Anti-Money Laundering and Combating Financing of Terrorism Policy
23 March 2020
ITradeGroupMoney OÜ reg. No.14822680
ITradeGroupMoney OÜ, a company registered in Estonia with it’s principal address at Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 7-132, 10145, hereinafter referred to as “ITradeGroupMoney”, places great emphasis on integrity and good governance and is committed to the highest standards of anti-money laundering (“AML”) and combating the financing of terrorism (“CFT” and, together with AML, “AML-CFT”) in line with the principles and standards of applicable Estonian and European uniоn legislation, best banking practices and applicable market standards including, where relevant, other international financial institutions’ standards.
This “Anti-Money Laundering and Combating Financing of Terrorism Policy” (“The AML-CFT Policy”) establishes the key principles regulating AML-CFT and related integrity aspects in activities of ITradeGroupMoney is complemented by detailed operational procedures implemented by ITradeGroupMoney for its respective daily operations.
Adherence to the AML-CFT Policy and its implementing procedures is the shared responsibility of all ITradeGroupMoney staff and members of governing bodies.
Terms used in this AML-CFT Policy have the following meanings:
Company: ITradeGroupMoney OÜ, reg. No. 14822680. Regulations: this AML-CFT Policy in its entirety, including annexes. AML-CFT Law: Money Laundering and Terrorist Financing Prevention Act of the Republic of Estonia passed 26.10.2017 together with the following EU Directives: Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC and modifications to it imposed by Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.
Business relationship: The relationship arising from the conclusion of a long term contract by an obligated economic or professional entity for the provision of a service during which the obligor undertakes, in the course of his or her service or professional activity, repeatedly separate transactions in its economic or professional activity. Client: A person in a business relationship with the Company or on an occasional basis. Obligated person: The person specified in § 2 of the Act. Politically exposed person: Person referred to in § 3 (11) of the Act. Family member: spouse or person treated as equivalent to spouse, child, child of a spouse or a person treated as equivalent to spouse, parent. Money laundering – means the proceeds of, or in lieu of, proceeds from criminal activities: Conversion or transfer if it when it is known that such property is derived from participation in criminal activities with a mean to disguising the illegal origin of property or assisting the person involved with legal consequences, acquisition, possession or use, if obtained, of which it is known that it is derived from criminal activity or participation in it. FIU – Financial Intellegence Unit which is an independent structural unit of the Police and Border Guard Board and performs the functions arising from the Law. Beneficial owner – means the natural person who ultimately owns or controls the legal entity through a direct or indirect holding of a sufficient number of shares, voting rights or ownership, including participation in the form of bearer shares or otherwise; Risk Appetite- a set of company risk levels and risk types. Contact Person a natural person working for the Company, whose duties inсlude contacting with FIU, monitoring of business relationships and transactions, and control over application of this Policy and the AML-CFT Law. AML Officer , an Anti-Money Laundering Program Compliance Person working for the Company who has the required knowledge and experience in assessing the risks of money laundering and terrorist financing. Responsible person – AML Officer and members of the Company’s Management Board. Virtual Currency – A virtual currency is a value in digital form that is digitally transferable, stored or tradable and accepted by natural or legal persons as a payment instrument, but which is not a legal tender or monetary instrument of any European Parliament and Council Directive (EU) 2015/2366 on the internal market, amending Directives 2002/65 / EC, 2009/110 / EC and 2013/36 / EU and Regulation (EU) No 1093/2010 and repealing Directive 2007/64 / EC (OJ L 337, 23.12.2015, p.) 35-127) within
the meaning of Article 4 (25) and a payment instrument or payment transaction within the meaning of Article 3 (k) and (l) of the same Directive Virtual Currency Wallet Service – A virtual currency wallet service is a service that generates or maintains Client encrypted keys that can be used to store and transfer virtual currencies; Employee – a person with whom ITradeGroupMoney has an employment contract.
ITradeGroupMoney AML-CFT Policy and its implementing procedures are intended to establish principles designed to prevent ITradeGroupMoney, its governing bodies, staff and counterparties from being used for, or connected with, Money Laundering, Financing of Terrorism or other criminal activities.
Adherence to the AML-CFT Policy also aims at preventing ITradeGroupMoney from being exposed to reputational damage and financial loss in relation to non-compliance with applicable AML-CFT standards. ITradeGroupMoney goals require compliance with AML-CFT Law to the extent that these are applicable to ITradeGroupMoney activities
This AML-CFT Policy is applicable to ITradeGroupMoney operations and activities, as detailed in the applicable implementing procedures in force.
