Tech Capital Solution S.R.O.
COMPANY ID 19486154
Rybná 716/24, Staré Město,
110 00 Prague
Czech Republic
OBLIGED ENTITY PURSUANT TO SECTION 2 (1) B) PT. 5 OF THE AML ACT
AlphaPays (hereinafter referred to as ‘the Company’) [1] carries out a business activity related to virtual assets, having permission to such activity in the Czech Republic.
The Company operates in compliance with Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on Markets in Crypto-Assets (MiCAR). This policy incorporates the obligations applicable to crypto-asset service providers (CASPs), including those related to anti-money laundering (AML), consumer protection, governance, and prudential requirements. Furthermore, the Company adheres to Law No. 253/2008 on certain measures against the laundering of proceeds of crime and the financing of terrorism (the ‘AML Act’). In line with this, it identifies and screens clients entering into business relationships, monitors the nature, volume, and other relevant aspects of their transactions, and actively works to prevent money laundering and terrorist financing, particularly in relation to the issuance of small-scale electronic money.
The company provides several services to its Clients. The crypto exchange and crypto wallet service allows money to be sent and received worldwide in more than 20 currencies, a money transfer or e-money service within the EU and globally.
The main tool used by the Company to prevent money laundering is transactions monitoring and monitor the frequency and extent of deviations from normal transactions as well as the evolving Client Entry and Conduct System. This document is also created for the purposes of a risk control system to ensure full due diligence, identification, mitigation and risk management of money laundering. In the framework of the supervision, monitoring and evaluation of measures on anti-money laundering regulatory requirements (hereinafter referred to as AML/CFT), the Company shall comply with the applicable legislation of the Czech Republic, the European Union/EEC and shall also comply with the assessments, decisions and recommendations of international bodies such as the European Banking Association (EBA), the Financial Action Task Force (FATF) , the Moneyval Commission of the European Council and others.
Measures of Company have the following objectives:
For the purposes of this document, the Terms below have the following meaning:
|
AML act |
Act No 253/2008 Coll., on certain measures against the legalisation of proceeds from crime and the financing of terrorism, as amended |
|
AML order |
Order No 67/2018 Coll., on certain requirements for a system of internal principles, procedures and control measures against money laundering and terrorist financing, as amended |
|
AML/CFT prevention |
Measures to prevent money laundering and terrorist financing (Anti-Money Laundering / Countering the Financing of Terrorism) |
|
KYC |
Know Your Customer, or identifying Client and verifying Client information for the duration of the business relationship |
|
CDD |
Client Due Diligence, or customer due diligence, which builds on KYC and works with elements of verification of acquired client information |
|
EDD |
Enhanced Due Diligence that builds upon CDD |
|
RBA |
Risk Based Approach, risk management process based on their prior evaluation |
|
FATF |
The Financial Action Task Force, or Financial Action Committee, is an NGO dedicated to developing and promoting policy principles to protect the global financial system against money laundering, terrorist financing and proliferation of weapons of mass destruction |
|
CASP |
A legal person or undertaking whose occupaVon or business is the provision of one or more crypto-asset services to clients on a professional basis, as defined by the Markets in Crypto-Assets RegulaVon (MiCA). This includes, but is not limited to, enVVes offering services such as exchange of crypto-assets for fiat currency or other crypto-assets, transfer of crypto-assets, and custody and administraVon of crypto-assets on behalf of clients. |
|
MiCAR |
MiCAR: Regulation (EU) 2023/1114 governing issuers of crypto-assets and crypto-asset service providers within the EU. |
|
GDPR |
General Data Protection Regulation, or General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC |
|
MLRO |
Contact person for communication with the FAO, responsible for maintaining compliance processes (position Head of Compliance and Risk Department) |
|
ML/FT |
Legalisation of illicit funds / terrorist financing (Money Laundering / Financing of Terrorism) |
|
SAR |
Suspicious activity report, addressed to MLRO for possible STR submission |
|
EEA |
European Economic Area |
|
EU |
European Union |
|
FAO |
Financial Analytical Office |
|
STR |
Suspicious Transaction Report |
|
PEP |
Politically Exposed Person |
|
UBO |
Ultimate Beneficial Owner |
|
SIP |
Special Interest Person, or a natural person with a potential risk of criminal activity for which a person has been detained, charged, indicted or convicted |
|
SIE |
Special Interest Entity, or a legal person with a potential risk of criminal activity for which a person has been detained, charged, indicted or convicted |
|
Sanction Act |
Act No 69/2006 Coll., on the implementation of international sanctions, as amended |
|
Company |
Tech Capital Solution s.r.o., company ID 19486154, hereinafter referred to as „obliged entity“ |
|
Internal Principles |
System of Internal Principles, procedures and control measures to fulfill the obligations of the AML by law, also as "Principles" |
|
Beneficiary |
The person or enVty that is the intended recipient of a crypto-asset transfer. |
|
Financing Terrorism |
Collecting or providing funds or other property, knowing that it will be used, even in part, to commit an act of terror, a terrorist attack or an offence intended to enable or assist the commission of such an offence, or to support a person or group of persons preparing to commit such an offence. Actions to reward or compensate the perpetrator of an offence of terror, terrorist attack or criminal act intended to enable or assist the commission of such an offence, or a loved one within the meaning of the Criminal Code, or to collect funds for such reward or compensation. For the purposes of the AML Act, as well as the financing of the proliferation of weapons of mass destruction, which means the collection or provision of funds or other property in the knowledge that it will, even partially, be used by a proliferator of weapons of mass destruction or used to support the proliferation of such weapons in violation of the requirements of international law. It is not decisive whether the abovementioned act took place or is intended to take place, in whole or in part, in the territory of the Czech Republic or abroad. |
|
Legalization of proceeds of criminal activity |
Actions to conceal the unlawful origin of any economic advantage derived from criminal activity in order to give the appearance of a financial benefit acquired in accordance with the law; such acts consist, for example: in the conversion or transfer of property knowing that it is derived from criminal activity, in order to conceal it or to disguise its origin, or to assist a person who is engaged in such an activity in order to escape the legal consequences of his or her actions; concealing or disguising the true nature, source, location, movement or disposal of property, or changing rights relating to property, knowing that such property is derived from criminal activity; in the acquisition, possession, use or disposal of property knowing that it is derived from criminal activity; in a criminal organisation of persons or any other form of cooperation for the purpose of the conduct referred to above. It is not decisive whether the abovementioned act took place or is intended to take place, in whole or in part, in the territory of the Czech Republic or abroad. |
|
MLRO |
The person responsible for maintaining the Company's compliance with legal regulations as well as internal compliance, the management of the KYC department and the Risk Management department, as well as the reporting of suspicious transactions by the Company, as well as being the FAO's contact person (also the "Head of Compliance and Risk Department"). |
|
Concealment of Beneficial Ownership |
Beneficial ownership information may be obscured using a combination of legal arrangements and financial instruments. The most common is the use of shell companies, i.e. inactive companies which typically have a post-box address and no employees. |
|
Transaction |
