System of internal policies, procedures and control measures
to fulfill the obligations set out in Act No. 253/2008 Coll.
1 Introduction ..................................................................................................................... 3
2 List of abbreviations ......................................................................................................... 3
3 Definition of terms............................................................................................................ 4
4 Identification.................................................................................................................... 8
4.1 Carrying out identification ................................................................................................. 8
4.1.1 Identification data collection ...................................................................................... 8
4.1.2 PEP detection ......................................................................................................... 10
4.1.3 Identification of persons subject to international sanctions ........................................... 10
5 Procedures for performing customer due diligence, determining the extent of customer due diligence appropriate to the risk of money laundering and terrorist financing ......................... 11
5.1 Obtaining and evaluating information about the purpose and intended nature of the transaction or business relationship and information about the nature of the client's business................................. 12
5.2 Identifying the beneficial owner and taking steps to verify his identity .................................. 12
5.3 Ongoing monitoring of the business relationship, including reviewing transactions carried out
during the relationship.............................................................................................................. 13
5.4 Reviewing the sources of funds or other assets to which the business or business relationship
relates..................................................................................................................................... 13
5.5 Measures taken to determine the origin of assets in the event of a business relationship with a
PEP 14
5.6 Additional information on conducting customer identification and verification....................... 14
5.7 Enhanced customer identification and due diligence............................................................ 14
5.8 Not to perform client due diligence ................................................................................... 15
6 Adequate and appropriate methods and procedures for risk assessment, risk management, internal control and ensuring control over compliance with the obligations set out in the AML Act................................................................................................................................ 16
6.1 Risky categorization type clients with with regard on risk factors .......................................... 16
6.2 Risk categorization of products and related services that can be misused for ML/FT ............... 16
6.3 Internal control and ensuring control over compliance with obligations set out in the AML Act 17
6.4 A detailed demonstrative list of signs of suspicious transactions ........................................... 17
6.4.1 Optional signs of suspicious transactions ................................................................... 17
6.4.2 Client risk profile perspective ................................................................................... 19
6.4.3 Mandatory signs of suspicious transactions ................................................................ 20
7 Not to complete the transaction ........................................................................................ 20
8 Procedure for making retained data available to competent authorities .................................. 20
1
CryptoSwitch s.r.o.
9 SAR .............................................................................................................................. 21
9.1 Situation when an SAR is submitted to the FAU................................................................. 21
9.2 Contacts on Financial analytic office ................................................................................. 22
10 Technical and personnel measures that will ensure the postponement of the execution of the client's order pursuant to Section 20 of the AML Act and the fulfillment of the information obligation pursuant to Section 24 of the AML Act within the specified period........................ 24
10.1 Contact person........................................................................................................ 24
10.2 Fulfillment of information obligations ....................................................................... 24
11 Provisions on the preparation of evaluation reports ............................................................. 24
12 Provisions on providing training for employees .................................................................. 25
13 Confidentiality clause...................................................................................................... 25
14 Binding and effective and changes to regulations................................................................ 25
15 Approval clause.............................................................................................................. 26
2
CryptoSwitch s.r.o.
1 Introduction
The company CryptoSwitch s.r.o. has a license to provide services related to virtual assets. As part of this activity, it provides services that could be abused to legalize the proceeds of crime or to finance terrorism. According to the provisions of Section 2, paragraph (1), letter b), point 15 of Act No. 253/2008 Coll., Act on Certain Measures Against the Legalization of Proceeds from Crime and Financing of Terrorism, as amended, the company CryptoSwitch s.r.o. is an obliged person under this Act.
2 List of abbreviations
CryptoSwitch s.r.o.
AML Act AML decree
AML/CFT prevention
ML/FT
Czech National Bank
EEA
EU
FAU
SAR
PEP sanction law
Act No. 253/2008 Coll., on certain measures against the legalization of proceeds from crime and the financing of terrorism, as amended
Decree No. 67/2018 Coll., on certain requirements for the system of internal principles, procedures and control measures against the legalization of proceeds from crime and the financing of terrorism
Measures in the field of prevention of legalization of proceeds from crime and financing of terrorism (Anti-Money Laundering / Countering the Financing of Terrorism
Money Laundering / Financing of Terrorism of Terrorism
Czech National Bank
European Economic Area
European Union
Financial Analysis Office
suspicious transaction report
politically exposed person ( Politically Exposed Person)
Act No. 69/2006 Coll., on the implementation of international sanctions, as amended
3
3 Definition of terms
CryptoSwitch s.r.o.
Financing of terrorism
The collection or provision of funds or other property with the intention that they will be used, in whole or in part, to commit criminal offences, such as terrorist attacks, participation in terrorist groups, support and promotion of terrorism or threats of terrorist acts. This includes the support of persons or groups preparing to commit such acts.
Furthermore, these are activities aimed at rewarding or compensating the perpetrators of these crimes, or their close relatives, according to the Criminal Code. This also includes the collection of funds for these purposes.
For the purposes of the AML Act, financing also means the collection or provision of funds with the knowledge that they will be used to disseminate weapons of mass destruction or to support their dissemination in violation of international law.
It is not important whether these negotiations take place in the Czech Republic or abroad.
Conduct aimed at concealing the illegal origin of any economic benefit obtained from criminal activity in order to create the impression that it is a legally acquired property benefit. This conduct includes in particular:
The transfer or conversion of property, knowing that it is derived from criminal activity, in order to conceal its origin or to help the offender avoid legal consequences.
Concealing or disguising the true nature, source, location, movement or ownership of property, or altering the rights relating to property, knowing that it derives from criminal activity.
Acquiring, possessing, using or otherwise dealing with property knowing that its origin is criminal.
Participation in a criminal association or other form of cooperation with the aim of carrying out the above-mentioned conduct.
It is not relevant whether these activities took place or are to take place in the Czech Republic or abroad.
According to the AML Act, the obliged person is the company CryptoSwitch s.r.o. , with its registered office at Na Čečeličce 425/4, Smíchov, 150 00 Praha 5, registered in the Commercial Register kept by the Municipal Court in Prague under number C 410553, for the activity of a person providing services related to virtual assets.
These are employees or executives of the Obliged Person.
Legalization of proceeds from criminal activities
Obliged person
Employee
4
CryptoSwitch s.r.o.
Opaque ownership structure
Situations where it is not possible to determine the beneficial owner or ownership and control structure of the client from the following sources:
Public register, trust fund records or records of beneficial owners kept by a public authority of the Czech Republic.
A similar register or record in another state.
Other sources or combinations of sources that the obliged person considers to be trustworthy and which it reasonably believes provide complete and up-to-date information about the beneficial owner and ownership and management structure of the client, in particular if they are issued by a public authority or officially verified.
Trade means the mediation of the sale, purchase or exchange of virtual assets on an internet platform operated by an obliged person.
If a transaction is divided into several separate transactions that are related to each other, the value of the transaction is the sum of these transactions.
A contractual relationship between an obligated person acting in this capacity and another person, the purpose of which is the repeated framework provision of Transactions, whereby this contractual relationship may be established on the basis of a written framework agreement.
Likewise, the disposal of the property of this other person or the provision of services to this other person, if it is clear at the time of the formation of the contractual relationship, taking into account all the circumstances, that it will be ongoing or will include recurring performance.
A transaction carried out under conditions that raise suspicions of an attempt to launder the proceeds of crime, or suspicions that the funds used are intended for the financing of terrorism. Suspicious also includes a transaction that is otherwise directly or indirectly linked to the financing of terrorism, or any other fact that could indicate a similar risk.
Suspicious business is also considered to be a client's behavior that is not directly aimed at concluding a business transaction or business relationship, but justifiably raises suspicion that the client's goal may be the activity listed above. A suspicious business can also be a transaction that was not carried out by an employee, or the client's attempt to establish a business relationship itself.