4. Counterparty Due Diligence – Risk-Based Approach
ITradeGroupMoney applies the following counterparty due diligence measures, as determined on a risk-sensitive basis taking into account where relevant the type of counterparty, business relationship, product or transaction and country of operation1.
A) Identification and Verification of Identity of Counterparty
1 See Directive (EU) 2015/849 (Art. 13), as amended and supplemented from time to time
ITradeGroupMoney identifies and verifies the identity of the counterparties with which it enters into business relationships on the basis of documents, data or information obtained from reliable independent sources.
1. Identity must be identified for all individuals and their representatives who enter into a business relationship with ITradeGroupMoney. The personal knowledge or public awareness of the Client or its representative shall not be used as a reason for not complying with the identification obligations established by this Policy. 2. When establishing a business relationship with a client, the individual or legal representative of the client must be identified by their Banking card, ID-card, Mobile-ID, Smart- ID through means of communication that are accessible only to the client or the client’s representative via firstname.lastname@example.org or other unique e-mail and / or other means that ITradeGroupMoney are using for identification and verification. If there are no such documents or means of e-identification, the Client must provide ITradeGroupMoney with a copy of the identity document with the photo. Before making any transaction, an ITradeGroupMoney employee must verify in advance the identity of the person/representative and the existence of the right of representation. 3. In addition, the following information must be provided by the client (via e-mail or exchange platform form, unless stated below) : a) Individual resident : First and last name Identification number Name, number, date and authority of issue of the identity document Residential address Occupation or profession Contact phone number, email address b) Legal resident : Business name and registry code of the legal entity Postal address Field of activity Contact phone number, e-mail address Agent’s given name, surname, personal identification code or date of birth (if not on the registry card)
Basis for representation, in the case of an authorized person, a notarised power of attorney. c) Non-resident individual : first and last name Identity number and date and place of birth Travel document name, number, date and authority of issue of the document Address of residence and postal address Location address when creating a contact Occupation or profession Information whether the person performs or has performed important public functions or is a close associate or family member of the public authority (ie a person with public background within the meaning of the Money Laundering Scheme) Contact phone number and e-mail address Notarised copy of travel document’s picture page or residence permit. A copy must be sent by post. d) Non-resident legal entity: Business name and registry code of the legal entity Country of location, name and web address of the registry of country of location, corresponding printouts of the register’s extract. For CIS and offshore countries tax office certification is required. Beneficiary details of the transaction Postal address Business address Field of activity Details of the bank account (s) Contact phone number and email address Agent’s given name, surname, personal identification code or date of birth (if not on the registry card) Notarised document certifying the right of representation of an authorized person, which is legalised or authenticated by a certificate replacing legalization (apostille), if an international treaty provides so. The above mentioned documents must be sent by post.
If the Client’s transaction with a value in excess of 15 000 EUR, then the Client must submit ITradeGroupMoney a text copy or extract of utility bills of his/her residence / location, which must not be older than three months and showing the Client’s name and address. To verify the information collected, ITradeGroupMoney staff should use the available registers and information available on the Internet. High risk business relationships may require referral information or supporting documentation. If necessary, the employee will ask for more detailed information about the company’s operations, the purpose of the business relationship to be established. In the event of any doubt, the Client will be contacted by telephone on the basis of the data collected. For the duration ratio, the data collected shall be reviewed and, if necessary, updated at least every two years. A copy of the paper-based identification document will be identified by the ITradeGroupMoney employee who identified the person, their name, the date of identification and their signature. Identification data must be registered in ITradeGroupMoney’s computer system.
B) Identification of the risk profile of the individual Client, determination of the risk category 1. The employee is obliged to find out the profile of the self-employed Client and determine the risk category. 2. The risk category of the individual Client is determined on the basis of the Client’s residency and their actual beneficiaries. In determining the risk category of a non-resident natural person, account shall also be taken of whether the Client is politically exposed person, his/her family member, or his/her close associate. If the client is a politically exposed person, his/her family member, or his/her close associate, he or she is automatically placed in Category III. Category I – Low risk category Resident or non-resident natural person who is the actual beneficial owner Category II – Medium risk category Resident natural person who is not the actual beneficiary Category III – High risk category Resident and non-resident politically exposed person, his/her family member, his/her close associate
Non-resident natural person who is not the actual beneficiary. 3. The risk category is determined by the employee at the beginning of the Client relationship and during the Client relationship by adding the corresponding category to the Client data. 4. If the client falls into risk category III, enhanced due diligence measures must be taken. 5. If a business relationship with a high-risk (Category III) Client is established, the member of staff shall immediately inform the Contact person by e-mail or telephone as determined by the Management Board.
