ANTI MONEY LAUNDERING AND COUNTER TERRORIST FINANCING POLICY
1.1 The company’s Anti Money Laundering (AML) and Counter Terrorist Financing (CTF) policy
details all of the measures that the company’s team is obliged to carry out in order to identify
and report any suspicious transactions and eliminate as much as possible the risk of the
being used for illicit purposes or to aid any criminal activity.
1.2 The company operates a risk-based approach to managing the business’ financial activities
business operations to prevent money laundering and/or terrorist financing.
1.3 The risk based approach consists of conducting a risk assessment of the business including
services, operations, target market, distribution channels and geographical areas in which it
operates or through which the funds flow.
1.4 New methods which may be used to prevent money laundering and terrorist financing will be
taken into consideration, as well as an ongoing improvement of the methods used by collecting
information from other organisations, authorities and any other relevant bodies within the area
of AML and CTF.
1.5 An initial risk assessment of the business has been conducted which will be updated
to ensure that the business and the board of directors are aware of what measures need to be
taken in order to minimise these risks as much as possible.
1.6 The systems and controls that have been established will be updated according to the result
continuing internal risk assessments, reacting to any instances that require controls to be
tightened, and upon the advice of external bodies that relay information about the changing
trends and patterns relating to the attempts by criminals to launder money or finance terrorist
1.7 The company has established this policy in order to define the risk of money laundering and
introduce an effective internal structure, as well as the supporting systems and controls, to
prevent money laundering and terrorist financing.
1.8 The policy will detail how the business effectively manages the following key areas:
Basic measures for effective customer due diligence (CDD) – both for corporate partners
and private customers.
Enhanced due diligence for both corporate and private customers.
Systems and procedures to maintain ongoing due diligence of both corporate and
Data procedures for maintaining all relevant information for all our business
Systems and controls for monitoring all transactions that pass through the Crypto Ltd.
payment gateway to detect suspicious activity.
Implementation of an AML training programme for all relevant staff – this must be
completed by the Board as well.
Procedures to protect staff from threats or hostile measures relating to their role in
Guidelines for internal controls to maintain compliance with the company’s AML policy
and Maltese Financial Services Authority (MFSA) regulations.
1.9 How the business will manage these 10 key areas will be explained in more detail throughout
this policy document.
1.10 It should be emphasised that this policy will be complemented with an AML and CFT procedure
document which will provide more information on how this policy will be implemented.
1.11 To ensure that the business understands the policies that are implemented through this
document, the company has adopted the definitions for money laundering, terrorist financing,
customer due diligence and politically exposed persons as detailed under Maltese law.
1.12 As per article 2 of the Prevention of Money Laundering act (Chapter 373), money laundering
the conversion or transfer of property knowing or suspecting that such property is
derived directly or indirectly from, or the proceeds of,criminal activity or from an act
or acts ofparticipation in criminal activity, for the purpose of or purposes of
or disguising the origin of the property or of assisting any person or persons involved
or concerned in criminal activity;
the concealment or disguise of the true nature, source, location, disposition, movement,
rights with respect of, in or over, or ownership of property, knowing or suspecting
that such property is derived directly or indirectly from criminal activity or from an
act or acts of participation in criminal activity;
the acquisition, possession or use of property knowing or suspecting that the same
was derived or originated directly or indirectly from criminal activity or from an act
acts of participation in criminal activity;
retention without reasonable excuse of property knowing or suspecting that the same
was derived or originated directly or indirectly from criminal activity or from an act
acts of participation in criminal activity;
participation in, association to commit, attempts to commit and aiding, abetting,
facilitating and counseling the commission of any of the actions mentioned in the
1.13 Terrorist Financing is defined by articles 328F (1) of the Maltese Criminal Code (Chapter
«whosoever by any means, directly or indirectly, collects, receives, provides or invites
another person to provide, money or other property or otherwise provides finance intending
itto be used, or which he has reasonable cause to suspect that it maybe used, in full or in
for the purposes of terrorist activities or knowing that it will contribute towards the
whether criminal or otherwise, of any person involved in terrorist activities».