Trade
Commercial relationship
Suspicious trade
5
Politically exposed person
a) a natural person who is or has been in a prominent public office of national or regional importance, such as, in particular, the head of state, the prime minister, the head of a central state administration body or his/her representative (deputy, state secretary), a member of parliament, a member of the governing body of a political party, a leading representative of a territorial self-government, a judge of the Supreme Court, the Constitutional Court or another highest judicial body, against whose decisions there is generally (with exceptions) no appeal, a member of the central bank's banking board, a senior officer of the armed forces or corps, a member or deputy member (if it is a legal person) of the statutory body of a state-controlled commercial corporation, an ambassador or head of a diplomatic mission, or a natural person who performs or has performed a similar function in another state, in an EU body or in an international organization,
b) a natural person who is:
1) a person close to the person referred to in letter a),
2) who is a partner or beneficial owner of the same legal entity or trust fund as the person referred to in letter a), or the obligated person is aware of the fact that he or she is in any other close business relationship with the person referred to in letter a),
who is the beneficial owner of a legal entity or trust fund, which the obligated person knows were created for the benefit of the person referred to in letter a)
A document issued by a public administration body, which states the name and surname, date of birth and from which the appearance is visible, or other information enabling the identification of the person presenting the document as its authorized holder
A country at risk in terms of money laundering, terrorist financing or proliferation of weapons of mass destruction. The list of these countries is set out in Commission Regulation (EU) 2016/1675 of 14 July 2016 supplementing Directive (EU) 2015/849 of the European Parliament and of the Council on the identification of high-risk third countries with strategic deficiencies, as amended. In this context, we also refer to the list of high-risk and other monitored jurisdictions of the Financial Action Task Force (FATF). Updated lists can be found on the FAU website https://www.financnianalytickyurad.cz/seznam-vysoce- risk - third -coutry
RBA - from the English "risk- based approach ”) represents a strategy for implementing AML/CFT measures that enables an obliged person to allocate its human and financial resources effectively and appropriately based on an assessment of the risks of money laundering and terrorist financing. A key element of an effective RBA is a thorough risk assessment, including their identification, understanding and analysis. This approach allows obliged entities to implement adequate measures to mitigate the identified risks in accordance with their severity.
A person on whom the Czech Republic imposes international sanctions in accordance with the Act on the Implementation of International Sanctions.
CryptoSwitch s.r.o.
Card identities
Risk country
Risk-based approach
Sanctioned person
6
CryptoSwitch s.r.o.
Beneficial owner
A natural person (or several natural persons) who has the de facto or legal power to exercise, directly or indirectly, decisive influence over a legal person or trust. The beneficial owner is considered to be:
a) in the case of a business corporation, a natural person,
which alone or together with persons acting in concert with it holds more than 25% of the voting rights of this business corporation or has a share in the registered capital of more than 25%,
who alone or together with persons acting in concert with him controls the person referred to in point 1,
which is to be the recipient of at least 25% of the profits of this business corporation, or
who is a member of the statutory body, a representative of a legal entity in this body or in a position similar to that of a member of the statutory body, if he is not the beneficial owner or if he cannot be determined according to points 1 – 3,
b) in the case of an association, a public benefit corporation, a community of unit owners, a church, a religious society or another legal entity pursuant to the law regulating the status of churches and religious societies, a natural person,
which holds more than 25% of their voting rights,
which is to be the recipient of at least 25% of the funds distributed to it, or
who is a member of the statutory body, a representative of a legal entity in this body or in a position similar to that of a member of the statutory body, if he is not the beneficial owner or if he cannot be determined according to point 1 or 2,
c) in the case of a foundation, institute, endowment fund or trust fund, a natural person or the beneficial owner of a natural person who is in a position,
founder,
trustee,
thoughtful,
the person in whose interest the foundation, institute, endowment fund, or trust fund was established or operates, unless a beneficiary is designated, and
persons authorized to supervise the administration of a foundation, institute, endowment fund or trust fund.
A trust fund or a similar structure or function of an entity governed by the law of another state.
A state that is not a member state of the European Union or a state forming the European Economic Area.
Trustee fund Third country
7
CryptoSwitch s.r.o.
Country of origin
For a client - a natural person, each state of which this person is a national, and at the same time all other states in which he/she is registered for residence for more than 1 year, or for permanent residence, if known to the obliged person,
for a client who is a natural person, any state that is their country of origin according to the paragraph above or in which they have their registered office;
for a client - a legal entity that is also an obliged person within the meaning of Section 2 of the AML Act, the country of origin is the state in which it has its registered office,
for a client - a legal entity that is not also an obliged person within the meaning of Section 2 of the AML Act, the country of origin is the state in which it has its registered office, as well as all states in which it has a branch.
for a trust client, the state under whose law it is established and each state which is the country of origin of its trustee under the paragraphs above
4 Identification
Client identification is performed in the event that the First Identification of a client who is: a) a natural person;
b) a legal entity or trust,
shall be carried out by the obliged person through a third party that provides a sufficient level of guarantee. The level of guarantee must meet the level of reliability of the means of electronic identification in determining the identity of persons, thereby providing a guarantee that the person declaring a specific identity is indeed the person to whom this identity is linked. The person declaring the identity of persons must meet the requirements of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market.
4.1 Carrying out identification
The obliged person shall carry out client identification:
- at the latest when it is clear that the value of the one-off transaction will exceed EUR 1,000
- always regardless of the limit set above, with regard to:
suspicious transaction;
If a business relationship is established between the parties, the obligated party identifies the client eachtime.
If a transaction is divided into several separate transactions that are related to each other, the value of the transaction is the sum of the value of these transactions.
4.1.1 Identification data collection
An obliged person or employee performing client identification who is:
- natural person, non-entrepreneur : will find out all names and surnames, personal identification number, and if not assigned, date of birth and gender, place of birth, permanent or other residence and citizenship. This data will be recorded and verified from the identity card (if stated in it), and the type and number of the identity card, the country or authority that issued it and its period of validity will be recorded. At the same time, the correspondence of the appearance with the image in the identity card will be verified;
- natural person entrepreneur : finds out all names and surnames, personal identification number, and if not assigned, date of birth and gender, place of birth, permanent or other residence and citizenship. This data is recorded and verified from the identity card, and the type and number of the identity card, the state or authority that issued it and its validity period are also recorded. At the same time, the correspondence of the appearance with the image in the identity card will be verified. It is also necessary to record the name of the business company, a distinguishing addition or other designation, the registered office and the person's identification
8
number;
- legal entity : determines basic identification data, which are the business name or name including a distinguishing addition or other designation, registered office and identification number of the legal entity or a similar number assigned abroad. These identification data will be recorded and verified from a document on the existence of the legal entity obtained from a trustworthy source, which is a valid extract from the Commercial Register or another business register. If the client is a legal entity registered in the Czech Commercial Register, the obliged person can either verify the copy of the extract from the Commercial Register submitted by the client on the justice.cz portal, or, as part of the client identification, download the relevant data directly from this electronic register or check the data provided by the client orally or in a written communication. If it is a foreign legal entity, a valid extract from the commercial register must be submitted to the obliged person in the original or a copy certified by an authorized authority, if it is not publicly available in a similarly verifiable form as current extracts from the Commercial Register in the Czech Republic. The obliged person shall also identify the natural person who acts on behalf of the legal entity in a given transaction or upon the establishment of a business relationship. For natural persons who are members of the statutory body of this legal entity, but do not act within the scope of the transaction in question (or upon the establishment of a business relationship), data to establish and verify their identity shall be ascertained and recorded. This data is that which can be ascertained from available sources, typically from the commercial register, i.e. in particular the name, surname, date of birth and address. In the event that the statutory body of the client is another legal entity, the obliged person shall also verify and record its basic identification data, and data to establish and verify the identity of the natural person who is a member of the statutory body of this legal entity or whom this legal entity has authorised to represent it in the statutory body.
- trust fund: finds out its designation and the identification data of its trustee, to the extent specified above depending on whether it is a natural or legal person.
Required second ID card identities:
Identity card, passport, driver's license, alien's residence permit, firearms license, etc.