C) Identification of the Client profile of a legal person, determination of risk category 1. When establishing a business relationship, an ITradeGroupMoney employee is required to ascertain the legal profile of the Client and identify the risk profile of the legal entity. 2. The risk category shall be determined on the basis of the country in which the legal entity is domiciled, its area of activity and the transparency of the governance structure and the reputation of the legal entity. Category I – Low risk category A legal entity registered in the Republic of Estonia whose field of activity has been defined (except fish industry, construction and repair, wholesale trade and storage of fuel, wholesale trade of fuel, wholesale trade of timber, currency and / or payment, gambling, games of chance, casino); A legal entity incorporated in a Member State of the European uniоn or in Norway, Iceland, Switzerland, whose shares are publicly quoted and are not active in the fishing industry, construction and repair, wholesale trade and storage of fuel, retail trade in fuel, timber trading, currency exchange and / or payment institution, games of chance, casino; Government agencies, insurance institutions and pension funds, resident credit institutions, resident local governments, resident Central Bank, resident state social security fund, nonresident central governments, nonresident insurance institutions and pension funds, nonresident local governments, state social insurance fund, resident insurance and pension fund automatically fall into the low risk category. Category II – Medium risk category A legal entity incorporated in a Member State of the European uniоn or Norway, Iceland, Switzerland, whose shares are not publicly listed and whose activities are not in the fishing industry, construction and repair, wholesale trade and storage of fuel, retail trade in wood, timber, foreign exchange, games of chance, casino;
A legal entity registered in Estonia, whose field of activity is fishing industry, construction and repair, wholesale trade and storage of fuel, wholesale trade of fuel, wholesale trade of timber, currency and / or payment, gambling, gambling, casino; A legal entity incorporated in a Member State of the European uniоn or Norway, Iceland, Switzerland, whose shares are publicly quoted and engaged in the fishing industry, construction and repair, wholesale trade and storage of fuel, retail trade in wood, wholesale of timber, currency exchange and / or payment institution, gambling, game of chance, casino; Legal entity incorporated in Liechtenstein or third countries, whose shares are publicly listed and are not active in the fishing industry, construction and repair, wholesale trade and storage of fuel, wholesale trade in fuel, wholesale trade in timber, currency exchange and / or payment institution, gambling, game of chance, casino. Category III – High risk category Legal entities established in Liechtenstein or in third countries; A legal entity incorporated in a Member State of the European uniоn or Norway, Iceland, Switzerland and whose shares are not publicly listed and whose activity is fishing, construction and repair, wholesale trade and storage of fuel, retail trade in wood, wholesale of timber, currency exchange and / or payment institution, gambling, game of chance, casino. 1. If the client falls into risk category III, enhanced due diligence measures must be taken. 2. The risk category is determined by the ITradeGroupMoney employee at the start of the Client relationship and in the middle of the Client relationship by adding the corresponding category to the Client data. 3. If a business relationship with a high-risk (Category III) Client is established, the staff member shall immediately inform the Contact person by e-mail or telephone as determined by the Management Board. In addition, the Contact person must be informed if the company is engaged in the arms industry, arms sales or brokering activities.
D) Identifying a person during a Client relationship During the Client relationship, Client identification is required ITradeGroupMoney is afflicted with the exercise of the right to suspend or terminate the transaction if in the duration of the business relationship money
laundering is suspected, and the client does not submit the documents or information which is asked of him immediately. The suspicion of money laundering is assessed and the decision to suspend or terminate the transaction is made by the ITradeGroupMoney Management Board or Contact person.
