21 Tech Ltd
Banishora, block 16A, app. 33, 1233, Sofia

PREVENTION OF MONEY LAUNDERING & TERRORIST FINANCING MANUAL

1. GENERAL DEFINITIONS

2. INTRODUCTION

3. MANUAL APPLICABILITY: Cryptocurrency Trading
TRANSACTIONS

4. THE RESPONSIBILITIES OF THE BOARD OF DIRECTORS

4.1. General

5. OBLIGATIONS OF THE INTERNAL AUDITOR

5.1. General

6. MONEY LAUNDERING COMPLIANCE OFFICER

6.1. General

6.2. Duties of the MLCO

7. ANNUAL REPORT OF THE MLCO

7.1. General

8. MONTHLY PREVENTION STATEMENТ

8.1. General

9. RISK-BASED APPROACH

9.1. General Policy

9.2. Identification of Risks

9.2.1. General/Principles

9.2.2. Company Risks

9.3. Design and Implementation of Measures and Procedures to Manage and Mitigate the Risks

9.4. Dynamic Risk Management

9.5. Relevant International Organisations

10. CLIENT ACCEPTANCE POLICY

10.1. General Principles of the CAP

10.2. Criteria for Accepting New Clients (based on their respective risk)

10.2.1. Low Risk Clients

10.2.2. Normal Risk Clients

10.2.3. High Risk Clients

10.3. Not Acceptable Clients

10.4. Client Categorisation Criteria

10.4.1. Low Risk Clients

10.4.2. Normal Risk Clients

10.4.3. High Risk Clients

11. CLIENT DUE DILIGENCE AND IDENTIFICATION PROCEDURES

11.1. Cases for the application of Client Identification and Due Diligence Procedures

11.2. Ways of application of Client Identification and Due Diligence Procedures

11.3. Transactions that Favour Anonymity

11.4. Failure or Refusal to Submit Information for the Verification of Clients’ Identity

11.5. Time of Application of the Client Identification and Due Diligence Procedures

11.6. Construction of an Economic Profile and General Client Identification and Due Diligence Principles

11.7. Further Obligations for Client Identification and Due Diligence Procedures

11.8. Simplified Client Identification and Due Diligence Procedures

11.9. Enhanced Client Identification and Due Diligence (High Risk Clients)

11.9.1. General Provisions

11.9.2. Non face-to-face Clients

11.9.3. Account in names of companies whose shares are in bearer form

11.9.4. Trust accounts

11.9.5. ‘Client accounts’ in the name of a third person

11.9.6. “Politically Exposed Persons” accounts

11.9.7. Electronic gambling/gaming through the internet

11.9.8. Clients from countries which inadequately apply FATF’s recommendations

11.9.9. Clients included in the leaked documents of Mossack Fonseca (Panama Papers)

11.10. Client Identification and Due Diligence Procedures (Specific Cases)

11.10.1. Natural persons residing in the Country of [List local Country]

11.10.2. Natural persons not residing in the Country

11.10.3. Joint accounts

11.10.4. Accounts of unions, societies, clubs, provident funds and charities

11.10.5. Accounts of unincorporated businesses, partnerships and other persons with no legal substance

11.10.6. Accounts of legal persons

11.10.7. Investment funds, mutual funds and firms providing financial or investment services

11.10.8. Nominees or agents of third persons

11.11. Reliance on Third Persons for Client Identification and Due Diligence Purposes

12. ON-GOING MONITORING PROCESS

12.1. General

12.2. Procedures

13. RECOGNITION AND REPORTING OF SUSPICIOUS TRANSACTIONS / ACTIVITIES TO THE UNIT

13.1. Reporting of Suspicious Transactions to the Unit

13.2. Suspicious Transactions

13.3. MLCO’s Report to the Unit

13.4. Submission of Information to the Unit

14. RECORD-KEEPING PROCEDURES

14.1. General

14.2. Format of Records

14.3. Certification and language of documents

15. EMPLOYEES’ OBLIGATIONS, EDUCATION AND TRAINING

15.1. Employees’ Obligations

15.2. Education and Training

15.2.1. Employees’ Education and Training Policy

15.2.2. MLCO Education and Training Program

APPENDIX 1

APPENDIX 2

APPENDIX 3

APPENDIX 4

APPENDIX 5

MANUAL

    1. GENERAL DEFINITIONS

For the purposes of this Manual, unless the context shall prescribe otherwise:

“Advisory Authority” means the Advisory Authority for Combating Money Laundering and Terrorist Financing which is established under Bulgarian law;

“Beneficial Owner” means the natural person or natural persons, who ultimately owns or control the Client and/or the natural person on whose behalf a transaction or activity is being conducted. The Beneficial Owner shall at least include:

          • In the case of corporate entities:
            1. the natural person or natural persons, who ultimately own or control a legal entity through direct or indirect ownership or control of a sufficient percentage of the shares or voting rights in that legal entity, including through bearer share holdings, a percentage of 10% plus one share be deemed sufficient to meet this criterion
            2. the natural person or natural persons, who otherwise exercise control over the management of a legal entity.
          • In the case of legal entities, such as foundations and legal arrangements, such as trusts, which administer and distribute funds:
            1. where the future beneficiaries have already been determined, the natural person or natural persons who is the beneficiary of 10% or more of the property of a legal arrangements or entity
            2. where the individuals that benefit from the legal arrangement or entity have not yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates
          • the natural person or natural persons who exercise control over 10% or more of the property of a legal arrangement or entity.

“Business Relationship” means a business, professional or commercial relationship which is connected with the professional activities of the Company and which was expected, at the time when the contact was established, to have an element of duration.

“Client” means any legal or physical person aiming to conclude a Business Relationship or conduct a single transaction with the Company. Counterparties are also treated as Clients only when the Company is executing a Client order by entering into a private Over-the-Counter deal/transaction (e.g. buying and selling) directly with the Counterparty.

