Mchange.net cryptocurrency exchange service AML policy

What is AML / KYC system? Her fight against money laundering through customer verification. Processes for the implementation of financial sanctions at the international level.

All measures for control within the country, facilitating the integration of the AML law. All abbreviations and terms

1. Organization - Internet service for the exchange of digital and electronic currencies Mchange.net.

2. Client - a private or legal person to whom the Organization provides a number of available services.

3. Money laundering - concealment or concealment of the real purpose of funds, the parties to their receipt, location, transfers and other rights in case of illegal receipt of an amount or in the course of fraudulent activities in the territory of another country.

4. Investments by terrorist groups are carried out to order illegal actions that run counter to the Criminal Code.

5. International sanctions are fines and restrictions imposed by the EU, UN, other organizations or the government to maintain peaceful relations and avoid conflict situations.

6. A politically exposed person (PEP) is an individual who performs special operations in the government apparatus. For example, the head of the country, the minister, his deputy, members of parliament and many other persons.

7. Local PEP is a person from the point above who participates or has participated in important processes under the state apparatus in the country where the service is located.

8. The PEP family is the spouse, children or parents of a person.

9. A close PEP is a person who is a co-owner or resident of the city and has a close business relationship with another local resident.

10. The AML Law is a description of supportive measures in filing and attempting to declare illegal income tax returns.

Key rules

2.1 This document was developed taking into account the AML Law and the International Sanctions Law and applies to internal situations.

2.2 The document allows you to identify measures for the security of the internal organization. This is necessary to test money laundering situations in strange and unstandardized transactions.

2.3 Members of the organization should receive instructions based on the law, which they will follow when checking illegal activities.

2.4 All amendments to laws and regulations should be studied independently.

2.5 The Board of Founders is obliged to provide instructions for all employees of the organization.

2.6 All employees of the company must sign for familiarization with the instructions.

2.7 Members of the Organization must be personally responsible for all compliance with the law.

Communication with customers and identification

3.1 Members of the organization should use the rules in all relationships with clients.

3.2. The organization does not work with representatives of an individual.

3.3 Client identification takes into account the following points:

3.3.1 For certification, a document is required, a copy of a document with a photo and data. For citizens of the country where the service is located and non-residents, these are: passport, international passport, residence permit, driver"s license, passport for entering the country.

3.3.2 Additionally, record the following information:

3.3.2.1 Full name.

3.3.2.2 Tax number, date of birth and place.

3.3.2.3 Document number, date of receipt and number of the territorial authority that issued it.

3.3.2.4 Address of residence and registration.

3.3.2.5 Contact information of any nature.

3.3.2.6 Availability of PEP functions by the person.

3.3.2.7 Involvement with a family member or partner of an individual with PEP Functions.

3.3.3 Additionally, for identification, documents are required:

3.3.3.1 For residents of the country where the service is located - passport, foreign passport, driver"s license, document confirming a residence permit. For non-residents - a foreign passport with an entry stamp.

3.3.3.2 Documentation giving information about the place of residence. It can include utility bills, bank statements or other documents that contain the address. They must be received no later than three months from the date of the request.

3.4 If the client is a legal entity, then his identification goes through:

3.4.1 An extract from the Commercial Register is provided, received no later than three months from the date of the request. If possible, you need to put an apostille on it.

3.4.2 Additionally required data:

3.4.2.1 Title.

3.4.2.2 Number assigned upon registration and date.

3.4.2.3 Legal and actual address.

3.4.2.4 Information about the representative, co-founders or beneficiaries.

3.4.2.5 All contact information.

3.4.2.6 All individuals related to a legal entity provide a passport or documents from position 3.3.

Risks and level of control measures

4.1 When establishing relationships with a client, an organization needs to consider the risks of possible money laundering and terrorist financing.

4.2 For verification, the categories are taken into account:

4.2.1 Geography.

4.2.2 Customer"s own risk.

4.2.3 Intended Operations with the Client.

4.3 Geographic risk is high if the client is associated with transactions in the following territories:

4.3.1 Areas Affected by UN or EU Sanctions.

4.3.2 States that do not take measures to exclude the process of money laundering.

4.3.3 Countries seen supporting terrorism and having a significant level of corruption.

4.3.4 High Risk State Details http://www.fatf-gafi.org/countries/#high-risk .

4.4 The risk from the client is considered significant if:

4.4.1 A person is considered a PEP, a member of his family or a close associate. This fact must be identified before starting cooperation.

4.4.2 The person is listed by the UN and the EU as unreliable and subject to sanctions. This information also needs to be tracked.

