INTRODUCTION

This risk assessment policy establishes grounds for the Company’s risk management of money laundering (ML), terrorist financing (TF) and violation of Sanctions risks, and documents risk appetite and risk assessment performed in accordance with this policy. This policy is the subject of a review by the Management Board at least annually. The proposal for a review and the review of this policy may be scheduled more often by the decision of the Head of Compliance or Internal Control Officer. The definitions used in this policy shall be interpreted in accordance with definitions and wordings provided for in the AML Policy, which annex this policy is.

RISK ASSESSMENT PROCEDURE

The Company shall prepare and regularly update the risk assessment in order to identify, assess, analyse and manage the risks of ML, TF or violation of Sanctions within the course of services provision. The process of risk assessment, executed by the Company shall include at least the following stages:

The risk assessment and the establishment of the risk appetite shall be documented, and the documents shall be updated when it is required. In the course of the Companies risk assessment at least the following relevant sources shall be used:

THE RISK CATEGORIES & RISK FACTORS

The Company identifies the risks/threats related to its activities, as well as the risks/threats that may arise in the near future, that is foreseeable risks/threats, and assess and analyse their significance and impact. The risks/threats are identified and assessed on a case-by-case basis as of the moment of the risk assessment and separately considering the situation where the Company should take the risks to the maximum extent permitted by the risk appetite. The Company identifies, assesses, and analyses risks of money laundering, terrorist financing and violation of Sanctions taking into account the following risk categories:

The Company shall identify risk factors for the risk categories specified above that may affect the risk of ML, TF or violation of Sanctions within the course of services provision when the presence of the relevant risk factor in relation the Customer was established.

THE RISK ASSESMENT SCALES

The Company shall identify residual risk for each risk factor identified by using the following method:

When calculating the residual risk score, the following scoring scales shall be applied. The specific calculations are shown in the table of this policy below. A risk assessment starts with determining the inherent risks/risk factors, i.e. the risks that exist if there are no control measures in place to mitigate them. Inherent risks consist of threats and vulnerabilities. Threats and vulnerabilities are caused by external factors such as clients (incl. their location), products or delivery channels.

Impact

Impact is the negative influence on the continuity of the Company’s business when a risk factor occurs. The risk factor’s impact should be assessed with considering the consequences that may occur when the risk of ML, TF or violation of Sanction has taken place within the services provision when the relevant risk factor presence was established. The risk factor’s impacts shall be assessed with the use of the following scale:

Impact score Description
Low - 1 point
Short term or low costs consequences – warning or instructions of the regulatory body.
Medium - 2 points
Medium term consequences with some costs and/or some non-financial damages (e.g., reputational) - the regulatory action in the form of public reprimand or fine may be imposed.
High – 3 points
Long term, high costs consequences and/or high non-financial damages (e.g., reputational) - regulatory action in the form of revocation of the license(s) or regulatory fine in the amount of more than 100 000€ may be imposed.
Unacceptable - 4 points
Punishment as for the criminal offence for the Company or Senior Management, as well as fine for the Company in the amount more than 200 000 € may be imposed.

Likelihood

Likelihood is the chance that an impact occurs. The risk factor’s impact occurrence likelihood should be assessed in the context of involvement of the Company in ML or TF within the course of the services provision when the relevant risk factor presence was established in relation to the Customer. For the assessment of likelihood’s impact, the following scale shall be used.

Likelihood score Description
Rare - 1 point
May happen only in exceptional circumstances.
Unlikely - 2 points
May occur infrequently.
Possible – 3 points
May occur frequently.
Almost certain - 4 points
May occur in most cases.

Controls

The scope of controls used for risk’s mitigation shall be assessed by using the following scale.

Control score Description
Negligible- 1 point
There are no mitigation measures established for or measures established cannot decrease the risk factor’s likelihood and/or impact
Weak - 2 points
There is a number of mitigation measures which can insignificantly decrease the risk factor’s of likelihood and/or impact.
Medium – 3 points
There is a number of mitigation measures which can decrease the risk factor’s likelihood and/or impact.
Strong - 4 points
There is a number of mitigation measures which can significantly decrease the risk factor’s likelihood and/or impact.

