Background Circle Background Circle

AML/KYC

COINJUST AML/POLICY

Anti-Money Laundering and Know Your Customer Policy

Last updated: 01/07/2023

INTRODUCTION

The purpose of these Guidelines for Anti-Money Laundering (AML), Combating Terrorist Financing (CFT), and Sanctions measures is to ensure that UAB Triktema (Coinjust) has internal guidelines to prevent the use of its business for Money Laundering and Terrorist Financing and internal guidelines for implementation of international sanctions.

UAB Triktema has implemented and started to use KYC policy (customer identification), and AML / CTF (combating money laundering and terrorist financing) as banks and other financial institutions require it. The purpose of those policies is an effective combating of money laundering and terrorist financing (AML / CTF) in our company by proper identification of actual users of our accounts and supervision of their transactions.

UAB Triktema adheres to the AML-KYC Policy by taking into account the concerns expressed by regulators of many countries regarding the possibility of using crypto assets for illegal purposes, in particular, for the legalization of proceeds from crime and achieving partial or complete anonymity in the transactions, as well as the anonymous purchase or sale of virtual assets.
Any questions or concerns regarding the present AML-KYC policy should be directed to the following postal address: Coinjust, or by email to [email protected]

PRINCIPLES OF CUSTOMER DUE DILIGENCE MEASURES IMPLEMENTATION

Customer due diligence (CDD) measures are required for verifying the identity of a new or existing Customer as a well-performing risk-based ongoing monitoring of the Business Relationship with the Customer.

Main Principles

The CDD measures are taken and performed to the extent necessary considering the Customer’s risk profile and other circumstances in the following cases:

  • upon establishment of the Business Relationship and during the ongoing monitoring of the Business Relationship;
  • upon executing or mediating Occasional Transaction(s) outside the Business Relationship, where the value of the transaction(s) amounts to 1 000 euros or more (or an equal amount in another asset) within 24 hours;
  • upon verification of information gathered while applying due diligence measures or in the case of doubts as to the sufficiency or truthfulness of the documents or data gathered earlier while updating the relevant data;
  • upon suspicion of Money Laundering or Terrorist Financing, regardless of any derogations, exceptions, or limits provided for in these Guidelines and applicable legislation.

The Company does not establish or maintain the Business Relationship and does not perform the transaction if:

  • the Company is not able to take and perform any of the required CDD measures;
  • the Company has any suspicions that the Company’s services or transactions will be used for Money Laundering or Terrorist Financing;
  • the risk level of the Customer or the transaction does not comply with the Company’s risk appetite.

In the case of receiving information in foreign languages within the framework of CDD implementation, the Company may request to demand translation of the documents to another language applicable to the Company. The use of translations should be avoided in situations where the original documents are prepared in a language applicable to the Company.

Achieving CDD is a process that starts with the implementation of CDD measures. When that process is complete, the Customer is assigned a documented individual risk level, which shall form the basis for follow-up measures and is followed up and updated when necessary.

The Company has applied CDD measures adequately if the Company has the inner conviction that they have complied with the obligation to apply due diligence measures. The principle of reasonability is observed in the consideration of inner conviction. This means that the Company must, upon the application of CDD measures, acquire the knowledge, understanding, and assertation that they have collected enough information about the Customer, the Customer’s activities, the purpose of the Business Relationship, and the transactions carried out within the scope of the Business Relationship, the origin of the funds, etc., so that they understand the Customer and the Customer’s (business) activities, thereby taking into account the Customer’s risk level, the risk associated with the Business Relationship and the nature of such relationship. Such a level of assertation must make it possible to identify complicated, high-value, and unusual transactions and transaction patterns that have no reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features of the business in question.

 

THE SERVICES PROVIDED

The Company’s main economic activity is the Virtual Currency services. For this reason, the Company offers its Customers the following transaction types:

  • providing у Custodian Virtual Currency Wallet operator service, which allows the customer to open Custodian Virtual Currency Wallet in the Customer’s name and make transactions with this wallet: to deposit Virtual Currency and to withdraw deposited Virtual Currency to another wallet(s);
  • providing Virtual Currency exchange operator service, which allows the Customer to exchange, purchase and sell Virtual Currency.

 

VERIFICATION PROCEDURES

Verification of the information for the Customer’s identification means using data from a reliable and independent source to confirm that the data is true and correct, also confirming, if necessary, that the data directly related to the Customer is true and correct. This, inter alia, means that the purpose of verification of information is to obtain reassurance that the Customer who wants to establish the Business Relationship is the person they claim to be.

