It is the policy of the Stobox, consisting of several legal entities within several jurisdictions (hereinafter collectively referred to as “the firm” or “ the company”) to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the law and implementing regulations within the company’s existing projects.Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveller's checks, or deposited into accounts at financial institutions. At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses. Although cash is rarely deposited into securities accounts, the securities industry is unique in that it can be used to launder funds obtained elsewhere, and to generate illicit funds within the industry itself through fraudulent activities. Examples of types of fraudulent activities include insider trading, market manipulation, Ponzi schemes, cybercrime and other investment-related fraudulent activity.Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.Our AML policies, procedures and internal controls are designed to ensure compliance with all applicable regulations and authorised body rules and will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.
2. AML Compliance Person Designation and Duties
The firm has designated a compliance officer as its Anti-Money Laundering Program Compliance Person (AML Compliance Person), with full responsibility for the firm’s AML program. A compliance officer shall be appointed by company’s director or board of directors. The compliance officer has a working knowledge of the implementing regulations and is qualified by experience, knowledge and training. The duties of the AML Compliance Person will include monitoring the firm’s compliance with AML obligations, overseeing communication and training for employees, and any other duties decided by the director. The AML Compliance Person will also ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports (SARs) are filed with the authorized body when appropriate. The AML Compliance Person is vested with full responsibility and authority to enforce the firm’s AML program.The firm will provide the authorized body with contact information for the AML Compliance Person, including: (1) name; (2) title; (3) mailing address; (4) email address; (5) telephone number; and (6) facsimile (if any). The firm will promptly notify the authorized body of any change in this information and will review, and if necessary update, this information within 17 business days after the end of each calendar year. The annual review of authorized body information will be conducted by the compliance officer and will be completed with all necessary updates being provided no later than 17 business days following the end of each calendar year. In addition, if there is any change to the information, the compliance officer will update the information promptly, but in any event not later than 30 days following the change.
3. Giving AML Information to the authorized body and Financial Institutions
Authorized body Requests We will respond to an authorized body request concerning accounts and transactions by immediately searching our records to determine whether we maintain or have maintained any account for, or have engaged in any transaction with, each individual, entity or organization named in the Request. We understand that we have 14 days (unless otherwise specified by the respective authorized body) from the transmission date of the request to respond to a Request. If the compliance officer searches our records and does not find a matching account or transaction, then the compliance officer might not reply to the Request. We will maintain documentation that we have performed the required search by printing a search self-verification document confirming that your firm has searched the subject information against your records OR maintaining a log showing the date of the request, the number of accounts searched, the name of the individual conducting the search and a notation of whether or not a match was found. We will not disclose the fact that the authorized body has requested or obtained information from us, except to the extent necessary to comply with the information request. The compliance officer will review, maintain and implement procedures to protect the security and confidentiality of requests from the authorized body similar to those procedures established to satisfy the requirements of the law with regard to the protection of customers’ nonpublic information. We will direct any questions we have about the Request to the requesting law enforcement agency as designated in the request. Unless otherwise stated in the Request, we will not be required to treat the information request as continuing in nature, and we will not be required to treat the periodic Requests as a government provided a list of suspected terrorists for purposes of the customer identification and verification requirements. We will employ strict procedures both to ensure that only relevant information is shared and to protect the security and confidentiality of this information, for the authorized body, by segregating it from the firm’s other books and records. We also will employ procedures to ensure that any information received from another financial institution shall not be used for any purpose other than:
- identifying and, where appropriate, reporting on money laundering or terrorist activities;
- determining whether to establish or maintain an account or to engage in a transaction;
- assisting the financial institution in complying with performing such activities.
