INTERNAL PROCEDURE FOR ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM
The purpose of the procedure is to implement financial security measures and other regulatory obligations at the obligated institution, in accordance with the Act on anti-money laundering and combating the financing of terrorism. The procedure contains a set of internal regulations that are undertaken in the obligated institution in cooperation with dedicated state and international bodies to combat and prevent the above crimes. Since the goal of the obligated institution is to operate transparently, in accordance with the law and principles of social intercourse, this procedure is intended to prevent the use of the services it offers in an unlawful manner. The procedure therefore applies to employees, associates as well as contract, temporary or agency workers, interns, volunteers and trainees (hereinafter all collectively as "associates"). The basic activities and actions to implement statutory obligations are the application of financial security measures and ongoing risk analysis to prevent money laundering or terrorist financing. The internal procedure is subject to ongoing review and updating as necessary.
The procedure has been developed and is applied in the entity, indicated below, which is also referred to as an OBLIGATED INSTITUTION:
D&H MEDIA SERVICES SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ |
|
Address: |
HOŻA 86/210, 00-682 WARSAW, POLAND |
TAX ID: |
7011162135 |
Date of introduction of the procedure: |
23.10.2023 |
The services the entity provides:
- exchange services between virtual currencies, as well as between virtual currencies and means of payment
Services that the entity does not provide:
- services of exchange of fiat currency for another fiat currency
- payment services according to the Payment Services Act (the entity especially does not accept deposits and does not transfer funds)
AML (anti-money laundering) – anti-money laundering – a set of activities, procedures and regulations created to prevent criminal activities related to money laundering;
Beneficial owner – a natural person or persons exercising direct or indirect control over a client through the powers they have, which arise from legal or factual circumstances, enabling them to exercise decisive influence over the actions or activities undertaken by a client or a natural person or persons on whose behalf business relationships are established or the occasional transaction is carried out;
PEP's close associate – a natural person who is the beneficial owner of a legal entity, organizational unit without legal personality or trust jointly with PEP or who has other close relations with PEP in connection with its business activities, as well as a natural person who is the sole beneficial owner of legal entities, organizational unit without legal personality or trusts known to have been established for the purpose of obtaining an actual benefit from PEP.
Account blocking – temporarily preventing the use and disposition of all or part of the assets accumulated in the account (in case the obligated institution provides account services);
PEP's family member – spouse or person in common cohabitation, child of PEP or his spouse or person in common cohabitation, parents.
CFT (combating the financing of terrorism) – counter-financing terrorism – a set of activities, procedures and regulations created to prevent criminal activities related to terrorism;
Terrorist financing – an offence against public security involving the accumulation, transfer or offering of assets in order to finance a terrorist offence, or the provision of assets to a person or an organised group with the aim of committing such an offence (in detail, an act defined in Article 165a of the Act of 6 June 1997, the Criminal Code);
GIIF – General Inspector of Financial Information, a government administration body competent in anti-money laundering and combating the financing of terrorism;
Obligated institution – entrepreneurs, companies, and institutions that are obliged to analyze transactions and provide information on suspicious transactions to the GIIF;
Senior management – management board member, director or employee of the obligated institution with AML/CFT expertise related to the organization's operations and decision-making that affects risk and as such, responsible for carrying out statutory obligations;
Client – a natural person, legal entity or organizational unit without legal personality, to whom the organization provides services or for whom it performs activities falling within the scope of its professional activity (including with whom the organization establishes business relationships or on whose behalf it carries out an occasional transaction);
Politically exposed person (hereinafter PEP) – natural person holding a significant position or performing a significant public function;
Employee – the natural person performing duties for the obligated institution regardless of the legal form on the basis of which the cooperation was established (employment contract, contract of mandate, cooperation contract, and others).
