Definitions and Abbreviations used in this Policy

AML - Anti-Money Laundering

CDD - Customer Due Diligence

EFT - Electronic funds transfer

PCMLTFA - Proceeds of Crime (Money Laundering) and Terrorist Financing Act

CTF - Counter-Terrorist Financing

ECDD - Enhanced Customer Due Diligence

HIO - Heads of international organizations

FATF - Financial Action Task Force

FINTRAC - Financial Transactions and Reports Analysis Centre of Canada

ML - Money Laundering

PEPs - Politically Exposed Persons

STR - Suspicious Transaction Reports

SCDD - Simplified Customer Due Diligence

STRO - Suspicious Transaction Reporting Office

TF - Terrorism Financing

TPR - Terrorist Property Report

UNSCR - United Nations Security Council Resolutions

2. Legal and Regulatory Framework

Our AML policies, procedures and internal controls are designed to ensure compliance with applicable regulatory and legislation framework and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business, where applicable.

The Company is guided by requirements and principles of AML law and regulatory resources, including such key guidance as follows:

• Proceeds of Crime (Money Laundering) and Terrorist Financing Act (hereinafter, PCMLTFA), S.C. 2000, c 17
• Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations (SOR/2001-317)
• Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFR), SOR/2002-184/
• Cross-border Currency and Monetary Instruments Reporting Regulations (SOR/2002-412)
• Proceeds of Crime (Money Laundering) and Terrorist Financing Registration Regulations SOR/2007-121
• Proceeds of Crime (Money Laundering) and Terrorist Financing Administrative Monetary Penalties Regulations SOR/2007-292
• FATF Recommendations “Guidance on the Risk-Based Approach to Combating Money Laundering and Terrorist Financing” and websites:
  • Financial Transactions and Reports Analysis Centre of Canada Guidance
  • Canada Border Services Agency (CBSA) 
  • Inter-Ministry Committee on Terrorist Designation (“IMC-TD”)

3. The Concept and Assessment of ML & TF

Money Laundering is the process of moving illegally acquired cash through financial systems so that it appears to come from a legitimate source. Criminals will try to conceal the origin and true ownership of the proceeds of their activities in order to legalise the ill-gained money. It is therefore important that businesses have procedures and policies in place to identify and prevent ML within the Company. Money laundering offence means an offence under subsection 462.31(1) of the Criminal Code of Canada: Every one commits an offence who uses, transfers the possession of, sends or delivers to any person or place, transports, transmits, alters, disposes of or otherwise deals with, in any manner and by any means, any property or any proceeds of any property with intent to conceal or convert that property or those proceeds, knowing or believing that, or being reckless as to whether, all or a part of that property or of those proceeds was obtained or derived directly or indirectly as a result of the commission in Canada of a designated offence; or an act or omission anywhere that, if it had occurred in Canada, would have constituted a designated offence.

The three main stages of ML process cover as follows:

• Placement: The process of placing criminal property into the financial system. This might be done by breaking up large sums of cash into smaller amounts or by using a series of financial instruments (such as cheques or money orders) which are deposited at different locations. Also, after a crime has been committed, funds are paid into a bank account or used to buy an asset.
• Layering: The process of moving money that has been placed in the financial system in order to obscure its criminal origin. This is usually achieved through multiple complex transactions often involving complicated offshore company structures and trusts.

To try and hide the source of the proceeds of crime, criminals carry out transactions, which can be complex and numerous.

• Integration: Once the origin of the money is disguised it ultimately must reappear in the financial system as legitimate funds. This process involves investing the money in legitimate businesses or setting up trusts, in order to get the funds imported back into the financial system.

As to the terrorism financing, terrorists require funds to support their activity in order to carry out terrorist attacks and, therefore, to provide such funds to terrorists for that purposes means to fulfil TF.

ML & TF may not involve the proceeds of criminal conduct (such as, e.g. drug trafficking, fraud, kidnapping, robbery, etc.), but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. There can also be legitimate sources of funds that are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

To prevent ML/TF, our Company assesses our customers, their data, their transactions amounts and features, including but not limited to the following:

• we do not deal with obstructive or secretive clients;
• we study our customer to understand their aim of using our services and provide our services to the customers who fall within our range of activities and expertise;
• we consider the customer’s territorial location;
• we consider the logic reasons when the customer applies to open an account with our Company, the customers of our Customer;
• we observe complex or unusually large transactions, as well as transactions with no apparent logical, economic or legal purpose;
• we assess high risk jurisdictions;
• large payment on account of fees with instructions terminated shortly after and the client requesting the funds are returned, as the case may be.

The Company fully acknowledges that being involved in any of these three stages is potentially a criminal activity that should be treated as appropriate under the applicable legislation provisions and requirements.

4. Three Lines of Defence

As in general envisaged by our internal governance and controls measures laid down in the “Internal Controls Policy”, our Company will also apply in particular the so-called 3 lines of defence model in identifying the functions in addressing and managing our ML/TF risks:

1. The 1st line of defence of our Company’s business lines is taking risks and being responsible for operational management directly and on a permanent basis.

For that purpose, our Company will introduce appropriate processes and controls in place that aim to ensure that ML/TF risks are identified, analysed, measured, monitored, managed, reported and kept within the limits of the Company’s risk appetite and that the business activities are in compliance with external and internal requirements.

1. The 2nd line of defence is the risk management (control) function and compliance function.

The risk management function will facilitate the implementation of a sound ML/TF risk control framework of the Company and is aimed at identifying, monitoring, analysing, measuring, managing and reporting on ML/TF risks and forming a holistic view on all risks on an individual and consolidated basis. It contributes to the implementation of ML/TF risk management measures by the Company’s business lines in order to ensure and underpin that business processes and controls in place at the first line of defence are properly designed and effective.

The compliance function will monitor compliance with legal and regulatory requirements and internal corporate policies, as well as provide advice on compliance to the Board and other relevant staff, and establish policies and processes to manage compliance risks and to ensure compliance (e.g., with other support functions, such as operations, human resources, technology, etc. that work together with the compliance function to identify ML/TF risks when they process transactions, applications, deploy systems or technology, etc.)

Where necessary, both functions may intervene to ensure the modification of ML/TF internal controls and risk management systems within the first line of defence.

1. The 3rd line of defence is the independent internal audit function.

The independent internal audit function conducts risk-based and general audits and reviews the internal AML/CTF governance arrangements, AML/CTF processes and mechanisms to ascertain that they are sound and effective, implemented and consistently applied. This function will cover the adequacy and effectiveness of the Company’s AML/CTF policy, procedures and controls in identifying ML/TF risks and addressing them, as well as effectiveness in training of AML/CTF relevant staff.

The internal audit function is in charge also of the independent review of the first two lines of defence, mentioned above. The internal audit function performs its tasks fully independently of the other lines of defence.

The Company’s internal control functions, for the purpose of proper running, will be organised in a manner that provides the independence of these functions within the Company, the appropriate financial and human resources to perform the tasks, and direct reporting to the Board.

Within all three lines of defence, appropriate AML/CTF internal control procedures, mechanisms and processes will be designed, developed, maintained and evaluated under the ultimate responsibility of the Board.

5. AML Procedures for the Company

The Company is committed to the AML/CTF procedures including but not limited to, as follows:

• To identify and verify all new and existing clients to a reasonable level of certainty;
• To take a risk-based approach when onboarding and monitoring of client transactions and business activities;
• To report any suspicious activity and record all AML activities where applicable;
• To make arrangements to receive and manage the concerns of staff about money laundering and their suspicion of it, to make internal enquiries and to make reports where necessary, to the STRO and other relevant authorities as appropriate;
• To give targeted training to those considered to be the most likely to encounter the ML;
• To establish internal procedures to help forestall and prevent the ML.
• To appoint a compliance officer who is responsible for implementing the program
• To review the compliance program for the purpose of testing its effectiveness, and carrying out this review every two years at a minimum

6. Risk Assessment and Risk-Based Approach

Risk assessment should consist of 2 distinct but related steps:

• the identification of ML/TF risk; and
• the assessment of ML/TF risk.

The Company will identify and assess the ML/TF risks:

• presented by the customer; and
• on an enterprise-wide level.

6.1. Risk assessment presented by the customer:

Risks Classification

In accordance with the FATF Recommendations, the Company divided the risks by HIGH, MEDIUM, LOW risk categories and classified the customers by appropriate risk criteria.

Risks Categories

ML and TF risks can be assessed within various categories framework.

The Company applies such risk criteria in respect of the customer as:

• (I) country / territory or geographic location risk
• (II) customer risk
• (III) product / service risk/delivery channels

(I) Customers Classification Based on the Country (Geographical Location) Risk

When initiating the relationships:

• а) High Risk

  • Countries in respect of which sanctions and embargoes are applied, or similar measures imposed by the UN. In addition, under certain circumstances, some countries in respect of which such organizations as the UN have imposed sanctions or measures, and which are not recognized internationally, may be entrusted by a financial institution, based on the financial position of the issuer and the nature of such sanctions and measures.
  • Countries that according to credible sources do not have relevant laws, regulations and other measures to prevent Money Laundering / Terrorist Financing (e.g., High-risk and non-cooperative jurisdictions under FATF definitions)
  • Countries that according to credible sources are characterized by a high level of corruption or other illegal activities. Countries, clients of which create an increased organizational / financial burden on the company due to the complex /complicated legal and/or taxation system.

• b) Medium Risk

  • Countries, clients of which create an increased organizational / financial burden on the company due to the complex /complicated legal and taxation system.

• c) Low Risk

  • All other countries.