E) Politically exposed persons detected in transactions 1. Politically exposed persons are persons listed in § 3 (11) of the Money Laundering Act who perform tasks assigned by national and international organizations and governments. 2. The Contact Person is responsible for identifying politically exposed persons from ITradeGroupMoney clients and potential clients, unless another person has been appointed by the ITradeGroupMoney Board. 3. Identifying a politically exposed person is possible; When interviewing a Client Using existing public or paid databases and Internet search engines, or making inquiries or verifying data through the websites of the authorities of the Client’s country of residence. 4. It is up to the ITradeGroupMoney Board or the Contact Person to decide whether to establish a business relationship with politically exposed person. If a business relationship is established with the Client and the Client later becomes a politically exposed person, then the Contact person must be informed in writing or in other format which can be reproduced in writing.
F) Low and High Risk Transactions 1. When conducting a transaction, the ITradeGroupMoney employee must assess the risk of money laundering and terrorist financing and sеlect and apply appropriate due diligence measures in accordance with the Policy. 2. The risk of money laundering and terrorist financing shall be assessed taking into account client risk and transaction risk. 3. The risk associated with a transaction is considered low if the following circumstances occur simultaneously: The benefits of the transaction cannot be realized by the client until one year after the transaction The transaction is not an urgent payment The contract concluded does not provide a buy-back clause for a Client
4. The following concurrent circumstances shall be used to identify and verify the identity of persons or clients specified in § 34 (2) 1) -6) of the Money Laundering and Terrorist Financing Prevention Act as low risk criteria: Client identification is possible based on publicly available information The Client’s ownership and control structure is transparent and stable The activities of the client and its accounting practices shall be transparent The Client is accountable and subject to control by an executive authority in Estonia or a Contracting Party to the Agreement on the European Economic Area, another public authority or a European Community body. 5. A client’s risk is considered high if the client is: Listed on the UN or EU list of persons subject to international financial sanctions The person who is the subject ITradeGroupMoney afflicted with prior suspicion related to money laundering or terrorist financing 6. The risk associated with a transaction is considered high if: The Client wants to make a transaction and is not convincing enough in explaining of the origin of money The transaction is with the Client, who was previously suspected by ITradeGroupMoney to be linked to money laundering or terrorist financing The transaction is to be made by cash payment When making a transaction, a transfer of money is requested to or through a third party 7. In the case of high-risk transactions, due diligence must be exercised. 8. Whenever an unusual transaction, act or circumstance occurs, it is the employee’s responsibility to analyse and compare the circumstances of the transaction with the characteristics of transactions suspected of money laundering and terrorist financing. The employee is obliged to verify the legal origin of the property before the transaction is carried out, at least if the transaction is unusual in terms of money laundering or terrorist financing given the Client relationship so far. 9. Due diligence measures should also be applied when low-risk transactions or Clients are suspected of money laundering or terrorist financing.
G) Application of simplified due diligence measures 1. Due diligence may be applied in a simplified manner under the following conditions:
In respect to the persons referred to in § 34 (2) 1) – 6) of the Money Laundering Act, or If the Client has a signed a long term contract or If the employee has no doubts about the accuracy of the information provided by the Client or the legal capacity of the Client, and If the employee has no suspicion of money laundering or terrorist financing related to the transaction, and If the transaction or Client risk can be considered low and If there was a previous business relationship with the Client established prior to the enactment of this Policy or the client has been identified after the enactment of this Policy, in accordance with the Policy. 2. In the application of simplified due diligence measures However, if the employee has any doubts about the accuracy of the information provided by the Client during the application of the simplified due diligence measures, the employee shall carry out additional checks. During additional verification, ITradeGroupMoney will call the Client to clarify the Client’s details and may ask other control questions. If the control cannot be performed or the control reveals that the client is unable to answer the control questions, then the client will not be dealt with. Simplified due diligence procedures are prohibited where there is a suspicion of money laundering or terrorist financing at any stage of the Client relationship. If , during the application of the simplified due diligence measures , the employee has suspicions of money laundering or terrorist financing, the employee shall inform the Contact person by telephone or e-mail.
