AML-KYC policy

Procedural Rules and Internal Audit Rules drawn up in accordance with the Prevention of Money Laundering and Terrorism Financing Law

Effective April 1, 2024.

These procedural rules and internal audit rules have been prepared by Trade 4U OÜ, an Estonian private limited liability company registered under registration number 14623957, whose registered office is Harju maakond, Tallinn, Kesklinna linnaosa, Tondi tn 17b, 11316 (hereinafter referred to as the “Company”)

The procedural rules and internal audit rules consist of:

Code of Conduct on Customer Due Diligence Measures;
Code of Conduct on Data Collection and Retention;
Code of Conduct for fulfilling the obligation to notify and inform management;
Internal control rules.

Procedural rules:

describe transactions of a reduced level of risk and establish the corresponding requirements and procedure for conducting such transactions;
describe transactions with a high level of risk, including risks arising in connection with telecommunications, information technology, computer networks and other technological developments, and establish appropriate requirements and procedures for the implementation and control of such transactions;
establish the rules for taking verification measures provided for in Chapter 3 of the Law on the Prevention of Money Laundering and Terrorist Financing;
establish the requirements and procedure for storing documents and records provided for by the Law on the Prevention of Money Laundering and Terrorism Financing.

The Rules of Procedure provide instructions on how to effectively and quickly determine whether a person is:

politically exposed person;
a person whose place of residence or residence is located in a country where sufficient measures have not been taken to prevent money laundering and terrorist financing;
a person whose activities there is a preliminary suspicion that he may be involved in money laundering or terrorist financing;
a person against whom international sanctions are applied;
the person with whom the transaction is carried out using telecommunications.

All Company employees whose responsibilities include establishing business relationships or completing transactions are familiar with the procedural rules.

The company regularly checks the relevance of the established rules of procedure and, if necessary, establishes new rules of procedure.