(II) Customers Classification Based on the Customer Risk

When initiating the relationships:

• а) High Risk

  • Charitable and other non-profit organizations
  • Enterprises that provide money transfer services (e.g., money remittance businesses, currency exchange offices, money transfer agents and bank bonds traders, as well as other entities offering to use funds for money transfers)
    (currently company does not establish relationships with this category)
  • Customers whose organizational structure or nature of business relations do not allow to determine the beneficial owner or the controller
  • Activity types that, without being associated with handling the large amounts of cash, allow cash withdrawals as a result of certain transactions
  • “Persons who provide access to financial systems”, e.g. accountants, lawyers or professional organizations that have accounts with financial institutions and act on behalf of clients, in cases where a financial institution relies excessively on such persons/entities and thus providing opportunities for the financial system misuse
  • Customers who are politically exposed persons or heads of international organizations.

• b) Medium Risk

  • Customers who declare that they do not fall within the category of persons subject to FATCA regulation and compliance, however there are reasons to believe that FATCA regulation applies to them (phone number, account, address, place of birth, etc.)
  • Customers who associate themselves with low-risk clients, as per clause (c) below, but have stable close links with countries from clause (a) above. Stable close links include: place of birth, citizenship, phone number, etc.

• c) Low Risk

  • All other customers.

Upon established relationships (existing customer):

• а) High Risk

  • Customers who accomplish frequent and unexplained transfers of accounts to other financial institutions
  • Customers who make frequent and unexplained transfers of funds from one financial institution to another located in another region
  • Use of intermediaries in the structure of business relationships that are not regulated in compliance with AML / CTF laws and supervision measures
  • Customers engaged in suspicious transactions, or in individual or related transactions exceeding the amount thresholds established by the law and subject to special monitoring.

• b) Medium Risk

  • Customers who associate themselves with low-risk clients, as per clause (c) below, but have stable close links with countries from clause (a) above. Stable close links include: place of birth, citizenship, phone number, etc.

• c) Low Risk

  • All other customers.

(III) Customers Classification Based on the Product/Service Risk

When initiating the product/service/ delivery channels:

• а) High Risk

  • Services that according to credible sources or competent authorities’ classification are potentially risky.
  • Services that are provided through international correspondent bank accounts, including transactions such as payments to non-customers (e.g., intermediary banks) and postal money transfers.
  • International private banking services.
  • Services associated with bonds, precious metals, anonymous services.
  • Services that allow instant execution of international transactions, such as, e.g. online banking transfers, letters of credit, bills of credit, international non-cash bank transfers, private investment companies and funds.

• b) Medium Risk

  • Products that are risky by nature but the risk indicators of which are significantly reduced by the established restrictions, such as e.g., limits, verification, etc.

• c) Low Risk

  • All other customers.

Understanding the Nature and Purpose of Customer Relationships

We will understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, which depending on the facts and circumstances, includes such information as:

• The type of customer;
• Target customer markets and segments;
• The account or service being offered;
• The customer’s income;
• The customer’s net worth;
• The customer’s domicile;
• The customer’s principal occupation or business; and
• In the case of existing customers, the customer’s history of activity.

The Company keeps records of the purpose and intended nature of the business relationship with clients.

During ML/TF risks identification we will:

• document our risk assessments;
• consider all the relevant risk factors before determining the level of overall risk and the appropriate type and extent of mitigation to be applied;
• keep our risk assessments updated;
• have appropriate mechanisms to provide the risk assessment information to the Monetary Authority of Canada.

6.2. Risk assessment on an enterprise-wide level:

The Company will identify and assess the ML/TF risks associated with both the customer (as detailed above) and on an enterprise-wide level, including products/services and delivery channels. The enterprise-wide ML/TF risk assessment will enable us to better understand the Company’s overall vulnerability to ML/TF risks and will form the basis for the Company’s overall risk-based approach.

When assessing enterprise-wide ML/TF risks, we will take a holistic view of the ML/TF risk factors we have identified that, together, will determine the level of ML/TF risk associated with a business relationship or occasional transaction, that can enable us to mitigate and manage the identified and assessed risk. Thus, the Company will take into account and will be based on the following:

• in respect of the Company’s customers:
• the customer’s market / segment;
• volumes and sizes of its customers’ transactions, etc.
• customers identified as higher risk, if any;
• in respect of the Company customer’s countries/ jurisdictions:
• countries/jurisdictions that the Company is exposed to, either through its own activities or the activities of its customers (taking into account local AML/CTF laws, membership in international groups, FATF recommendations, reports and assessments of IMF, World Bank, other credible sources);
• in respect of the products/services, transactions and delivery channels:
• the nature of the services the Company offers to the customers, as well as the delivery channels (e.g., we deal with the customer directly, without third-parties involvement);
• the nature, scale, diversity and complexity of the Company’s business activities.

To effectively mitigate the identified and assessed risks, the Company developed policies, procedures and controls approved by the director.

The Company will:

• monitor the implementation of these policies, procedures and controls, and enhance them as appropriate;
• perform enhanced measures where higher risks are identified, to effectively manage and mitigate those higher risks;
• ensure that the performance of measures or enhanced measures to effectively manage and mitigate the identified and risks address the risk assessment and guidance from the FINTRAC or other relevant authorities in Canada.

If the Company intends to carry out a new development or introduce a new technology that may have an impact on its clients, business relationships, products, services or delivery channels or the geographic location of its activities, the Company will assess and document the risk referred to in before doing so.

Record-keeping and Reviews

To keep our enterprise-wide risk assessments updated, we will review our risk assessment at least once every two years or when material trigger events occur, whichever is earlier. Material trigger events can include (without limitation): the acquisition of new customer segments or delivery channels, the launch of new products/services by our Company, etc. For the Company’s record-keeping, the results of these reviews will be documented and approved by our senior management even if there are no significant changes to our enterprise-wide risk assessment.

6.3. Risk factors in relation to the customers, geographical location, products/services, transactions and delivery channels

Where appropriate, we should take these prevailing crime type results into account as part of an ongoing monitoring of the conduct of our customers' accounts and scrutiny of transactions.

These prevailing crime types are as follows:

• Money Laundering Threats:
• Domestic Origin:
  • Of the common predicate offences (such as cheating, corruption, cheating and criminal breach of trust, drug trafficking, forgery, illegal gambling, immigration offences, misappropriation, robbery, theft, unlicensed moneylending and vice) committed in Canada, (i) unlicensed money lending, (ii) cheating,and (iii) criminal breach of trust are identified as the major ML threats that all relevant stakeholders concerned with AML matters should take into account.
  • (i) unlicensed money lending - syndicates often lend money at exorbitant interest rates ranging from 20% to as high as 1000% per annum;
  • (ii) cheating - includes following methods:
    • Failure to Deliver Goods and Services - involves victims who make purchases in response to fraudulent advertisements (often on the internet) but subsequently fail to receive the goods or services paid for;
    • Inducement of Victims to Purchase Counterfeit Goods - gold, luxury watches and electronic products are sold as authentic while being in a fact counterfeits;
    • Kidnap Phone Scam - e.g., when the victims are informed of the family member kidnapping;
    • Lottery Phone Scam - unsolicited calls or mobile text messages claiming that the recipients have won prize money in an overseas lottery, while there is no lottery win;
    • Internet Love Scam - when victims are befriended through online dating or social networking sites and then in different variations request the victim to make payments in their favour.
• (iii) criminal breach of trust - typically perpetrated by offenders who have been entrusted with key responsibilities and empowered to make financial decisions in their positions, while abusing those positions
  • corruption,
  • forgery,
  • vice,
  • illegal gambling, and others.
• Foreign Origin:
  • (i) cheating and (ii) corruption have been identified as predicate offences of foreign origin which pose relatively higher ML threats to Canada.
  • (i) Cheating - this ML method frequently involves, e.g. Shell Companies, which are registered in Canada or elsewhere with no legitimate business activities and minimal paid-up capital, where the authorised bank signatories are foreigners based overseas who are usually the companies’ directors and shareholders, and the resident director of the Canada-registered company would usually be a nominee with no access to the bank accounts and no shareholding in the company;
  • (ii) Corruption - this ML method includes either self-laundering via the banking system or third-party laundering via bank accounts of the suspect’s family and close associates.
  • There are also other criminal threats of foreign origin, such as e.g.:
    • Match-Fixing (which may involve acts of corruption to arrange the outcomes of sports games),
    • securities market misconduct,
    • criminal breach of trust,
    • drug trafficking,
    • immigration offences,
    • trade-based money laundering, etc.
• Terrorist Financing Threats:
• Domestic Funding:
  • Terrorist and criminal elements can use criminal means like robbery to finance their operations, drug trafficking and the hacking of online accounts to fund their activities, as well as exploit new payment technologies and other emerging trends like phone and internet banking to carry out fraud and other illicit activities and covertly move funds.
• Foreign Funding:
  • Terrorist elements can use the international banking and financial network to launder illicit funds for terrorism-related purposes.