4. Checking the Office of Foreign Assets Control Listings
Before opening an account, and on an ongoing basis, the compliance officer will check to ensure that a customer does not appear on the SDN list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by the authorized body. Because the list and listings of economic sanctions and embargoes are updated frequently, we will consult them on a regular basis and subscribe to receive any available updates when they occur. With respect to the SDN list, we may also access that list through various software programs to ensure speed and accuracy. The compliance officer will also review existing accounts against the SDN list and listings of current sanctions and embargoes when they are updated and the compliance officer will document the review. If we determine that a customer is on the SDN list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by authorized body, we will reject the transaction and/or block the customer's assets and file a blocked assets and/or rejected transaction form with authorized body within 10 days. We will pay special attention to the activities of a customer participating in a Transaction and to circumstances that refer to Money Laundering or Terrorist Financing, including to complex, high value or unusual Transactions, which do not have any reasonable economic purpose.
5. Know Your Customer
In addition to the information we must collect under the laws of the jurisdictions where the company operates its projects, we have established a KYC Program. We will collect certain minimum customer identification information from each customer who opens an account for any of our projects; utilize risk-based measures to verify the identity of each customer who opens an account; record customer identification information and the verification methods and results; provide the required adequate KYC notice to customers that we will seek identification information to verify their identities; and compare customer identification information with government-provided lists of suspected terrorists, once such lists have been issued by the government or respective international authority.
a. Required Customer Information Prior to opening an account for any of its projects, Stobox will collect the following information for such accounts, if applicable, for any person, entity or organization that is opening a new account and whose name is on the account:
(1) the full name;
(2) date of birth (for an individual);
(3) an address, which will be a residential or business street address (for an individual), or residential or business street address of next of kin or another contact individual (for an individual who does not have a residential or business street address), or a principal place of business, local office, or other physical location (for entities); and
(4) an identification number, which may be:
a) national or international ID (which must not expire within the next 3 months of the submission date);
b) a taxpayer identification number,
c) driver’s license (national or international);
d) any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard.
(5) customer’s contact telephone number and e-mail address;
(6) cutomer’s Ethereum wallet address under which, in combination with the information collected above, we will be able to identify any of our customers and transactions they make within our projects.
(7) OPTIONALLY, for some of our projects, we will collect from our USA-based customers an information to prove their status of accredited investors via filling of our Accredited Investor Questionnaire.
In regards to the customers who are the legal entities, in addition to point (3) above, we will collect the following information/documents:
(8) statutory documents;
(9) description of their corporate structure;
(10) information on theirs beneficial owners and core management (directors or members of the board of directors);
(11) documents from their local financial institutions (e.g. banks) to prove their financial credibility and good reputation.
When opening an account for a foreign business or enterprise that does not have an identification number, we will request alternative government-issued documentation certifying the existence of the business or enterprise.
Where the total sum of outgoing payments relating to a transaction or a service contract exceeds 15,000 euros per calendar month and/or the person is an e-resident or from a country outside the EEA or whose place of residence is in such a country, the customer can be identified by way of a digital identification system with assurance level “high” which has been added to the list published in the Official Journal of the European Union based on Article 9 of Regulation (EC) No 910/20143, using an information technology means, which has a working camera, microphone, the hardware and software required for digital identification and an internet connection of adequate quality.
Where a person is a foreign national, the identity document issued by the competent authority of the foreign country must be used for the identification of the person and verification of data in addition to the digital identification system.
The customers shall identify themselves when entering the Website and confirm upon the establishment of a Business Relationship and the conclusion of a transaction that they have read the information about the use of information technology means on the Stobox Website or in the specified information system and agree to the conditions of identification and verification of identity with information technology means.
Where the total sum of outgoing payments relating to a transaction or a service contract does not exceed 25,000 euros per calendar month and/or the customer’s seat is in the EEA, the customer shall be identified for the first time, i.e. before establishing a Business Relationship, electronically on the Website.
If the customer has been identified at least on one occasion through the Website and there are no grounds to require another identification of the customer in the same manner, each subsequent identification of the customer through the Website shall take place with the customer’s unique username and password created in accordance with the rules for the use of the Website.