Residual Risk Score

The residual risk is the level of risk that remains after applicability of controls related to the risk factors identified (mitigation). The risk factor’s residual score shall be used for the further determination of the Customer’s risk profile. The following scale (points regarding circumstances) for the each identified risk factor’s residual risk shall be used.

Residual risk score Description
Low – 0-1 point
After mitigation risk factor has insignificant or it does not affect the occurrence of risks of ML or TF or violation of Sanctions and does not increase or does increase insignificantly the occurrence of such risks
Medium – from 1,1 up to 2,9 points
After mitigation risk factor has medium affect to the occurrence of risks of ML or TF or violation of Sanctions and to the increase of the occurrence of such risks
High – from 3 up to 7,9 points
After mitigation risk factor has significant affect to the occurrence of risks of ML or TF or violation of Sanctions and to the increase of the occurrence of such risks.
Prohibited – more than 7,9 points
Risk factor does not meet the Company’s risk appetite.

MODEL TO IDENTIFY THE CUSTOMER´S RISK PROFILE

The Company shall analyze the data obtained during implementation of CDD/EDD measures, compare the aforementioned data with risk factors identified in the risk assessment for each ML/TF risk category and determine the Customer’s risk profile in accordance with the following. For the Customer´s risk assessment the Company uses the following risk categories:

For the each of aforementioned risk categories following risk score may be identified:

  • low risk (1 point) -

    no influential risk factors exist in risks category, the Customer itself and the Customer’s activities are transparent and do not deviate from the usual activities, i.e. the activities of a reasonable and average person, in that field of activity, and there is no suspicion that the risk factors as a whole could lead to the realization of the risk of money laundering or terrorist financing;

  • medium risk (2 points) -

    one or several risk factors exist in the risks category that deviate from the usual activities of a person acting in that field of activity, but the activity is still transparent and there is no suspicion that the risk factors as a whole could lead to the realization of the risk of money laundering or terrorist financing;

  • high risk (3 points) –

    one or several risk factors exist in the risks category that as a whole raises suspicion of the transparency of the Customer and their activities, which causes the person to deviate from persons usually acting in that field of activity and it is at least possible that money laundering or terrorist financing is taking place;

  • prohibited risk (4 points) –

    risk is not acceptable by the Company due to risk appetite established.

Each risk category shall be assessed in accordance with risk factors identified for the Customer. The score for risk category shall be determined in accordance with higher identified risk factor´s residual score in the risk category. The Customer’s risk profile shall be determined as higher risk score of the any of risk categories. The Customer’s risk profile may be determined as “low” only in case when all risk categories have low residual risk score determined. In case when no risk factors established in a category – the medium risk shall be established for the risk category. The Customer’s risk score shall be saved in the Company’s internal system.

INCIDENTS´ MANAGEMENT

The Company shall manage incidents, which related to the occurrence or potential occurrence of risks of money laundering and terrorist financing and shall establish the risks which were not considered during the latest risk assessment. The Company shall keep a register of such incidents, which shall contain at least the following data:

THE UPDATE OF RISK ASSESSMENT

The Company shall update or renew the risk assessment when necessary, but not less than once per year. The Company's is obligated to update risk assessment in the each of the following cases:

The Company shall update risk assessment and the related documents before:

THE COMPANY´S RISK APPETITE STATEMENT

Introduction

This Company’s risk appetite statement, together with the risk assessment, establishes the approach through which risk appetite is established, communicated, and monitored, including risk appetite statement, risk thresholds and limits for the material risks, and an outline of the roles and responsibilities of those overseeing the implementation and monitoring of the risk appetite of the Company. The risk appetite is basis for risk management principles and risk-taking activities and establishing vision and strategy of risks that Company is prepared to accept and manage in pursuit of its business objectives. The objective of the risk appetite is to establish an appropriate and consistent links between the Company’s business strategy, the risk strategy, and the risk mitigation measures. The risk appetite is based on the Company’s strategy and business plans. The Company’s risk appetite statement should be approved by the Senior Management. The risk appetite statement will thereafter be reviewed at least once a year, taking into account changes in applicable laws and regulations and the Companies’ strategic plans. In the event of changes in applicable laws and regulations, the risk appetite statement will be revised as soon as possible or within the timeframe for applicability of the new requirements.