1.14 Politically exposed persons (PEPs) are defined by regulation 2 of the Prevention of money
laundering and funding of terrorism regulations as «natural persons who are or have been
entrusted with prominent public functions and shall include their immediate family members or
persons known to be close associates of such persons, but shall not include middle ranking or
more junior officials».
1.15 Customer Due Diligence (CDD) requirements are defined by regulation 7 of the Prevention of
money laundering and funding of terrorism regulations as:
“the identification of the applicant for business and the verification of the identity
applicant for business on the basis of documents, data or information obtained from
a reliable and independent source;
the identification, where applicable, of the beneficial owner and the taking of
reasonable measures to verify the identity such that the subject person is satisfied of
knowing who the beneficial owner is, including, in the case of a body corporate,
trusts and similar legal arrangement, reasonable measures to understand its
ownership and control structure;
obtaining information on the purpose and intended nature of the business
relationship, such that a subject person is able to establish the business and risk
of the customer;
conducting ongoing monitoring of the business relationship”.
AML AND CTF STRUCTURE
2.1 The Board of Directors has established the following structure to ensure that the systems and
controls defined in this policy are implemented effectively in order to prevent money laundering
and terrorist financing.
2.2 A thorough risk assessment was completed, as outlined above, to define the business’ key risk
areas and this policy was structured around these risks and how the business will implement the
necessary internal controls to manage them effectively.
2.3 A template of the completed risk assessment matrix has been attached as Appendix A.
2.4 As per 4(c) of the Prevention of Money Laundering and Terrorist Financing [S.L.373.01] the
Board of Directors has implemented a number of measures to mitigate these risks as highlighted
in the following points.
2.5 Systems and controls, including effective technological solutions, to monitor and scrutinize all
transaction processed by the business.
2.6 Systems and controls for identifying and verifying either a legal person or natural person that
wishes to initiate a business relationship with the company.
2.7 A management structure to make decisions and complete reporting routines when it is assumed
that a transaction is suspicious.
2.8 Routines for the training of relevant employees, including initial training before said employee is
allowed to perform their duties specific to AML or CTF.
2.9 Ownership and responsibility for the ongoing review of this control document will sit with the
appointed compliance officer who reports directly to the Board of Directors.
2.10 The responsibilities of the compliance officer are as follows:
All control systems in place to complete CDD measures for both natural and legal persons.
All control systems to monitor customers against all relevant international sanctions and
All control systems to monitor transactions through the company’s platform to detect
Processes and procedures with regards to decision making relating to any of the above
Controlling all reporting routines, including any relationships with outsourcing partners
who are responsible for any functions relating to AML and CTF.
Initial training for new recruits who will have a role relevant to the prevention of money
laundering and terrorist financing.
An ongoing training programme to ensure that all relevant staff are aware of new
regulations and strategies with regards to AML/CTF.
The ongoing review and updating of the internal risk matrix.
The appointment of one or more persons to assist him or her and the delegation of
Ensuring that all pertinent data relating to this function is maintained according to the
unique requirement applicable.
Communicating all relevant procedures and policies with every branch of the business
and ensuring that there is consistency in their application across each business unit.
2.11 There will be at least one annual minuted meeting between the Compliance officer and the
Board of Directors which will be structured around the internal risk matrix with the express
purpose of monitoring the performance of the systems and controls employed by the business
to mitigate the risk of AML and CTF.
2.12 The annual meeting will also review the effectiveness with which these policies have been
implemented by the Compliance officer and will investigate the results of any internal
investigations when the systems and controls have failed.
CUSTOMER DUE DILIGENCE
3.1 In accordance with the regulations pursuant to Regulation 4 (1) (a) of S.L.373.01, the business
shall carry out CDD measures on every customer – whether a natural person or a legal person.
