1. TERMS AND DEFINITIONS
‍
AML
Anti-Money Laundering.
AML Policy
This Anti-money laundering and counter-terrorism financing policy and procedures.
Beneficial Owner
Beneficial owners are the individuals who directly or indirectly own or control 25% or more of a corporation or an entity other than a corporation. In the case of a trust, they are the trustees, the known beneficiaries and the settlers of the trust. If the trust is a widely held trust or a publicly traded trust, they are the trustees and all persons who own or control, directly or indirectly, 25% or more of the units of the trust.
Cash
Notes, coins and traveler’s cheques in any currency.
CDD (Customer Due Diligence)
Identifying and verifying the identity of the Customer and any beneficial owner of the Customer, and obtaining information on the purpose of the intended nature of the business relationship.
CFT
Combating the Financing of Terrorism.
Compliance Officer or MLRO
A Compliance Officer (also known as the Money Laundering Reporting Officer) is the focal point within the company for the oversight of all activity related to anti-financial crime issues.
Company or EXO Money
TRANSFLASH PAYMENTS LTD
Criminal Conduct
Conduct which constitutes an offense in any part of Canada, or would constitute an offense in any part of Canada if it occurred there.
Customers / Clients
A legal or private person, who  is utilizing one or more of the services provided by TRANSFLASH PAYMENTS LTD, based on the servicing agreement.
EEA
European Economic Area.
EDD (Enhanced Due Diligence)
Additional Customer due diligence measure that must be applied: Where the Customer has not been physically present for identification purposes. Where the Customer is a PEP or in any other situation which by its nature can present a higher risk of money laundering or terrorist financing.
FINTRAC
Financial Transactions and Reports Analysis Centre ofCanada.
KYC
Know Your Customer/Client.
MSB (Money Services Business)
An entity that has a place of business in Canada and that is engaged in the business of providing at least one of the following services:
(i)              foreign exchange dealing,
(ii)             remitting funds or transmitting funds by any means or through any person, entity or electronic funds transfer network,
(iii)           issuing or redeeming money orders, traveler's cheques or other similar negotiable instruments except for cheques payable to a named person or entity,
(iv)            dealing in virtual currencies, or
(v)             any prescribed service.
PCMLTFA
Proceeds of Crime (Money Laundering) and Terrorist Financing Act (S.C. 2000, c. 17).
PEP (Politically exposed persons)
Means a person who, at a given time, holds — or has held within a prescribed period before that time — one of the offices or positions referred to in this list:
Governor General, lieutenant governor or head of government;
Member of the Senate or House of Commons or member of the legislature of a province;
Deputy minister or equivalent rank;
Ambassador, or attaché or counselor of an ambassador;
Military officer with a rank of general or above;
President of a corporation that is wholly owned directly by Her Majesty in right of Canada or province;
Head of a government agency;
Judge of an appellate court in a province, the Federal Court of Appeal or the Supreme Court of Canada;
Leader or president of a political party represented in a legislature;
Holder of any prescribed office or position; or
Mayor, reeve or other similar chief officer of a municipal or local government.
Politically exposed foreign person
Means a person who, at a given time, holds — or has held within a prescribed period before that time — one of the offices or positions referred to in this list:
Head of state or head of government;
Member of the executive council of government or member of a legislature;
Deputy minister or equivalent rank;
Ambassador, or attaché or counselor of an ambassador;
Military officer with a rank of general or above;
President of a state-owned company or a state-owned bank;
Head of a government agency;
Judge of a supreme court, constitutional court or other court of last resort;
Leader or president of a political party represented in a legislature; or
Holder of any prescribed office or position.
PEP close relatives (family members)
the spouse, or a person considered to be equivalent to a spouse, of a PEP;
the children and their spouses, or persons considered to be equivalent to a spouse, of a politically exposed person;
the parents of a PEP.
PEP close associates
natural persons who are known to have joint beneficial ownership of legal entities or legal arrangements, or any other close business relations, with a PEP;
natural persons who have sole beneficial ownership of a legal entity
or legal arrangement which is known to have been set up for the de facto benefit of a PEP.
RBA
Risk-based approach.
Shell bank
A bank that:
i.  does not conduct business at a fixed address in a jurisdiction in which the shell bank is authorized to engage in banking activities
ii.  does not employ one or more individuals on a full time business at any fixed address
iii. does not maintain operating records at any address
iv.   is not subject to inspection by the banking authority that licensed it to conduct banking activities, and
v.  is unaffiliated with a regulated financial group.
SDD (Simplified due diligence)
An exception to the obligation to apply the Customer due diligence measures for specified Customers, e.g. financial institutions subject to the Money Laundering Directive or equivalent legislation and supervision. It is also available for some categories of products and transactions which may be provided by financial institutions.
STR
Suspicious transactions (incl. activities) report.
2. INTRODUCTION
The Company is a Money Services Business (MSB) providing e-commerce and payment services:
Multicurrency acquiring of VISA, MasterCard, e-money;
Merchants pay outs;
Multi Currency payments;
SWIFT payments;
SEPA payments;
Dealing in virtual currencies;
Currency exchange.
The Company is aware that MSB has in the past been targets of organized crime seeking to launder the proceeds of illicit activity.
The Company and its staff are committed to the highest standards of money laundering and terrorist financing prevention. We have robust and effective risk assessment and due diligence measures and controls in place to ensure compliance with the current regulations, laws and standards and ensure a continuous practice of monitoring and training for an inclusive approach.
We understand that the money laundering and terrorist financing prevention regulations and legislation place responsibility upon the Company employees to combat money laundering and terrorist financing across a broad spectrum, including financial transactions, possessing, or in any way dealing with, or concealing, the proceeds of any crime. We operate in a transparent environment with assessment, monitoring and reporting at the core    of our business functions. We are dedicated to the prevention of financial crime and continue to improve upon existing measures through dedicated action plan processes.
3. PURPOSE
The purpose of this policy is to ensure that the Company complies with the obligations and requirements set out by Canadian legislation, regulations and rules regarding the identification, prevention and reporting of money laundering or terrorism financing.
This includes ensuring that we have adequate systems and controls in place to mitigate against risks posed to the Company and its Clients, including the strict verification and due diligence checks on Customers, transactions and third parties with whom we do business.
This policy provides guidance and a systematic approach for our employees to ensure that their knowledge and understanding of the financial crime regulations is exemplary and sets out our expectations and their responsibilities under the regulations and our own objectives. We provide a broad, effective training program around the money laundering regulations and associated governing bodies and carry out testing and monitoring to assess and evidence employee understanding and application of the requirements.
The Company does everything possible to protect our staff and Clients from exposure to money laundering and terrorist financing threats and will always ensure a company-wide risk-based approach to the prevention of financial crime. We advocate continued compliance with the guidance and rules laid out in the following legislation:
Proceeds of Crime (Money Laundering) and Terrorist Financing Act;
Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations;
Proceeds of Crime (Money Laundering) and Terrorist Financing Suspicious Transaction ReportingRegulations;
Freezing Assets of Corrupt Foreign Officials Act;
Assessment of Inherent Risks of Money Laundering and Terrorist Financing in Canada;
Applicable FINTRAC guidance materials;
Electronic Funds Transfer requirements (EFT) for the administration of Income Tax Act, Excise Tax Act, and the Excise Act, 2001;
Canadian sanctions legislation consisting of
○ United Nations Act
○ Special Economic Measures Act
○ Justice for Victims of Corrupt Foreign Officials Act
Other applicable legislation.