Money laundering – an activity aimed at introducing into legal circulation money originating from illegal sources or used to finance illegal activities (specifically, an act defined in Article 299 of the Act of 6 June 1997, the Criminal Code);
Information processing – any operation performed on information, in particular, their acquisition, collection, consolidation, storage, editing, sharing, and deletion (the term is also understood as information stored in a computer system);
Business relationships – relations of the organization with a client related to the company's professional activities, which, at the time of establishment, show the characteristic of permanence;
Transaction – a legal or factual act on the basis of which is made the transfer of ownership or possession of assets, or a legal or factual act made for the purpose of transferring ownership or possession of assets;
Occasional transaction – a transaction carried out not within the framework of economic relations;
Act – the Act of 1 March 2018 on anti-money laundering and counter-terrorist financing;
Assets – property rights or other movable property, real estate, means of payment, financial instruments, other securities, foreign exchange, virtual currencies (including cryptocurrencies);
Suspension of transactions – temporary restriction of the use and disposal of assets consisting in preventing a single transaction or more transactions;
In the absence of a written designation and the acceptance of these duties by another person, they are all members of the management board of the obligated institution (senior management). This provision should be treated as the designation of a responsible person in accordance with the statutory regulation. The primary person performing these duties is the President of the Management Board or the owner of the obligated institution in case the President of the Management Board has not been singled out. The responsibilities include implementing statutory regulations, ensuring compliance of the activities of the obligated institution and its employees and other persons performing activities for the entity, as well as providing notifications of statutory requirements. The Obligated Institution will appoint one or more persons to fulfil the statutory obligations contained in the Act, depending on the legal form of the business.
Accordingly, upon commencing work/cooperation with an obligated institution, these individuals and persons performing AML/CFT duties and become familiar with this procedure and receive training on AML/CFT (possibly in the form of an online video).
Means gathering information about the client based on own sources, publicly available information and based on information and documents provided by a client.
It means classifying a client into the appropriate risk category (low, standard, high) based on the methodology developed and used in the organization.
Record of client risk with an assessment in the form of a so-called client file (may be maintained electronically), which must include:
In particular, the following criteria should be taken into account to determine client risk:
The risk analysis takes into account:
Frequency of updating client risk assessment:
Recognition, assessment and updating of risk is carried out on the basis of forms filled out for each client meeting the conditions for the application of financial security measures to him. Based on the established information, points are assigned to the client, used to assign a client to a specific risk group, including the recognition and assessment of the level of identified risk. Recording of this activity is carried out by completing the Client Evaluation Sheet. In this Sheet, through the creation of a scoring system, the weight assigned to each risk assessment criterion/factor, influencing the final result of the analysis, as well as a list of alarm signals, arousing vigilance that translates into proceedings against a client or transaction to prevent incidents of money laundering or terrorist financing.
Characteristics of factors related to client risk analysis (sample calculation):
- a natural person,
- a natural person conducting a business activity,
- a commercial company,
- a commercial company admitted to trading on a regulated market,
- non-profit organization.
- scrap metal trading,
- fuel industry,
- services (e.g., car washes, laundromats, restaurants),
- construction industry
- the degree of corruption (clash with corruption maps),
- divergence of headquarters or residence from the usual client,
- tax haven headquarters (countries with harmful tax competition)
- origin from high-risk countries designated by the European Commission (by which is meant the countries listed in the Directive of the European Parliament and of the Council (EU) 2015/849 or any other current legal act) or recognized as such by the obligated institution, which as of the date of introduction of the procedure is meant at least:
1 |
Afghanistan |
2 |
Bahamas |
3 |
Barbados |
4 |
Botswana |
5 |
Cambodia |
6 |
Ghana |
7 |
Iran |
8 |
Iraq |
9 |
Jamaica |
10 |
Democratic People's Republic of Korea (DPRK) |
11 |
Mauritius |
12 |
(deleted) |
13 |
Myanmar/Burma |
14 |
Nicaragua |
15 |
Pakistan |
16 |
Panama |
17 |
Syria |
18 |
Trinidad and Tobago |
19 |
Uganda |
20 |
Vanuatu |
21 |
Yemen |
22 |
Zimbabwe |
In the case of a client risk assessment, the obligated institution's associates consider the client's behaviour and evaluate it for abnormal behaviour. In such a situation, an employee of the obligated institution should include this factor in the risk assessment. A situation that should draw the associate's special attention is the presence of an additional person at the transaction, especially when instructing the client on what to do.
Evaluate a client for contracts and transactions that are inconsistent with its business profile - if its behaviour cannot be reasonably explained, this should be included in the risk assessment.
The absence of a client at the conclusion of the contract and also during the relationship is considered a higher risk factor.