3.2 The 4th Anti-Money Laundering Directive (Directive (EU) 2015/849) provides for certain
instances when CDD measures should be carried out. Therefore, the business will carry out CDD
in the following circumstances:
when establishing a business relationship;
when carrying out an occasional transaction that amounts to EUR 15,000 or more,
whether that transaction is carried out in a single operation or in several operations
which appear to be linked; or that constitutes a transfer of funds, as defined in point (9)
of Article 3 of Regulation (EU) 2015/847 of the European Parliament and of the Council
(1), exceeding EUR 1 000;
when there is a suspicion of money laundering or terrorist financing, regardless of any
derogation, exemption or threshold;
when there are doubts about the veracity or adequacy of previously obtained customer
3.3 The business will identify the customer and will ensure that such identity is verified on the basis
of documents, data or information obtained from reliable and independent sources.
3.4 With respect to a natural person the following identification information should be obtained:
official full name;
place and date of birth;
permanent residential address;
identity reference number, where available;
3.5 As for a legal person, the business shall determine whether the applicant for business is acting
on behalf of somebody else by requesting such information directly from the applicant for
3.6 The measures that are undertaken are based on a risk assessment of the customer to
understand whether simplified due diligence or enhanced due diligence should be conducted.
3.7 Due diligence for every business relationship will be completed according to the time constraints
as outlined in Regulation 8 of S.L.373.01.
3.8 In all instances, where possible, CDD will be completed prior to establishing a relationship.
3.9 In exceptional circumstances, where it is necessary to not interrupt the normal course of
business, and where the business is deemed to be a low risk of money laundering or terrorist
financing, CDD will be completed during the course of the relationship.
3.10 This exception to completing CDD will only be applicable to legal persons and not to natural
persons and will typically be resolved before signing a contract with the entity.
3.11 The company will complete screening using a recognised international vendor (World-Check) to
screen all natural and legal persons against a number of international sanctions lists, PEP lists,
and persons of interest – including those convicted previously of financial crime.
3.12 The company will implement a percentile threshold to determine whether there has been a
positive match, against one of these lists, using an automated system integrated into the
3.13 These matches will then be reviewed manually by an agent to determine whether the match
alert is a positive match or not. The processes behind these procedures are explained in more
detail in the Ongoing Due Diligence section later in this document.
3.14 The company will screen all natural and legal persons against lists, including but not exclusive
European Union’s sanctions list – including details on recognised international terrorists.
Her Majesty’s Treasury (HMT) list – as published by the United Kingdom’s government.
Office of Foreign Asset Control (OFAC) list – as published by the government of the
United States of America.
PEP lists – as collated by the approved vendor.
3.15 The company will continue to monitor the effectiveness of the data provided by the third party
vendor in these regards as well as reviewing the percentile threshold to ensure its veracity.
3.16 The company’s Operations Department will be responsible for merchant relationships.
3.17 The standard template for completing CDD for legal persons has been attached to this document
as Appendix B.
Reliance on Third Parties
3.18 As per regulation 12 of S.L.373.01, it is permissible to rely on the CDD measures carried out by
other subject persons or third parties, subject to a number of conditions.
3.19 Subject persons may only rely on CDD measures undertaken by other subject persons or third
parties in relation to:
the identification and verification of an applicant for business;
the identification and verification of a beneficial owner, where applicable;
information on the purpose and intended nature of the business relationship.
3.20 Reliance cannot be made on the ongoing monitoring measures carried out by another subject
person or third party
3.21 The details of the identity of the applicant for business, the identity of the beneficial owner,
where applicable, and information on the purposes and intended nature of the business
relationship will immediately be obtained from the entity being relied upon.
3.22 Notwithstanding the fact that it is possible to rely on another subject person or a third party,
business remains responsible for compliance with CDD.
SIMPLIFIED DUE DILIGENCE
4.1 With regards to a legal person, the company will collate the following information in order to
complete simplified due diligence.
4.2 In all circumstances, it will be the responsibility of the legal person to provide documentary
support to verify details provided.
4.3 The information captured on the legal person will include but not exclusively:
Proof of the legal person’s identity by means of identity documents such as certificate
of incorporation, register extracts, independent credit institutions;
Proof of who the ultimate beneficial owners of the legal person are, specifically those
natural persons controlling more than 25%, using documents such a share register,
official registry abstract or Memorandums and Articles of Association.