The guidance and instructions are given by the FINTRAC . It is important to note that Canadian legislation in respect of money laundering is “all crimes legislation”. As a company involved in the provision of money services business, both the company itself and staff must be aware of the sanctions in case of violation of the legislation. The possible sanctions     for violation are      described in Annex 8.
4. SCOPE
The policy relates to all staff (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in Canada or overseas). The policy has been created to ensure that the staff deal with the area that this policy relates to in accordance with legal, regulatory, contractual and business expectations and requirements.
Failure of any staff member to adhere to the guidance and objectives laid out in this policy, may lead to disciplinary action.
5. WHAT IS MONEY LAUNDERING AND TERRORIST FINANCING?
Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets.
Generally, money laundering occurs in three stages:
A) Placement
Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments. Such monetary instruments could be: money orders or traveler’s checks, deposited into accounts at financial institutions, dividing the cash into smaller amounts and make various deposits into one or more accounts at one or more banks; Customer opens several accounts in different names at different institutions; employ or persuade others to deposit funds for them; purchasing goods such as jewelry, art and other assets with a view to reselling them at a later date; making deposits with the help of employees of the relevant financial institution.
Cash generated from crime is placed in the financial system. This is the point when proceeds of crime are most apparent and at risk of detection.
B) Layering
At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. As example: Selling assets or switching to other forms of investment; transferring money to accounts at other financial institutions; wiring transfers abroad (often using shell companies); depositing cash in overseas banking systems.
Once proceeds of crime are in the financial system, layering obscures their origins by passing the money through complex transactions. These often involve different entities like companies and trusts and can take place in multiple jurisdictions.
C)  Integration
Once the origin of the funds has been obscured, a criminal is able to make the funds reappear as legitimate funds or assets.
At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets to fund other criminal activities or legitimate businesses, for example - an inheritance, loan payments, asset sales abroad.
Terrorist financing
Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations.
In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.
All members of staff are at risk of committing a criminal offense if they assist in a criminal transaction by missing the warning signs.
The Company does not issue prepaid cards or provide services in any way to anonymous Clients or Clients whose identity has not been established and verified in strict abidance with our internal rules and regulations. The Company does not engage in business activities with shell corporations and shell banks.
In line with PCMLTFA and industry-wide best practices, the Company identifies its potential Clients and their ultimate beneficial owners (UBOs), verifies their identities and performs standard (CDD) or enhanced (EDD) due diligence before the start of a business relationship.
6. OBJECTIVES
To prevent money laundering, terrorism financing, fraud and other forms of financial crime, the Company aims to meet the below objectives:
The detection and reporting of suspected money laundering to the FINTRAC;
All staff are trained and must remain vigilant for the signs of money laundering, terrorism financing and fraud;
No payment of cash will be accepted by the Company;
Due diligence and Client identification procedures will be followed by all staff;
To maintain strict and robust controls and procedures to detect and report any suspicious activity;
Frequent risk assessment and regular audits of all AML and terrorist financing controls and systems;
To appoint a Compliance Officer with sufficient knowledge and seniority as to complete the tasks and objectives laid out in this document;
Maintain Client identification procedures in all circumstances where such measures are required;
Implement procedures to enable the reporting of suspicions of money laundering, terrorism financing and fraud;
Maintain relevant records for at least five years or longer as required by the PCMLTFA;
Utilize an employee screening program to ensure due diligence;
Abide by the acts, legislation and regulations for preventing financial crime, terrorist financing and money laundering.
7. ROLES AND RESPONSIBILITIES
All staff must take steps to ensure compliance with this policy and ensure that they fully understand the material contained in this document.
7.1. Senior Management
Responsible for overall compliance of the Company and ensuring adequate resources are provided for the proper training of staff and the implementing of risk systems.
This includes computer software to assist in oversight. Senior management will be provided with updates by the Compliance Officer on compliance issues of the Company. They will also receive and consider the annualCompliance Officer report and implement any recommendations made within it.‍
7.2. Compliance Officer
The Company must designate a Compliance Officer who will be responsible for organizing the implementation of PCMLTFA and for liaising with FINTRAC.
The Compliance Officer holds copies of all training materials. Updated AML training is given at least annually. Records of all training including dates delivered and by whom are kept both centrally and on staff personnel files.
The duties of the Compliance Officer include:
Monitoring Company’s compliance with AML/CFT obligations;
Being designated for, and accessible to, receiving and reviewing reports of suspicious activity from employees;
Considering of such reports and determining whether any suspicious activity as reported gives rise to acknowledge or suspicion that a Customer is or could be engaged in money laundering or terrorist financing;
Overseeing communication and training for employees;
Ensures that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports are filed. The Compliance Officer is vested with full responsibility and authority to enforce the firm’s AML/CFT program;
To decide if disclosures should be passed on to the FINTRAC;
To review all new laws and deciding how they impact on the operational process of the Company;
To prepare written procedures in the field of Compliance and making it available to all compliance staff and other stakeholders;
To make sure appropriate due diligence is carried out on Customers and business partners;
To receive internal Suspicious Transactions Reports (internal STRs) from staff;
To keep and review records of all decisions relating to STRs appropriately;
To ensure that staff receive appropriate training, when they join and that the receive regular refresher training on annual basis or if necessary;
To monitor business relationships and record reviews and decisions taken;
To make a decision on continuing or terminating trading activity with particular Customer;
To make sure that all business records, transactional data documents and data confirming a monetary operation or transaction or other legal valid documents and particulars relating to the execution of monetary transactions are kept for five years from the date of the last Customer transaction.
7.3. Staff
Responsible for compliance with this AML Policy and understanding their responsibilities within the framework of AML/CFT compliance. Ensure that the Company procedures are adhered to and obtain all documentary evidence as outlined within AML Policy. Ensure that suspicious activity is reported to the Compliance Officer as soon as practicable but not later than within one business hour from the time when it was noticed.
8. RISK BASED APPROACH
Canadian AML legislation demands a risk-based approach to be implemented for the Money Service Business engaged in Electronic Funds Transfers. The risk-based approach helps to drive the Company’s compliance resource allocation, internal controls strategy, system structures, and enables the Company to focus on higher risk areas. The Company considers the risk-based approach as a two-tiered concept. First of all, every MSB should estimate all possible money laundering and terrorist financing risks applicable to its business model. Secondly, every MSB should implement its own set of mitigating measures aimed at reducing risks of ML/TF,fraud and other applicable forms of financial crime.
This section of the AML Policy is formed by using “Risk-based approach workbook” and the “Risk assessment guidance” issued by FINTRAC, that the Company should adhere to, in order to effectively combat MoneyLaundering and Terrorist Financing.
The Company is also taking note of industry best practices outlined in guidance materials of European BankingAuthority, FATF, JMLSG and Basel Committee.