6.4. Other Risk Factors (Red Flags).

Additional risk factors that signal possible ML/TF include, but are not limited to:

• Insufficient or Suspicious Information on Customers
  • Provides unusual or suspicious identification documents that cannot be readily verified.
  • Reluctant to provide complete information about nature and purpose of business, prior banking relationships, anticipated account activity, officers and directors or business location.
  • Refuses to identify a legitimate source for funds or information is false, misleading or substantially incorrect.
  • Background is questionable or differs from expectations based on business activities.
  • Customer with no discernable reason for using the company’s service.
• Efforts to Avoid Reporting and Recordkeeping
  • Reluctant to provide information needed to file reports or fails to proceed with transaction.
  • Tries to persuade an employee not to file required reports or not to maintain required records.
  • “Structures” transfers or purchase of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements.
  • Unusual concern with the company’s compliance with government reporting requirements and company’s AML policies.
• Certain Funds Transfer Activities
  • Wire transfers to/from financial secrecy havens or high-risk geographic location without an apparent business reason.
  • Many small, incoming wire transfers. Almost immediately withdrawn or wired out in manner inconsistent with customer’s business or history. May indicate a Ponzi scheme.
  • Wire activity that is unexplained, repetitive, unusually large or shows unusual patterns or with no apparent business purpose.
• Activity Inconsistent With Business
  • Transactions patterns show a sudden change inconsistent with normal activities.
  • Unusual transfers of funds among accounts without any apparent business purpose.
  • Maintains multiple accounts, or maintains accounts in the names of family members or corporate entities with no apparent business or other purpose.
  • Appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information.
• Transactions Involving Securities
  • Customer engages in prearranged or other non-competitive trading, including wash or cross trades of illiquid securities.
  • Customer transactions include a pattern of receiving stock in physical form or the incoming transfer of shares, selling the position and wiring out proceeds.
  • Customer’s trading patterns suggest that he or she may have inside information.
• Transactions Involving Insurance Products
  • Cancels an insurance contract and directs funds to a third party.
  • Cancels annuity products within the free look period which, although could be legitimate, may signal a method of laundering funds if accompanied with other suspicious indicia.
  • Opens and closes accounts with one insurance company then reopens a new account shortly thereafter with the same insurance company, each time with new ownership information.
  • Purchases an insurance product with no concern for investment objective or performance.
• Other Suspicious Customer Activity
  • Unexplained high level of account activity with very low levels of transactions.
  • Funds transfers for purchase of a long-term investment followed shortly by a request to liquidate the position and transfer the proceeds out of the account.
  • Law enforcement subpoenas.
  • Large numbers of transactions across a number of jurisdictions.
  • Money transfers in and out with no purpose or in unusual circumstances.
  • Payment by third-party involvement or money transfer without an apparent connection to the customer.
  • Payments to third-party without apparent connection to the customer.
  • No concern regarding the cost of transactions or fees (i.e., surrender fees, higher than necessary commissions, etc.).
  • Customers with complex business ownership structures with the potential to conceal beneficial owners or persons with significant control (PSC).

When we will implement new technology in our business, we will assess the associated ML/TF risks and document and will implement appropriate controls to mitigate those risks.

6.5. Prohibited/Restricted Activities

1. It is forbidden to send or receive payments as consideration for the sale or supply of:

tobacco products, prescription drugs, drugs and drug paraphernalia, weapons (including without limitation, knives, guns, firearms or ammunition), satellite and cable TV descramblers, pornography, adult material, material which incites violence, hatred, racism or which is considered obscene, government IDs and licences including replicas and novelty items and any counterfeit products, unlicensed gambling services (including without limitation the use of or participation in illegal gambling houses), unregistered charity services, items which encourage or facilitate illegal activities, prepaid debit cards or other stored value cards that are not associated with a particular merchant and are not limited to purchases of particular products or services, third party processing or payment aggregation products or services, multi-level marketing, pyramid selling or ponzi schemes, offshore banking, matrix programmes or other “get rich quick” schemes or high yield investment programmes, goods or services that infringe the intellectual property rights of a third party, un-coded/miscoded gaming, timeshares or property reservation payments.

2. It is forbidden to make payments to or receive payments from persons or entities offering illegal gambling services, including (but not limited to) illegal sports betting, casino games and poker games. The company may suspend or terminate the customer’s account at any time or refuse to execute or reverse a transaction if it believes that the customer directly or indirectly uses or has used his account for or in connection with illegal gambling transactions.

3. The customer may not use our services if he is residing in certain countries. These countries will be listed on the Company website and updated from time to time.

This list is not exhaustive and we may in our sole discretion decide to discontinue or restrict our services in other countries at any time and without prior notice. We reserve the right to suspend or terminate the customer’s account at any time if we reasonably believe to be required to do so by law or in order to comply with recommendations issued by a relevant government or competent authority, or recognised body for the prevention of financial crime.

4. The customer is forbidden to use his account for any illegal purposes including but not limited to fraud and any financial crime.
We will report any suspicious activity to the competent authority.
The client is prohibited from using his/her account in an attempt to abuse, exploit or circumvent the usage restrictions imposed by us on the services we provide.

7. CUSTOMER DUE DILIGENCE (“CDD”)

7.1. Grounds for CDD Performance

The Company will perform the CDD measures when:

• establishing business relations with any customer;
• effecting or receiving any funds by cross-border wire transfer, for any customer who has not otherwise established business relations with the Company (where applicable);
• undertaking any transaction for the purposes of carrying on its business of providing cross-border money transfer service, for any customer who has not otherwise
• Transmitting $1,000 or more in funds by means other than an electronic funds transfer (EFT). We will verify the identity of every person who is the beneficiary of a remittance received in an amount of $1,000 or more by means other than an EFT when the transaction takes place
• Initiating an EFT of $1,000 or more;
• Remitting funds to the beneficiary of an international EFT of $1,000 or more. We will verify the identity of every person you remit funds to as the beneficiary of an international EFT of $1,000 or more when transaction takes place.
• there is a suspicion of ML or TF, in any case notwithstanding any CDD measures that the Company is required to perform;
• when ML or TF is suspected, regardless of any derogation, exemption or threshold;
• when it’s necessary for existing customers, e.g. their circumstances change, etc.;
• having any doubts about the veracity or adequacy of any information previously obtained by the Company.
• When Suspicious transactions occurred
• After creation of information record for an ongoing service agreement for international EFTs. We must verify the identity of a corporation or other entity 30 days.

Where there are indications that the risks may have increased over time, the Company should request additional information and conduct a review of the customer’s risk profile in order to determine if additional measures are necessary.

The risk indicators may be as follows:

• the nature of a transaction (e.g. abnormal size or frequency);
• whether a series of payments is conducted so to avoid the thresholds (e.g. by re-structuring a single transaction into several transactions);
• the geographic destination or origin of a transaction (e.g. to or from a higher risk country);
• the parties concerned (e.g. a request to make a transaction to or from a person on a sanctions list).

Linked transactions:

Two or more transactions may be related or linked if they involve the same sender or recipient. Therefore, where the Company suspects that two or more transactions are or may be related, linked or the result of a deliberate restructuring of an otherwise single transaction into smaller transactions with the intention of circumventing applicable thresholds set out herein and in order to evade the CDD measures, the the Company will treat such transactions as a single transaction and aggregate their values.

We will also make further enquiries when a customer performs frequent and cumulatively large transactions without any apparent of visible economic or lawful purpose (e.g., multiple money transfers over a short period of time when several not substantial money transfers can form the total substantial amount). To determine the linked transactions the company will also use The 24-hour rule, which is the requirement to aggregate multiple transactions when they total $10,000 or more within a consecutive 24-hour window and the transactions are:

• conducted by the same person or entity;
• conducted on behalf of the same person or entity (third party), or
• for the same beneficiary (person or entity).

7.2. Identification of the Customer

The Company has established Know-Your-Client (KYC) procedures to ensure that the identities of all new and existing clients are checked and verified to a reasonable level of certainty. This will include all individual clients, all directors and shareholders with a stake holding of 25% or more of client companies, all partners of client partnerships, and every board member of the client. Identities will be verified online using reasonable measures.

The following documentation should be presented by an individual / natural person:

• a unique ID number, e.g. a passport, or a driver’s license, or government issued document featuring a matching photograph of the individual, and a full name and date of birth matching those provided;
• an original recent utility bill, or a bank statement, or government issued document with the same and address matching those provided by the individual.

The following information shall be obtained through the standard identification process:

• a) First name, last name;
• b) Citizenship / nationality;
• c) Date of birth;
• d) Place of residence / residential address;
• e) Number of ID (passport, etc.) and citizen’s personal number by ID (passport, etc.);
• f) If the natural person is registered as a sole trader – the relevant registration date, number, registering authority, identification number of taxpayer (where applicable);
• g) principal place of business (where applicable)
• h) Information about the source of funds

The following documentation should be presented by a legal person:

The following information shall be obtained through the standard identification process:

• a) Full name;
• b) Business activity;
• c) Legal address (in case of the branch or representation the legal address of the head office also) / principal place of business;
• d) Registering authority, date and number of registration/incorporation;
• e) Company documents (certificate of incorporation, M&AA/constitution, Certificate of incumbency, certificate of good standing, share register, etc. as appropriate)
• f) Identification number of taxpayer;
• g) Identification details of persons authorized for management and representation of the entity (e.g., pursuant to passport, POA - power-of-attorney);
• h) Identification details of the person representing a legal entity in a specific operation/transaction (e.g., pursuant to passport, POA) subject to monitoring, where applicable
• i) Information about the source of funds
• j) Ownership and control structure
• k) Information about the purpose and intended nature of the business relations or transaction with the Company
• l) Names of all beneficial owners; for Beneficial Owners/persons with significant control – apply full procedure as for the natural persons.

Organizational formation provided for in the legislation not representing a legal entity (where applicable):

• a) Full name;
• b) Legal address;
• c) Legal act or other document, based on which the given organizational formation was established (is functioning), as well as any relevant corporate documents;
• d) Identification number of taxpayer;
• e) Identification details of persons authorized for management and representation (e.g., pursuant to passport, POA);
• f) Identification details of the person representing organizational formation in a specific operation/transaction (e.g., pursuant to passport, POA) subject to monitoring, where applicable;
• g) Ownership and control structure;
• h) Information about the purpose and intended nature of the business relations or transaction with the Company;
• i) Names of all beneficial owners; for Beneficial Owners/persons with significant control – apply full procedure as for the natural persons.