Any act of the Company with another person where such act is intended to dispose of that other person's property or to provide a service to that other person. Where a payment is split into several separate transactions, the value of the transaction or payment shall be the sum thereof if these transactions are linked. By definition, the obliged entity enters into business with the client on a one-off basis, i.e. when a business relationship is established (where the focus is mainly on identifying the client) as well as during the course of the business relationship with the client, it enters into sub-transactions (where the emphasis is on comparing, verifying and subsequently checking information already obtained). |
|
Business Relationship |
A contractual relationship between the Company and another person, the purpose of which is to dispose of that other person's property or to provide services to that other person, where, when the contractual relationship arises, it is clear, having regard to all the circumstances, that it will contain a recurring supply. The company concludes a framework contract with the client for the provision of payment services, stating that the contract contains, as per the client's request – the creation of an electronic wallet, the attachment of a prepaid card to an account, the creation of a special IBAN account under the Client profile, and the execution of electronic money or funds transfers under the company name or the Client's personal name with the collection of more than 20 international currencies. |
|
KYC department |
Department responsible for identification, setup, functionality and KYC process modifications, including client follow-up due diligence |
|
Travel Rule |
The requirement, as mandated by the Financial AcVon Task Force (FATF) RecommendaVon 16 and implemented in the European Union via the Transfer of Funds RegulaVon (EU) 2023/1113 (TFR), that Crypto-Asset Service Providers (CASPs) must obtain, hold, and transmit specific idenVfying informaVon about the originator and beneficiary of crypto-asset transfers above certain thresholds. |
|
Sales department |
Department responsible for communicating with Client and for business development |
|
Self-hosted Wallet (or Unhosted Wallet) |
A crypto-asset address or wallet where the private keys are controlled by an individual and not by a Crypto-Asset Service Provider (CASP). |
|
Risk Department |
Department responsible for monitoring client activities, conduct and transactions |
|
Customer Support |
Department responsible for providing support to clients |
|
Originator |
The person or enVty that iniVates a crypto-asset transfer. |
|
Suspicious Transaction |
Transaction done in circumstances giving rise to suspicion of trying on the laundering of proceeds of crime, or the suspicion that funds used in trade are intended to finance terrorism, or that the transaction is otherwise related or connected to the financing of terrorism, or any other fact that might suggest such a suspicion. |
|
Politically Exposed Person |
a) a natural person who is or has been in an important public office of national or regional importance, such as, in particular, the head of state, the prime minister, the head of the central government department or his deputy (deputy, secretary of state), a member of parliament, a member of the governing body of a political party, a leader of a territorial government, a judge of the supreme court, the constitutional court or any other supreme judicial body whose decisions in general (with exceptions) are not subject to appeal, member - a central bank bank's bank board, a senior officer in the armed forces or corps, a member or representative of a member (if it is a legal person) of the statutory body of a trade corporation controlled by a state, an ambassador or the head of a diplomatic mission, or a natural person who performs or has performed a similar function in another state, an EU institution or an international organisation, b) a natural person, who is: 1) a person known to be a close associate to a person under letter a), 2) a business partner or beneficial owner of the same legal person, trust or other legal arrangement without legal personality as a person under letter a) or is known to the obliged entity as a person in a close business relationship with the person under letter a), or 3) a beneficial owner of a legal person, trust or other legal arrangement without legal personality known to the obliged entity to be created in favour of a person under letter a). |
|
Identity Card |
Document issued by a public administration authority stating first name and surname, date of birth together with image and potentially other identification features enabling identification of its bearer as the true holder. |
|
Risk Country |
Country at risk in terms of money laundering, terrorist financing or proliferation of weapons of mass destruction. The list of these countries is established by Commission Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council on the identification of high risk third countries with strategic deficiencies, as amended. Other high-risk countries are listed in Annex 2. |
|
SIE |
Legal person with a potential increased risk of being involved in criminal activity for which a person has been detained, charged, indicted or convicted in connection with: property offences, terrorism or terrorist financing, trafficking in prohibited goods and services (narcotics, arms, trafficking in human beings), corruption, bribery or extortion, crimes committed by organised groups, war crimes. |
|
SIP |
Natural person with a potential increased risk of being involved in criminal activity for which a person has been detained, charged, indicted or convicted in connection with: property offences, terrorism or terrorist financing, trafficking in prohibited goods and services (narcotics, arms, trafficking in human beings), corruption, bribery or extortion, crimes committed by organised groups, war crimes. |
|
Beneficial owner |
Beneficial owner shall mean a natural person having factual or legal possibility to realize directly or indirectly decisive influence in a legal person, trust or other legal arrangement without legal personality. It shall be deemed that under the conditions given in the first sentence the beneficial owner is: a) for a business corporation a natural person, who: 1. alone or in connection with other persons acting in concert with that person handles more than 25 % of voting rights of the business corporation, or has more than 25 % share in ordinary stock, 2. alone or in connection with other persons acting in concert with the natural person controls the person under point 1, 3. should be the recipient of at least 25 % of profit of the business corporation, or 4. is a member of a statutory body, representative of a legal person in such body and/or in position similar to a member of a statutory body if there is no beneficial owner or it is not possible to determine it in accordance with points 1 to 3, b) for an association, public service company, owners association, church, religious society or other legal person under the Act regulating position of churches and religious societies a natural person, who: 1. handles more than 25 % of its voting rights, 2. should be a recipient of at least 25 % of distributed funds, or 3. is a member of a statutory body, representative of a legal person in such body and/or in position similar to a member of statutory body if there is no beneficial owner or it is not possible to determine it in accordance with points 1 and 2, c) for a foundation, institute, trust or other legal arrangement without legal personality a natural person or beneficial owner of a legal person, who is in a position of: 1. a founder, 2. a trustee, 3. a beneficiary, 4. a person in whose interests was the foundation, institute, trust or other legal arrangement without legal personality established or is functioning, if a beneficiary is not determined, and 5. a persons allowed to maintain supervision on administration of the foundation, institute, trust or other legal arrangement without legal personality. AML Act determines the Actual Owner threshold of more than 25%, Company, even with respect to the FATCA, has decided to apply a limit of Beneficial owner of more than 10%. |
|
Country of origin |
for a client - a natural person each state of which that person is a national, and at the same time all other states in which he or she is registered to reside for more than 1 year, or for permanent residence if known to the Company, for client - a legal person who is also a obliged entity within the meaning of Section 2 of the AML Act is the country of origin of the State in which it has its registered office, |
The first identification of a client who is a natural person and of any natural person acting on behalf of a client who is a legal person shall be carried out by the Company either in the physical presence of the identified person or in a manner pursuant to Section 11 of the AML of the Act and specified in paragraph 4.2.