The Risk-based approach workbook and the Risk assessment guidance supports the Company in the development of:
A common understanding of what the risk-based approach involves;
Outlining the high-level principles involved in applying a risk-based approach;
Promoting the Company in the eyes of its partners, as our risk-based approach indicates a good public and private sector practice.
Our risk-based approach includes:
Identifying risks that are relevant to our business;
Carrying out detailed risk assessments on the risk areas detailed below;
Developing controls and procedures to directly manage and reduce the impact of the identified risks;
Monitoring controls and improving their efficiency;
Keeping records of all risk assessments, reviews and improvement action plans.
For more efficient risk assessment, the Company’s risk assessment process shall be divided in two parts
Business-based risk assessment and Relationship-based risk assessment.
The Company reviews its RBA on the annual basis and when the business model changes as well as when the Company plans to offer new products or services.‍
8.1. Business-based risk assessment
The Company has developed and documented the business-based risk assessment in the “Internal Business Risk Assessment” document. This document describes the process of Company’s business risk assessment, identified risk and offered mitigation measures, and includes a business risk profile. The business risk assessment allows the Company to identify where risks occur across business lines, clients or particular products or services. The Company documents mitigation controls for the areas it identifies as high-risk. The number of risks that can be identified will vary based on the type of business activities the Company shall conduct and products and/or services that are offered to the Clients.
To conduct a business-based risk assessment, the Company needs to identify the inherent risks of its business by assessing vulnerabilities to ML/TF. The overall business-based risk assessment includes the risk posed by the following factors:
The combination of products, services and delivery channels;
The geographical locations in which the business operates;
Clients and business relationships;
The impact of new developments and technologies that affect operations; and
Other relevant factors.
Once the Company identifies and documents all the inherent risks of the business, a level or score can be assigned to each risk using a scale or scoring methodology tailored to the size and type of the business.
By law, our Company must apply and document special measures for the high-risk elements of the business.With the “Internal Business Risk Assessment” the Company is able to demonstrate to FINTRAC that the Company has put controls and measures in place to address these high-risk elements, and that they are effective (the effectiveness of the controls and measures stated in the “Internal Business Risk Assessment” will be shown through internal or independent (if applicable) reviews of the Company).
Among other things the Company uses a business-based risk assessment worksheet, that helps to document, store and update the inherent risks related to your business. The worksheet contains risk factors that are or could be related to the business of the Company, of the risk rating assigned to the factor, and of mitigation measures that the Company offers for each risk.‍
8.2. Relationship based risk assessment
The Company is using a risk-based system, which is fully documented in the “AML/CFT Client RiskManagement Procedure” and ensures continuous Customer re-scoring and transaction monitoring on signs ofML and TF. The Procedure is part of the company-wide risk assessment.
When assessing the risks of money laundering and terrorism financing, these factors are considered:
The types of Customers the Company has;
Where those Customers are based (i.e. FATF and EU high-risk countries);
Transaction types and volumes;
Products and services offered;
Channels for individuals/companies to become Customers;
The new developments and technologies the Company makes available to its Clients;
Third-party reliance and/or use;
Customer behavior monitoring;
Delivery channels of products/services;
Payment processing (i.e. transfers - electronic or wire, etc.);
How funds are allocated, accepted and held;
Internal and external risks (i.e. Customers, outsourcing, markets, systems etc.)
The Company divides its Customers into four groups of risks:
Prohibited (must be considered as out of the Company risk appetite)
High (applying enhanced due diligence, including senior management approval);
Medium (applying standard due diligence);
Low (applying standard due diligence).
8.3. Prohibited types of Customers
The Company denies access to its services to any persons or entities currently:
subject to targeted financial sanctions imposed by the United Nations, US (OFAC), EU or Canada;
incorporated, residing or transacting with any country that is listed by the FATF under the “High- risk and other monitored jurisdictions” or “Jurisdictions under Increased Monitoring”.
or any industries which are prohibited by the Company and listed in Annex 6.
9. CUSTOMER DUE DILIGENCE
The Company applies due diligence at the start of Customer engagement by identifying and verifying the Customer identity on the basis of documents, data or information obtained from a reliable and independent source.
Customer due diligence (CDD), enhanced due diligence (EDD) and ongoing monitoring are measures designed to reduce the risk that the Company can be used by those seeking to launder the proceeds of crime or financeterrorism.
At least the following CDD measures are applied:
identifying the Customer and verifying the Customer’s identity based on documents or other data obtained from a reliable and independent source;
identifying natural persons that are the beneficial owner(s) and representatives (for Corporate clients) of the Customer, and taking adequate measures on a risk-sensitive basis to verify that beneficial owner’s orrepresentative’s identity in reliable source independent of the Customer;
obtaining information on the purpose and intended nature of the Customer’s relationship with the Company;
Annual audits are conducted on the procedure of due diligence. The Company checks its Customer identification procedures to ensure that staff are carrying out the due diligence and AML processes in accordance with this Policy and relevant legal requirements.
If the Company has assessed that the business relationship with the Customer presents a higher risk of money laundering or terrorist financing, it conducts EDD.
If the Company is not able to apply due diligence measures, it does not accept the Customer or perform any transactions with that Customer. If the Company is not able to apply due diligence measures to an existingCustomer, it terminates the existing relationship with that Customer.
The Company also conducts ongoing monitoring of all business relationships in accordance with risk assessment of its Customers. Ongoing monitoring is defined as: scrutinizing Customer transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds), to ensure that the transactions are consistent with the knowledge of the Clients, their business and the risk profile.
The Company keeps the documents, data or information obtained for the purpose of applying CDD up- to-date through periodic review of the CDD file, or reviews them on ad-hoc basis in response to trigger events.
The Company identifies the Beneficial Owner of the Customer (in case of both, legal entities and individuals) and takes adequate measures, on a risk-sensitive basis to verify his/her identity (including in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure).
As per applicable legislation, the Company utilizes 3 levels of due diligence checks, dependent on the risk profile and transactional behavior of the Customer. The Company strive to be one step ahead of requirements.Following are the 3 levels if due diligence checks used by the Company:
CDD - Customer Due Diligence is the standard due diligence procedure used in most cases for verification and identification.
EDD – Enhanced Due Diligence is used for high-risk Customers, large transactions or special Client categories such as PEP’s.
Additional checks – for certain business relationships on top of standard EDD measures.
9.1. CDD Process
9.1.1. Before establishing a business relationship with the Customer, the Company employees must apply the following due diligence measures:
Obtain from the prospective Customer information about the purpose and intended nature of its business relationships;
Establish whether the prospective Customer acts on his own behalf or is controlled; and to identify the beneficial owner and, where the prospective Customer acts through a representative, also establish the identity of that person;
Require the prospective Customer (being a legal person) to provide documents and other data on the basis of which Company employees are able to understand the management structure and the nature of activities of the prospective Customer;
Verify the identity of the prospective Customer and of the beneficial owner on the basis of the documents, data or information obtained from a reliable and independent source.
