Web Analytics

Maize

Escrow

}

Hungrybirds

We working 01.00 AM - 05.00 PM, GMT-0

AML & KYC

Company Procedure Rules


1. General provisions


1.1. The company's procedural rules (hereinafter referred to as the Rules) establish and describe the measures applied in the company aimed at controlling and reducing the risks of money laundering and terrorist financing in the company's activities.

1.2. These Rules include annexes and may be read in conjunction with them only. At the time of writing, the Regulations include the following annexes:


  • annex 1 - Procedure for submitting notifications to the FIU.

1.3. These Rules are binding on all employees of the company.

2. Terms and concepts


2.1. The company is chiaforksexchange.com

2.2. Customer - a person who personally or through third parties:


  • intends to use the company's services;

  • uses the company's services;

  • intends to make a deal with the company;

  • made a deal with the company.

2.3. The real beneficiary is a natural person who exercises control over the transaction, operation or other person, using his or her influence and in the interests, for the benefit or at the expense of which the transaction or transaction is performed. For legal entities, the real beneficiary is the natural person who ultimately owns the shares, units, voting rights of the commercial association or exercises ultimate control over the management of the commercial association in at least one of the following ways:


  • holding more than 25% of shares, units or voting rights through direct or indirect ownership or control, including forms of bearer shares or units;

  • otherwise controlling the management of the legal entity.

2.4. Commercial relationship - a relationship of a company that arises from the conclusion of a long-term contract in economic and professional activity for the provision of a service or sale of goods by the company or for delivery in any other way, as well as a relationship of a company that is not based on a long-term contract, but in which at the time of making the contact a known duration could reasonably have been expected and during which the company re-commences in the provision of a service or an official transaction or in the supply of goods to a department of the company or a department of the company.

2.5. Single transaction - a transaction made by the company with the client outside of commercial relations.

2.6. Risk is the probability of money laundering and terrorist financing. It is an assumed value prior to the application of measures aimed at reducing the risk level.

2.7. Residual risk is the probability of money laundering and terrorist financing after all necessary measures aimed at reducing the risk have been applied.

2.8. Risk factors are circumstances that, together or individually, can increase or decrease the risk in a single business relationship or a single transaction.

2.9. Integrity measures - a set of mandatory statutory actions and procedures used by the company to reduce risk in the conduct of business.

2.10. FIU - Estonian Money Laundering Data Bureau (Est. "Rahapesu andmebüroo").

2.11. Money laundering is the conduct with or instead of property obtained as a result of a crime:


  • concealment or non-disclosure of the true nature, origin, location, mode of disposition, movement, ownership or other property-related rights;

  • Transformation, transfer, appropriation, possession or use to conceal or keep secret illegal origin or to assist a person who has engaged in criminal activities so that that person can evade the legal consequences of his or her act.

  • giving a legal form to ownership, use or disposal, i.e. transferring property from the shadow, informal economy to the formal economy in order to be able to use the property openly and publicly.

2.12. Financing of terrorism is the financing or other known support of the following acts:


  • COMMITTING A CRIME DIRECTED AGAINST INTERNATIONAL SECURITY, AGAINST AN INDIVIDUAL THAT POSES A THREAT TO HUMAN LIFE OR HEALTH, A CRIME AGAINST THE ENVIRONMENT, A CRIME DIRECTED AGAINST A FOREIGN STATE OR INTERNATIONAL ORGANIZATION, OR A GENERAL CRIME, PRODUCTION, DISTRIBUTION OR USE OF PROHIBITED WEAPONS, ILLEGAL SEIZURE OF PROPERTY, DAMAGE OR DESTRUCTION OF PROPERTY IN A SIGNIFICANT AMOUNT, OR INTERFERENCE WITH COMPUTER DATA OR OBSTRUCTION OF ITS FUNCTIONINGbelonging to a community that has a stable character and consists of three or more persons, with the division of responsibilities between them, whose activities are aimed at committing a crime specified in paragraph 2.3.1. of these Rules, as well as the creation of such a community, its management or recruitment of its members;

  • Organizing or receiving training for the purpose of committing an offence specified in paragraph 2.3.1. of these Rules, or recruiting a person or preparing such an offence in any other way, as well as publicly calling for the commission of such an offence;

  • ensuring availability or collection of funds, if it is known that they can be used in whole or in part to commit a crime specified in paragraph 2.3.1. of these Rules.

2.13. RahaPTS - Anti-Money Laundering and Terrorism Financing Act. The text of the law is here: https://www.riigiteataja.ee/en/eli/509012020001/consolide.


3. Data collected in the absence of an obligation to apply due diligence measures


3.1. If there is no obligation to apply the diligence measures, the company asks the customer for the following data:

3.2. customer's first and last name or name;

3.3. for individuals - personal code or date and place of birth of the client;

3.4. for legal entities - the name of the director and the data confirming the representative's authority, register code or number and time of registration of the company;

3.5. the customer's residential address or location;

3.6. the purpose of the deal.

3.7. It is the Company's responsibility to ensure that the data obtained is reliable.

3.8. Conclusion of transactions and establishment of commercial relations with clients who have not provided the data specified in clause 3.1. is not allowed.


4. General principles for the use of integrity measures


4.1. The diligence measures must be applied in such a way that the company has a reasonable opinion on the sufficiency, correctness and legality of the measures applied.

4.2. The purpose of the application of diligence is to comply with the principle of "know your customer". The purpose of this principle is the situation in which the company understands who is the client of the company, what service the client wants to purchase, why he needs this service and whether the client's desire corresponds to his activity, capabilities and knowledge.

4.3. Integrity measures must be applied before a transaction is made or a commercial relationship is established, except as specifically stated in the Regulations.

4.4. The Company is obliged to apply due diligence measures in the following cases:


  • in creating a commercial relationship with a client;

  • in case of a single transaction or transactions with a client if the value of the transaction or several transactions together exceeds EUR 15,000 for 1 year;

  • to monitor and update data previously obtained through the application of the integrity measures;

  • when there is a suspicion of the sufficiency and reliability of data previously obtained through the application of security measures;

  • in monitoring the commercial relationship with the client;

  • if there is a suspicion of money laundering or terrorist financing.