The Companies’ vision

The Companies focus on the services as defined in the Company’s program of operations (annex 3). The Company’s risk appetite is limited to providing aforementioned services. The Companies determined that the Business Relationships will be established with the Customers from a country outside the European Economic Area.

The Companies’ vision

The Company does not enter into the Business Relationship with Customers with the following characteristics:

All other Customers may be accepted by the Company, if the relevant CDD/EDD measures have been applied.

THE RISK ASSESSMENT

Risks related to customers

Description of risk factor Considerations (incl. quantitative data) Impact Likelihood Mitigation Actions Score of Controls Residual risk (score) Way for risk factor’s identification and continuous monitoring
The customer is a company which securities are admitted to trading on a regulated market in one or more Member States of the EEA or other foreign company which securities are traded on regulated markets and which are subject to disclosure requirements consistent with the European Union legislation
This risk factor is considered as being risk decreasing by applicable legislation and guidelines of competent authorities.
2
1
May apply CDD measures in relation to the Customer in accordance with AML policy and document “Requirements for data collection and verification”.
3
Low (0,6)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The customer is state or municipal institution or agency or the Bank of Lithuania
This risk factor is considered as being risk decreasing by applicable legislation and guidelines of competent authorities.
2
1
May apply CDD measures in relation to the Customer in accordance with AML policy and document “Requirements for data collection and verification”.
3
Low (0,6)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The customer is a financial institution covered by Lithuanian Law, or a financial institution registered in another Member State of the EEA or in a third country which imposes requirements equivalent to those laid down in Lithuanian Law and is supervised by competent authorities for compliance with those requirements and international organisations have identified a low level of corruption in that country (CPI < 59)
This risk factor is considered as being risk decreasing by applicable legislation and guidelines of competent authorities.
2
1
May apply CDD measures in relation to the Customer in accordance with AML policy and document “Requirements for data collection and verification”.
3
Low (0,6)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The customer is a natural person
N/A
2
2
Shall be applied CDD measures in relation to the Customer in accordance with AML policy and document “Requirements for data collection and verification”.
3
Medium (1,3)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The customer is a legal entity with a firm and transparent structure and data of management bodies and beneficial owners that are not listed on regulated market
N/A
3
4
Refusal to onboard the Customer and engage in business relationship.
3
Medium (1,3)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The customer is a legal entity of any form whose structure of the management bodies and/or beneficial owners is confusing and the relevant data is verified on the basis of the statement of the customer’s representative and/or internal or non-public documents provided by the customer
This risk factor is considered as being risk decreasing by applicable legislation and guidelines of competent authorities.
3
4
Refusal to onboard the Customer and engage in business relationship.
2
High (6)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The ownership structure of the customer seems, when considering the activities of the company, unusual or too complicated
This risk factor is considered as creating increasing risk by applicable legislation and guidelines of competent authorities. Risk factor is applicable when the Customer’s representative has no adequate explanations regarding ownership structure.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (4,5)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the S ShuftiPro solution.
The customer has provided incomplete or insufficient KYC information
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (4,5)
Shall be identified and verified by the relevant KYC service provider’s solution.
The customer is significantly old (age over 70)
Due to nature of the Company’s services, they are usually used by younger Customers: old people are less involved in activities related to virtual currencies and such people are more vulnerable for fraud and other crimes.
3
2
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (3)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The Customer’s appearance and behavior is not in line with the nature of the transaction performed by the Customer,
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions.
3
2
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (3)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the the relevant KYC service provider’s solution and the Chainalysis’s solution.