Code of Conduct for Customer Due Diligence

Introduction
1. This Code of Conduct for Customer Due Diligence prepared by Trade 4U OÜ, an Estonian private limited liability company registered under registration code 14623957, whose registered office is Harju maakond, Tallinn, Kesklinna linnaosa, Tondi tn 17b, 11316 (hereinafter referred to as the “Company”)
2. The Code of Conduct for Customer Due Diligence Measures has been prepared in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing and other legislation of the Republic of Estonia and the applicable guidelines.
Purpose of the Code of Conduct and its elements
1. The purpose of this Code of Conduct is to ensure proper identification and verification of customers or persons involved in transactions, as well as ongoing monitoring of business relationships, including transactions carried out in the course of business relationships, regular verification of data used for identification, updating of relevant documents, data or information and , if necessary, identification of the source and origin of funds used in transactions.
2. Customer due diligence is a key tool for ensuring compliance with laws aimed at preventing money laundering and terrorist financing and applying sound business practices. Due diligence of clients is a set of activities and practices arising from the organizational and functional structure of the Company and described in internal procedures approved by the governing bodies of the Company and the implementation of which is subject to established and applied control systems according to the rules of internal control.
3. The purpose of customer due diligence is to prevent the use of assets and property obtained by criminal means in the economic activities of credit institutions, financial and commercial institutions, as well as in the services they provide, the purpose of which is to prevent the exploitation of the financial system and economic activities in the area of the Republic of Estonia for money laundering and terrorist financing. Customer due diligence focuses primarily on the application of the Know Your Customer principle, whereby the customer must be identified and the appropriateness of transactions assessed based on the customer’s underlying business and prior payment pattern. In addition, customer due diligence serves to identify unusual circumstances in a customer’s activities or circumstances in which a Company employee has reason to suspect money laundering or terrorist financing.
4. Customer due diligence ensures that adequate risk management measures are in place to ensure ongoing monitoring of customers and their transactions and the collection and analysis of relevant information. In applying customer due diligence measures, the Company will follow principles consistent with its business strategy and, based on a preliminary risk analysis and depending on the nature of the customer’s business relationship, apply customer due diligence to varying degrees.
5. Customer due diligence is applied based on risk sensitivity, i.e. The nature of the business relationship or transaction and the risks arising from it must be taken into account when selecting and applying measures. Risk-based customer due diligence requires pre-weighing specific business relationships or transaction risks and, for example, qualifying the business relationship in order to decide on the nature of the measures taken (for example, normal, or whether enhanced or simplified due diligence measures may be applied).
6. If the risk level of the client or person involved in the transaction is low, the Company may apply simplified due diligence measures, but may not skip client due diligence entirely. If the level of risk posed to a client or person involved in a transaction is high, enhanced due diligence measures will be applied.
7. When establishing a business relationship, the Company identifies the individual and verifies the right of representation based on reliable sources, identifies the beneficial owner and, in the case of companies, the control structure, and determines the nature and purpose of the possible transactions, including, if necessary, the source and origin of the funds involved in transactions.
8. Customer due diligence are appropriate and of appropriate scope if they can identify transactions aimed at money laundering and terrorist financing, as well as suspicious and unusual transactions, as well as transactions that do not have a reasonable financial purpose, or if they at least, contribute to the achievement of these goals.
9. The first requirement of measures to prevent money laundering and terrorist financing is that the Company does not enter into transactions or establish relationships with anonymous or unidentified persons. The law requires the Company to refuse a transaction or business relationship if a person does not provide sufficient information to identify the person or the purpose of the transactions, or if the person’s activities pose a heightened risk of money laundering or terrorist financing. In addition, the law requires the Company to terminate an existing contract without notice if a person fails to provide sufficient information to initiate customer due diligence measures.
10. The company ensures that client information (including collected documents and information) is up to date. In the event that clients or business relationships fall into the high risk category, existing information will be reviewed more frequently than for other clients/business relationships. Relevant data must be kept in writing or in a form that can be reproduced in writing and be accessible to all relevant employees who need it to perform their job duties (board members, account managers, risk managers and internal auditors).
11. The principles and guidelines for customer due diligence are set out in the Company’s internal procedures. Independent mechanisms have been established to monitor compliance with these procedures and appropriate training is provided to employees.
Application of the Code of Conduct
1. This Code of Conduct for Customer Due Diligence includes:
  1. identification and verification requirements, as well as methods for collecting relevant data, including requirements for data and documents on which identification is based;
  2. procedures for determining the purpose and intended nature of business relationships and transactions before entering into such transactions or long-term contracts, as well as procedures for ongoing monitoring of business relationships;
  3. description of low-risk transactions, as well as the requirements and procedure for concluding such transactions;
  4. description of high-risk transactions, as well as requirements, procedures for concluding and continuous monitoring of such transactions;
  5. procedures for updating data and documents used for identification and verification;
  6. other issues arising from the purpose and scope of the Code of Conduct.
General mandatory identification rules
1. The Code of Conduct for Customer Due Diligence requires customer identification and verification where:
  1. establishing business relationships with persons with whom the Company has not previously had business relationships;
  2. carrying out transactions with persons with whom the relationship between the person and the Company will not constitute a business relationship and as a result of which the amount transferred exceeds EUR 15,000 or an equal amount in any other currency, whether in a single transfer or in several linked payments over a period of up to one year ;
  3. establishing business relationships with persons subject to simplified verification measures;
  4. establishing business relations with politically exposed persons;
  5. conducting transactions through means of communication with persons with whom the Company has business relations;
  6. establishing business relationships with persons whose place of residence or registered office is located in a country where insufficient measures are applied to prevent money laundering and terrorist financing.
Organizational structure
1. The Company’s Management Board regularly (at least once a quarter) reviews the effectiveness of internal procedures implemented in order to comply with the Law on the Prevention of Money Laundering and Terrorist Financing, and ensures internal control over compliance with internal procedures. The Company appoints a person(s) who is responsible at board level for applying the customer due diligence measures required by the Prevention of Money Laundering and Terrorist Financing Act. The competence and responsibility of a person must be transparently and unambiguously derived from internal documentation regulating the tasks and functions of board members (for example, board regulations, job descriptions of board members and contracts with board members).
2. The person(s) appointed by the Board of Directors of the Company shall ensure that customer due diligence measures are applied based on legal provisions and other so-called Procedural Rules and take into account that the measures applied are adequate, consistent with the operational profile of the service provider and appropriate to the client, nature and scope related transactions and the resulting risks of money laundering or terrorist financing.
3. The Company’s Management Board ensures that sufficient resources are allocated to comply with the Prevention of Money Laundering and Terrorist Financing Act and that employees directly involved in complying with the requirements of the Prevention of Money Laundering and Terrorist Financing Act are fully aware of the requirements of the Prevention of Money Laundering and Terrorist Financing Act.
4. Each manager and employee directly involved in the implementation of the Prevention of Money Laundering and Terrorism Financing Act must have the professional skills to fully and accurately comply with the provisions of the law in accordance with the scope of their duties, and have received appropriate training or have been otherwise instructed by the Company.
5. The Company mitigates and prevents conflicts of interest through internal rules, according to which the basis for remuneration of managers and employees does not induce them to ignore or deviate from the provisions of the law.
6. Customer due diligence is part of an overall risk management framework which should clearly distinguish between the application of customer due diligence measures applied in business relationships and the application of anti-money laundering and anti-terrorism financing measures in the Company’s own operations.