Validating information about the business and the nature and purpose of the
Proof of who the legal person’s signatories and board of directors.
Once the ultimate beneficial owners and board of directors have been identified, as
per the above, CDD will be completed as per the detailed procedures below for those
of a natural person.
Proof of the legal person’s registered address.
As detailed in point 3.11 to 3.14 all legal persons and related natural persons will be
screened against international sanction lists and to identify whether they are PEPs.
4.4 In limited circumstances, there are exemptions for certain legal persons and the requirement to
complete CDD measures.
4.5 These exceptions will be limited to the following type of entities:
Financially regulated legal persons or their subsidiaries established in a country that has
implemented equivalent money laundering laws and regulations to those of the Maltese
Financial Services Authority (MFSA).
Legal persons or their subsidiaries who are listed on a stock exchange in a country that
has implemented equivalent money laundering laws and regulations to those of the
A state owned legal entity or their subsidiaries established in a country that has
implemented equivalent money laundering laws and regulations to those of the MFSA.
4.6 With regards to a natural person, the company will utilise two methods of basic due diligence.
4.7 The first method that will be relied on is electronic verification as the core business model
means that natural persons are not physically present at the application stage.
4.8 Parameters will be set in the technological platform used to verify people electronically to meet
the minimum requirements as set forth in Regulation 13 (2) of S.L.373.01.
4.9 The company’s electronic verification of customers will also conform to the international
standard commonly referred to as ‘2+2’. Meaning that to complete a full electronic signature of
a natural person, 2 matches of 2 pieces of information from 2 separate external electronic
registers will need to be completed.
4.10 The two matches must validate at least two of the following pieces of personal information of
the natural person applying for the product being either name and/or address and/or date of
4.11 The company will only use recognised international electronic vendors who conform to the
required data protection standards in order to meet these requirements.
4.12 Furthermore, the business will only partner with those third parties that conform, at least as a
minimum, to equivalent requirements of a country within the EEA that has money laundering
laws and regulation of equivalence to the MFSA.
4.13 Before using a commercial agency for electronic verification, the company will ensure that the
data they provide is sufficiently extensive, reliable and accurate.
4.14 The service provider must also have access to a wide range of sources that include both positive
and negative data.
4.15 In this scenario, the natural person will be required to provide two pieces of identity to satisfy
the basic due diligence requirements.
4.16 These two pieces of identity will be referred to as first and second class identity documents.
4.17 The natural person will need to provide firstly a copy of his/her ID that has been issued by a
recognised governmental authority or any other authorised document which evidences
citizenship, such as a passport or driving license.
4.18 The document must as a minimum confirm their name and date of birth to constitute itself as a
first class form of identity.
4.19 All photographic identity documents must be within the expiry date as printed on the document
and will be cross-referenced against external sources to validate their authenticity.
4.20 Secondly, the natural person will need to provide a copy of a utility bill to verify their
4.21 The document will need to confirm both the natural person’s name and address to constitute
itself as a second class form of identity.
4.22 These documents can be no older than three months and will be cross-referenced with similar
documents to validate their authenticity.
ENHANCED CUSTOMER DUE DILIGENCE
5.1 In limited circumstances, where based on a risk based assessment of the legal or natural person,
it is deemed that the person is potentially of a higher risk with regards to money laundering and
terrorist financing, the business will implement enhanced due diligence.
5.2 This assessment will be based on a number of factor including but not exclusive to:
When a business relationship is established with a person who is not present.
When a business relationship is established with a legal person where a natural person
associated with the entity is a PEP.
When a business relationship is established with a legal person who is established in a
country outside the European Economic Area (EEA) or Financial Action Task Force
5.3 In these circumstances, the company will implement the following additional measures (other
than request certified true copies of the person’s identity documents) to mitigate the higher risk
of money laundering or terrorist financing including but not exclusive to:
Obtaining sufficient information about the person to understand their activities as well
as assess their market reputation.
Where possible, a bank reference letter from a financial institution active in a country
with equivalent money laundering laws and regulations to those of the MFSA that holds
accounts relating to the legal person.