Regarding legal arrangements, the Company will perform CDD measures on the customer by identifying the settlors, trustees, the protector (if any), the beneficiaries and any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust (including through a chain of control or ownership).

Where applicable, if the customer is unable to provide an original document, the Company will obtain a copy of the document as follows:

• that is certified to be a true copy by a suitably qualified person (e.g. a notary public, a lawyer or certified public or professional accountant);
or
• if the Company’s employee or officer independent of the Company’s dealing with the customer has confirmed that he has sighted the original document.

Also, where a document is in a foreign language it can be accepted with translation into English by a suitably qualified translator.

7.3. Verification of the Customer Identity Information

We will verify the identity of the customer using reliable, independent source data, documents or information. Where the customer is a legal person or legal arrangement, we will verify the legal form, proof of existence, M&AA/constitution and powers that regulate and bind the customer, using reliable, independent source data, documents or information.

Where a customer appoints one or more natural persons to act on his/her behalf in establishing business relations with us, we will identify each such natural person, complying with the requirements of a third party to determine. To verify the due authority of each natural person appointed to act on behalf of the customer, we will be obtaining the following (including, but not limited to):

• an appropriate documentary evidence authorising the appointment of such natural person by the customer to act on his or its behalf;
• the specimen signature of each natural person appointed.

Where the customer is not a natural person but a legal entity, we will verify that entity and screen the natural person(s) of that entity who act on its behalf.

Where applicable, if the customer is departments, agencies, crown corporations and special operating agencies of Government of Canada (hereinafter, Government entity), the Company shall only be required to obtain such information as may be required to confirm that the customer is a Government entity as asserted.

Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers.

Our AML/CTF compliance officer will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer, e.g., whether the information is logical or contains inconsistencies.

We will verify customer identity through documentary means and/or non-documentary means.

We will use documents to verify customer identity when appropriate documents are available. In light of the increased instances of identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described above whenever necessary.

We may also use non-documentary means, if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (where provided), date of birth and National Insurance number, allow us to determine that we have a reasonable belief that we know the true identity of the customer, e.g., whether the information is logical or contains inconsistencies.

We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity.

If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.

In cases where we will deem so necessary or appropriate, we will also use non-documentary methods of verifying identity, as follows:

• Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from public databases and/or other sources, such as e.g. a consumer reporting agency;
• Checking references with other financial institutions; or
• Obtaining a financial statement.

We will use non-documentary methods of verification when:

• the customer is unable to present an unexpired government-issued (or competent authoriidentification document with a photograph or other similar safeguard;
• our Company is unfamiliar with the documents the customer presents for identification verification;
• the customer and our Company do not have face-to-face contact; and/or
• there are other circumstances that increase the risk that our Company will be unable to verify the true identity of the customer through documentary means.

We will verify the information within a reasonable time before and after (as may be appropriate) the account is opened.

Depending on the nature of the account and requested transactions, we may refuse to complete a transaction before we have verified the information, or in some instances when we need more time, we may, pending verification, restrict the types of transactions or amounts of transactions. If we find suspicious information that indicates possible ML / TF activity, or other suspicious activity, we will, after internal consultation with the AML/CTF compliance officer of our Company, file a STR, where applicable in accordance with the laws and regulations.

We recognize that the risk that we may not know the customer’s true identity may be heightened for certain types of accounts (e.g., an account opened in the name of a company that is created or conducts substantial business in a jurisdiction that has been designated by the government and/or competent authorities as a primary money laundering jurisdiction, a terrorist concern, or has been designated as a non-cooperative country or territory). We will identify customers that pose a heightened risk of not being properly identified.

We will also take the following additional measures that may be used to obtain information about the identity of the individuals associated with the customer when standard documentary methods prove to be insufficient:

• Verify the existing and/or obtain additional information about the client and the beneficial owner (income, assets and activity) and to ensure, where appropriate, the immediate access to such information;
• Update the identification data of the client (the beneficial owner) more frequently and verify the authenticity of the documents submitted by the client;
• Verify the existing and/or obtain additional information about the purpose and intended nature of the business relationship;
• Take reasonable measures to obtain the information about the source of funds or wealth of the client (the beneficial owner);
• Verify the existing and/obtain additional information about the reasons and grounds for performed (intended) transactions (operations);
• Obtain the approval of senior management to enter into and/or continue the business relationship;
• Conduct the enhanced monitoring of the business relationship, which includes increasing the number and timing of controls applied and selecting patterns of transactions (operations) that need further examination.

Our Company will also carry out other measures and/or obtain additional information to ensure that the risk identified is effectively managed, including, by determining the expected type and size of future transactions (operations).

7.4. Identification and Verification of Beneficial Owners

The Company shall identify the beneficial owner of the client, as well as undertake reasonable measures to verify his/her identity by means of reliable, independent source and be satisfied that it knows who the beneficial owner of the client is. Identification procedures similar to those used for natural persons shall be applied against beneficial owner.

In the course of the identification and/or verification of a customer and its beneficial owner(s), where applicable, the Company does not rely on a third party/intermediary.

However, we may take into account the performance by another financial institution, including an affiliate, with respect to any customer that is opening an account or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings or other financial transactions, e.g. when this is reasonable and/or applicable under the circumstances.

At the time of opening an account for a legal entity customer, we will identify any individual that is a beneficial owner of the legal entity customer by identifying any individuals who directly or indirectly own 25% or more of the equity interests of the legal entity customer, and any individual with significant responsibility to control, manage, or direct a legal entity customer. Alongside with the standard CDD procedure for an individual/physical person, the following information will be collected for each beneficial owner:

• the name;
• date of birth (for an individual);
• an address, which will be a residential or business street address (for an individual), or a post office box number, or residential or business street address of next of kin or another contact individual (for an individual who does not have a residential or business street address); and
• an identification number, which will be a National Social Security Number (or, where applicable, the national insurance number), or one or more of the following: a passport number and country of issuance, or other similar identification number, such as an alien identification card number, or number and country of issuance of any other state-authority issued document evidencing nationality or residence and bearing a photograph or other similar safeguard.

For verification, we will describe any document relied on (noting the type, any identification number, place of issuance and, if any, date of issuance and expiration). We will also describe any non-documentary methods and the results of any measures undertaken.

7.5. Timing for Verification

The Company will complete verification of the identity of a customer, natural persons appointed to act on behalf of the customer and beneficial owners of the customer before:

• the Company establishes business relations with the customer;
• the Company effects or receives any funds by cross-border wire transfer for the customer, where the customer has not otherwise established business relations with the Company;
• the Company undertakes any transaction for the purposes of carrying on its business of providing cross-border money transfer service, for the customer, where the customer has not otherwise established business relations with the Company; (or)
• the Company undertakes any transaction of a value exceeding 1,000 Canadian Dollars (CAD) for the customer, where the customer has not otherwise established business relations with the Company.

7.6. Lack of Verification & the CDD Measures

If a customer refuses to provide the information or appears to have intentionally provided misleading information, or when we cannot form a reasonable belief that we know the true identity of a customer and completed the CDD, we will do the following:

• not open an account (for a new customer) or consider closing an account (for an existing customer);
• consider filing a STR in accordance with applicable laws and regulations.

7.7. Ongoing Monitoring

Our Company will conduct ongoing monitoring (on an ongoing basis) of business relationships with customers, to ensure that the documents, data or information held evidencing the customer’s identity are kept up to date and transactions activity is carried out within the initially declared activity and pursuant to the Company rules and procedures. To this end, the Company will pay special attention to all complex, unusually large or unusual patterns of transactions, undertaken throughout the course of business relations, that have no apparent or visible economic or lawful purpose.

Therefore, ongoing monitoring should take into account a risk-based approach in the following assessment:

• Suspicious changes in activity trends
• Transaction thresholds exceeding
• Transaction splitting
• Funds shifting to tax havens
• Unusual cross-border activities
• Changing of the customer website, products/services
• Tracking of the names included in the transaction data in accordance with the sanction lists, etc.

The following are examples of changes in a client’s situation that may be considered suspicious:

• A sudden increase in business from an existing customer;
• Uncharacteristic transactions which are not in keeping with the customer’s known activities;
• Peaks of activity at particular locations or at particular times;
• Unfamiliar or untypical types of customer or transaction, etc.

Whenever there is cause for suspicion, the client will be asked to identify and verify the source or destination of the transactions, whether they be individuals or company beneficial owners.

Other forms of identity confirmation, such as evidence of a long standing relationship with the client, or a letter of assurance from independent and reliable persons or organisations, who have dealt with the client for some time, may also provide a reasonable level of certainty.

Where there are any reasonable grounds for suspicion that existing business relations with a customer are connected with ML or TF, and where the Company considers it appropriate to retain the customer, (i) 
the Company shall substantiate and document the reasons for retaining the customer; and (ii) the customer’s business relations with the Company shall be subject to commensurate risk mitigation measures, including enhanced ongoing monitoring and enhanced CDD measures, which shall include obtaining the approval of the Company’s director/senior management to retain the customer.

For the record-keeping purposes, the Company will document its findings with a view to having its own records, as well as making this information available to the relevant authorities (should the need arise).

7.8. Triggers for Monitoring the Existing Customers Accounts

Due to the customer's activity (large amounts, splitting of amounts, frequency of transactions, unusual operations, destination of transactions, final recipient, the actual activity is not commensurate with the declared activity, etc.), specially developed triggers should be triggered/activated. When a trigger is triggered/activated, the client’s risk and fraud level increases automatically. This applies to all customers without exception.

The client base of the Company is under ongoing monitoring, from time to time it is completely checked by the relevant Sanctions / PEP databases and reviewed appropriately.