The customer’s activity includes one of the following activities:
• Illegal drugs, substances designed to mimic illegal drugs, and equipment designed for making or using drugs
• Products and services that are unfair, predatory, or deceptive Pyramid schemes
• ‘Fast Money’ schemes
• Negative reviews marketing and telemarketing
• Predatory investment opportunities with no or low money down
• Pornography and other mature audience content (including literature, imagery and other media) depicting nudity or explicit sexual acts
• Adult services including prostitution, escorts, pay-per view, sexual massages, online cameras and adult live chat features
• Firearms, explosives and dangerous materials
• Guns, gunpowders, ammunitions, weapons, fireworks and other explosives Peptides, research chemicals, and other toxic, flammable and radioactive materials Gambling, Games of chance, Lotteries, Betting, Sports betting.
• Unregulated Marijuana products
• Unregulated Securities brokers, Assets managements, Trust funds
• Multi-Level Marketing schemes
Mentioned fields of activities are more vulnerable for ML/TF and violation of Sanctions.
3
4
Refusal to onboard the Customer and engage in business relationship.
1
Prohibited (12)
verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The customer is less than 18 years old or doesn’t have legal capacity in their country of residence
There’s no opportunity to perform CDD/EDD measures in the necessary amount and such Customers are not in line with the Company’s risk appetite.
3
4
Refusal to on board the Customer and engage in business relationship.
1
Prohibited (12)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The Customer who is a legal entity is an NGO
This risk factor is considered as increasing risk by guidelines of competent authorities and such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The Customer who is a legal entity is an association of persons that does not have the status of a legal entity
This risk factor is considered as increasing risk by guidelines of competent authorities and such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The Customer is subject to negative news related to ML , TF, violation of Sanctions and/or other offences (Adverse Media)
The Customer’s involved in such activities may seek for opportunities to continue these activities by using the Company’s services. For this reason, such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
rohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the the relevant KYC service provider’s solution.
The customer is PEP, the family member of the PEP or a person known to be the close associate of the PEP
This factor is considered as risk heightening by the relevant regulations and authorities’ guidelines. There’s no opportunity to perform CDD/EDD measures in the necessary amount and such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the relevant KYC service provider’s solution.
The beneficial owner of the Customer (who is a natural person) is some third person
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions. There’s no opportunity to perform CDD/EDD measures in the necessary amount and such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution and the Chainalysis ’s solution.
The customer is a subject of European Union or UN sanctions
In some cases subjects of Sanctions can’t be involved in transactions with the Company. For this reason, such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
1
Prohibited (16)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the relevant KYC service provider’s solution.
The Customer has provided forged or edited KYC documents (e.g., identity documents, source of funds, etc.)
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions. For this reason, such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
1
Prohibited (16)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the relevant KYC service provider’s solution.
The Customer is a legal entity that has nominee shareholders or bearer shares or its affiliate has nominee shareholders or bearer shares
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions. For this reason, such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The Customer is a legal entity or another association of persons that does not have the status of a legal entity, if their economic activity does not have a reasonable and clear economic or lawful objective or it is not characteristic of a specific business field;
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions. For this reason, such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.
The Customer is legal entity or entity that not having legal personality and is personal asset-holding vehicle.
This activity may point to the Customer’s plans being involved in ML, TF or violation of Sanctions. For this reason, such Customers are not in line with the Company’s risk appetite.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by ShuftiPro solution. Shall be monitored in the course of ODD measures by the ShuftiPro solution.

