Internal Control Rules for the Prevention of Money Laundering and Terrorist Financing
The Multichange Service strives to comply with the current legislation of Estonia and to respect the laws of other countries, users from which can access the resources of the Service and use them in accordance with the established Rules. It is possible that any cryptocurrencies can be used for various illegal purposes, including the legalization of criminal proceeds and/or of terrorist financing. In order to prevent such transactions using the resources of the service and any other criminal activity, we must take care of the security of bona fide users and their finances.
For this purpose, we have prepared this AML Policy, the Service Rules and other documents and regulations that describe the principles of operation of the Multichange service. This policy is strictly observed by our employees and allows us to minimize all risks of using the Service functionality.
The available resources of the Service allow us to identify and verify suspicious exchange operations and/or transactions. For security reasons and to maintain the effective operation of the Service in the field of combating illegal activities, we do not disclose the details and mechanisms of operation. The Service reserves the right at any time and in relation to any User to request the identification procedure and/or the provision of any information/documentation that may be of interest to the Service and be useful in the field of confirming the origin of funds and establishing the identity of the User.
We inform you that the Multichange service can use its own resources, as well as with the involvement of third-party organizations and services, to conduct the identification procedure (KYC) and/or ensure compliance with the AML policy.
- General provisions
1.1 This AML Policy is developed in accordance with the current legislation of the Republic of Estonia.
1.2 Service - an online resource for the exchange of electronic money - Multichange - website https://Multichange.net and related applications (including, but not limited to, the mobile app).
1.3 User – a person who has reached the age of 16 or has reached the age of majority determined by the jurisdiction applicable to the User. If the user violates the terms of this clause by age restriction, he must immediately stop using the Service and leave the site/close the application.
1.4 The AML Policy is a set of internal rules (these rules) and regulations that the Multichange service has developed and uses to verify and disclose documentation and information about transactions that are under mandatory control, as well as other transactions with money and/or property that may be in any way related to legalization (money laundering) and/or terrorist financing and the provision of such information to state authorities.
For the purposes of financial transparency and legality, the Multichange service uses these rules to prevent illegal activities, including the prevention of money laundering through fraudulent transactions through the functionality and capabilities of the Service. These rules are applicable to all users of the Multichange Service who perform actions related to any form of money flow through the Service.
1.5 The AML Policy is a document that:
1.5.1 Regulates the organization of work to prevent the legalization of illegally obtained funds (money laundering) and terrorist financing;
1.5.2 Establishes responsibilities and mandatory procedures for employees in relation to internal control;
1.5.3 Sets deadlines for the performance of obligations by employees and sets authorized controllers.
1.6 The AML policy contains additional programs;
1.6.1 Internal control review program;
1.6.2 Internal control implementation program;
1.6.3 Customer and persons associated with the customer identification program;
1.6.4 Risk Analysis Program;
1.6.5 Customer Relationship Management Program;
1.6.6 Mandatory actions of the program regulations in case of suspicion of transactions related to money laundering;
1.6.7 Correspondence Exchange program;
1.6.8 Documentation program;
1.6.9 Transaction rejection program;
1.6.10 Service staff training program;
1.6.11 Internal control program;
1.6.12 Documentation management program, relating to documentation obtained during the implementation of the internal control program.
1.7 The person responsible for the accurate implementation of this policy is the current Director of the Multichange Service.
- Organizational framework of control techniques
2.1 In order to adequately implement the current policy and taking into account the number of customers and the associated risk levels, the Service administration formed a separate group, which included administrators, an accountant and the head of the security department, in order to implement the AML policy.
2.2 All issues related to the initial identification of the customer are handled by the relevant Service employees.
2.3 The person specified in clause 1.7 of this policy must perform the following tasks:
- analysis of the completed or planned transaction for its possible involvement in money laundering or terrorist financing;
- submission to the financial inspection of any data on clients, related persons and transactions that may be associated with illegal activities.
- reporting on the implementation of this policy;
- fulfilment of the other obligations established by the Office for Combating Money Laundering and terrorist financing.
- Implementation of control methods
3.1 Control methods are used in the following cases and areas:
- when establishing a commercial relations with the User and during his/her activity;
- in any case, if the transaction amount exceeds 15,000 euros or is equivalent to this amount in any other currency;
- if there are doubts about the accuracy and/or reliability of the data provided;
- if the planned transaction is unnecessarily complex;
- if there is reason to suspect that the transaction is related to money laundering and/or terrorist financing, and/or any other form of illegal activity and/or is considered a high-risk transaction in accordance with the risk assessment procedure established by the current policy.
