Support

AML Policy

AML – Anti-Money Laundering Policy

1 Introduction & Background

1.1Scope & Purpose

The provisions in this Anti-Money Laundering Manual aim to reduce the possibility for the business of providing services by VIPPASS to be used for criminal purposes or in violation of regulations.

This Manual provides guidance detailing responsibility with regard to the prevention of money laundering and funding of terrorism from the perspective of the legal frame work of the United Kingdom and international accepted regulations in this area. This information includes due diligence, monitoring, training and record-keeping policies and procedures, as well as a description of the role and responsibilities of the Compliance Officer.

1.2 Abbreviations

AML: Anti-Money Laundering

CMP: Compliance Monitoring Program

CFT: Combating Funding of Terrorism

EU: European Union

KYC: Know Your Customer

FATF: Financial Action Task Force

FIAU: Financial Intelligence Analysis Unit

PEP: Politically Exposed Person

STR: Suspicious Transaction Report

1.3 Definitions

1.3.1 Money laundering

  1. i) the conversion or transfer of property knowing or suspecting that such property is derived directly or indirectly from, or the proceeds of, criminal activity or from an act or acts of participation in criminal activity, for the purpose of or purposes of concealing or disguising the origin of the property or of assisting any person or persons involved or concerned in criminal activity;

  2. ii) the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect of, in or over, or ownership of property, knowing or suspecting that such property is derived directly or indirectly from criminal activity or from an act or acts of participation in criminal activity;

iii) the acquisition, possession or use of property knowing or suspecting that the same was derived or originated directly or indirectly from criminal activity or from an act or acts of participation in criminal activity;

  1. iv) retention without reasonable excuse of property knowing or suspecting that the same was derived or originated directly or indirectly from criminal activity or from an act or acts of participation in criminal activity;

  2. v) attempting any of the matters or activities defined in the above foregoing sub-paragraphs (i), (ii), (iii) and (iv) within the meaning of the United Kingdom Code of Criminal Law (Penal Code)

  3. vi) acting as an accomplice within the meaning of the United Kingdom Code of Criminal Law in respect of any of the matters or activities defined in the above foregoing sub- paragraphs (i), (ii), (iii), (iv) and (v);

1.4 Law, Regulations and Rules

The Code of Criminal Law of the United Kingdom lays down the procedures for the prosecution of a money laundering offence as well as the measures for the confiscation of property upon a conviction of money laundering, measures for the freezing of assets when a person is charged with an offence of money laundering and measures for the issuance of an investigation and/or attachment order when a person is suspected of having committed an offence of money laundering.

The policies and procedures in this Manual aim to comply with both the rules and guidance contained in the NOPML, the NORUT and the NOIS which regulations themselves are referring to the Penal Code. In addition to these regulations the Central Bank of England has introduced a comprehensive framework with provisions and guidelines to prevent and combat money laundering and terrorist financing (hereinafter: the “Provisions and Guidelines” or “P&G”)). United Kingdom – as a member of the FATF – has based these Provisions and Guidelines on, among others, the FATF recommendations.

2 AML Systems and Controls – General

2.1 Policy Responsibility

The ultimate responsibility for Fit Avenue S.A.  (“VIPPASS”) anti-money laundering policy rests with the CEO. Day-to-day responsibility for the development and implementation of policies and procedures contained within this Manual.

AML policy

The policy operated by VIPPASS in order to meet applicable AML and CFT regulatory requirements are documented in this Manual. Policy will be regularly reviewed to ensure that it continue to meet regulatory requirements and the changing risk environment.

AML Risk

VIPPASS will undertake regular assessments of the money laundering risks.

VIPPASS will document its risk management policy and risk profile in relation to money laundering, and its application of those polices in this Manual and in subsidiary documentation referenced herein.