7. The Company undertakes to provide contractual partners (in the case of outsourcing) and all relevant personnel, including personnel whose responsibilities include establishing business relationships and/or executing transactions, managing customer relationships, regular training and notification of the nature of money laundering and terrorist financing risks, and also any new trends in this area. First and foremost, employees should be made aware of the Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) requirements regarding the implementation of customer due diligence measures and the reporting of suspected money laundering.
8. The Company must ensure that the customer due diligence measures and data collection and retention requirements applied at its representative offices, branches or majority-owned subsidiaries in third countries comply with the Prevention of Money Laundering and Terrorist Financing Act and the requirements set out in other laws and guidelines. If compliance with such requirements is impossible due to local legislation, this will be immediately reported to the Estonian Financial Supervision Authority.
Economic or professional activities through agents and outsourcing
1. The Company has the right, subject to special requirements and restrictions provided by law, to use the services of a third party under an agreement, the subject of which is the continuation of activities and further performance of actions necessary for the provision of services provided by the Company to its clients, which are usually performed and accepted by the Company itself. For the purposes of this section, third parties include, for example, agents, subcontractors and other persons to whom the Company delegates activities related to the provision of services generally provided by the Company in its business activities.
2. The Company engages a third party to ensure the person’s ability to comply with the requirements of the Prevention of Money Laundering and Terrorism Financing Law, as well as to ensure the reliability and necessary qualifications of such person.
3. The third party referred to in section 6.1 is subject to all requirements provided by law to prevent money laundering and terrorist financing in relation to outsourcing activities. Responsibility for violation of requirements lies with the Company that outsourced its activities.
4. When outsourcing an event(s), the Company ensures that the third party has the knowledge and skills necessary, first of all, to identify situations of a suspicious and unusual nature, and is able to comply with all requirements for the prevention of money laundering and terrorist financing provided by law. To comply with this section, the Company ensures that third party management is notified of relevant requirements and that its personnel are trained in the prevention of money laundering and terrorist financing.
5. When transferring activities to third parties, the Company ensures the safety of any documents and information collected to fulfill the requirements arising from legislation, in the manner established by the Anti-Money Laundering and Anti-Terrorism Financing Law and any legal acts issued on its basis. The outsourcing agreement must ensure that relevant information is transferred to the Company and that relevant information and documents are archived in accordance with its procedural rules.
6. The outsourcing agreement must specify the rights and obligations of the Company when verifying compliance by a third party with the requirements provided for by law. The transfer of business activities to a third party does not interfere with government supervision of the Company, and it is obliged under the outsourcing agreement, for supervision purposes, to provide access to the competent authorities to the third party to which the Company has transferred its responsibilities, tasks or functions.
7. While services are provided by third parties, situations should be avoided where the application of sufficient customer due diligence measures occurs to an insufficient extent or does not occur at all. The third party must be able to fully implement the required customer due diligence measures, thereby being able to immediately notify the Company’s contact person and decline the transaction. The company, under an outsourcing agreement, ensures its right to terminate the contract with a third party if the latter does not fulfill its contractual obligations or performs them improperly.
8. The company is obliged to immediately notify the Financial Inspectorate of the conclusion of an agreement that is the basis for the transfer of its activities (activities) to outsourcing.
Appointment of a compliance officer
1. The Board of the Company appoints a person responsible for compliance from among the board members. The functions of a compliance officer can be performed by one employee or board member, or several employees and/or a structural unit with the corresponding responsibilities. If the functions of a compliance officer are performed by a structural unit, the head of the corresponding structural unit is responsible for the performance of the functions.
2. The position of a compliance officer in the organizational structure of the Company must ensure compliance with the requirements provided for by legislation on the prevention of money laundering and terrorist financing. When establishing the position of a compliance officer, the compliance officer must be accountable directly to the board of the Company and be as independent as possible from business processes.
3. The independence of a compliance officer from business processes does not mean that he is prohibited from providing advice or training to colleagues to ensure that the actions of managers and employees comply with the requirements of the Prevention of Money Laundering and Terrorist Financing Act.
4. The professional qualifications and skills of the compliance officer must meet the requirements established by the Law on the Prevention of Money Laundering and Terrorist Financing, and the professional and business reputation of the compliance officer must be impeccable.
5. The functions of the compliance officer are as follows:
  1. organizing the collection and analysis of information about unusual transactions or transactions suspected of money laundering or terrorist financing in the Company’s activities (collection of information means the collection of all suspicious or unusual notifications received from employees, contractual partners and agents of the Company, as well as systematization and analysis of the information contained therein information);
  2. reporting to the Financial Intelligence Unit (hereinafter referred to as the FIU) in case of suspicion of money laundering or terrorist financing (notification is carried out in a manner agreed upon with the FIU);
  3. periodically submitting written statements to the Management Board of the Company on compliance with the rules of procedure and
  4. fulfillment of other obligations related to the Company’s compliance with the requirements of the Law on the Prevention of Money Laundering and Terrorist Financing (including instructing and training employees, as well as applying appropriate control mechanisms).
6. The compliance officer must have access to information that is the basis or prerequisite for establishing a business relationship, including any information, data or documents reflecting the identity and business activities of the client. The board also grants the compliance officer the right to participate in board meetings if the compliance officer deems it necessary to perform his or her duties.
7. The contact details of the Compliance Officer are provided to the Financial Supervision Authority. The compliance officer shall inform the Financial Supervision Authority within a reasonable time of the appointment of a new compliance officer or change in contact details.
Risk-based approach
1. The company must recognize, assess and understand the risks of money laundering and terrorist financing in its activities and the activities of its clients and take measures to reduce the risks. The measures applied must correspond to the established level of risk.
2. “Risk appetite” means the totality of the level and types of exposure of an obligee that the obligee is willing to assume for the purposes of its economic activities and the achievement of its strategic objectives and which are established in writing by the senior management of the enterprise for the obligee. The Company’s Management Board also determines whether business relationships will be established with persons from a country outside the European Economic Area or with e-residents.
3. Using a risk-based approach, the Company assesses the likelihood of risks occurring and the consequences of their implementation. When assessing probability, the probability of an increase in the threat and the possibility of the occurrence of corresponding circumstances are taken into account, for example, possible threats that could affect the activities of the customer and service provider must be taken into account.
4. The company takes all measures to verify customers. The scope of action depends on the nature of the business relationship or the risk level of the person or client involved in the transaction or official action, and the Know Your Customer principle must be respected. The Prevention of Money Laundering and Terrorist Financing Act provides several exceptions to the automatic application of certain customer due diligence measures, for example: the amount-based reporting obligation under subsection 3 of Article 49 of the Prevention of Money Laundering and Terrorist Financing Act.
5. When identifying and justifying the risk levels of a client or person participating in a transaction, the Company takes into account, among other things, the following
  1. Client risk, the factors of which arise from the person or client involved in the transaction, must take into account the following:
    1. the legal form of the entity, the management structure, the scope of the entity’s activities, including whether it is a trust, civil partnership or other similar contractual entity or bearer share entity;
    2. whether it is a politically exposed person;
    3. whether the person represents a legal entity;
    4. whether a third party (person) is the beneficial owner;
    5. whether the identification of the beneficial owner is hampered by complex and opaque ownership relationships;
    6. residence of the person, including whether he is a person registered in territories with a low tax rate;
    7. whether the person is subject to international sanctions;
    8. the ability to classify a client as a typical client of a certain category of clients;
    9. circumstances (including suspicious transactions identified in the course of previous business relationships) arising from experience with the person, his business partners, owners, representatives and any other such persons;
    10. duration of activity and nature of business relationships;
    11. the type and characteristics of the service provided or product sold (whether the service or product is unusual or not economically feasible);