Each Client goes through registration via the website alphapays.com. The e-mail address entered in the registration form is the first step of checking the applicant - they receive an e-mail sent by the Company system with a link directing it to their profile. Subsequently, access to his profile is verified using a phone number.
This procedure is common to all services offered by the Company. In parallel, the Client Check phase is started with the use of automated screening to assess whether the Client is a PEP or not on one of the sanctions lists (EU, UN, OFAC).
The next stage involves a manual check by an employee of the KYC Department, namely a check of the background information received from the Client (including a check of the ID card supplied and a certificate of residency), an IP address check to determine the true location of the client and the verification carried out by it, a check of the Client's jurisdiction (whether it is in the country according to Annex 2), a categorisation of the Client according to the Risk Assessment and the decision to approve the Client or to add further information.
The company will identify the client each time a business relationship is established. Furthermore, we are committed to complying with the Transfer of Funds Regulation (EU) 2023/1113 (TFR), which incorporates the Financial Action Task Force (FATF) Travel Rule for crypto-asset transfers. As a Crypto-Asset Service Provider (CASP), we will ensure that all crypto-asset transfers exceeding the specified thresholds are accompanied by the necessary originator and beneficiary information, both for transfers sent and received. To facilitate this, we utilize Notabene.io as our trusted solution for Travel Rule compliance, enabling secure and efficient data exchange.
Client identification will be performed:
Submit of identification data
Company as a part of performing identification of client, who is:
Identification data:
General requirements of all client’s Identification document:
Required types of Identification document:
Required typed of Proof of Residence:
If some identifying information (e.g. sex, address of stay) is not included on the ID card, the Client is asked to provide a supporting document containing the missing identification information.
The company may make copies or extracts of the documents submitted and process the information thus obtained for the purposes of the AML Act. The making of copies of personal documents under personal identification is only possible with the consent of the holder. The company shall only copy those parts of the ID which are necessary for identification, in accordance with FAO Methodological Guideline No.8 of 9.10.2020.
If, when entering into a transaction (or business relationship), the Company suspects that the client is not acting on its own behalf, or that it is disguising that it is acting on behalf of a third party, it shall invite the client to provide evidence of the original or a certified copy of the power of attorney. Everyone is obliged to comply with this request, otherwise it is a suspicious transaction.
If the applicant provides a false or modified identity card, such a document will not be accepted and information about such an attempt will be given to law enforcement authorities by notification.
In accordance with the RBA, the company will request additional information in addition to the documents required for identification and verification, such as an account management certificate, marriage certificate, other identity card, etc.
During verification, the Company has the right to suspend receipt of funds for the Client account or temporarily shut down the Client account if deficiencies in the submitted information are identified as part of the client identification.
Company shall identify the client's organisational and ownership structure and ensure that it understands the client's legal form, as well as the reasons for which the Client requests the Company's services, all before the business relationship is established.
Identification of the ownership structure of the Client and its Beneficial Owners is necessary to assess the Client in terms of AML risks. Therefore, the Company identifies any natural person acting in or on behalf of a legal person for the first transaction, as well as all the legal person's directors, the legal person's shareholders, the legal person's beneficial owners, the domain owners.
The Company is required to request the following documents as part of the Client identification (or it’s substtitude):
The business plan shall include sufficient details of the business activity planned by the applicant, its planned budget, strategic objectives and other relevant dates, including background of activities, sources of funding, target markets and marketing plan.
If the KYC Department is unable to complete the identification of the Client and its verification due to the absence of Client information, such an applicant will not be accepted.
As part of the identification of legal entities, the Company shall record and verify the following mandatory information:
The above mentioned information must be verified according to business registers or other sources, and copies must be verified by the competent authorities for that purpose (if not a register with a constructive notice). All documents must be officially translated into Czech or English and duly authenticated.
Further documentation will be required if:
On the basis of the information supplied, the Company shall identify relevant relationships with other legal entities for the identification of specific individuals or multiple individuals having a significant impact on Client's activities.
After identifying the beneficial owners, the Company shall verify that the beneficial owners are listed as sanctioned persons in the appropriate sanctions lists. If the applicant's beneficial owner matches the sanctions list, it is not possible to establish a business relationship with the applicant or to continue a business relationship with the client.
As part of customer identification, the Company detects through a check of www.complyadvantage.com implemented in the Company's internal system, which automatically searches and records whether or not the person entered is a politically exposed person at the time of registration of the application and subsequently every 3 months after the establishment of the business relationship and the first PEP check.
In this way, the Company verifies the client and all persons who are the beneficial owner of the client, if this is discovered, or are acting for the Client.
Complyadvantage.com evaluates the applicant/client name, surname, date of birth, country of origin against its own database. In case there is a match on the alert according to the criteria:
(a) above 75%, the applicant/client is suspended from making changes to the profile as well as access to the services provided, so there will be no establishment of a business relationship/there will be verification of the client's existing data and a possible determination of whether the match between the alert and the client is a suspicious transaction (The client submitted false information or did not inform about the change in PEP status).
(b) below 75%, the client is temporarily suspended from making changes to the profile, but has access to the services provided, The KYC Department will conduct an investigation into additional client information to exclude client and PEP matches.
Along with this, the existence of PEP is targeted by the question in Annex 1 “Is a member of the body of the company or the owner of the company a person who has the status of PEP?”, which makes it possible to refine the information obtained from Complyadvantage, as well as the client's statement about the status of PEP, which the client fills in as part of the initial questionnaire.
If a client is found to be a PEP, until MLRO approval is given for the continuation of the business relationship with the client (or approval for the establishment of such a relationship), there is a suspension of the use of the Company's services for the transfer of funds outside of the Client's electronic wallets on the instructions of a KYC employee, for reasons of high risk of the client.
Subsequently, the consent of the MRL is required to continue or establish a business relationship. There shall be no business relationship/continuation/execution of budding business until it has issued or decided on a course of action.
Obligations and restrictions relating to politically exposed persons shall be applied by the Company for a period of 24 months from the date on which the Company has received information or has established, as a matter of periodic review, that the Client has lost its PEP status (has ceased to perform the relevant function); in which case, based on a risk assessment, it is first necessary to exclude the client-specific risk for politically exposed persons. During that period, it shall also apply, to the same extent, to a client whose beneficial owner is a politically exposed person and to a person known to the Company to be acting for the benefit of a politically exposed person.
The KYC department uses the procedures of the FAO Guideline No. 7 from 9th October 2020, which defines PEPs according to the functions listed in Annex 1, when assessing whether or not a Client is a PEP. It follows the same line for foreign PEPs.
