AML/CTF/KYC Policy


INTRODUCTION

Money laundering is defined as the process where the identity of the proceeds of crime is sodisguised that it gives an impression of legitimate income. Criminals specifically targetfinancial services firms or other entities (“User(s)”) through which they attempt to laundercriminal proceeds without the knowledge or suspicion of these firms or entities. Walahala OÜ(“Walahala”) is an Estonian company and must follow European and Estonian rules on Anti-money laundering and Counter-terrorist financing activities.

In response to the scale and effect of money laundering, the European Union has passedDirectives designed to combat money laundering and terrorism. These Directives, togetherwith regulations, rules and industry guidance, form the cornerstone of our Know-Your-Customer (“KYC”), Anti-money laundering (“AML”) and Counter-terrorist financing (“CTF”)obligations and outline the offenses and penalties for failing to comply.

Walahala senior management has implemented systems and procedures that meet thestandards set forth by the European Union. This decision reflects the senior management’sdesire to prevent money laundering, terrorism financing and misuse of Walahala services toproceeds of crime. This Policy includes procedure for provision of exchanging a virtualcurrency against a fiat currency service and provision of storing a virtual currency (wallet)service.

AML/CFT FRAMEWORK

The Walahala AML/CFT Policy is designed to prevent money laundering by meeting the European standards on combating money laundering and terrorism financing, including the need to have adequate systems and controls in place to mitigate the risk of the user being used to facilitate financial crime.

Estonian Cryptocurrency Exchanges are defined in the Estonian law as Providers of Alternative Means of Payment, licensed as an Estonian Financial Institution by holding a Financial Activity License from the Estonian Financial Intelligence Unit (hereinafter referred to as: “FIU”), which is the Anti Money Laundering authority in Estonia with the ability to grant, revoke and supervise financial activity licenses.

The AML requirements and Know your customer (hereinafter referred to as: “KYC”) due diligence measures for the service providers are set forth in the Estonian Money Laundering and Terrorist Financing Act and other legal guidelines given by the Estonian Minister of Finance.

A cardinal part of the licensing procedure and a significant FIU consideration for granting licenses is the quality of the Rules of Procedures which according to the Act, must be meticulously drafted by the license applicant. These Rules of Procedure must comply with the Estonian law’s various requirements, which require them, among other things, to include specification of user due diligence measures the company intends to take, assessment of money laundering risk, the manner of the collection and keeping of records, internal control rules, etc.

To Walahala has been issued operating licenses by the Financial Intelligence Unit for:
Providing​ services of exchanging a virtual currency against a fiat currency (License No. FVR000670 – https://mtr.mkm.ee/taotluse_tulemus/502712). Providing a virtual currency wallet service​ (License No. FRK000577 –https://mtr.mkm.ee/taotluse_tulemus/502711).
This AML/CFT legal framework sets out the standards which must be complied with and includes:

  • appointing a Money Laundering Reporting Officer (MLRO);
  • Assigning Compliance Officer (CO);
  • Identification, verification and Know Your Customer (KYC) procedures;
  • Establishing and maintaining a Risk-Based Approach (RBA);
  • Establishing and maintaining risk-based Customer Due Diligence (CDD);
  • Conducting a periodic AML/CFT audit;
  • Establishing and maintaining risk-based systems and procedures for the monitoring of on-going customer activity;
  • Establishing procedures for reporting suspicious activity internally and to the relevant law enforcement authorities as appropriate;
  • Maintaining appropriate records for the minimum prescribed periods;
  • Provision of training for- and raising awareness among- all relevant employees.

MLRO is a person who has a sufficient level of seniority and independence, and who has responsibility for oversight of compliance with the relevant legislation, regulations, rules and industry guidance.

CO is a person who is responsible for implementation of Company AML/CFT policy, including, but not limited to, the hereabove listed activities.

RBA is assessment and management of money laundering and terrorist financing risks faced by the user. It enables to identify, assess, and understand the money laundering and terrorist financing risk to which Company is exposed, and take the appropriate mitigation measures in accordance with the level of risk. Risk based approach also allows to pay most of the attention to the higher risk and allocate most of the resources for mitigation of such risks.