“Company” means Company Name which is incorporated in the Bulgaria, 204993697..

“Directive” means the Prevention of Money Laundering and Terrorist Financing Directive.

“European Economic Area (EEA)” means Member State of the European Union or other contracting state which is a party to the agreement for the European Economic Area signed in Porto on the 2nd of May 1992 and was adjusted by the Protocol signed in Brussels on the 17th of May 1993, as amended.

“EU Directive” means the Directive 2005/60/EC of the European Parliament and the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of Money Laundering and Terrorist Financing.

“Investment and Ancillary Services” means the investment and ancillary services as per Part I and II of the Third Appendix of the Law 144(I)/2007, as amended, for which the Company is licensed by State agency for National Security.

“Law” means the LAW ON MEASURES AGAINST MONEY LAUNDERING.

“Manual” means the Company’s Risk Management & Procedures Manual (this manual).

“Money Laundering and Terrorist Financing Offences or Prescribed Offences” means the offences defined in LAW ON MEASURES AGAINST MONEY LAUNDERING.

“Laundering Offences” (or money laundering offences as known internationally) means the offences defined in LAW ON MEASURES AGAINST MONEY LAUNDERING, as follows.

Every person who (a) knows or (b) at the material time ought to have known that any kind of property constitutes proceeds from the commission of a predicate offence as this is defined in Section 2 of the Law, carries out the following activities:

          • converts or transfers or removes such property, for the purpose of concealing or disguising its illicit origin or of assisting in any way any person who is involved in the commission of the predicate offence to carry out any of the above actions or acts in any other way in order to evade the legal consequences of his actions
          • conceals or disguises the true nature, the source, location, disposition, movement of and rights in relation to, property or ownership of this property

(iii)acquires, possesses or uses such property

          • participates in, associates, co-operates, conspires to commit, or attempts to commit and aids and abets and provides counselling or advice for the commission of any of the offences referred to above
          • provides information in relation to investigations that are carried out for laundering offences for the purpose of enabling the person who acquired a benefit from the commission of a predicate offence to retain the proceeds or the control of the proceeds from the commission of the said offence
          • commits an offence punishable by fourteen years’ imprisonment or by a pecuniary penalty of up to Euro 500.000 or by both of these penalties in the case of (a) above and by five years’ imprisonment or by a pecuniary penalty of up to Euro 50.000 or by both in the case of (b) above.

“Terrorist Financing Offences” means the offences defined in section 4 of the International Convention for Combating Terrorist Financing (Ratification and other provisions) Law No. 18(III/2005).

“Predicate Offence” means the offences referred to in  LAW ON MEASURES AGAINST MONEY LAUNDERING, as follows:

          1. All criminal offences punishable with imprisonment exceeding one year, as a result of which proceeds have been derived which may constitute the subject of a money laundering offence.
          2. Financing of Terrorism offences as these are specified in Article 4 of the Financing of Terrorism (Ratification and other provisions) Laws of 2001 and 2005, as well as the collection of funds for the financing of persons or organisations associated with terrorism.
          3. Drug Trafficking offences, as these are specified in section 2 of the Law.

“Occasional Transaction” means any transaction other than a transaction carried out in the course of an established Business Relationship formed by a person acting in the course of financial or other business.

“Other Business Activities” includes the following trust services and company services to third parties:

          • forming companies or other legal persons;
          • acting as or arranging for another person to act as a director or secretary of a company, a partner of a partnership or a similar position in relation to other legal persons;
          • providing a registered office, business address, correspondence or administrative address and other related services for a company, a partnership or any other legal person or arrangement;
          • acting as or arranging for another person to act as a trustee of an express trust or a similar legal arrangement;
          • acting as or arranging for another person to act as a nominee shareholder for another person.
          • any of the services or activities specified in Article 4 of the Regulating Companies Providing Administrative Services and Related Matters Law, as amended or replaced. “Politically Exposed Persons (PEPs)” means the natural persons who are or have been entrusted with prominent public functions in the Country or in another country and their immediate family members or persons known to be close associates of such persons (see also points 3 – 7 of Section 11.9.6 of the Manual).

“Country” means the Country Bulgaria.

“Regulated Market” means the multilateral system managed or operated by a market operator and which brings together or facilitates the bringing together of multiple thirdparty buying or/and selling interests in financial instruments – in the system and in accordance with its non-discretionary rules – in a way that results in a contract, in respect of the financial instruments admitted to trading under its rules or/and systems, and which is authorised and functions regularly in accordance with the provisions of Part X of Law 144(I)/2007, as amended, or respective legislation of other member states that are enacted in compliance with Directive 2004/39/EC.

“Shell Bank” means a credit institution or an institution engaged in equivalent activities incorporated in a jurisdiction which it has no physical presence, involving meaningful mind and management, and which is unaffiliated with a regulated financial group.

“Third Country” means the country which is not a member of the European Union or contracting party to the European Economic Area Agreement, signed in Oporto on the 2nd of May 1992 and adjusted by the Protocol signed in Brussels on the 17th of May 1993, where the Agreement is thereafter, amended.

    1. INTRODUCTION

The purpose of the Manual is to lay down the Company’s internal practice, measures, procedures and controls relevant to the prevention of Money Laundering and Terrorist Financing.

The Manual is developed and periodically updated by the Money Laundering Compliance Officer (hereinafter the “MLCO”) based on the general principles set up by the Company’s Board of Directors (hereinafter the “Board”) in relation to the prevention of Money Laundering and Terrorist Financing.

All amendments and/or changes of the Manual must be approved by the Board.

The Manual shall be communicated by the MLCO to all the employees of the Company that manage, monitor or control in any way the Clients’ transactions and have the responsibility for the application of the practices, measures, procedures and controls that have been determined herein.