4.5. An employee of the company who directly carries out the transaction on behalf of the company is responsible for applying the diligence measures. In any other case, the highest governing body of the company is responsible for the enforcement of the diligence.

4.6. If in the course of applying the diligence measures an employee suspects that the measures are sufficient, he or she must contact the highest governing body of the company or a FIU contact person for explanations and instructions.

4.7. All data obtained through the application of the integrity measures must be stored by the company in the manner prescribed by the Regulations.


5. Integrity measures used by the company


5.1. Identification of the customer and verification of the data provided from reliable and independent sources.


  • The purpose of this diligence measure is to establish the identity of the customer, so as to ensure that the company properly understands who is involved in the transaction or commercial relationship being created.

  • In order to apply the diligence measure, the company uses data and documents that enable proper identification of the customer and checks the data obtained with reliable and independent sources.

  • At the company's request, the person confirms the correctness of the documents and data provided by his signature.

  • To identify an individual, the company collects the following data:

  • full name (first name, surname, patronymic and other information that is a name and can be found in the "name" column of the identity document);

  • personal code (created in accordance with the standards of the country that issued the identity document and making it possible to establish the date of birth and sex of the person), and if not, the sex, date and place of birth of the person;

  • the place of a person's permanent or principal residence or, in the absence thereof, the place of the person's habitual residence;

  • if necessary, the profession, position and occupation of the person;


    • In order to identify an individual, the company is obliged to use at least one of the following documents:

    • the document specified in paragraph 2 of Article 2 of the Law on Identity Documents issued on the basis of the aforementioned law:


      • an ID;

      • digital ID;

      • residence permit card;

      • passport of an Estonian citizen;

      • a diplomatic passport;

      • a sailor's service book;

      • a foreigner's passport;

      • a temporary travel document;

      • a refugee travel document;

      • a navigation certificate;

      • a return certificate;

      • permission to return;

      • European return travel document.


    • a valid document (passport) issued in a foreign country that allows crossing the state border;

    • a driver's license that meets the requirements set forth in Part 1 Article 4 of the Law on Identity Documents;

    • or a child under 7 years of age - birth certificate, specified in Article 30 of the Civil Status Act;

    • notarized or duly certified or confirmed copy of the documents specified in 5.1.5.1. - 5.1.5.4. of the Regulations.

    • Identification of the legal entity

    • In order to identify the legal entity, the company collects the following data:

    • Name or name of the legal entity, including its legal form of organization;

    • the registration code, registration code or date and number of the registration, which clearly identifies the person in accordance with the law of the country where the person is established;

    • the name of the director or member(s) of the board or members of another highest governance body;

    • the authority of the persons mentioned in the previous paragraph in representing the legal entity;

    • the place of establishment of the person;

    • a place of business with which a person can be more connected;

    • contact details of the person;

    • The company may use the following documents to identify a legal entity:

    • the appropriate registry card;

    • a certificate from the relevant registry;

    • documents similar to those specified in paragraphs 5.1.7.1. and 5.1.7.2. of the Regulations or relevant constituent documents (including certificate of incorporation, certificate of good standing, partnership, deed of trust, memorandum and articles of association of a company, etc.).

    • While establishing the identity of the legal entity, the company shall be obliged to identify the individual who is the representative of the legal entity in accordance with the procedure for establishing the identity of the individual provided for in this Chapter.

    • In order to establish the identity of an association that is not a legal entity, a company is required to identify each member of such an association by applying the appropriate diligent measure to each of them.

    • Method of application of the due diligence measure

    • The application of the diligence measure specified in clause 5.1. shall take place with the physical presence of the identified person (person to person) or by IT means (video communication), if the monthly volume of outgoing payments when using the services of the company exceeds EUR 15,000 for an individual and EUR 25,000 for a legal entity. This rule applies regardless of the place of residence or registration of the identifiable person.

    • The application of the diligence measure specified in clause 5.1. can take place without the physical presence of the identified person and without the assistance of IT means, if the monthly volume of outgoing payments when using the services of the company does not exceed EUR 15,000 for an individual and 25,000 for a legal entity.


      • Paragraph 5.1.11. of the Regulation applies only if the place of residence or location of the person is within the EEA.


    • The purpose of application of the diligence measure specified in clause 5.1. with the physical presence of the identified person (person to person) or with the help of IT means (video communication) including comparison of biometry (image of the person) with the data specified in the identity documents received from the person.

    • Verification of the data obtained through reliable and independent sources in the application of the security measure to the individua

    • Verification of data collected for identification in accordance with paragraph 5.1.4. of the Regulations means obtaining confirmation of the reliability of data collected with the help of data obtained from reliable and independent sources.

    • When using a measure of diligence with the physical presence of a person or by IT means, as well as when using a duly certified copy of the document specified in clause 5.1.5. and the original document, the data obtained for proof of identity are considered to be obtained from a reliable and independent source.

    • In any other cases not specified in clause 5.1.13, data shall be deemed to have been obtained from reliable and independent sources if all the following conditions are met:


      • the data comes from two different sources;

      • A client with a medium or higher risk profile submitted his photo just before submitting the data, and the company was convinced of the validity of such photo;

      • the document has been issued or received from a third party who has no interests or connection with the client or company;

      • to determine reliability and independence there are no objective barriers and reliability and independence is clear to the person who is not connected with commercial attitude;

      • the data is timely and relevant, and the company can verify this.


    • Regardless of the choice of a reliable and independent source, the company must make sure:


      • the validity of the document provided;

      • to comply with the Identity Documents Act;

      • to match the photo in the document of the real appearance of the client;


    • The Company shall verify the reliability and reliability of the information channels through which data are transmitted, taking into account the client's risk profile and other identified risks.

    • Two different data sources when checking data for individuals

    • One of the data sources should always be:


      • document specified in clause 5.1.5. of the Regulations, including a colour and readable copy or image of such document;

      • a face image from a reliable and independent source;

      • for a client and a commercial relationship with a low risk profile - data obtained through the digital identification of the person.


    • A second source of data obtained from reliable and independent sources may be:


      • other document or image specified in 5.1.18.1. or 5.1.18.2. provided that the first source is another document or image;

      • data obtained through the digital identification of a person;

      • data on the person obtained from the Population Register or from a similar register that meets the requirements of p. 2. 5.1.15. of the Regulations;

      • information obtained from the control payment;

      • other biometric data (including fingerprint, face image);

      • information necessary to control the data provided by the person (including places of residence, work, study, etc.).