The following types of ID cards can only be accepted if they meet the following requirements:
it is a valid and state-issued document;
it is not a card damaged beyond the usual level of wear and tear (e.g. missing pages, glued together,
overwritten, illegible, etc.);
the holder's likeness on the card must correspond to the holder's actual appearance and must be sufficiently clear or undamaged to enable the holder to be identified with a sufficient degree of probability;
it is a document from which it can be determined which authority of which state issued it;
It is a document that does not raise any doubts about its authenticity for any reason.
Some identification data (e.g. gender, residential address) may not be included in every identity card.
The obliged person may make copies or extracts from the submitted documents and process the information thus obtained for the purposes of the AML Act. When making a copy or extract from the submitted documents, the consent of their holder is not required.
If, when concluding a transaction (or business relationship), the obligated person suspects that the client is not acting on his own behalf or that he is concealing that he is acting on behalf of a third party, he shall ask the client to provide evidence of authorization to act. Everyone is obliged to comply with this request.
To detection individual data:
- Name and surname : It is indeed necessary to find out and record all the commonly given names and surnames of the identified person (typically, for example, for persons from the countries of the former Soviet Union, the so-called patronymic , i.e. the name after the father). This can help, in the case of a partial match between the identified person and the sanctioned person, to decide whether it is the same person or not.
- Personal identification number : mandatory information for citizens of the Czech Republic, foreigners with a residence permit in the Czech Republic, asylum seekers and other persons to whom a personal identification number is assigned pursuant to Section 16 of Act No. 133/2000 Coll., on population registration, as amended.
- Date of birth : mandatory information for persons who have not been assigned a birth registration number according to Czech regulations.
- Gender : this information becomes especially important for foreigners with names whose gender is not clear 9
CryptoSwitch s.r.o.
(e.g. they do not contain the ending -ová ) , or if it does not follow from the birth certificate.
- Place of birth: the format for recording the place of birth is not prescribed by AML law, it should be understandable and unambiguous. [
- Permanent or other residence : indication of the relevant residence [
Authority that issued the identity card: this information must be recorded especially in a situation where the client is a citizen of the Czech Republic. In such a case, it is not useful to record only the state that issued the identity card, since this card could not have been issued by anyone other than the Czech Republic (except in cases where the client has dual citizenship and presents an identity card issued by a state other than the Czech Republic for the purpose of identification).
4.1.2 PEP detection
As part of client identification, the obliged person shall determine and record whether:
- client, a natural person acting on behalf of a client in a given transaction or business relationship and whose beneficial owner, if known to the obligated person, is not a PEP.
PEP identification is carried out either by a declaration from the client or a person acting on his behalf (statutory representative, procurator, authorized representative, legal representative, guardian, etc.) or by searching for this fact in a commercially distributed system for checking and searching for "risky" clients, which is based on information from public sources and which is provided as a paid service by some specialized business entities. Identification by the employee's own investigation is also permissible, e.g. using open sources of information (Internet, etc.).
The declaration procedure can be used for low-risk clients (type A profile). For clients with a type B risk profile, great care must be taken when assessing any suspicious transactions and increased demands must be placed on the accuracy of the information provided by the client during the initial or ongoing check.
If the explanation or definition of PEP is not provided directly on the declaration, or if the declaration is obtained orally, it is essential that the client has the opportunity to familiarize themselves with the definition of this term. Therefore, it is recommended to publish the definition of PEP prominently on the declaration form so that the client can familiarize themselves with it, preferably in a language that the client understands.
If the client has made a PEP declaration (written or verbal) in the past, it is advisable to obtain it repeatedly, as this fact may change. It is also recommended to verify this fact at certain intervals during the duration of the business relationship.
In the event that a client discloses that they are a PEP or the employee learns of this from another source, the employee must obtain (from the client or otherwise) the following information:
function designation and possibly other details about it
where applicable, a description of the relationship to a person in a significant position (if it is a person from their
"family" or "business" environment, which itself is not in a significant position
or at least the approximate date of termination of the function (if the function was terminated).
4.1.3 Identification of persons subject to international sanctions
Information about current sanctions and sanctioned persons and entities can be found through:
- EU sanctions maps, published on the website www.sanctionsmap.eu , and at the same time
- from Government Regulation No. 210/2008 Coll., on the implementation of special measures to combat terrorism, as amended;
The employee will determine whether the Czech Republic applies international sanctions against the client or persons associated with him or her by searching for all of the above-mentioned persons (natural and legal persons) in the currently valid sanctions lists that are available.
The two above-mentioned sanctions lists are different in content. If a person is on any of these sanctions lists, it means that the Czech Republic applies international sanctions against him. If the person is not on either of the mentioned sanctions lists, it is considered that the Czech Republic does not apply any sanctions against him.
10
CryptoSwitch s.r.o.
As part of client identification, the obliged person shall determine and record whether:
- client, a natural person acting on behalf of the client in a given transaction or business relationship and its beneficial owner, if known to the obligated person, is not a sanctioned person,
- another person in the ownership or management structure of the client, if known to the obligated person, is not a sanctioned person.
The employee is obliged to create a record of the screening and the results.
Verification with sanction lists or declarations must be made before concluding a transaction (or business relationship). In the event that the employee suspects that the client is providing false, distorted or incomplete information, or that the data has changed during the course of the business relationship, the employee will ask the client to substantiate the declared data with relevant documents, or to issue a new declaration.
If any of the identification data partially matches the data of a person on the binding sanctions list, it is necessary to proceed as if it were a full match and not to carry out the transaction until it is clarified whether or not it is the same person. If the person fully matches the sanctions lists, the transaction or business relationship may be continued only if it is not in conflict with the legal regulation on the basis of which the sanction in question was imposed. Usually, in practice, this involves a complete freezing (seizure) of all client funds and a ban on direct or indirect access to any funds or economic resources to the client; possible exceptions may be permitted by the FAU. An SAR is always submitted immediately.
5 Procedures for performing customer due diligence, determining the extent of customer due diligence appropriate to the risk of money laundering and terrorist financing
Obligated person performs due diligence of the client always:
1 before carrying out a transaction outside a business relationship, provided that the conditions pursuant to Section 7 of the AML Act are met, namely
at the latest when it is clear that it will reach a value of EUR 15,000 or more
with a politically exposed person;
with a person established in a third country that is to be considered as high-risk on the basis of directly applicable European Union legislation or for another reason that may link that person to the relevant high- risk country
for a transaction worth at least EUR 15,000;
when transferring funds worth EUR 1,000 or more;
- before a suspicious transaction is made;
- upon the establishment of a business relationship (at the latest before the first transaction is carried out);
- during the duration of the business relationship, and the inspection is initiated randomly based on employee suspicions, or for each transaction that deviates from the standard of the business relationship, either in terms of frequency or volume.
If a transaction is divided into several separate transactions, the value of the transaction is the sum of these transactions, if they are related. Obviously related transactions must therefore be added together and considered as a single transaction. Services related to virtual assets that are related are in particular the following:
- the client makes two or more purchases, sales, exchanges consecutively or within a short period of time;
- the client makes two or more purchases, sales, exchanges over a short period of time, e.g. over the course of one
day or over several days;
- the owner of the funds purchased, sold, exchanged is a company (legal entity) and payment services are performed on its behalf by various employees;
- funds or virtual assets belong to one person who divides them in advance among multiple people and these people carry out individual purchases, sales, and exchanges.
due diligence client includes:
11
CryptoSwitch s.r.o.
- establishing the identity of the beneficial owner and taking measures to verify his identity from trustworthy sources, provided that if the client is subject to the obligation to register in the register of beneficial owners or a similar register, the obliged person shall always verify the beneficial owner at least from this register or a similar register and one other source, and establishing whether the beneficial owner is not a PEP or a sanctioned person
- obtaining and evaluating information about the purpose and intended nature of the transaction or business relationship obtaining and evaluating information about the nature of the client's business;
- ongoing monitoring of the business relationship, including reviewing transactions carried out during the relationship in order to determine whether the transactions are consistent with what the obliged person knows about the client and their business and risk profile;
- in the event that the client is a legal entity or trust, determining the ownership and management structure of the client, and determining whether a person in this structure is not a sanctioned person,
- within the framework of a business relationship with a PEP, also take reasonable measures to determine the origin of its assets.