KYC AND RISK ASSESSMENT:

KYC

Before any customer can access and benefit of Walahala services, identity of such customer has to be established. For establishing the identity of its customer, Walahala must obtain sufficient data/documents/information from a (perspective) customer and verify such data/documents/information against independent sources. Customers that in the opinion of Walahala pose higher risk may be investigated more thoroughly which may result in requesting of additional information and taking longer term for verification of the identity of such customer. Walahala retains a right to re-establish the identity of the customer in cases where Walahala sees it fit and in relation to that, request additional data/documents/information or renew previously submitted.

Customer’s identification information will be collected, stored, shared and protected strictly in accordance with Walahala Privacy Policy and related regulations.

Walahala shall perform a KYC for every natural or legal person, representative of the legal person, beneficial owner of the user or politically exposed person (“PEP”) or a person connected with PEP.

During the registration procedure, every user must provide to Walahala with several personal information and documents, which Walahala need to establish a portfolio of the user and access the risk, connected to it.

NATURAL PERSON NEEDS TO PROVIDE AT LEAST:

First name, last name; Date of birth, place of birth; Home address; Phone number and email; Government issued ID document (both sides); Selfie with ID document; Proof of residence (utility bill or similar); Bank account details; Video conference; Other information and documents on the request of Walahala.

LEGAL PERSON NEEDS TO PROVIDE AT LEAST:

Business name of the legal person; Registry code or registration number and the date of registration; ID of the shareholders (same as for the natural person identification), ID of the director(s) and/or members of the management board (same as for the natural person identification), ID’s of the representatives (same as for the natural person identification); Proof of the registered office/seat; ID’s of the beneficial owners (same as for the natural person identification); Bank statement; Proof of representation; Articles of association; Other information and documents on the request of Walahala.

RISK LEVELS

The risk is divided to 3 LEVELS:

Normal:

The risk level is normal, there are no high-risk characteristics present.

HIGH 1:

1. User is from high risk country.
2. User is local PEP or a person. associated with a PEP.
3. The legal person’s area of activity is associated with enhanced money-laundering risk.
4. The legal person is situated in a country, which is listed in the list of risk countries.
5. The legal persons activities and liability are insufficiently regulated by law, and the legality of financing of which is not easy to screen.
6. The representative or the Beneficial Owner / Shareholder of a legal person is a local PEP or his / her family member.

HIGH 2:

1. User is suspected to be or to have been linked with a financial offence or other suspicious activities.
2. User is a non-resident individual, whose place of residence or activities is in a country, which is listed in the list of risk countries.
3. The representative or the Beneficial Owner / Shareholders of a legal person is a PEP or his or her family member.
4. There is information that legal person is suspected to be or to have been linked with a financial offence or other suspicious activities.
5. A legal person registered outside the European Economic Area, whose field of business is associated with a high risk of Money Laundering, or registered in a low tax rate country.

RISK CATEGORIES

RISK BY USERS:

Suspicious facts such as but not limited to the: discrepancies in provided ID documents, fictitious person, stolen identity, counterfeited id document, post box home address, pervious financial crime record, terrorist record, wanted person, no contact phone number, not valid documents, discrepancies in provided documents for the legal person, etc.

Politically exposed persons such as but not limited to the: prominent public functions: head of state, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a state-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organisation, except middle-ranking or more junior officials.

RISK BY COUNTRIES:

Country of residence / nationality is a country with prohibition/restriction on cryptocurrencies such as but not limited to: Afghanistan, Algeria, American Samoa, Bangladesh, Bolivia, China, Democratic Republic Of Congo, Democratic People’s Republic Of Korea (Dprk), Ecuador, Egypt, Ethiopia, Fyr Macedonia, India, Iran, Iraq, Kyrgyzstan, Pakistan, Palestine, Qatar, Saudi Arabia, Syria, Morocco, Nepal, United States Of America, Vanuatu, Vietnam, Zambia.