Risks related to countries, geographic areas or jurisdictions

Description of risk factor Considerations (incl. quantitative data) Impact Likelihood Mitigation Actions Score of Controls Residual risk (score) Way for risk factor’s identification
The Customer’s place of residence and location is in the European Economic Area
It includes the following countries: Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Iceland, Liechtenstein, Norway, Switzerland. This risk factor is considered as lowering risk by applicable legislation and guidelines of competent authorities.
2
1
Shall be applied CDD measures in relation to the Customer in accordance with AML policy and document “Requirements for data collection and verification”.
3
Low (0,6)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The Customer’s place of residence or location is not in the European Economic Area
This factor is considered as risk heightening by the relevant regulations and authorities’ guidelines
3
2
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (3)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The Customer’s place of residence or location is in high-risk third country.
It includes the following countries:1 Afghanistan, Barbados, Burkina Faso, Cambodia, Cayman Islands, Haiti, Jamaica, Jordan, Mali, Morocco, Myanmar, Nicaragua, Pakistan, Panama, the Philippines, Senegal, South Sudan, Syria, Trinidad and Tobago, Uganda, Vanuatu, Yemen, Zimbabwe. Iran and North Korea and some other countries are prohibited countries as provided below.
4
4
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The Customer’s place of residence or location is in a country or jurisdiction which, based on the trustworthy sources in the country like mutual assessments, detailed assessment reports or published follow-up reports, has no valid and efficient systems of the prevention of money laundering and terrorist financing
It includes the following countries (according FATF):2 Albania, Barbados, Burkina Faso, Cambodia, Cayman Islands, Gibraltar, Haiti, Jamaica, Jordan, Mali, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Philippines, Senegal, South Sudan, Syria, Turkey, Uganda, United Arab Emirates, Yemen. This risk factor is considered as increasing risk by applicable legislation and guidelines of competent authorities. Some of these countries are not in line with the Company’s risk appetite.
4
4
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The Customer’s place of residence or location is in a country or jurisdiction, which is subject to sanctions, embargos or similar measures issued by the European Union or the United Nations.
It includes the following countries:3 Afghanistan, Belarus, Bosnia & Herzegovina, Burundi, Central African Republic, China, Democratic Republic of the Congo, Guinea, Guinea-Bissau, Haiti, Iraq, Lebanon, Libya, Mali, Moldova, Montenegro, Myanmar (Burma), Nicaragua, Russia, Serbia, Somalia, South, Sudan, Sudan, Syria, Tunisia, Turkey, Ukraine, United States, Venezuela, Yemen, Zimbabwe. This risk factor is considered as increasing risk by applicable legislation and guidelines of competent authorities. Iran and North Korea and some other countries are prohibited countries as provided below.
4
4
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The customer, person participating in a transaction or the transaction itself is related to a country, which in the FATF blacklist or which is included in the list of the State Sponsors of Terrorism
It includes the following countries:4,5 Cuba, Iran, DPRK or Syrian Arab Republic
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The Customer’s place of residence or location is in a country which doesn´t correspond with the Company’s risk appetite.
It includes the following countries: Afghanistan, Albania, Barbados, Belarus, Bosnia and Herzegovina, Burkina Faso, Burundi, Cambodia, Cayman Islands, Central African Republic, China, Congo, The Democratic Republic of the Congo, Guinea- Bissau, Gibraltar, Haiti, Iran, Iraq, Jamaica, Japan, Jordan, Lebanon, Libya, Mali, Morocco, Mozambique, Myanmar, Nicaragua, North Korea, Panama, Philippines, Russia, Senegal, Somalia, South Sudan, Sudan, Syria, Tanzania, United Republic of Tanzania, Turkey, Uganda, Ukraine, USA, Venezuela, Yemen, Zimbabwe.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.
The wallet used by the Customer in transaction has high-risk score (incl. use of tumbler/mixer, etc.).
The Customer’s behavior may be linked to ML/TF or violation of Sanctions.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”. Purpose of transaction shall be clarified.
2
High (4,5)
Shall be monitored in the course of ODD measures by the relevant Chainalysis solution.
The Customer's transactions originate from or are destined to online gambling services
Such services are more vulnerable for ML/TF and violation of Sanctions.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”. Purpose of transaction shall be clarified.
2
High (4,5)
Shall be monitored in the course of ODD measures by the Chainalysis solution.
The Customer’s business activity or transactions are inconsistent with the customer profile (e.g. avaliable wealth, historical financial profile)
The Customer’s behavior may be linked to ML/TF or violation of Sanctions.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”. Purpose of transaction shall be clarified.
2
High (4,5)
Shall be monitored in the course of ODD measures by the Chainalysis solution.
The Customer repeatedly uses in transactions wallet(s) with high-risk score (incl. use of tumbler/mixer, etc.) and explanation about such transactions is insufficient.
The Customer’s behavior may be linked to ML/TF or violation of Sanctions.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be monitored in the course of ODD measures by the Chainalysis solution.
The Customer is providing fraudulent documents in the course of service provision (incl. SoF documents, etc.).
Such behavior is not acceptable by the Company and may rely to the Customer’s intend to participate in ML, TF or violation of Sanctions.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the relevant KYC service provider’s solution.
The Customer links several credit cards to their VA wallet to withdraw funds or deposit funds from ATM’s VA deposits to the credit cards or bank account
The Customer’s behavior may be linked to ML/TF or violation of Sanctions.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be monitored in the course of ODD measures by Chainalysis solution.
The Customer's transactions or business activity is abnormal and/or seemingly unnecessary and does not have logical business explanation
The Customer’s behavior may be linked to ML/TF or violation of Sanctions.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be monitored in the course of ODD measures by the Chainalysis solution.
The Customer's activity suggests that the customer might favour anonymity (e.g. transactions with VAs that provide higher anonymity, use of VA ATM's)
The Customer’s behavior may be linked to ML/TF or violation of Sanctions.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be monitored in the course of ODD measures by the Chainalysis solution.
1) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02016R1675-20220313&qid=1661262065027

