AML & CTF Policy

EOTRADEX OÜ ANTI-MONEY LAUNDERING (AML) AND COUNTER TERRORIST FINANCING (CTF) POLICY

Exhibit 1

1. General provisions

This Policy lays down requirements for screening the Clients in order to prevent entering into deals involving suspected Money Laundering and Terrorist Financing, and to ensure identification and reporting of such.

This Policy is primarily based on the regulations of Money Laundering and Terrorist Financing Prevention Act (hereinafter the Act) and International Sanctions Act (hereinafter ISA).

  1. Definitions

    Money Laundering — is a set of activities with the property derived from criminal activity or property obtained instead of such property with the purpose to:

    1. conceal or disguise the true nature, source, location, disposition, movement, right of ownership or other rights related to such property;
    2. convert, transfer, acquire, possess or use such property for the purpose of concealing or disguising the illicit origin of property or of assisting a person who is involved in criminal activity to evade the legal consequences of his or her action;
    3. participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions referred to subsections 2.1.i and 2.1.ii.

    Terrorist Financing — acts of financing of terrorism as defined in § 237 3 of the Penal Code of Estonia.

    International Sanctions — list of non-military measures decided by the European Union, the United Nations, another international organisation or the government of the Republic of Estonia and aimed to maintain or restore peace, prevent conflicts and restore international security, support and reinforce democracy, follow the rule of law, human rights and international law and achieve other objectives of the common foreign and security policy of the European Union.

    Company — EOTRADEX OÜ (registry code 14464298), address Roosikrantsi 2-K492, Tallinn 10119, Estonia.

    Management Board ( MB) — management board of the Company. Member of the MB, as appointed by relevant MB decision, is responsible for implementation of this Policy.

    Compliance Officer — representative appointed by the Management Board responsible for the effectiveness of this Policy, conducting compliance over the adherence to this Policy and serving as contact person of the FIU.

    FIU — Financial Intelligence Unit of the Police and Border Guard Board of Estonia.

    Business Relationship — a relationship of the Company established in its economic and professional activities with the Client.

    Client — a natural or legal person, who uses services of the Company.

    Beneficial Owner — is a natural person, who:

    1. Takes advantage of his or her influence, exercises control over a transaction, operation or another person and in whose interests or favour or on whose account a transaction or operation is performed taking advantage of his influence, makes a transaction, act, action, operation or step or otherwise exercises control over a transaction, act, action, operation or step or over another person and in whose interests or favour or on whose account a transaction or act, action, operation or step is made.
    2. Ultimately owns or controls a legal person through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that person, including through bearer shareholdings, or through control via other means. Direct ownership is a manner of exercising control whereby a natural person holds a shareholding of 25% plus one share or an ownership interest of more than 25% in a company. Indirect ownership is a manner of exercising control whereby a company which is under the control of a natural person holds or multiple companies which are under the control of the same natural person hold a shareholding of 25% plus one share or an ownership interest of more than 25% in a company.
    3. Holds the position of a senior managing official, if, after all possible means of identification have been exhausted, the person specified in clause ii cannot be identified and there is no doubt that such person exists or where there are doubts as to whether the identified person is a beneficial owner.
    4. In the case of a trust, civil law partnership, community or legal arrangement, the beneficial owner is the natural person who ultimately controls the association via direct or indirect ownership or otherwise and is such associations’: settlor or person who has handed over property to the asset pool, trustee or manager or possessor of the property, person ensuring and controlling the preservation of property, where such person has been appointed, or the beneficiary, or where the beneficiary or beneficiaries have yet to be determined, the class of persons in whose main interest such association is set up or operates.

    Politically Exposed Person (PEP) — is a natural person who is or who has been entrusted with prominent public functions including a head of state, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a state-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organisation, except middle-ranking or more junior officials.

    1. The provisions set out above also include positions in the European Union and in other international organizations.
    2. A family member of a person performing prominent public functions is the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person; a child and their spouse, or a person considered to be equivalent to a spouse, of a politically exposed person; a parent of a politically exposed person.
    3. A close associate of a person performing prominent public functions is a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person.