    12. whether the service or product may be associated with crime or the development of weapons of mass destruction;
    13. whether the person is involved in transactions where cash plays an important role (for example, currency exchange offices and gambling operators);
    14. whether the clients’ faces are the same or constantly changing;
    15. whether the person’s client base has grown rapidly;
    16. whether the person provides services to anonymous clients;
    17. the existence and nature of the risk factor associated with the service provider used to forward the service or product;
    18. the type and characteristics of services used or products consumed by a person outside the Company;
    19. the nature of the person’s personal activities;
    20. whether the origin of the person’s assets or the source and origin of the funds used for the transaction can be easily determined, and
    21. whether the person was identified face-to-face or online
  2. Product or service risk, the risk factors of which are a result of the customer’s economic activity or the exposure of a particular product or service to potential money laundering risks, among other things:
    1. private banking and personal banking;
    2. currency exchange and conversion transactions;
    3. providing alternative means of payment and electronic money;
    4. purchase and sale of expensive goods;
    5. provision of online advertising;
    6. providing innovative services, and
    7. creation, sale and management of companies.
  3. whether the country has legal provisions that comply with international standards for the prevention of money laundering and terrorist financing;
    1. Is there a high level of crime (including drug-related) in the country;
    2. whether the country cooperates with a criminal group, whether criminal groups use the country to conduct their operations;
    3. whether the country is engaged in the proliferation of weapons of mass destruction;
    4. is the level of corruption in the country high;
    5. whether international sanctions have been or are being introduced against the country, and
    6. whether other measures have been taken against the country or the position of international organizations has been expressed.
    7. whether other measures have been taken against the country or the position of international organizations has been expressed.
6. Taking into account the above risk categories, the Company determines the risk level of the person or client involved in the transaction, for example whether the client’s money laundering or terrorist financing risk level is low, normal or high or whether it meets other risk level criteria defined and used by the Company.
7. To determine the impact of each risk category, the Company assesses the likelihood of occurrence of risk factors in a given risk category. To determine the impact of a specific risk category, the qualifying value of the occurrence of risk factors characterizing it can be used in order to classify a specific risk factor as “having an impact” or as “not having an impact” if a certain threshold is exceeded.
8. Certain recommendations if a low level of risk is indicated.
  1. A client’s risk level is generally considered low if there is no risk factor in any risk category, and it can therefore be argued that the client and its activities exhibit elements no different from those of an ordinary and transparent person. Therefore, there is no reason to suspect that the client’s transactions may increase the likelihood of money laundering and terrorist financing.
  2. In a situation where the application of the necessary customer due diligence measures is required by law and information about the customer and its beneficial owner is publicly available, where the transactions and transactions of the person are consistent with its daily economic activities and do not differ from the payment terms and behavior of other similar customers, or where the transaction is subject to quantitative or other absolute restrictions, the Company may deem the client’s perceived risk of money laundering or terrorist financing to be lower.
  3. In a situation where at least one risk category can be classified as high, the level of money laundering or terrorist financing risk cannot usually be low. At the same time, low risk does not necessarily mean that the client’s transactions cannot be associated with money laundering or terrorist financing at all.
  4. If the risk arising from a business relationship, client or transaction is low due to the risk factors established in relation to the party to the transaction, the client or other conditions established by Article 32 of the Law on the Prevention of Money Laundering and Terrorist Financing, the Company may apply simplified comprehensive measures checks, but cannot completely abandon customer due diligence measures. When applying customer verification measures in a simplified manner, the Company has the right to determine the scope of application of customer verification measures.
9. Specific recommendations when a high level of risk is indicated
  1. A customer’s level of risk is generally high if, when assessing the risk categories as a whole, it appears that the customer’s transactions are not routine and transparent or there are risk factors that would suggest that the likelihood of money laundering or terrorist financing is high or significantly higher. The client’s risk level is also high if the risk factor itself requires it. High risk does not necessarily mean that the client is laundering money or financing terrorists.
  2. If the Company considers that the risk level of a client or person involved in a transaction is high, the Company applies client due diligence measures in accordance with an enhanced procedure in order to adequately manage the relevant risks. Enhanced due diligence measures are applied in accordance with Article 37 of the Prevention of Money Laundering and Terrorism Financing Law.
10. Specific risks associated with trading virtual currency and ways to mitigate risks
  1. AML/CFT risks specific to virtual currency trading:
    1. anonymity provided by trading virtual currencies on the Internet;
    2. limited identification and verification of participants;
    3. lack of clarity regarding AML/CFT compliance responsibilities, oversight and enforcement of these transactions, which are segmented across multiple countries;
    4. lack of a central supervisory authority.
  2. The Company and its employees must implement the following measures to reduce the specific risks above:
    1. operations for trading and exchanging virtual currency are carried out using the client’s bank account;
    2. The Company does not enter into transactions in which the party to the transaction remains anonymous or the party cannot be sufficiently identified in accordance with these rules;
    3. For each transaction the value of which exceeds 15,000 euros or an equal amount in another currency, the Company requires clients to confirm the source of the virtual currency used by the client in the transaction.
11. The company documents the risk level determination, updates it and, if necessary, provides data to the competent authorities.
Establishing business relationships
1. The terms of the long-term agreement underlying the business relationship are also included in the general conditions for the provision of services by the Company and/or in the general and/or other standard terms of agreement or other contracts.
2. The company must identify each customer when establishing a business relationship and when completing a transaction if the value of the customer’s transactions per year exceeds 15,000 euros.
3. Business relations between the Company and clients are governed by agreements concluded in writing, in a form that can be reproduced in writing or in electronic form.
4. A prerequisite for establishing a business relationship is the express and recorded confirmation by the client that he will comply with the conditions established by the Company for establishing a business relationship and executing transactions.
5. The Company’s internal procedures determine the conditions on the basis of which the services that the client can use and their scope will be determined. The Company ensures in advance that the services provided are consistent with the substance of the client’s actual statements of intent, are consistent with the nature and purpose of the contract and are appropriate to the level of risk attributed to the client.
6. The procedural rules governing the establishment of business relations, in addition to the provisions of the law, must contain:
  1. the procedure for introducing prerequisites for establishing business relationships, concluding long-term contracts and making transactions (including the procedure for recording the client’s will and determining the purpose of the business relationship and transaction);
  2. requiring confirmation from the client that the client understands and understands the duties and responsibilities set out in the relevant terms and conditions, including requesting information necessary to establish the business relationship and the form in which the information will be provided.
7. When establishing a business relationship, the client or his representative and the Company’s representative must be in the same place. This means that a potential client or his representative has direct contact with a representative of the Company. Direct contact involves direct communication between a representative of the Company and the client in order to assess the compliance of the content of the statement of intentions and goals of the client with the true will of the client. In this way, the client’s risk level can be more accurately determined by what he experiences during direct contact. Contact may occur outside the Company’s principal place of business as long as it involves at least the same customer screening measures as would otherwise be required.
8. In cases provided for by law, business relations with the Company can be established without direct contact (i.e. without being in the same place with the client), if such a procedure is formulated in the Company’s regulations.
9. Cases and procedures for establishing business relationships without direct contact should be covered by appropriate procedural rules, including measures for customer follow-up and risk management. The rules for establishing business relationships without direct contact establish a procedure that can be applied to ensure compliance with the conditions established by the Law on the Prevention of Money Laundering and Terrorist Financing. The rules of procedure must establish, at a minimum, the following:
  1. a code of conduct for accepting or executing payment instructions before applying all customer due diligence measures;