H) Applying due diligence measures under enhanced procedures 1. The ITradeGroupMoney employee will apply due diligence when the nature of the situation involves a high risk of money laundering or terrorist financing. Enhanced due diligence measures must be applied if: The Client participating in the transaction has been identified and the information provided has been verified without being in the same location as the Client and
When verifying the identity or verifying the information provided, doubts arise as to the veracity of the information provided or the authenticity of the documents or the identification of the beneficial owner (s); and The Client involved in the transaction is a politically exposed person of another Contracting Party to the Agreement on the European Economic Area or a third country, a member of his family or a close associate, and Characteristics of higher risk transactions are present. 2. In the case of an enhanced due diligence obligation, at least one of the following enhanced maintenance measures shall be applied in addition to the normal due diligence measures: Identifying and verifying information provided by additional documents, data or information from a reliable and independent source or from a credit institution or branch of a foreign credit institution registered or domiciled in a Contracting Party to the Agreement on the European Economic Area or an equivalent country the Terrorist Financing Prevention Act and if the credit institution has the identity of the person in the same location as the person identified. Take additional measures to verify the authenticity of the documents submitted and the accuracy of the information contained therein, including by requiring them to be notarised or officially authenticated, or by authentication at the point of issue Making the first payment on a transaction through an account opened in the name of the person participating in the transaction with a credit institution registered or domiciled in a Contracting Party to the Agreement on the European Economic Area or a country having equivalent requirements under the Money Laundering and Terrorist Financing Prevention Act. 3. When an unusual transaction, act or circumstance is discovered, the employee is required to analyse and compare the circumstances of the transaction with the characteristics of transactions suspected of money laundering and terrorist financing. The employee is obliged to verify the legal origin of the property before the transaction is carried out, at least if the transaction is unusual in terms of money laundering or terrorist financing given the Client relationship so far. 4. For transactions with a higher degree of risk, the circumstances surrounding the transaction must be compared with the characteristics of transactions suspected of money laundering or terrorist financing and the Contact Person should be informed of the suspicions of money laundering and terrorist financing.
I) Establishment of Purpose of Business Relationship
ITradeGroupMoney takes reasonable measures to duly assess the purpose, intended nature, economic rationale and overall AML-CFT and related integrity aspects of the business relationship in order to avoid being involved in business relationships structured for the purposes of criminal activities or co-financed through funds of possibly illicit origin.
1. An employee appointed by the ITradeGroupMoney board of directors undertakes to monitor the business relationship with the client on a regular basis to ensure that the transactions being conducted are commensurate with their business and risk profile. To this end, the staff member shall: Regularly monitor the amount of money involved in the transaction and the frequency of transactions and, where appropriate, identify the origin of assets used in the business relationship and / or transactions. Regularly check the client’s legal status (legal capacity), financial status, area of activity, ownership information (beneficial owners). 2. In addition, the employee shall monitor at least once a year: Client risk assessment Risk assessment of the country where the Client is located Partial or combined risk assessment. 3. Client risk (the risk factors are based on the Client’s identity) must be taken into account: The legal form of the person, the governing structure (including trusts, partnerships or other such legal entities, legal persons having bearer shares) Ownership structure of the company, especially those that have no obvious commercial justification and which may make it easier to conceal the final beneficiary Personal activity (Clients engaged in business activities involving the handling of large sums of cash, such as currency exchange offices, money brokers, high value merchants, casinos, betting and other gambling companies that receive regular cash payments) Whether the person is represented by a legal person The residency of the person, including whether they are registered in an offshore area (tax-exempt and low-tax territories, eg based on relevant data provided on the website of the Tax and Customs Board).
Circumstances arising from experience in dealing with the client, his associates, owners, agents, etc. (eg suspicious transactions identified in a previous business relationship, client suspicious behavior, failure to provide required documentation) Duration of activities, nature of business relationship 4. Country risk, with risk factors resulting from differences in the legal environment of different countries, crime rates, and whether or not international sanctions have been or are being imposed on that country or persons. 5. Countries that are more risky inсlude : Those subject to international sanctions or embargoes. Those which lack sufficient money laundering laws and regulations in line with international standards. Those where terrorist financing or support has been identified Those which have been identified with significant corruption and organized crime or other crime (including drug-related crime ) level Tax-free and low-tax, offshore financial centers 6. Combined risks require particular attention of the worker to situations that indicate a higher risk in several of the above risk groups. The results of the above analysis shall be communicated in writing to the Contact Person. J) On-going Monitoring
On-going monitoring (including monitoring of transactions) is implemented on a risk-sensitive basis to detect possible Money Laundering, Financing of Terrorism or related integrity risks arising throughout the life of the business relationship.