Measures to establish the origin of funds/assets that are relevant to the business
relationship and the business being conducted.
Where possible, independently audited accounts that are no older than two years.
Direct approval from the Board of Directors.
5.4 Furthermore, in those circumstances where verification has been completed for a person who is
not present – either by electronic verification or copied identity documents – the company will
take additional measures to mitigate the risk of impersonation fraud.
Politically Exposed Persons
5.6 As an extension of the definition given for a PEP as detailed in point 1.14, the company
recognises the various positions that can be held in public office, or associations, that would
constitute a PEP as detailed in Regulation 11, 7 of S.L.373.01.
5.7 Specifically this will include people who hold or have held in the previous year one of the
following or equivalent positions:
Heads of state or government, ministers and deputy or assistant ministers.
Judges of the Supreme Court, judges of constitutional courts or of other high-level
judicial bodies whose decisions are not subject to further appeal, except in exceptional
Higher officials at auditing authorities and members of governing bodies of central
Ambassadors, charges d’affaires and high-ranking officers in the armed forces.
Members of the administrative, management or supervisory bodies of state-owned
5.8 Further to the actual individuals who have or held these positions, the company will also
consider the following types of immediate family members as PEPs as well, including but not
Any partner considered by national law as equivalent to a spouse.
The child and their spouse or partners.
5.9 Additionally, all know associates will include the following:
• Any natural person where there is reason to assume joint beneficial ownership of legal
persons or legal arrangements who fall under the definitions outlined in points 5.7 and
5.8 or any other close business relationship.
• Any natural person who holds sole beneficial ownership or legal arrangements over a
legal person, such as a trust fund, whose establishment was for the sole benefit of a
natural person who would fall under the definitions outlined in points 5.7 and 5.8 or any
other close business relationship.
5.10 The company recognises that even after a natural person has left one of the positions listed
above, that they may still constitute a high risk.
5.11 To that end, a risk based approach will be applied in all circumstances whether the individual is
still in a position of authority or has held such a position previously. A decision will then be made
as to what constitutes the appropriate level of enhanced due diligence in these circumstances.
5.12 In any circumstance, where an individual is proven to fall within the above definition of a
‘politically exposed person’, approval will be sought directly from the Board of Directors before
entering into a business relationship.
ONGOING CUSTOMER DUE DILIGENCE
6.1 For all legal and natural persons that the company has established a business relationship with,
systems and controls are implemented to complete ongoing due diligence of the business.
6.2 For this reason, it is essential that the company maintain sufficient information about the
circumstances and the activities of persons wanting to enter into a business relationship for two
6.3 Firstly, it is to ensure that the risk assessment of the person is accurate and thus mitigate the
of money laundering or terrorist financing.
6.4 Secondly, to ensure that the level of ongoing due diligence of each person is relative to the risk
6.5 As the company has adopted a risk based approach to its policy on AML and CTF, there is no
requirement, in practice, to hold the same level of information on every legal or natural person.
The information held will be based on the risk level that they pose to the business.
6.6 The company will perform rigorous ongoing monitoring and screening of all relevant
transactions, ensuring they fall within the anticipated business activity as established during the
6.7 In addition to the screening of all natural and legal persons against international sanction and
PEP lists as described in points 3.11 to 3.14, the company will continue to screen its existing
customer database on a periodic basis – the purpose of which is twofold.
6.8 Firstly, it is to ensure that no natural or legal persons who initially completed the CDD process
should be reclassified as posing a higher risk and therefore complete enhanced due diligence
and all of the extra measures that this entails.
6.9 Secondly, it is to ensure that no natural or legal persons who were approved during the initial
screening process have been subsequently added to one of the international sanctions lists that
the company screens its applicants against.
6.10 As part of the screening process, both at initial stage of entering into a relationship and as part
of the ongoing due diligence the business performs, all legal and natural people will be screened
against the lists mentioned in point 3.14.