2) http://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/documents/increased-monitoring-june-2022.html

3) https://www.sanctionsmap.eu/#/main , https://www.un.org/securitycouncil/sanctions/information

4) https://www.fatf-gafi.org/publications/high-risk-and-other-monitored-jurisdictions/documents/call-for-action-june-2022.html

5) https://www.state.gov/state-sponsors-of-terrorism/

Risks relating to delivery channels

Description of risk factor Considerations (incl. quantitative data) Impact Likelihood Mitigation Actions Score of Controls Residual risk (score) Way for risk factor’s identification
The Customer makes payments within the scope of the business relationship only via an account located in a credit institution whose place of business is in a contracting state of the European Economic Area.
Credit institutions located in EEA apply strict AML/CTF and Sanctions regimes and therefore their Customer’s risk may be considered as lower than usual.
1
1
Shall be applied CDD measures in relation to the Customer in accordance with AML policy and document “Requirements for data collection and verification”.
3
Low (0,3)
Shall be monitored in the course of ODD measures by the Company’s platform
The Customer’s IP address or location differs from used in the course of onboarding and there’s no logical explanation
Such transaction pattern may link to ML.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (4,5)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform
The Customer uses an IP address associated with a darknet or other similar software that allows anonymous communication, including encrypted emails and VPNs.
Such activity is considered as red flag indicator by FATF
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (4,5)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform
The Customer uses credit institution, financial institution, paying institution or tax system that promotes anonymity (incl. shell banks) or that is located in a high-risk third country
Relationships with such customers may be more vulnerable to ML, TF or Sanctions risks.
3
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (4,5)
Shall be monitored in the course of ODD measures by the Company’s platform
The Customer wishes to use settlement channels and accounts belonging to unknown or unrelated third persons
It includes use of third parties not related to the Customer for performing payments for services on behalf of the Customer (incl. virtual currency wallets and credit cards)
2
3
In addition to CDD measures shall be applied EDD measures in relation to such Customer in accordance with the document “List of enhanced due diligence measures”.
2
High (3)
Shall be monitored in the course of ODD measures by the Company’s platform
The Customer’s IP address is related to a country or jurisdiction which is in a FATF black or grey list, which is subject of sanctions or other country which is not in line with the Company’s risk appetite
It may indicate that the Customer is from this country.
4
4
Refusal to onboard the Customer and engage in business relationship.
2
Prohibited (8)
Shall be identified and verified by the relevant KYC service provider’s solution. Shall be monitored in the course of ODD measures by the Company’s platform.