The Manual has been prepared to comply with the provisions of the Law, and the Directive of the State agency for National Security

    1. MANUAL APPLICABILITY: Cryptocurrency Trading
      TRANSACTIONS

The Manual applies to all various types of services offered to the Company’s Clients as well as the relevant Company’s dealings with its Clients, including Cryptocurrency Trading transactions, which either do not aim to physically deliver the agreed foreign currency or are not materially settled in cash (foreign exchange spot trading), irrespective of the Client account size and frequency of trading.

In this respect, the MLCO shall be responsible to update the Manual so as to comply with [List local Authority] future requirements, as applicable, regarding the Client identification and due diligence procedures which a CIF must follow, for Clients who deal in Cryptocurrency Trading transactions with the Company.

    1. THE RESPONSIBILITIES OF THE BOARD OF DIRECTORS

4.1. General

The responsibilities of the Board in relation to the prevention of Money Laundering and Terrorist Financing include the following:

          • to determine, record and approve the general policy principles of the Company in relation to the prevention of Money Laundering and Terrorist Financing and communicate them to the MLCO
          • to appoint a senior official that possesses the skills, knowledge and expertise relevant to financial and other activities depending on the situation, who shall act as the MLCO and, where is necessary, assistant MLCOs and determine their duties and responsibilities, which are recorded in this Manual. Only persons who shall possess the relevant certificate(s) of professional competence shall be appointed as MLCO and assistant MLCOs, unless an exception has been obtained from [List local Authority]
          • to approve the Manual
          • to ensure that all requirements of the Law and of the Directive are applied, and assure that appropriate, effective and sufficient systems and controls are introduced for achieving the abovementioned requirement
          • to ensure that the MLCO and his assistants, if any, and any other person who has been assigned with the duty of implementing the procedures for the prevention of Money Laundering and Terrorist Financing (i.e. personnel of the Administration/Back-Office Department), have complete and timely access to all data and information concerning

Clients’ identity, transactions’ documents (as and where applicable) and other relevant files and information maintained by the Company so as to be fully facilitated in the effective execution of their duties, as included herein

          • to ensure that all employees are aware of the person who has been assigned the duties of the MLCO, as well as his assistants (if any), to whom they report, according to point (e) of Section 6.2 of the Manual any information concerning transactions and activities for which they have knowledge or suspicion that might be related to Money Laundering and Terrorist Financing
          • to establish a clear and quick reporting chain based on which information regarding suspicious transactions is passed without delay to the MLCO, either directly or through his assistants, if any, and notifies accordingly the MLCO for its explicit prescription in the Manual
          • to ensure that the MLCO, the assistant MLCOs, if any and the Administration/BackOffice Department have sufficient resources, including competent staff and technological equipment, for the effective discharge of their duties
          • to assess and approve the MLCO’s Annual Report of Section 7 of the Manual and take all action as deemed appropriate under the circumstances to remedy any weaknesses and/or deficiencies identified in the abovementioned report
          • to meet and decide the necessary measures that need to be taken to ensure the rectification of any weaknesses and/or deficiencies which have been detected in the

Internal Auditor’s report in the manner described in Section 5 of the Manual. The minutes of the said decision of the Board and the Internal Auditor’s report shall be submitted to [List local Authority] within twenty (20) days from the said meeting and no later than four (4) months after the end of the calendar year (i.e. the latest, by the end of April).

      • to implement adequate and appropriate systems and processes to detect, prevent and deter money laundering arising from serious tax offences.
      • to ensure that the Company’s officials do not knowingly aid or abet clients in committing tax offences.
    1. OBLIGATIONS OF THE INTERNAL AUDITOR

5.1. General

The following obligations of the Internal Auditor are addressed specifically for the prevention of Money Laundering and Terrorist Financing:

      • the Internal Auditor shall review and evaluate, at least on an annual basis, the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied for the prevention of Money Laundering and Terrorist Financing mentioned in the Manual
      • the findings and observations of the Internal Auditor, in relation to point (a) above, shall be submitted, in a written report form, to the Board.
    1. MONEY LAUNDERING COMPLIANCE OFFICER

6.1. General

The MLCO shall belong hierarchically to the higher ranks of the Company’s organisational structure so as to command the necessary authority. Furthermore, the MLCO shall lead the Company’s Money Laundering Compliance procedures and processes and report to the Board. The MLCO shall also have the resources, expertise as well as access to all relevant information necessary to perform his duties adequately and efficiently.

The level of remuneration of the MLCO shall not compromise his objectivity.

In performing his role the Compliance/Anti-Money Laundering Officer takes into account the nature, scale and complexity of its business, and the nature and range of investment services and activities undertaken in the course of that business.

6.2. Duties of the MLCO

During the execution of his duties and the control of the compliance of the Company with the Law and the Directive, the MLCO shall obtain and utilise data, information and reports issued by international organisations, as these are stated in Section 9.5 of the Manual.

The duties of the MLCO shall include, inter alia, the following:

          • to design, based on the general policy principles of the Company mentioned in point (a) of Section 4 of the Manual, the internal practice, measures, procedures and controls relevant to the prevention of Money Laundering and Terrorist Financing, and describe and explicitly allocate the appropriateness and the limits of responsibility of each department that is involved in the abovementioned.