Resident / Citizen Of The High Risk Countries such as but not limited to: Bahrain, Yemen, Jordan, Kuwait, Lebanon, Libya, Malaysia, Mali, Mauritania, Nigeria, Oman, Somalia, Serbia, Sri Lanka, Sudan, Tunisia, Turkey, Ethnic Groups Of Caucasus Belonging To Russian Federation (Chechens, Etc.), Trinidad & Tobago.

Low Tax or Tax-free Countries such as but not limited to: United Arab Emirates, Oman, Bahrain, Qatar, Saudi Arabia, Kuwait, Bermuda, Cayman Islands, The Bahamas, Brunei, Vanuatu, Anguilla, Belize, Costa Rica, Guatemala, Panamá, Nicaragua.

RISK BY TRANSACTIONS:

Walahala shall inspect any outstanding transaction, which include but is not limited to the: large transactions that do not correspond to user’s source of funds and/or source of wealth, transactions to offshore or shell bank (financial institution that does not have a physical presence in any country), executing payment via non-licensed payment institution, large daily movements of fiat or virtual money, etc.

DETECTION OF SUSPICIOUS TRANSACTIONS

Walahala shall diligently monitor transactions for suspicious activity. Transactions that are unusual will be carefully reviewed to determine if it appears that they make no apparent sense or appear to be for an unlawful purpose.

Implemented internal controls will serve as ongoing monitoring system in order to detect the suspicious activity or transaction. When such suspicious activity is detected, Walahala shall determine whether a filing with any law enforcement authority is necessary. Suspicious activity can include more than just suspected money laundering attempts. Activity may be suspicious, and Walahala may wish to make a filing with a law enforcement authority, even if no money is lost as a result of the transaction.

Walahala shall initially make the decision of whether a transaction is potentially suspicious. Once Walahala has finished the review of the transaction details, he or she will consult with its management to make the decision as to whether the transaction meets the definition of suspicious transaction or activity and whether any filings with law enforcement authorities should be filed. Walahala shall maintain a copy of the filing as well as all backup documentation. The fact that a filing has been made is confidential. No one, other than those involved in the investigation and reporting should be told of its existence. In no event should the parties involved in the suspicious activity be told of the filing.

REPORTING REQUIREMENTS

Reasonable procedures for maintaining records of the information used to verify a person’s name; address and other identifying information are required under this Policy.

The following are required steps in the record keeping process:
1. Walahala maintains a record of identifying information provided by the user.
2. Where Walahala relies upon a document to verify identity, Walahala shall maintain a copy of the document that the Company relied on that clearly evidences the type of document and any identifying information it may contain.
3. Walahala shall also record the methods and result of any additional measures undertaken to verify the identity of the user.
4. Walahala shall record the resolution of any discrepancy in the identifying information obtained.
5. All transaction and identification records will be maintained for a minimum period of five years.

MONITORING

To get to know its customers, Walahala performs ongoing and retrospective monitoring. Monitoring performed by Walahala intends not to only to get to know the customer, but also to notice unconformities taking into comparison information submitted to Walahala by the customer or obtained by Walahala during establishment of the identity and such customer’s actual activities using Walahala services and to catch any attempts of fraudulent, illegal or unlawful activity.

Walahala uses both manual and automated solutions to track its customers’ transactions. Walahala may use other measures on case by case basis.

Each suspicious activity will be thoroughly investigated and, if necessary, reported to the respective authorities or other restrictive measures taken to ensure no money laundering or terrorist financing activity is performed. Walahala is entitled to request additional information/data/documents in relation to any transaction and the customer must follow the such request.

REPORTING

Following its AML/CFT/KYC Policy and the applicable legal acts, Walahala, when necessary, will report to the respective authorities of the activities that may be considered as money laundering and terrorist financing. Walahala will not disclose any information about such report to have been made and will not address any questions in relation to that.

SANCTIONS

Walahala is prohibited from transacting with individuals, companies and countries that are on prescribed sanctions lists. Walahala will therefore screen against United Nations, European Union, UK Treasury and US Office of Foreign Assets Control (OFAC) or other financial regulator sanctions lists in all jurisdictions in which we operate.