6.11 As a result of the percentile threshold that will be set to establish whether there has been a
match against one of these lists, alerts will be generated to be reviewed and then categorized
for our ongoing records and to assess what level of due diligence must be completed.
6.12 Such pertinent information will be shared with the Executive Management Team, before they
make a decision and/or to the Board of Directors should the match instigate their approval as
referred to in point 6.13.
6.13 Each match must be categorized for our ongoing records. To ensure that each match is dealt
with according to the level of risk, the company utilises both a ‘match status’ and ‘match risk’
6.14 The ‘match status’ category will define how exact a match is with the natural or legal person we
are establishing a relationship with.
6.15 The ‘match risk’ category will define exactly what level of risk that natural or legal person poses
to the company and what measures should be affected as a result of this categorization
6.16 Additionally, a review of all natural and legal persons and their identity will be completed on a
risk based approach.
6.17 For those legal persons deemed to be of low risk, this review will take place once every two
6.18 For those legal persons that have been deemed to be of high risk, this review will take place at
least once a year.
6.19 The standard template for this ongoing review of the legal person has been attached to this
document as Appendix C.
6.20 For natural persons, this process will be completed from time to time when the customer
establishes some form of contact with the company.
6.21 At such time, questions will be asked to determine whether the data held on file for the natural
person is up to date and accurate.
7.1 Money laundering and terrorist financing typically are characterized by significant complexity and
7.2 It is the company’s opinion that due to the nature of such transactions, and the size and
complexity of the business, a manual solution to transaction monitoring would not sufficiently
protect the business from the threat of money laundering or terrorist financing.
7.3 Recognising areas that the business would consider to be of a higher risk, as the result of the risk
assessment carried out by the business, the company has implemented certain restrictions on the
functionality of the business’ products to reduce the attractiveness of the system to those trying
to commit money laundering or terrorism financing.
7.4 Such restrictions include, but are not limited to:
• Limiting access to the system by restricting applications from certain countries, for
example those listed on the FATF non-cooperation list.
7.5 This electronic system will contain a standard set of transaction monitoring rules to detect any
7.6 These rules and parameters will take into account a number of factors to ensure the business
continues to implement its risk based approach.
7.7 In each instance where a rule generates an alert that a transaction, or series of transactions,
either to be processed, or processed, is suspicious this alert will be manually reviewed for further
7.8 In any instance where the review leads to genuine suspicion of money laundering or terrorist
financing, the measures detailed below in ‘Reporting Requirements’ will come into effect.
7.9 As part of the ongoing risk assessment, the company continually reviews these rules to ensure
their effectiveness in mitigating the risk of the company’s system being used to launder money or
7.10 Data mining will be continually performed on the data generated by the alert system to monitor
the false positive ratios created and whether the rules could be implemented more effectively to
further reduce the risk of money laundering and terrorist financing.
7.11 Furthermore, the company continues to actively seek the information regarding new trends,
patterns and methods which may be used for money laundering or the financing of particularly
7.12 The company utilizes information from a variety of international government bodies, regulatory
or legal authorities, as well as more commercially orientated working groups and discussion
forums where a wealth of information on current trends and methods are shared between
businesses operating in similar markets.
7.13 As stipulated in points 6.2 to 6.4, it is only with the relevant level of CDD completed before
entering into the relationship with the natural or legal person, that the company can implement
effective ongoing monitoring of its transactions.
7.14 The company recognises that there are certain transaction types that are inherently suspicious
when scrutinising transactions for money laundering or terrorist financing, such as:
Large volumes of transactions during a limited time interval which appear
uncharacteristic for that particular person.
Transactions that are incongruous with company’s understanding of the business
relationship as defined during the CDD process.
Transactions that appear to have no justification or financial purpose.
Any activity which deviates geographically from the person’s typical transaction
Unusual requests relating to services that do not fit the natural or legal person’s
profile as defined during the CDD process.
7.15 Should the instance arise where it is found that the system has failed to detect suspicious
the compliance officer, will submit a report to the Board of Directors detailing the failings within
the system as well as what measures have been taken to prevent such a transaction remaining
undetected in the future.