- if during the automated AML verification of the User"s online wallet addresses, there is a possible connection with such organizations as: Darknet Marketplace, Darknet Service, Fraudulent Exchange, Illegal Service, Mixing Service, Ransom, Scam, Stolen Coins. If such links are identified, the funds will be returned to the sender"s address only after the User has been verified (returned after deducting the commission required for the transaction).
3.2 Additional control methods are implemented if the User changes the conditions and/or details of the exchange, and/or partial fulfillment and/or non-fulfillment of them, increasing the level of risk:
- if the exchange does not serve a reasonable purpose (is not reasonable);
- if the exchange is financially irrational;
- if the same type of transactions and/or exchanges is repeated several times in a short period;
- if the User refuses to provide the information requested by the Service in the cases and in the manner provided for by this policy and/or the Rules of the Service, without explaining the reason for the refusal and/or if the User expresses unusual concerns about privacy issues;
- if the User decides to change the transaction in a way that is not usual from the practice of organizing exchange operations;
- in case of unjustified haste on the part of the User in performing the operation/exchange/transaction;
- if the User makes changes to the terms of the transaction/exchange shortly before its execution;
- if the User cannot be contacted by the provided email and/or phone number, and/or any other contact information;
- if there is information and/or reason to believe that the data provided by the User is false and/or inaccurate;
- if the planned transaction/exchange is unnecessarily complex and there is no obvious economic reason.
3.3 Additional methods for monitoring a suspicious transaction:
- obtaining from the customer the necessary explanations and confirmations explaining the purpose of the transaction/exchange;
- implementation of enhanced monitoring in accordance with this policy in relation to all customer transactions to confirm whether they are in any way related to money laundering and/or terrorist financing.
- Customer and Related Person Identification Program
4.1 The initial identification of the customer is made on the basis of the data provided by the customer and/or identity documents.
4.1.2 For individuals, the following data is confirmed:
- last name;
- middle name (if any);
- date of birth, personal identification number;
- identity document data;
- place of residence;
- personal tax number, if available;
- type of activity (what the User does);
- contact information - phone number, email address.
4.1.3 During identification the documents are checked for the accuracy of the information provided and the following is confirmed:
- whether the document is valid;
- the photo on it is checked;
- whether the personal identification code correspond to gender and age;
- whether there is any doubt about the authenticity of the document. It can be checked by means of communication with the state authorities that issued the document and obtain the necessary information and/or confirmations
4.1.4 If the customer presents an identity document, a copy of it is made, the quality of which allows you to view the data contained in the document.
4.1.5. When confirming the identity of an individual, it is also checked and confirmed whether the person is a government official;
- a civil servant is a person who holds a public position in any country of the European Union and/or in any other country, or a person who holds a position in an international organization. When confirming the data that an individual is a civil servant, data on his/her work is collected;
- list of closest associates and relatives, if such information is publicly available;
- confirmation of ownership and sources of income to be used in the transaction/exchange;
- preparation of a request to the appropriate database;
- preparation of a request to the state supervision bodies;
- making a decision to start a commercial relationship with a person who is a civil servant, by making a decision by these officials, in accordance with clause 2.1 of this policy.
4.1.6 Only official sources, such as state registers and/or foreign representative offices, can be used to verify the information provided. Other sources can be used if there is no doubt about their accuracy and competence.
4.1.7. The recommendation of a trustworthy customer is not a substitute for a thorough examination of the information.
4.1.8 The identification of an individual acting as a representative is made in accordance with the provisions of this policy, the Rules of the service and the Personal Identification Policy.
4.1.9. Identification of an individual is not a one-time procedure. Information about an individual should be constantly checked and, if necessary, updated.
4.2 All documents issued by the authorities of a foreign state must be original or have an apostille, except for documents from Latvia, Lithuania, Poland, Russia or Ukraine. This provision may be amended if Estonia signs and ratifies an international treaty with a different statement that the apostille will become unnecessary.