The reliable and independent source (must exist cumulatively) is verification of the information obtained in the course of identification:

  • which originates from two different sources;
  • which has been issued by (identity documents) or received from a third party or a place that has no interest in or connections with the Customer or the Company, i.e., that is neutral (e.g., information obtained from the Internet is not such information, as it often originates from the Customer or its reliability and independence cannot be verified);
  • the reliability and independence of which can be determined without objective obstacles, and reliability and independence are also understandable to a third party not involved in the Business Relationship; and
  • the data included in which or obtained via which are up to date and relevant. The Company can obtain reassurance about this (and reassurance can, in some instances, also be obtained based on the two previous clauses).

 

MONITORING OF THE BUSINESS RELATIONSHIP

The Company shall monitor established Business Relationships where the following ongoing due diligence (ODD) measures are implemented:

  • ensuring that the documents, data, or information collected in the course of the application of due diligence measures are updated regularly and in the case of trigger events, i.e., primarily the data concerning the Customer, their representative (incl. the right of representation) and Beneficial Owner as well as the purpose and nature of the Business Relationship;
  • ongoing monitoring of the Business Relationship, which covers transactions carried out in the business relationship to ensure that the transactions correspond to the Company’s knowledge of the Customer, their activities, and risk profile;
  • identification of the source and origin of funds used in the transaction(s).

The Company shall regularly check and update the documents, data, and information collected within the course of the implementation of CDD measures and update the Customer´s risk profile. The regularity of the checks and update must be based on the risk profile of the Customer, and the checks must take place at least:

  • once semi-annually for the high-risk profile Customer;
  • once annually for the medium-risk profile Customer;
  • once every two years for the low-risk profile Customer.

The collected documents, data, and information must also be checked if an event has occurred, which indicates the need to update the collected documents, data, and information.

In the course of the ongoing monitoring of the Business Relationship, the Company shall monitor the transactions concluded during the Business Relationship in such a manner that the latter can determine whether the transactions to be concluded correspond to the information previously known about the Customer (i.e., what the customer declared upon the establishment of the Business Relationship or what has become known in the course of the Business Relationship).

The Company shall also monitor the Business Relationship to ascertain the Customer’s activities or facts that indicate criminal activities, Money Laundering, or Terrorist Financing or the relation of which to Money Laundering or Terrorist Financing is probable, incl. complicated, high-value, and unusual transactions and transaction patterns that do not have any reasonable or obvious economic or legitimate purpose or that are uncharacteristic of the specific features of the business in question. In the course of the Business Relationship, the Company shall constantly assess the changes in the Customer’s activities and assess whether these changes may increase the risk level associated with the Customer and the Business Relationship, giving rise to the need to apply EDD measures.

In the course of the ongoing monitoring of the Business Relationship, the Company applies the following measures:

  • screening i.e., monitoring transactions in real-time;
  • monitoring i.e., analyzing transactions later.

The objective of screening is to identify:

  • suspicious and unusual transactions and transaction patterns;
  • transactions exceeding the provided thresholds;
  • politically exposed persons and circumstances regarding Sanctions.

The screening of the transactions is performed automatically and includes the following measures:

  • established thresholds for the Customer´s transactions, depending on the Customer´s risk profile and the estimated transactions turnover declared by the Customer;
  • the scoring of Virtual Currency wallets where the Virtual Currency shall be sent in accordance with the Customer´s order;
  • the scoring of Virtual Currency wallets from which the Virtual Currency is received.

If the Customer gives the order for the transaction which exceeds the threshold established or for the transaction to the Virtual Currency wallet with a high-risk score (e.g., wallets related to fraud, crime, etc.), the transaction shall be manually approved by the Employee, who shall assess, before the approval, the necessity to apply any additional CDD measures (e. g. applying EDD measures, asking source and origin of funds or asking additional information regarding the transaction).

When monitoring transactions, the Employee shall assess transaction with a view to detecting activities and transactions that:

  • deviate from what there is reason to expect based on the CDD measures performed, the services provided, the information provided by the Customer, and other circumstances (e.g., exceeding estimated transactions turnover, Virtual Currency sending each time to new Virtual Currency wallet, the volume of transactions exceeding the limit);
  • without deviating according to the previous clause, may be assumed to be part of a Money Laundering or Terrorist Financing;
  • may affect the Customer´s risk profile score.

In the case, where the aforementioned fact is detected, the Employee shall notify MLRO and postpone any transaction of the Customer until MLRO´s decision regarding this.

In addition to the aforementioned, the MLRO shall review the Company´s transaction regularly (at least once per week) to ensure that:

  • the Company´s Employees properly performed the aforementioned obligations;
  • there are no transactions and transaction patterns that are complicated, high-value and unusual and that have no reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features.