It is provided that, the above include measures and procedures for the prevention of the abuse of new technologies and systems providing financial services, for the purpose of Money Laundering and Terrorist Financing (e.g. services and transactions via the internet or the telephone) as well as measures so that the risk of money laundering and terrorist financing is appropriately considered and managed in the course of daily activities of the Company with regard to the development of new products and possible changes in the Company’s economic profile (e.g. penetration into new markets)

          • to develop and establish the Client Acceptance Policy according to Section 10 of the Manual, and submit it to the Board for consideration and approval
          • to review and update the Manual as may be required from time to time, and for such updates to be communicated to the Board for their approval
          • to monitor and assess the correct and effective implementation of the policy mentioned in point (a) of Section 4 of the Manual, the practices, measures, procedures and controls of point (a) above and in general the implementation of the Manual. In

this respect, the MLCO shall apply appropriate monitoring mechanisms (e.g. on-site visits to different departments of the Company) which will provide him with all the necessary information for assessing the level of compliance of the departments and employees of the Company with the procedures and controls which are in force. In the event that the MLCO identifies shortcomings and/or weaknesses in the application of the required practices, measures, procedures and controls, gives appropriate guidance for corrective measures and where deems necessary informs the Board

          • to receive information from the Company’s employees which is considered to be knowledge or suspicion of money laundering or terrorist financing activities or might be related with such activities. The information is received in a written report form

(hereinafter the “Internal Suspicion Report”), a specimen of such report is attached in Appendix 1 of the Manual

          • to evaluate and examine the information received as per point (e) above, by reference to other relevant information and discuss the circumstances of the case with the informer and where appropriate, with the informer’s superiors. The evaluation of the information of point (e) above shall be done on a report (hereinafter the “Internal Evaluation Report”), a specimen of such report is attached in Appendix 2 of the Manual
          • if following the evaluation described in point (f) above, the MLCO decides to notify the Money Laundering Combat Unit of the Country (hereinafter the “Unit” or “MOKAS”), then he should complete an online report (Suspicious Transactions Reports/Suspicious Activities Reports (“STR/SAR”)) on the web-application of the UNIT and submit it through the goAML Professional Edition (PE) system (https://reports.mokas.law.gov.cy/live/home) the soonest possible assuming that the Company has already registered with the relevant reporting system of the Unit.

The Unit will no longer provide interim or closing feedback on each STR/SAR submitted. The feedback policy of the Unit is as follows:

          • Each electronically submitted STR/SAR will receive automatic acknowledgement of receipt, along with a corresponding reference number.
          • As soon as an investigator is assigned to the STR/SAR by the Unit, the Company shall be informed accordingly.
          • In exceptional cases and when deemed necessary by the Unit or if requested by the Company, feedback on specific cases, interim and /or final, will be provided.
          • If administrative orders for postponement of transactions or for the monitoring of bank accounts is considered necessary, the Company will be informed accordingly.
          • Periodically, the Unit will issues and distribute to the Company a report which will consist of sanitized cases, trends, indicators and statistics.
          • The Annual Report of the Unit will be published and distrusted to the Company.
          • Further to the above, the MLCO shall be responsible to monitor this procedure and take appropriate actions.
          • if following the evaluation described in point (f) above, the MLCO decides not to notify the Unit then he should fully explain the reasons for such a decision on the MLCO’s Internal Evaluation Report
          • to act as a first point of contact with the Unit, upon commencement of and during an investigation as a result of filing a report to the Unit according to point (g) above
          • to ensure the preparation and maintenance of the lists of Clients categorised following a risk based approach, which contains, among others, the names of Clients, their account number and the dates of the commencement of the Business Relationship.

Moreover, the MLCO ensures the updating of the said list with all new or existing Clients, in light of any additional information obtained

      • to detect, record, and evaluate, at least on an annual basis, all risks arising from existing and new Clients, new financial instruments and services and update and amend the systems and procedures applied by the Company for the effective management of the aforesaid risks
      • to evaluate the systems and procedures applied by a third person on whom the Company may rely for Client identification and due diligence purposes, according to Section 11.11 of the Manual, and approves the cooperation with it
      • to ensure that the branches and subsidiaries of the Company, if any, that operate in countries outside the EEA, have taken all necessary measures for achieving full compliance with the provisions of the Manual, in relation to Client identification, due diligence and record keeping procedures
      • to provide advice and guidance to the employees of the Company on subjects related to money laundering and terrorist financing
      • to acquire the knowledge and skills required for the improvement of the appropriate procedures for recognising, preventing and obstructing any transactions and activities that are suspected to be associated with money laundering or terrorist financing
      • to determine whether the Company’s departments and employees that need further training and education for the purpose of preventing Money Laundering and Terrorist Financing and organises appropriate training sessions/seminars. In this respect, the MLCO prepares and applies an annual staff training program according to Section 15.2 of the Manual. Also, the MLCO assesses the adequacy of the education and training provided
      • to prepare correctly and submit timely to [List local Authority] the monthly prevention statement of Section 8 of the Manual and provide the necessary explanation to the appropriate employees of the Company for its completion
      • to prepare the Annual Report, according to Section 7 of the Manual
      • to respond to all requests and queries from the Unit and [List local Authority], provide all requested information and fully cooperate with the Unit and [List local Authority]
      • to maintain a registry which includes the reports of points (e), (f) and (g), and relevant statistical information (e.g. the department that submitted the internal report, date of submission to the MLCO, date of assessment, date of reporting to the Unit), the evaluation reports of point (d) and all the documents that verify the accomplishment of his duties.
      • to ensure the preparation and maintenance of the list of Clients included in the Panama Papers (Appendix 5).
    1. ANNUAL REPORT OF THE MLCO

7.1. General

The Annual Report of the MLCO is a significant tool for assessing the Company’s level of compliance with its obligation laid down in the Law and the Directive.

The MLCO’s Annual Report shall be prepared and be submitted to the Board for approval within two months from the end of each calendar year (i.e. the latest, by the end of February each year).

Following the Board’s approval of the Annual Report, a copy of the Annual Report should be submitted to [List local Authority] together with the Board’s meeting minutes, within twenty (20) days from the end of the meeting, and no later than three (3) months from the end of each calendar year (i.e. the latest, by the end of March).

It is provided that the said minutes should include the measures decided for the correction of any weaknesses and/or deficiencies identified in the Annual Report and the implementation timeframe of these measures.