If a client intends to provide new services, offer new products or distribution channels or technologies, this could lead to an increase in AML/CFT risk. This risk will not always relate directly to a client, but needs to be assessed in terms of the security of the obligated institution.
If a client has the status of a politically exposed person, a family member of such a person, or is a person known to be a close associate, or the person is on a warning or sanction list this is a significant factor for increased risk assessment.
The lower risk may be evidenced by the fact that a client is:
A lower risk may also be evidenced by linking the business relationship or occasional transaction to:
The increased risk may be evidenced in particular:
- a legal entity or organizational unit without legal personality, whose activities are used to store personal assets,
- a company in which bearer shares have been issued, whose securities are not admitted to organized trading, or a company in which the rights of the shares are exercised by entities other than shareholders,
- a high-risk third country,
- a state described by reliable sources as a state with a high level of corruption or other criminal activity, a state that finances or supports the commission of terrorist acts, or with which the activities of terrorist organizations are linked,
- a country against which the United Nations or the European Union has decided to impose sanctions or specific restrictive measures.
Absolutely high AML/CFT risk occurs in particular when:
Risk mitigation is achieved by completing a client assessment sheet, including the introduced scoring, to assist in determining the degree of risk identified. In addition, with the intention of mitigating risk, the Obligated Institution uses the records presented in the General Principles Model operating in its business, completing the solutions introduced, and applies the procedure for monitoring transactions and reporting suspicious transactions (STR).
- of the equivalent of EUR 15,000 or more, regardless of whether the transaction is carried out as a single operation or several operations that appear to be related, or
- which represents a transfer of funds for an amount exceeding the equivalent of EUR 1,000;
- with the use of virtual currency of the equivalent of EUR 1,000 or more - in the case of mandatory institutions referred to in Article 2, section 1, item 12 of the Act
Simplified financial security measures are allowed at where a risk assessment confirms a lower risk of money laundering or terrorist financing.
Enhanced security measures are applied in case of a higher risk of money laundering or terrorist financing and, in particular, in case of clients coming from or based in a high-risk third country. Enhanced safeguards may consist, in particular, of verifying the client with more than one of the required documents.
Financial security measures include:
- verify his identity,
- determine the structure of ownership and control - in the case of a client that is a legal entity, an organizational unit without legal personality or a trust;
- analysis of transactions carried out within the framework of the business relationship to ensure that these transactions are consistent with the obligated institution's knowledge of the client, the type and scope of its business, and consistent with the money laundering and terrorist financing risks associated with that client,
- investigation of the source of assets at the disposal of the client - in cases justified by the circumstances,
- ensuring that the documents, data or information in its possession regarding business relations are kept up to date.
The execution of the above financial security measures is done manually. The practical manner in which financial security measures are applied is determined by the AML records used to fulfil the obligations of the Act, including the charters, forms and notes introduced. With the help of these documents, the practical application of the above measures is carried out based on the principles established in these documents. Any person acting for the Obligated Institution in fulfilling its AML/CFT obligations should use the forms in question when dealing with clients.
Determination of whether a client is a politically exposed person is made by the client's declaration before using the service and ongoing checking of the information obtained to identify and verify the person. The client shall make a declaration that he is not a person holding such a position with the clause "I am aware of the criminal liability for making a false declaration".
Includes the determination of his name and, where possible, the data indicated in point 3 above designation ii-vi.
Verification consists in confirming the established identification data of the persons in item 3 above, based on:
An important role is played here by the declaration made by the client of the obligated institution, related to the purpose of establishing a business relationship or carrying out a transaction, the presented business model of the client including the established risks associated with this activity, the declaration made during the course of the business relationship, and unusual behaviour of the client deviating from the originally declared nature and purposes of establishing a business relationship or carrying out a transaction.
In order to fulfil the obligation referred to in Article 43, section 3 of the Act, the Obligated Institution conducts ongoing analysis of transactions, a process that in practical terms is included in the procedure for monitoring transactions and reporting suspicious transactions (STR).
The results of the ongoing analysis of the transactions The obligated institution documents a note in the form of a table, where it enters the individual transaction amounts, the date of the transaction, with the signature of the person making the entry, analysing whether the transactions deviate significantly from the obligated institution's knowledge of the client, the type and scope of its business, and whether the transactions are consistent with the money laundering and terrorist financing risks associated with that client.
