AML/KYC Policy For Website
The vast majority of criminal activity is committed to generate profits for the perpetrator. There are a whole range of predicate offences that result in criminal property; however, criminals do require access to their ill-gotten funds. Bribery, corruption, human and drug trafficking tend to generate substantial amounts of profit. Naturally, they have an incentive to legitimise and maintain control of such assets, all while evading the attention of regulatory authorities and law enforcement agencies. Money laundering is the process by which criminals disguise the illicit origin of their assets. Criminals seek a way to break a link to the crime and conceal the ownership of criminally derived funds or assets. This can be achieved by changing the form of the criminal property, creating complex ownership structures or by choosing jurisdictions with less stringent anti-money laundering (AML) requirements.
We are committed to the high standards of AML in order to prevent the use of our products and services for money laundering purposes. The standards set out in this Policy are the minimum requirements based on applicable legal and regulatory requirements. These requirements are created to prevent Cryptopay, our employees, partners and clients from being misused for money laundering, terrorist financing or any other financial crime, by doing the following;
- Performing an enterprise-wide risk assessment to determine the risk profile of the Company
- Establishing AML policies and procedures
- Implementing internal controls throughout its operations that are designed to mitigate risks of money laundering
- Performing know your customer (“KYC”) procedures on all users
- Designating a Compliance Officer with full responsibility for the AML Program
- Providing AML training to all employees
We have adopted a risk-based approach during the customer due diligence procedures in line with the current UK AML/KYC regulations. This document regulates how we process the registration of customers accounts, what information is collected and how it is verified.
Cryptopay Ltd identifies the customer by obtaining a range of information about him/her. The verification of the identity consists of verifying some of this information against documents or information obtained from a reliable source which is independent of the customer. At least the following information must be received for identification purposes: name and surname; personal identity number (if such exists); date of birth; photograph on an official document which confirms his/her identity; residential address; the number of the personal identification document; the expiry date of the identification document.
Once a customer is identified and his/her identity is verified, Cryptopay Ltd must conduct a certain level of due diligence based on a risk-based approach. For some business relationships, determined by the firm to present a low degree of risk of ML/TF, simplified due diligence (SDD) may be applied; in the case of higher risk situations, and specifically in relation to PEPs, enhanced due diligence (EDD) measures must be applied on a risk-sensitive basis.
We have integrated with a leading electronic data provider to fulfil the regulatory obligations in line with the UK’s financial sanctions regime. Information is aggregated from the most important sanction lists (OFAC, EU, UN, BOE, FBI, Bureau of Industry and Security etc.) worldwide and is grouped into one category.
Politically exposed persons
In addition to the aforementioned measures, we are integrated with the largest database of Politically Exposed Persons (PEPs), as well as those of their family members. Whenever a client has been identified as a PEP, enhanced due diligence measures are applied, senior management approval is necessary for establishing or continuing, a business relationship with such a customer.
We have selected a senior management team to act as a Chief Compliance Officer to make the communication between us and governing authorities clearer and more efficient. The key role of the nominated officer is to create a framework where any member of our staff has sufficient skills and knowledge to raise suspicions of money laundering or terrorist financing. Our staff members also have a clear procedure to report their suspicions in due time.
Cryptopay has an ongoing live transaction monitoring process for the purpose of detecting suspicious activity. As advised by the regulator, Cryptopay does not rely solely on a set of prescriptive rules and thresholds; instead, it uses a risk-based approach, both in alert generation and prioritization. The solution utilizes statistical and analytical techniques to identify patterns of unusual and suspicious behaviors by building profiles on each individual customer and comparing their financial activity against expected and/or peer group norms. This is accomplished by using several powerful data analytics tools for flagging anything that falls outside of "normal."
We reserve the right to refuse to process a transaction at any stage. Especially, when we believe that a transaction is connected in any way to money laundering or any other type of criminal activity. In accordance with the UK law, we are not obliged to inform the customer that it was reported to the corresponding bodies of the customer’s suspicious activity.
Cryptopay has established a way in which its staff consults with their line managers to provide evaluation for the rationale of the further disclosure; by no means, this prevents contacting the nominated officer directly. All internal reports are registered in an appropriate way; the nominated officer maintains a secure suspicious report register. The framework is created in such a way, where a reasonable and faithful evaluation is provided to each report that is received. The nominated officer assesses the risk that is posed by a transaction or activity. In cases where there are associated accounts, an examination of such relationships is to be carried out. If an internal review has indicated enough grounds to know or suspect that any benefit has been acquired and if a criminal property exists, an external SAR report is submitted to NCA in a timely manner.
Records must be kept of all customers' identity, the supporting evidence of verification of identity (in each case including the original and any updated records), Cryptopays' business relationship with them and details of any occasional transactions. As per regulatory requirements, we keep records for at least five years from the date a business relationship ends or from the date of the last transaction.
We make sure that are employees are aware of our AML program and request that training is provided to all employees (new and existing) before conducting business activities, and, at a minimum, must include:
- Understanding and recognizing money laundering and fraud
- Verifying customer identification
- Identifying suspicious activity and structured transactions
- Reporting requirements related to all transactions
Additional training should be provided regularly to all employees based on, but not limited to, changes in government regulations, Cryptopay AML Compliance Program requirements, related procedures, and policies, or in the event of a performance issue related to an AML incident.