The Annual Report deals with issues relating to money laundering and terrorist financing during the year under review and includes, inter alia, the following:

      • information for measures taken and/or procedures introduced for compliance with any amendments and/or new provisions of the Law and the Directive which took place during the year under review
      • information on the inspections and reviews performed by the MLCO, reporting the material deficiencies and weaknesses identified in the policy, practices, measures, procedures and controls that the Company applies for the prevention of Money Laundering and Terrorist Financing. In this respect, the report outlines the seriousness of the deficiencies and weaknesses, the risk implications and the actions taken and/or recommendations made for rectifying the situation
      • the number of Internal Suspicion Reports submitted by Company personnel to the MLCO, according to point (e) of Section 6.2 of the Manual and possible comments/observations thereon
      • the number of reports submitted by the MLCO to the Unit, according to point (g) of Section 6.2 of the Manual with information/details on the main reasons for suspicion and highlights of any particular trends
      • information, details or observations regarding the communication with the employees on money laundering and terrorist financing preventive issues
      • summary figures, on an annualised basis, of Clients’ total cash deposit in Euro and other currencies in excess of the set limit of Euro 10.000 (together with comparative figures for the previous year) as reported in the monthly prevention statement of Section 8 of the Manual. Any comments on material changes observed compared with the previous year are also reported
      • information on the policy, measures, practices, procedures and controls applied by the Company in relation to high risk Clients as well as the number and country of origin of high risk Clients with whom a Business Relationship is established or an Occasional Transaction has been executed
      • information on the systems and procedures applied by the Company for the ongoing monitoring of Client accounts and transactions
      • information on the measures taken for the compliance of branches and subsidiaries of the Company, if any, that operate in countries outside the EEA, with the requirements of the Directive in relation to Client identification, due diligence and record keeping procedures and comments/information on the level of their compliance with the said requirements
      • information on the training courses/seminars attended by the MLCO and any other educational material received
      • information on training/education and any educational material provided to staff during the year, reporting, the number of courses/seminars organised, their duration, the number and the position of the employees attending, the names and qualifications of the instructors, and specifying whether the courses/seminars were developed inhouse or by an external organisation or consultants
      • results of the assessment of the adequacy and effectiveness of staff training
      • information on the recommended next year’s training program
      • information on the structure and staffing of the department of the MLCO as well as recommendations and timeframe for their implementation, for any additional staff and technical resources which may be needed for reinforcing the measures and procedures against Money Laundering and Terrorist Financing.
    1. MONTHLY PREVENTION STATEMENT

8.1. General

The MLCO shall prepare and submit to [List local Authority], according to point (q) of Section 6.2 of the Manual, on a monthly basis, the [List local Authority] Form 144-08-11 “Monthly prevention statement regarding the prevention of Money Laundering and Terrorist Financing”, which includes details as regards the total cash deposits accepted by the Company, the Internal Suspicions Reports, and the MLCO’s Reports to the Unit, according to points (e) and (g) in Section 6.2 of the Manual, respectively.

According to LAW ON MEASURES AGAINST MONEY LAUNDERING, the aforementioned Form must be completed and submitted to [List local Authority] within fifteen (15) days from the end of each month and the original completed and signed form must be kept in the Company’s offices.

Following the issuance of the LAW ON MEASURES AGAINST MONEY LAUNDERING, the scanned copy of the duly completed and signed Form 144-08-11 should be digitally signed and submitted to [List local Authority] via the [List local Authority] Web-Portal.

The completion of the aforementioned Form provides the opportunity to the Company initially to evaluate and, subsequently, to reinforce its systems of control and monitoring of its operations, for the purpose of early identification of transactions in cash which may be unusual and/or carry enhanced risk of being involved in Money Laundering and Terrorist Financing operations.

The Internal Auditor shall be responsible to review, at least annually as per Section 5.1 of the Manual, the submission to [List local Authority] of the “Monthly prevention statement regarding the prevention of Money Laundering and Terrorist Financing”.

    1. RISK-BASED APPROACH

9.1. General Policy

The Company shall apply appropriate measures and procedures, by adopting a risk-based approach, so as to focus its effort in those areas where the risk of Money Laundering and Terrorist Financing appears to be comparatively higher.

Further, the MLCO shall monitor and evaluate, on an on-going basis, the effectiveness of the measures and procedures of this Section of the Manual.

The adopted risk-based approach that is followed by the Company, and described in the Manual, has the following general characteristics:

          • recognises that the money laundering or terrorist financing threat varies across Clients, countries, services and financial instruments
          • allows the Board to differentiate between Clients of the Company in a way that matches the risk of their particular business
          • allows the Board to apply its own approach in the formulation of policies, procedures and controls in response to the Company’s particular circumstances and characteristics
          • helps to produce a more cost-effective system
          • promotes the prioritisation of effort and actions of the Company in response to the likelihood of Money Laundering and Terrorist Financing occurring through the use of the Investment and Ancillary Services.

The risk-based approach adopted by the Company, and described in the Manual, involves specific measures and procedures in assessing the most cost effective and appropriate way to identify and manage the Money Laundering and Terrorist Financing risks faced by the Company.

Such measures include:

          • identifying and assessing the Money Laundering and Terrorist Financing risks emanating from particular Clients or types of Clients, financial instruments, services, and geographical areas of operation of its Clients
          • managing and mitigating the assessed risks by the application of appropriate and effective measures, procedures and controls
          • continuous monitoring and improvements in the effective operation of the policies, procedures and controls.

The application of appropriate measures and the nature and extent of the procedures on a risk-based approach depends on different indicators.

Such indicators include the following:

          • the scale and complexity of the services offered
          • geographical spread of the services and Clients
          • the nature (e.g. non face-to-face) and economic profile of Clients as well as of financial instruments and services offered
          • the distribution channels and practices of providing services
          • the volume and size of transactions
          • the degree of risk associated with each area of services
          • the country of origin and destination of Clients’ funds deviations from the anticipated level of transactions
          • the nature of business transactions.