      • Verification of the data obtained through reliable and independent sources in the application of the due diligence measure to the legal entity


    • Verification of data collected for identification in accordance with paragraph 5.1.6. of the Regulations means obtaining confirmation of the reliability of data collected with the help of data obtained from reliable and independent sources.

    • When establishing the identity of a legal entity, data shall be deemed to have been obtained from reliable and independent sources if one of the following conditions is met:


      • The company is provided with the original document specified in paragraph 5.1.7. of the Regulation;

      • a duly certified copy of the document specified in clause 5.1.7. of the Regulations has been submitted to the company;

      • the company has access to the state register containing data on the legal entity.

      • The document issued from the registry, used to identify the legal entity, must not be older than 6 months from the date of issue.


    • In cases not specified in p. 5.1.21, data shall be deemed to have been obtained from reliable and independent sources if they meet the requirements specified in p. 5.1.21. 5.1.15. of the Regulations.

    • The documents used to identify the legal entity shall be duly legalized, if necessary - apostilled and translated.

    • Two data sources when checking data for legal entities

    • One of the sources of data for identification of a legal entity shall always be a document specified in 5.1.7.

    • The second source of data may be information necessary to verify the data provided by the person and obtained from reliable and independent sources.


5.2. Establishing the identity of the client representative, as well as establishing and controlling the representative's authority.



    • The purpose of this diligence measure is to establish the identity of the customer representative and to establish and control the powers of the customer representative to make a transaction or establish a commercial relationship.

    • In order to apply the diligence measure, the company shall use the data and documents allowing to properly identify the client representative, the source of the client representative's authority and the scope of rights within which the representative is entitled to act on behalf of the client.

    • The identity of the Customer's representative shall be established in the course of applying the measure of diligence specified in clause 5.1. Rules.

    • The Company determines the right of the representative to represent the client on the basis of the law and the documents provided.

    • If the right of representation is not based on the law, the document entitling to represent the client must contain the following data:

    • document name;

    • the date of issue or creation of the document;

    • the name of the person who issued the document;

    • the signature of the client or the client's legal representative.

    • The document authorizing the representative of a foreign legal entity shall be notarized or otherwise duly authenticated and legalized and, if necessary, translated and apostilled.

    • When determining the representative's authority, the company must ensure that the representative knows his client sufficiently.

    • The Securities Broker is obliged to monitor the scope of the representative's authority and provide services to the client only within the limits of the representative's authority.

    • Documents and data confirming the representative's authority must be retained by the company.


5.3. Setting the real beneficiary of the client



    • The purpose of this diligence measure is to identify the real beneficiary of the client, as well as his or her identity within the limits that allow to clearly identify who is the real beneficiary of the client and what are the ownership and control structures of the client.

    • Before making a single transaction or establishing a commercial relationship, the company must establish and understand the ownership and control structures of the client in order to establish the real beneficiary of the latter.

    • The company establishes the ownership and control structure of the client on the basis of oral or written explanations of the client's representative, unless the company has information that puts into question the data provided by the client's representative or unless the data provided by the client's representative contradicts the data obtained by the company in the course of establishing the real beneficiary of the client.

    • If during the review of the ownership and control structures of the client, the company found that the client has a real beneficiary, the company is obliged to establish the ownership and control structure of the real beneficiary, in order to establish the final real beneficiary of the client.

    • The real beneficiary does not need to be installed if:

    • the client is a company registered in a jurisdiction that applies EU-like standards for the publication of real beneficiary data;

    • the client is an apartment association;

    • Installation of the real beneficiary of the client is done in stages, where the next stage is applied in case if with the help of the previous stage it is not possible to install the real beneficiary of the client. In applying the measure of diligence to establish the real beneficiary of the client the following stages are used:

    • the identification of the individual(s) who ultimately actually controls the customer or who has influence and control over the customer's actions, regardless of the size and direct or indirect ownership of shares, parts or voting rights;

    • the establishment of the natural person(s) that own or control the client through direct or indirect participation, including through family or contractual ties;


      • Direct participation refers to control where an individual holds more than 25% of the shares, stock or other parts of the client.

      • Indirect participation means control when an individual owns more than 25% of shares in a legal entity(s) that owns more than 25% of shares, stock or other parts of the client.


    • the establishment of members of the highest governance body of the client, who are defined as the ultimate beneficiary, if it cannot be established by other means.


      • A member of the highest governance body of a client is defined as a person who:

      • makes strategic decisions that fundamentally affect the client's business;

      • performs daily client management within the executive branch (e.g.: executive director (CEO), financial manager (CFO), director, president, etc.).

      • For an association that does not have the status of a legal entity, the real beneficiary is the natural person who directly or indirectly controls the association and:


    • is the founder or the person who transferred the property to the association;

    • a trusted person, owner or holder of the association's property;

    • a person who ensures the preservation or control of the association's property;

    • the beneficiary defined by the association.

    • The company is obliged to take measures to identify the real beneficiary to the extent that it can ensure that the company knows who the real beneficiary of the client is.

    • In order to comply with the conditions specified in clause 5.3.8. of the Regulations, the Company must ensure that:

    • The real beneficiary has sufficient knowledge, skills and experience if he is actively involved in the client's business activities;

    • the Company has at its disposal the original or a duly certified copy of the client's document specified in clause 5.1.7.

    • the company has access to a register that allows to identify the real beneficiaries of the client, and the company has checked the identified real beneficiaries using this register;

    • other public data sources have been used to reliably identify the real beneficiary of the client.

    • If the documents submitted to identify the client do not directly indicate who the real beneficiary is, the data on the real beneficiary can be obtained from the explanations of the client representative. In this case, the company is obliged to take reasonable measures to control the data provided.

    • The Company records and stores information on all actions taken to establish the ownership and control structure of the client, as well as other data obtained during the application of the diligence measure.


5.4. Determining whether the client is a person of the public domain (PEP), a relative or the closest employee of that person.



    • The purpose of this diligence measure is to establish that the client has the status of a person of the state background.