  2. rules of conduct in a situation where identification of a person and other information is carried out using electronic means of identification;
  3. code of conduct in a situation where the necessary client verification measures cannot be applied (it is impossible to identify the person within the prescribed period), as a result of which the client’s will cannot be accepted;
  4. a code of conduct in a situation where it is ensured that in the case of digital identification of a natural person, international payments cannot exceed, and the amounts associated with transactions and services do not exceed, a limit of 15,000 euros per year, and
  5. code of conduct for terminating business relationships established without direct contact.
10. When establishing a business relationship without a direct contract, when checking the data provided to identify a person, the following may be used:
  1. a notarized or certified copy of an identity document, submitted in written or electronic form;
  2. electronic identification methods with verification of the validity of the electronic signature and certificate, and
  3. data collected by the Company and/or public databases for the purpose of verifying personal code, registration code and data of company representatives and addresses. The Company may use other documents for personal identification, including certification by other credit institutions, notaries, foreign representative offices, government agencies and foreign business partners.
11. To enter into a long-term agreement with the Company, the appropriate attitude of the parties is assumed, as a result of which the Company establishes restrictions in its regulations in order to avoid unnecessary risks and ensure that appropriate relations are established at the appropriate time and in the appropriate place. In the case of business relationships established without direct contact, not only the risks associated with the individual transaction are taken into account, but also those associated with all similar transactions and the service as a whole, as well as their impact at the institutional level.
12. The purpose of implementing customer due diligence measures is not simply to identify the customer. Sufficient application of customer due diligence means a situation in which, among other things, the customer’s risk level is determined.
13. In case of extraordinary termination of business relations on the grounds arising from Article 42 of the Law on the Prevention of Money Laundering and Terrorist Financing, other terms for the provision of services (primarily restrictions on transactions) and termination of business relations are established. In the event of an extraordinary termination of a business relationship, the Company’s internal procedures must establish the subsequent use of the client’s assets (for example, authorize payment to be made to the account of a credit institution in another contracting state of the European Economic Area or equivalent third country). Cash payments are not allowed.
Customer Due Diligence Measures
1. Customer due diligence measures are also applied in the event of suspicion of money laundering or terrorist financing or if the Company has doubts about the correctness of documents or other data provided by the customer, that is, when the circumstances differ from normal behavior and relate to the presence of exposure risk factors becoming apparent in the actions client. Customer due diligence measures are also applied in a situation where there is reason to believe that it may constitute money laundering or terrorist financing, or where the Company is not satisfied that the measures applied are sufficient. The list of customer due diligence measures set out in the Prevention of Money Laundering and Terrorist Financing Act contains minimum criteria and is mandatory. The Company also takes other customer due diligence measures not required by law, taking into account the client’s area or region of activity, as well as the specifics of the transaction and the risks associated with it.
2. The company is obliged, in addition to the customer due diligence measures required by law, to comprehensively evaluate the substance and purpose of the customer’s transactions and actions, relying on generally recognized professional skills specific to credit institutions and financial institutions, in order to identify a possible connection between a transaction, step or means and money laundering or financing terrorism.
3. The company has sufficiently applied customer diligence measures for the purposes of subsection 1 § 20 of the Law on the Prevention of Money Laundering and Terrorist Financing if it is satisfied that it has sufficiently applied the obligation arising from the above-mentioned provision. When assessing a criminal record, the principle of reasonableness is taken into account.
Client identification
1. When identifying a client, it is necessary to comply with the Know Your Client (KYC) principle. This principle means that the operating profile, the purpose of the business, the beneficial owner of the person as a potential customer and, where appropriate, the source and origin of the funds used in the transactions, as well as other similar information necessary to establish the business relationship, must be identifiable in addition to the individual. When making transactions, the client is identified and the suitability of the transactions is assessed based on the client’s main areas of activity and previous payment behavior.
2. In accordance with the risk-based approach, the Company must select, among other things, the appropriate scope of application of the KYC principle.
3. The company is required to identify the client and beneficial owner within a reasonable period of time before commencing actions to enter into a long-term contract or upon entering into a contract. The person participating in the transaction must be identified before the commencement of actions to conclude a long-term contract or at the conclusion of the contract.
4. Any information and documents relating to identification must be maintained in such a way as to enable relevant requests from financial intelligence, investigative, court or supervisory authorities to be responded to fully and without undue delay. For this purpose, the Company creates a system that allows, taking into account the specifics of its activities, to quickly extract from databases and documents the necessary information or document that allows identifying the client or person participating in the transaction.
5. Identification and verification of persons when establishing a business relationship is mandatory in the case of the use of any and all financial services, regardless of whether a long-term contract has been concluded with the person involved in the transaction or not, thereby taking into account the exceptions arising from the Prevention of Laundering Law money and terrorist financing.
General requirements for identification of an individual when establishing business relationships
1. Establishing and verifying the identity of a person (individual) is carried out, as a general rule, in one step on the basis of an identity document. In addition to identifying the person, the address, profile of activity, profession and field of activity, purpose and features of establishing a business relationship, beneficial owner (if necessary) and other similar information necessary to establish a business relationship are determined.
2. The company must identify the person and verify the data using information technology tools if the business relationship is established with an electronic resident or person from a country outside the European Economic Area or whose place of residence or place of business is in such a country and where due diligence measures are not applied when physically located in in the same place with the person or his representative.
3. Identification of an individual is carried out on the basis of an identity document in accordance with Article 21 of the Law on the Prevention of Money Laundering and Terrorist Financing. A document submitted to the Company for identification is assessed as follows:
  1. validity of the document based on its expiration date;
  2. the external resemblance and age of the person correspond to the appearance of the person depicted in the document;
  3. the personal code corresponds to the gender and age of the applicant, and
  4. in case of doubt about the authenticity of a document or identity regarding information contained in codes assigned to individuals of a foreign state, it is necessary to consult with foreign missions or other competent authorities.
4. A copy of the personal data and photograph page is made from the identity document in accordance with Article 21 of the Prevention of Money Laundering and Terrorism Financing Law. The quality of the copy of the document must allow the information contained in it to be legibly read. Any information required by law must be recorded.
5. The company registers the occupation and address of an individual during identification and identity verification based on the individual’s statements and the utility bill provided by him. With regard to place of residence, what matters is not the address recorded in the population register or other similar register, but the permanent or main place of residence of the person. If the person’s permanent place of residence is difficult to determine (for example, it is impossible to determine the person’s place of residence or there are several), the person’s usual place of residence is established. A post office box number or post restante address cannot be considered a permanent residence.
6. When determining the permanent residence or habitual residence of an individual, it is also necessary to register the address of the place to which the Company can send notices in paper form.
7. In addition to the individual’s residential address, the Company may record other contact information, including email address, telephone number, Facebook account, Skype account and other similar data, and agree to provide information through these communication channels.
8. Determining the line of business, work or profession enables the Company to assess whether the business relationship or transaction is consistent with the customer’s normal course of trade and whether the business relationship or transaction has a clear economic reason. In order to prevent the movement of illegally obtained funds when establishing a business relationship, it is necessary to determine the client’s operational profile. To do this, it is necessary to determine the main areas of work and activity of the client, as well as possible payment habits. It is important to pay attention to the persons with whom the client enters into transactions and their location.
9. When identifying an individual, it is determined whether he is a politically exposed person.