The MLCO shall be responsible for the development of the policies, procedures and controls on a risk-based approach. Further, the MLCO shall also be responsible for the implementation of the policies, procedures and controls on a risk-based approach. The Internal Auditor shall be responsible for reviewing the adequate implementation of a riskbased approach by the MLCO, at least annually, as per Section 5.1 of the Manual.

9.2. Identification of Risks

9.2.1. General/Principles

The risk-based approach adopted by the Company involves the identification, recording and evaluation of the risks that have to be managed.

The Company shall assess and evaluate the risks it faces, for the use of the Investment and Ancillary Services for the purpose of Money Laundering or Terrorist Financing. The particular circumstances of the Company determine suitable procedures and measures that need to be applied to counter and manage risk.

In the cases where the services and the financial instruments that the Company provides are relatively simple, involving relatively few Clients or Clients with similar characteristics, then the Company shall apply such procedures which are able to focus on those Clients who fall outside the ‘norm’.

The Company shall be, at all times, in a position to demonstrate to [List local Authority] that the extent of measures and control procedures it applies are proportionate to the risk it faces for the use of the Investment and Ancillary Services, for the purpose of Money Laundering and Terrorist Financing.

9.2.2. Company Risks

The following, inter alia, are sources of risks which the Company faces with respect to Money Laundering and Terrorist Financing:

          • Risks based on the Client’s nature:
            • complexity of ownership structure of legal persons
            • companies with bearer shares
            • companies incorporated in offshore centres
            • PEPs
            • Clients engaged in transactions which involves significant amounts of cash
            • Clients from high risk countries or countries known for high level of corruption or organised crime or drug trafficking
            • Clients included in the leaked documents of Mossack Fonseca (Panama Papers)
            • Clients convicted for a Prescribed Offence (and already served their sentence)
            • unwillingness of Client to provide information on the Beneficial Owners of a legal person.
          • Risks based on the Client’s behaviour:
            • Client transactions where there is no apparent legal financial/commercial rationale
            • situations where the origin of wealth and/or source of funds cannot be easily verified
            • unwillingness of Clients to provide information on the Beneficial Owners of a legal person.
          • Risks based on the Client’s initial communication with the Company:
            • non face-to-face Client
            • Clients introduced by a third person.
          • Risks based on the Company’s services and financial instruments:
            • services that allow payments to third persons/parties
            • large cash deposits or withdrawals
            • products or transactions which may favour anonymity.

9.3. Design and Implementation of Measures and Procedures to Manage and Mitigate the Risks

Taking into consideration the assessed risks, the Company shall determine the type and extent of measures it will adopt in order to manage and mitigate the identified risks in a cost effective manner. These measures and procedures include:

          • adaption of the Client Due Diligence Procedures in respect of Clients in line with their assessed Money Laundering and Terrorist Financing risk
          • requiring the quality and extent of required identification data for each type of Client to be of a certain standard (e.g. documents from independent and reliable sources, third person information, documentary evidence)
          • obtaining additional data and information from the Clients, where this is appropriate for the proper and complete understanding of their activities and source of wealth and for the effective management of any increased risk emanating from the particular Business Relationship or the Occasional Transaction
          • ongoing monitoring of high risk Clients’ transactions and activities, as and when applicable.

In this respect, it is the duty of the MLCO to develop and constantly monitor and adjust the Company’s policies and procedures with respect to the Client Acceptance Policy and Client Due Diligence and Identification Procedures of Sections 10 and 11 of the Manual, respectively, as well as via a random sampling exercise as regards existing Clients. These actions shall be duly documented and form part of the Annual Money Laundering Report, as applicable.

9.4. Dynamic Risk Management

Risk management is a continuous process, carried out on a dynamic basis. Risk assessment is not an isolated event of a limited duration. Clients’ activities change as well as the services and financial instruments provided by the Company change. The same happens to the financial instruments and the transactions used for money laundering or terrorist financing.

In this respect, it is the duty of the MLCO to undertake regular reviews of the characteristics of existing Clients, new Clients, services and financial instruments and the measures, procedures and controls designed to mitigate any resulting risks from the changes of such characteristics. These reviews shall be duly documented, as applicable, and form part of the Annual Money Laundering Report.

9.5. Relevant International Organisations

For the development and implementation of appropriate measures and procedures on a risk based approach, and for the implementation of Client Identification and Due Diligence Procedures, the MLCO and the Administration/Back-Office Department shall consult data, information and reports [e.g. Clients from countries which inadequately apply Financial Action Task Force’s (hereinafter “FATF”), country assessment reports] that are published in the following relevant international organisations

      • FATF – www.fatf-gafi.org
      • The Council of Europe Select Committee of Experts on the Evaluation of Anti-Money Laundering Measures (hereinafter “MONEYVAL”) – www.coe.int/moneyval
      • The EU Common Foreign & Security Policy (CFSP)- www.europa.eu/cfsp/
      • The UN Security Council Sanctions Committees – www.un.org/sc/committees
      • The International Money Laundering Information Network (IMOLIN) – www.imolin.org
      • The International Monetary Fund (IMF) – www.imf.org.
    1. CLIENT ACCEPTANCE POLICY

The Client Acceptance Policy (hereinafter the “CAP”), following the principles and guidelines described in this Manual, defines the criteria for accepting new Clients and defines the Client categorisation criteria which shall be followed by the Company and especially by the employees which shall be involved in the Client Account Opening process.

The MLCO shall be responsible for applying all the provisions of the CAP. In this respect, the Head of the Administration/Back Office Department shall also be assisting the MLCO with the implementation of the CAP, as applicable.

The Internal Auditor shall review and evaluate the adequate implementation of the CAP and its relevant provisions, at least annually, as per Section 5 of the Manual.