    Local Politically Exposed Person or local PEP — a natural person, who performs or has performed prominent public functions in Estonia, a contracting state of the European Economic Area or in an institution of European Union.

    Equivalent Third Country — means a country not a Member State of European Economic Area but applying an equivalent regime to the European Union corresponding (AML) framework (see also Exhibit 1).

    Virtual currency — a value represented in the digital form, which is digitally transferable, preservable or tradable and which persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same directive.

  2. Description of activities of the Company

    The Company is the provider of a virtual currency exchange and wallet services.

    The Company is a subject to authorisation by the FIU.

  3. Compliance Officer

    The MB shall appoint a Compliance Officer whose responsibilities include:

    • monitor the compliance of this Policy with the relevant laws and compliance of the activities of the Company with the procedures established by this Policy;
    • compile and keep updated the data regarding countries with low tax risk, high and low risk of Money Laundering and Terrorist Financing and economical activities with great exposure to Money Laundering and Terrorist Financing;
    • carry out training, instruct and update the Company’s officers and employees on matters pertaining to procedures for prevention of Money Laundering and Terrorist Financing;
    • report to the MB once a year (or more frequently, if necessary) on compliance with this Policy, and on circumstances with a suspicion of Money Laundering or Terrorist Financing;
    • collect, process and analyse the data received from the Company or Clients concerning suspicious and unusual activities;
    • collaborate with and report to the FIU on events of suspected Money Laundering or Terrorist Financing, and respond to enquiries of the FIU;
    • make proposals on remedying any deficiencies identified in the course of checks.
  4. Application of due diligence measures

    The Company shall determine and take due diligence measures using results of conducted risk assessment, and provisions of national risk assessment, published on the web-page of the Ministry of Finance of Estonia.

    Depending on the level of the risk of the Client and depending on the fact whether the Business Relationship is an existing one or it is about to be established, the Company shall apply either standard due diligence measures, or simplified due diligence measures, or enhanced due diligence measures.

    The Company shall also apply continuous due diligence measures to ensure ongoing monitoring of Business Relationships.

    Due Diligence measures shall include the following procedures:

    • Identifying the Client and verifying his or her identity using reliable, independent sources, documents or data, including e-identification;
    • Identifying and verifying Client’s representative;
    • Identifying the Client’s Beneficial Owner;
    • Assessing and obtaining information about the purpose of establishing a Business Relationship;
    • Conducting ongoing due diligence;
    • Obtaining information whether the Client is a PEP or PEP’s family member or PEP’s close associate;
    • Establishing the source of wealth of the Client, where appropriate.

    To comply with the due diligence obligations, the Company shall have the following rights and obligations:

    • to request appropriate identity documents to identify the Client and its representatives;
    • to request documents and information regarding the activities of the Client and legal origin of funds;
    • to request information about Beneficial Owners of a legal person;
    • to screen the risk profile of the Client, select the appropriate due diligence measures, assess the risk whether the Client is or may be involved in Money Laundering or Terrorist Financing;
    • to re-identify the Client or the representative of the Client, if there are any doubts regarding the correctness of the information received in the course of initial identification process;

    Ongoing monitoring of the Business Relationship with the Client includes:

    • Keeping due diligence documents, data and information up-to-date;
    • Paying particular attention to Client’s transactions, leading to criminal activity, Money Laundering or Terrorist Financing;
    • Paying particular attention to the Business Relationship, if the Client resides or conducts his or her business activities in a third country, which is included in the list of high-risk countries (Exhibit 1).

    Due diligence review of a Client is carried out regularly once a year. Updated data shall be recorded in the Company’s Client database.

    Due Diligence review of high-risk Clients shall be carried out every 6 (six) months.