The identification of a customer on the Website in accordance with the previous clause shall take place before entering into a new Business Relationship or amending an existing Business Relationship and before performing any other actions that create rights and obligations. It is not necessary the identify the customer for performing actions of an informative nature.
b. Customers Who Refuse to Provide Information
If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, our firm will not open a new account and, after considering the risks involved, consider closing any existing account. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation to the authorized body.
c. Verifying Information
Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. The compliance officer or the engaged third-party AML/KYC compliance services providers will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
Depending on the level of the risk of the customer and on whether the Business Relationship is an existing one or about to be established we may also apply continuous due diligence measures to ensure ongoing monitoring of Business Relationships, namely:
1) Identifying the customer and verifying its identity using reliable, independent sources, documents or data, including e-identifying;
2) Identifying and verifying the representative of the customer and the right of representation;
3) Identifying the customer’s Beneficial Owner;
4) Assessing and, as appropriate, obtaining information on the purpose of the Business Relationship and the Transaction;
5) Conducting ongoing due diligence on the customer’s business to ensure the our knowledge of the customer and its source of funds is correct and the Transactions being carried out are consistent with this information;
6) Obtaining information on whether the customer is a politically exposed person (hereinafter PEP) or PEP’s family member or PEP’s close associate.
The objective of the continuously applied due diligence measures is to ensure the ongoing monitoring of customers and Transactions.
To comply with the due diligence obligation, we shall have the right and obligation to:
1) request appropriate identity documents to identify the customer and its representatives;
2) request documents and information regarding the activities of the customer and the legal origin of funds;
3) request information about the Beneficial Owners of a legal person;
4) screen the risk profile of the customer/Transaction, select the appropriate due diligence measures, assess the risk of whether the customer or any other person linked with the Transaction is or may become involved in Money Laundering or Terrorist Financing;
5) re-identify the customer or the representative of the customer on the basis of additional documents, if there are any doubts regarding the correctness of the information received in the course of the initial identification;
We will verify customer identity through documentary means, non-documentary means or both. We will use documents to verify customer identity when appropriate documents are available. In light of the increased instances of identity fraud, we will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. We may also use non-documentary means if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth and Social Security number, allow us to determine that we have a reasonable belief that we know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies). Appropriate documents for verifying the identity of customers include the following:
- For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; and
- For a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.
We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity. If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity.
We will use the following non-documentary methods of verifying identity:
- Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or another source;
- Checking references with other financial institutions; or
- Obtaining a financial statement.
- and other non-documentary methods, if applicable.
(1) the customer is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard;
(2) the firm is unfamiliar with the documents the customer presents for identification verification;
(3) the customer and firm do not have face-to-face contact; and
(4) there are other circumstances that increase the risk that the firm will be unable to verify the true identity of the customer through documentary means.
We will verify the information within a reasonable time before or after the account is opened. No new Business Relationship can be formed or Transaction executed, if the customer, in spite of the respective request, has failed to present documents and appropriate information required to conduct the due diligence, or if based on the presented documents, the Representative suspects Money Laundering or Terrorist Financing. If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with the firm's AML Compliance Person, file a SAR in accordance with applicable laws and regulations.
If in spite of the respective request an existing customer has failed to present during the contract period documents and appropriate information required to conduct the due diligence, such behavior constitutes a material breach of contract that shall be reported to the firm’s AML Compliance Person, and in such a case the contract(s) concluded with the customer shall be canceled and the Business Relationship shall be terminated as soon as feasible.
Stobox shall not conclude Business Relationships with anonymous customers.