- reviewing the sources of funds or other assets to which the transaction (or business relationship) relates;
5.1 Obtaining and evaluating information about the purpose and intended nature of the transaction or
business relationship and information about the nature of the client's business
The purpose of obtaining this information is to create conditions for future evaluation of whether individual transactions show signs of suspicious trade.
The purpose of the transaction, in accordance with the type of transaction, may be considered to be, in particular:
5.2
Purchase, sale, exchange for investment purposes; Buying, selling, exchanging for payment in a virtual asset.
Identifying the beneficial owner and taking steps to verify his identity
The obliged person identifies relevant relationships up to a specific natural person or several natural persons who have a significant influence on the activities of the given client, including indirectly (through other natural or legal persons).
Obtaining information about the client's ownership structure and identifying the client's beneficial owner is necessary to assess the client from the perspective of possible ML/FT risk.
Findings identities of the beneficial owner:
- for the actual owner, information to verify his identity and the procedure for identifying him.
- Sufficient information is considered to be information published in public registers or in registers of beneficial
owners.
- This information is collected in the form of the name, surname, address, country of origin of the beneficial owner and a description of the relationship to the client. If the relevant data can be supported by documents, it is recommended that copies of them be obtained and kept, or that a reference to the relevant database be recorded.
When inspecting a client - a legal entity or a trust fund, the obliged person shall ascertain and record:
what is the purpose of the intended business relationship and further
the source of funds that will be the subject of the business relationship and further
a list of all countries where the client has its registered office, branches, organizational units or establishments, and
information about its ownership structure and further identifies and records its true owner so that he can be identified.
Data discovery and review process
The obliged person obtains the data necessary to carry out the inspection primarily through its own investigation and from the documents at its disposal, as well as from the client's declaration.
12
CryptoSwitch s.r.o.
The purpose of a business relationship often arises from communication with the client, or the client declares it themselves.
Information about the ownership structure and the beneficial owner of the client, legal entity, is obtained by the obliged person:
Primarily by my own research from public, trustworthy sources (open state administration registers)
Information contained in the register of data on the beneficial owner of a legal entity, which is freely
accessible
Procedures when the beneficial owner of a client cannot be identified from publicly available sources
In a situation where the client's beneficial owner cannot be identified from publicly available sources, the obliged person shall proceed as follows:
- will request the person acting on behalf of the client to submit documents proving the ownership structure (foundation documents, lists of shareholders or their declarations, minutes of general meetings, etc.);
- If the client does not cooperate, or there are doubts about the truth or credibility of the information provided, this behavior is a reason for the obligated person to refuse to carry out the transaction (or to establish a business relationship, or to terminate it). In the event that the obligated person evaluates the client's actions or the transaction carried out by the client as suspicious, we recommend proceeding in accordance with Section 18 of the AML Act and filing an SAR.
- If the person acting on behalf of the client does not submit such documents (because they do not exist or do not have them), the obliged person will proceed to identify the beneficial owner in the form of a sworn declaration, in which case the obliged person must reflect this fact in the risk profile accordingly and take appropriate measures against the client in accordance with the established rules of the obliged person.
5.3 Ongoing monitoring of the business relationship, including reviewing transactions carried out during the relationship
The aim of ongoing monitoring of the business relationship is to verify whether the transactions are in accordance with what the obliged person knows about the client. This concerns in particular whether:
the services used are in accordance with the client's financial circumstances and economic activity
the services used are in accordance with the originally intended purpose of the business relationship
(product used)
the services are not used by a person other than the client, i.e. in particular whether they do not serve as a tool for the transfer or storage of funds for a person other than the client himself.
Ongoing monitoring means assessing whether the services provided to the client are in accordance with their financial circumstances and the intended purpose of the service. If the client uses the services of the obliged person above their declared financial circumstances or above the circumstances that were determined by the employee, or if the client uses the services in conflict with the assumed purpose of the business relationship and in conflict with the purpose that is typical for a certain type of client, this is a reason for further verification of the client in order to determine whether this is a suspicious transaction.
This monitoring is essential to assess whether the services provided to the client show signs of suspicious trading. This assessment is carried out by an employee or an automated system that monitors the services provided to the client on an ongoing basis.
If the employee suspects that the client is providing false, distorted or incomplete information, he/she will ask the client to substantiate the declared data with relevant documents (if possible). This can be done, for example, with an account statement, accounting records, a statement by the person authorized to keep the client's accounting, etc. The employee will only accept originals or certified copies of documents. Only after their submission can the ongoing check be considered completed.
5.4 Reviewing the sources of funds or other assets to which the business or business relationship relates
It is necessary to examine (find out) the source of the funds used in the transaction or business relationship. In the case of a business relationship, this part of the client check is carried out mainly at its inception
If the funds come from, for example, a business activity, it is necessary to specify what type of business activity it is.
13
CryptoSwitch s.r.o.
The source of funds often results from accounting documents entered into the collection of documents of the client registered in the Commercial Register in the Czech Republic, from published annual reports, from trade licenses that the client has and thanks to which he generates funds. The source means a one-time event (e.g. inheritance, sale of real estate, winnings, sale of other property, etc.) or a systematic activity (funds originating from the client's business, from his employment, etc.). The employee must always obtain sufficiently detailed information to be able to verify the source of funds, i.e. to assess whether such sources are possible and, if applicable, legal. If these are one-time sources, the employee must also find out other details (e.g. inheritance from which person and in what amount, sale of which property and in what amount, winnings from which game operator and in what amount). In the case of recurring income, their source, i.e. the name of the business or employer and the approximate amount of this regular income.
5.5 Measures taken to determine the origin of assets in the event of a business relationship with a PEP
PEPs are considered high-risk persons, in that they may have assets derived from corrupt or other similar conduct or from subsidy fraud. If such a client uses the services of an obliged person beyond their current financial circumstances, which are known to the obliged person, it is necessary to determine and, if necessary, have the source of such funds documented. The company must be aware of the origin of funds from a client who is a PEP (including a PEP of a legal entity) at all times, for the duration of the position and for at least one year thereafter.
5.6 Additional information on conducting customer identification and verification
The client shall provide the obliged person with the information necessary to carry out the identification. The active cooperation of the client is also expected during the inspection, which may consist, for example, in submitting relevant documents and statements. The client must be informed that the information obtained is required under the AML Act (the obligation of confidentiality applies only to the possible submission of an SAR and an investigation by the FAU).
The obligated person may make copies or extracts from the submitted documents and process the information obtained to fulfill the purpose of the AML Act, for which the client's consent is not required.
In case of doubt, the obliged person may request additional supporting or clarifying information from the client and, if this is lacking or unclear, the obliged entity shall not carry out the transaction or shall file an SAR. If the client refuses to cooperate, the obliged person shall not carry out the transaction. If doubts about possible abuse persist even after the inspection, this is a reason to file an SAR.
In further transactions with an already identified person (or during the duration of the business relationship), the obligated person shall verify the identity of the specific natural person acting in an appropriate manner.
At implementation individual shops, at emergence commercial relationship with client, as well as during its course the obliged person:
- checks the validity and completeness of client data and updates it;
- provides and stores information about the client that enables it to assess whether the client is a high-risk client;
- pays increased attention to business
5.7
which have any of the risk factors determined on the basis of the ML/FT risk assessment;
large volume or high frequency of transactions, particularly with regard to the type of client, the subject, amount and method of settlement of the transaction, the purpose of the business relationship and the client's business activity.
with PEPs; where the obliged person is aware that the beneficial owner of the client is a PEP, or that the PEP will otherwise participate;
Enhanced customer identification and due diligence
The obliged person carries out enhanced identification and due diligenc of the client if, based on the risk assessment pursuant to Section 21a of the AML Act, the client, transaction or business relationship poses an increased risk of money laundering or terrorist financing.