4.4.3 Is involved in money laundering cases.

4.5 The risk from transactions is considered significant if:

4.5.1 If the transaction is paid by a third party.

4.5.2 The transaction is concluded without commercial or other justification.

4.5.3 The list of actual participants is not available for general viewing.

4.5.4 Currency receipts come from different accounts.

4.5.5 Received amounts are non-standard for the client.

4.5.6 With each transfer, virtual money of various denominations.

4.6 Risks of unreliability of a client are high if there is any of the reasons listed.

4.7 The organization will not provide services if:

4.7.1 The person is related to a high-risk country http://www.fatf-gafi.org/countries/#high-risk .

4.7.2 The person is subject to international financial sanctions.

4.7.3 The person is a PEP or is related to members of his family or close people.

4.7.4 Has suspicion or evidence of previous money laundering or investment in terrorism.

4.8 When situations from position 4.7 are identified, enhanced due diligence measures are taken.

Digital risks and their identification

5.1 Risks that are directly related to technology and the IT industry:

5.1.1 Transfer of important information.

5.1.2 Submission of knowingly erroneous data.

5.1.3 Introducing viruses and carrying out hacker attacks.

5.1.4 Risks to data systems.

5.2 To mitigate risks, employees of the Organization should:

5.2.1 Use only internal servers of organizations.

5.2.2 Use only software with legal and approved content.

5.2.3 Apply techniques approved by the Organization without integrating external media.

5.3 To reduce the risk of receiving false information:

5.3.1 Personal data is confirmed at a real meeting, in a video communication mode, or by a method chosen by the Organization.

5.3.2 If there is any suspicion, the client is requested to provide confirmation documents.

5.4 To mitigate the risks of cyber attacks:

5.4.1 The system must be constantly checked for unreliable operations.

5.4.2 Conducting Security Testing.

5.4.3 Application of software with constant updates and with the ability to fight against viruses.

5.5 Eliminate or reduce risks when working with data:

5.5.1 Application of network and server fuses.

5.5.2 The main server must be separate and have a backup.

5.5.3 The system must be PCI / DSS certified.

5.6 Employees should receive information security training at least once a year.

Applying due diligence at a comprehensive level

6.1 It is worth paying attention to clients in respect of whom there is a suspicion of conducting transactions for laundering or investing in terrorism. These transactions are non-standard in nature, complex schemes and do not have an economic purpose.

6.2 For this, checks are applied:

6.2.1 Carrying out customer identification based on all documents, personal presence or video communication.

6.2.2 Verification of the Beneficiary.

6.2.3 Researching Business Relationships.

6.2.4 Continuous monitoring of transactions and relationships and regular checks of all data, confirmation of the source of funds may also be required.

6.3 Legal check in the complex shows the facts that can be documented. If it is not possible to obtain the original, a copy of the documents with a notarial seal and certification of its authenticity will do. If there is any doubt, then the check must be carried out according to the original and subjected to its study.

6.4 The check can take data from the register. If registration took place in another country, it must apply security measures and comply with AML / KYC.

6.5 All checks are carried out before the start of cooperation.

6.6 Client identification occurs at the beginning of the relationship. If there is any suspicion, then action should be taken promptly and before the transaction is completed.

6.7 In all possible cases, the transaction must be confirmed with a signature. She also verifies the authenticity of information and documentation.

Using extended legal due diligence

7.1 Extended version applies in case:

7.1.1 If the data about the person came from a place where the client cannot actually be.

7.1.2 The verification has raised doubts and there is no way to identify the client or beneficiary.

7.1.3 The situation has a high risk of money laundering or investment in terrorism.

7.2 Employees can use one of the measures to check:

7.2.1 Verification of data using the register of a credit institution that operates in a territory with applicable AML regulations, and in case the identity of the client is related to this institution.

7.2.2 Using electronic delivery of data to ensure data authentication. They must be notarized or certified for accuracy.

7.2.3 Making a payment to the account of a transaction participant with the help of a credit institution with which the person cooperates, in a country where AML / KYC protocols are in effect.

PEP check

8.1 When starting a business relationship, the client must fill out a mandatory form to verify the information.

8.2 Among other things, he must enter the details of whether he is a PEP or a person related to him.

8.3 If a PEP person is related to a client, it is necessary to indicate information about him.

8.4 The PEP data will be verified against public sources such as https://namescan.io/FreePEPCheck.aspx .

Verification of the person against whom international sanctions have been imposed

9.1 When concluding a business relationship, the client enters into special forms all the data that will be used for identification.

9.2 Based on this data, the employee checks for international sanctions.

Checking in case of suspicion of money laundering

10.1 Circumstances under which suspicion may arise and why special attention should be given to the client.

10.2 What signs are suspicious:

10.2.1 Appearance and behavior do not resonate with the transaction.

10.2.2 A person cannot sign a document without assistance.

10.2.3 The person was suspected of dishonest activity.

10.3 The person cannot prove the need for action.

10.4 The rate is unreasonably high.

10.5 The procedure with cash has a non-standard execution.

10.6 The presence of various small or large transactions that are in no way related to the activities of the person.

10.7 Money for virtual funds is transferred to another account or to another state.

10.8 There is no clarification or data on the transaction from the person.

10.9 A significant amount of virtual money is subject to exchange, if this is not characteristic of the behavioral features of the business.