    • Before carrying out a single transaction or establishing a commercial relationship, as well as in the course of a commercial relationship, the company is obliged to establish whether the client and the real beneficiary of the client are a person of the state background, a family member of a person of the state background or the closest employee of a person of the state background.

    • The Company is obliged to take into account the status of a person of the State background established under this Chapter for at least 12 months after its termination or until the risks associated with such status are completely eliminated.

    • A person of the state background is a natural person who performs important tasks of public authority, among others:

    • head of state;

    • the head of government;

    • the minister, the deputy minister and the assistant;

    • a member of parliament or other legislative body;

    • a member of the party's governing body;

    • a member of a higher or state court;

    • member of the state control and member of the board of the central bank;

    • an ambassador, plenipotentiary and other person authorized to represent the State by virtue of his/her office;

    • the highest officer of the armed forces;

    • a member of the board or council of a public company;

    • the head of the international organization, alternate or acting head;

    • another person who performs important public tasks and does not have the status of a middle or lower public official.

    • Other persons may be classified as persons of the state background on the basis of the company's risk assessment.

    • A legal entity shall be considered a person of the state background if it is established that the person of the state background is a person of the state background:

    • a representative of a legal entity;

    • is the real beneficiary of the legal entity;

    • a family member of the representative or the real beneficiary of the legal entity;

    • the closest employee of the representative or the real beneficiary of the legal entity.

    • When establishing the status of a person of the State background, the following person is a family member:

    • a spouse or a person similar to a spouse;

    • the baby;

    • the spouse of the child or a person similar to the spouse who is in a relationship with the child;

    • a parent.

    • When establishing the status of a person of the state background, the nearest employees are:

    • anatural person who is the real beneficiary or owner of the enterprise together with a person of the state background or who has close commercial relations with such person;

    • an individual who is the sole owner of an enterprise in respect of which it is known that it has been established in favour of a person of the State background;

    • an individual in respect of whom it is generally known that there are ties with a person of the state background (a close friend, etc.).

    • The company uses the following measures to establish its status as a person of the State background:

    • checking with the company's databases containing data on persons in the public domain;

    • status request from a client or a client representative;

    • obtaining information from additional public sources.

    • The measures specified in clause 5.4.9. shall be applied taking into account the established purpose and essence of the commercial relationship and shall allow the company to make sufficient sure that the client has the status of a person of the state background.

    • In addition to the measures described above, the following measures may be applied by the company to persons with a public background whose risk profile is defined as high:

    • obtaining approval for the establishment or continuation of a commercial relationship from the highest governance body;

    • to identify the source of wealth and the funds used in transactions;

    • monitoring commercial relations in an enhanced manner.


5.5. Establishing the purpose and nature of the business relationship, a one-time transaction or action, and collecting the necessary data to do so



    • The purpose of this diligence measure is to establish the purpose of the transaction or commercial relationship with the client. The Securities Broker is obliged to have a comprehensive overview of the client, including the real beneficiary of the client, the client's profile and the reasons why the client wishes to receive the service. In addition, the company is obliged to ensure that the service purchased by the client corresponds to his/her actual activity, capabilities and needs.

    • Data collected to establish the purpose and nature of the transaction or commercial relationship, including but not limited to:

    • the client's core business;

    • payment traditions;

    • the client's main partners;

    • for legal entities - experience of representatives and real beneficiaries of the client.

    • In order to establish the purpose and nature of the transaction or commercial relationship, the company may collect other data necessary for full and sufficient consideration.

    • Where appropriate, the company must take additional measures and collect additional information about the purpose and substance of the transaction or business relationship. Incidents under this paragraph are, among others, relevant:

    • a high-value deal;

    • a transaction that indicates an unusual situation or circumstance;

    • a transaction or commercial relationship where the customer's risk profile indicates the need for additional measures to effectively monitor the commercial relationship.

    • Additional measures applied to establish the purpose and nature of the transaction or commercial relationship include the use of information from public sources to verify the data provided by the client and to collect additional information.

    • Main activity of the client

    • When establishing the core business, the company must understand what the client is doing or planning to do and whether this corresponds to the general sense of the commercial relationship or transaction being created. The company must ensure that the activities declared by the client are reasonable, understandable and plausible.

    • The accuracy of the activity described depends on the risk profile of the client, the transaction and the planned commercial relationship. The main activity of the client should not be unreasonably wide.

    • When establishing the type of activity, the company is obliged to find out whether the client needs a license to provide financial services and whether the company has the need to apply diligent measures to clients.

    • Payment tradition

    • At establishment of traditions of payments of the client, the company is obliged to establish features of use of financial services by the client, including:

    • the planned monthly and annual number of payments on the account;

    • the purpose and frequency of payments;

    • countries to which payments are sent and from which they are received;

    • the expected duration of the commercial relationship;

    • share and channels of cash use;

    • channels for making payments (Internet, personal presence, card payments)

    • When analyzing the data mentioned in the previous paragraph, the company is obliged to verify under what conditions and for what reason the Client is able to perform the declared trades and whether it corresponds to the other data received about the Client (including the Client's risk profile).

    • Main client's partners

    • The Company is obliged to establish who are the main partners of the client in carrying out the activities specified by him, with whom the client will make the main volume of transactions, and who is a person directly related to the purpose of the transaction or commercial relationship.

    • The main partners of the client means persons in respect of whom the client makes the main volume of payments or from whom the main volume of payments to the client comes.

    • If appropriate, the company is obliged to make sure that the said main partners really correspond to the client's activity and that they are really ready to conclude transactions with the client.

    • Experience of representatives and real beneficiaries of the client

    • In the case of a transaction or establishment of a commercial relationship with a client - legal entity, the company is obliged to establish the competence of the representatives and real beneficiaries of the client.

    • The company is obliged to find out where the representative of the client and the real beneficiary of the client's abilities, opportunities, skills and knowledge for the indicated activity and whether they correspond to the volumes of activity and the declared main partners.

    • Among other things, the biography, CVs and publicly available data may be used to ascertain the experience of representatives and actual beneficiaries.


5.6. Identifying the source of customer wealth



    • The purpose of this diligence measure is to establish the source of the client's wealth.

    • By wealth of the client we mean the establishment of the total amount of property owned by the client, as well as the establishment of sources of funds for the acquisition and maintenance of such property.

