and compliance with international sanctions (hereinafter the “Rules”) are prepared by AlfaCash, UAB, incorporated and registered in Lithuania with the company number 306095517, whose registered office is at Gedimino pr. 20, LT-01103 Vilnius (hereinafter the “Company”). The Rules are based on the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing, Republic of Lithuania Law on the Implementation of Economic and Other International Sanctions (together hereinafter the “AML/CFT Law”), Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (hereinafter the “AMLD5”), Financial Action Task Force (hereinafter “FATF”). The purpose of the rules is to contribute to the capacity to resist money laundering and terrorist financing and to mitigate risks. The purpose of establishing and enforcing the rules is to reduce the likelihood of the financial sector being exploited for criminal purposes by reducing risks and increasing the stability, reliability, and transparency of the Company. The Rules are developed and periodically updated by the Company’s MLRO based on the general principles set up by the Company’s Manager with respect to the prevention of money laundering and terrorist financing. The Rules shall be communicated to all employees of the Company that establish Business Relationships, manage and monitor transactions of Merchants. The obligation to observe the Rules rests with the Manager, the MLRO, employees, and any other outsourced professional staff who initiate or establish business relationships and monitor further transactions.
2. Definitions
- “Money Laundering” means 1) the conversion or transfer of property, in the knowledge that such property is derived from a criminal act or from involvement in such an act, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such a criminal act to evade the legal consequences of this act; 2) the concealment or disguise of the true nature, origin, source, location, disposition, movement, rights with respect to, or ownership of property, in the knowledge that such property is derived from a criminal act or from involvement in such an act; 3) the acquisition, possession or use of property, in the knowledge, at the time of acquisition/transfer, that such property was derived from a criminal act or from involvement in such an act; 4) preparation, attempts to commit and association to commit any of the acts referred to in points 1, 2 and 3 of this clause. “Terrorist financing” means any act which constitutes an offence within the meaning of Article 2 of the International Convention for the Suppression of the Financing of Terrorism of 9 December 1999. “AML/CFT Law” means the Republic of Lithuania Law on the Prevention of Money Laundering and Terrorist Financing, and Republic of Lithuania Law on the Implementation of Economic and Other International Sanctions. “International Sanctions” means the totality of the restrictions and obligations imposed by the decisions of the United Nations, and other international organisations, as well as pursuant to the legal instruments of the European Union. International sanctions may be economic, financial, political, communication, and public, as well as setting out other restrictions and obligations. In Lithuania, this area is primarily regulated by the Republic of Lithuania Law on the Implementation of Economic and Other International Sanctions. “Money Laundering Reporting Officer (MLRO)” means a representative appointed by the Manager responsible for the effectiveness of the Rules, conducting compliance over the adherence to the Rules. “FCIS” means a Financial Crime Investigation Service. “Business Relationship” means a relationship of the Company established in its economic and professional activities with the Merchant. “Merchant” means a legal person who has a business relationship with the Company. “Politically Exposed Person” or “PEP” means natural persons who are or who have been entrusted with prominent public functions as well as their family members or close associates of such persons. “Shell bank” means a credit institution or financial institution, or an institution that carries out activities equivalent to those carried out by credit institutions and financial institutions, incorporated in a jurisdiction in which it has no physical presence, involving meaningful mind and management, and which is unaffiliated with a regulated financial group. “The Manager” means a single-person management body of the Company. “Representatives” means the Manager, the MLRO, employees and any other outsourced professional staff who initiate or establish Business Relationships and monitor further transactions. “Beneficial owner” means any natural person(s) who ultimately owns or controls the Merchant and/or the natural person(s) on whose behalf a transaction or activity is being conducted and includes at least: (a) directly or indirectly owns or controls a legal entity through a significant percentage of shares, voting rights, or ownership interest, except for entities listed on regulated markets adhering to transparent disclosure requirements. Indicators include a natural person holding 25% plus one share or an ownership interest exceeding 25% for direct ownership, and the same thresholds for indirect ownership through corporate entities under the control of natural person(s). Member States may set lower thresholds for ownership or control indications. Control via other means can be determined using criteria from Directive 2013/34/EU of the European Parliament and of the Council. (b) If, despite exhaustive efforts and no suspicion grounds, the person(s) under (i) cannot be identified, or if there is doubt regarding the identified beneficial owner(s), records of actions taken to identify beneficial ownership under (i) and (ii) shall be maintained, with senior managing officials serving as the fallback option. “Virtual currency” means a digital representation of value that does not possess a legal status of currency or money, that is not issued or guaranteed by a central bank or any other public authority, is not necessarily attached to a currency, but is accepted by natural or legal persons as a means of exchange and which can be transferred, stored and traded electronically. “Virtual currency exchange operator” means a legal person who is established in the Republic of Lithuania or who is a branch, established in the Republic of Lithuania, of a legal person of a Member State of the European Union or a foreign state and who provides services of virtual currency exchange, purchase and/or sale for remuneration. “Account” means access to the platform, to perform transactions and use other Company services.