9.1.2. Company employees shall be prohibited from carrying out Customer transactions through opened accounts, establishing or continuing business relationships and carrying out transactions when it is not possible to fulfill the due diligence requirements established in this procedure:
Where, in the cases established by this procedure, the Customer fails to submit the data confirming his/her identity, where he/she submits incomplete data;
Where the data is incorrect, where the Customer or his representative avoids submitting the information required for establishing his identity, conceals the identity of the beneficial owner or avoids submitting the information required for establishing the identity of the beneficial owner or the submitted data are insufficient for that purpose;
Where the Company employees cannot ensure that the due diligence requirements are fulfilled. In such cases, the Compliance Officer shall, upon assessment of the threat posed by moneylaundering and/or terrorist financing, decide on the appropriateness of forwarding a report on a suspicious activity or transaction to the FINTRAC;
Where the business activity of a corporate Customer is not in line with the Company’s risk appetite;
Where the business activity of the Customer leads to the suspicion of any form of illicit activity being committed.
9.1.3. The Company shall be prohibited from opening anonymous accounts or accounts in manifestly fictitious names, also from opening accounts or otherwise establishing business relationships without requesting the Customer to submit data confirming his identity or where there is a substantiated suspicion that the data recorded in these documents are falsified.
9.1.4. The Company must apply due diligence measures not only in respect of new Customers but also in respect of existing ones, having regard to the level of risk, in the event of new circumstances or new information related to the determination of the level of risk posed by the Customer and by the beneficial owner, their identification information, activities and other relevant circumstances.
9.1.5. In the period of business relationship with the Customer the Company must in all cases:
Carry out the ongoing monitoring of the Customer’s business relationships, including scrutiny of transactions undertaken throughout the course of such relationships, to ensure that the transactions being conducted are consistent with Company’s knowledge of the Customer, its business and risk profile as well as the source of funds;
Ensure that the documents, data or information submitted by the Customer and the beneficial owner during due diligence are appropriate, relevant, regularly reviewed and kept up-to date.
9.1.6. The Company must pay attention to any activity which it regards as likely, by its nature, to be related to money laundering, terrorist financing and/or other forms of financial crime, and in particular to complex or unusually large transactions and all unusual patterns of transactions which have no apparent economic or visible lawful purpose, and business relationships or monetary operations with Customers from third countries in which, based on the information officially published by international intergovernmental organizations, money laundering and/or terrorist financing prevention measures are insufficient or do not correspond to international standards. The Company must examine the basis for and purpose of execution of such operations or transactions and the results of the investigation must be recorded in writing. A copy of this report must be retained by the company for at least 5 years from the end of business relationship with the Client. Regular analysis must be made of all existing Customers, frequency depends upon the Customer’s assigned risk group. For Customers in the ’high risk’ group, analysis must be made at least once in six months, for Customers in the 'medium risk' group, at least once a year, while those in the ’low risk’ group must be subject to analysis at least once every two years.
9.1.7. The Company may, in accordance with internal policies and internal control procedures, refuse to execute transactions and terminate the transactions or business relationship with the Customer,where the Customer avoids submitting, or refuses to submit, additional information to the Company at its request and within the specified time limits. Please refer to Annex 5.‍
10. ENHANCED DUE DILIGENCE (EDD)
The Company’s Enhanced Due Diligence (EDD) process is designed to obtain as much information as possible in order to ensure the validity of the transaction and that the Company complies with PCMLTFA and applicable regulations. In practical terms, EDD will include:
Taking reasonable measures to establish a Customer’s source of wealth – source of wealth is distinct from source of funds, and describes the activities that have generated the total net worth of a person, i.e. those activities that have generated a Customer’s income and property;
Considering whether it is appropriate to take measures to verify source of funds and wealth from either the Customers or independent sources (such as the Internet, public or commercially available databases);
Obtaining further CDD information (identification information and relationship information);
Taking additional steps to verify the CDD information obtained;
Requiring more frequent reviews of business relationships (twice per year);
Carrying out enhanced monitoring of transactions and setting lower transaction thresholds for transactions connected with the business relationship, and;
Setting alert thresholds for automated monitoring at a lower threshold for PEPs;
Performing adverse media search.
10.1. Where transactions or business relationships are carried out with politically exposed natural persons, the Company employee must perform EDD and obtain approval from a senior manager for establishing or continuing business relationships with such Customers or continuing business relationships with the Customers when they become politically exposed natural persons;
10.2. Where a domestic politically exposed person is no longer entrusted with a prominent public function, the Company must, for at least 12 months, take into account the continuing risk posed by that person and apply appropriate and risk-sensitive measures until such time as that person is deemed to pose no further risk specific to politically exposed natural persons.
10.3. The Company shall be prohibited from establishing and continuing relationships with a shell bank or a bank that is known to permit its accounts to be used by a shell bank.
10.4. Where during Customer due diligence the Company has suspicions that an act of money laundering and/or terrorist financing is carried out and further Customer due diligence may raise suspicions of the Customer that information about him may be forwarded to the FINTRAC, the Company may discontinue the process of Customer due diligence and not establish a business relationship with theCustomer. In such cases, the information shall be forwarded to the FINTRAC in accordance with established procedure laid down in the Article 16.2 of this procedure. Please refer to Annex 4.
10.5. The Company applied EDD when prior to establishing a business relationship with the respondent financial institution or a virtual asset service provider (VASP).
11. POLITICALLY EXPOSED PERSONS
A Politically Exposed Person (PEP) is an individual who is or has been entrusted with a prominent function and as such could potentially abuse such a position or function for the purposes of laundering or other predicate offenses, such as corruption or bribery3. Due to the high risks associated with PEPs, The Financial Action TaskForce (FATF) recommends that additional AML and due diligence controls are put into place when entering into a business relationship with a PEP.
The Company utilizes existing commercial resources and other databases for the identification of PEPs and always ensures that initial due diligence KYC checks include reviewing individual names against these resources and databases to identify PEPs immediately.
The Company invokes additional due diligence measures for all identified PEPs and where such a proposal to establish a business relationship exists, the Company always conducts EDD and ensures that the senior management approval for establishing the business relationship is obtained and recorded.
12. CUSTOMER IDENTIFICATION
For the purposes of further the Company must identify its Customer unless the identity of that Customer is already known to the Company and has been verified by the Company. After the Customer has been identified, theCompany must verify the Customer’s identity. Amount of information to be received from a Customer depends on whether the Customer is a legal entity or an individual (natural person), namely:
If a Customer is a legal entity, at least following information must be received for identification purposes:company name; registration number; address of the registered office (and, if different, its principal place of business); the law to which the legal person is subject; its constitution (whether set out in its articles of association or other governing documents); full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the legal entity, beneficial owner information.
If a Customer is an individual (natural person), then at least the following information must be received for identification purposes: name and surname; personal identity number (if such exists); date of birth; photograph on an official document which confirms his/her identity; residential address; number and date of issue of the personal identification document, state and authority which has issued the document;period of validity of identification document and Taxpayer Identification Number (TIN).
The Company utilizes the “government-issued photo identification method” for Customer identification purposes.The “dual-process method” may be used solely for business continuity as a fallback mechanism should theprimary method be unavailable for any reason.
Document and facial image checks happen within the single uninterrupted identification session by means of capture. Document or facial image upload is not allowed.