10.10 The person is not identified and does not provide data.

10.11 Attempts to conduct a fictitious transaction.

10.12 When entering into a long-term relationship, the person wants to settle only in cash.

10.13 Presence of suspicion of actions in the interests of a third party.

10.14 A person wants to settle in cash with amounts exceeding 10 thousand Euros (or the equivalent).

10.15 There were cases of repeated settlements in amounts exceeding 10 thousand Euros (or the equivalent).

10.16 Calculations were made with the help of a bank located in a tax-free territory.

Refusal to sign a contract and implement a deal

11.1 The organization does not conclude a contract in the event of:

11.1.1 The person has not reached the age of 18.

11.1.2 With representatives of an individual.

11.1.3 With a person who refuses to provide documents from position 3 or gives less data than necessary. 

11.1.4 The person was suspected of provocation.

11.1.5 The person has submitted documents confirming the organization"s suspicions of misconduct.

11.1.6 The person is under the influence of international sanctions.

11.1.7 The person is or is related to PEP.

11.1.8 Person refers to a person who is suspected or convicted of misconduct. 

11.1.9 Person is associated with a person who has the nationality of a high-risk country http://www.fatf-gafi.org/countries/#high-risk .

Conducting the collection, protection and creation of data security

12.1 After the start of the transaction, an employee of the organization must carry out the registration procedure for the following data:

12.1.1 Details of the person from position 3.

12.1.2 Date and period of conclusion of the contract.

12.1.3 Deciphering the essence of the transaction.

12.1.4 Data on the refusal to register a relationship or transaction by the organization.

12.1.5 Data on refusal of a relationship or a transaction on the part of the client.

12.1.6 Data on the closure of the relationship, coupled with the lack of the ability to conduct due diligence at the legal level.

12.1.7 The operation of exchanging digital money for currency, the total amount in cash and the resulting amount in accordance with the exchange rate.

12.1.8 The rate of the ratio of digital money to another type of virtual currency, the amount and the exchange rate.

12.1.9 If the account was opened in virtual currency, then its type, registration number and currency name shall be indicated.

12.2 For five years, the organization must keep the following documents after the termination of the business relationship:

12.2.1 Verification and identification data.

12.2.2 Correspondence with the client.

12.2.3 Information about the processes in the monitoring of activities.

12.2.4 Information on the presence of suspicious and non-standard transactions.

12.2.5 All transaction and procedure documentation.

12.3 Employees of the organization should use the rules for the protection of information during its collection and storage. Processing can only be carried out in case of suspicion of illegal actions.

Financial Regulatory Service Alert

13.1 If illegal actions have been discovered, or there is suspicion, or evidence, then this information is reported to the MLRO (Money Laundering Reporting Officer).

13.2 The client is not notified of the provision of data to MLRO.

13.3 The MLRO employee must attach copies of the documentation on the basis of which the conclusions were drawn and documentation of the nature of the transaction.

Internal monitoring and staff training

14.1 Compliance with AML regulations is regulated and monitored by the organization"s management.

14.2 Risk assessments and customer checks are carried out by trained staff only.

14.3 Activities and operations are checked by specialists under the supervision of the management.

14.4 The Directorate is responsible for providing training for employees.

14.5 Employees should independently monitor and study amendments to the law.

14.6 Training is carried out as needed, at least once a year.

Annex 1. Survey in the form of a KYC questionnaire for an individual

Data:

  • Full name
  • Date of birth and place
  • Tax citizenship
  • INN
  • Registration and residence address
  • E-mail address
  • Contact phone number
  • Whether the person is related to a politically vulnerable person, is his family or a person close to him. If the answer is yes, fill in your name and position.

Documentation

  • The passport. For a person with EU citizenship - a passport or government-issued ID.
  • Documents to confirm the address (utility bills or bank statements).
  • Selfie with a photo of a document from position 1, opened on a page with photo and data.

Appendix 2. Survey questionnaire for legal entities

Data:

  • Name
  • Number assigned during registration
  • Registration date
  • Tax citizenship
  • INN
  • Legal address of the company
  • Actual address of the company
  • contact phone number
  • E-mail address
  • Electronic resource address, if available
  • Occupation (in detail)

Documentation

  • Certificate of registration with notarization and apostille, with the prescribed details of the director, existing shareholders and beneficiary.
  • Statement of proof of address in the form of utility bills or bank statement.

Director"s details

  • Full name
  • Date of birth and place
  • Tax citizenship
  • INN
  • The address
  • E-mail address
  • contact phone number
  • Whether the director is related to the PEP person or is he himself. If yes, write in the name and position.

Director"s documentation

  • The passport. For a person with EU citizenship - a passport or government-issued ID.
  • Documents to confirm the address (utility bills or bank statements).
  • Selfie with a photo of a document from position 1, opened on a page with photo and data.

Shareholder data and documents

  • In the case of a shareholder"s relationship to an individual, he transfers data in accordance with Section III and documents from clause IV.
  • If the shareholder is related to legal entities, then he needs to transfer documents from I to IV section.

Beneficiary data and documentation

The data is the same as in Section III, and the documentation is duplicated from Section IV.