VIPPASS use the following guidance as a base for its AML risk model:

  1. a clear statement of the culture and values adopted towards the prevention of financial crime;

  2. a commitment to ensuring that identity will be satisfactorily verified in all cases and in a risk-based manner, before applicants for business are accepted as clients;

iii. a commitment to ongoing customer due diligence throughout the business relationship;

  1. a commitment to ensuring that staff are trained and aware of the law, their legal obligations, and how to meet those obligations;
  2. a clear allocation of roles, responsibilities and organizational structure, and recognition of the importance of staff promptly reporting their suspicions internally;
  3. virtual Currency Service Providers – regulate decentralized cryptocurrencies such as bitcoins and will apply to virtual currency service providers as well as electronic wallet providers, to cover the risks associated with cryptocurrencies.

vii. public Access to Beneficial Ownership Information – legal information about beneficial ownership will be granted to anyone demonstrating a legitimate interest. The beneficial ownership information will be comprised of; the name of the beneficial owner, date of birth, nationality, country of residence, and the extent of the beneficial interest held in that particular business.

viii. regulations for Bank Accounts and Safe Deposit Box – no accepted of the anonymity of bank accounts, saving accounts, and safe deposit boxes.

3. Customer Identification Program

3.1 The Company will take reasonable steps to establish the identity of any person for whom it is proposed to provide its service (hereinafter “Customers”). For this purpose, the process for the registration of Customers provided for under the General Terms and Conditions of the Company provides for the due diligence process that must be carried out before the opening of a user account.

3.2 The Company will keep at all times a secure online list of all registered Customers and information and documents will be retained in accordance with the applicable data protection obligations.

3.3 The Company will collect certain minimum Customer identification information from each Customer who opens an account. The Company will not accept to open anonymous accounts or accounts in fictitious names such that the true beneficial owner is not known. The information required will include at least:

  1. Customer’s date of birth (showing that the Customer is over eighteen (18) years of age);
  2. Customer’s first and last name;
  3. Customer’s place of residence;
  4. Customer’s credit card or banking information;
  5. Customer’s valid email address; and
  6. Customer’s username and a password. 

3.4 Documents to verify the identity information received will be requested from the Customer if and when there is considered to be risk or uncertainty about the information provided and prior to any payment in excess of USD 1,000 per occasion or when payments to the account are made in excess of USD 1,000. These documents shall include, to the extent permitted under the relevant data protection regulations:

  1. A copy of a valid identity card or passport;
  2. Proof of address; 

3.5 The Company may supplement the use of documentary evidence by using other means which may include:

  1. Independently verifying the Customer’s identity through the comparison of information provided by the Customer with information obtained from a reporting agency, public database or other source;
  2. Checking references with financial institutions; or
  3. Obtaining a financial statement.

3.6 The Company will inform relevant Customers that the Company may seek identification information to verify their identity and will compare Customer identification information with government or international -provided lists of suspected terrorists or sanction lists for example through the European Union or FATF on a monthly basis.

3.7 Any employee of the Company who becomes aware of an uncertainty in relation to the accuracy and truthfulness of the Customer information provided shall immediately notify the AML Compliance Person, who will review the materials and determine whether further identification is required and or so that it may be determined whether a report is to be sent to the relevant authorities.

3.8 If a potential or existing Customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, the Company will not open a new account and, after considering the risks involved, consider closing any existing account. In either case, the AML Compliance Person will be notified so that it may be determined whether a report is to be sent to the relevant authorities.

3.9 If a Customer appears on list of (suspected terrorists or otherwise sanctioned individuals the Company will take the appropriate steps to immediately freeze and or lose the account of the Customer.

3.10 If any material personal information of a Customer changes, verification documents will be requested.

3.11 When an employee of the Company detects any activity that may be suspicious, he or she will notify the AML Compliance Person. AML Compliance Person will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a report.

3.12 The Company will not accept cash or non-electronic payments from Customers. Funds may be received from Customers only by any of the following methods: credit cards, debit cards, electronic transfer, wire transfer cheques and any other method approved by the respective regulators.

3.13 Transfers of funds between Customers accounts shall prohibited.

3.14 Records relating to the financial transactions shall be maintained in accordance with the data protection and retention requirements in the applicable jurisdiction.