10. Any data and information necessary to identify a person must be verified using reliable and independent sources of information (for example, national registers, authorities, credit institutions, foreign missions of the Republic of Estonia and foreign missions in the Republic of Estonia or based on documents and other information certified by the relevant authorities). In exceptional cases (if the use of reliable and independent sources of information is not possible), copies of documents or information transmitted by unofficial representatives or intermediaries, or other reliable information (including handwritten statements of the person) may be used to identify a person. Before entering into transactions or taking actions with a person to be identified, the company must ensure that the information thus obtained is sufficient. In this case, a note about this is made on the copies of the identity card, after which the legality of the information and documents is immediately checked. To identify an electronic resident and verify data, the Company has the right to use personal identification data entered into the database of identity documents.
11. Identification or recommendation of an individual by management, other clients or business partners of the Company may help identify the client, but such recommendations do not replace the identification requirements contained in the anti-money laundering and terrorist financing release.
12. Even if the Company knows the client personally or the client is a public person, the internal identification procedure provided for by law cannot be ignored. The identity of public figures and persons directly or indirectly associated with them who contact the Company to carry out transactions or take action must be verified.
13. In the case of persons whose legal capacity is limited (including minors), the Company also carries out an identification procedure. When identifying personal data of minors, the Company, in addition to the instructions given in these Instructions and the provisions of the Law on the Prevention of Money Laundering and the Financing of Terrorism, is guided by the provisions of the Law on the General Part of the Civil Code and the Law on the Family. In addition to the personal data of a person with limited legal capacity, the personal data of a legal representative, parent(s) or guardian(s) are checked.
14. The Company regularly updates the client’s personal data and work profile, ensuring that it is up to date and consistent with the client’s risk level.
Politically exposed persons.
1. The company must establish internal procedures to decide whether a potential customer or its beneficial owner is a politically exposed person of a contracting state of the European Economic Area or a third country, a domestic politically exposed person or a person who has a significant function in international organizations.
  1. The Company should identify close relatives and family members of politically exposed persons only if their connection to a person performing significant government functions is known to the public or if the Company has reason to believe that such a connection exists.
  2. In relation to politically exposed persons, the Company takes the following measures in addition to appropriate customer due diligence measures:
    1. request the necessary information from the customer, incl. take immediate action to identify the sources of wealth and funds used in the business relationship or transaction;
    2. collect data from or query relevant databases or public databases;
    3. make inquiries or check information on the web pages of the relevant supervisory authorities or institutions in the country where the client or person is located.
2. The decision to establish business relations with a politically exposed person is made by the board of the Company or the person(s) authorized by the board. If a business relationship is established with a client and the client or beneficial owner subsequently becomes or becomes a politically exposed person, the board (or persons authorized by the board) must be informed.
3. The Company carries out regular enhanced supervision over business relations established with a politically exposed person (except for cases provided for by law).
4. Regular supervision is also carried out by the Company after a politically exposed person has ceased to be a politically exposed person if the Company, based on a risk-based approach, believes that the person continues to pose an increased risk.
Identification of beneficial owner of individual
1. When identifying an individual, the Company, in case of doubt, also identifies the beneficial owner of the individual, i.e. a person who controls the actions of an individual.
2. Doubt about the existence of a beneficial owner may arise primarily if the Company, when applying customer due diligence measures, believes that an individual has been induced to enter into a business relationship or enter into a transaction. In this case, the beneficial owner of the individual is considered to be the person exercising control over the individual.
3. It shall be taken into account that the scope of customer due diligence, including upon identifying the beneficial owner, is related to the risk of money laundering and terrorist financing, which depends on the type of customer, its country of origin, business relationship, product, service or transaction.
Civil law partnerships and other contractual associations
1. Upon identification of civil law partnerships, all of the members of the partnership or their representatives shall be identified on the grounds applicable to individuals. The beneficial owners of the partnership shall be identified.
2. In the case of civil law partnerships, the purpose of their activity and, if necessary, the origin of the funds used shall be identified. Thereby one may rely, among other things, on clarifications and statements given by the representative of the partnership. The Company shall make sure that the use of funds by the partnership corresponds to the purposes of activity declared by it previously.
3. Data of the members of the partnership and their representatives shall be preserved and regularly updated.
General requirements regarding identification of legal entity upon establishment of business relationship
1. When identifying legal entities, the company name, registration code, location and place of activity, information about the organizational and legal form, passive legal capacity, representatives (legal representatives and persons authorized to represent the legal entity before the Company) and beneficial owners are determined. The profile of the activity, business partners, the purpose of the activity, the purpose of establishing and characteristics of the business relationship and other similar information necessary to establish the business relationship must also be determined.
2. In determining the legal entity’s country of establishment and location, the data obtained should be used to determine whether the legal entity may be exposed to country and geographic risks.
3. The place of activity of a legal entity is determined based on actual circumstances, that is, the location of production or provision of services.
4. Identification and verification of the identity and passive legal capacity of a legal entity is usually carried out on the basis of information contained in the commercial register (in Estonia) or another equivalent register, or a copy of the registration certificate or equivalent document (for example, in countries where there is no national register, Constituent documents certified by a notary) submitted in the manner prescribed by law are considered equivalent. Documents issued by the register, or their equivalents, must be issued no earlier than 6 months before their submission to the Company.
5. Documents issued in a foreign country are subject to legalization or apostille, that is, in order to use an official document issued in one country, an internationally recognized certificate of authenticity of the document is issued in another country.
  1. Documents issued by Lithuanian, Latvian, Polish, Ukrainian or Russian authorities and officials do not require legalization or an apostille.
  2. To legalize a document, it must pass through the legalization authorities of the issuing state, as well as through the authorities of the receiving state (usually the Ministry of Foreign Affairs).
6. When identifying, legal entities are not required to provide an extract from their registration card if the Company has access to the required extent through a computer network to the data of the commercial register or the register of non-profit organizations and foundations (including access to data in the relevant registers of a foreign country).
7. When identifying a legal entity, the Company is required to register the names of the head of the legal entity or members of its board or other body replacing it, their powers to represent the legal entity and the main field of activity of the legal entity. If the specified information is not indicated in the register extract or other relevant document, the relevant information can be obtained using other documents and (or) reliable sources of information.
8. The need for use, criteria for use and/or a list of reliable sources of information are determined by the Company (for example, information issued by national registers, government agencies, credit institutions, foreign missions of the Republic of Estonia and foreign missions in Estonia).
9. The company is obliged to identify the presence of politically exposed persons associated with the legal entity. If there are no relevant connections in the information about a politically exposed person received from a representative of a legal entity and if suspicions arise, a request is made to the relevant databases.
10. In the case of international organizations, the documents that serve as the basis for their activities (including in Estonia) must be determined and the submission of relevant documents requested. If necessary, the information necessary to establish a business relationship contained in the documents is checked.
11. In the case of a trust or legal arrangement, the Company collects necessary information about the beneficiaries of the trust or legal arrangement in addition to the above due diligence measures, which have been determined based on certain characteristics or type, to ensure that the Company is able to identify the beneficiary at the time of implementation payment or after the beneficiary exercises his rights.
Agency
1. The Company shall verify if the person is acting on their own behalf or on behalf of another (natural or legal) person. If the person is acting on behalf of another person, the Company shall also identify the person on behalf of whom transactions are performed.