We will also check the Google search for the name and surname of the customer, as well as in his/her country for the presence of possible negative information about the potential customer.

Examples of negative information: criminal history, involvement in the arms trade, drug trafficking, participation in hostilities as part of illegal armed groups etc., as well as any other illicit activities that are prohibited/restricted in accordance with our internal established policies.

We will check the customer documents for validity in databases to check if any of the triggers are activated, the information correlates, or there are any other doubts on the data accuracy and correctness, to be analysed and dealt for our further procedures.

Triggers of Data Inconsistency:

• IP address changed and does not match the customer’s country or the payment carried out to or from a higher risk country;
• IP is blacklisted;
• the customer's country does not match the country code of the phone number;
• the customer uses anonymizers;
• the repeated registration of an existing customer took place.
• abnormal size or frequency of transactions;
• a series of transactions conducted with the intent to avoid reporting thresholds;
• a request to make a payment to or from a person on a sanctions list, etc.

Also, the Company will resort to using the fraud prevention tools as follows:

MaxMind system - MaxMind fraud tool which allows and looks at parameters such as Overview of transactions, RiskScore, Device tracking, Inputs and Outputs of transaction, Custom Rules, Custom Inputs, Service comparison & Fraud factors such as identity patterns of fraud transactions specific to the business in all type of amount and use subscore to define rules and disposition transaction, or as part of internal risk modelling.

Also, the system will be integrated with Geolocation, which will look at such features as sanctions and high-risk countries and cities. Each subscore will give a numerical assessment of the risk associated with factors based on the analysis of historical transactions across the fraud network and other relevant data provided as part of the query. We will control the limits of transactions, i.e. we put on the red flag when the transaction is not in the standard min-max range of this merchant and his industry. In addition, the subscore and fraud factors include all of the data provided by fraud insight.

Seon Technologies - assists in reducing chargeback overheads and resources lost to fraudulent buyers and protecting legitimate customers; takes control of fraud management by removing threats, bad merchants, and fraudsters from the equation, that enables stronger merchant relationships and protects in processing more payments.

In case of any doubts on the customer or the data accuracy arising out of the ongoing monitoring information verification, the AML/CTF Compliance Person should act as follows:

• not continue or suspend business relations with a customer;
• consider filing a STR in accordance with applicable laws and regulations.

7.9. Screening

A sanctions search is part of our CDD requirements. Sanctions screening is a control used in the detection, prevention and disruption of financial crime and, particularly, sanctions risk.

There is a separate but related sanctions regime that imposes restrictions on our ability to do business with those persons and entities on sanctions lists worldwide.

Some entries on the list are specific to a particular person or entity and others are general financial sanctions on all persons and entities in a particular jurisdiction.

Breaching the sanctions regimes would have serious consequences for the Company.

So, the analysis of sanctions risk must be an integral part of the CDD we undertake at the outset of any business relationship commencement and/or payment transaction.

The sanctions screening will be performed in order to receive information about our customers regarding economic, financial, trade sanctions, targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, any crime or fraud, whether the customer is from non-cooperative countries and territories, whether he/she is listed in any consolidated lists, to check the debarred parties, blocked officials, to check any threats to the security and AML/CTF compliance. The sanctions screening is conducted both under the onboarding process and in ongoing monitoring procedures of the existed customers. The customer risk profile will serve as a baseline for assessing activities, including potentially suspicious activity.

The Company will document all the screening and assessment results collected for the Company’s record-keeping.

Also, as envisaged in the “11. Wire Transfers & their Screening” section below, the Company shall screen all wire transfer originators and wire transfer beneficiaries against lists and information provided by the FINTRAC and any other relevant authorities in Canada for the purposes of determining if there are any ML/TF risks. The transaction screening will be carried out on a real-time basis (e.g., carry out the filtering of relevant payment instructions before the transaction is executed).

The Company will perform the following:

• screen the ML/TF information sources and databases used to identify adverse information on individuals and entities, as well as lists and information provided by the FINTRAC and relevant Canadian authorities;
• the AML/CTF compliance officer and relevant employees involved in the screening will review and (where applicable) dismiss alerts, maintain and update the various screening databases and escalating hits;
• review the established screening rules on a regular basis and when there are any updates necessary to be introduced and/or changed as appropriate, but at least annually;
• the screening procedure will take place periodically and in the following cases: we will screen the customer, natural persons appointed to act on behalf of the customer, beneficial owners of the customer, connected parties of the customer against ML/TF information sources and sanctions under following circumstances:
• when establishing business relations with a customer;
• on a periodic basis after establishing business relations with the customer;
• when there are any changes or updates to: (i) the lists and information provided by the FINTRAC or other relevant authorities in Canada to the Company; (ii) the natural persons appointed to act on behalf of a customer, connected parties of a customer or beneficial owners of a customer.
• the screening process takes into account including (but not limited to) the following:
• changes in the customer status (e.g. whether over time the customer would fall under sanctions, embargoes, prohibitions/restrictions);
• changes in the customer risks (e.g. the customer’s beneficial owner, connected party, or an attorney (natural person appointed to act on behalf of the customer) over time can become subsequently a PEP or fall under higher ML/TF risks);
• changes in the customer's location/jurisdiction (e.g., different IP; the customer over time has moved to the other country that falls under higher ML/TF risks or high level of corruption and low level of legal regulations & enforcement)
• changes in the customer’s activity/transactions, product/services (e.g., uncharacteristic transactions which are not in keeping with the customer’s known activities; the documents, data or information held evidencing the customer’s identity or transactions activity became to differ from the initially declared ones)

  The customer’s ID information is entered into the Company’s customer database for periodic name screening purposes, as this contributes to the prompt identification whether our existing customers have subsequently fallen under higher risk positions.

  Whenever there is cause for suspicion, the client will be asked to identify and verify the source or destination of the transactions, whether they be individuals or company beneficial owners. Other forms of identity confirmation, such as evidence of a long standing relationship with the client, or a letter of assurance from independent and reliable persons or organisations, who have dealt with the client for some time, may also provide a reasonable level of certainty.

  In such cases the AML/CTF compliance officer fills out a report and informs the director/senior management. According to the data, the Company will assess the changes and determine whether to apply appropriate ML/TF risk mitigation measures (e.g., enhanced CDD measures) to such customer.

• checkup regarding the positive hits:
• check the customer automatically in the databases in accordance with the competent authorities (FINTRAC, the UN, EU, UK, OFAC, and any other relevant credible source). Record the results. In the case of a positive result, fill out a report and contact the AML/CTF compliance officer, as well as the Board/the senior management.

  The automatic screening process will take into account the Company’s nature, size and risk profile (e.g., if application of the fuzzy matching calibrated to the Company’s risk profile is likely to result in the generation of an increased number of apparent matches, the Company’s employees and officers will need to have access to CDD information to enable them to exercise their judgment in identifying true hits).

• where there are any escalating/high-risk triggers, the Company shall:
• for a new customer: (i) refuse to on-board such customer; and (ii) consider filing a report to the competent authority without delay as soon as practicable;
• for an existing customer: (i) reject the transaction and/or block the customer's assets; and (ii) consider filing a report with the competent authority without delay as soon as practicable
• where there are positive hits regarding the designated persons and entities which are included in the sanctions lists, the Company shall:
  • freeze immediately, without delay and without prior notice, the funds or other assets of designated persons and entities that the Company has control over, so as to comply with applicable laws and regulations in Canada, as well as pursuant to the UNSCR 1373 (2001) which obligates to take freezing action and prohibit the dealing in funds or other assets of designated persons and entities, without delay;
  • report any such assets promptly to the relevant authorities and file a STR.

The Company will use the sanctions and high-risk jurisdictions lists for check-up procedures. The Company implemented appropriate arrangements and alerts to perform screening of its customer database when there are changes to the lists of sanctioned individuals/entities.

The Company will comply with Canadian sanctions which are imposed under the United Nations Act (UNA), the Special Economic Measures Act (SEMA) or the Justice for Victims of Corrupt Foreign Officials Act (JVCFOA).

Further is also represented a non-exhaustive databases of targeted lists (including Canada and other sources) that the Company should watch:

• Canada:
• Current sanctions imposed by Canada
• Justice for Victims of Corrupt Foreign Officials Act
• UN sanctions lists - e.g., https://scsanctions.un.org/search/
• FATF (e.g., high risk jurisdictions list) - http://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/?hf=10&b=0&s=desc(fatf_releasedate)
• UK (HM Treasury's consolidated list) - https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets;
• EU sanctions list: European Union External Action (Consolidated list of persons, groups and entities subject to EU financial sanctions) - https://eeas.europa.eu/headquarters/headquarters-homepage_en/8442/Consolidated%20list%20of%20sanctions ;
• EU sanctions list (regimes, persons, entities) - https://www.sanctionsmap.eu/#/main;
• US sanctions (e.g., OFAC) - https://www.treasury.gov/resource-center/sanctions/Pages/default.aspx

7.10. Simplified Customer Due Diligence (SCDD)

To the extent permitted by national legislation, the Company may apply SCDD measures in situations where the ML/TF risk associated with a business relationship has been assessed as low, supported by the Company’s adequate analysis of risks, based on the risk factors (a risk-based approach).

Taking into account the risk-based approach and low ML/TF risks assessment, potentially lower ML/TF risk may be attributed, e.g., to a Government entity; or a government-regulated entity; or a financial institution incorporated or established outside Canada that is supervised for compliance with AML/CTF requirements in consistency with FATF standards.

SCDD is not an exemption from any of the CDD measures; however, the Company may adjust the amount, timing or type of each or all of the CDD measures in a way that is commensurate to the low risk the Company has identified.