4 Procedures and Documentation Responsibility

Responsibility for the review and update of the AML Manual, and applicable sections, rests with the CEO.

The AML Manual is reviewed periodically and, as necessary, updated in order to reflect changes in legislation, national and international findings, the structure of Fit Avenue S.A., their customers, and the services offered.

The procedures contained in this Manual reflect the VIPPASS AML Policy and must be adhered to by all VIPPASS staff.

AML risk factors

An AML risk assessment overview will be maintained in order to allocate and track the components of the separate risk classifications. VIPPASS categorize overall AML risk into:

  • Customer risk
  • Product risk
  • Interface risk
  • Geographical risk

5 Risk Assessment, Management and Risk-Based Approach Financial crime risk assessment

Where a new service, customer group or new geography is addressed by VIPPASS, the financial crime risk assessment will be updated during development/launch (to ensure that AML processes can support the new activities).

The results of the financial crime risk assessment will be used to inform the development of appropriate systems and controls (policies and procedures) designed to minimize the risk of VIPPASS being used for the purposes of financial crime.

Risk mitigation

In order to mitigate the risk of financial crime, VIPPASS will ensure that appropriate risk-based systems and controls are in place and operated. Existing systems and controls will be reviewed and where necessary amended to reflect changes in assessed risk and identified vulnerabilities.

Monitoring controls

When there is a change in the VIPPASS AML policy, or implementing procedures or AML rules, this Manual, and associated materials, will be updated.

6 Business Risk Assessment

The Company must also consider the AML/CFT risks associated with its business and adopt a risk-based approach when considering the requirements for:

■ Identity of partner

■ Evidence of identity

■ Enhanced partner due diligence

The major factors that may highlight increased or decreased potential risk are:

Nature of Business

Business in the form of corporate entities are considered by the Company to represent a greater risk to the Company from an AML/CFT risk, than an individual partner.

It is management’s considered view that a corporate entity transacting with the Company in what may be considered a normal manner represents only a minimal enhanced risk of money laundering or terrorist financing.

Nevertheless, the risk is enhanced and as such, satisfactory evidence of the nature and identity of the Business Partner is considered by Management to be essential prior to the business relationship being entered.

Status

A Politically Exposed Person (PEP) is generally considered to present a higher risk to a business with whom they are transacting. However, it is management’s considered view that a PEP transacting with the Company in what may be considered a normal manner represents only a minimal enhanced risk of money laundering or terrorist financing. Nevertheless, full enhanced due diligence must be conducted upon any identified PEPs.

A PEP is defined as a natural person who is or has been entrusted with prominent public functions, including:

■ A head of state, head of government, minister or deputy or assistant minister;

■ A senior government official;

■ A Member of Parliament (MP);

■ A senior politician;

■ An important political party official;

■ A senior judicial official;

■ A member of a court of auditors or the board of a central bank;

■ An ambassador, chargé d’affaires or other high-ranking officer in a diplomatic service;

■ A high-ranking officer in an armed force;

■ A senior member of an administrative, management or supervisory body of a State- owned enterprise;

■ A senior official of an international entity or organisation.

A PEP also includes family members and close associates of the above, including:

■ A spouse;

■ A partner considered by national law as equivalent to a spouse;

■ Other known close personal relationships such as a partner, boyfriend or girlfriend;

■ A child;

■ A spouse or partner of a child;

■ A brother or sister (including a half-brother or half-sister);

■ A spouse or partner of a brother or sister;

■ A parent;

■ A parent-in-law;

■ A grandparent;

■ A grandchild;

■ A joint beneficial owner of a legal person or legal arrangement, or any other close business relationship, with a PEP;

■ The sole beneficial owner of a legal person or legal arrangement known to have been set up for the benefit of a PEP;

■ A beneficiary of a legal arrangement of which a PEP is a beneficial owner or beneficiary;

■ A person in a position to conduct substantial financial transactions on behalf of a PEP.

Should the Business Partner be associated with that of a sanctioned individual, the Company will cease to conduct any further business. 