The obliged person shall always apply enhanced client identification and verification measures
- before carrying out a transaction related to a high-risk third country,
- before carrying out a transaction or when entering into a business relationship with a politically exposed person.
- upon the establishment and during the course of a business relationship with a person established in a high-risk
14
CryptoSwitch s.r.o.
third country,
In the case of enhanced customer identification and due diligence, the obliged person, to the extent necessary to effectively manage the identified risk, shall take measures beyond the scope of measures applied in customer identification and due diligence.
a) obtains additional documents or information about its beneficial owner; the intended nature of the business relationship; the source of funds and other assets of the client and the beneficial owner;
b) verifies documents or information obtained from multiple trusted sources;
c) regularly and intensively monitors the business relationship and transactions within the business relationship;
d) obtains the consent of a member of its statutory body or a person authorized by it to manage measures against
the legalization of proceeds from crime and the financing of terrorism to conclude a business relationship or to
continue it;
e) requires the first payment within a business relationship or a transaction outside a business relationship to be
made from an account held in the client's name with a credit institution or a foreign credit institution that is subject to customer identification and verification obligations that are at least equivalent to the requirements of European Union law;
f) implements other measures with regard to the nature of the obliged person, its activities and its own risk assessment.
Upon the establishment and during the course of a business relationship with a person established in a high-risk third country or before the execution of a transaction related to a high-risk third country, the obliged person is not required to make the first payments within the business relationship or a transaction outside the business relationship from an account held in the client's name with a credit institution or with a foreign credit institution that is subject to customer identification and verification obligations that are at least equivalent to the requirements of European Union law.
Before carrying out a transaction or when entering into a business relationship with a politically exposed person, the obliged person shall take at least the following measures:
g) obtains additional documents or information about its beneficial owner; the intended nature of the business relationship; the source of funds and other assets of the client and the beneficial owner;
h) verifies documents or information obtained from multiple trusted sources;
i) regularly and intensively monitors the business relationship and transactions within the business relationship;
j) obtains the consent of a member of its statutory body or a person authorized by it to manage measures against
the legalization of proceeds from crime and the financing of terrorism to conclude a business relationship or to
continue it;
k) requires the first payment within a business relationship or a transaction outside a business relationship to be
made from an account held in the client's name with a credit institution or a foreign credit institution that is subject to customer identification and verification obligations that are at least equivalent to the requirements of European Union law;
l) implements other measures with regard to the nature of the obliged person, its activities and its own risk assessment.
If the obliged person applies enhanced customer identification and due diligence measures when establishing a business relationship with a person established in a high-risk third country or before carrying out a transaction related to a high-risk third country, the obliged person shall at least implement the measures referred to in letters a) to d) and f).
If the obliged person applies enhanced client identification and due diligence measures before carrying out a transaction or when concluding a business relationship with a politically exposed person, it shall implement at least the measures under letters c) and d) and obtain, in addition to the measures applied during client identification and due diligence, additional documents and information on the source of funds and other assets of the client and the beneficial owner.
5.8 Not to perform client due diligence
The obliged person shall not perform a client check or a partial part thereof if:
a) the performance of the inspection or a part thereof could lead to the failure or jeopardisation of the investigation of suspicious trade, or
b) the Financial Analytical Office instructs it not to carry out the inspection or a partial part thereof on the grounds that its performance could frustrate or jeopardize the investigation of a suspicious transaction or ongoing criminal proceedings.
15
CryptoSwitch s.r.o.
6 Adequate and appropriate methods and procedures for risk assessment, risk management, internal control and ensuring control over compliance with the obligations set out in the AML Act
6.1 Risky categorization type clients with with regard on risk factors
Before carrying out a transaction, the employee compiles a client risk profile. This is a specific categorization of a particular client.
The risk profile is compiled taking into account all the information that the obliged person has about the client, i.e. not only that obtained during the initial identification and check, but also other information that the employee obtains himself, and also with regard to information that the company may have from previous business relationships that have been terminated.
A client risk profile is an assessment of a client that represents the potential risk that the services of an obliged person may be misused by the client for the purposes of money laundering or terrorist financing. In compiling a risk profile, clients are classified into the following groups according to the risk factor they have:
client with a type A risk profile – i.e. a low-risk client
client with a type B risk profile – i.e. a client with increased risk
client with a type C risk profile – i.e. an unacceptable client.
Characteristics of individual risk profiles, client with a risk profile:
type A – a client who does not show any signs of suspicion regarding possible ulterior motives when carrying out transactions, when acting in the course of the transaction in accordance with what he claims, and within the course of the business relationship acting within the purpose of the cooperation and in volumes that correspond to his financial circumstances. The client communicates and provides additional documentation, if necessary;
type B – the client is a PEP, or is from a risky country, or has ties to these countries, the client shows signs of risky business, or the client does not communicate properly with the obligated person;
type C – the client shows signs of suspicious transaction, the client refuses to submit to inspection or proper identification, the client is unable to prove the source of funds
The services of the obliged person will be provided to the client if the client has a risk profile of type A. In the case of a risk profile of type B, the client will be allowed to execute the transaction if he/she proves the purpose of the transaction and the source of funds to execute the transaction. If the client falls into group type C, he/she will not be allowed to execute the transaction.
Client due diligence will always be initiated for a client who, within the framework of a business relationship, carries out, or whose total number of identified transactions during a calendar year is at least:
EUR 50,000 for clients with a type A risk profile
EUR 25,000 for clients with a risk profile type B The risk profile is important in two main respects:
6.2
affects the periodicity and intensity of the actions performed according to this document serves as essential information when assessing suspicious transactions.
Risk categorization of products and related services that can be misused for ML/FT
Within the scope of the controlled activity, the obliged person only provides services related to virtual assets. This service may pose ML/FT risks with the following degree:
low risk: all other threats.
medium risk: circumvention of international sanctions (i.e. changing the nature and transfers of assets of
persons subject to international sanctions by converting them into another currency, virtual assets)
medium risk: terrorist financing
high risk: misuse of purchase, sale, exchange as a technique for legalizing resources originating from
16
CryptoSwitch s.r.o.
criminal activity, especially concealing financial flows from drug crime, corrupt practices, tax crime, subsidy fraud, corrupt practices, breach of obligations in the management of other people's property, etc.
The obliged person has identified the following vulnerabilities (i.e. "weak spots" that may allow a client to use services for ML-FT) with the above-mentioned threats:
client identification: a person is interested in the services but does not wish to be associated with the service, therefore another person (appearing to be the client) acts on their behalf, who is only an identity provider and conceals that he is acting on behalf of another person, or the person makes frequent purchases, sales, or exchanges below the client identification threshold and avoids the identification obligation through these anonymous transactions
Client verification: the client provides false, superficial or incomplete information about the source of funds because they expect that verifying the source of funds is difficult or impractical and expect the employee to neglect or perform this duty negligently.
persons against whom the Czech Republic applies international sanctions (including persons involved in terrorism) are hidden in complex and opaque ownership and management structures of legal entities; such a client expects that it is very difficult to determine the ownership and management structure of the client- legal entity at a short moment before the transaction is executed and expects that the employee will neglect this obligation or perform it incompletely.
The obligated person does not provide its services to non-hosted wallets, i.e. crypto wallets that are not hosted on a crypto platform such as an exchange.
6.3 Internal control and ensuring control over compliance with obligations set out in the AML Act
The control of compliance with the regulations and procedures set out in this document is carried out by the authorized person. The authorized person may delegate part of the inspection to another person. All employees are required to submit to this inspection. The inspection is carried out on site, by analyzing data and documents, or by other means.
The inspection is carried out on a regular basis, preferably every month. The inspector selects a control sample to check whether the procedures set out in this document and legal regulations have been followed.
All persons to whom this document applies must be aware of the fact that a violation of the regulations and procedures set out in this document is highly likely to also mean a violation of the provisions of the AML Act, for which the obliged person may be fined or even have its business license revoked.
The person conducting the internal audit will write a record after it is completed.