    The Company shall update the Client’s data and conduct due diligence in the following cases when:

    • the Client sends a request to the Company to amend its Client’s Agreement during the term of its validity;
    • the Company has grounds to suspect that the due diligence documents or data gathered earlier are insufficient, incomplete or incorrect. In this case, the Company shall request a face-to-face meeting with the Client;
    • the Company has learnt via independent sources that the activities or data of the Client have changed significantly.
  5. Standard due diligence measures

    The Company shall conduct standard due diligence in the following cases:

    • when establishing a new Business Relationship;
    • when carrying out occasional transactions;
    • when there is a suspicion of money laundering or terrorist financing;
    • when there are doubts about the veracity or adequacy of previously obtained customer identification data.

    No new Business Relationship can be established, if the Client fails to provide documents and appropriate information required in the course of conducting due diligence, or if based on the presented documents, the Company suspects Money Laundering or Terrorist Financing.

    The Company shall not enter into Business Relationships with anonymous Clients.

  6. Identification of a person
  7. Upon implementing due diligence measures the following person shall be identified:

    • Client — a natural or legal person;
    • Representative of the Client — an individual who is authorized to act on behalf of the Client;
    • Beneficial Owner of the Client;
    • PEP — if the PEP is the Client or a person connected with the Client.

    When establishing the business relationship with the Client the Company shall identify and verify the Client either face to face or remotely.

    For identification of a Client and verification of the identity of a Client remotely, the Company shall use:

    • a document issued by the Republic of Estonia for the purpose of digital identification;
    • another electronic identification system within the meaning of the Regulation (EU) No 910/2014 of the European Parliament and of the Council. If the Client is a foreign national, the identity document issued by the competent authority of the foreign country is also used simultaneously.

    In case of identification of a Client and verification of the identity of a Client by using information technology means the Company shall additionally obtain data from a reliable and independent source, e.g. identity documents databases.

    Identification of a Client being a natural person and a representative of a Client who is a legal person

    • to establish a Business Relationship with a Client either face-to-face or remotely.
    • to obtain original documents for identification of a Client. If a Client cannot provide original documents, then certified or authenticated by a notary public or authenticated officially for verification of the identity of the natural person shall be requested.
    • to verify a Client irrespective of the fact whether or not such person is a PEP.
    • to obtain a confirmation from a new Client and, if necessary, from an existing Client for the correctness of the submitted information and data by signing the Client data registration sheet

    Identification of a Client being a legal person

    • to check the information concerning a legal person by accessing the relevant electronic databases (e-commercial register/ e-äriregister and European Business Register);
    • to obtain original corporate documents. If it is not possible to obtain original corporate documents, then corporate documents certified or authenticated by a notary public or authenticated officially for verification of the identity of the legal person shall be requested.
    • to ask the representative of a foreign legal person to present an identity documents and a document evidencing his/her power of attorney, which has been notarised or authenticated pursuant to an equal procedure and legalised or authenticated by a certificate substituting for legalisation (apostille), unless otherwise prescribed by an international agreement;
    • to determine links with a PEP (if any);
    • If the seat of a Client being a legal person is located in a third country, which is included in the list of risk countries (see Exhibit 1), report this to the Compliance Officer, who shall decide on the additional measures to be applied to identifying and background checking of a legal person .

    Documents presented for identification of a legal person shall include at least the following:

    • business name, registry code (number), date of registration, seat and address;
    • names and authorisations of members, of the Management Board or the head of branch or other relevant body.

    A legal representative of a new Client shall confirm the correctness of the submitted information and data by signing the Client data registration sheet.

    Consequences of insufficient identification of a Client

    Should the Company establish that the identification of a Client is insufficient, the Company shall:

    • promptly apply the enhanced due diligence measures pursuant to this Policy;
    • notify the Compliance Officer of the failure to implement normal due diligence in a timely manner;
    • assess the risk profile of a Client.