Location of Partner

A partner located in a jurisdiction which is not Financial Action Task Force (“FATF”) compliant, may generally be considered to represent a potential risk of money laundering or terrorist financing activity. However, whilst the Company considers a partner located in a jurisdiction be of high risk, it is management’s considered opinion that an individual a partner transacting with the Company in what may be considered a normal manner.

Therefore, partners located in Financial Action Task Force (“FATF”) will be subjected to enhanced due diligence and subject to a higher degree of monitoring.

In order to determine the partner risk, these factors will be considered on a case-by-case basis. 

Amount of funds being transacted.

The Company assesses the expected level of business at the outset of the relationship and reviews on an ongoing basis. If funds transacted are outside of the expected level, there is an enhanced risk of money laundering or terrorist financing activities and additional identity checks are undertaken or further source of funds/wealth obtained.

On its own, the risk associated with large deposits transactions may not be overly significant. However, when combined with irregular or unusual account activity or with the PEP status or location of the partner, the risk may be significantly enhanced. 

Nature and frequency of transactions

Where a partner is making regular transactions within the expected parameters there is considered only minimal potential risk of money laundering or terrorist financing. Irregular patterns of activity or regular transactions may highlight enhanced risk.

The procedures detailed in the following pages address both the requirement to identify partners and to gather evidence verifying their identity but also to monitor on-going activity to determine a change in the risk profile of the partner. 

Source of funds being transacted.

The source of the funds should be verified to be coming from a legitimate source with legitimate connections to the partner. Any changes to the source of funds when multiple transactions are being made should also be queried by the Company as this is a potential indicator of money laundering.

Summary of factors and considered associated risk:

■ Value of funds;

■ Jurisdiction of partner;

■ Status of the partner and its keypersons;

■ Source of funds;

■ Any other relevant matter brought to the attention during the account opening process for the partner;

■ Any relevant supervisory or regulatory guidance given by the FTC;

■ The legal nature of the business partner. 

Review of Risk Assessment

The Company will undertake a review of the relevance of its risk assessment as soon as it is reasonably practical to do so or as and when significant changes in business operations dictate.

Appendix A ‘Business Partner Risk Assessment’ is to be completed for all Partners. 

7 Customer Due Diligence

The Company has established systematic procedures for identifying an applicant for business and ensuring that such identity is verified on the basis of documents, data or information obtained from a reliable and independent source.

Persons subject to Identification and Verification

For the purposes of the services provided the follow legal and/or natural persons shall be subject to identification and verification procedures as stipulated below.

  1. The Customer being the natural person who is registered with the Company to which online services are provided by the Company;
  2. A company or legal entity which is considered to be an intermediary of the Company to which online services are provided by the Company;

iii. The Ultimate Beneficial Owners of a Company or legal entity which is considered to be an intermediary of the Company;

  1. The Directors of a Company or legal entity which is considered to be an intermediary of the Company;

For the purposes of the above that the “ultimate beneficial owner” of a body corporate or a body of persons includes all natural persons who ultimately own or control, whether through direct or indirect ownership or control, 25% or more of the shares or voting rights in the Company or legal entity in relation to which services are or will be provided.

Provided that natural persons who ultimately own or control a company that is listed on a regulated market which is subject to disclosure requirements consistent with Community legislation or equivalent international standards shall be excluded from verification requirements.

Provided further that in the case of a trust where beneficiaries have not been determined, due diligence will be carried out on any class of persons in whose main interest the trust is set up.

For the purposes of the above that the “beneficial owner” of a body corporate or a body of persons includes all legal persons who own or control, whether through direct or indirect ownership or control, 25% or more of the shares or voting rights in the Company or legal entity in relation to which services are or will be provided,

Provided that companies that are listed on a regulated market or otherwise subject to financial business regulation which are subject to disclosure requirements consistent with Community legislation or equivalent international standards shall be excluded from verification requirements.

Provided that for Directors, the Company shall only be required to identify such persons and hence, notwithstanding anything to the contrary, no verification shall be required to be collected.