Any person who discovers a violation of the regulations and procedures set forth in this document shall immediately report it to the responsible person, even if the violation was caused by that person himself.
In the event that a violation of the regulations and procedures set out in this document is detected through an inspection, notification or otherwise, these violations will be assessed individually, in particular depending on their seriousness and the extent to which they could have jeopardized the effectiveness of measures against the legalization of proceeds from crime and the financing of terrorism. Employees will be held personally liable within the framework of applicable labor regulations. The authorized person will also take steps to prevent this violation from recurring (retraining of employees, approval of additional measures, etc.).
6.4 A detailed demonstrative list of signs of suspicious transactions
6.4.1 Optional signs of suspicious transactions
Signs and circumstances of suspicious trade related to identification or due diligence:
the client performs activities that may help conceal his identity or conceal the identity of his beneficial owner
the client only submits copies of identity cards or other documents
the client is reluctant to make a declaration of political exposure or establishment
the client presents an identity card that shows signs of being an inappropriate card
the client requests identification based on a document other than an identity card
17
CryptoSwitch s.r.o.
doubts arise about the truthfulness, completeness or credibility of the obtained data (including identification data), statements or documents
the client tries to convince the employee not to request certain data that is necessary to obtain for identification or due diligence purposes
the client is reluctant to make a statement in writing, while he has no problem making a verbal statement
the client instructs on the correct procedures for carrying out identification or inspection or objects that the
right does not arise
the client asks questions that lead to suspicion that they are trying to avoid carrying out identification and verification
the client provides confusing, misleading or contradictory information
During the check carried out during individual transactions, the client states a different purpose of the
transaction or the origin of the funds (his statements are inconsistent over time)
the client unreasonably demands identification based on an identification document drawn up by a notary or self-verification
the client is trying to perform identification in a different way, which this document does not allow (although the AML law allows it in some situations)
Signs of suspicious transactions related to a risky territory – the client or a person associated with him (acting person, proxy, legal representative, controlling person, members of a statutory or other body, persons in the management or ownership structure, beneficial owners) is a person with residence, citizenship, registered office or establishment in the territory:
with a higher risk of ML-FT
with a high concentration of persons against whom the Czech Republic applies international sanctions
against which the Czech Republic applies so-called sectoral sanction programs
which is considered a tax haven ( http://www.imf.org/external/NP/ofca/OFCA.aspx)
with high levels of corruption ( http://www.transparency.org/research/cpi/overview)
with a high incidence of criminal activity.
Signs of suspicious trade related to the client's characteristics and activities:
the ownership structure of the client (legal entity) is opaque
proof of existence (of a legal entity), especially if it is from abroad, does not contain a list of members of the statutory body or information necessary for their identification (name, surname, date of birth, address of residence or other combination of data)
the client is a company or company that is a so-called shell company, i.e. it does not carry out any real activity and was clearly established for a purpose other than the declared one
client activity is difficult to verify and trace
the client's activities may have an impact on areas often associated with criminal activity
the client is a company registered in the Commercial Register in the Czech Republic, which has not fulfilled its legal obligation to file prescribed (especially accounting) documents in the collection of documents
the client is a legal entity established under the law of the Czech Republic and, even after January 1, 2019, does not have its beneficial owner registered in the records of data on the beneficial owner of the legal entity maintained by the registry courts
the client is a person from the list of unreliable VAT payers
it is known from a reliable source that the client or a person associated with him (acting person, proxy, legal representative, controlling person, members of the statutory or other body, persons in the management or ownership structure, beneficial owners) are involved in criminal activity or are suspected of or prosecuted for it or that they have a criminal past.
18
CryptoSwitch s.r.o.
Signs of suspicious trade related to client behavior:
terrorist financing
the client unreasonably assures the employee that the property used in the transaction was acquired in accordance with the law, does not have an illegal origin or is not intended to finance terrorism
the client offers the employee money or other reward for carrying out a non-standard or potentially suspicious transaction
the client mentions that the assets used in the transaction are of illegal origin or are intended for
the client over-explains the origin of funds or the purpose of the transaction
the client unreasonably insists that the transaction be completed very quickly
the client signs documents (declarations) with a different signature than the one stated in the identity card, or changes the signatures.
the client shows unusual interest in the policies, procedures and measures followed by the employee within the Internal Policy System
the client demonstrates extensive knowledge in the field of ML-FT prevention
the client is unreasonably nervous – considering the amount and circumstances of the transaction
the client is unusually conversing on the topic of ML-FT or ML-FT prevention
the client deliberately tries to establish a friendly relationship with the employee
the client uses the services of multiple providers for no apparent reason
Signs of a suspicious transaction indicating that the client does not wish to be associated with the transaction due to identity concealment and the transaction is carried out on their behalf by an 'identity provider' (i.e., concealing the actions of another person):
the client does not have accurate information about the value of the property being purchased, sold, or exchanged
the client knows few details about the purpose of the transaction or the origin of the funds
a person (member of the statutory body, acting person, legal representative, etc.) acting on behalf of the client is only slightly familiar with the real events and activities of the legal entity and appears to have been instructed to carry out the transaction by another person (so-called white horse).
Signs of suspicious transactions related to a discrepancy between the client's usual activity and their transactions:
the client carries out a trade or trades in a value that does not correspond to the nature or scope of his business activity or his financial circumstances
states the purpose of the business, which is only barely compatible with his/her activity (for example, a student uses high-value property and states that it is intended for the purchase of industrial goods abroad)
the client is a non-profit or charitable organization and the purpose of the business it communicates is inconsistent with the activity it states or publicly declares.
This list is only indicative. In practice, other circumstances not listed here may arise that indicate that the service could be used to launder proceeds from crime or that the funds used in the transaction are intended to finance terrorism, and therefore it could be a suspicious transaction.
On the other hand, if a transaction meets some of the above characteristics, it may not necessarily be a suspicious transaction.
6.4.2 Client risk profile perspective
For clients with a risk profile of type B, high attention must be paid when assessing any suspicious transactions. Clients with a risk profile of type C will not be provided with services and the business relationship with them will be terminated.
Furthermore, it is necessary to place higher demands on clients with a type B risk profile to substantiate the declared facts with credible documents.
19
CryptoSwitch s.r.o.
6.4.3 Mandatory signs of suspicious transactions
IN In the situations listed below, a transaction is always suspicious and it is therefore reasonable to file a suspicious transaction report:
- -
7
the client, a person in the ownership or management structure of the client, the beneficial owner of the client, a person acting on behalf of the client, a person who is not otherwise involved in the transaction and is known to the obligated person, a sanctioned person,
the subject of the transaction is to be used for goods or services against which the Czech Republic applies sanctions under the Sanctions Act.
Not to complete the transaction
The obliged person shall refuse to carry out a transaction (or establish a business relationship or, unless excluded by a special regulation, terminate the business relationship) if there is an obligation to identify and verify the client and
- the client refuses to submit to identification;
- the client fails to provide the necessary cooperation during the inspection;
- for another reason, the identification or verification of the client cannot be carried out;
- the client refuses to provide evidence of authorization pursuant to Section 8(6) of the AML Act;
- if the person carrying out the identification or verification has doubts about the truthfulness of the information
provided by the client or the authenticity of the documents submitted;
- the client, the beneficial owner of the client or a person acting on behalf of the client or a member of the client's statutory body is a person who is listed on the list of sanctioned entities (in this case, it is necessary to simultaneously submit an SAR);
- it is a transaction (including within the framework of a business relationship) with a PEP and the obligated person does not know the origin of the funds or other assets used in the transaction (or business relationship);
8 Procedure for making retained data available to competent authorities
Storage data
The obliged person shall keep the following information:
- identification and other data (e.g. data relating to the client's identity card) obtained as part of client identification or on the basis of directly applicable European Union legislation governing information accompanying non-cash transfers of funds;
- records of whether the client is a PEP or a sanctioned person;
- copies of documents submitted for identification, if any;
- information about who and when carried out the first identification of the client;
- information and copies of documents obtained as part of the client's inspection;
- records of all steps taken to identify and verify the client, including information on any difficulties associated with these steps;
- records of the procedure for assessing and determining the client's risk profile, including the selection of appropriate persons to submit a suspicious transaction report;
- documents justifying the exemption from customer identification and verification;
- in the case of representation, the original or a certified copy of the power of attorney or the case number of the
court decision appointing the guardian.