5. Reporting Obligations
A) Any employee of ITradeGroupMoney or governing bodies of ITradeGroupMoney is required to report any suspected incidents of illegal behaviour in the activities of ITradeGroupMoney counterparties, serious misconduct or serious infringement of the rules, policies or guidelines, or any action which is, or could be, harmful to the mission or reputation of ITradeGroupMoney, immediately after becoming aware of the matter. Such actions inсlude, but not limited to:
Any transaction involving a financial obligation of more than EUR 32 000 or the equivalent in another currency that is executed in cash, whether it is a single payment or a series of linked payments. If, despite the request, the Client does not provide an identity document, details of their place of residence and area of activity and, for the first time, the document on which the right of representation is based. Client shows unusual attention regarding the ITradeGroupMoney AML-CFT Policy, or refuses to submit any information related to its business activities, or provides incorrect information; Client submits misleading information and/or has difficulty in explaining the detailed explanation of its business, financial and economic activities; Client has dubious reputation; Client asks to provide him with preferences in relation to other Clients concerning the implementation of the AML-CFT Policy. B) Suspicions that funds, regardless of the amount involved, are the proceeds of criminal activities or related to Money Laundering or Financing of Terrorism in the activities of ITradeGroupMoney, must be reported for assessment and investigation, as appropriate, to the Compliance Officer.
1. No person other than the Contact Person or the Management Board of ITradeGroupMoney shall be notified of the discovery of a transaction suspected of money laundering or terrorist financing . It is forbidden to inform the client about the suspicion of money laundering or terrorist financing sent to the FIU. 2. Upon becoming aware of a transaction suspected of money laundering or terrorist financing, the Contact Person shall analyse the content of the information received in relation to the client’s existing transactions and other known information and, if necessary, consult with the Management Board. 3. Information regarding a transaction suspected of money laundering or terrorist financing shall be retained by the Contact Person in a manner that is not accessible to other employees of ITradeGroupMoney without the Contact Person’s permission. 4. By detecting a situation in a transaction that has features that indicate money laundering or terrorist financing. The Contact Person shall promptly notify the FIU of any suspicious transaction orally, in writing or in a format which can be reproduced in writing.
5. The contact person authorizes the ITradeGroupMoney employee to complete the pending transaction after: Written permission from the FIU to carry out the transaction; or After consulting a member of the management board, if a postponement of the transaction may cause significant damage, in which case a written notice shall be forwarded to the FIU immediately after the transaction. The contact person shall inform the ITradeGroupMoney Management Board of any notice submitted to the FIU within three working days of the notification. FIU submits the request to the Contact person for additional information on money laundering or terrorist financing of the transaction and the circumstances of the Client, and iTradeGroupMoney provides if such information is available. In the case of suspected money laundering or terrorist financing, additional reporting requirements may arise from the Financial Intelligence Unit’s instructions, which the Contact Person must consult independently at least once a year. ITradeGroupMoney will keep all records of suspicious and unusual transactions received from employees for at least 5 years from the date of receipt of the notification, as well as information collected for the analysis of such reports and other related documents and notifications to the FIU. 6. According to §52 subsection 2 of the Act the performance of the duty to report suspicion of money laundering and/or financing of terrorism and submission of information by the obliged entity is not deemed breach of the confidentiality requirement arising from law or contract and the statutory or contractual liability for the disclosure of the information is not applied to the person who performed the duty to report. An agreement derogating from this provision is void.
C) ITradeGroupMoney must ensure confidentiality for members of ITradeGroupMoney staff and governing bodies who make bona fide reports of suspicions of Money Laundering or Financing of Terrorism and that such members of staff and governing bodies will enjoy the assistance and protection of ITradeGroupMoney against any acts of retaliation.
D) ITradeGroupMoney employees are not allowed to perform transactions with: Clients whose identity has not been identified according to the Rules. Anonymous or fictitious individuals using other names or pseudonyms.
Persons acting on the basis of the documents or other information provided by that person, when doubts arise regarding the correctness of the documents or data and the client does not adequately explain the circumstances giving rise to the doubts. Clients, whose identity or authority of the representative cannot be established or verified. Whoever appears on the International Sanctions List or who has been identified by the FIU as a perpetrator of money laundering or terrorist financing transactions, provided that such information is disclosed by the FIU.