We recognize that the risk that we may not know the customer’s true identity may be heightened for certain types of accounts, such as an account opened in the name of a corporation, partnership or trust that is created or conducts substantial business in a jurisdiction that has been designated by the authorities as a primary money laundering jurisdiction, a terrorist concern, or has been designated as a non-cooperative country or territory. We will identify customers that pose a heightened risk of not being properly identified. We will also take the following additional measures that may be used to obtain information about the identity of the individuals associated with the customer when standard documentary methods prove to be insufficient.
d. Lack of Verification
When we cannot form a reasonable belief that we know the true identity of a customer, we will do the following: (1) not open an account; (2) impose terms under which a customer may conduct transactions while we attempt to verify the customer’s identity; (3) close an account after attempts to verify a customer’s identity fail; and (4) determine whether it is necessary to file a SAR in accordance with applicable laws and regulations.
We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer. We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the account has been closed; we will retain records made about verification of the customer's identity for five years after the record is made.
f. Comparison with Government-Provided Lists of Terrorists
At such time as we receive notice that a respective government or international agency has issued a list of known or suspected terrorists and identified the list as a list for KYC purposes, we will, within a reasonable period of time after an account is opened (or earlier, if required by another law or regulation or directive issued in connection with an applicable list), determine whether a customer appears on any such list of known or suspected terrorists or terrorist organizations issued by any government agency and designated as such by functional regulators. We will follow all directives issued in connection with such lists. We will continue to comply separately with rules prohibiting transactions with certain foreign countries or their nationals.
g. Notice to Customers
We will provide notice to customers that the firm is requesting information from them to verify their identities, as required by law. We will use the following method to provide notice to customers: online.
h. Reliance on Another Financial Institution for Identity Verification.
We may, under the following circumstances, rely on the performance by another financial institution (including an affiliate) of some or all of the elements of our KYC with respect to any customer that is opening an account or has established an account or similar business relationship with the other financial institution to provide or engage in services, dealings or other financial transactions:
- when such reliance is reasonable under the circumstances;
- when the other financial institution is subject to a rule implementing the anti-money laundering compliance program requirements and is regulated by a functional regulator; and
- when the other financial institution has entered into a contract with our firm requiring it to certify annually to us that it has implemented its anti-money laundering program and that it will perform (or its agent will perform) specified requirements of the customer identification program.
6. Customer Due Diligence Rule
In addition to the information collected under the law, we have established, documented and maintained written policies and procedures reasonably designed to identify and verify beneficial owners of legal entity customers and comply with other aspects of the Customer Due Diligence (CDD) Rule. We will collect certain minimum CDD information from beneficial owners of legal entity customers as described above. We will understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile. We will conduct ongoing monitoring to identify and report suspicious transactions, and, on a risk basis, maintain and update customer information.
a. Identification and Verification of Beneficial Owners
At the time of opening an account for a legal entity customer, the compliance officer will identify any individual that is a beneficial owner of the legal entity customer by identifying any individuals who directly or indirectly own 25% or more of the equity interests of the legal entity customer, and any individual with significant responsibility to control, manage, or direct a legal entity customer.
In order to establish the Beneficial Owner, Stobox shall take the following actions and consider the following principles:
1) Gather information about the ownership and control structure of the Client on the basis of information provided in pre-contractual negotiations or obtained from another reliable and independent source;
2) In situations, where no single person holds the interest or ascertained level of control to the extent of no less than 25 per cent, apply the principle of proportionality to establishing the circle of beneficiaries, which means asking information about persons, who control the operations of the legal person, or otherwise exercise dominant influence over the same;
3) If the documents used to identify a legal person, or other submitted documents do not clearly identify the Beneficial Owners, record the respective information (i.e. whether the legal person is a part of a group, and the identifiable ownership and management structure of the group) on the basis of the statements made by the representative of the legal person, or a written document under the hand of the representative;
To verify the presented information, make enquiries to the respective registers, and request an annual report or another appropriate document to be presented;
If no natural person is identifiable that ultimately owns or exercises control over a customer and all other means of identification are exhausted, the senior managing official(s) might be considered to be the Beneficial Owner(s);
Pay attention to companies established in low tax rate regions;
The following information will be collected for each beneficial owner:
(1) the name;
(2) date of birth (for an individual);
(3) an address, which will be a residential or business street address (for an individual), or residential or business street address of next of kin or another contact individual (for an individual who does not have a residential or business street address), or a principal place of business, local office, or other physical location (for a person other than an individual); and
(4) an identification number, which will be a taxpayer identification number, or one or more of the following: a taxpayer identification number, passport number and country of issuance, alien identification card number, or number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or other similar safeguard.