7.16 These measures will then be closely monitored to ensure that they have been deployed into the
system accurately and effectively.
8.1 As part of the ongoing due diligence process, the company will monitor all transactions for any
suspicious activity as per above.
8.2 In any instance where suspicion of money laundering or terrorist financing remains after further
investigation, by either a natural or legal person, the company will implement the below to
ensure this is escalated appropriately.M
8.3 Suspicion will be related to the company’s knowledge of the natural or legal person, through the
CDD process, and will only be raised when the person’s behavior is contrary to the anticipated
business, turnover, etc.
8.4 The company will make every effort to prevent any transactions they believe to be suspicious
from being completed.
8.5 As described above, logic will be written into our transaction monitoring platform to prevent
certain suspicious transactions from happening.
8.6 However, there are certain instances where this may not be possible
8.7 Suspicion may only be raised after a transaction, or a series of transactions, have been
8.8 Additionally, preventing certain transactions from being completed may either alert the natural
or legal person to the business’ suspicion and/ or complicate further investigation.
8.9 In either of the above two instances, these accounts will obviously be subjected to a far
level of due diligence as part of company’s risk based approach to AML and CTF.
8.10 The company will maintain a separate internal register of all money laundering and terrorist
8.11 All personal information held within the register will be handled in compliance with the
Data Protection Act.
8.12 It will also allow the business to keep a register of negative data to help prevent future
participation in transactions by previously suspected individuals of committing, or attempting to
commit, money laundering or terrorist financing.
8.13 The information will clearly document measures and decisions taken as a result of the ongoing
due diligence and transaction monitoring that the business performs on a risk based approach
along with any evidence recorded by the business to justify its suspicion.
8.14 All such information contained within the register that is pertinent to an investigation into
money laundering or terrorist financing will be made available to the relevant investigative
bodies to support their enquiries.
8.15 The company will ensure that all documentation of monitoring measures should be kept for a
minimum of five (5) years as per Article 19 of the Payment Services Directive.
8.16 The company will implement automated processes to ensure that the data is securely stored for
this required length of time after which point it will be destroyed.
Prohibition of DisclosureM
8.17 At no point should any natural or legal person associated with the company, its branches or
subsidiaries, disclose to the customer or any third party that the person under question is under
8.18 The above measure to prevent ‘tipping off’ the natural or legal person that their particular
transactions are being monitored obviously does not impede the company’s obligations to
report any such suspicions to the relevant supervisory body.
8.19 No member of staff at the company may be held liable for failure to report or neglecting
professional secrecy by submitting any information regarding suspicion of AML or CTF to the
relevant authoritative body.
9.1 It is integral to the successful implementation and the effectiveness of the company AML and
CTF programme that those members of staff completing duties in a related function have
adequate training before being allowed to start their role.
9.2 Just as importantly, the company will maintain an ongoing training programme to ensure that
relevant members of staff are always aware of changes in laws and regulations, as well as trends
and new strategies perpetrated by those who wish to commit acts of money laundering or
9.3 What is at the core of this policy is that there is ‘buy in’ from the top. By this the business
that the Board of Directors see AML and CTF as one of the key risks and therefore as a top
9.4 To achieve a top down approach to such risks, the Board of Directors demonstrate their
commitment to preventing money laundering and terrorist financing by taking part in the
training programme themselves.
9.5 This behaviour encourages other, less senior, members of staff to treat the topic with the
importance that it deserves.
9.6 It will be the responsibility of the compliance officer to instigate an exhaustive training
programme for all new members of staff who will be working in an environment where they may
be able to detect money laundering or terrorist financing.
9.7 A copy of the training programme has been attached to this presentation as Appendix D.
9.8 It is obligatory for all relevant members of staff to complete the training before being given
access to the company’s systems.
9.9 The company will obligate all employees administering customer matters to complete the
training programme detailed in this section of the policy.
9.10 This will include, but not be exclusive to:
All members of the Board of Directors.
The business’ legal counsel.
All employees who have customer contact, whether face to face or remotely, such as
customer service representatives.