Based on the AML Act, the Obliged Person is obliged to retain data and documents for the following period:
- All information and documents regarding the business relationships and services stipulated in this document are 20
CryptoSwitch s.r.o.
kept for a period of 10 years. This period begins on the first day of the calendar year following the year in which the business relationship was terminated.
- The employee training protocol is kept for at least 5 years from the date of the training.
- The evaluation report is kept for at least 5 years.
The data retention period begins on the first day of the calendar month following the calendar month in which the last transaction known to the obligated person was carried out or in which the business relationship was terminated.
Each of the recorded data and retained documents must show:
- to which business relationship or transaction they relate
- the employee who recorded, supplemented or verified the data and kept the documents
- the date on which the data was recorded, supplemented or verified or the documents were retained.
, traceability is considered to be the state where it is possible to unambiguously determine why a certain event occurred (for what reason), under what circumstances, what preceded it and what followed it, what exactly was done and who performed any steps and when. The following must also be traceability:
- all approval and decision-making processes (including the evaluation of the client's risk profile) according to this document and further
- all control activities according to this document including related responsibilities and further
- all supporting documents and assessment of the evaluation report and further
- all findings made during the client's due diligence, when reviewing transactions and any correspondence relating to the transaction, the client or the business relationship, and further
- all processes for assessing a potentially suspicious transaction that ultimately lead to the conclusion that there are no grounds for reporting a suspicious transaction.
- For this reason, it is essential, among other things, that all records (digital and paper) that are made and stored according to this document be provided with at least the following information (unless this information is obvious or follows from something else):
- which business relationship, client or case they relate to
- the employee who recorded, changed, supplemented the data, etc.
- the date and, if applicable, the time when it occurred
- all other relevant information (reason, evidence for the decision, links to external data, etc.).
9 SAR
9.1 Situation when an SAR is submitted to the FAU
Obligated person will announce suspicious transaction on based on above mentioned, especially if:
- There are doubts about possible misuse for ML/FT persist even after customer due diligence has been carried out;
- the client refuses to identify himself before the transaction (business relationship) is concluded and the obligated person has partial information about the client (in these cases, all information from the obligated person's representatives regarding the description, behavior, course of negotiations with the unidentified transaction participant, his arrival and departure is included in the SAR; the basic identification data of the obligated person's employees who negotiated with the unidentified transaction participant and could possibly further supplement his description or perform his subsequent identification are also provided);
- the client does not cooperate in obtaining data and information as part of the identification and verification of the client (in this case, the obliged person will consider, based on the current situation, whether it is possible to obtain a relevant explanation from the client, who is, for example, only temporarily unavailable. In such cases, the client may be given a reasonable period of time to cooperate and the submission of the SAR may be postponed until its expiry);
- the obligated person does not know from public sources the origin of the assets used in the PEP transaction and this person refuses to explain the origin of the assets;
21
CryptoSwitch s.r.o.
- there are reasons are given pursuant to Section 6(2) of the AML Act (mandatory suspicious transaction);
- this is not a specific suspicious transaction, but rather "other facts" that could indicate money laundering or
transactions related to terrorism.
If an obliged person discovers a suspicious transaction in connection with its activities, it shall notify the FAU without undue delay.
If the circumstances of the transaction so require, especially if there is a risk of delay, the obliged person shall report the suspicious transaction immediately after its discovery. This procedure is necessary in a situation where there is a risk that the property that is the subject of the transaction or the means used in the transaction could escape the reach of law enforcement authorities. In this case, the obliged person must report the suspicious transaction immediately after its discovery, even if the notification does not contain all the relevant information (the notification will be supplemented subsequently).
Notification suspect trade FAU is possibly to do one from following ways:
- Based on the information provided to the AML, the obliged person prepares a suspicious transaction report. For this purpose, the form marked " SAR " for the suspicious transaction report may be used. Another form may also be used for the report, but it must contain all legal requirements. This document shall be accompanied by copies of all documents available regarding the suspicious transaction. The obliged person shall report the transaction documented in this way either in writing by registered letter with the form to the address: Financial Analytical Office, Postal Box 675, Jindřišská 14, 111 21 Prague 1.
- A suspicious transaction can also be reported verbally to the protocol at a location designated by prior arrangement by calling 257 044 501.
- other information obtained about the client,
- information on whether the client has been provided with other services in the past and attach their details,
- video or audio or audiovisual recording of the client, if available.
9.2 Contacts on Financial analytic office Telephone connection (8–15 hours):
(15 – 8 hours, days working peace, holidays):
Fax :
Address for personal delivery : Washington's 1621/11, 110 00 Prague 1
Addressfordeliverymail:P.O.BOX675,Jindřišská14,11121 Prague1 Email : fau@mfcr.cz (cannot to use for SAR)
Data box : egi8zyh
SAR Necessities
+420 257 044 501 +420 603 587 663 +420 257 044 502
CryptoSwitch s.r.o.
The SAR contains all information available to the obligated person about this transaction, its context and its participants, specifically:
1. identification data of the obliged person reporting the suspicious transaction: business name (first and last name or name including a distinguishing suffix) or other designation, registered office (possibly also the delivery address), identification number, business activity according to the entry in the commercial register or according to the trade license or other business activity certificate (only the business activity related to the notification shall be stated) and the type of obliged person with reference to the relevant provision of the AML Act (state the relevant paragraph, letter and point corresponding to the type of obliged person);
2. identification data of the person to whom the notification relates, as follows, in relation to:
- natural person not doing business: name and surname, including any other names and surnames used (in disputed cases, clearly distinguish the name and surname), address of residence in the Czech Republic, or outside the Czech Republic, and other addresses used, birth number or date of birth, place of birth, type and number of identity card, when and by whom it was issued, and information about its validity, nationality, gender (if not clear from other information), or other identification data specified in the identity card;
22
- natural person doing business : in addition to the data for a natural person not doing business, additions used in business, or the business name registered in the Commercial Register and identification number, the subject of business according to the trade license certificate or according to the entry in the Commercial Register and the registered office;
- legal entity : business name or name including a distinguishing suffix or other designation, registered office, identification number or similar number assigned abroad, name, surname, birth number or date of birth and place of residence of persons who are its statutory body or its member, if the statutory body or its member is a legal entity, then its business name or name including a distinguishing suffix or other designation, registered office or place of business, identification number and identification data of persons who are its statutory body or its member, identification data of the majority shareholder or controlling person shall also be provided;
- in the case of representation of a natural person and always in the case of a legal person, the identification data of the person acting on behalf of the person to whom the notification relates shall be provided;
identification data all other participants trade , which has obligated person in available at the time of notification;
detailed description subject and substantial circumstances suspect trade, especially:
- the reason for the transaction stated by the trade participant;
- description of the means of payment and other circumstances of payment;
- time data;
- the numbers of the accounts in which the funds in respect of which the notification is submitted are concentrated and the numbers of all accounts to which or from which the funds have been or are to be transferred, including the identification of their owners and managers, if the obliged person has access to this information;
- currency, virtual asset;
- what does the liable person see as suspicious about the transaction;
- data on related trades;
- a description of the behavior of the transaction participant and his/her possible associates;
- possibly also identified telephone and fax numbers;
- other information that could be of informational significance to the persons involved or the transaction in question, or other data that may be related to the suspicious transaction and are significant for its assessment from the point of view of AML/CFT prevention;
- The notification includes copies of all documents mentioned in this notification and related to the subject of the notification, which the obligated person is available;
case notification, when the notification also concerns of the property to which they apply international sanctions declared for the purpose of maintaining or restoring international peace and security, protecting human rights or combating terrorism. The notice shall be accompanied by a brief description of the property, information on its location and its owner, if known to the obligated person. Information shall also be provided as to whether there is an imminent risk of damage, deterioration or use of the property in violation of the law ;
the obligated person shall always state whether and when the transaction was carried out or whether it was postponed, or reason, why trade was or was not executed . If the execution of the order has been postponed, the obligated person may not inform the client about this (with the exception of the seizure of property subject to international sanctions and with the exception of the provisions of Section 40(3) of the AML Act) (see the provisions on the obligation of confidentiality);
contact information
- The SAR must contain the name, surname and job title of the person submitting this notification on behalf of the obliged person and contact information to receive instructions from the FAU, including the possibility of contact outside of normal working hours (telephone, fax, e-mail).