    • Data for the application of this precautionary measure shall be requested from the customer or collected from other public sources. The data shall be properly verified in accordance with the client's risk profile.

    • This precautionary measure applies in the following cases:

    • when it is necessary to establish the purpose and essence of a commercial relationship or a one-time transaction;

    • when the client is a person of state background and his risk profile is defined as high.


5.7. Application of due diligence in the course of commercial relations



    • The purpose of applying the diligence measures in the course of the commercial relationship with the client is to determine whether the client's behaviour is consistent with previously collected information, to update the client's data and to monitor the client's activities in order to reduce risks.

    • In the course of commercial relations with the client the company is obliged to apply the following measures:

    • to update the data obtained during the application of the integrity measures and to keep such data up to date;

    • continuous monitoring of the commercial relationship, allowing to establish that the transaction corresponds to the knowledge about the client, its activities and risk profile;

    • establishing the source and origin of the client's funds used for transactions.

    • The Company is obliged to regularly update the data obtained from the customer during the application of the diligence measures. Client data must be checked at regular intervals depending on the client's risk profile. The periodicity of verification is as follows:

    • The data of clients with "high" risk should be checked at least once every six months;

    • The data of clients with risk level "average" should be checked at least once a year;

    • The data of clients with "low" risk should be checked at least once in two years.

    • The data collected should be checked and updated if there is an event that may have changed the data.

    • When checking and updating the data, the company complies with the instructions set out in the Regulations and takes into account the requirements established by other measures of diligence.

    • The Company is obliged to control the transactions made in the course of commercial relations to ensure that the transactions correspond to the company's knowledge of the client, its activities and risk profile.

    • Control over transactions made in the course of commercial relations is divided into the following:

    • Screening - control of single transactions in real time using predefined parameters and corresponding IT solutions.

    • monitoring - analysis of transactions after their execution, taking into account all transactions and the client's behavior throughout the entire commercial relationship.

    • The purpose of screening and monitoring is to identify complex transactions, high value transactions and transactions with unusual logic that have no reasonable or obvious economic or legal purpose.

    • Screening should provide identification of transactions and control of the following parameters:

    • suspicious and unusual transactions in line with the company's normal business;

    • the amount of funds transferred under the transaction;

    • transactions conducted in high-risk States or in neighbouring States;

    • transactions in which funds are channelled to high-risk States, neighbouring States or conflict zones;

    • consideration of the transaction description and the information contained in the description;

    • possibility to establish the status of the subject of international sanctions for the client, the client's representative, the real beneficiary of the client and all parties to the transaction;

    • the possibility of establishing the status of a politically influential person for the client, the client's representative, the real beneficiary of the client and all parties to the transaction;

    • the possibility of establishing identity with a client who has been refused a single transaction or a commercial relationship;

    • the possibility of establishing links between different clients in order to determine from belonging to the same group.

    • During the monitoring of the transaction and other circumstances are identified and investigated on the basis of predetermined parameters, including:

    • monthly volume of funds on client's transactions;

    • the number of client's accounts used for making transactions with the company;

    • the number of customer transactions with persons providing certain services.

    • In order to identify complex transactions, high value transactions and transactions with unusual logic that do not have a reasonable or obvious economic or legal purpose, the company must preserve and analyze the circumstances of the transactions, including:

    • circumstances that give rise to suspicion;

    • the circumstances of the application of due diligence to the customer;

    • the presence of reappearing circumstances that indicate a suspicious transaction;

    • if you need to submit a notification to the FIU.

    • As part of the monitoring of commercial relations, the company may make visits to the location of the client, in order to apply measures of diligence in the course of commercial relations.

    • The Securities Broker is obliged to establish the source of origin of the client's funds used in the transaction in the event that:

    • the amount of the transaction is significantly different from the usual for this client;

    • the deal doesn't match the client's information;

    • the deal is suspicious;

    • the company has a suspicion of money laundering or terrorist financing by the client.

    • To establish the source of the funds used in the transaction, it is necessary to establish the reason, description and basis (legal relationship and its essence), according to which the funds were received.

    • In order to establish the origin of the funds used in a transaction, it is necessary to establish the activity during which the funds were earned or received.



6. How IT tools are used in the implementation of integrity measures


6.1. All the following tools are used in the application of IT tools during the implementation of integrity measures in the process:



    • a document provided for digital identity verification and issued on the basis of the Law on Identity Documents, or another system of high security eidentity, included in the list published in the European Union Bulletin, created under Article 9 of Regulation (EC) No 910/2014 of the European Parliament and of the Council.

    • IT tool that has the following features:

    • a working camera;

    • a working microphone;

    • installed and functioning software and equipment required for digital person identification;

    • a reasonably good Internet connection.


6.2. The following minimum requirements apply to the means specified in clause 6.1.2:



    1. The company's information system allows digital identification and digital signature;

    2. the company must be able to verify its information flow and, to a reasonable extent, the information flow of an identifiable person, in order to verify the quality of the image and sound being transmitted, so that it can clearly and reliably understand, store and reproduce the transmitted;

    3. he image and sound transmitted and received must be transmitted in real time;

    4. the image and sound transmitted and received should be preserved and allowed to be played back in the same quality as they were originally;

    5. the image and sound produced should be saved together with the time stamp, IP address, the identifiable person's personal code or date and place of birth, and the person's address. The time stamp should be linked to the rest of the data so that any subsequent change of data can be traced back to the time, person, method and reason for the change;

    6. The head and shoulders should be visible in the image of the person being identified. The image of the face should not be shaded and should stand out clearly among the background and other objects;

    7. the person should be able to change the position of the body and place it in a document frame to view the data and images presented in the document;


6.3. When using IT tools, the company has the right to require the identified person to change the position of the body in the frame and remove the glasses or other means covering the person. The indicated actions must be performed by the identified person at the company's request.

6.4. The Company is obliged to notify the person on the procedure of application of IT tools by informing him/her of the following data:



    1. reference to applicable law;

    2. information that identification by IT means is performed in accordance with Article 31 of the Law on Combating Money Laundering and Terrorism Financing;

    3. a warning that identifying and verifying the data provided by IT means does not oblige the company to establish a commercial relationship or make a single transaction;

    4. the conditions under which identification and verification by IT means are considered to have failed.