The Company is required, when applying the SCDD procedure, to obtain sufficient information for determining the reasonableness of assigning the client to the category of the low-risk of illicit income legalization.

Where applicable - if the Company is satisfied with the ML/TF risks as low and applies SCDD measures, it will be still required to perform ongoing monitoring of business relations and transactions, as well as screen the customer, to ensure compliance with applicable laws and regulations in Canada, including sanctions regulation.

Where so assessed and applicable, the Company can apply the SCDD procedure that is commensurate with the low risk of illicit income legalization, including to:

• Reduce the frequency of updates of the identification/verification data of the client and the beneficial owner;
• Reduce the frequency of implementing the requirements based on the reasonable monetary threshold, in particular: to reduce the scrutiny of transactions when established that the conducted operation (transaction) is consistent with their knowledge of the client, client’s business or personal activity and risk profile and where necessary the source of property (including funds);
• Establish the purpose and intended nature of the business relationship based not only on the information provided by the customer about the undertaken transactions (operations), but also by inferring this from the type of transactions.

In case if the Company performs SCDD measures, it shall document the details of its risk assessment and the nature of the SCDD measures, for the Company’s record-keeping purposes.

The Company shall not perform SCDD, if:

• if a customer/customer’s beneficial owner is from/in a country/jurisdiction in relation to which the FATF has called for countermeasures;
• if a customer/customer’s beneficial owner is from/in a country/jurisdiction with inadequate AML/CTF measures;
• if the Company suspects that ML/TF is involved;
• if one or more transactions executed by the Company for a customer (other than transactions executed by the Company to transfer funds from the customer’s account directly to that customer’s bank account, as not applicable) in any one year period cumulatively exceeds C$10,000; (as “linked transactions” aggregated in a single transaction, as stated in p.7.1 above hereof);
  In this regards, if a customer’s bank account is opened in a country/jurisdiction with inadequate AML/CTF measures (as determined by the Company or notified by the FINTRAC or other foreign regulatory authorities), any transaction executed by the Company to transfer funds from the customer’s account directly to that customer’s bank account shall be included in the calculation of the cumulative limit)

7.11. Enhanced Customer Due Diligence (ECDD)

In case of higher ML/TF risks identified by the Company, it shall perform ECDD measures to mitigate and manage those risks.

The Company (AML/CTF compliance officer/authorized employee) is required, in addition to implementing the requirements provided for standard identification process described herein to apply the enhanced identification/verification procedure with respect to the customer that may pose the high risk of illicit income legalization and ML/TF risk, in particular to:

• Verify the existing and/or obtain additional information about the customer and the beneficial owner (income, assets and activity) and to ensure, where appropriate, the immediate access to such information;
• Update the identification data of the customer/the beneficial owner more frequently and verify the authenticity of the documents submitted by the customer;
• Verify the existing and/or obtain additional information about the purpose and intended nature of the business relationship;
• Take reasonable measures to obtain the information about the source of funds or wealth of the customer/the beneficial owner;
• Verify the existing and obtain additional information about the reasons and grounds for performed (intended) transactions (operations);
• Obtain the approval of the Board/senior management to continue the business relationship;
• Conduct the enhanced monitoring of the business relationship, which includes increasing the number and timing of controls applied and selecting patterns of transactions (operations) that need further examination.

The Company carries out necessary and appropriate measures and obtain additional information to ensure that the risk identified is effectively managed, including, by determining the expected type and size of future transactions (operations).

7.12. Due Diligence Requirements and Screening for PEPs.

We will identify whether a customer or his / her beneficial owner, or a relative, or close associate of such a customer, belongs to the category of politically exposed persons and heads of international organizations (hereinafter together as PEPs).

Our Company does not establish business relationships with PEPs, under on-boarding procedures. However, existing clients sometimes become PEPs after they enter a business relationship, so we will monitor non-PEP accounts for a change in the PEP status, customer profile or account activity and update customer information. Under the on-boarding procedure we will notify our customers about non-cooperation with PEPs.

We will use monitoring procedures based on which we ensure obtaining respective information from the customer, as well as from public sources and respective electronic databases for the purpose of ascertaining and verifying Politically Exposed Persons.

1). Definition of PEPs

Pursuant to the Financial Action Task force (FATF) Recommendations and Proceeds of Crime (Money Laundering) and Terrorist Financing Act and associated Regulations, our Company defines the PEP as an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognised that many PEPs are in positions that potentially can be abused for the purpose of committing ML offences and related predicate offences, including corruption and bribery, as well as conducting activity related to TF.

PEPs (and their close links) that fall under and/or relate to the PEP definition include the following:

• PEPs:
• heads of State, heads of government, ministers and deputy or assistant ministers, head of a government agency, deputy minister or equivalent rank;
• Head of an international organization;
• members of parliament or of similar legislative bodies;
• members of the governing bodies of political parties;
• judge of an appellate court in a province, the Federal Court of Appeal or the Supreme Court of Canada;
• members of courts of auditors or of the boards of central banks;
• ambassadors, chargés d'affaires and high-ranking officers in the armed forces;
• military officer with a rank of general or above;
• president of a corporation that is wholly owned directly by Her Majesty in right of Canada or a province;
• members of the administrative, management or supervisory bodies of State-owned enterprises;
• directors, deputy directors and members of the board or equivalent function of an international organisation.

No public function referred to in points mentioned above shall be understood as covering middle-ranking or more junior officials.

• Family members of PEPs:
• the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person;
• the children and their spouses, or persons considered to be equivalent to a spouse, of a politically exposed person;
• the parents of a politically exposed person.
• Close associates/links of PEPs:
• natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations, with a politically exposed person;
• natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person.

The following definitions, which do not cover middle ranking or more junior officials are identified as follows:

• Foreign PEPs: individuals who are or have been entrusted with prominent public functions by a foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials. Once a person is determine as a foreign PEP, they remain a foreign PEP forever (including deceased foreign PEPs).
• Domestic PEPs: individuals who are or have been entrusted domestically with prominent public functions, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. A person ceases to be a domestic PEP 5 years after they have left office or 5 years after they are deceased.
• International organisation PEPs: persons who are or have been entrusted with a prominent function by an international organisation, refers to members of senior management or individuals who have been entrusted with equivalent functions, i.e. directors, deputy directors and members of the board or equivalent functions.
• Family members: individuals who are related to a PEP either directly (consanguinity) or through marriage or similar (civil) forms of partnership.
• Close associates: individuals who are closely connected to a PEP, either socially or professionally.
• A Head of an international organization: a person who currently holds or has held within the last 5 years the specific office or position of head of an international organization and the international organization that they head or were head of is either: an international organization established by the governments of states or an institution established by an international organization.

2). Detecting Misuse of financial services by the PEP – Red Flags for Suspicion

Specific behaviour and individual characteristics that may indicate that an existing customer became a PEP or cause a suspicion:

• Use of corporate vehicles (legal entities and legal arrangements) to obscure ownership, involved industries or countries;
• The PEP seems generally uncomfortable to provide information about source of wealth or source of funds. The information that is provided by the PEP is inconsistent with other (publicly available) information, such as asset declarations and published official salaries.
• The PEP is unable or reluctant to explain the reason for doing business in Canada (where our Company is registered) or his/her associated country (whichever applicable).
• The PEP provides inaccurate or incomplete information.
• The PEP seeks to make use of the services of the Company that would normally not cater to foreign or high value clients.
• Funds are repeatedly moved to and from countries to which the PEPs does not seem to have ties with.
• The PEP is or has been denied entry to the country (visa denial).
• The PEP is from a country that prohibits or restricts its/certain citizens to hold accounts or own certain property in a foreign country.
• Use of corporate vehicles without valid business reason.
• Use of intermediaries when this does not match with normal business practices or when this seems to be used to shield the identity of PEP.
• Use of family members or close associates as legal owner(s).

A connection with a high risk industry may raise the risk of doing business with a PEP. Examples of higher risk industries are:

• Arms trade and defence industry;
• Banking and finance;
• Businesses active in government procurement, i.e., those whose business is selling to government or state agencies;
• Construction and infrastructure/large infrastructure;
• Human health activities;
• Mining and extraction;
• Privatisation;
• Provision of public goods;
• Dealing in precious metals and precious stones, or other luxurious goods;
• Dealers in luxurious transport vehicles (such as cars, sports cars, ships, helicopters and planes);
• High end real estate dealers.

ECDD measures for an existing customer that became a PEP after establishing business relationship will include the ECDD procedures as described above hereof and may include not limited to, as follows:

• obtaining additional information on the customer;
• obtaining additional information on the intended nature of the business relationship, and on the reasons for intended or performed transactions;
• obtaining information on the source of funds or source of wealth of the customer;
• conducting enhanced monitoring of the business relationship, potentially by increasing the number and timing of controls applied, and identifying patterns of transactions that warrant additional scrutiny.

conducting enhanced monitoring of the business relationship, potentially by increasing the number and timing of controls applied, and identifying patterns of transactions that warrant additional scrutiny.

The applied lists will include: denied persons list (DPL), foreign sanctions evaders (FSE), specifically designated nationals (SDN), HMT financial sanctions lists, and other lists.

It is obligatory to continuously / on an ongoing basis monitor customers to identify new PEP. If and once the PEP matches for our existing customers are detected, our AML/CTF compliance officer will immediately put it into internal records, report to the senior management and decide on suspension/termination of the business relationship.