Due Diligence for Natural Persons

Where the persons subject to identification and verification are natural persons, the following information shall be obtained in all cases in relation to identification and verification:

OPTION A:

  1. Verification of Details – one of the following:

1.1. a valid unexpired passport; or

1.2. a valid unexpired national or other government-issued identity card; or

1.3. a valid unexpired driving license. 

  1. Verification of Residential Address – one of the following not older than three (3) months:

2.1. a recent statement from a recognized credit institution;

2.2. a recent utility bill;

2.3. correspondence from a central or local government authority, department or agency;

2.4. any government-issued document where a clear indication of residential address is provided; or

2.5. any other document as may be specified in sectoral implementing procedures issued by the FIU.

In addition to the above, one of the following Options shall be satisfied for the purposes of Enhanced Due Diligence where the Customer’s risk has been assessed as ‘Medium Risk’ and two of the following Options shall be satisfied for the purposes of Enhanced Due Diligence where the Customer’s risk has been assessed as ‘High Risk’ as follows:

OPTION 1: One of the following

  1. a professional reference (warranted lawyer or auditor)
  2. a bank reference
  3. an additional recent statement from a recognised credit institution;
  4. an additional recent utility bill;
  5. correspondence from a central or local government authority, department or agency;
  6. any government-issued document where a clear indication of residential address is provided; or
  7. any other document as may be specified in sectoral implementing procedures issued by the FIU.

OPTION 2:

  1. the first payment be made from a bank set up in the EU or of a reputable jurisdiction with similar standards of banking regulation. For the purposes of this option ‘bank’ may also include financial institution, payment institution or electronic money institution.

OPTION 3:

  1. Determination of source of wealth and source of funds signed by a recognized accountant/auditor. 

OPTION 4:

  1. Police conduct certificate

Require that the documentation provided in OPTION A.2 and A.3 above is certified by a legal professional, accountancy professional, notary, person undertaking relevant financial business or a person undertaking an activity equivalent to relevant financial business carried out in another jurisdiction. Such certification should be evidenced by a written statement stating that:

  • the document is a true copy of the original document;
  • the document has been seen and verified by the certifier; and
  • the photo is a true likeness of the applicant for business or the beneficial owner, as the case may be. 

The certifier must sign and date the copy document (indicating his name clearly) and clearly indicate his profession, designation or capacity on it and provide his contact details.

Provided that in all cases where the applicant, beneficiary owner or the ultimate beneficial owner is a PEP, the Company will proceed to end the relative business relationship.

Due Diligence for Legal Persons

Part A

Where the persons subject to identification and verification are legal persons the following information shall be obtained in all cases in relation to identification and verification:

  • i) the legal person’s official full name;
  • ii) the legal person’s registration number (if applicable);
  • iii) the legal person’s date of incorporation or registration; and
  • iv) the legal person’s registered address or principal place of business. 

To verify the information and legal status mentioned under Part A(a), the most recently dated version of any of the following documents must be obtained: 

  1. i) Memorandum and Articles of Association; or
  2. ii) Certificate of Incorporation; or

iii) Signed declaration by an authorized official of the applicant for business; or

  1. iv) Company registry search, which includes confirmation that the private company has not been, and is not in the process of being dissolved, struck off, wound up or terminated; or
  2. v) Latest annual return; or
  3. vi) Other statutory document.

In relation to the above, the staff member must view the original document, a certified copy of the original or a downloaded copy from the official registry website. Certification should be carried out by the company secretary, a director or an officer occupying an equivalent position or by the Registrar of Companies or a person occupying an equivalent position in a foreign jurisdiction.

Alternatively, certification may be carried out by a legal professional, accountancy professional, notary, person undertaking relevant financial business or a person undertaking an activity equivalent to relevant financial business carried out in another jurisdiction.

The certifier must sign and date the copy document (indicating his name clearly) and clearly indicate his profession, designation or capacity on it and provide his contact details.