    Identification of the Beneficial Owner of the Client

    • The Company shall identify and verify the Beneficial Owner(s) of a legal person.
    • There is no need to identify the Beneficial Owners of a Client/company whose securities have been accepted for trading on a regulated securities market.
    • In order identify and verify the Beneficial Owner(s), the Company shall take the following actions:
    • Gather information about the ownership and control structure of a Client on the basis of information provided in pre-contractual negotiations or obtained from another reliable and independent source;
    • In situations, where no single person holds the interest or ascertained level of control to the extent of no less than 25% apply the principle of proportionality to establishing the circle of beneficiaries, which means asking information about persons, who control the operations of the legal person, or otherwise exercise dominant influence over the same;
    • If the documents used to identify a legal person, or other submitted documents do not clearly identify the Beneficial Owners, record the respective information (i.e. whether the legal person is a part of a group, and the identifiable ownership and management structure of the group) on the basis of the statements made by the representative of the legal person, or a written document under the hand of the representative;
    • Verify the presented information, make enquiries to the respective registers, and request an annual report or another appropriate document to be presented;
    • If no natural person is identifiable who ultimately owns or exerts control over a Client and all other means of identification are exhausted, the senior managing official(s) might be considered to be the Beneficial Owner(s);
    • Pay attention to companies established in low tax rate regions (see Exhibit 1).

    While identifying and verifying the Beneficial Owner, the Company may rely on information received in a format reproducible in writing from a credit institution registered in the Estonian commercial register or from the branch of a foreign credit institution, or from a credit institution that has been registered or whose place of business is in a contracting state of the European Economic Area or an Equivalent Third Country (see Exhibit 1) .

    Identification of Politically Exposed Person

    The Company shall implement the following measures to establish whether or not a person is a PEP:

    • asking the Client to provide necessary information;
    • making an enquiry or checking the data on websites of the respective supervisory authorities or institutions of the country of location of the Client.

    If a Business Relationship has been established with a Client, and the Client or its Beneficial Owner subsequently turns out to be or becomes a PEP, the Compliance Officer and MB shall be notified of that.

    In order to establish a Business Relationship with a PEP or a company connected with that person, it is necessary to:

    • take enhanced due diligence measures;
    • establish the source of wealth of a PEP;
    • monitor the Business Relationship on a continuing basis.

    Documents accepted for identification

    In case of Clients being natural persons and the representatives of Clients, the following documents can be accepted for identification:

    • Personal ID card (whether ID card, e-resident card or residence permit card);
    • Passport or diplomatic passport;
    • Travel document issued in a foreign country;
    • Driving licence (if it has name, facial image, signature and personal code or date of birth of holder on it).

    The Company shall make a copy of the page of identity document which contains personal data and photo.

    In addition to an identity document, the representative of a Client shall submit a document in the required format certifying the right of representation.

    Legal person and its passive legal capacity shall be identified and verified on the basis of the following documents:

    • in case of legal persons registered in Estonia and branches of foreign companies registered in Estonia, the identification shall be conducted on the basis of an extract of a registry card of commercial register;
    • foreign legal persons shall be identified on the basis of an extract of the relevant register or a transcript of the registration certificate or an equal document, which has been issued by competent authority or body not earlier that six months before submission thereof.

    If the Client is a natural person, the following data shall be recorded:

    • Name of the Client;
    • Personal identification code (in case of absence the date and place of birth and place of residence);
    • Information regarding identification and verification of the right of representation. If the right of representation does not arise from law, name of the document used for establishing and verification of the right of representation, the date of issue and the name or name of the issuing party.

    If the Client is a legal person, the following data shall be recorded:

    • Name of the Client;
    • Registry code (or registration number and registration date) of the Client;
    • Names and authorisations of members of the Management Board or the head of branch or the other relevant body;
    • Telecommunications numbers.

    Simplified due diligence measures

    Simplified DD measures may be taken, if the Client is:

    • A company listed on a regulated market that is subject to disclosure requirements consistent with European Union law;
    • a legal person governed by public law founded in Estonia;
    • a governmental authority or another authority performing public functions in Estonia or a contracting state of the European Economic Area;
    • an authority of the European Union;
    • a credit institution or a financial institution, acting on behalf of itself, located in a contracting state of the European Economic Area or in a third country (see Exhibit 1), which in the country of location is subject to equal requirements and the performance of which is subject to state supervision.