3 In case of discrepancy with definition given in the policy, the latter shall prevail.
At non-face-to-face identification received information is checked with the use of specialized KYC vendor utilizing remote identification IT tools for the following:
Validation of identity document:
○ Check in lost and stolen databases;
○ Check of security features such as QR, watermark and barcodes;
○ Color wave;
○ Font tampering.
Selfie matching with liveness test;
Checks of data extracted from the validated document against lists:
○ Sanctions
○ PEP
○ Adverse media
○ Criminal sources.
Checks against internal and international “blocklists” of not only data from the validated identity document, but also facial biometrics of the person.
12.1.  Accepted identity documents
The Company accepts following types of identity documents:
Passports that are valid for travel with MRZ zone only;
ID cards issued by EU Member States;
Photo driver’s license issued in Canada.
12.2. Face-to-face identification
Requirements for face-to-face identification of the Customer and of the beneficial owner:
12.2.1. When identifying Customers that are natural persons and in the physical presence of the Customer, the Company shall require the identity document listed in point 12.1. of Canada or foreign state, or a valid and current residence permit issued by Canada which contains the following data confirming the Customer’s identity:
name/names;
surname/surnames;
personal number (where personal number is not available – any other unique sequence of symbols or date of birth), the number and period of validity of the residence permit in Canada And the place and date of its issuance;
photograph;
signature (except for cases where it is optional in the identity document);
citizenship (NB: in the case of a stateless person – the state which issued the identity document);
occupation.
4 The check is being made by the system of a specialized KYC vendor with double check of all potential matches or discrepancies by vendor’s human staff. Results are reviewed by Compliance Officer and final decision is also taken by the latter.
12.2.2. When identifying a Customer that is a legal person, the Company shall require said Customer to provide the identity documents (or copies thereof with a notarized certificate confirming the authenticity of the copy of the document or without such certificate in case such identity documents can be verified from trusted source, i.e., public company register) containing the following data:
Name;
Legal form, registered office/address, address of actual operation;
Registration number (if such number has been issued);
Authorization to represent the company (if needed);
an extract of registration (or certificate of incumbency or equivalent document) and its date of issuance.
12.2.3. Where the Customer is a legal person represented by a natural person, or where a Customer that is a natural person is represented by another natural person, the identity of these representatives shall be established in the same manner as the identity of a Customer that is a natural person. The Customer must also provide the following information about the director of the legal person: his name, surname, personal number (in the case of an alien, where available –personal number or any other unique sequence of symbols or date of birth), his citizenship (in the case of a stateless person – the state which issued the identity document).
12.2.4. Where the Customer is a legal person represented by a natural person, or a Customer that is a natural person is represented by another natural person, the Company must require him to provide a power of attorney and to verify its:
validity (i.e., the right of the person who has issued it to issue such a power of attorney);
period of validity;
the actions to be taken as specified in the power of attorney (the power of attorney must comply with the requirements of Canadian legislation);
Any power of attorney issued in foreign state must be legalized or certified by an Apostille.
Representation information such as authorization (PoA, procura) in cases when the representative of the corporate entity is not entitled to represent based on statutory rights. The Representation Document needs to be notarized within the last 5 years.
Validity of the document shall be set for 5 years from the date of corporate account opening if the actual term of automation is longer or perpetual.
12.2.5. When commencing the identification of a prospective Customer in the physical presence of the Customer (being a natural person or a representative of a Customer that is a legal person) the responsible staff member of the Company must:
Assess whether the prospective Customer/his representative (being a natural person) has submitted valid documents referred to in this policy and establish whether the document submitted by him contains a photograph of the respective Customer;
Assess the condition of the submitted document (paying particular attention to any modifications, corrections, etc. of the photograph, pages or entries);
Find out whether the prospective Customer (being a natural or legal person) will use the Company’s services itself or whether it will act on behalf of another person;
Ascertain whether the natural or legal person has the necessary powers to act on behalf of the prospective Customer;
Make a copy of the pages of the document submitted by the natural person containing the photograph and other data necessary for identification of that natural person, or scan the document;
Verify whether there are any circumstances justifying the application of enhanced Customer Due diligence.
12.2.6. Upon making a copy of a document, the responsible staff member or authorized person of the Company must affix a mark of authenticity to the copy of each Customer’s identity document (where a paper copy of the document is made).
12.2.7. The identity document used to ascertain identity must be authentic, valid and current.
12.2.8. When the prospective Customer is physically present, the Company may utilize the dual process method to verify the identity of an individual. This method involves referring to information from two reliable sources.
To verify an individual's identity by using the dual-process method, the Company refers to any two of the following:
Information from a reliable source that includes the individual's name and address;
Information from a reliable source that includes the individual's name and date of birth;
Information that includes the individual's name and confirms that they have a deposit account,credit card or other loan account with a financial entity.
12.3. Non-face-to-face identification
Requirements for non-face-to-face identification of the Customer and of the beneficial owner.
12.3.1. The identity of a Customer (that is a natural person or a representative of the Customer that is a legal person and of the beneficial owner) may be established without the physical presence of theCustomer only in the following cases:
when using electronic identification means which operate under the electronic identification schemes with the assurance levels high or substantial.
the authenticity of a government-issued photo identification document must be determined by using a technology capable of assessing the document's authenticity:
○ the Customer could be asked to scan their government-issued photo identification document using the camera on their mobile phone or electronic device; and
○ the Customer could be asked to take a "selfie" photo using the camera on their mobile phone or electronic device, and an application used by the Company would apply facial recognition technology to compare the features of that "selfie" to the photo on the authentic government-issued photo identification document. A process would have to exist to also compare the name on the government-issued photo identification document with the name provided to the Company by the Customer;
○ a technology would then be used by the Company to compare the features of the government-issued photo identification document against known characteristics (for example, size, texture, character spacing, raised lettering, format, design), security features (for example, holograms, barcodes, magnetic strips, watermarks, embedded electronic chips) or markers(for example, logos, symbols) to be satisfied that it is an authentic document as issued by the competent authority (federal, provincial, territorial government).
when using electronic means allowing direct video streaming in the following way:
○ the facial image of a Customer and the original of the identity document or an valid and current equivalent shown by the Customer is recorded at the time of direct video streaming;
This method shall be utilized with the use of modern technology provided by the third-party vendor.
12.3.2. The identification of the Customer and of the beneficial owner in the cases specified in point11.2.1 of this Article shall only be possible if all the following conditions are met:
before the identification of the Customer and of the beneficial owner in the cases specified in point11.2.1 of this Article, the identity of the Customer has been established using electronic means allowing direct online or video streaming or where the identity of the Customer has been established in the physical presence of the Customer at the time of issuance of an electronic identification means which operates under the electronic identification scheme with the assurance levels high or substantial, or before issuing a qualified certificate for electronic signature to him;
the identity of the Customer and of the beneficial owner (being a natural person) and of the representative of a legal person has been established on the basis of the documents or information specified in paragraph 11.1.1 of this Article.
12.3.3. The identity document used to ascertain identity must be authentic, valid and current.
12.3.4. When the prospective Customer is not physically present, the Company may utilize the dual process method to verify the identity of an individual. This method involves referring to information from two reliable sources.