As part of customer identification, the Company ascertains and records whether the client is a person to whom the Czech Republic applies international sanctions of a financial nature (the ‘sanctioned entity’). In this way, it is necessary to verify the client, the persons who are authorised to act on behalf of the client in the context of the business (or business relationship) in question, and in the case of the client - the legal person, all persons who are members of the client's statutory body, all established beneficial owners of the client and all persons identified on the basis of the information obtained by the investigation of the client's management and ownership structure.
The company detects, similarly to the PEP survey, www.complyadvantage.com, implemented in the Company's internal system, which automatically searches and records whether a given person is kept on one of the sanctions lists (OFAC sanctions list, EU sanctions list, UN sanctions list or not, both when the application is registered and then automatically every 3 months after the business relationship is established.
In the same way, finding out if the Client is listed on the sanctions list is activated whenever the Client information is modified, when the request for payment (trade) is entered, irrespective of the amount of the transaction being executed. Thus, the company is effective in limiting the risk of financing individuals, on sanctions lists both before and during the commercial relationship.
In this way, the Company verifies the client and all persons who are the beneficial owner of the client, if this is discovered, or are acting for the Client.
In case there is a match on the record by evaluation of name, surname, company name (if the subject of sanctions is a legal person) date of birth, country of origin versus own database.
In case that match is under specified details:
(a) above 75%, the applicant/client has been suspended from making changes to the profile as well as from accessing the services provided, so there will be no business relationship/The KYC department will immediately verify the client's existing data and forward the MLRO within 24 hours so that it can decide on the STR, while stopping access to the services provided, the changes made to the client's profile.
(b) less than 75%, the client is temporarily suspended from making changes to the profile, but has access to the services provided, The KYC Department conducts an investigation of additional client information to exclude client compliance with the sanctions list and either allows the client to continue or requests additional information from the Client that clearly excludes the possibility that he is a Client/Applicant of a person subject to sanctions, or whether this is a situation for which an STR is necessary.
The aim of the SIP and SIE checks is to exclude the possibility that the Client has been convicted, arrested or charged in connection with criminal activity according to available information, has a criminal record or, according to available information, maintains a connection with persons associated with criminal groups or is directly involved in the illegal activity of these groups.
Similar to PEP and Sanctions Lists, for SIP and SIE detection, the Company relies on automated client screening for negative SIP information, SIE.
If the applicant is a SIP or SIE, the business relationship or any trade in it is subject to due diligence (EDD) and the approval of the applicant by SIP or SIE, or the duration of the business relationship with the client that has been zipped to be a SIP or SIE is decided by MLRO. The specifications and criteria that apply to the PEP survey apply mutatis mutandis to SIPs and SIEs.
In addition to the identification performed in the physical presence of the client, the Company makes use of the following additional options when performing client identification:
Mediated Identification
At the request of the Client or the Company, the identification of the Client, or a natural person acting on behalf of the Client, may be made by a notary or a public administration contact point, in the physical presence of the identified natural person. The notary or the public administration contact point shall draw up the instrument of identification, which shall be a public document, containing the particulars and annexes referred to in Section 10(a). 2 and 3 AML of the Act, namely:
Information:
1) who, at whose request and for what purpose made the identification
2) client identification data
3) the certification of the statement of the identified natural person, the person acting on behalf of the identified legal person or the representative of the identified person on the purpose of the identification made and on the confirmation of the accuracy of the identification, and, where applicable, the reservations on the identification made
4) the place and date of drawing up the document, where applicable, the place and date where and when the identification took place, if different from the place or date of drafting
5) the signature of the person who made the identification, the imprint of his official stamp and the serial number of the identification document
6) the annex to the identification document shall be copies of those parts of the documents, used for identification, from which identification details can be ascertained, as well as the type and number of the identity card, the State or, where applicable, the authority which issued it and its period of validity, and a copy of the application, if submitted in writing. As regards identification of the agent, the original of the power of attorney or a certified copy thereof is also annexed.
This public document, including its attachments, must be deposited with the obliged entity prior to the establishment of the business relationship or the execution of the transaction.
The company usually performs client identification remotely. Personal verification can only be performed if the Actual Owner(s), Director(s) or authorized employees of the potential Client meet with a Company representative (e.g. for conference, business meetings, social activities, etc.). In such a case, the Company accepts personal identification if the meeting is supported by a written confirmation of such fact by an authorized Company employee and accompanied by KYC documentation by the Client. The identification details shall be transmitted by the authorised employee to the Department of KYC without undue delay for the transfer of information to the Company's internal system.
The Company will perform Client identification without physical presence after Client:
1) Concludes with the Company a contract for the provision of financial services in written or electronic form
2) The client will provide information using the process described in point 4
3) The client provides an additional ID card, namely driving licence, passport, employee card, birth or marriage certificate
4) The first payment from the contract will be made through an account held in the name of a client with a credit institution (including in the territory of another EU/EEA Member State).
5) Demonstrates the existence of an account held in the name of the Client (The Company also accepts the existence of a joint account held specifically for both spouses or even just one spouse). The company considers the account agreement or a copy of the current statement from such account (no more than 3 months old) to be a sufficient document.
Only after all the above conditions have been fulfilled, following an inspection by the Department of KYC, which is responsible for checking the information entered in the Company's internal system, will the decision on sufficient identification, simple doubts about the Client's real identity, shift to the management of the company and the possibility of carrying out transactions.
The company is aware that the use of surrogate identification under the relevant provisions of Section 11 of the AML Act does not relieve it of its responsibility for the proper and complete fulfilment of the identification and, where applicable, the client control acts taken. The risk factor of distance identification is then taken into account in the client's risk assessment.
The Company shall carry out a client inspection, in order to obtain information on the purpose and intended nature of the transaction or business relationship, to establish the ownership and management structure of the Client and its beneficial owner, to monitor the business relationship with an overview of the purpose and to assess the conformity of the transactions carried out with the information provided, to examine the sources of funds or other assets, in the trade or business relationship and to check the origin of the property with PEP, as well as to check the Client against the received and appropriate sanctions to comply with legal requirements and the Company can effectively identify and combat risks.
Company shall perform customer Due diligence:
Due Diligence contain:
5.1 Obtaining information on the purpose and intended nature of the transaction
The purpose of obtaining this information is to create the conditions for a future evaluation of whether sub-transactions show signs of suspicious trade. Clients Companies may use crypto payment services. The Cash Transfer Service allows Client to receive or send transactions in several ways – The KYC and Risk Management Department evaluates the rationality of the transactions carried out, which corresponds to the information received when the client enters into a business relationship, as well as transaction models which show a consistent pattern of similar amounts over time, towards or from the 3rd person, where both the amount and the frequency of the transactions executed correspond to the type of business. The KYC and Risk Department will request information on the purpose in a situation where:
5.2 Identifying the ownership and management structure of a client
Obtaining information about the client's ownership structure and identifying the client's beneficial owner is essential for assessing the client for the potential risk of ML/FT. The Company shall identify relevant relationships up to a specific natural person or multiple natural persons who have significant influence over the activities of that client, including indirectly (through other natural or legal persons).