    Upon identifying and screening of such Clients, the following circumstances, if present concurrently, shall be considered criteria pointing to low level of risk:

    • the Client can be identified on the basis of publicly available information;
    • the ownership and control structure of the Client is transparent and constant;
    • the operations of the Client and their accounting or payment policies are transparent;
    • Client reports to and is controlled by an authority of executive power of Estonia or a contracting state of the European Economic Area, another agency performing public duties, or an authority of the European Union.

    Enhanced due diligence measures

    Enhanced DD measures must be taken in cases where the risk level of the Client is high.

    The Company shall establish the Client’s risk profile and determine the risk category in accordance with this Policy. The risk category may be altered during the course of the Business Relationship, taking into consideration the changes in data gathered.

    The Company when entering into a Business Relationship with a new Client detects that there is at least one of the following high-risk characteristics present in respect of a Client, shall consult with and report to the Compliance Office, and shall take the due diligence measures set out in this Policy.

    The Company shall apply enhanced due diligence measures in the following situations:

    • when suspicion arises regarding truthfulness of the provided data and/or of authenticity of the identification documents regarding the Client or its Beneficial Owners;
    • the Client is a PEP;
    • the Client is from or the seat of a Client being a legal person is located in a third country, which is included in the list of risk countries (see Exhibit 1);
    • in case of companies that have nominee shareholders or shares in bearer form;
    • in a situation when cases of money laundering and/or terrorist financing are suspected.

    Enhanced due diligence measures shall include at least one the following measures in addition to normal due diligence measures as described above:

    • Identification and verification of a Client on the basis of additional documents, data or information, which originates from a reliable and independent source;
    • Identification and verification of a Client while being present at the same place;
    • Asking the identification or verification documents to be notarised or officially authenticated;
    • Obtaining additional information on the purpose and nature of the Business Relationship and verification from a reliable and independent source;
    • Reassessment of a risk profile of a Client not later than 6 months after establishment of Business Relationship.

    After conducting enhanced due diligence, the MB shall decide whether to establish or continue the Business Relationship with the Client in whose respect the enhanced due diligence measures were taken.

    Risk assessment

    The Company shall establish a risk profile of a Client based on information gathered under this Policy.

    The Company applies the following risk categories:

    • Normal risk (when there are no high risk characteristics present);
    • High risk, which is subcategorized into High risk I and High risk II.

    Only the Compliance Officer shall have the right to assign and change the risk category assign to a Client.

    Assessment of risk profile of natural persons

    When establishing the risk category of a Client being a natural person, the country of residence of the Client, the region where the Client operates, and status of PEP shall be taken into account.

    If there are several characteristics of the category “High risk I” present, or if, in addition to the characteristics of “High risk I”, at least one of the “High risk II” characteristics is present, the Client shall be determined to be falling into the category “High risk II”.

    Assessment of risk profile of legal persons

    When establishing the risk category of a legal person, assessment shall be based on the country of location of the legal person, its area of activity, the transparency of ownership structure and the management.

    If there are several characteristics of the category “High risk I”, or if, in addition to the characteristics of “High risk I”, at least one of the “High risk II” characteristics is present, the Client shall be determined to be falling into the category “High risk II”.

    Registration and storage of data

    The Company shall ensure that Client’s data are registered in the Company’s Clients database within the required scope.

    Registration of data of a Client who is natural person

    The following obtained data shall be recorded and kept:

    • name, personal ID code or, in the absence of the latter, date of birth and the address of the person’s permanent place of residence and other places of residence;
    • the name and number of the document used for identification and verification of the identity of the person, its date of issue and the name of the issuing authority;
    • occupation, profession or area of activity — establish the area of activity (occupation) and the status of the person (trader, employee, student, pensioner);
    • information about whether the person is performing or has performed prominent public functions, or is a close associate or family member of the person performing prominent public functions;
    • citizenship and the country of tax residency;
    • the origin of assets.