The certified copy of the original or the copy downloaded from the official registry website shall be retained by VIPPASS. Where an original document is viewed, VIPPASS shall keep a true copy of the document, signed and dated by an officer of the subject person, on file.

Alternatively, identification and verification may be carried out by obtaining one or more additional (different) documents from amongst the list provided in Part A above which verify the information obtained through the first set of documentation provided.

In addition to the above, one of the following Options shall be satisfied for the purposes of Enhanced Due Diligence where the Customer’s risk has been assessed as ‘Medium Risk’ and two of the following Options shall be satisfied for the purposes of Enhanced Due Diligence where the Customer’s risk has been assessed as ‘High Risk’ as follows: 

OPTION I:

  1. Latest audited financial statements; provided that in case of Enhanced Due Diligence, this shall only be required if allowed by the jurisdiction of the applicant for business.

OPTION II:

  1. The first payment be made from a bank set up in the EU or in any other jurisdiction with similar standards of banking regulation. For the purposes of this option ‘bank’ may also include financial institution, payment institution or electronic money institution.

OPTION III: Certificate of good standing or a certificate of incumbency, not older than six (6) months.

OPTION IV: A professional reference signed and duly dated by a legal professional, accountancy professional or notary.

Part B

Post identification and verification of the Legal Person, the Company shall also identify all the directors.

This shall be done by either of the following:

  1. i) referring to the list of directors contained in the most recent version of the Memorandum and Articles of Association; or
  2. ii) by performing a company registry search provided that the officers of the company are listed therein; or
  3. iii) by obtaining a copy of the directors’ register of the company.

Part C

Upon the identification of the shareholders and Ultimate Beneficiary Owners’ details as a result of the Organogram and documentation provided as mentioned above, the staff member shall perform and record the Due Diligence provided for natural persons in respect of such Ultimate Beneficiary Owners with particular regard to non-face-to-face procedures if required:

Provided that should the applicant’s operations be regarded as high risk, shareholders having between 10% but less than 25% of the control in the applicant, may be required to provide for identification details including but not limited to First Name, Last Name and Date of Birth.

In instances where the documentation provided under Part A does not identify the shareholders and the

Ultimate Beneficiary Owners, the applicant for business has to supply any of the following documents:

i i) Latest share register; or

ii ii) Signed declaration by an authorized representative of the applicant for business, which declaration should include sufficient details to enable the subject person to identify the shareholders and the Ultimate Beneficiary Owners.

For avoidance of doubt, no proof of address will be requested for shareholders holding an interest between 10% but less than 25%. 

Languages

All documents are to be provided in English. Certified translations are to be translated of documents in any other languages.

Customer Risk Assessment

Each customer is subject to a risk assessment and subsequently grated as Low Risk, Medium Risk or High Risk.

For the purposes of such assessments additional information may be required from the customer. 

Timing of Due Diligence

Each client shall provide a scanned copy of all documentation in order to assess that all the documentation is in order.

Client Acceptance Policy

The Companies or intermediary of the Company policy for acceptance of customers takes into consideration the Risk Assessment and Mitigation measures as well as the Risk Factors.

Client Acceptance

The Company or an intermediary of the Company shall not accept the following clients:

  1. Clients that fail the relevant due diligence identification and verification controls;
  2. Clients who themselves or their ultimate beneficial owners are excluded customers listed below;

iii. Clients who have in the past been reasonably associated or involved in criminal activities or other illegal activities as may result from searches on the clients, beneficial owners and on any other person in relation to whom due diligence is carried out. 

Risk-Based Approach for Accepting Clients

On the basis of the risk approach, risk factors are taken into account to determine the risk of each customer (low, medium or high). Different levels of Enhanced Due Diligence are applied in the event of Medium or High risk assessments. 

8 Ongoing Monitoring

The Implementing Procedures provide further that ongoing monitoring of a business relationship includes ensuring that the documents, data or information held by the subject person are kept up to date.

Ongoing monitoring processes will focus on ensuring that due diligence information provided is updated and that any documentation is not expired. 

Due Diligence information

Due diligence information will be reviewed as follows to ensure that it remains up-to-date.