3. Due diligence measures
- The Company shall conduct normal due diligence measures each time upon establishing a new Business Relationship with Merchants and focus on proper identification procedures. No new Business Relationship can be established, if the Merchant has failed to present documents and appropriate information required to conduct due diligence, or if based on the presented documents, the Representative suspects Money Laundering or Terrorist Financing. Merchant due diligence is one of the main tools for ensuring the implementation of mandatory regulations aimed at preventing money laundering and terrorist financing and at applying sound business practices. Due diligence ensures the application of adequate risk management measures in order to ensure permanent monitoring of Merchants and their transactions, gathering and analysing relevant information. Upon application of merchant due diligence measures, the Company will follow principles compatible with its business strategy and, based on prior risk analysis and depending on the nature of the Merchant’s Business Relationship. The purpose of applying due diligence measures is to prevent the concealment, conversion, etc. of criminal assets of money laundering in various phases. The purpose of the due diligence measures is to comply with the “know your business” and “know your client” principles. For the purpose of identification, assessment and analysis of risks of money laundering and terrorist financing related to its activities, the Company prepares a risk assessment, taking into account geographical, merchant and product risks. The Company applies the following due diligence measures:
- • identifying Merchants and verifying business details using reliable, independent sources, documents or data, including verification of identity data with information technology means;
- • identifying and verifying the beneficial owner of the Merchant;
- • identifying and verifying of the representatives and the right of representation;
- • assessing and, as appropriate, obtaining information on the purpose and intended nature of the Business Relationship;
- • conducting ongoing due diligence on the Merchant’s business to ensure the Company’s knowledge of the Merchant and its source of funds is correct;
- • obtaining information on whether the Merchant’s representative or beneficial owner is a PEP or PEP’s family member or PEP’s close associate.
Due diligence measures for business relationship monitoring:
- • control of transactions to ensure that they are done in accordance with the Company’s knowledge of the Merchant, activities, and risk profile;
- • regular update of relevant documents, data, or information as a part of due diligence measures;
- • identification of the source and origin of funds considering the Merchant, activities, and risk profile.
Merchant due diligence is applied on a risk-based approach, depending on the status of the Business Relationship or transactions. Depending on the risk level arising from the Merchant and the fact whether the Business Relationship is an existing one or it is about to be established, the Company shall apply either normal due diligence measures or enhanced due diligence measures. If the risk level of the Business Relationship or transaction is normal, the Company may apply normal due diligence measures but is not allowed to skip Merchant due diligence entirely. If the risk level arising from the Merchant is greater than normal, enhanced due diligence measures will be applicable. The Company shall be prohibited from establishing and continuing a correspondent relationship or any other relationship with a shell bank or a bank that is known to permit its accounts to be used by a shell bank. To comply with due diligence principles and obligations, the Representatives shall have the following rights and obligations:
- • to request appropriate documents in order to identify the Merchant;
- • to request documents and information regarding the activities of the Merchant and the source of funds;
- • to screen the risk profile of the Merchant, select the appropriate due diligence measures, assess the risk of whether the Merchant is or may become involved in Money Laundering or Terrorist Financing activities;
- • to re-identify the Merchant if there are any doubts regarding the correctness of the information received during initial identification.
4. Merchant identification
- The Company does not establish Business Relationships with anonymous, unidentified legal entities and its representatives. The Company relies on AML/CFT Law provisions for non-face-to-face identification of persons and verification of data using information technology means. As a regulated provider, the Company is required to verify the identity and legitimacy of Merchants through our Know Your Business (KYB) and Know Your Customer (KYC) processes. Here's a quick overview of the verification process:
- • Login to your Sheepy account and navigate to the verification section;
- • Launch the Sumsub verification widget;
- • Provide company information and upload the required documents to initiate the KYB check;
- • Once the KYB check is completed, Merchant’s representative will be prompted to complete the KYC check;
- • For KYC, Merchant’s shareholders, directors and UBOs will be required to provide personal information and upload a photo ID, proof of address, and a liveness selfie;
- • Once the KYC and KYB checks are completed, the Company will review and verify the information provided;
- • Once verified, the Merchant will be notified and can begin using Sheepy's services in production mode.