    Registration of data of a Client who is a legal person

    The following information on the Client being a legal person shall be recorded and kept:

    • name, legal form, registry code, address, date of registration and activity locations;
    • information concerning means of communication and contact person(s);
    • names of the members of the management board or an equivalent governing body, and their powers to represent the Client, and whether any of them is a PEP;
    • information about the Beneficial Owners;
    • Field(s) of activity (i.e. the NACE codes);
    • name and number of the document used for identification and verification of the identity, its date of issue and the name of the issuing authority;
    • country of tax residency of the legal person (VAT number);
    • date of registration of the legal person in the Company’s database;
    • purpose of the Business Relationship;
    • origin of assets (normal business operations/other);

    The following information about the Beneficial Owner shall be recorded:

    • Name, personal ID code or, in the absence of the latter, date of birth and place of residence;
    • type of control over the enterprise (e.g. shareholder);
    • is the person a PEP;

    If the Business Relationship is established by the representative of the Client with the use of the ID card or other e-identification system, the data of the document used for identification is saved automatically in the digital signature.

    If identification takes place at a face-to-face meeting with the representative of the Client, the data of the document used for identification is recorded on the copy of the identification document.

    Information from the B-card, i.e. the legal representatives of the Client being a legal person stated on the B-card, shall be recorded on the Client data registration sheet or the contract concluded with the Client.

    The Company shall record all the data regarding:

    • Company’s decision to refuse establishment Business Relationship. The Company shall record all the data, if, as a result of taking due diligence measures, a client refuses to establish the Business Relationship.
    • Impossibility to take due diligence measures due to information technology means;
    • Termination of the business relationship, as a result of impossibility to apply due diligence measures;

    Storage of Data

    The respective data is stored in a written format and/or in a format reproducible in writing and, if required, it shall be accessible by all appropriate staff of the Company.

    The originals or copies of the documents, which serve as the basis for identification of a client, and of the documents serving as the basis for establishing a Business Relationship, shall be stored for at least five (5) years following the termination of the Business Relationship.

    The data of the document prescribed for the digital identification of a Client, information on making an electronic query to the identity documents database, and the audio and video recording of the procedure of identifying the person and verifying the person’s identity shall be stored at least five (5) years following the termination of the Business Relationship.

    The following information has to be also stored:

    • manner, time and place of submitting or updating of data and documents;
    • name and position of the Company’s representative who has established the client’s identity, checked or updated the data.

    Reporting

    Notification the Compliance Officer

    Any circumstances identified in the Business Relationship are unusual or suspicious or there are characteristics which point to Money Laundering, Terrorist Financing, or an attempt of the same the Representative shall promptly notify the Compliance Officer .

    The Compliance Offiecr shall analyse and forward the respective information to the MB.

    Notification to FIU

    Before reporting any transaction connected with suspected Money Laundering or Terrorist Financing to the FIU, the Compliance Officer shall analyse the content of the information received, considering the Client’s current area of activity and other known information.

    The Compliance Officer shall decide whether to forward the information to the FIU and the MB shall decide whether to terminate the Business Relationship.

    The Compliance Officer shall make a notation “AML” behind the name of the Client in the Company’s Client database or on the documents, and shall notify the FIU promptly, but not later than within 2 business days after discovering any activities or circumstances or arising of suspicion, using the respective web-form for notifying the FIU. Copies of the documents as set forth by guidelines of FIU or further requested by FIU shall be appended to the notice.

    The FIU shall be notified of any suspicious and unusual transactions where, including such where the financial obligation exceeding 32,000 euros or an equivalent amount in another currency is performed in cash, regardless of whether the transaction is made in a single payment or several related payments.

    The Compliance Officer shall store in a format reproducible in writing any reports received from the Company’s employees about suspicious circumstances, as well as all information gathered to analyse such notices, as well as other linked documents and notices to be forwarded to the FIU, along with the time of forwarding the notice, and the information about the employee who forwarded the same.

    The Client who is reported to the FIU as being suspicious, may not be informed of the same.

    It is also prohibited to inform any third persons, including other employees, of the fact that information has been reported to the FIU, and the content of the reported information, except for the MB/Compliance Officer.