Low Risk Customers: Annually

Medium Risk Customers: Once every 6 months

High Risk Customers: Quarterly

Procedures and Documentation

The Company notes that it offers a single service to its customers whereby the applicant for business is effecting payments for video software keys. Therefore, in all cases, the Company understands the nature of the relationship with the customer and all payments received are sourced from this business.

Training will be provided to relevant staff to ensure that they are aware of the requirement to stay alert to the possibility of suspicious activity and what suspicious activity might comprise.

Customer initial due diligence information will be periodically reviewed to ensure that it remains up-to-date as per above. This review is recorded by way of assessing whether any due diligence information has expired.

The review will also assess whether any changes have been made in the company structure and/or the persons involved. In such instance, due diligence will be updated accordingly.

9 Reporting Internal Reporting

VIPPASS’s reporting policy applies to the ‘relevant staff’ of VIPPASS.

VIPPASS will generate of suspicious activity report – Internal STRs – Internal suspicious activity reports may be generated by all relevant staff.

Where any relevant staff member knows or suspects, or has reasonable grounds for knowing or suspecting, that any customer is engaged in money laundering, they should report their suspicion either directly to the VIPPASS. 

10 Guidance on Implementation from the Implementing Procedures

The Implementing Procedures provide that generally, records may be kept in any of the following forms:

  • in physical files;
  • in scanned form;
  • in computerized or electronic form.

Subject persons should use a standardized approach to record keeping and must ensure that the approach used enables the quick retrieval of records.

11 Awareness and Training

The Implementing Procedures add that all employees should be informed of their functions and responsibilities.

Employees should also be made aware of the following:

  • the provisions in the Criminal Code on funding of terrorism; and
  • the Implementing Procedures.

The Implementing Procedures highlight that training should be tailored in accordance with the specific responsibilities and functions of the respective employees and the business carried out by the subject person.

Additionally, training should be of a more practical nature rather than simply theoretical. This means that the training provided should make references to real-life situations.

Subject persons need to determine the method in which training is to be delivered, as the most appropriate method may vary from one organization to the other. The method generally depends on the size of the organization. On-line learning systems can often provide an adequate solution for general training to all employees.

It is vital to maintain comprehensive records of training sessions which, should include:

(a) the date on which the training was delivered;

(b) the nature of the training;

(c) the names of employees receiving the training;

(d) the results of any assessment undertaken by employees; and

(e) a copy of any handouts or slides. 

12 Sanctions Lists 

Sanctions list screening is the responsibility of the MLRO. The performance of the screening procedures may be delegated or outsourced.

In obtaining, applying, and disseminating government and FATF findings, the MLRO ensures that all customers with whom a business relationship is established, are subject to due diligence procedures that ensure screening against relevant notices published by the OFAC, FIU and FATF.

Sanctions screening will form part of the initial due diligence procedures as well as the ongoing monitoring of customers. ‘False positives’ are investigated and any true sanction matches reported to the MLRO immediately.

Staff are required to report where they have knowledge or a suspicion that financial sanctions measures have been or are being contravened.

Procedures and Documentation

All customers shall be subject to Sanctions screening once this is actively implemented as part of the initial due diligence procedures, with all customers being rechecked regularly as part of the ongoing monitoring of customers.

Staff responsible for performing Sanctions checks will receive specific training. Matches will be investigated by staff in order to identify true matches from those that are ‘false positive’. All true sanctions matches must be reported to the MLRO immediately, using the Internal Suspicious Transaction Reporting Form and followed up by a phone call / email thereafter. Staff are required to report where they have knowledge or a suspicion that financial sanctions measures have been or are being contravened.

Politically Exposed Persons Provisions from the PMLFTR)

Regulation 7(1) of the PMLFTR states: “…where the applicant for business or the beneficial owner is subsequently found to be or becomes a politically exposed person as defined in regulation 2, customer due diligence shall proceed in accordance with regulation 11(6) and (7).”