The Company identifies the source[1] and origin[2] of the funds used in the transaction(s) if necessary. The need to identify the source and origin of funds depends on the Customer’s previous activities as well as other known information. Thereby the identification of the source and origin of the funds used in the transaction shall be performed in the following cases:

  • the transactions exceed the limits established by the Company;
  • the transactions do not correspond to the information previously known about the Customer;
  • the Company wants to or should reasonably consider it necessary to assess whether the transactions correspond to the information previously known about the Customer;
  • the Company suspects that the transactions indicate criminal activities, Money Laundering or Terrorist Financing or that the relation of transactions to Money Laundering or Terrorist Financing is probable, incl. complicated, high-value, and unusual transactions and transaction patterns that do not have any reasonable or obvious economic or legitimate purpose or are uncharacteristic of the specific features of the business in question.

 

RISK MANAGEMENT AND COMPLIANCE

The second line of defense consists of the risk management and compliance functions. These functions may also be performed by the same person or structural unit depending on the size of the Company and the nature, scope, and complexity of their activities and provided services, incl. the risk appetite and risks arising from activities of the Company.

The objective of the compliance function is to guarantee that the Company complies with effective legislation, guidelines, and other documents and to assess the possible effect of any changes in the legal or regulative environment on the activities of the Company and on the compliance framework. The task of compliance is to help the first line of defense as the owners of risk to define the places where risks manifest themselves (e.g., analysis of suspicious and unusual transactions, for which compliance Employees have the required professional skills, personal qualities, etc.) and to help the first line of defense manage these risks efficiently. The second line of defense does not engage in taking risks.

Risk policy is implemented, and the risk management framework is controlled by the risk management function. The performer of the risk management function ensures that all risks are identified, assessed, measured, monitored, and managed and informs the appropriate units of the Company about them. The performer of the risk management function for the purposes of AML primarily performs the supervision over adherence to risk appetite, supervision over risk tolerance, supervision over-identification of changes in risks, performs the overview of associated risks, and performs other duties related to risk management.

The Management Board has appointed an MLRO to perform the second line of defense functions. This person is not operationally involved in the areas that the MLRO will be monitoring and verifying and is thus independent in relation to these. The MLRO is accountable for the following activities:

  • produce and, when necessary, update the Company’s Guidelines;
  • monitor and verify on an ongoing basis that the Company is fulfilling the requirements prescribed by these Guidelines and related documents and according to external laws and regulations;
  • provide the Company’s staff and members of the Management Board with advice and support regarding the rules relating to Money Laundering and Terrorist Financing;
  • inform and train the members of the Management Board and relevant persons about the rules relating to Money Laundering and Terrorist Financing;
  • investigate and register sufficient data on received internal notifications and decide whether the activity can be justified or whether it is suspicious;
  • file the relevant reports with the appropriate regulatory authorities in accordance with applicable legislation;
  • check and regularly assess whether the Company’s procedures and guidelines to prevent the use of the business for Money Laundering or Terrorist Financing are fit for purpose and effective.

The MLRO reports to the Management Board quarterly. This report must be in writing and include at least the following items:

  • number of Customers under all risk classifications
  • number of hits of persons in relation to the Sanctions lists and applied measures;
  • number of Customers or Customers’ representatives identified as PEPs or persons with a connection to a PEP;
  • number of internal notifications on suspicious activity or transactions;
  • number of the relevant reports reported to the Financial Crime Investigation Service (FCIS);
  • number and content of a request for information from the FCIS within the framework of an investigation;
  • confirmation that the Company’s risk assessment for Money Laundering and Terrorist Financing is up to date;
  • confirmation that these Guidelines and other related documents are up to date;
  • confirmation that the staffing in respect of AML measures is sufficient;
  • all inadequacies (if any) identified by the control function have been addressed;
  • list of obligatory training which has been held for the staff in respect of AML measures.

 

RISK ASSESSMENT AND RISK APPETITE

The target of the implementation of internal control measures for the Company’s compliance with the established risk assessment policy (incl. established risk appetite) is an examination of the following circumstances:

  • Company establishes and uses a risk-based approach when providing services to the Customers (e.g., CDD measures implemented in accordance with risk level);
  • Company-determined factors which affect the rise of ML/TF risks and determined factors are relevant;
  • Company determined and assessed ML/TF of all services which Company provides;
  • Company composed the risk profile of the Customer prior the performing transactions or creating business relationships;
  • Company updates the risk profile of the Customer on a regular basis;
  • Company follows established risk appetite;
  • Company keeps records of all incidents in accordance with the established risk assessment policy;
  • risk assessment policy was reviewed during the last year and there is no information that MLRO had required earlier review.