For verification, we will describe any document relied on (noting the type, any identification number, place of issuance and, if any, date of issuance and expiration). We will also describe any non-documentary methods and the results of any measures undertaken.
b. Identification and verification of the politically exposed persons (PEPs)
At the time of opening an account for an individual or legal entity customer, the compliance officer will identify any individual that is a politically exposed person or have relation to a politically exposed person.
In such a case the compliance officer will communicated a customer who have identified him as PEP or have a relation to PEP for clarification of his/her purpose of utilization of the company’s project(-s) and request additional documents and information from respective financial institutions where such PEP or a person related to PEP is a client.
As regards to the legal entities, our compliance officer or a third party KYC/AML compliance services provider will identify PEPs in management or beneficiaries of such legal entities during the KYC verification procedure. In such a case our compliance officer will contact the legal entity to retain additional information on respective PEPs.
In order to establish a Business Relationship with a PEP or a company connected with that person, Stobox shall:
1) take enhanced due diligence measures;
2) establish the source of wealth of this person and the origin of the money or other property used in the Transaction;
3) monitor the Business Relationship on a continual basis and carry out enhanced control over the Transaction.
c. Understanding the Nature and Purpose of Customer Relationships
We will understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile through legal methods.
d. Establishing the purpose and actual substance of a Transaction
For the purposes of preventing the movement of illegally obtained funds through the Provider of service it is essential upon entering into a Business Relationship, in addition to the identification of the customer, to establish the business profile of the customer, which consists of mapping the main areas of operation and possible payment practices. Notice is to be taken on persons that the customer has transactional relationships with, and their location.
It is necessary to bear in mind that certain circumstances, which are suspicious or unusual for one customer, could constitute a part of normal economic activities of another. Establishing the area of activity, work or profession of a customer allows assessing whether or not the Business Relationship or the Transactions are in conformity with the customer’s normal participation in commerce, and whether the Business Relationship or the Transaction has an understandable economic reason for the customer.
In order to screen out suspicious or unusual Transactions and the purpose and actual substance of a Transaction, Stobox shall take the following actions:
1) if necessary, ask the customer to provide (additional) information about the professional or economic activities;
2) if necessary, ask the customer explanations about the reasons for the Transaction and, if necessary, documents evidencing the origin of the assets and/or source of wealth;
3) being particularly attentive to Transactions, which are linked with natural or legal persons, whose country of origin is a state, wherefrom it is particularly difficult to receive information about the customer and/or transactions with persons, who originate from such states, which do not contribute sufficiently into the prevention of Money Laundering.
e. Conducting Ongoing Monitoring to Identify and Report Suspicious Transactions
We will conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, maintain and update customer information, including information regarding the beneficial ownership of legal entity customers, using the customer risk profile as a baseline against which customer activity is assessed for suspicious transaction reporting.
Monitoring Accounts for Suspicious Activity
We will monitor account activity for unusual size, volume, pattern or type of transactions, taking into account risk factors and red flags that are appropriate to our business. The customer risk profile will serve as a baseline for assessing potentially suspicious activity. The AML Compliance Person or his or her designee will be responsible for this monitoring, will review any activity that our monitoring system detects, will determine whether any additional steps are required, will document when and how this monitoring is carried out and will report suspicious activities to the appropriate authorities.
The AML Compliance Person or his or her designee will conduct an appropriate investigation and review relevant information from internal or third-party sources before a SAR is filed.