6. Roles and Responsibilities of ITradeGroupMoney Governing Bodies and Staff
ITradeGroupMoney has designated its Compliance Officer as its Anti-Money Laundering Program Compliance Person (AML Officer), with full responsibility for this AML/CFT Policy. The AML Officer has a working knowledge of compliance requirements and its implementing regulations and is qualified by experience, knowledge and training. The duties of the AML Officer will inсlude monitoring the firm’s compliance with AML obligations, overseeing communication and training for employees. The AML Officer will also ensure that the firm keeps and maintains all of the required AML records. The AML Compliance Officer is vested with full responsibility and authority to enforce this Policy, inform the counterparty(ies), or other third parties, that disclosure of information which points to that a suspicious transaction is being, will be or has been reported or investigated is prohibited (“no-tipping off”).
All members of ITradeGroupMoney OÜ staff and governing bodies are under an obligation to implement the principles established in this AML-CFT Policy in accordance with the operational terms established in the implementing procedures.
ITradeGroupMoney staff with counterparty-facing transaction execution/monitoring responsibilities are the first-line of defence and first-line detectors for i) identifying suspicions of criminal activities in relation to counterparties, operations or transactions and ii) reporting them immediately in accordance with AML-CFT Law.
Records must be kept of all transaction data and data obtained for the purposes of identification, as well as of all documents related to AML-CFT.
7. Record Retention
A) Collection, verification, storage and updating of data 1. Collection of data The Client shall be identified for the first time in accordance with the procedure set forth in this AML-CFT Policy. 2. Each time a Client is identified, ITradeGroupMoney registers in the discussion system / exchange platform: Client’s name, personal identification code / registry code, residence / place of business, profession or occupation and Information on verification of data provided by the Client and other data and documentation required by the Policy 3. Verification of data In case of doubt, the validity of the identity document must be checked on the website of the Police and Border Guard Board. 4. Data retention Client and their representative’s data, the client and the representative’s identity document, and other requested documents are stored digitally ITradeGroupMoney computer system (server) or on paper at the place of ITradeGroupMoney’s Board location or another location appointed by the Board for at least five years after the termination of contractual relationship with this Client. Transaction data related to suspected money laundering or terrorist financing is retained by the Contact Person/AML officer in a manner that is not accessible to other employees of ITradeGroupMoney without the Contact person/AML officer’s permission. Data relating to suspected money laundering or terrorist financing shall be retained for 5 years after the termination of the contractual relationship with the Client, unless the investigation of the facts surrounding the transaction is completed by that time, in which case Client and transaction data shall be retained until confirmation of completion.
B) Updating of records and documents, internal control measures
Data shall be updated at least every two years. An updаte of the data shall inсlude the preparation of a report by an employee appointed by the Management Board, which shall inсlude the business risks identified, a description of the control measures put in place to mitigate the risks and how to address them in case of shortcomings. The report will be submitted to the Contact Person and the Management Board.
1. The Client relationship officer (client manager) pays much more attention to checking the data of high-risk (Category III) clients as a result of risk analysis and knowledge of the business. In addition to the annual analysis, the client manager must continuously assess the potential money laundering and terrorist financing risks associated with the clients’ business and is obliged to inform the Contact person immediately of any change in the risk profile. 2. Based on the results of the report, the Contact Person will develop a detailed monitoring plan based on which the Contact Person will monitor riskier transactions and monitor the Client profile. 3. The updated data will immediately be entered by the Contact Person into the ITradeGroupMoney computer system, which then will be accessible to all ITradeGroupMoney employees. The contact person will involve the management in the process of updating and analysing data and will base the report’s findings throughout the risk assessment process, in the preparation of action plans and in advising managers on risk reduction.
8. Data Protection
Personal data submitted to ITradeGroupMoney under the AML-CFT Policy and its implementing procedures are processed under the supervision of AML Compliance Officer for the sole purpose of AML-CFT, and in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. The processing of personal data for the purposes of AML-CFT is considered by the abovementioned General Data Protection Regulation to be a matter of public interest and as such, the processing is lawful for the purposes of the General Data Protection Regulation.
Data subjects are entitled to access, rectify and, for duly justified reasons, block and erase this data (“Rights of the Data Subject”), and may exercise their rights by contacting
ITradeGroupMoney by email email@example.com. Data subjects also have the right of recourse to the European Data Protection Supervisor at any time.
Detailed provisions relating to the application of the General Data Protection Regulation for AML-CFT purposes are available in Annex 1.
Adequate AML-CFT training, including on the processing of personal data, is provided as appropriate to ITradeGroupMoney governing bodies and staff. Such AML-CFT training is provided to all staff, and in addition specific training, as available from time to time, may be provided to staff responsible for carrying out transactions received or initiated by ITradeGroupMoney for initiating and/or establishing business relationships.