To verify an individual's identity by using the dual-process method, the Company refers to any two of the following:
information from a reliable source that includes the individual's name and address;
information from a reliable source that includes the individual's name and date of birth;
information that includes the individual's name and confirms that they have a deposit account,credit card or other loan account with a financial entity.
Documents may be obtained in the information's original format, such as a fax, photocopy, scan, or electronic image. The information you obtain must originate from two different sources and cannot come from the individual whose identity is being verified nor can it come from the person or entity doing the verification.
The company does not provide service to the prospective natural Clients and representatives of prospective corporate Clients that are younger than 18 years of age.
13. REQUIREMENTS FOR IDENTIFICATION OF THE BENEFICIAL OWNER
The Beneficiary in terms of the AML/CFT regulation is a natural person who owns or controls a Customer (legal entity or foreign state enterprise) and / or a natural person on whose behalf a transaction or activity is carried out.
The beneficiary is:
in a legal person:
a) natural person who owns or controls, directly or indirectly, a legal person holding a sufficient percentage of the shares or voting rights of that legal person, including through bearer shares,except for public limited liability companies whose securities are traded on regulated markets governed by Canadian law, regulatory disclosure requirements, or equivalent international standards, or otherwise controlled. A natural person who owns 25 per cent and one share or more than 25 per cent of the Client’s property is considered a direct owner. The natural person(s) controlling the undertaking or undertakings.
b) in the case of an identified legal person, a natural person in a senior management position, if the person referred to in point (a) of this paragraph has not been identified or if there is any doubt that the identified person is the beneficiary.
in trust funds - all the following persons:
a) the trustor(s);
b) the trustee (s);
c) the settlor of the trust;
d) the custodian (s), if any;
e) natural persons benefiting from a legal person or entity without legal personality or, in so far as such persons have not yet been identified, persons whose interests are represented or are represented bythat legal person or entity without legal personality;
f) any other natural person who effectively controls the trust, whether directly or indirectly through ownership or other means.
The Company utilizes the register and its own verification checks to identify and record beneficial owners. As required by the Beneficial ownership requirements under the PCMLTFA and associated Regulations, EU Fifth Money Laundering Directive (5AMLD or “the Directive”) 2018/843/EU and the Funds Transfer Regulation (FTR) 2015/847/EU.
The identification of the beneficial owner when establishing the identity of the Customer shall be obligatory in allcases. The identification of the beneficial owners in all cases shall mean the identification of a natural person or a group of natural persons.
13.1. When establishing the identity of the beneficial owner where the identity of the Customer and of the beneficial owner is established in the physical presence of the Customer, the Company must require the Customer and the beneficial owner to provide the following identification data:
name/names;
surname/surnames;
personal number (where personal number is not available – any other unique sequence of symbols or date of birth), the number and period of validity of the residence permit in Canada and theplace and date of its issuance;
citizenship (NB: in the case of a stateless person – the state which issued the identity document).
13.2. Where the identity of the Customer is established with or without the physical presence, the Company Shall verify the documents and information concerning the beneficial owner submitted by the Customer on the basis of the documents, data or information obtained from a reliable and independent source.Such actions of the Company shall include a request for the Customer himself to indicate public sources which could validate the information about the beneficial owner.
The Company may refer to records such as, but not limited to, the:
minute book;
securities register;
shareholders register;
articles of incorporation;
annual returns;
certificate of corporate status;
shareholder agreements;
partnership agreements; or
board of directors' meeting records of decisions.
13.3. The accuracy of the data submitted by the Customer shall be certified with his signature and stamp(where he is obliged to have a stamp under the legal acts regulating his activities).
14. CUSTOMER ACTIVITY MONITORING
The Company is required to monitor business relationships and to apply scrutiny of unusual, complex or high-risk transactions or activity so that money laundering or terrorist financing may be identified or prevented.
In accordance with the PCMLTFA, the Company monitors transactions and establishes Customer spending behavior patterns in order to identify:
Complex and/or unusually large transactions;
Unusual patterns of transactions which have no apparent economic or visible lawful purpose;
Any other activity, which the Company regards as particularly likely by its nature to be related to money laundering or terrorism financing.
An unusual transaction or activity may be in a form that is inconsistent with the expected pattern of activity within a particular business relationship, or with the normal business activities for the type of product or service offered. This may indicate money laundering, terrorist financing activity or fraudulent activity, where the transaction or activity has no apparent economic or visible lawful purpose.
The Company utilizes monitoring system, which works to achieve the following:
Processing of Client information by providing automated control over the identification of Client, thebeneficial owner, the authorized representative and other Customer and the mandatory fields of information necessary for the management of the economic and personal activities;
Customer risk classification and maintenance and use of the scoring system by providing assessment of Client risk factors, determination of risk type and allocation of appropriate numerical assessment;
Customer research and transaction tracking, ensuring the electronic due diligence documentation,storage and availability of decisions made, based on research, business intelligence as well as on the level of authority of the monitoring system users (for example, read-only/edit mode);
Monitoring "dormant" accounts by automated identification and additional verification of a transaction made from or to a dormant account;
Use of sanctions lists by providing maintenance, updating and use of intelligent sanctions lists (European Union lists, OFAC, UN, OFSI and Canadian list);
Identifying Clients who are politically exposed persons, their family members or persons closely related toa politically exposed person (collectively, "PEPs"), ensuring the preparation of automated alert messages, if the information of the Client, its true beneficiary, representatives is identifying a possible PEP;
AML/CFT risk exposure assessment, providing comparison of aggregated AML/CFT risk exposure indicators with the results of previous evaluation periods and the determination of their dynamic trends.
Possible characteristics to monitor could be changes of:
the nature and type of a transaction;
the frequency and nature of a series or pattern of transactions;
the amount of any transactions, paying particular attention to particularly large transactions;
the geographical origin/destination of a payment or receipt;
the parties concerned with a view to ensuring that there are no payments to or from a person on a sanctions list;
the Customer's normal activity or turnover.
Monitoring of Clients’ transactions and activity is carried out on a risk-based method, with high-risk Clients being subjected to additional and more frequent screening and observation. Transaction and activity monitoring must be undertaken throughout the course of the relationship held with the Client to ensure that the transactions and activity being conducted are consistent with the Client’s KYC, their business, source of funds and source of wealth where such needs to be determined.
The monitoring of complex, unusual and large transactions or unusual patterns of transactions must be examined and recorded in writing.
The monitoring of virtual asset transactions via check of virtual asset history with the use of a specialized IT tool.
Where the basis of the relationship changes significantly, the Company must carry out further Customer activity monitoring procedures to ensure that the revised risk and basis of the relationship is fully understood. Forgreater understanding, all “red flags” should be acted upon.
Company must ensure that any updated information obtained through meetings, discussions, or other methods of communication with the Customer is recorded and retained with the Customer's records. That information must be available to the Compliance Officer of the Company.
Ongoing monitoring of a Customer's activities will allow the Company to continue to build a profile of the Customer, and will entail the ongoing collection of CDD information.
15. INTERNATIONAL SANCTIONS
15.1. The Company shall be prohibited to perform any actions which are prohibited by the international sanctions and implemented by Canada under the United Nations Act (UNA), the Special Economic Measures Act (SEMA) or the Justice for Victims of Corrupt Foreign Officials Act (JVC FOA).