6.5. Prior to the commencement of identification and verification by IT means, the Company shall notify the person of the circumstances specified in clause 6.4 and obtain confirmation of such notification. In addition, the person must agree to the terms of identification and IT verification by confirming the following:



    1. a person participates in the procedure in person, except for cases when the participation of third parties is necessary to solve technical problems;

    2. The data he or she provided in the questionnaire and the interview are complete and reliable and the person is aware of the consequences of providing incorrect, erroneous or incomplete data;

    3. he will meet the conditions necessary to establish a business relationship or a transaction with the company;


6.6. If a person uses a digital e-resident identity card or another (not Estonian) highly secure e-resident identity system to identify him/her, the person must:



    1. to agree to the application of Estonian law;

    2. Show the company in front of the camera a valid document issued by a foreign country that allows crossing the state border. The displayed page of the document must contain the personal data of the person and a photo of him/her.


6.7. Identification and verification by IT means are considered failed if:



    1. the person has intentionally provided data that do not correspond to the database of identity documents or that do not correspond to data obtained through other procedures;

    2. the session will expire or be interrupted during the identification, questionnaire or interview process. The session will be considered suspended if the person has not completed the action within 15 minutes;

    3. during identification, questionnaire survey or interview, the information flow does not fully or partially meet the requirements for synchronized sound and image specified in p. 6.2;

    4. the person has not confirmed receipt of the notification about the circumstances specified in p. 6.4;

    5. the person has not expressed the foregoing point. 6.5. consent;

    6. In the course of identification, questionnaire survey or interview, the person refused to follow the legal instructions of the company specified in paragraph XXXX;

    7. In the course of an identification, questionnaire or interview, the person used the assistance of third parties without the company's permission;

    8. circumstances that give rise to suspicions of money laundering or terrorist financing have been identified.


6.8. In the event of circumstances specified in clauses 6.7.1. and 6.7.8. the company shall notify the FIU thereof.

6.9. The application of IT-based due diligence in this chapter takes the form of a questionnaire or interview.

6.10. During the questionnaire survey, the following data is requested from the client:



    • for individuals:

    • full name and last name;

    • residence address;

    • business profile;

    • type of activity;

    • the purpose and nature of the commercial relationship being created;

    • family and economic ties of a person with Estonia;

    • if necessary:


      • estimated use of the requested service;

      • data on the real beneficiary;

      • data on whether the person is PEP;

      • other important information;






      • for legal entities:


    • name;

    • register code;

    • the location and place(s) of business, including branches in foreign countries;

    • legal form;

    • legal capacity;

    • legal and contractual representatives;

    • the real beneficiaries;

    • if necessary:


      • whether the real beneficiary is PEP;

      • economic ties with Estonia, the EEA countries and third countries;

      • major business partners;

      • business profile;

      • core and non-core activities;

      • the purpose and nature of the commercial relationship being created;

      • other important information.



6.11. The data obtained from the questionnaire survey should be evaluated and used to form the client's risk profile in accordance with the Risk Assessment and Control Policy.

6.12. A questionnaire survey may not be conducted if the data specified in paragraph 6.10. is collected directly during the interview.

6.13. In order to collect and check the data, the company may conduct an interview during which the client is asked questions on the data received during the questionnaire survey.

6.14. When establishing a commercial relationship, the company must conduct an interview with the client.

6.15. The data obtained from the questionnaire survey and the interviews are verified by the company in accordance with the relevant diligence measures.

6.16. The data obtained from the questionnaire survey and interviews are stored by the company on a par with the data obtained from the application of the diligence measures.


7. Application of reinforced order of diligence


7.1. Integrity measures are applied in a reinforced order if the customer's risk profile is defined as high.

7.2. The application of enhanced security measures means that additional security measures are applied to the customer in addition to the usual security measures.

7.3. Reinforced measures of diligence in the execution of a single transaction and the establishment of a commercial relationship include:




    1. to identify all the real beneficiaries of the client;

    2. carrying out independent control of the client and obtaining the consent of the management board of the company to establish a commercial relationship or a transaction with the client;

    3. Request and verify additional data to establish the nature and purpose of a suspicious or unusual operation or activity;

    4. establishing the circumstances and reasons for the client's use of complex ownership structures and registration of the company in a particular jurisdiction;

    5. obtaining data on the sources of wealth of the client and the real beneficiary of the client.



7.4. Reinforced diligence measures in monitoring commercial relations include:




    1. establishment of additional indicators analyzed by the client during the transactions;

    2. collecting additional data on the transactions being conducted to prevent fake transactions.



7.5. Reinforced measures of diligence are always applied if:




    1. when identifying or identifying the real beneficiary, there is a suspicion of the authenticity or credibility of the documents submitted;

    2. the client or person involved in the transaction is a politically exposed person (PEP), a relative or closest employee of that person.



7.6. The application of enhanced measures of diligence and the choice of additional measures of diligence must be documented by the company.


8. Simplified enforcement of diligence measures


8.1. Proprietary measures are applied in a simplified procedure if the customer's risk profile is defined as low and all the conditions specified in clause 7.2 are fulfilled. Rules.

8.2. The use of simplified due diligence measures is only permitted if all of the following conditions are met:




    1. a long-term contract has been concluded with the client in written, electronic or reproducible form;

    2. payments under the commercial relationship are received exclusively through the account of the credit institution (bank) registered in the EEA;

    3. annual incoming and outgoing payments under a commercial relationship do not exceed EUR 15,000.



8.3. Simplified due diligence measures for establishing a commercial relationship include:




    1. controlling the data provided to identify the customer and the customer representative during the establishment of the commercial relationship;

    2. an assumption of the nature and purpose of the commercial relationship;

    3. obtaining data to identify the real beneficiary from the client, not from independent sources.



8.4. Simplified due diligence measures in monitoring commercial relations include:




    1. Reducing the frequency of application of enforcement measures during monitoring and establishing events where low-risk commercial relations are monitored;



8.5. The use of simplified due diligence measures must be justified and documented by the company.


9. Procedure for applying financial sanctions


9.1. The Company is obliged to comply with the requirements of the International Sanctions Act. In order to comply with this law, the company must determine whether it is necessary to apply financial sanctions in the transaction or commercially.