When conduct Due diligence of Legal entity, Company shall detect and record:
5.3 Ongoing monitoring of the business relationship and transactions monitoring
In addition to the justification for CDD and EDD authentication, the other basic rule of effective ML and TF prevention is continuous monitoring of the trades and activities of the Client. For the Company, this activity is a prerequisite for sustaining an RBA where high-risk clients are subject to appropriate regular due diligence.
The KYC team, together with the Risk team, performs ongoing monitoring of clients and their business, with an emphasis on the frequency and extent of deviations from the client's normal business activities. In the case of the identification of a suspicious transaction, the Risk team conducts an individual assessment of the characteristics of the transaction (in terms of the nature, volume, beneficiary. It will then make a comparison with previous transactions recorded under the Company's internal system for the client, taking into account the client type, purpose of account creation and client's pre-existing risk profile.
If the Client changes the nature of the transactions, if it increases the number or value of transactions compared to its past behaviour or with the estimates originally provided, the Risk team shall determine the reason for such developments. In case of doubt, the Risk team shall be entitled to request additional information and appropriate supporting documents from the Client to justify the changes, in particular.
These measures shall be taken by the Company at the latest before the execution of the business and for the duration of the business relationship.
If a particular business relationship fulfils at least one of the following headings, the responsible staff of the Risk team shall report the fact to the head of the Head of Risk and Compliance Department, who shall decide the course of action. The list includes, but is not limited to:
- unusual requirements for the execution of a transaction (e.g. a client requires the execution of a transaction that is unusual in its volume or is executed in an unusual manner);
- client resources do not clearly match the nature or scope of the client's business activities;
- transactions are directed to areas where the Client does not normally have or is not expected to have business interests;
- the transaction lacks an economic, factual or legal basis;
- the description of the transaction makes no sense or is not transparent from an economic perspective;
- the transaction is carried out with a potential PEP;
- The Company is aware that the transaction goes to/from a country categorised as high risk or if it exceeds EUR 10,000.00;
- the transaction goes to/from a country categorised as risky or if it exceeds EUR 20,000.00;
- the quantity transferred is just below the mandatory identification or due diligence (EDD) limit;
- transactions to/from countries subject to international sanctions;
- group of clients makes similar transactions.
The Company shall refuse to undertake any transaction in the following cases:
- The client will not provide the necessary assistance, will refuse to undergo a check or will refuse to submit the identification details of the person he is dealing with;
- The client or its beneficial owner is a person (natural or legal) to whom the Czech Republic applies international sanctions under the relevant law;
Continuous monitoring (monitoring) is intended to monitor the background of the Client's business and update its risk profile, taking into account any changes that have occurred since the Client's hiring, in order to reduce financial and reputational risks.
The reputation monitoring consists of checking the validity of the client's license (if the Client is subject to supervision), warnings issued by supervisory authorities, negative reports, complaints and online ratings on the web.
Other measures to be taken into account are continuous checks of the Client website to ensure that the products and services offered comply with all relevant regulations.
If the Company determines that the type of business does not correspond to the described activities and documentation when it receives the Client, or if the Client reports false information in the context of identifying or providing the assistance, the employee shall report that fact using an internal compliance report.
Subsequent monitoring (post-transaction) checks that current transactions match the Client profile, taking into account relevant amounts, transaction frequency and total volume.
If the Risk team, in cooperation with the KYC team, discovers during the process of receiving a Client in the Company's internal system that the Client is suspected of supporting terrorism, such information will be transmitted using an internal Compliance report for the purpose of the STR
5.4 Reviewing the sources of funds or other assets involved in the transaction
As part of the Client Control Process, the Company may request information regarding the origin of the funds involved in the transaction or business relationship, other than the identification itself.
Besides KYC team, the origin of money may also be required from the Risk team when a particular transaction achieves a higher level of risk. To review the client's cash resources, the Company accepts:
Below are additional options for determining the origin of Client's money through an independent source:
The aim of the check is to establish the source of the funds used in the transaction or business relationship. In the case of a business relationship, this part of the client's control is carried out in particular at the time of its creation, so that the benchmarks for future control can be used. If there is any doubt as to the declared origin of the funds, the Sales team is asked, in agreement with the KYC team, how to secure information from the Client (in the form of an additional questionnaire on the origin of the funds, the Client's current business activity, or certain private events associated with accepting a gift or acquiring an inheritance).
If the Risk team determines that the origin of the Client's money is clearly from legitimate sources and the transaction corresponds to the purpose and identified Client information at identification or control, further Client investment may be waived in a specific transaction.
Conversely, if the Client poses a high risk in terms of MLs and information on the origin of the money indicates an increase in risk compared to the risk profile identified so far, the KYC team is required to consider further investing the business or Client.
5.5 Adequate measures for Source of Funds where Client is PEP
In the case of PEP, which is separately categorised as a high-risk Client under Annex 1, the Company finds information on the source of the Client's assets used in the transaction, as well as the determination of the volume of such assets, the frequency of the acquisition/generation of such assets or funds over time. If the Compliance and Risk Department may not allow such business to take place, even in the context of an existing business relationship with Client. The procedure of PEP clinet identification should be applied.
5.6 Additional information to perform and check client identification
Client shall provide the obliged entity with the information necessary to make the identification. Also in the context of control, active cooperation of the client is foreseen, which may consist, for example, in the presentation of relevant documents and declarations. The client must be informed that the information being obtained is required under the AML law (the confidentiality obligation extends to any STR filing and FAU investigation).
The company may make copies or extracts of the documents submitted and process the information obtained to fulfil the purpose of the AML Act. However, making copies is subject to obtaining the consent of the client.
In case of doubt, the obliged entity may request further supporting or clarifying information from the client and, in the absence of such information or lack of clarity, the Company will not undertake the transaction, or may submit it to the STR. If the client refuses to cooperate, the obliged entity will not conduct the transaction. If doubts about possible misuse persist after the inspection, this justifies the submission of an STR.
When carrying out individual transactions, when establishing a business relationship with a client, as well as during the course of that relationship Company shall:
Risk assessment involves identifying and evaluating the attendant risks that the Company may face by the nature of its business and developing appropriate strategies to manage those risks.
During its operations, the Company may be exposed to the following risks:
Due to the nature of the Company's business activity, an appropriate process was created to identify the Client before entering into a business relationship with him. This RBA approach The Company applies prior to completion of verification in the context of client identification or before entering into a business relationship.
In order to evaluate and manage the risks of ML/TF, the Company has developed a detailed acceptance form for Clients, including Client Risk Assessment and Compliance under Recruitment. This form serves as a basis for determining the risk category and for any due diligence of the Client.