4.3 If the risk of a transaction is considered low or there are reasons to believe that the level of risk in such a commercial relationship is low, a simplified method of controlling customer identification can be used. Data validation can be performed through publicly available databases that can be considered trustworthy. In addition to the low level of risk that was given in the risk analysis, additional reasons to consider the transaction as low-risk may be:
- an individual residing in Estonia or another country who has a reliable anti-money laundering system at the legislative level.
Using a simplified control method does not exempt the company from the obligation to make sure that the transaction is transparent.
4.4 If the risk of a transaction is considered high or there should be reasons to consider a high risk of a commercial relationship, a higher level of control over customer identification should be applied.
This can be done by requesting additional information and documents from the customer that may reduce our risk. The information must also be provided to the Estonian Financial Supervision Authority in order to receive more instructions. In addition to the high level of risk that was indicated in the analysis of the risks mentioned above, additional reasons for considering a transaction highly risky are as follows:
- unusual circumstances of transactions;
- the customer operates with large amounts of cash;
- the subject of the transaction is new or unknown goods, and the specifics of the transaction
- the transaction is made for the purpose of anonymity;
- unknown third parties make payments after the transaction;
- other circumstances mentioned in article 37 of the Law on Money Laundering in Estonia and the Law on the Prevention of the Financing of Terrorism.
4.5 The application of the high-level management method can only be removed with the permission of the Estonian Money Laundering Prevention Bureau.
4.6 A high-risk transaction cannot be carried out without the prior permission of the Estonian Money Laundering Prevention Bureau.
- Risk assessment
5.1 Any User and their planned transaction are evaluated in terms of financial risk in the field of money laundering and terrorist financing (customer risk).
5.1.1 During the risk assessment, the User is assigned the risk status from lowest to highest.
5.1.2 Assessment tools for additional risk factors:
- whether the User is a government employee or is associated with it;
- if the beneficiary/addressee of the exchange of an individual is a third party;
- there are problems with identification;
- The user is associated with low-tax jurisdictions;
- the User is subject to international sanctions;
- there is a positive experience of cooperation with the User;
- term of cooperation/date of initial account registration;
- the nature of the planned transaction;
- transaction amount;
- The user is stable and/or constantly performs exchange operations;
- the origin of goods and/or property is unclear.
5.2. The nature of the transaction must be assessed to establish the risk status.
5.2.1 An exchange may be assigned a low, medium, or high risk status, depending on the following factors:
- a private bank participates in the exchange operation;
- the transaction involves alternative payment methods;
- the exchange is related to gambling;
5.3 Geographical circumstances are subject to assessment (geographical risk).
5.3.1 The transaction can be assigned a low, medium or high risk status, depending on the following geographical aspects:
- the exchange is associated with a state and/or Users from a state with a high crime rate or drug trafficking;
- the exchange involves a User from a state with a high level of corruption;
- the exchange involves a User from a State that is subject to international sanctions;
- other factors that may increase geographical risk.
5.4 Along with the risks associated with the User, the risks in relation to his partners and/or related people (for example, relatives) are also assessed.
5.5 Risk assessment is performed by assigning each risk group a status on a three-point scale:
- the risk is considered low if no category has a risk factor and the exchange is as transparent as possible;
- the risk is considered medium if the risk factors for the transaction itself are not obvious, although
- it is suspected that all risk factors together may indicate money laundering and/or terrorist financing;
- the risk is considered high if there are several risk factors, and the transaction itself is not transparent.
The overall result is achieved by adding a factor of each category, while the risks to the client and partner are multiplied by two, and then the entire amount is divided by a factor of 4.
- with an amount of 2 or less, the risk is low;
- with an amount from 2 to 2.75, the risk is medium;
- if the amount is more than 2.75 - high risk.
If the risk in any category is high, the overall risk is considered high regardless of the total amount.
- Commercial relationship with the User
6.1 Any commercial relationship with the User begins only after the User has agreed to act in accordance with this AML Policy and the Rules of the Service.
- Actions in case of suspected money laundering and the obligation to provide information
7.1 If there is any suspicion before the start of the commercial relationship or during the use of control methods that the transactions may be related to money laundering and/or terrorist financing, then further cooperation is impossible.
7.2 Any suspicions are registered and analyzed by the anti-money laundering contact. The Estonian Anti-Money Laundering Bureau and the Estonian Financial Supervision Authority must be immediately notified with the results of the analysis.