9.2. The identification of the subject of financial sanctions and transactions that violate financial sanctions shall be carried out in the course of applying diligence measures in accordance with the Rules.

9.3. In case of suspicion or necessity to apply financial sanctions, the company collects additional data and notifies FIU if necessary.

9.4. In order to enforce the International Sanctions Act, the company is required to apply the following measures:




    1. gathering additional data on whether the client is subject to financial sanctions and whether the transaction or other action violates the financial sanctions;

    2. verification of information specified in 9.4.1. from reliable and independent sources;

    3. Regular review and maintenance of up-to-date information on the subject of financial sanctions and the activities subject to sanctions;

    4. notification to the FIU about the imposition of financial sanctions and financial sanctions;

    5. notifying the FIU of suspicions of financial sanctions, if any, that have not been eliminated after the collection of additional information;

    6. notifying the FIU of a refusal to enter into a transaction or establish a commercial relationship for a reason related to the financial penalty.



9.5. In order to identify the subject of financial sanctions and transactions that violate such sanctions, the company conducts the following procedure:




      • The company checks whether the client or the client's partners are subject to financial sanctions;

      • The Company uses available databases and other sources for verification;

      • During the audit, the company compares the data established in the course of the diligence measures with the data on the subjects of financial sanctions in order to establish full or partial compliance.

      • During the audit, the company takes into account the factors of data change, in the course of which the data of the subject of financial sanctions may be changed. Such factors, among others, include:


    • transcription of foreign names, including the Romanization of Russian and Scandinavian names;

    • different word order, for example AS JAAN TAMM or TAMM JAAN AS;

    • replacement of diacritical marks with other ones;

    • the exclusion of any letters from the words;

    • replacement of foreign or double letters with other letters:


      • replacing double letters with single letters, such as METALL or METAL;

      • replacing letters with other similar letters, such as FARMA or PHARMA, CRISTAL or KRISTAL;

      • replacement of foreign letters with other letters, e.g. WOX QYIT or VOKS KÜIT;

      • using abbreviations;

      • spelling words with numbers in the text, e.g. 2 FAST 4 YOU or TWO FAST FOUR/FOR/YOU;


    • the use or non-use of additional words and letters;


      • mistakes and misprints;

      • Changing the consonant's call to the deaf and vice versa, for example AS GAASI KÜTE or AS KAASI GÜTE;

      • the name or part of it in another part of the name or in another name;

      • If after taking into account all factors mentioned in p. 9.5.4 the company cannot draw an unequivocal conclusion about the compliance of the client or the client's partners with the financial sanctions, the company shall notify FIU of all persons established in the course of this process.



9.6. If the company has identified a subject to financial sanctions or a transaction that violates the established financial sanctions, the company must take the following measures:




    1. If an employee of a company establishes a subject to financial sanctions or a transaction violating the established financial sanctions, he or she shall immediately notify the FIU contact person or the highest governing body of the company. The company rejects the transaction with the subject of financial sanctions, takes appropriate measures and notifies the FIU;

    2. When determining the subject of a financial company, it clarifies what sanctions are imposed on the subject of the financial sanctions in question;

    3. If an employee of a company suspects the existence of a subject of financial sanctions or a transaction violating the established financial sanctions, he shall immediately notify the FIU contact person or the highest governing body of the company. The FIU contact person or the highest governing body of a company shall decide to collect additional information regarding the subject in question and to notify the FIU;



9.7. In order to establish the risk of violation of financial sanctions, the company takes into account the following risk factors:




      1. The risk of violation of financial sanctions is increased, and the risk profile of the client is defined as "high" if the client:


    • comes from a country that is subject to EU or UN sanctions;

    • submitted data in insufficient or abridged form;

    • presented the data in which the data change factors were determined (item 9.5.4).


9.8. Within the framework of the notifications stipulated in this chapter, the Company is obliged to notify the FIU within two days of the occurrence of the reason for the notification.

9.9. Data collected during the application of this chapter are stored in the same way as other data collected during the application of the integrity measures.

9.10. The company's supreme governing body, represented by a board member of Viktor Matais, is responsible for the application of financial sanctions.


10. Features of the use of data obtained by a third party


10.1. The Company is entitled to use the data obtained by a third party in the course of its use of security measures if all of the following conditions are met:



    1. the company has obtained data on the identity of the client, its representative and the real beneficiary;

    2. the company received data on the purpose and substance of the requested transaction;

    3. the company ensured that all data and documents obtained by a third party and from which the company used data could be obtained immediately from the third party;

    4. The company has established that the third party is obliged to comply with and actually fulfil the requirements set out in Directive 2015/849 of the European Parliament and of the Council of the European Union of 20 May 2015, including requirements for the use of diligence measures, the determination of whether the customer is a politically exposed person (PEP) and data retention requirements or similar requirements under another legislation;

    5. the Company has taken sufficient measures to establish compliance with the conditions specified in 8.1.4.



11. Transferring the duty of diligence to third parties


11.1. The Company is entitled to transfer the obligation to apply the diligence measures specified in clauses 5.1.-5.4. of the Regulations to a third party in cases provided by law.

11.2. When transferring the duty of diligence to a third party, the company enters into a contract with a third party to ensure that the following conditions are met:



    1. no obstacles to the company's compliance with the law;

    2. no obstacles to the company's operations;

    3. the performance by a third party of all duties related to the transfer of the duty of due diligence;

    4. the transfer of responsibility does not interfere with the supervision of the company;

    5. the competent government agency has the ability to oversee the activities of a third party through the company;

    6. A third party has the knowledge, skills and ability to comply with the requirements of the law with regard to the application of due diligence;

    7. the company retains the unlimited right to supervise compliance with the law by a third party;

    8. the company has the option of immediate access to documents and data collected in the course of the enforcement of the security measures by a third party.


11.3. The company shall notify the FIU of the conclusion and termination of the agreement mentioned in the previous paragraph.