The databases we will use to detect a PEP are Regulatory Lists/ Government-issued Lists, Sanctions Lists as indicated in this policy above and databases as follows:

• https://namescan.io/
• https://www.dilisense.com
• https://www.un.org/securitycouncil/content/un-sc-consolidated-list https://www.treasury.gov/resource-center/sanctions/Pages/default.aspx
• https://eeas.europa.eu/topics/sanctions-policy/8442/consolidated-list-of-sanctions_en
• https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets
• www.sanctionssearch.com; https://sanctionssearch.ofsi.hmtreasury.gov.uk

Thus, e.g., through the namescan.io sanctions check database we can screen the PEP multi-territory list, that covers:

• UNITED NATIONS SANCTIONS (UN)
• US CONSOLIDATED SANCTIONS
• OFAC - SPECIALLY DESIGNATED NATIONALS (SDN)
• EU FINANCIAL SANCTIONS
• UK FINANCIAL SANCTIONS (HMT)
• AUSTRALIAN SANCTIONS (DFAT)
• SWITZERLAND SANCTION LIST - SECO
• INTERPOL WANTED LIST
• WORLD BANK - INELIGIBLE FIRMS AND INDIVIDUALS LIST
• CONSOLIDATED CANADIAN AUTONOMOUS SANCTIONS LIST
• BUREAU OF INDUSTRY AND SECURITY (US)
• DEPARTMENT OF STATE, AECA DEBARRED LIST (US)
• DEPARTMENT OF STATE, NONPROLIFERATION SANCTIONS (US)
• OTHER LISTS

7.13. Other Higher Risk Categories

The Company will implement appropriate internal risk management procedures and controls to determine if business relations for any customer present a higher risk for ML/TF.

The customer presents and/or may present a higher risk for ML/TF (not limited to):

• if a customer/customer’s beneficial owner is from/in a country/jurisdiction in relation to which the FATF has called for countermeasures;
• if a customer/customer’s beneficial owner is from/in a country/jurisdiction with inadequate AML/CTF measures.

The Company will perform ECDD for such customers as well as for the PEP customers, as such that present a higher risk for ML/TF so that to manage and mitigate any higher risks.

8. No Issuance of Bearer Negotiable Instruments and Certain Cash Payouts

The Company will not:

• (i) make any payment for any sum of money in the form of a bearer negotiable instrument to any recipient;
• (ii) pay any cash in an amount that is equal to or exceeds C$10,000 to any recipient,

in respect of:

• a payment transaction received from another country/jurisdiction to Canada in the course of providing a cross-border money transfer service;
• a payment transaction received in the course of providing a domestic money transfer service;
• or (if and where applicable) foreign-exchange transaction that supports transaction processing, or cross-border money transfer, domestic money transfer.

9. No Correspondent Accounts for Shell Banks

We will not have / open any foreign bank accounts and any such account that is a correspondent account (any account that is established for a foreign bank to receive incomings from, or to make payments or other disbursements on behalf of, the foreign bank, or to handle other financial transactions related to such foreign bank) for shell banks and/or any financial institution.

We will not cooperate with shell banks and shell financial institutions.

Likewise, we do not open or maintain, or cooperate with private banking accounts, pursuant to our company business activities and policies.

10. No Agency Arrangements

• The Company will not appoint any agent acting under guidance of the Company to assist in the service provision of service.
• The Company will carry on its business activity by itself.

11. Wire Transfers & their Screening

The Company shall screen all wire transfer originators and wire transfer beneficiaries against lists and information provided by the FINTRAC and any other relevant authorities in Canada for the purposes of determining if there are any ML/TF risks.

The transaction screening will be carried out on a real-time basis (e.g., carry out the filtering of relevant payment instructions before the transaction is executed).

Wire transfers include all forms of electronic transmission including, but not limited to, email, facsimile, short message service or other means of electronic transmission for payment instructions. When the Company sends/receives funds by wire transfer on the account of the wire transfer originator or beneficiary (not when there is a transfer and settlement between the Company and the other financial institution where the Company and the other financial institution are acting on their own behalf as the wire transfer originator and beneficiary), it shall apply procedures as stipulated below.

Apart from that, the Company will monitor payment messages to and from higher risk countries/jurisdictions, as well as transactions with higher risk countries/jurisdictions and suspend or reject payment messages or transactions with sanctioned participants or countries/jurisdictions. Where there are positive hits arising from name screening checks, they will be escalated to the AML/CTF compliance function. The decision to approve or reject the receipt or release of the wire transfer will be made at an appropriate level and documented for the Company’s record-keeping purposes.

11.1. Responsibility of the Ordering Institution

1) Identification and recording of information

Before effecting a wire transfer, when the Company is an ordering institution it shall:

• identify the wire transfer originator and take reasonable measures to verify its identity, as the case may be (if it has not already done so (if it may be applicable) under the CDD measures); and
• record adequate details of the wire transfer so as to permit its reconstruction, including but not limited to, the date of the wire transfer, the type and amount of currency transferred and the value date.

2) Cross-border wire transfers below or equal to $1,000

In a cross-border wire transfer where the amount is below or equal to $1,000, when the Company is an ordering institution it shall include in the message or payment instruction that relates to the wire transfer the following:

• the wire transfer originator’s name and account number;
• the wire transfer beneficiary’s name and account number.

3) Cross-border wire transfers exceeding $1,000

In a cross-border wire transfer where the amount exceeds $1,000, when the Company is an ordering institution it shall identify/verify the wire transfer originator (if it has not already done so (if it may be applicable) under the CDD measures), and include in the message or payment instruction that relates to the wire transfer the following information:

• the wire transfer originator’s name and account number;
• the wire transfer beneficiary’s name and account number;
• as well as any of the following:
• the wire transfer originator’s (i) residential address or (ii) registered or business address, and if different, principal place of business; [or]
• the wire transfer originator’s unique ID number (e.g., ID card No., birth certificate No. or passport No., or where the wire transfer originator is a legal entity, the incorporation No. or business registration No.); [or]
• the date and place of birth, incorporation or registration of the wire transfer originator (whichever applicable).

4) Domestic wire transfers

In a domestic wire transfer, when the Company is an ordering institution it shall:

either

• include in the message or payment instruction that relates to the wire transfer the following:
• the wire transfer originator’s name and the account number;
• as well as any of the following:
• the wire transfer originator’s (i) residential address or (ii) registered or business address, and if different, principal place of business;
• the wire transfer originator’s unique ID number (e.g., ID card No., birth certificate No. or passport No., or where the wire transfer originator is a legal entity, the incorporation No. or business registration No.);
• the date and place of birth, incorporation or registration of the wire transfer originator (whichever applicable)
  or
• include only the wire transfer originator’s account number, provided (i) that these details will permit the transaction to be traced back to the wire
transfer originator & beneficiary; (ii) the ordering institution shall provide the wire transfer originator information as set out herein (in this paragraph 4) within 3 business days of a request for such information by the beneficiary institution, FINTRAC or other relevant authorities in Canada; and (iii) the ordering institution shall provide the wire transfer originator information as set out herein (in this paragraph 4) immediately upon request for such information by law enforcement authorities in Canada.

As the ordering institution, the Company will document all collected wire transfer originator and beneficiary information, for its record-keeping purposes.

11.2. Responsibility of the Beneficiary Institution

The Company that is a beneficiary institution shall perform monitoring to identify cross-border wire transfers that lack the required wire transfer originator or beneficiary information.

• For cross-border wire transfers where the beneficiary institution pays out funds in cash or cash equivalent to the wire transfer beneficiary in Canada, a beneficiary institution shall identify/verify the wire transfer beneficiary (if it has not already done so (if it may be applicable) under the CDD measures);
• When the Company is a beneficiary institution, it shall implement appropriate internal risk-based procedures in order to determine:
• when to execute, reject, or suspend a wire transfer lacking required wire transfer originator or beneficiary information; [and]
• the appropriate follow-up actions.
• For the Company when it controls both the ordering institution and the
beneficiary institution, it shall:
• take into account all the information from both the ordering and the beneficiary institutions in order to determine whether an STR has to be filed; [and]
• where applicable, file an STR in any country affected by the suspicious wire transfer, and report it to the relevant authorities.

12. Suspicious Transaction & Activity Reporting

12.1. Tipping off

The Company shall establish a single reference point within the Company to whom all

employees and officers are instructed to promptly refer all transactions suspected in ML/TF, for possible referral to the FINTRAC via STRs, TPR.

The company will provide other reports under PCMLTFA and its associated Regulations and FINTRAC reporting guidance when it`s necessary.

12.2. In-house reporting of AML non-compliance

Involved employees will promptly report any potential violations of the Company’s AML/CTF policy to the AML/CTF compliance officer, unless the violations implicate the AML/CTF compliance officer, in which case the employee shall report to the Board/Senior management of the Company. Such reports will be confidential, and the employee will suffer no retaliation for making them.

12.3. STR

Pursuant to subsection 9(2) of the Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction Reporting Regulations, The Company shall send the report to the FINTRAC as soon as practicable after they have taken measures that enable them to establish that there are reasonable grounds to suspect that the transaction or attempted transaction is related to the commission of a money laundering offence or a terrorist activity financing offence."

These measures include:

• screening for and identifying suspicious transactions;
• assessing the facts and context surrounding the suspicious transaction;
• linking ML/TF indicators to your assessment of the facts and context; and
• explaining your grounds for suspicion in an STR, where you articulate how the facts, context and ML/TF indicators allowed you to reach your grounds for suspicion

After completing the measures that enabled us to determine that we have reasonable grounds to suspect (RGS) that a transaction is related to the commission of an ML/TF offence, we will submit an STR to FINTRAC as soon as practicable (a time period that falls in-between immediately and as soon as possible, within which a suspicious transaction report (STR) must be submitted to FINTRAC). The completion and submission of the STR should take priority over other tasks. In this context, the report must be completed promptly, taking into account the facts and circumstances of the situation.