For acceptance purposes, the client shall undergo an overall risk assessment based on an evaluation of the following sub-risks:
Below is a summary, listing the client's own risks and their assessment, with guidance provided to employees of the Company for Client Categorization:
Risk Assesment – Client Typology
|
Risk category |
Examples of Clients |
|
Very low/low risk |
Public authorities, ministries and national companies; Simple ownership and corporate structures; The identification of the Client was made in the physical presence (face-to-face). The origin of the client's funds can be easily identified and corresponds to the information received |
|
Medium risk |
Any client that does not fall under the previous category of "low risk" clients or the following category of "high risk clients" will be categorised as a medium risk Client. |
|
High/Very high risk |
Client identification could not be made in person; There is an increased risk of ML or TF due to Client's CDD-based business activity; Negative records in any medium in relation to the company or individuals involved in the management of Client or its ownership structure; Anonymous accounts, so-called shell accounts or exclusively pay-through accounts, through which the Client plans to make or clear payments within the Company; Unclear source of client funds; The names of the management or directors on the website do not correspond to the names provided in the context of client control; The client's ownership structure includes PEP, a person close to PEP, SIP or SIE; Transactions planned for execution through the Company do not have a clear meaning and purpose from a financial point of view; The client is owned by appointed shareholders (‘nominee shareholders’). Telephone contact is provided from a country which was not mentioned in the pre-contract negotiations and does not correspond to the CDD provided; Repeated address changes when accepting a Client or in the course of a business relationship; The address or other relevant Client information provided when identifying a natural or legal person appears vague or unusual; The client is a charitable or other non-profit organisation; Non-transparent client ownership structure; The address provided is undetectable by normal publicly available means (web). The main business activity involves one or more of the following: - Pharmacy - Dating services - VoIP or telemarketing - investment in diamonds or precious metals - occult services |
|
Prohibited |
Client does not provide assistance in identification or checking There is a discrepancy in the information provided that the Client is unable to credibly explain. The client will not provide the necessary synergy in controlling the origin of the money. The client is not economically active, with no plans to be economically active The client issued/issues bearer shares. The client is PEP and the Company is not known about the origin of the funds; Client or beneficial owner of the client is listed in the list of persons or organisations subject to international sanctions under the relevant legislation; The client acts in the name of another person, is accompanied or followed by other persons who appear to wish to remain anonymous; The Client's business area includes prohibited activities under these Measures. The client has, according to available information, been convicted, arrested or charged in connection with criminal activity, has a criminal record or, according to available information, maintains a connection with persons associated with criminal groups or is directly involved in their illegal activities. Client has country of origin in high-risk country according to Annex 2.1 |
Company shall not accept a person who carries on as his main business:
Based on information gathered during client identification and due diligence, the Company will perform a client categorization, taking into account the risks listed above. This evaluation enables the Company to establish and update risk assessments and to establish rules for commencing a business relationship or refusing to establish a business relationship.
If the average AML compliance score of a new or pre-existing Client is evaluated on the basis of the criteria above, the final risk score is calculated to determine the required level of control (due diligence) with the possibility of necessary management approval according to the criteria below. In this way, the Company can justify to the oversight body performing the compliance check the appropriateness of the scope of the Client inspection.
|
Risk Assesment – Client’s Typology |
||
|
Risk Category |
Low Risk |
Medium and High Risk |
|
Level of Due Diligence |
CDD CDD and client screening must meet the RBA's request and justify requesting further information. |
EDD EDD and client screening must meet the RBA's request and justify requesting further information. |
|
Approval Level |
KYC Department |
MLRO/ MLRO assistant |
In order to effectively implement the measures set out above, the Sales team (as the first level of ML/FT risk protection, responsible for communicating with clients) is required to cooperate with the Compliance and Risk Department, responsible for further verification and monitoring of Clients and their activities.
The Company Client identification process is normally performed remotely. Personal verification can only be performed if the Actual Owner(s), Director(s) or authorized employees of the potential Client meet with a Company representative (conferences, business meetings, social activities, etc.). In such a case, the KYC Department may also accept personal identification if the face-to-face meeting is supported by written confirmation of such fact by the relevant Company representative, accompanied by the KYC documentation by the Client.
The following facts are given special attention in the process of identifying the Client in the form of the EDD if the Company detects any of the following:
The KYC team is responsible for the escalation of high-risk cases to the final MRL opinion.
In the following cases, the Company will refuse to open an account/enter into a business relationship or will be required to terminate an existing account/business relationship and refuse any further transaction:
The risk assessment methodology is as follows:
The risk assessment shall be made in writing and kept up to date. The risk assessment check, including documentation of changes, shall be carried out by the Company at least once a year.
6.1 Risk categorisation of products and related services that may be misused for ML/FT
By the nature of its activities, the company performs a limited range of risk identification of individual sub-products (for which the Client requests either at the beginning of the business relationship or during the course of the business relationship over the amendments to the Framework Agreement) less disaggregated.
The crypto wallet service allows the Client to send and receive money around the world (i.e. both within and outside the SEPA area) in different currencies, a money transfer or e-money service within the EU and globally.
These are risks associated with standard transfers to an account under a special scheme, whereby the Company accepts the funds of its clients and credits them to an electronic wallet without appropriate transfer fees.
Additional risks compared to crypto transfers (in addition to customer identification and the reason for payment between banks) that may arise in the context of the transfer of funds between clients' wallets, the funds of which have already been received on a special mode account, where there is no real movement in the bank account, but clients can move cryptocurrencies between themselves. Thus, a chain of payments may occur without their being reflected in a separate scheme account, unless any client requests a transfer from an electronic wallet to a recipient who is not a Company client.
Outside SEPA transfers, the Company gives the possibility of international crypto transfers where there is an additional risk of taking into account the country to which the payment is sent in connection with the reason for the payment and customer identification.
The Company applies enhanced due diligence for crypto-asset transfers, ensuring information about the originator and beneficiary accompanies each transaction, in compliance with Regulation (EU) 2023/1113 (TFR) and MiCAR obligations.
Specific risks related to crypto-assets, including anonymity-enhancing technologies, self-hosted wallets, and cross-border transfers, are assessed as part of the Company’s AML Risk-Based Approach in line with MiCAR Article 67.
The Company may refuse any crypto-asset transaction if required data under MiCAR or the TFR is incomplete or non-compliant.
During those transfers, there is a conversion of funds where the Company relies in this respect on the bank's conversion rate, which accepts its client funds for a separate mode account. Society accepts the exchange rate of a given currency pair, offered by a bank. This applies to both standard transfers and electronic wallets.
All of these services The Company understands as a whole for the time being, with this in mind, is conducting a Risk Assessment including a categorisation of products more generally than a larger institution, e.g. a bank with dozens of products for clients, has a range of services.