15.2. The Company shall be prohibited to conclude transactions whose execution would be in conflict with legislative acts mentioned in point 14.1.
15.3. The fulfillment of the obligations which appeared prior to the establishment of implementation of international sanctions must be terminated immediately or suspended for the duration of the implementation of international sanctions. It shall be prohibited to assume new obligations whose implementation would be in conflict with international sanctions implemented in Canada.
15.4. Upon the restriction of availability of accounts to the entities with respect to which international sanctions are implemented, expenses associated with routine holding of such accounts may be deducted from them, and payments due under transactions, concluded prior to the commencement of the implementation of international sanctions, may be added only if any deductions or additions shall not be made available to the entity with respect to which financial sanctions are implemented.
15.5. The Company has a screening solution, which is integrated to ensure that the Company is compliant with the international sanctions regime and implemented in legislative acts mentioned in Article 14.
15.6. The Company conducts real-time transaction screening on all transactions in relation to relevant lists of designated persons, groups and entities subject to financial sanctions.
15.7. The Customer screening solution ensures that all Customers registered IT systems of the Company and their beneficial owners, are screened against the relevant sanctions lists of designated persons,groups and entities during the onboarding and ongoing cooperation.  
16. OTHER PROVISIONS
16.1. Record keeping
The Company complies with provisions of the Proceeds of Crime (Money Laundering) and Terrorist FinancingRegulations. By doing so, we:
Maintain a full audit trail for KYC, CDD and EDD performed on our potential (in cases when the person or a corporate entity has not been onboarded) and actual Clients including information about UBOs and information accompanying transfers of funds;
For five years from the date of termination of transactions or business relationships with the Customer, keep a register of the Customers with whom transactions or business relationships were terminated due to the refusal to submit additional information in specified time limits;
For five years from the date of termination of transactions or business relationships with the Customer,keep copies of identity documents of the Customer, the identity data of the beneficial owner, the identity data of the beneficiary, selfie photographs, direct video streaming/direct video broadcasting recordings and/or photographs, other data received at the time of onboarding;
For five years from the date of termination of transactions or business relationships with the Customer,in electronic and paper form keep business correspondence with the Customer;
For five years from the date of execution of the monetary operation or conclusion of the transaction, keep transaction data and data relating to the execution of those transactions;
For five years from the date of termination of transactions or business relationships with the Customer, keep records of financial investigations of suspicious Client activity or transactions.
Every record that is required to be kept under Regulations shall be retained in such a way that it can be provided to an unauthorized person within 30 days after a request is made to examine it.
The Company maintains following AML/CFT-related registers:
Customer register (containing main information regarding Company’s clients, including: registration information, directors, beneficial owners, cooperation status etc.);
Suspicious Transaction Report register.
Access to the register is controlled through logging and assigning access rights. Some registers will be kept in the CRM system for the ease of use as well as for continuous data backup.
16.2. Reporting
As soon as any transaction was flagged by the internal monitoring system, the Compliance Officer reviews the flag and files the result in the designated investigation file for audit trail.As an MSB, the Company is obliged to submit a STR to the FINTRAC in respect of any suspicious or inconsistent actions/information that may come to use or be known to the Company as part of its usual business. This includes where the Company suspects or has reasonable grounds to believe or suspect that a person is engaged in, or is attempting, money laundering or terrorism financing.A Compliance Officer is responsible for reporting STRs to the FINTRAC as soon as an incident or suspicion arises but not later than until the end of the next business day from the moment when such information comes to the attention of the Compliance Officer.
All documents relating to money laundering reporting, business transactions, Client identification and Customer Due diligence are being retained for a minimum of five years.
Using all the information available at the time, the Compliance Officer makes an informed decision using sound judgment as to whether there are reasonable grounds for knowledge or suspicion of money laundering and to enable him/her to prepare the report for the FINTRAC, where appropriate.
Customer due diligence
Customer Due Diligence (CDD) is the process through which the identity of a Customer is verified. CDD also incorporates the process for determining whether such person is acting on behalf of another person, the purpose and intended nature of the business relationship, source of wealth and funds and the ongoing monitoring of activities of the Customer. The concept of CDD does not relate to Customers only but it extends to all persons with whom the Company has established a business relationship including employees, which is dealt in further on in these procedures.
The Compliance Officer is responsible for the CDD process and are required to perform such due diligence inline with these requirements.
At Customer onboarding, all the Customers’ names (including shareholders’ names, UBO’s, directors’ names, company’s names and agents’ names) shall be immediately checked on Sanctions, Adverse Media and PEP screening. The Compliance Officer shall review any alerts or notifications received and compare these with the Customer’s details in order to determine whether the notification relates to a positive match. The evidence relating to the above reviewing undertaken by Compliance Officer are filed on the relative Customers’ file.
The Compliance Officer will file any STRs and/or make any reports directly to the FINTRAC if necessary.
Identification and Verification Process
Identification is the process of obtaining personal details and other relevant information on the Customer. The information obtained on natural persons (individual) and legal persons (such as in the case of companies, partnerships etc.) would vary accordingly.
Verification takes place by making reference to documents, data or information obtained by the applicant for business. In order for verification to be completed in line with applicable legislation, the documents obtained from Customers need to satisfy the following criteria:
They have to be reliable; and
Issued from an independent source such as a government authority, department or agency, a regulated utility company such as telephony companies, water and electricity providers or a subject person carrying out relevant financial business in Canada or in an equivalent jurisdiction.
The identity document used to ascertain identity must be authentic, valid and current.
Relevant financial businesses include banks/credit institutions, investment services firms, insurance companies,insurance broking firms, financial institutions, and administrative service companies, collective investment schemes that are licensed and regulated either in Canada, U.S., EEA or other equivalent jurisdictions.‍
Identification and Verification of Documentation and Process
Individual/Natural Person:
A. Application Form
B. Name Check
C. Identification:
1. Official full name;
2. Place and date of birth;
3. Permanent residential address;
4. Identity reference number, where available; and
5. Nationality;
6. Occupation.
D. Verification:
1. Proof of Identity which includes a photographic image of the individual. Acceptable proof of identity can be one of the following documents: a valid unexpired passport, national or other government-issued photo identification document
AND
2. Proof of Address (either/or) which includes either:
i. A statement or reference letter issued by a recognized credit institution not older than 3 months;
ii. A recent utility bill not older than 3 months. Utility bills are services provided in relation to the residential premises and exclude mobile phone bills;
iii. Correspondence from a central or local government authority, department or agency not older than 3 months;
iv. Any proof of identity (as per above) and which has a clear indication of residential address (not expired);
v. An official conduct certificate not older than 3 months; or
vi. Any other government-issued document containing the declared address, not older than 3 months;
N.B.: The Customer can provide a utility bill, bank statement or any other document received through electronic means or downloaded electronically as long as he/she can prove that the document was received electronically. For example, the URL is usually displayed at the bottom of the page in case of downloaded bills or bank statements. QR and barcodes, where available, should be used to verify the bill.
Other documents may be used if they are listed in Annex 5 to the FINTRAC Guidance on the methods to verify the identity of an individual and confirm the existence of a corporation or an entity other than a corporation.