- Furthermore, the SAR contains the date, time and place of submission of the notification and the signature 23
CryptoSwitch s.r.o.
of the person fulfilling the notification obligation;
- The SAR does not contain data on the employee of the obligated person or the person working for the obligated person other than in a basic employment relationship who discovered the suspicious transaction;
The obliged person may not inform the client about the submission of the SAR (with the exception of Section 40(3) of the AML Act).
Reporting a suspicious transaction does not constitute a breach of the contractual obligation of confidentiality of the obliged person, its employees or natural persons who work for the obliged person other than in a basic employment relationship. These persons may not be subjected to actions that they may reasonably consider to be an interference with their rights or legitimate interests due to reporting a suspicious transaction.
If the SAR is filed in connection with the failure to perform client due diligence pursuant to Section 9b(a) of the AML Act, the obliged person shall also state in the notification:
a) the circumstances and reasons for not carrying out the inspection or its partial part to the extent that allows an assessment of the appropriateness of this procedure,
b) a specific procedure within the scope of the inspection or a sub-part thereof that was not carried out
10 Technical and personnel measures that will ensure the postponement of the execution of the client's order pursuant to Section 20 of the AML Act and the fulfillment of the information obligation pursuant to Section 24 of the AML Act within the specified period
10.1 Contact person
With regard to the scope of the obliged entity's activities, the contact person is the company's executive director:
Yevhenii LUKIANOV
10.2 Fulfillment of information obligations
The obliged person, upon instruction from the FAU within the deadline set by it:
- disclose data on business relationships and transactions related to the identification obligation or regarding which the FAU is conducting an investigation;
- submit documents on these transactions or allow access to them to authorized FAU employees when examining SAR s and exercising administrative supervision;
- will provide information about persons who participated in any way in the transactions in question.
The obliged person shall provide clients with the information required under Act No. 110/2019 Coll., on the processing of personal data, prior to establishing a business relationship or carrying out a transaction outside a business relationship. This information shall include, in particular, a general notice regarding the obliged person ́s obligation to process personal data for the purposes of preventing ML/FT.
The obliged person shall, upon instruction from the FAU, within the time limit set by the FAU, provide information on whether it maintains or has maintained a business relationship with a specific person towards whom it was required to identify, and on the nature of this relationship. For this purpose, the obliged person shall implement an effective system appropriate to the scope and nature of its business activities.
11 Provisions on the preparation of evaluation reports
The authorized person shall, at least once every 12 consecutive calendar months, prepare a report evaluating the activities of the obliged person in the field of preventing the legalization of proceeds from crime and the financing of terrorism. This report shall contain the following:
- assessing whether the procedures and measures it applies in the area of preventing the legalization of proceeds from crime and the financing of terrorism are sufficiently effective and further
- an assessment of whether deficiencies were identified in the system of internal policies, procedures and control measures in the period under review and what risks may arise from this, and further
- statistical data on suspicious transaction reports for the past period and broken down by branches or activities 24
CryptoSwitch s.r.o.
regulated by the AML Act; this data will be provided by the contact person who keeps records of the reported suspicious transactions and further
- If deficiencies are identified in the area of preventing the legalization of proceeds from crime and the financing of terrorism, the evaluation report will include a proposal for their elimination.
All conclusions and assessments must be properly justified; mere statements are not sufficient.
If the evaluation report is processed by someone other than the contact person, the report must also contain the contact person's statement on the completeness and accuracy of the data in the evaluation report.
The evaluation report shall be discussed by the statutory body of the company within 4 months after the end of the evaluation period. It is necessary for the statutory body of the company to attach a statement to the evaluation report on the shortcomings and proposals stated in the evaluation report.
The assessment of the evaluation report by the above-mentioned persons must be retrievable, i.e. it must always be clear who carried out the assessment and when, and on what basis. This information is part of the text of the evaluation report.
The evaluation report is not sent anywhere, it is only kept for at least 5 years.
12 Provisions on providing training for employees
The obliged person shall ensure at least once in 12 calendar months that employees who may encounter suspicious transactions in the course of their work are trained, and that all employees are trained before being assigned to such positions.
The obliged person shall also ensure training, and shall be responsible for its implementation, for persons who are involved in the subject of the obliged entity's activity other than in a basic employment relationship, if these persons may encounter suspicious transactions in the course of their activity.
The content of the training shall include, in particular, the typology and characteristics of suspicious transactions, the requirements set by the obliged person for carrying out client identification and due diligence, procedures for identifying client risk factors and procedures for detecting suspicious transactions. The obliged person shall continuously supplement and update the content of the training.
The obliged person shall keep records of participation and content of the training for at least 5 years from the date of its holding. Its implementation shall be documented by a protocol on employee training.
13 Confidentiality clause
The purpose of the confidentiality obligation under Section 38 of the AML Act is in particular:
- the uninterrupted course of the investigation of a suspicious transaction;
- the protection of processed and stored information until the results of the investigation are transferred to another authority pursuant to Section 32 of the AML Act;
- the preservation of the possibility of using precautionary measures against assets in any subsequent criminal proceedings;
- the protection of persons who report suspicious transactions from threats or hostile acts.
The confidentiality obligation applies to:
- the filing of a SAR and its investigation pursuant to Section 18 of the AML Act;
- fulfillment of the information obligation pursuant to Section 24(1) of the AML Act or Section 31c of the AML Act.
The obligation of confidentiality applies to the obliged peson and its employees and does not cease by transferring the obliged entity's employees to another job, terminating their employment or other relationship with the obliged entity, or by the obliged entity ceasing to perform the activities specified in Section 2 of the AML Act.
Anyone who learns of them is obliged to maintain confidentiality regarding facts subject to confidentiality.
The AML Act also allows for exceptions to the obligation of confidentiality in cases specified in Section 39 of the AML Act. Therefore, if a person requests to disclose information subject to the obligation of confidentiality, the responsible person shall be notified, who shall examine whether, pursuant to Section 39 of the AML Act, an exception to confidentiality may be applied to this specific person. Only based on the results of the examination shall the authorized person decide whether and to what extent the information may be provided.
14 Binding and effective and changes to regulations
This System of Internal Principles, Procedures and Control Measures shall enter into force and effect upon its approval.
The authorized person is obliged to constantly monitor developments and changes in the field of combating the
25
CryptoSwitch s.r.o.
legalization of proceeds from crime or the financing of terrorism (i.e. laws, decrees, communications, etc.). The relevant regulations are published by the FAU on its website www.financnianalytickyurad.cz and on the website of the Czech National Bank at:
http://www.cnb.cz/cs/dohled_financni_trh/legislativni_zakladna/legalizace_vynosu/.
The website is for informational purposes only and active activity of the responsible person is assumed.
In the event that changes occur in the aforementioned regulations or new regulations are brought into force, the authorized person shall bring the content of this document into line with these regulations and shall also ensure the training of all persons affected by the changes.
15 Approval clause
This System of Internal Policies, Procedures and Control Measures was approved: In Prague, on 31/12/2024
....................................... Name and surname:
Yevhenii LUKIANOV, company executive
CryptoSwitch s.r.o.
26
Crypto Switch s.r.o
Secure crypto trading with competitive rates, seamlessly.
Trade
Contact: contact@cryptoswitch.exchange
© 2024. All rights reserved.
AML Officer: aml@cryptoswitch.exchange