7.3 All information on any transactions of 32,000 euros or more must be provided to the Estonian Anti-Money Laundering Bureau and the Estonian Financial Supervision Authority.
7.4 If the refusal to make a transaction results in damage to the client or the arrest of a person suspected of money laundering or terrorist financing, the transaction may be postponed or executed, provided that the Financial Supervision Authority is immediately informed.
7.6 Persons suspected of money laundering or terrorist financing should not be provided with any information or notification of suspicions in any other way.
- Exchange of correspondence
8.1 If this is deemed necessary by management for the implementation control method, an exchange of correspondence with third parties, including banks and other financial institutions, may be initiated, if this allows for more accurate information.
8.2 The exchange of correspondence should be in the form of a bilateral agreement, including the control methods used.
8.3 It is not allowed to exchange correspondence with shadow banks, unlicensed organizations and/or with organizations located in jurisdictions whose legislation does not comply with international standards in the field of legislation on combating money laundering and preventing the financing of terrorism.
- Information registration program
9.1 The information registration program establishes the obligation of the companys employee who performed the exchange to draw up an internal document containing all the specifics of the transaction, which should include:
9.1.1 Transaction category, reasons why an exchange can be considered highly risky;
9.1.2 Detailed information about the exchange, including volume and currency;
9.1.3 Detailed information about the persons participating in the exchange;
9.1.4 Information about any additional control methods used in relation to transactions;
- Exchange (transaction) opt-out program
10.1 If the User, despite their obligations, has not submitted the required document in accordance with the control methods, applicable legislation and this policy, the User will be denied the exchange.
10.2 If the User does not provide information about the source of the funds when requesting the Service, the exchange will be refused.
10.4 If the exchange is refused, the following information is saved:
- information about the circumstances of refusal to exchange and account blocking;
- any circumstances of termination of cooperation in the field of exchange;
- information that caused the notification to government authorities in accordance with section 32 of the Money Laundering and Terrorist Financing Prevention Act.
10.5 The decision to refuse to perform a transaction may be canceled if the customer provides the necessary information in full, and they pass verification, or if such is established by the decision of the following authorities:
- supervisory authority of the Republic of Estonia;
- competent court of Estonia.
- Service employee training program
11.1 The training program for employees in the field of combating money laundering and preventing the financing of terrorism is carried out in accordance with applicable laws and includes appropriate instructions for employees regarding control methods and information analysis. Any employee must be properly instructed by authorized employees within one month of starting work.
- Internal Control Audit Program
12.1 The internal control audit program ensures that the Service employees comply with the provisions of the current legislation in the field of anti-money laundering and terrorist financing. The program ensures that employees comply with the internal rules and regulations of the Service in the field of internal control.
12.2 Internal control provides for the following:
12.2.1. Internal audits should be carried out regularly, at least once every six months, to ensure that internal regulations and applicable legislation are properly implemented;
12.2.2 The Service Director must regularly receive reports on all violations of internal regulations in the field of countering money laundering and preventing the financing of terrorism;
12.2.3 All violations identified during inspections must be properly eliminated using the means selected by the management of the Service.
- Document Maintenance Program
13.1 All documents related to the customer identification procedure and all information about the beginning of commercial cooperation must be stored in the companys archive for the period of use of the Service by the User and not less than 5 years.
13.2 All documents that served as the basis for notifying state authorities must be stored for at least 5 years.
13.3 All information about requests made in order to comply with the provisions of applicable law must be stored for at least five years from the date of the start of financial cooperation. If the identity was confirmed using a digital document, the photo of the person and the signature are stored for at least 5 years from the date of the end of the financial cooperation.
13.4 The documents must be kept in a form that allows their written reproduction, so that they are easily accessible to financial control or to other government authorities in accordance with applicable law, if they are required for use in civil, criminal or arbitrary proceedings.
The internal control rules establish the standards of confidentiality of information obtained during identification and/or other processes, provided for by the current legislation.
- Law Enforcement Requests
Anti-money laundering and terrorist financing organizations may send their requests to us regarding fraudulent transactions. Contact email: [email protected].
We only consider formal requests on official letterhead with all appropriate seals and signatures. We need to get both contacts for feedback, as well as be able to authenticate the request. The response time to requests from different jurisdictions may be completely different due to a variety of circumstances, including, but not limited to, time zones, distance, fast communication capabilities, and so on.