The contact person will conduct periodic ITradeGroupMoney staff training and information to raise staff awareness: Related to typical cases of suspicious and unusual transactions and preventive measures to be taken. Compliance with legal requirements. Sanctions for non-compliance with legal requirements. When hiring a new employee, the Contact Person will introduce the new employee to the Policy. The employee may ask of the Contact Person to provide training in money laundering and terrorist financing prevention or to explain how to prevent money laundering and terrorist financing in the line of business of ITradeGroupMoney.
10. Monitoring 1. Compliance with the rules is monitored by the Contact Person. Subject to this Policy, the Board shall oversee the activities of the contact person. The contact person shall exercise oversight over risk assessment and management, data collection and storage and compliance with reporting obligations.
The contact person shall have the right to verify the compliance of the employees with the requirements of the prevention of money laundering and terrorist financing and, in case of violation, to demand its immediate termination. 2. The Management Board and the Contact Person of ITradeGroupMoney shall cooperate with the FIU by providing the aforementioned with information on the application of the Policy and other related matters upon request.
ITradeGroupMoney keeps this AML-CFT Policy under review in cooperation with ITradeGroupMoney services concerned and proposes for approval by the relevant ITradeGroupMoney management body any appropriate updating in line with Estonian and EU legal and regulatory development and best banking practices or applicable market standards including where relevant other international financial institutions’ standards.
Data Protection Statement for The Company AML-CFT Requirements under ITradeGroupMoney AML-CFT Policy
Dated: 23 March 2020
All terms defined in this statement have the same meaning as terms defined in ITradeGroupMoney AML-CFT Policy.
Personal data submitted to ITradeGroupMoney under this Capital AML-CFT Policy and its implementing procedures are processed under the supervision of the Compliance Officer in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”).
The data categories which may be collected by ITradeGroupMoney in this context are mainly limited to identification data, sources of funds, data related to criminal activities and/or other miscellaneous business information, and will be collected exclusively for AML-CFT purposes. The processing of personal data for the purpose of AML-CFT is considered by the 5th and 4th AML Directive to be a matter of public interest and as such, the processing is lawful for the purposes of the General Data Protection Regulation.
Data subjects inсlude persons who directly or indirectly own counterparties (or potential counterparties) of ITradeGroupMoney, as well as persons entrusted with control and management of such legal entities (e.g. beneficial owners, shareholders, chairpersons, chief executive officers, boards of directors, management committees, supervisory boards, local authority councils or equivalent) or any natural persons-counterparties.
Personal data are collected from the data subject directly or via other publicly available sources (“Open Sources”) such as newspapers, specialised databases operated by the private sector, specialised external service providers or websites, and all reasonable steps are taken to keep such data accurate and up to date. When data are requested for the purposes of
AML-CFT, supply by the data subject is mandatory. Failure to provide the requested data may cause the data subject (and if applicable the counterparty linked to such data subject) to delay the operational processes of ITradeGroupMoney or, as the case may be, to become ineligible to enter into a business relationship with ITradeGroupMoney.
In accordance with General Data Protection Regulation, controls on data subjects inсlude controls relating to due diligence requirements for counterparties (i.e. identity of the beneficial owner(s), ownership and control structure and purpose of the business relationship), as well as for the assessment relating to the Risk Based Approach (i.e. when applicable, qualification of the data subject as a “politically exposed person” or possible administrative and criminal records or proceedings in connection with criminal activities).
Such data subjects are entitled to access, rectify and, for duly justified reasons, to block and erase these data (“Rights of the Data Subject”), and may exercise their rights by contacting ITradeGroupMoney by email firstname.lastname@example.org.
Restrictions to such Rights of the Data Subject may be imposed in accordance with the provisions of the General Data Protection Regulation and more particularly for the prevention, investigation, detection or prosecution of criminal activities. Such restrictions, if applicable, are dealt with by ITradeGroupMoney on a case by case basis and will only be applicable for as long as necessary. The data subject, to the extent possible under the General Data Protection Regulation, will be informed of the reason why his/her rights are restricted.
Where applicable, the recipients of the data so collected are limited to members of ITradeGroupMoney governing bodies, ITradeGroupMoney internal services, EU institutions and bodies, as well as, on the basis of a case by case analysis, national authorities.