The Merchant data can be verified on the basis of documents, which have been authenticated by a notary public, or on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions, thereby using at least two different sources for verification of data in such an event. Here are examples of documents required for successful verification: KYB:
- • Certificate of incorporation/registration;
- • Recent excerpt from a state company registry;
- • Certificate of incumbency;
- • Certificate of good standing;
- • Memorandum/articles of incorporation/association/registration;
- • Shareholder registry;
- • Statement of information;
- • Recent excerpt from a state company registry;
- • Certificate of incumbency;
- • Memorandum/articles of association.
KYC:
- • Official government ID document or digital ID document (passport, personal ID card or residence permit card, national passport or driving license);
- • Proof of residential address (bank statement, utility bill, tax return, or other extracts or certificates of residence issued by a public authority);
- • Liveness selfie.
The Company shall not enter into any business relationship with a Politically Exposed Person or PEP. If a business relationship is established with the Merchant’s representative or beneficial owner that will become later on or later it will become known that he or she has become a Politically Exposed Person, then the Compliance Officer has an obligation to inform the Management Board immediately. In order to verify an Account of the Merchant, the Company in addition to documents and information requested a real-time video interview with a working camera, microphone, the hardware and software required for digital identification and an Internet connection of adequate quality. The Company shall make verification of submitted documents against additional information sources or databases. For a real-time video interview, the Company follows specific requirements and instructions as described in the AML Law Article 11. Requirements for non-face-to-face identification of the Merchant and of the beneficial owners and Regulation (EU) No 910/2014.
Tools | Description |
---|
AML Screening: International Sanctions, PEPs, Watchlists and Adverse Media | A solution for checking whether the Merchant or its shareholders, directors or UBOs are on any of the global sanctions lists, PEP lists, watchlists, blacklists or adverse media (OFAC, UN, HMT, EU, DFT etc.). Ongoing monitoring is included by default for one year once the check is completed. Ongoing monitoring means regular (daily) review of the data collected during the AML Screening. |
Identity Verification | A platform equipped with tools for completely automatic verification as well as for checks based upon a human review that is compliant with current European legislation to non-face-to-face identification, i.e. expert knowledge enhanced with AI and machine learning. The system is built on a risk-based approach and follows global and local regulatory norms (including FATF, FINMA, FCA, CySEC, MAS). Identity verification platform is globally applicable, as its approach and methodology are carefully designed according to FATF recommendations regarding AML and CTF requirements (specifically, Article 10), which served as the international basis for local AML laws. Sum & Substance is responsible for accurate personal data protection under European, U.S., Asian and CIS legal regulations (GDPR, PDPA or FZ152). Identity verification software enables to collect the personal information with the following means: • ID Document verification (integrity, authenticity checks, and database checks) • Biometric checks (matching an ID with a selfie, liveness checks) • Screening (scammer blacklists and third-party databases, automated monitoring of unfavourable information in the media) These three layers of the verification process are aimed at preventing account takeovers, online frauds and compliance with regulatory requirements. |
Know Your Business Verification | A platform performs document verification, ownership and control structure verification, registry checks, AML screening, as well as automatic KYC checks of beneficiaries. |
Face Match and Liveness Check | A solution comparing faces on the submitted images and analyzing the movements of the person, confirming that the documents belong to a particular person and that person is real. |
Video verification | Video-based KYC is an identification process reliant on a stable online video connection with video KYC software. The video identification process is performed to confirm identity via video interview. The main goal of video identification is to compare the applicant’s real identity with provided documents and is a part of a larger video KYC process. |
Proof of Address Check | Checks the address and residency by analyzing additional documents |
The Company continually assesses changes in the Merchants's activities in the course of the business relationship and identifies whether the level of risk associated with the Merchant and the business relationship may increase and, if necessary, enhanced due diligence measures should be applied
5. Data processing, collection and storage
- The Company registers and maintains:
- • information on the establishment of a business relationship or the circumstances of the refusal to establish a business relationship;
- • information where due diligence cannot be applied by means of information technology;
- • the circumstances of the waiver of the establishment of a business relationship or the conclusion of the transaction at the initiative of the person participating in the transaction or the client, if the waiver is related to the application of the Company's due diligence measures;
- • the documents on which the identification and verification of the information provided are based
- • a description of the date or period of the transaction and the content of the transaction; Also the following information related to transactions:
- • upon deposit of the property, the deposit number and the market price of the property on the day of deposit, or an exact description of the property if the market price of the specified property cannot be determined;
- • in the case of another transaction, the amount, currency and account number of the transaction;
- • data and documents collected during the monitoring of the business relationship;
- • all correspondence related to the instructions of the FCIS and the fulfilment of the obligations of the AML/CFT Law;
- • information on which the FCIS is required to notify;
- • information on suspicious or unusual transactions or circumstances that were not reported to the FCIS;
- • information on the circumstances of the termination of the business relationship.