    Termination of the Business Relationship with a Client in the event of suspected Money Laundering and Terrorist Financing

    Pursuant to law, the Company is obliged to extraordinarily and unilaterally terminate the Business Relationship without observing the advance notification period, if:

    • The Client fails to present upon identification or upon updating the previously gathered data or the taking of due diligence measures, true, full and accurate information, or
    • The Client or a person associated with the Client does not present data and documents evidencing of the lawfulness of the economic activities of the Client, or
    • the Company suspects for any other reasons that the Client or the person associated with the Client is involved in Money Laundering or Terrorist Financing, or
    • the documents and data submitted by the Client do not dispel the Company’s suspicions about the Client’s possible links with Money Laundering or Terrorist Financing.

    The decision on terminating the Business Relationship shall be taken by the Management Board, considering also the proposal of the Compliance Officer.

    The Client shall be notified of the termination of Business Relationship in writing. Note about the cancellation of the Business Relationship shall be made in the Company’s Client database or documentation, and a note “AML” shall be added to the Client’s data.

    Indemnification of the Company

    • The Company including its employees and representatives shall not, upon performance of the obligations arising from this Policy, be liable for damage arising from failure to carry out any transactions (by the due date) if the damage was caused to the persons in connection with notification to the FIU of the suspicion of Money Laundering or Terrorist Financing in good faith, or for damage caused to a Client or in connection with the cancellation of a Business Relationship.
    • Fulfilment of the notification obligation by the employee acting in good faith, and reporting the appropriate information shall not be deemed breach of the confidentiality obligation imposed by the law or the contract, and no liability stemming from the legislation or the contract shall be imposed upon the person who has performed the notification obligation.

    Implementation of International Sanctions

    The Company shall implement International Sanctions in force.

    Company’s employees and representatives shall draw special attention to all its Clients (present and new), to the activities of the Clients and to the facts which refer to the possibility that the Client is a subject to International Sanctions. Control and verification of possibly imposed International Sanctions shall be conducted by the Company’s employees and representatives as part of due diligence measures applied to the Clients in accordance with this Policy.

    Company’s employees and representatives who have doubts or who know that a Client is subject to International Sanctions, shall immediately notify the Compliance Officer. In case of doubt, if the Compliance Officer finds it appropriate, the Representative shall ask the Client to provide additional information that may help to identify whether he/she is subject to International Sanctions or not.

    The Compliance Officer shall be responsible for the implementation of International Sanctions.

    The Compliance Officer shall:

    1. regularly follow the webpage of FIU ( https://www.politsei.ee/et/organisatsioon/rahapesu/finantssanktsiooni-subjekti-otsing-ja-muudatused-sanktsioonide-nimekirjas/) and immediately take measures provided for in the act on the imposition or implementation of International Sanctions;
    2. upon entry into force of an act on the imposition or implementation of International Sanctions, the amendment, repeal or expiry thereof, immediately check whether any of the Clients is subject to International Sanctions with regard to whom the financial sanction is imposed, amended or terminated;
    3. if an act on the imposition or implementation of International Sanctions is repealed, expires or is amended in such a manner that the implementation of International Sanctions with regard to the subject of International Sanctions is terminated wholly or partially, terminate the implementation of the measure to the extent provided for in the act on the imposition or application of International Sanctions;
    4. keep an updated record of subjects of International Sanctions and submit this information to the Company’s employees and representatives in the form that allows to use this information in the course of their activity;
    5. provide training to the Company’s employees and representatives that allow them to establish independently the subjects of International Sanctions;
    6. assist the Company’s employees and representatives if they have doubt or knowledge that a Client is a subject to International Sanctions;
    7. supervise the application of this Policy regarding the implementation of International Sanctions by the Company’s employees and representatives;
    8. review and keep updated this Policy regarding the implementation of International Sanctions
    9. notify FIU of Clients who are subject to International Sanctions or in part of whom the Compliance Officer Company’s employees and representatives have doubts;
    10. keep record of made checks, notifications submitted to FIU and applied measures in part of detected subjects to International Sanctions.