All members of the sales team who will have access to information relating to the
proposed business activities of future legal persons wanting to enter into a business
relationship with the company.
All employees who have any access to the company’s system to review transaction
history for both natural and legal persons, including the finance teams.
All employees who have any responsibility for developing the company’s system, so that
they understand the need to implement effective controls against money laundering
and terrorist financing when making any changes.
9.11 Further to the initial training, the compliance officer will also be responsible for the company’s
ongoing AML and CTF training programme, although some of the duties may be delegated to his
or her subordinates.
9.12 This ongoing training programme obligates all relevant members of staff to complete
subsequent training sessions at least once a year.
9.13 For those members of staff in critical roles relating to transaction monitoring and ongoing due
diligence of natural or legal persons with whom the company has a business relationship, the
company will set aside a budget for those employees to take part in external workshops and
conferences on the subject in order to share industry best practices and also learn about new
trends and patterns and regulations and laws as they are introduced.
9.14 The company will keep accurate records of all members of staff who have completed their
training in order to demonstrate its commitment to prevent money laundering and terrorist
financing and how critical staff knowledge and awareness is to the success of this policy.
9.15 In any situation where the business chooses to outsource certain functions pertaining to the
prevention of money laundering and terrorist financing, the company will insist that its third
party vendors who are in a role where they come into contact with customer transactions and
business, have completed the same training and accreditation or are able to demonstrate that
they have internal procedures to do the same at an equivalent standard.
PROTECTION OF EMPLOYEES
10.1 The company takes the protection of its staff very seriously when putting them in positions that
require them to report legal or natural persons as a result of investigating suspicious activity.
10.2 This section of the policy details the various steps that the company has introduced to mitigate
the risk of employees being exposed to hostile behaviour, threats and external pressures.
10.3 To minimise the exposure of our employees to hostile actions taken by those outside of the
business, the company actively vets its staff to ensure that those employed are less likely to be
susceptible to pressure from those who seek to exploit their position within the business.
10.4 To this end, the company will where permissible by local law complete criminal record checks on
staff to ensure that new employees have not been foul of the law previously.
10.5 It is the company’s belief that by not employing people with previous convictions, the risk of
employees capitulating to external pressure or threats is significantly reduced.
10.6 Furthermore, the company will where permissible by local law complete credit rating checks on
staff before offering them employment.
10.7 As above, the business believes that members of staff who have a poor credit rating will be more
vulnerable to natural or legal persons, with or without a business relationship with the company,
who try to exert pressure on them.
10.8 Therefore, by performing these checks, the business has taken pro-active measures to reduce
the risk of such hostile behaviour actually affecting our employees.
10.9 On top of this, the company has implemented a number of system features that ensure that
members of staff whose duties include the monitoring of transactions for money laundering or
terrorist financing remain anonymous.
10.10 The company has also introduced a clear segregation of duties between those who perform
monitoring duties and those that have customer contact.
10.11 The segregation of duties will protect those employees who suspect a customer of money
laundering or terrorism financing. Through this measure, the employees who perform
monitoring duties will not be in a situation whereby they have direct contact with the customers
and hence, will not be put in a position where they could be threatened.
10.12 All those agents who do manage contact with customers will receive specific training on how to
handle calls with persons under suspicion so as not to raise their awareness that they are under
10.13 As per the money laundering training attached to this document as Appendix D, it is made clear
to all staff that it is a serious threat to ‘tip off’ customers that their transactions are being
10.14 If the situation should arise that an employee is threatened or subject to hostile behaviour from
a customer, the company has clear procedures in place for handling such a situation.
10.15 Where there is no implication to an ongoing investigation or potential investigation, it is the
company’s policy to terminate any relationship with a natural or legal person who threatens a
member of staff. This should limit that individual’s ability to continue to intimidate employees.
10.16 The company will also take whatever steps it can, either with the authorities or through legal
action, to protect any member of staff that has been subjected to such behaviour.
10.17 All of these policies and procedures will be reviewed as the result of an investigation into any
such incident and the company will adopt any further measures it feels necessary to prevent
such an occurrence happening again.