10.1. General Principles of the CAP

The General Principles of the CAP are the following:

      • the Company shall classify Clients into various risk categories and based on the risk perception decide on the acceptance criteria for each category of Client
      • where the Client is a prospective Client, an account must be opened only after the relevant pre-account opening due diligence and identification measures and procedures have been conducted, according to the principles and procedures set in Section 11 of the Manual
      • all documents and data described in Section 11.6 of the Manual must be collected before the establishment of a business relationship with a new Client
      • by way of derogation of point (c) above and according to Section 11.5(2) of the Manual, the verification of the identity of a new Client may be completed during the establishment of the business relationship
      • no account shall be opened in anonymous or fictitious names(s)
      • no account shall be opened unless the prospective Client is approved by the:

The Head of the Administration/Back Office Department

10.2. Criteria for Accepting New Clients (based on their respective risk)

This Section describes the criteria for accepting new Clients based on their risk categorisation.

10.2.1. Low Risk Clients

The Company shall accept Clients who are categorised as low risk Clients as long as the general principles under Section 10.1 are followed.

Moreover, the Company shall follow the Simplified Client Identification and Due Diligence Procedures for low risk Clients, according to Section 11.8 of the Manual.

10.2.2. Normal Risk Clients

The Company shall accept Clients who are categorised as normal risk Clients as long as the general principles under Section 10.1 of the Manual are followed.

10.2.3. High Risk Clients

The Company shall accept Clients who are categorised as high risk Clients as long as the general principles under Section 10.1 of the Manual are followed.

Moreover, the Company shall apply the Enhanced Client Identification and Due Diligence measures for high risk Clients, according to Section 11.9 of the Manual and the due diligence and identification procedures for the specific types of high risk Clients mentioned as well in Section 11.10 of the Manual, as applicable.

10.3. Not Acceptable Clients

The following list predetermines the type of Clients who are not acceptable for establishing a Business Relationship or an execution of an Occasional Transaction with the Company:

      • Clients who fail or refuse to submit, the requisite data and information for the verification of his identity and the creation of his economic profile, without adequate justification (see also Section 11.4 of the Manual) Shell Banks.
      • Clients included in Sanctions Lists.
      • Clients convicted for a Prescribed Offence (and not served their sentence)
      • Credit institutions

10.4. Client Categorisation Criteria

This Section defines the criteria for the categorisation of Clients based on their risk. The MLCO shall be responsible for categorising Clients in one of the following three (3) categories based on the criteria of each category set below:

10.4.1. Low Risk Clients

The Company may apply simplified due diligence to the following types of Clients provided that this a low risk or no suspicion for money laundering and Terrorist Financing.

      • credit or financial institution covered by the EU Directive
      • credit or financial institution carrying out one or more of the financial business activities as these are defined by the Law and which is situated in a country outside the EEA, which:
        • in accordance with a decision of the Advisory Authority, imposes requirements equivalent to those laid down by the EU Directive (see Appendix 4 for the list of equivalent third countries), and
        • it is under supervision for compliance with those requirements
      • listed companies whose securities are admitted to trading on a Regulated Market in a country of the EEA or in a third country which is subject to disclosure requirements consistent with community legislation
      • domestic public authorities of countries of the EEA.

It is provided that, further to the cases mentioned above, the Company has to gather sufficient information to establish if the Client qualifies as a low-risk Client. In this respect, the MLCO shall be responsible to gather the said information. The said information shall be duly documented and filed, as applicable, according to the recording keeping procedures described in Section 14.

10.4.2. Normal Risk Clients

The following types of Clients can be classified as normal risk Clients with respect to the Money Laundering and Terrorist Financing risk which the Company faces:

any Client who does not fall under the ‘low risk Clients’ or ‘high risk Clients’ categories set in Sections 10.4.1 and 10.4.3, respectively.

10.4.3. High Risk Clients

The following types of Clients can be classified as high risk Clients with respect to the Money Laundering and Terrorist Financing risk which the Company faces:

      • Clients who are not physically present for identification purposes (non face-to-face Clients)
      • Clients whose own shares or those of their parent companies (if any) have been issued in bearer form
      • trust accounts
      • ‘Client accounts’ in the name of a third person
      • PEPs’ accounts
      • Clients who are involved in electronic gambling/gaming activities through the internet
      • Clients from countries which inadequately apply FATF’s recommendations
      • Clients included in the leaked documents of Mossack Fonseca (Panama Papers)
      • Clients convicted for a Prescribed Offence (and already served their sentence)
      • cross-frontier correspondent banking relationships with credit institutions-Clients from third countries
      • any other Clients that their nature entail a higher risk of money laundering or terrorist financing
      • any other Client determined by the Company itself to be classified as such.
    1. CLIENT DUE DILIGENCE AND IDENTIFICATION PROCEDURES

11.1. Cases for the application of Client Identification and Due Diligence Procedures

The Company shall duly apply Client identification procedures and Client due diligence measures in the following cases:

      • when establishing a Business Relationship
      • when carrying out Occasional Transactions amounting to Euro 15,000 or more, whether the transaction is carried out in a single operation or in several operations which appear to be linked
      • when there is a suspicion of money laundering or terrorist financing, regardless of the amount of the transaction
      • when there are doubts about the veracity or adequacy of previously Client identification data.

In this respect, it is the duty of the MLCO to apply all the relevant Client Due Diligence Identification Procedures described in Section 11 of the Manual for the four (4) cases mentioned above. Furthermore, the Administration/Back-Office Department shall also be responsible to collect and file the relevant Client identification documents, according to the recording keeping procedures described in Section 14 of the Manual.

Further, the MLCO shall be responsible to maintain at all times and use during the application of Client due diligence and identification procedures template-checklists with respect to required documents and data from potential Clients, as per the requirements of the Law and the Directive.

The Internal Auditor shall be responsible to review the adequate implementation of all the policies and procedures mentioned in Section 5.1 of the Manual, at least annually.