Any Transactions and activities of customers, which have no clear economic or legal reason, and which cannot be considered the normal economic activity of a customer shall be regarded as suspicious. Among other aspects, attention must be paid to the following Transactions/circumstances:
1) The customer makes single and/or consecutive large Transactions outside the schedule, if the amount of the single and/or consecutive Transaction is EUR 15,000 (in the case of both natural and legal persons) or higher;
2) A third person makes payments on behalf of the customer;
3) There exist any of the characteristics of suspicious transactions as provided by the guidelines of the FIU.
In all the cases referred to above, the customer shall be asked for an explanation and necessary documents evidencing the legal origin of the funds.
Stobox must investigate the background of each and every suspicious and unusual case, to the extent it is reasonably necessary, while recording all known details of the Transactions.
The key aspects, which should be addressed while analyzing any suspicious and unusual Transactions, are:
1) What is the suspicious fact associated with the activities of a customer or Transactions? Find out whether any recurrent indications of suspected activities have been observed.
2) Have all procedures set out by the Rules been applied to identify a customer or his/her/its representative?
3) Was all required information presented in the course of such a process, or was it necessary to ask for additional information or other clarification?
a. Emergency Notification to Law Enforcement by Telephone
In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, we will immediately call an appropriate law enforcement authority. If we notify the appropriate law enforcement authority of any such activity, we must still file a timely SAR.
b. Red Flags
Red flags that signal possible money laundering or terrorist financing include, but are not limited to:
Customers – Insufficient or Suspicious Information
- Provides unusual or suspicious identification documents that cannot be readily verified.
- Reluctant to provide complete information about nature and purpose of business, prior banking relationships, anticipated account activity, officers and directors or business location.
- Refuses to identify a legitimate source for funds or information that is false, misleading or substantially incorrect.
- The background is questionable or differs from expectations based on business activities.
- Customer with no discernible reason for using the firm’s service.
Efforts to Avoid Reporting and Recordkeeping
- Reluctant to provide the information needed to file reports or fails to proceed with the transaction.
- Tries to persuade an employee not to file required reports or not to maintain required records.
- Unusual concern with the firm’s compliance with government reporting requirements and the firm’s AML policies.
Certain Funds Transfer Activities
- Crypto/wire transfers to/from the customer’s account in unusually large amounts or without an apparent reason.
- Crypto/wire activity that is unexplained, repetitive, unusually large or shows unusual patterns or with no apparent business purpose.
Certain Securities Transactions
- Customer engages in prearranged or other non-competitive trading, including wash or cross trades of illiquid securities.
- Two or more accounts trade an illiquid stock suddenly and simultaneously.
- Customer journals securities between unrelated accounts for no apparent business reason.
- A customer has opened multiple accounts with the same beneficial owners or controlling parties for no apparent business reason.
- Customer’s trading patterns suggest that he or she may have inside information.
Other Suspicious Customer Activity
- Unexplained high level of account activity with very low levels of securities transactions.
- Law enforcement subpoenas.
- Large numbers of crypto/securities transactions across a number of jurisdictions.
- Buying and selling crypto/securities with no purpose or in unusual circumstances (e.g., churning at customer’s request).
- No concern regarding the cost of transactions or fees (i.e., surrender fees, higher than necessary commissions, etc.).
c. Responding to Red Flags and Suspicious Activity
When an authorized employee of the firm detects any red flag or other activity that may be suspicious, he or she will notify the compliance officer. Under the direction of the AML Compliance Person, the firm will determine whether or not and how to further investigate the matter. This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a SAR.
8. Suspicious Transactions and Reporting
Filing a SAR
We will file SARs with the authorized body for any transactions (including and transfers) conducted or attempted by, at or through our firm (either individually or in the aggregate) where we know, suspect or have reason to suspect:
(1) the transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade law or regulation or to avoid any transaction reporting requirement under law or regulation;
(2) the transaction is designed, whether through structuring or otherwise, to evade any requirements of the authorized body regulations;
(3) the transaction has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and after examining the background, the possible purpose of the transaction and other facts, we know of no reasonable explanation for the transaction; or
(4) the transaction involves the use of the firm to facilitate criminal activity.