6.2 Detailed non-exhaustive list of suspicious transaction
Facultative signs of suspicious transaction
Transaction is considered suspicious if, for example any of the following are discovered by the Company:
Obligatory signs of suspicious
In the situations listed below, transaction is considered as a suspicious and is reasonable to report a such a transactions as suspicious
A company shall reject a transction (or refuse to establish a business relationship or terminate a business relationship with Client) in the event that an identification obligation is given pursuant to Section 7(a) 1 or 2 of AML Act:
Record Keeping
The Company shall, in accordance with Section 16 of the AML Act, keep the following information for 5 years from the last single transaction or the termination of the client business relationship:
The Company receives, stores and maintains copies of these data in accordance with the Record Retention Requirements of the Personal Data Processing Act (GDPR).
The retention period shall begin on the first day of the calendar year following the year in which the last transaction known to the obliged entity was made or in which the business relationship was terminated.
The Company retains crypto-asset transaction records, including originator and beneficiary information, for at least 5 years in compliance with MiCAR and the Transfer of Funds Regulation (EU) 2023/1113.
As part of its compliance with the AML policy, the Company also maintains the following documents:
The record-keeping period shall begin on the first day of the calendar year following the year in which the last known transaction known to the Company was made or in which the business relationship was terminated.
The assessment report, together with an appropriate statement, shall be kept by the Company under Section 21 of the AML Order for a period of 5 years.
The company can retroactively reconstruct all approval and decision-making processes and control activities under the measures, including associated responsibilities, powers, background and assessment of the assessment report. Information on findings made in the course of customer inspection, the review of trades and correspondence relating to trades and business relationships is also retrospective reconstructive. It must also be retrospectively reconstructive to such a process that results in the conclusion that there are no grounds for changing the client's risk profile or for submitting/not submitting an STR. All of this data is stored in the Company's internal system, is not publicly available and is made available for use by each employee at initial training.
Responsibility for the retention and transmission of Client data lies with the Compliance and Risk Department.
The assessment report, together with an appropriate statement, shall be kept by the Company under Section 21 of the AML Order for a period of 5 years.
The entire data retention process is retroactively reconstructable including historical versions of the evaluation report as well as PIEs and other internal company regulations. The data is stored electronically by dedicated servers. Similarly, data on all client transactions executed are retained, based on the relevant internal regulation governing the handling of data in the internal system. Documents delivered in electronic form shall be stored in principle electronically, in accordance with the requirements of Section 16 of the AML Act.
Review of trades, correspondence relating to trades and business relations with Client, information obtained from Client identification, as well as internal reporting of suspect activity from the employee who referred the report to the MLRO to the STR itself performed by the MLR are also stored in the Company's internal system, communications between the employee and the MLRO are traceable in retrospect, while information on their handling is extremely sensitive, subject to confidentiality.
All employees of the Company are aware of the fact that informing the person against whom an internal report submitted to the MLRO has been made, or against whom an ML or TF investigation is being conducted, is prohibited, as is taking any action that may entail forwarding internal reporting information to that person (so-called "tip off"). Falsifying, concealing or destroying documents essential to the reporting of a suspicious transaction from the perspective of ML or TF is also an unlawful act.
The Compliance and Risk Department is responsible for the retention of data pursuant to Section 16 of the AML Act, with special arrangements for the reporting of the STR (as well as the submission of a route notification) for which the FAO (police authority) is responsible, obtaining the requested information and communicating with the authorities, including the breach of confidentiality pursuant to Section 39 of the AML Act, is liable to the MLRO.
All Company employees are required to provide the MRL without delay with the necessary on-demand assistance by the corporate email client, no later than 1 working day from the dispatch of such request.
9.1 Internal reporting of suspicious activity
If the Risk team has assessed the transaction as suspicious, and if he has confirmed the reasons for doing so, or if the KYC team has confirmed the activity of the Client (Behaviour) as suspicious, they are required to promptly inform the MLRO via the Company's internal system or to the MRL's service address, but no later than 2 days from the date of discovery of such fact.
MRL's service address, but no later than 2 days from the date of discovery of such fact.
An internal suspicious activity report shall contain all information for a full evaluation of potentially suspicious activity, including a description of the facts and material circumstances of the transaction, the transaction date or the detection of the Client's suspicious activity.
The MLRO has access to the relevant documentation underlying the submission of the internal report, including the identification or check performed on such Client (before or after the unusual activity), taking into account the Client's behavioural patterns and transaction volumes.
Normally, an internal report will be filed by members of the KYC or Risk team, involved in client identification and follow-up. The sales team can report changes to the Client's structure, business and business (non)successes.
Notwithstanding the above, all Company employees must be aware that they may be present with unusual client behaviour which may be the cause of the fact or circumstance on the basis of which the internal report will be submitted to the MLRO.
Each staff member is required to:
All employees of the Company are aware of the fact that informing the person against whom an internal report submitted to the MLRO has been made, or against whom an ML or TF investigation is being conducted, is prohibited, as is taking actions that may entail transmitting information about an internal report to the person under investigation (so-called "tip off"). Falsifying, concealing or destroying documents essential to the reporting of a suspicious transaction from the perspective of ML or TF is also an unlawful act.
9.2 The situation where an STR is administered at FAU
The company shall report suspicious trade on the basis of the above, but in particular if:
FAU contact detail
Phone connection (7:45 AM – 4:15 PM): +420 257 044 501; (4:15 PM – 7:45 AM): +420 603 587 663
Fax: +420 257 044 502
Personal Delivery Address: Washingtonova 1621/11, 110 00 Praha 1
Mail Delivery Address: P. O. BOX 675, Jindřišská 14, 111 21 Praha 1
E-mail: [email protected] (cannot be used for administering STR)
Data box: egi8zyh (cannot be used for administering STR)
9.3 STR Properties
The STR shall contain all information available to the notifier about the transaction, its context and its participants, namely:
The STR shall not include details of the employee of the obliged entity or a person in a similar employment relationship who has identified the suspicious transaction;About filing of the STR the Company maintains confidentiality towards the Client, except for § 40(2)) 3 AML of the law.
Compliance with a client order here includes the completion of any transaction in which ML/FT is suspected.
Where there is a risk that complying promptly with the client's order could frustrate or make it significantly more difficult to secure proceeds of crime or funds intended to finance terrorism, the obliged entity may comply with the client's suspicious trade order no earlier than 24 hours after the STR has been served on the FAO. Property to which the client order relates shall be secured in an appropriate manner against manipulation that would be contrary to the purpose of the AML Act.
Compliance with the client's order shall not be delayed where such postponement is not possible or where it is known to the obliged entity that such postponement could frustrate or otherwise jeopardise the investigation of a suspicious transaction; the obliged entity shall immediately inform the FAO of compliance with the client's order. Where the transaction has taken place by the time the STR is filed, the obliged entity shall communicate the information about the transaction directly in that notification if the transaction takes place at a later date, the obliged entity shall file the information with reference to the notification lodged and in it shall communicate the exact timing of the transaction.