2. Documents required to identify a legal entity shall be submitted by the legal representative or authorised representative of the entity. The Company shall make certain that the right of representation complies with legislation. If the submitted documents do not indicate the right of representation of the individual submitting them and/or the authority is not compliant, the identification process (and thus also the establishment of the business relationship or performance of the transaction) cannot be continued.
3. The Company shall identify the basis, scope and term of the representative’s right of representation. The representative shall be asked to submit a document proving the right of representation. Further attention shall be paid to the verification of the identity and right of representation of authorised representatives operating or residing in a jurisdiction different from the legal entity’s jurisdiction or whose rights of representation are valid for more than a year.
4. Clarification shall be sought on the scope of the right of representation granted to the authorised representative (for instance, whether a one-off transaction or recurring transactions over a certain period are involved). The Company shall take notice of the terms of the right of representation granted to the authorised representative and provide services only to the extent of the right of representation.
5. Under subsection 5 of § 22 of the Money Laundering and Terrorist Financing Prevention Act, the Company has the right to request that the representative of a legal entity of a foreign country submit documents proving their right of representation, notarised or certified in an equivalent manner and legalised or certified with an apostille, unless provided for otherwise in an international agreement.
6. Upon handling the right of representation of authorised and legal representatives, it shall be made certain whether the representative knows their customer. To identify the true nature of the relationships between the representative and the represented, the representative shall know the substance and purpose of the declarations of intent by the represented party and be able to answer other relevant questions about the seat of operations, fields of activity, sales and transaction partners, other related persons and beneficial owners. In addition, the representative shall confirm with their signature that they are aware and convinced of the source and legal origin of the funds used in the transaction of the represented entity.
Identification of Beneficial Owner
1. After identifying the legal entity, the Company establishes the beneficial owner of the legal entity.
2. In a situation where no one person owns or controls more than 25% of the client, the range of beneficial owners will be determined in accordance with the principle of proportionality, according to which information is requested about shareholders, partners and other persons exercising control or other significant influence on the business legal entity.
3. If the documents identifying the legal entity or other documents submitted do not indicate the beneficial owner of the legal entity, the relevant information (including information about membership in the group of companies and the structure of ownership and management of the group of companies) must be established on the basis of an application from the client or a handwritten document from a representative of the legal entity .
4. To verify information identified on the basis of statements or a handwritten document, reasonable measures are taken (for example, filing a request with the relevant registers) and the annual report or other relevant document of the legal entity is requested.
5. A company may use a risk-based approach and take reasonable steps to verify the identity of the beneficial owner to ensure who the beneficial owner is in the business relationship or transaction. In relation to compliance with this requirement, the Company has several decision options:
  1. determine the extent to which public information about shareholders or participants will be used;
  2. the extent to which relevant information will be requested orally or recorded in writing or in a form that can be reproduced in writing;
  3. in what cases will the client be asked to fill out the appropriate questionnaire;
  4. or what other options can be used and are practicable for the Company.
6. It should be taken into account that the scope of client due diligence (including identification of the beneficial owner) should be related to the risk of money laundering and terrorist financing, which depends on the type of client and his country of residence. origin, business relationship, product, service and transaction.
7. Increased attention should be paid to companies based in low-tax territories, whose beneficial owners are often difficult to identify.
8. A company may consider a beneficial owner to be a person who does not own 25% of the shares of the legal entity, but who exercises control in another way. This situation arises when the Company suspects that a third party, whose connection with the company cannot be legally proven or is difficult to prove, exercises control over the management of the legal entity by other means.
Requirements for identification of non-resident legal entities
1. In the case of identification of non-resident legal entities, the Company must comply, to the maximum extent possible, with the same requirements as in the case of resident clients, taking into account the peculiarities arising from the country of residence, origin and legal form of the non-resident client. Due to differences in the legislation of different countries, the Company’s regulations should also establish detailed requirements and recommendations for identifying the passive legal capacity of a legal entity through other documents and/or reliable sources of information.
2. When identifying the passive legal capacity of a non-resident legal entity and reviewing documents certifying the powers of representatives, the compliance of the documents with the requirements established by the legislation of the Republic of Estonia regarding the legalization of foreign documents is checked.
3. Due to differences in legal regulation in different countries, the Company should pay attention, first of all, to legal entities established in countries or territories with low tax rates, since it is not always entirely clear whether they have passive legal capacity. In many countries, the standards for customer identification, registration and document storage are lower than in Estonia, as a result of which special attention must be paid to the content of documents of companies registered in such countries, as well as the procedure for their execution their submissions.
4. Particular attention should be paid to the information and documents provided in the case of persons whose country of origin is included in the FATF list of countries that do not make a sufficient contribution to the prevention of money laundering. The Company avoids doing business with persons whose residence or location is located in a country listed by the FATF as a high-risk country and not cooperating with it. This list can be seen at: http://www.fatf-gafi.org/countries/#high-risk.
5. In the case of documents in a foreign language, the Company has the right to request translation of documents into a language it understands. The use of translations should be avoided in situations where the original documents were prepared in a language understood by the Company (for example, translation of original documents from English into Estonian or Russian).
General requirements for the application of customer verification measures when making transactions
1. In addition to establishing a business relationship, customer due diligence measures are also taken if:
  1. in case of any type of transaction, incl. in the case of an offer made in the course of providing a consulting service, the price of which exceeds the limit established by the Law on the Prevention of Money Laundering and Terrorist Financing. It does not matter whether the monetary obligation is carried out by cash or non-cash payment;
  2. the amount of one transaction or the total amount of consecutive transactions exceeds the limit provided for by law (or the internal rules of the Company) when making one-time transactions not by a client;
  3. the Company has doubts about the accuracy or sufficiency of the data collected when establishing a business relationship, or that the actions of the other party are not normal or transparent, or if the Company suspects money laundering or terrorist financing; And
  4. the Company does not suspect money laundering or terrorist financing for the purposes of subsection 1 § 49 of the Law on the Prevention of Money Laundering and the Financing of Terrorism and has no obligation to report the transaction for the purposes of subsection 3 § 49 of the Law against Money Laundering and the Financing of Terrorism, but the transaction is complex and extremely large or the design of the transaction is unusual and has no obvious economic or legal purpose.
2. The company must continually evaluate changes in a customer’s business and determine whether they may exceed the level of risk that would require additional customer due diligence measures.
3. Customer due diligence measures also require appropriate monitoring systems to detect whether transaction limits have been reached or where risk factors exist and to inform relevant individuals to identify suspicious or unusual transactions. If, during monitoring of transactions, the Company becomes suspicious of money laundering, financial intelligence must be informed about this.
Transaction monitoring
1. Monitoring unusual and suspicious transactions is an important part of financial institutions customer due diligence efforts and can identify circumstances that may indicate money laundering or terrorist financing in a customer’s economic activity. Also, the purpose of tracking client transactions is to identify transactions with targets of international sanctions and politically exposed persons, as well as to identify and notify of transactions whose limit or other parameters exceed the established value for a certain period of time.
2. Transaction support measures can be divided into two parts. You can use measures that allow you to monitor transactions in real time, based on parameters or functions developed using the Company’s previous experience, or analyze them subsequently.
3. Screening (real-time transaction tracking)
  1. In the case of real-time transaction monitoring, Company managers or other employees, in the performance of their duties, observe customer behavior and transactions to detect unusual or suspicious transactions or transactions that exceed established limits.