The respective data is stored in paper or electronic form, it shall be accessible by all appropriate staff of the Company (Manager, Representatives, MLRO etc). Copies of the documents, which serve as the basis for identification of a legal entity, and of the documents serving as the basis for establishing a Business Relationship, shall be stored for at least eight (8) years following the termination of the Business Relationship. Personal data is processed pursuant to the GDPR requirements. The data of the document prescribed for the digital identification of a Merchant, information on making an electronic query to the identity documents database, and the audio and video recording of the procedure of identifying the person and verifying the person’s identity shall be stored at least eight (8) years following the termination of the Business Relationship. The following documents shall also be stored: (1) manner, time and place of submitting or updating of data and documents; (2) name and position of Representative who has established the identity, checked or updated the data.
6. Mandatory reporting
- If any circumstances identified in the Business Relationship are unusual or suspicious or there are characteristics which point to Money Laundering, Terrorist Financing, or an attempt of the same, the Representative shall promptly notify the MLRO. The MLRO shall analyse and forward the respective information to the Manager. Before reporting any transaction connected with suspected Money Laundering or Terrorist Financing to the FCIS, the MLRO shall analyse the content of the information received, considering the Merchant’s current area of activity and other known information. The Company shall notify the FCIS of the Merchant identification data and information on performed virtual currency exchange operations or transactions in virtual currency, if the value of such monetary operation or transaction amounts to EUR 15,000 or more, or an equivalent amount in foreign or virtual currency, whether the transaction is carried out in a single monetary operation or in several operations which appear to be linked. The Compliance Officer shall decide whether to forward the information to the FCIS. The Compliance Officer shall make a notation “AML” behind the name of the Merchant in the Company’s database or on the documents and must suspend the operation or transaction disregarding the amount of the monetary operation or transaction (except for the cases where this is objectively impossible due to the nature of the monetary operation or transaction, the manner of execution thereof or other circumstances) and, not later than within three working hours from the suspension of the monetary operation or transaction, report this operation or transaction to the FCIS. The Merchant who is reported to the FCIS as being suspicious, may not be informed of the same. It is also prohibited to inform any third persons, including other Representatives, of the fact that information has been reported to the FCIS, and the content of the reported information, except for the Manager/MLRO. The decision on terminating the Business Relationship shall be taken by the Manager, considering also the proposal of the MLRO. The Merchant shall be notified of the termination of the Business Relationship in writing. Notation about the cancellation of the Business Relationship shall be made in the Company’s database or documentation, and an “AML” note shall be added to the Merchant’s data. The Company and its Representatives shall not, upon the performance of the obligations arising from the Rules, be liable for damage arising from failure to carry out any transactions (by the due date) if the damage was caused to the persons or legal entities in connection with notification of the FCIS of the suspicion of Money Laundering or Terrorist Financing in good faith, or for damage caused to a Merchant or in connection with the cancellation of a Business Relationship. Fulfilment of the notification obligation by the Representative acting in good faith, and reporting the appropriate information shall not be deemed a breach of the confidentiality obligation imposed by the law or the contract, and no liability stemming from the legislation or the contract shall be imposed upon the person who has performed the notification obligation.