We will also file a SAR and notify the appropriate law enforcement authority in situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes.
We may file a voluntary SAR for any suspicious transaction that we believe is relevant to the possible violation of any law or regulation but that is not required to be reported by us under the SAR rule. It is our policy that all SARs will be reported regularly to the Board of Directors and appropriate senior management, with a clear reminder of the need to maintain the confidentiality of the SAR.
We will report suspicious transactions by completing a SAR, and we will collect and maintain supporting documentation as required by the authorized body regulations. We will file a SAR-SF no later than 30 calendar days after the date of the initial detection of the facts that constitute a basis for filing a SAR. If no suspect is identified on the date of initial detection, we may delay filing the SAR for an additional 30 calendar days pending identification of a suspect, but in no case will the reporting be delayed more than 60 calendar days after the date of initial detection. The phrase “initial detection” does not mean the moment a transaction is highlighted for review. The 30-day (or 60-day) period begins when an appropriate review is conducted and a determination is made that the transaction under review is “suspicious” within the meaning of the SAR requirements. A review must be initiated promptly upon identification of unusual activity that warrants investigation.
We will retain copies of any SAR filed and the original or business record equivalent of any supporting documentation for five years from the date of filing the SAR. We will identify and maintain supporting documentation and make such information available to the authorized body, any other appropriate law enforcement agencies, state securities regulators or upon request.
We will not notify any person involved in the transaction that the transaction has been reported, except as permitted by the authorized body regulations. We understand that anyone who is subpoenaed or required to disclose a SAR or the information contained in the SAR will, except where disclosure is requested by appropriate law enforcement or regulatory agency, decline to produce the SAR or to provide any information that would disclose that a SAR was prepared or filed. We will notify the authorized body of any such request and our response.
We will maintain records of the following information:
(a) (A) the name of the purchaser;
(B) the date of purchase;
(C) the type(s) of instrument(s) purchased;
(D) the hash number(s) of each of the instrument(s) purchased; and
(E) the amount of money of each of the instrument(s) purchased.
(H) We may ask about additional documents.
(b) We shall keep records required to be kept for a period of five years, and such records shall be made available to the state authorities upon request at any time.
9. Prohibited Transactions
If any of the characteristics listed here have been observed, the Transaction cannot be carried out:
1) The customer does not have sufficient authorisations to carry out the Transaction, or the authorisations are unclear;
2) The customer’s need to carry out the Transaction has not been reasonably justified;
3) The management, ownership and control structure of the customer that is a legal person is unclear and/or it is structured in an unreasonably complicated way from the economic point of view, or it has changed frequently without justification;
4) Economic activities of a legal person or its accounting or payment practices are not transparent;
5) The customer may be a fictitious company or a fictitious person;
6) The Beneficial Owner of the customer that is a legal person cannot be established;
7) The customer that is a legal person uses an agent or another legal person as its representative without clear authorisations (i.e. during pre-contractual negotiations);
8) The customer of the representative of the customer refuses to provide information for the purposes of establishing the substance of the Transactions and assessment of risks;
9) The customer has not presented sufficient data or documents to prove the legal origin of the assets and funds, after having been asked to do so;
10) Based on the information received from recognised and reliable sources (e.g. state authorities, international organisations, the media) the customer, the Beneficial Owner or a customer that is a legal person, or another person associated with the customer is or has been linked with organised crime, Money Laundering or Terrorist Financing;
11) The customer, the Beneficial Owner or a customer that is a legal person, or another person associated with the customer is or has been linked with traditional sources of income or organised crime, i.e. illicit trafficking of excise goods or narcotic substances, illegal trafficking of arms or human trafficking, mediation or prostitution, unlicensed international transfers of e-money;
12) International Sanctions are being applied against the customer, the Beneficial Owner of a customer that is a legal person, or another person associated with the customer;
13) The customer has nominee shareholders or shares in bearer form.