According to the current regulations, if a risk analysis is conducted showing that a transaction is to be carried out with a politically exposed person (as a client or beneficial owner) or a family member of such a person or a person known to be a close associate of such a person, the obligated institution MAY carry out such a transaction. In such a case, however, the person conducting the transaction obtains the approval of senior management for such action, and the obligated institution:
An obligated institution shall apply enhanced financial security measures in cases of higher risk of money laundering or terrorist financing, as well as in cases referred to in Articles 44-46 of the Act.
The application of enhanced security measures involves:
- the client and the beneficial owner,
- the intended nature of the business relationship;
In the case of a transaction related to a high-risk third country identified by the European Commission, an Obligated Institution, in addition to applying the financial security measures referred to in Article 44, section 1 of the Act, shall take at least one of the following actions to mitigate the risk associated with such transaction:
Enhanced financial security measures are applied in the situations referred to in section 3 of this procedure in the event of identification of elevated and absolutely high client risk.
The obligated institution and its employees are required to document the financial security measures in place, e.g. by making copies of documents, screen shots with the date, or in any other way. Records are kept for a period of 5 years from the date of termination of business relations with the client or from the date of the occasional transaction. Documents are stored in a manner that ensures their security and in accordance with data protection regulations. These issues are governed by separate internal procedures.
The purpose of the procedure is to identify events, situations that trigger the obligation of the obligated institution to report, report to the GIIF. The reporting obligation of the obligated institution consists of:
In a situation where a reasonable suspicion is raised that a certain transaction or certain assets may be related to money laundering or terrorist financing, or in a situation where there is a suspicion that these crimes have been committed, notifications are made to the GIIF, fulfilling the obligation under Articles 74, 86 and 90 of the Act on anti-money laundering and combating the financing of terrorism.
For example, notification to the GIIF is given in the following cases:
Suspicion may also be aroused by situations other than those mentioned above, in case of reasonable circumstances, such as the coincidence of IP addresses from which transactions are carried out, the use of e-mail with the @protonmail.com domain, making transactions with the same user logging in from different accounts.
Registration is done electronically via the website https://www.giif.mofnet.gov.pl/#/glowna
The organization also cooperates with authorities when information is requested.
The organization is obliged to immediately notify the GIIF in case of a reasonable suspicion that a particular transaction or assets may be related to money laundering or terrorist financing. An employee, associate, trainee and any other person who will have a reasonable suspicion of the above shall provide the Management Board with information on the subject by e-mail or verbally. The deadline for submitting the information is immediate. The Management Board shall decide without undue delay on the further fate of the application. Since the confirmation of acceptance of the notification, the obligated institution does not carry out transactions.
An obligated institution, excluding domestic banks, branches of foreign banks, branches of credit institutions and cooperative savings and credit unions, shall immediately notify the competent public prosecutor if it has a reasonable suspicion that the assets transacted or accumulated in the account originate from or are related to a crime other than the crime of money laundering or terrorist financing or a fiscal crime.
The obligated institution shall apply the formal requirements, related to the application, specified in the Act.
Senior management provides access to knowledge of anti-money laundering and combating the financing of terrorism regulations among their associates, including employees. This involves, in particular:
The obligated institution shall ensure that employees participate in training programs on the implementation of AML obligations, taking into account issues related to the protection of personal data. The training programs referred to above shall take into account the nature, type and size of the activities carried out by the obligated institution and shall provide up-to-date knowledge in the implementation of the obligations of the obligated institution, in particular the obligations referred to in Articles 74, section 1, 86, section 1 and 89, section 1 of the Act.
The completion of training by an employee, is documented by the issuance of a certificate by the training provider and a declaration of training, signed by the employee.
A procedure has been implemented at the obligated institution that allows employees and other persons performing activities (hereinafter referred to as "other persons") for the benefit of the obligated institution of actual or potential violations of AML and CFT regulations. The procedure is that these people have been provided with an e-mail address to which they can make submissions. Submissions can also be made anonymously in this regard. Accordingly:
- stopping the transaction,
- reporting suspected crimes,
- reporting to the GIIF.