  2. When tracking transactions in real time, information technology tools should be used that, based on predetermined parameters, select transactions made over a certain period. Screening parameters depend on the capabilities of information technology and the goals set. What should be
    1. politically exposed persons involved in transactions;
    2. transactions with persons, name, date of birth, etc. which coincide with the data specified in the lists of persons subject to international sanctions;
    3. transactions with persons whose country of activity or origin is included in the list of high-risk (terrorist) countries or clients whose transactions are subject to constant monitoring.
4. Monitoring (subsequent analysis of transactions)
  1. When monitoring transactions, measures are taken to verify that the necessary information about the payer is provided when transferring money. To help detect suspicious transactions, the Company must take steps to validate payer information in payment instructions.
  2. The company, using monitoring systems, checks whether the reporting or payment system fields used to complete the transaction are filled with symbols or input data used in the reporting or payment system for information related to the payer.
  3. Payments with insufficient payer information (including payer name, address and account number) are identified among payments using monitoring systems. In this case, the payer’s address can be replaced by the payer’s date and place of birth, client number or personal identification code, and if the payer does not have an account number, the Company will replace it with a unique feature with which the payer can be identified.
  4. For the purpose of subsequent analysis of transactions (monitoring), it is possible to analyze transactions isolated from the mass of transactions according to predetermined parameters. Transactions that cannot be interfered with (for example, transactions made through an ATM) are the main objects of monitoring. In addition, subsequent transaction monitoring analyzes the largest transactions by amount, currency and customer type for a certain period. A list of typical parameters based on which transactions can be selected for monitoring is given below:
    1. single large international payments (for example, the amount of which ends with at least four zeros);
    2. international payments, the description of which contains the words “loan”, “deposit”, “return”, etc.;
    3. accounts (individuals and legal entities) with the highest turnover in the reporting period by currency (individuals and legal entities);
    4. the largest transactions (individuals and legal entities) for the period under review (individuals and legal entities) with various currencies;
    5. transactions made through an ATM exceeding a certain limit for the period under review;
    6. single transactions exceeding the limit, made by clients with a small turnover;
    7. a sharp increase in turnover of VOSTRO account holders of correspondent banks;
    8. transactions with persons whose country of activity or origin is included in the list of countries of high (terrorist) risk;
    9. payments to high-risk countries;
    10. payments related to risky banks, and
    11. transactions of specific clients or types of clients.
5. If, upon receipt of a payment, the Company notes that the required payer information is missing or incomplete, the recipient is required to refuse the transaction or request complete payer information.
6. If the client regularly fails to provide the requested payer information, the Company takes measures, including warnings and setting deadlines. The Company may then refuse to enter into any transactions with the client or limit or terminate its business relationship with the client. The company informs financial intelligence about this.
Actions in case of suspicion of money laundering and compliance with reporting obligations
1. In a situation where the Company, based on documents collected during the implementation of customer due diligence measures, has suspicions of money laundering or terrorist financing when establishing a business relationship or in one-time transactions, the Company does not establish business relationships with clients or enter into one-time transactions.
2. If unusual circumstances become apparent in the relationship with a client or circumstances in which a Company employee suspects money laundering or terrorist financing, the compliance officer appointed by the executive body/board must be immediately informed and the compliance officer decides to immediately pass on the information into financial intelligence and assesses the need to postpone or abandon the transaction. In a situation that entails a high risk of money laundering or terrorist financing, a Company employee may decide to postpone the transaction and then inform the compliance officer about the situation.
  1. The background of each individual suspect or unusual case should be investigated to the extent reasonably necessary, the details of the transaction being recorded and the circumstances analyzed to identify typical features of more frequent transactions.
  2. The main circumstances that you should pay attention to when analyzing suspicious and unusual transactions are the following:
    1. What is suspicious about the steps, transactions or other circumstances?
    2. Is the Company confident that it knows its client sufficiently or is it necessary to collect additional information about the client?
    3. When performing an action or transaction related to identifying a client or a client representative, the Company is obliged to ensure compliance with the established procedure. Was all the necessary information provided, or did additional information need to be requested or otherwise clarified?
    4. Have there been repeated instances of suspicious steps and transactions?
3. If delaying a transaction would cause significant losses to the parties, failure to act would be impossible, or would interfere with the interception of a potential money laundering or terrorist financing agent, the transaction or official action must be completed and a report submitted to financial intelligence.
4. The Company’s regulations establish the rules of conduct for the Company’s employees regarding the postponement of a transaction or official action.
5. The Company’s regulations determine both the conditions for transferring information to financial intelligence and the conditions for preserving the transmitted information.
6. The Company must retain in a form capable of written reproduction all information received from employees regarding suspicious or unusual transactions, as well as any information collected for the analysis of these reports and other related documents, as well as any financial intelligence reports, along with the information about the time the report was sent and about the employee who submitted it.
7. No customer or person involved in a transaction (including its representative or other related persons) in respect of whom suspicion is reported to the financial intelligence agency may be notified.
8. The company is obliged to immediately comply with the reporting obligation. The purpose of immediate execution is to provide financial intelligence with the opportunity to develop the suspicion specified in subsection 1 of article 57 of the Law on the Prevention of Money Laundering and Terrorist Financing and take its own measures. Money laundering is a process in which proceeds of crime, and above all financial assets, can be transferred through credit institutions and financial institutions of several countries within one day, and therefore prompt reporting helps to more effectively track illicit funds.
Correspondent relations
1. To establish correspondent relations with a credit institution or financial institution of a third country, the Company is obliged to obtain the consent of the board and in order to apply enhanced verification measures:
  1. collect sufficient information about correspondent institutions in order to fully understand the nature and reputation of the institution’s business activities;
  2. also obtain certification of the quality of its supervision. Any possible connection of a correspondent institution with suspicion of money laundering or terrorist financing, corresponding investigative actions or sanctions must be verified in open sources;
  3. assess the correspondent institution’s mechanisms for preventing money laundering and terrorist financing and ensure that they are adequate and effective;
  4. and document the obligations/responsibilities of both parties to the correspondent relationship in the field of preventing money laundering and terrorist financing, including the exchange of relevant information (conclusion of an appropriate agreement).
2. A correspondent relationship agreement concluded with a third country financial institution or the regulations of the corresponding correspondent institution must establish the obligations of the parties, including the conditions for the application of customer verification measures in relation to transactions through correspondent accounts to which the third party has direct access to complete operations on his behalf in relation to the Company’s clients.
3. A company is not permitted to open a correspondent account in a so-called shell bank or in a bank in which the shell bank has accounts. Correspondent accounts shall not be opened in a bank in which an assessment of the integrity of management and measures to prevent money laundering and terrorist financing has revealed deficiencies, taking into account the relevant international standards or the circumstances giving rise to the assessment.
4. The company must not establish a correspondent relationship with an institution or company in any other third country that is not a credit institution or financial institution under Estonian law, but whose main and ongoing business activity is similar to banking.
Foreign branches and subsidiaries
1. The Company applies customer due diligence measures and information collection and retention requirements that are at least equivalent to the provisions of the Money Laundering and Terrorist Financing Prevention Act of the Republic of Estonia in all foreign offices, branches and majority-owned subsidiaries of the Company if such branches and subsidiaries have been created.
2. If the legislation of a third country does not allow the use of equivalent measures, the Company applies additional measures to prevent money laundering or terrorist financing.
3. A company operating in several different countries, including a third country, should avoid applying standards that differ from country to country in its activities. Standards approved in the European Union are preferred.
Changes to the Code of Conduct
1. The Company shall revise these rules from time to time in order to comply with applicable laws.

Quick Links

Get In Touch

Quick Links

Get In Touch

Request a consultation