7. Implementation of International Sanctions
- The Company shall comply with Republic of Lithuania Law on the Implementation of Economic and Other International Sanctions as well as other sanction regulations of the EU and the UN. The Company is also intended to comply also with partner countries' sanction acts (Sanctions administered by the UK Office of Financial Sanctions Implementation and sanctions administered by the US Office of Foreign Assets Control). Representatives shall draw special attention to all its Merchants (present and new), to the activities of the Merchants and to the facts which refer to the possibility that the Merchant is subject to International Sanctions. Control and verification of possibly imposed International Sanctions shall be conducted by the Representatives as part of due diligence measures applied to the Merchants in accordance with these Rules. The Representatives who have doubts or who know that a Merchant is subject to International Sanctions shall immediately notify the MLRO. The MLRO shall be responsible for the implementation of International Sanctions. In case of doubt, if the MLRO finds it appropriate, the Representative shall ask the Merchant to provide additional information that may help to identify whether a legal person, its representative or beneficial owner is subject to International Sanctions or not. If in the course of the check, it shall be detected that a Merchant or a person who used to be a Merchant is subject to International Sanctions, the MLRO shall notify the Representatives who dealt with this Merchant, the Manager and FCIS. The notification shall be submitted at least in the way that allows its reproduction in writing. The Merchant who is subject to International Sanctions and about whom the notification is made, shall not be informed of the notification. Application of special measures and sanctions on the Merchant who is detected to be subject to International Sanctions should be authorized by FCIS. When making checks of the Merchant, the possible distorting factors in personal information (i.e. way of written reproduction of name etc.) must be kept in mind.
ANNEX 1
List of prohibited countries
- Afghanistan, Albania, Belarus, Burkina Faso, Central African Republic, China, Crimea and Sevastopol, Darfur, Democratic Republic of the Congo, Donetsk People’s Republic (DNR), Luhansk People’s Republic (LNR), Zaporizhzhia and Kherson oblasti, Eritrea, Guam, Guinea-Bissau, Haiti, Iran, Iraq, Jamaica, Lebanon, Libya, Mali, Myanmar/Burma, North Korea, Panama, Russia, Senegal, Somalia, South Sudan, Sudan (excluding Darfur), Syria, Uganda, United States Minor Outlying Islands, US Virgin Islands, Yemen.
List of countries subjects to EDD measures
Barbados, British Virgin Islands, Cambodia, Cameroon, Cayman Islands, Croatia, Gibraltar, Jordan, Morocco, Mozambique, Nigeria, Philippines, South Africa, Tanzania, Trinidad and Tobago, Turkey, United Arab Emirates, Vanuatu, Vietnam.
ANNEX 2
List of Prohibited activities
- • Weapons, ammunition and defense products, replicas of firearms or cold steel weapons.
- • Drugs, drug-like substances, and plants, as well as their ingredients, or any substances for their production, as well as descriptions of methods for producing such substances.
- • Medical drugs and medications dispensed on prescription only, as well as raw materials or instructions for their production.
- • State awards or distinguishing badges.
- • Identification documents and government-issued documents (including falsified documents), and everything connected with creating or obtaining false identification documents or counterfeit government-issued documents.
- • Government agencies’ uniforms.
- • Specialty items related to the police and law enforcement agencies.
- • Electronic equipment prohibited for use in this country or region.
- • Devices used for hacking and tampering with locks.
- • Information containing personal data or data suitable for undertaking illegal activities (spam emails, etc.).
- • Information containing state, banking, or trade secrets.
- • Information that violates a person’s privacy, infringing upon the honor, dignity and business reputation of individuals and legal entities.
- • Information transmitted exclusively virtually and not recorded on any material carrier (ideas, methods, principles, etc.).
- • Archeological heritage items.
- • Items or services that violate rules of public morality (including, but not limited to, child pornography, Nazi memorabilia items, escort services, and prostitution).
- • Any equipment used to organize and conduct gambling.
- • Any items available initially but removed serial numbers.
- • Malicious software.
- • Goods or services directly or indirectly compelling illegal actions (promoting social, racial, religious, or ethnic strife; discrimination, violence, hatred, revenge, harassment; containing propaganda of terror or physical harm).
- • Perishable goods.
- • Fake or counterfeit goods.
- • Items and equipment intended for use (including illegal transfer) of copyright-protected items without the permission of the authors (including, but not limited to, components designed to remove copyright protection or regional restrictions, or software elements of electronic devices).
- • Dangerous goods (including, but not limited to, those that contain explosive, toxic, poisonous, and/or radioactive materials).
- • Information about the production of explosive, pyrotechnic, incendiary, and other similar substances and devices.
- • Information about the production of explosive, pyrotechnic, incendiary, and other similar substances and devices.
- • Human organs and human remains.
- • Goods or services that have no value in use.
- • Financial or payment instruments whose accounting systems do not ensure proper identification of the owner for the purpose of combating illegal trade, financial fraud, and money laundering of funds obtained by illegal means.
- • Items of artistic and historical value that constitute a country’s cultural values.