Private/Public Companies or Partnerships:
A. Application Form (as applicable)
B. Name Checks of all corporate and/or business name/s; persons listed on the corporate structure chart,directors, agents, legal and judicial representatives and ultimate beneficial owners
C. Identification
1. Official full name of legal person;
2. Registration number; and
3. Date of incorporation or registration; and
4. Registered address or principal place of business.
D. Verification
1. Certified true copy of the certificate of incorporation;
2. Certified true copy of the Memorandum and Articles of Association or Partnership Agreement;
3. Company search confirming that the Company is not dissolved, struck off, wound up or terminated.Where this is not possible the certificate of good standing and incumbency shall be obtained;
4. Identification of directors: full name, place and date of birth, residential address, ID number/passport,nationality;
5. Proof of identity and proof of address (see above) of persons vested with legal and judicial representation;
6. Proof of identity and proof of address (see above) of agents and a certified true copy of board or partners' resolution;
7. Proof of identity and proof of address (see above) of ultimate beneficial owners owing of 25% or more;
8. Corporate structure chart showing ownership. Information on the structure chart shall be verified true independent sources or company registers or through written confirmations provided by lawyers,accountants or notaries that are in equivalent jurisdictions;
9. Description of nature of business and source wealth (financial performance);
10. Latest audited financial statements (not older than 2 years and if the company is obliged to undergo financial audit). Source of funds evidence is required in case of audited financial statements older than 2 years. Audited financial statements older than 3 years are not acceptable;
11. Shareholders’ register.
NB. In those cases where the Customer provides a utility bill, a bank statement or any other document that has been received or retrieved through electronic means (such as M&A’s, list of shareholders etc.).The downloaded or electronic version of such document would be considered to be equivalent to an original document, so long as the Company obtains proof that the document has been received or retrieved electronically by the applicant for business from the service provider or the issuer of the document. Where the documents are obtained through electronic means by the company official, the relative documents should be saved and a note by the official stating that date and source from where such documentation has been retrieved is included. Bank reference issued from the bank of the association or foundation. The bank must be in an equivalent jurisdiction;
The Company may also consider a sight visit at the Customer’s premises physically or digitally.Such visit should provide ‘see and feel’ of the business of the Customer.
Bank reference issued from a bank in equivalent jurisdiction; or
Evidence of source of funds and/or wealth. In case of the latter the Customer may provide a statement of affairs confirmed by the Customer’s lawyer in Canada.
Audited financial statements (not older than 2 years and if the company is obliged to undergo financial audit) or certified bank account statements fort the period of 3-6 months.
Annex 1 – Prohibited industries
The Company does not engage in business activities with corporate entities involved in the following activities:
Shell banks and shell corporations as well as other entities which provide services to shell banks and shell corporations
Financial institutions or other corporate entities:
‍without physical presence in any country/jurisdiction
with no connection to real business activity
without a factual business address
company is registered in jurisdiction with lack of reporting obligations
Companies offering bearer shares
N/a
Cash collection services
N/a
Debt recovery services
N/a
Detective service
N/a
Unlicensed Forex and/or investment services
‍Investment services and investment ancillary services, when the service provider is not properly licensed in Canada or in another country, where the legislative requirements of anti-money laundering and terrorism financing are equivalent to the Canadian legislation.;
unlicensed foreign currency exchange intermediary services (such as forex dealers, binary options).
Unlicensed Gambling and unregulated lottery
‍Bidding services‍
‍Sports forecasting or odds making;‍
‍Online slots machines;‍
‍Online gaming;‍
‍Cash prized fantasy leagues;‍
‍Online card games;‍
‍Casinos;
Firearms
Business industries which take any part in production or sale of firearms, their parts, explosives, gunpowder or ammunition.
Adult entertainment and paraphernalia
Pornography and any other media offering sexually related services such as prostitution, adult live chat or webcam, escorts and paraphernalia.
Legal and illegal substances (including medical marijuana)and paraphernalia
Marijuana dispensaries, steroids and other medical substances (including paraphernalia) which company identifies as prohibited.
Cyberlockers, IPTV
Anonymous file storage service providers, download websites, IP based TV channel streaming websites.
Multi-level marketing
‍Pyramid schemes - e.g. Ponzi scheme. A pyramid scheme is an illegal investment scam based on a hierarchical setup of network marketing.‍
‍Network marketing. Network marketing is a business model that depends on person-to-person sales by independent representatives, often working from home. A network marketing business may require you to build a network of business partners or salespeople to assist with lead generation and closing sales.‍
‍Referral marketing programs.
Pawnshop services
N/a
No-value-added services
Resale of services without added benefit such as government offerings or sites which are deceptive or predatory towardsCustomers.
Used cars dealerships
Sale of second-hand vehicles.
Unregulated auctions
N/a
Tobacco and alcohol productsdistribution
N/a
Annex 2 – Prohibited Jurisdictions
Abkhazia
Afghanistan
Albania
American Samoa
Bahamas
Barbados
Belarus
Botswana
Cambodia
Central African Republic
Crimea
Democratic Republic of the Congo
Cuba
Donetsk National Republic (DNR)
Ethiopia
Ghana
Haiti
Iran
Jamaica
Kashmir
Lebanon
Libya
Luhansk National Republic (LNR)
Mauritius
Mali
Mongolia
Myanmar
Nagorno Karabakh
Nicaragua
North Korea (Democratic People's Republic of Korea)
Nigeria
Pakistan
Panama
Palestine
Puerto Rico
Russia
Samoa
Senegal
Somalia
South Ossetia
South Sudan
Syria
Trinidad and Tobago
Ukraine Crimea and Sevastopol(Crimea)
Uganda
Vanuatu
Yemen
Zimbabwe
Annex 3 – Offences for MSBs in case of violation of ML/TF regulation
The ML/TF legislation creates a number of criminal offences relating to money laundering.
As a company involved in the provision of money services, both the company itself and our employees must be aware of these offences, as they could result in heavy penalties for the MLRO, the senior management and/or the employee.
Non-compliance with Parts 1 and 1.1 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act may result in criminal or administrative penalties. Both criminal and administrative monetary penalties (AMPs)cannot be issued against the same instances of non-compliance.
Annex 4 – Additional useful information (links)
Following websites contain the details of different issues discussed in this document:
Regulations
FINTRAC https://www.fintrac-canafe.gc.ca/intro-eng which has detailed information on anti-money laundering regulations
Royal Canadian Mounted Police https://www.rcmp-grc.gc.ca/en/economic-financial-crime WOLFSBERGGROUP PRINCIPLES https://www.wolfsberg-principles.com/wolfsberg-group-standards
International Card Organisations:
VISA Europe http://www.visaeurope.com MasterCard -http://www.mastercard.com/
Screening and monitoring tools
Interpol most wanted list https://www.interpol.int/en/How-we-work/Notices/View-Red-Notices
Consolidated     Canadian     Autonomous     Sanctions    List    https://www.international.gc.ca/world-monde/international_relations-relations_internationales/sanctions/consolidated- consolide.aspx?lang=eng
Office of Foreign Assets Control (OFAC) www.treasury.gov/ofac
EU Restrictive measures (sanctions) https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations/restrictive-measures-sanctions_en