If there is a risk that immediate compliance with the client's order could frustrate or make it significantly more difficult to secure the proceeds of crime or the means of financing terrorism, and the investigation of suspicious trade requires a longer period of time for complexity, the FAO may decide:
The abovementioned time limits do not apply to the seizure of property if the property is to be seized in accordance with the relevant legislation issued to implement international sanctions. Detention takes place on the basis of the relevant sanctioning regulation, so there is no need (or possibility) to implement precautionary measures under the AML Act. At the same time, however, there is always suspicious trade within the meaning of Paragraph 6(2) of the Sixth Directive. 2 AML of the Act and is therefore required to file an STR. Silence under Paragraph 38(1)) 1 The AML of the Act applies only to the STR in such a case, not to the fact of being secured under the relevant sanction code. The person concerned by the seizure may be informed of it and may also seek the lifting of the restriction through the courts. It may also claim that it is not against whom sanctions are to be applied (match or form of names, misidentification, etc.). Such detention is not limited in time as a precautionary measure under Section 20 of the AML Act, but lasts for the entire duration of the sanction.
Contact person: See Annex 5
Fulfilment of the information obligation
MLRO at the request of the FAO within the deadline set by it, in the form customary for collecting information on Clients (data information, files and/or scans of paper backings:
The obliged entity shall provide clients with the information required under the provisions of Section 11 of Act No 101/2000 Coll., on the protection of personal data, before establishing a business relationship or conducting a business outside a business relationship. This information shall in particular contain a general warning regarding the obligation of the obliged entity to process personal data for the purpose of preventing ML/FT.
Measures to implement deferral of client order
A proclamation of an FAO decision to defer compliance with a client order may be made orally, by telephone, by fax or by electronic means, but a copy of the written copy of the decision is always subsequently served.
Where the obliged entity has notified the FAO of a suspicious transaction, the basic deferral period of the client order, including its extension, shall be calculated from the time the FAO received the notification.
If the obliged entity has not notified the FAO of the suspicious transaction and the FAO decides to postpone the fulfilment of the client order or the seizure of the property, the beginning of the period is determined by the declaration of the FAO decision.
The obliged entity shall in turn certify to the FAO that the deferral of the client's compliance has been deferred, that the extension has been applied, or that the security of the property has been realised, and confirm the time from which the period is calculated.
In addition, the obliged entity shall keep the FAO informed of all material facts concerning the assets identified in the decision (e.g. attempts to break collateral).
If the FAO has not informed the obliged entity by the end of the period specified by it that it has made a complaint or has revoked the detention order by decision before the end of the period, the obliged entity may carry out the client's order.
If the FAO notifies the law enforcement agency within the deadline, the suspension of compliance with the client's order or seizure of the property shall be extended by 3 working days from the date of the complaint in question. The FAO informs the person liable of making the complaint. The obliged entity therefore carries out the client's order at the earliest after the expiry of a period of 3 working days from the date of the complaint, but only if the law enforcement agency has not decided by the end of that period to withdraw or secure the object of the suspicious transaction. The period of 3 working days shall end either at the end of the period or earlier, provided that the law enforcement authorities implement the appropriate precautionary measures before the expiry of that period. (The time limit of 3 working days is calculated from the beginning of the day following the date on which the FAO filed the complaint.)
Where the Company has executed a client's order because postponing the order could frustrate or otherwise jeopardize the investigation of a suspicious transaction, it will always inform the FAO of the client's MLRO compliance.
Company and all employees Companies are required by Section 38 of the AML Act to maintain confidentiality and thereby ensure in particular:
The confidentiality obligation applies to:
The confidentiality obligation shall not be waived by the transfer of the Company's employees to another job, the termination of their employment relationship or the cessation of the Company's activities referred to in Section 2 of the AML Act.
Any facts that are subject to confidentiality are bound to be kept confidential by anyone who learns about them.
All employees of the Company are required to give informed consent to having read and understood these Measures and to give their consent in writing within 30 days from the date of commencement of their employment. Regardless of job position, each Company employee shall undergo an Inter AML/CFT training organised and approved by MLRO. Staff in the KYC and Risk Department will also receive specialised training from respected training providers to further develop and reflect new trends in suspicious transactions, identification and control of individuals, while reflecting in the form of updated training material to other staff.
Internal AML/CFT training for all staff is designed to provide information to all staff and their understanding of the following:
Company employees will confirm their presence at the training sessions by signing attendance. The company archives attendance together with personnel training records and a list of topics discussed.
By way of management, the Company will carry out an ongoing compliance check within the Company among its employees. This includes also the action taken by MLRO:
MLRO shall produce an annual report evaluating the Company's ML prevention activities (hereinafter referred to as the ‘Evaluation Report’) no later than the end of the fourth calendar month following the end of the period for which they are processed, and submit it to the director. The company keeps the evaluation reports for 5 years.
The evaluation report shall consist of the following:
Statutory body The company, shall discuss the evaluation report no later than 4 months after the end of the period for which it is being prepared and shall comment on the shortcomings identified and the proposals contained therein.
The Company constantly monitors developments and changes in the fight against ML/FT (i.e. laws, decrees, government regulations, etc.) and trends in the development of risks associated with the area of business. For legislative changes, the Company will bring the content of the Measure into line with legislative changes and ensure that all employees affected by such changes are trained. Similarly, the Company is proceeding with the detection of new risks and taking necessary complementary measures to mitigate them.
These measures are binding on all Company employees and effective with them from 20th of June 2025.
In accordance with RegulaVon (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on Markets in Crypto-Assets (MiCAR), as applicable from 30 December 2024, this policy integrates obligaVons relevant to crypto-asset service providers (CASPs), including anV-money laundering (AML), consumer protecVon, governance, and prudenVal requirements.
MiCAR: RegulaVon (EU) 2023/1114 governing issuers of crypto-assets and crypto-asset service providers within the EU.
CASP: Crypto-Asset Service Provider, as defined under MiCAR.
The Company applies enhanced due diligence for crypto-asset transfers, ensuring informaVon about the originator and beneficiary accompanies each transacVon, in compliance with RegulaVon (EU) 2023/1113 (TFR) and MiCAR obligaVons.
Specific risks related to crypto-assets, including anonymity-enhancing technologies, self-hosted wallets, and cross-border transfers, are assessed as part of the Company’s AML Risk-Based Approach in line with MiCAR ArVcle 67.
The Company may refuse any crypto-asset transacVon if required data under MiCAR or the TFR is incomplete or non-compliant.
The Company retains crypto-asset transacVon records, including originator and beneficiary informaVon, for at least 5 years in compliance with MiCAR and the Transfer of Funds
[1] Tech Capital Solution s.r.o. – legal entity estabilished under Civil Code and Business Corporation Act, based in Rybná 716/24, Staré Město, 110 00 Prague, reg. number 19486154.