Regulation 2 defines “politically exposed persons” as being “natural persons who are or have been entrusted with prominent public functions and shall include their immediate family members or persons known to be close associates of such persons, but shall not include middle ranking or more junior officials”.

This definition is extended further in Regulation 11(7) which provides as follows:

“For the purposes of the definition of ‘politically exposed persons’ in regulation 2 –

(a) the term ‘natural persons who are or have been entrusted with prominent public functions’ shall include the following:

(i) Heads of State, Heads of Government, Ministers and Deputy and Assistant Ministers and Parliamentary Secretaries;

(ii) Members of Parliament;

(iii) members of the Courts or of other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances;

(iv) members of courts of auditors, Audit Committees or of the boards of central banks;

(v) ambassadors, charges d’affaires and other high-ranking officers in the armed forces;

(vi) members of the administrative, management or boards of State-owned corporations, and where applicable, for the purposes of sub-paragraphs (i) to (v), shall include positions held at the Community or international level;

“(b) the term ‘immediate family members’ shall include the following:

(i) the spouse, or any partner recognised by national law as equivalent to the spouse;

(ii) the children and their spouses or partners; and

(iii) the parents; 

“(c) the term ‘persons known to be close associates’ shall include the following:

(i) a natural person known to have joint beneficial ownership of a body corporate or any other form of legal arrangement, or any other close business relations with that politically exposed person;

(ii) a natural person who has sole beneficial ownership of a body corporate or any other form of legal arrangement that is known to have been established for the benefit of that politically exposed person.” 

Regulation 11(6) sets out the procedure to be followed in the case of PEPs: 

“In accordance with sub regulation (7) and subject to sub regulation (8), subject persons undertaking transactions or establishing business relationships with politically exposed persons residing in another Member State of the Community or in any other jurisdiction shall –

(a) require the approval of senior management for establishing such business relationships;

(b) ensure that the internal procedures include adequate measures to establish the source of wealth and funds that are involved in these business relationships or transactions;

(c) conduct enhanced ongoing monitoring of the business relationships.”

11.2 Guidance on Implementation from the Implementing Procedures

The Implementing Procedures add that in determining whether the applicant for business or a beneficial owner is a PEP, subject persons are required to obtain such information directly from the applicant for business. This information may be obtained from the applicant for business’ response to a question posed in the application form where this forms part of the subject person’s procedures. Alternatively, subject persons may develop a questionnaire with specific reference to criteria that identify PEPs and which would be required to be completed accordingly by the applicant for business and the beneficial owner, where applicable. This questionnaire should be signed by the applicant for business and the beneficial owner, where applicable. On the basis of the mandatory risk procedures, subject persons should determine whether the use of commercial databases to confirm the information provided by the applicant for business is necessary.

11.3 Policy

VIPPASS has not currently implemented PEP screening, but it is looking into implementing an automatic integration with a third party database for PEP identification and screening.

VIPPASS take a risk -based approach to due diligence for PEPs and applies enhanced due diligence according to the assessed risk of the PEP customer.

Risk assessments for new customers, products or features will take account of the risk that the product might be used by PEPs for money laundering purposes.

KYC DOCUMENTATION

The current requirements are as following:

ID
Copy of a valid photo ID such as a passport, driver’s license or government ID card. This must include scans of the front and back of the cards. 
In the absence of photo-ID, we can accept a copy of a birth certificate. The certificate must have all four corners visible. We will also need a photo of the Customer holding up their birth certificate, with their face and the front of the certificate clearly visible.

Proof of Address
A utility bill or bank statement clearly displaying the customer’s name and current residential address which has been issued with the last three months. 

The verification of a customer’s proof of payment will depend on the deposit method they choose to deposit with. The requirements will differ for each method and may need to be updated periodically due to changes the payment methods may make to their user interfaces and/or accepted payment methods.

HOW ARE DOCUMENTS SUBMITTED

Customers verify through the submission of documents to us by email to finance@vippass.eu.

Emails can only be accepted if the email is the same as the one registered on the account. Emails sent from addresses that are not the registered email address are not to be accepted.