In the above regard, this procedure also refers to the introduced procedure for anonymous reporting of AML/CFT violations.
Senior management:
For this purpose, an internal control and supervision report is prepared in accordance with the requirements and development of the obligated institution.
In the case of the risk analysis performed, as well as the identification and verification of the client, if a discrepancy is noted between the information collected in the Central Register of Beneficial Owners and the information on the client's beneficial owners established in connection with the application of the Act, an annotation is made in the client Profile.
If discrepancies are discovered between the information collected in the Central Register of Beneficial Owners and the established information on the beneficial owner from the client, there is an obligation to note these discrepancies and to take steps to clarify the reasons for the discrepancies. The obligated institution is required to contact the client, explain the client's determination of the beneficial owner, explain the client's determination of the ownership and control structure, explain whether the obligated institution's determination of the beneficial owner and ownership and control structure of the client was correct, explain for what reason the client considered the person to be the beneficial owner, collect new information and documents.
If the recorded discrepancies are confirmed, t is mandatory to provide the authority in charge of the Registry with verified information on these discrepancies, together with the reasons and records for the recorded discrepancies. Applications are made electronically via the website https://crbr.podatki.gov.pl/adcrbr/#/ under the "Report a discrepancy" tab.
One type of discrepancy is the failure to report information on beneficial owners to the CRBR (CRBR - Central Register of Beneficial Owners). This is because the failure to report the information to the Central Register of Beneficial Owners should be read as a declaration by the client that the natural person is not the beneficial owner of the entity required to report the information to the Central Register of Beneficial Owners.
Verification of the beneficial owner can be done not only on the basis of a document from the registry, but also on the basis of, for example, a memorandum of association or a company’s share transfer agreement.
The Obligated Institution shall make a note of the above activities.
In the event of difficulties in connection with the verification of the identity of the beneficial owner and actions taken in connection with the identification as the beneficial owner of a natural person holding a senior management position, an annotation to this effect is made in the client Profile. This is an exceptional situation, so the rule is to determine the beneficial owner in accordance with the earlier provisions of this procedure.
The obligated institution uses this method of determining the beneficial owner in situations:
The obligated institution shall document the following actions taken to verify the identity of the beneficial owner and the actions taken in connection with the identification as the beneficial owner of a natural person in a senior management position:
In order to fulfil the above obligation, the Obligated Institution has introduced a form to fulfil the obligation in question. Among other things, it contains a field to be filled out in connection with the identification of difficulties with verifying the identity of the beneficial owner.
With the purpose of not executing transactions or entering into business relations with persons who are on sanction lists, as well as fulfilling the obligations of Articles 117-119 of the Law, the Obliged Institution checks clients data in the sources located at the following web addresses:
Verification of the client on the sanction lists is carried out by one or more methods:
The Obligated Institution may retain a screenshot, but this is not required.
Verification of the client on the sanction lists takes place at the time of establishing a business relationship/conducting a transaction for which financial security measures are carried out. The updating of client information in the above-mentioned regard is carried out at the time of updating other client information related to the nature and purpose of the business relationship.
If a client is disclosed on the above-mentioned lists (in terms of specific restrictive measures), the following are applied:
(a) the freezing of property values owned, held, controlled directly and indirectly by persons and entities, as well as the benefits derived from such property values, by which is meant the prevention of their transfer, alteration or use, as well as the carrying out of any operation with the participation of such values in any way that may cause a change in their size, value, place, ownership, possession, nature, purpose or any other change that may enable benefits to be derived from them;
(b) not making property values directly or indirectly available to or for the benefit of persons and entities, which means, in particular, not granting loans, consumer credit or mortgages, not making donations, not making payments for goods or services.
At the same time, the obliged institution may use a broader catalog of sanction lists, especially in the case of the application of increased financial security measures or any other need in view of the determination of such a need, applying to the circumstances or established/established risks. The full catalog as to sanction lists (also listed above) includes:
The Obliged Institution may select other lists on an ongoing basis, even if they do not fall within the scope of the procedure (sanctions policy), according to the existing risks and information acquired. The databases of sanction lists are updated by the Obliged Institution, using a re-search for Client with whom business relations have been established (during their duration).
If a Client appears on one of such lists, the Obliged Institution:
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
DHCOINX October 2023