The Company in accordance to Section 7 and 7.1. of the PCMLTFA will report to the Centre every financial transaction that occurs or that is attempted in the course of their activities and in respect of which there are reasonable grounds to suspect that

12.4. Terrorist Property Report (TPR)

In accordance to 7.1.1. of the PCMLTFA Every person or entity referred to in section 5 that is required to make a disclosure under section 83.1 of the Criminal Code or under section 8 of the Regulations Implementing the United Nations Resolutions on the Suppression of Terrorism shall report to the Centre in accordance with the regulations.

The Company will submit a TPR to FINTRAC immediately (In respect of submitting a Terrorist Property Report (TPR), the time period within which a TPR must be submitted, which does not allow for any delay prior to submission).

12.5. Electronic funds transfers

When the Company send or receive instructions to transfer C$10,000 CAD or more internationally, either in a single transaction or in multiple transactions, within a 24-hour period the Company will submit a report within 5 business days. The company will use FINTRAC web reporting system to send non-SWIFT Electronic Funds Transfer Reports. The Company will send SWIFT EFT reports to FINTRAC electronically by using Batch reporting mechanism.

The detailed description about reporting described in Regulatory reporting procedures of the company.

12.7. 24-hour rule

Throughout the above reporting, the Company keeps 24-hour rule - the requirement to aggregate multiple transactions when they total $10,000 or more within a consecutive 24-hour window and the transactions are:

• conducted by the same person or entity;
• conducted on behalf of the same person or entity (third party), or
• for the same beneficiary (person or entity).

All transactions that total $10,000 or more within a consecutive 24-hour window are to be reported to FINTRAC in a single report. This means that all transactions at or above the $10,000 threshold that occur in the same 24-hour window must be included in the report and should not be reported separately.

13. Record-Keeping

Records of the CDD information covering the business relations, all wire transfers/transactions, account files, as well as business correspondence and results of any undertaken analysis, will be maintained for a period of at least 5 years following the termination of such business relations or completion of such wire transfers/transactions.

Data, documents and information relating to a transaction, including any information needed to explain and reconstruct the transaction, will be maintained for a period of at least 5 years following the completion of the transaction.

The Company will ensure that all documents, data or information held in evidence of customer identity are kept up to date.

All records will be handled in confidence, stored securely, and will be capable of being retrieved without undue delay.

We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process, if any.

We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date.

We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date.

The records will be kept in order to: (i) meet the law requirements; (ii) be able to reconstruct any individual transaction undertaken by the Company (including the amount and type of currency involved) so as to provide, if necessary, evidence for prosecution of criminal activity; (iii) make the documents available to the FINTRAC, CRA (if necessary) or other Canadian relevant authorities and the internal and external auditors for review of the Company's business relations, transactions, records and CDD information.

We will keep a copy of every report that we submit to FINTRAC as a record.

14. Functions of the Company focused on the AML/CTF measures

14.1. Compliance Management Function

The Company developed appropriate compliance procedures and appointed the AML/CTF compliance officer (as a part of the organizational structure) to coordinate the AML policies and procedures of the Company.

AML/CTF Compliance Officer

Our AML/CTF compliance officer has a working knowledge of the regulatory and legislative requirements and its implementing regulations and is qualified by experience, knowledge and training. AML/CTF compliance officer reports to the Board of the Company.

The duties of the AML/CTF compliance officer will include an ongoing monitoring of the Company’s compliance with AML obligations, overseeing business relations, as well as communication and training for employees. The AML/CTF compliance officer will also ensure that the Company keeps and maintains all of the required AML/CFT records and will ensure that Suspicious Transaction Reports (STRs) are filed with the STRO when appropriate. The AML/CTF compliance officer is vested with full responsibility and authority to enforce the Company’s AML/CTF procedures and measures.

The responsibilities and tasks of the Company’s AML/CTF compliance officer include, but are not limited to, as follows:

• To develop and implement the Company's compliance strategy to meet the regulatory requirements; to maintain and enhance detailed policies and procedures related to the AML/CTF, KYC, and risk assessment process, and ensure compliance manuals regular updates, as appropriate;
• To conduct the Company ML / TF and sanctions risk assessments; to assess the AML risks linked to the Company's client portfolio and conduct the daily transaction monitoring thereof;
• To ensure the Company’s compliance with the FINTRAC Guidelines on AML/CTF rules PCMLTFA and its associated Regulations and any other applicable and up-to-date legislature, as well as conducting monitoring activities within the payment services provision under the respective duties;
• To develop and update present risk assessment results to the senior management;
• To manage all aspects of client on-boarding and KYC processes and maintain the client records;
• To conduct detailed reviews of high/higher risk factors when the Company establishes business relationships with clients;
• To monitor relationships with clients in compliance with the AML procedures of the Company, including clients identification and verification;
• To analyze the information obtained through the customer identification and reveal the operations subject to monitoring;
• To suggest risk mitigation strategies to the Company’s business activity and other control functions, where necessary and appropriate;
• To review AML requirements and ensure implementation of AML systems and controls in accordance with the AML policies and procedures;
• To actively support and advise the senior management and relevant employees on the relevant regulatory developments and requirements;
• To record, systemize and file the compliance-relevant information in a documentary form;
• To make reports where necessary to the STRO; to assist with STR investigations by preparing case files for review (e.g. media search results, copies of statements/checks, Watch Lists reviewing, results from internal system searches, etc.);
• To continuously improve the framework, methodology, processes and reporting related to the compliance function of the Company;
• To gain a detailed knowledge of the Company’s customer base, products, services, transactions, geographies, business initiatives, processes, strategies and associated controls;
• To ensure that the risk assessment results are tracked in accordance with compliance standards;
• To routinely communicate and report the state of AML Compliance procedures and risks;
• When necessary, to arrange the targeted training to the staff considered to be the most likely to encounter money laundering;
• To arrange the overall internal procedures and controls to help prevent the money laundering and combat the terrorist financing, including audit, inspection, and compliance reviews at least annually and/or as and when needed.

14.2. Audit Function

The Internal auditor helps the Company to improve the business processes and efficiency of ML/TF measures. The internal auditor will (i) establish, implement and maintain audit measures to examine and evaluate the adequacy and effectiveness of the Company’s AML/CTF systems, internal control mechanisms and arrangements; (ii) issue recommendations based on the result of work carried out; (iii) verify compliance with these recommendations; (iv) report in relation to the internal audit matters to the senior staff and/or senior management.

The AF should be independent and have sufficient authority, stature and resources. The Company will ensure that the qualification of the AF’s staff, in particular its auditing tools and ML/TF risk analysis methods, are adequate for the Company’s size, location, as well as the nature, scale and complexity of the risks associated with the Company’s business model and activities.

The AF will, following a risk-based approach, independently review and provide objective assurance of the compliance of ML/TF procedures of the Company.

The AF will assess whether the Company’s internal ML/TF control framework is both effective and efficient.

The AF will also verify the integrity of the AML/CTF processes ensuring the reliability of the Company’s methods and techniques, and the assumptions and sources of information used in its internal models (e.g., risk modelling measurements). It will also evaluate the quality and use of qualitative risk identification and assessment tools and the risk mitigation measures taken.

The AF will have access to all the AML/CTF management relevant records, documents, information.

The AF will have access to all the AML/CTF management relevant records, documents, information.

14.3. Employee Hiring & Training & Testing

14.3. Employee Hiring & Training & Testing

All affected employees will be provided with training that explains the AML/CTF relevant legislation and regulations. All affected employees will be trained on their responsibilities in relation to ML legislation, and be aware of how to identify and deal with transactions that may involve ML.

We will develop ongoing employee training under the leadership of the AML/CTF compliance officer and Senior Management. The Company will provide an initial training for new employees, and apart from the initial training, the Company should also provide refreshing/repetitive training at least once every two years, or more regularly as appropriate, to ensure that employees and officers are reminded of their responsibilities and kept informed of new developments related to ML/TF

Training will be based on our Company’s size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.

Our training will include, at a minimum:

• how to identify & assess risk factors and signs of ML/TF that arise during the course of the employees’ duties;
• what to do once the risk is identified, including how, when and to whom to escalate unusual customer activity or other risk factors for analysis and, where appropriate, the filing of STRs;
• what employees' roles are in the Company's compliance efforts and how to perform them;
• the Company's record retention policy;
• the disciplinary consequences (including civil/criminal penalties) for non-compliance with the applicable law regulations;
• testing for understanding of the Company’s AML/CTF policies and procedures (annually on a calendar year basis, or more frequently if circumstances warrant), their obligations under relevant laws and regulations, and their ability to recognise suspicious transactions; where an independent third party is involved for training, we will evaluate the qualifications of such independent third party to ensure they have a working knowledge of applicable requirements under the applicable law and its implementing regulations. After the independent testing is completed: (a) the staff will report its findings to the Board/senior management, or to an internal audit committee (whichever applicable), (b) promptly address each of the resulting recommendations, (c) keep a record of how each noted deficiency (if any) was resolved.

We will develop training in our Company, or contract for it. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures and explanatory memos. As part of the employee conduct monitoring, we will subject employee accounts to the same AML procedures as customer accounts, under the supervision of the AML/CTF compliance officer.

We will maintain records to show the persons trained, the dates of training and the subject matter of their training.

We will review our operations to see if certain employees, such as those in compliance, require specialized additional training. Our written procedures will be updated to reflect any such changes.

The Company will maintain a record of all individuals who participated in the training.

The training material will be based on FINTRAC Guidance and other relevant materials.

15. Management Approval

The executive director of the Company has approved this AML/CTF policy in writing as reasonably designed to achieve and monitor our Company’s ongoing compliance with the requirements of the applicable law and the implementing regulations under it. This approval is indicated by signature below.