12. The procedure for refusal of a single transaction or establishment of a commercial relationship and the procedure for termination of commercial relationship


12.1. The Company is obliged not to make single transactions, not to establish commercial relations and to terminate the existing commercial relations in the following cases:



    1. the company has a suspicion of money laundering or terrorist financing by the client;

    2. the company doesn't have the option to apply due diligence;

    3. it is not possible to establish the real beneficiary of the client, except in cases when the client is a flat partnership, a public legal entity or an exchange company;

    4. the client is a legal entity with shares or other bearer securities as its capital;

    5. the client is a person who carries out financial activities and does not have the relevant authorization of the competent state authority;

    6. In the course of the service provision an account is opened in the name of a third party or other possibility of using the service by a third party is created;

    7. the client has been denied a digital identity card or the validity of such card has been suspended or revoked on the grounds stipulated in § 206 (2) or (3) of the Identity Documents Act;

    8. the client - natural person has the real beneficiary.


12.2. The obligation of the company mentioned in the previous paragraph may not be fulfilled with the permission or at the request of the FIU.

12.3. The Company undertakes to keep data on refusal of a single transaction or establishment of a commercial relationship and data on termination of commercial relationship to the following extent:



    1. the date and time of the request for a transaction or commercial relationship;

    2. the data provided for the application of due diligence measures;

    3. the date of refusal to make a deal or establish a commercial relationship;

    4. data collected in the course of the commercial relationship with the client prior to its termination;

    5. the date of termination of commercial relations with the client.


12.4. The Company is obliged to perform regular analysis of the data specified in the previous paragraph in order to identify the risks and optimize the processes related to anti-money laundering and anti-terrorism financing.


13. Procedure for notification and interaction with the FIU in case of suspicion of money laundering or terrorist financing


13.1. The Company is obliged to notify the FIU within 2 days of acts or circumstances that indicate money laundering, terrorist financing or attempted money laundering or terrorist financing in accordance with Annex 3 of the Regulations.

13.2. The Company is obliged to provide information requested by FIU in accordance with the law without delay.

13.3. The FIU contact person is responsible for the exchange of information and sending notices to the FIU, and in its absence - the highest governing body of the company.

13.4. Employees of the company shall inform the FIU contact person of the need to send a notification to the FIU as specified in Appendix 3 to the Regulations.


14. The procedure for providing data to third parties


14.1. The data collected in the course of the company's enforcement may be made available to a third party with whom the company has a valid contract for the provision of services to the company and who has a legal obligation to enforce enforcement against the company or its customers.


15. The procedure for saving documents and data obtained in the course of company activities

15.1. The Company stores the following data for each transaction made:



    1. transaction date and time;

    2. transaction description;

    3. deal value;

    4. transaction currency.


15.2. In addition to the above, the company stores the following data:



    1. data on refusal to create a commercial relationship or a one-time transaction and the circumstances of refusal;

    2. circumstances of the client's refusal to establish a commercial relationship or transaction if the refusal was caused by the use of diligence;

    3. information about the impossibility of applying security measures with the help of information technology means;

    4. data on the termination of the commercial relationship due to the impossibility of applying the diligence measures;

    5. data which is the main notification for the FIU;

    6. data on dubious and unusual transactions;

    7. communication data with the client, including correspondence;

    8. documents and data obtained through the application of the integrity measures.


15.3. The documents and data collected in the application of the Rules must be retained by the company for a period of 5 years following the termination of the business relationship or a single transaction in which the documents and data were collected.

15.4. Documents and data used for notification of a government agency must be retained by the company for a period of 5 years from the date of dispatch of the notification.

15.5. Documents and data should be stored in a way that allows for an exhaustive and immediate response to requests from government agencies.

15.6. Documents and data are stored in chronological order that allows using a search by date, client's name, transaction value and other criteria.


16. Training procedure for company employees


16.1. The Company is obliged to conduct regular training of employees on the application of these Rules and other documents approved by the Company related to anti-money laundering and terrorism financing.

16.2. Employees are trained as needed, but at least once every 6 months.

16.3. An employee of the company confirms completion of training by his signature on a document reflecting the essence of the training.


17. Avoiding conflicts of interest


17.1. The company and employees should seek to avoid conflicts of interest and, if any, immediately notify the highest governance body of the company.

17.2. The conflict of interest means any circumstances known to the company or the employee of the company that affect the decision to conduct the transaction or create a commercial relationship and do not correspond to the established interests of the client and company.

17.3. To determine the interests of its employees for the purposes of this chapter, the company collects and regularly updates employees' data to determine their interests in terms of money laundering and terrorist financing. The following information about each of the company's employees is included in the employee data collected:



    1. the place of birth and residence of the closest relatives of the employee (spouse, parents, children, siblings and their children);

    2. data known to the employee about valid contracts concluded with third parties, if such contracts are long-term and related to the employee's business activities or the employee's relatives.


17.4. An employee's failure to submit the data specified in the previous paragraph is considered a material breach of an employment contract with the company.

17.5. Where circumstances indicate a conflict of interest, the company shall take all necessary measures to prevent such conflict, up to and including the refusal to enter into a transaction or commercial relationship with the client.


18. Rights and duties of the company's contact person


18.1. To monitor compliance with the Rules as well as other legal requirements in the field of anti-money laundering and combating the financing of terrorism, the company may appoint a FIU contact person.

18.2. The FIU contact person has the right:



    1. make proposals to the highest governing body of the company for updating the procedural rules;

    2. to make proposals to the highest governing body of the company for training for the company's employees;

    3. require the company to address the deficiencies identified in the application of RahaPTS;

    4. obtain data and have access to information necessary for the performance of their duties, including all information collected in the course of application of the Company's Risk Assessment and Control Policy, the Company's Rules and Internal Control Regulations;

    5. to propose a process for the notification of suspicious and unusual acts;

    6. to undergo specialized training as agreed with the company.


18.3. The FIU contact person must:



    1. collect and analyse data related to unusual or suspicious transactions and circumstances that indicate money laundering and terrorist financing;

    2. submit notifications to the FIU according to the Rules;

    3. submit periodic written reports on compliance with RahaPTS to the company's highest governance body;

    4. to perform other duties as provided by RahaPTS.



19. Procedure for reviewing and updating the Rules.


19.1. The rules and their annexes may be revised and updated by decision of the highest governance body. 19.2. To establish the need for revision and updating of the Rules, the company annually undertakes to conduct a comprehensive analysis of the Rules for their compliance with the current legislation.


This website uses cookies to improve your experience.