10. AML Recordkeeping
a. Responsibility for Required AML Records and SAR Filing
Our AML Compliance Person and his or her designee will be responsible for ensuring that AML records are maintained properly and that SARs are filed as required.
In addition, as part of our AML program, our firm will create and maintain SARs and relevant documentation on customer identity and verification and funds transmittals. We will maintain SARs and their accompanying documentation for at least five years. We will keep other documents according to existing regulations and other recordkeeping requirements, including certain rules that require retention periods. b. SAR Maintenance and Confidentiality
We will hold SARs and any supporting documentation confidential. We will not inform anyone outside of appropriate law enforcement or regulatory agencies about a SAR. We will refuse any subpoena requests for SARs or for information that would disclose that a SAR has been prepared or filed and immediately notify the authorized body of any such subpoena requests that we receive. We will segregate SAR filings and copies of supporting documentation from other firm books and records to avoid disclosing SAR filings. Our AML Compliance Person will handle all subpoenas or other requests for SARs. We may share information with another financial institution about suspicious transactions in order to determine whether we will jointly file a SAR. In cases in which we file a joint SAR for a transaction that has been handled both by us and another financial institution, both financial institutions will maintain a copy of the filed SAR.
11. Applicable laws
In order to be compliant with the AML/KYC regulations for every of the existing Stobox’ projects, we apply both national (of places where our certain companies are registered or operate, depending on the project) and international regulations.
We monitor the changes of the applicable laws on the annual basis and, if necessary, amend our policies and procedures accordingly.
12. Firm Relationships
We will work closely with the authorized body to detect money laundering. We will exchange information, records, data and exception reports as necessary to comply with AML laws. Our firm will have filed (and kept updated) the necessary annual certifications for such information. As a general matter, we will obtain and use the following exception reports offered by our authorized body in order to monitor customer activity and we will provide the authorized body with proper customer identification and due diligence information as required to successfully monitor customer transactions. We have discussed how each firm will apportion customer and transaction functions and how we will share information and set forth our understanding in a written document. We understand that the apportionment of functions will not relieve either of us from our independent obligation to comply with AML laws, except as specifically allowed under the authorized body and its implementing regulations.
13. Training Programs
We will develop ongoing employee training under the leadership of the AML Compliance Person and senior management. Our training will occur on at least an annual basis. It will be based on our firm’s size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.
Our training will include, at a minimum: (1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties; (2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags for analysis and, where appropriate, the filing of SARs); (3) what employees' roles are in the firm's compliance efforts and how to perform them; (4) the firm's record retention policy; and (5) the disciplinary consequences (including civil and criminal penalties) for non-compliance with the regulations.
We will develop training in our firm, or contract for it. Delivery of the training may include educational pamphlets, videos, intranet systems, in-person lectures and explanatory memos. We will maintain records to show the persons trained, the dates of training and the subject matter of their training.
We will review our operations to see if certain employees, such as those in compliance, margin and corporate security, require specialized additional training. Our written procedures will be updated to reflect any such changes.
14. Monitoring Employee Conduct and Accounts
We will subject employee accounts to the same AML procedures as customer accounts, under the supervision of the AML Compliance Person. We will also review the AML performance of supervisors, as part of their annual performance review. The AML Compliance Person’s accounts will be reviewed by the director.
15. Confidential Reporting of AML Non-Compliance
Employees will promptly report any potential violations of the firm’s AML compliance program to the AML Compliance Person unless the violations implicate the AML Compliance Person, in which case the employee shall report to the director. Such reports will be confidential, and the employee will suffer no retaliation for making them.