    When making checks on Clients as to detect whether they are subject to International Sanctions, the following information shall be recorded and preserved for five years:

    1. Time of inspection;
    2. Name of person who carried out inspection;
    3. Results of inspection;
    4. Measures taken.

    If in the course of the check, it shall be detected that a Client or a person who used to be a Client is subject to International Sanctions, the Compliance Officer shall notify the Representatives who dealt with this Client, the Management Board and FIU. The notification shall be submitted at least in the way that allows its reproduction in writing.

    The Client who is subject to International Sanctions and about whom the notification is made, shall not be informed of the notification.

    Application of special measures and sanctions on the Client who is detected to be subject to International Sanctions should be authorized by FIU.

    When making checks of Clients, the possible distorting factors in personal information (i.e. way of written reproduction of name etc.) must be kept in mind.

    Training

    The Company shall ensure that all Company’s employees and representatives who have contacts with Clients or matters involving Money Laundering are provided with regular training and information about the nature of the Money Laundering and Terrorist Financing risks, as well as any new trends within the field. The Compliance Officer shall arrange regular training concerning prevention of Money Laundering and Terrorist Financing to explain the respective requirements and obligations.

    Initial training is provided at the start of each employee’s/representative’s service. The Company’s employees and representatives who are communicating with the Clients directly may not start working before they have reviewed and committed to the adherence of this Policy or participated in the Money Laundering and Terrorist Financing prevention training.

    Training is provided regularly, at least once a year, to all Company’s employees and representatives and other relevant designated staff of the Company. Training may be provided also using electronic means (conference calls, continuous e-mail updates provided confirmation on receipt and acceptance is returned and similar means).

    Training materials and information shall be stored for at least 3 (three) years.

    Internal audit and amendment of this Policy

    Compliance with this Policy shall be inspected at least once a year by the Compliance Officer.

    The report on the results of the inspection concerning the compliance with the measures for prevention of Money Laundering and Terrorist Financing shall set out the following information:

    • time of the inspection;
    • name and position of the person conducting the inspection;
    • purpose and description of the inspection;
    • analysis of the inspection results, or the conclusions drawn on the basis of the inspection.

    If the inspection reveals any deficiencies in this Policy or their implementation, the report shall set out the measures to be applied to remedy the deficiencies, as well as the respective time schedule and the time of a follow-up inspection.

    If a follow-up inspection is carried out, the results of the follow-up inspection shall be added to the inspection report, which shall state the list of measures to remedy any deficiencies discovered in the course of the follow-up inspection, and the time actually spent on remedying the same.

    The inspection report shall be presented to the MB, who shall decide on taking measures to remedy any deficiencies discovered.

    ***

    Exhibit 1

    Exhibit 1a. Contracting states of the European Economic Area

    Please refer to  http://elik.nlib.ee/pohifakte-euroopa-liidust/liikmesriigid-euroopa-majanduspiirkonna-riigid/

    Exhibit 1b. Countries who have established Anti-Money Laundering requirements equivalent to the European Union AML framework

    Please refer to  https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations_en

    Exhibit 1c. List of risk countries (countries which according to FATF does not follow requirements of prevention of Money Laundering and Terrorism Financing)

    Please refer to: http://www.fatf-gafi.org/countries/#high-risk

    Exhibit 1c. List of risk countries (countries which according to the FIU are under big threat of terrorism)

    Afghanistan, Algeria, United Arab Emirates, Bahrein, Bangladesh, Egypt, Indonesia, Iraq, Iran, Yemen, Jordanian, Qatar, Kuwait, Lebanon, Libya, Malaysia, Mali, Morocco, Mauritania, Nigeria, Oman, Pakistan, Palestine, Saudi Arabia, Somalia, Sri Lanka, Sudan, Syria, Tunisia, Turkey, Ethnic groups of Caucasus belonging to Russian Federation (chechens,lesgid, ossetians, ingushes etc.)

    Exhibit 1d. List of countries that are NOT regarded as low tax rate countries

    https://www.emta.ee/et/ariklient/tulud-kulud-kaive-kasum/mitteresidendi-eesti-tulu-maksustamine/nimekiri-territooriumidest