11.2. Ways of application of Client Identification and Due Diligence Procedures

Client identification procedures and Client due diligence measures shall comprise:

      • identifying the Client and verifying the Client’s identity on the basis of documents, data or information obtained from a reliable and independent source.

It is noted that the identification procedure includes the following:

          1. Creation of an economic profile for the customer/beneficial owner,
          2. Carrying out an appropriateness test in accordance to LAW ON MEASURES AGAINST MONEY LAUNDERING
          • identifying the beneficial owner and taking risk-based and adequate measures to verify the identity on the basis of documents, data or information obtained from a reliable and independent source so that the person carrying on in financial or other business knows who the beneficial owner is; as regards legal persons, trusts and similar legal arrangements, taking risk based and adequate measures to understand the ownership and control structure of the Client
          • obtaining information on the purpose and intended nature of the business relationship
          • conducting on-going monitoring of the business relationship including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the information and data in the possession of the person engaged in financial or other business in relation to the Client, the business and risk profile, including where necessary, the source of funds and ensuring that the documents, data or information held are kept up-todate.
          • Screening Clients against databases or third party checks for adverse tax-related news.

The Company applies each of the customer due diligence measures and identification procedures set out above, but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship, product or transaction (please also refer to Section 11.9 and 11.10 of this Manual).

11.3. Transactions that Favour Anonymity

In the case of Clients’ transactions via internet or other electronic means where the Client is not present so as to verify the authenticity of his signature or that he is the real owner of the account or that he has been properly authorised to operate the account, the Company applies reliable methods, procedures and control mechanisms over the access to the electronic means so as to ensure that it deals with the true owner or the authorised signatory of the account.

11.4. Failure or Refusal to Submit Information for the Verification of Clients’ Identity

Failure or refusal by a Client to submit, before the establishment of a Business Relationship or the execution of an occasional transaction, the requisite data and information for the verification of his identity and the creation of his economic profile (see Section 11.6 of the Manual), without adequate justification, constitutes elements that may lead to the creation of a suspicion that the Client is involved in money laundering or terrorist financing activities. In such an event, the Company shall not proceed with the establishment of the Business Relationship or the execution of the occasional transaction (see Section 10.3 of the Manual) while at the same time the MLCO considers whether it is justified under the circumstances to submit a report to the Unit, according to point (g) of Section 6.2 of the Manual.

If, during the Business Relationship, a Client fails or refuses to submit, within a reasonable timeframe, the required verification data and information according to Section 11 of the Manual, the Company and the MLCO shall consider terminating the Business

Relationship and close all the accounts of the Client, taking also into account the specific circumstances of the Client in question and the risks faced by the Company on possible money laundering and/or terrorist financing, while at the same time examine whether it is justified under the circumstances to submit a report to Unit, according to paragraph point (g) of Section 6.2 of the Manual.

11.5. Time of Application of the Client Identification and Due Diligence Procedures

With respect to the timing of the application of the Client Identification and Due Diligence Procedures, the MLCO shall be responsible for the application of the following provisions:

          1. The verification of the identity of the Client and the Beneficial Owner shall be performed before the establishment of a Business Relationship or the carrying out of a transaction.
          2. By way of derogation from point (1) above, the verification of the identity of the customer and the beneficial owner shall be completed during the establishment of a business relationship if this is necessary not to interrupt the normal conduct of business and where the risk of money laundering or terrorist financing occurring is low. In such situations, these procedures shall be completed as soon as practicable after the initial contact and before any transactions take place.
          3. Without prejudice of what is stated in point (2) above by way of derogation from point (1) above, for cases that fall under the supervision of [List local Authority] the verification of the identity of the customer and the beneficial owner may be completed during the establishment of a business relationship if this is necessary:
            1. not to interrupt the normal conduct of business and
            2. where there is little risk of money laundering or terrorist financing occurring and
            3. the process of verification is completed as soon as practicable after the initial contact.

For the purposes of this point, the risk of money laundering or terrorist financing may be assessed as low when, as a minimum, the following, among others, are taken into consideration:

          • If the verification of the customer/beneficial owner’s identity has not been completed, the cumulative amount of deposited funds of a customer/beneficial owner should not exceed €2,000, irrespective of the number of accounts the client/beneficial owner holds with the regulated entity. The amount of €2,000 does not automatically categorise the client as a low risk client. The Company should assess each client’s risk as per the designated procedure.
          • The Company accepts deposits only from a bank account (or through other means that are linked to a bank account e.g. credit card), that is in the name of the customer with whom establishes a business relationship.
          • The cumulative time in which the verification of the identity of a customer/beneficial owner is completed, must not exceed 15 days from initial contact.
          • It is noted that the initial contact takes place the moment that the client either accepts the terms and conditions or makes his first deposit, whichever comes first.
          • Within the timeframe of 15 days from initial contact, the regulated entity takes all reasonable measures to ensure that the percentage of customers that have not complied with the request to submit verification documents, is considerably low (e.g. the Company issues requests/reminders to the customer/beneficial owner informing them of their obligation to submit the requested documents for the verification of their identity).
          • Where the verification of the customer/beneficial owner’s identity has not been completed during the designated timeframe of 15 days, the commencement of a business relationship must be terminated on the date of the deadline’s expiry and all deposited funds must be returned to the customer/beneficial owner, in the same bank account from which they originated. The procedure for returning the funds must occur immediately, regardless of whether the customer has requested the return of their funds or not. The returned funds (deposits) include any profits the customer has gained during their transactions and deducting any losses incurred.
          • Within the timeframe of 15 days from initial contact, the customer/beneficial owner must undergo at least one Enhanced Due Diligence measure in accordance to article 64 of the Law.
          • No funds are withheld and no accounts are frozen, save for those cases of suspicion of money laundering, where the regulated entity is under obligation to immediately report their suspicion to MOKAS and notify [List local Authority] (through the Monthly Prevention Statement) of the suspicious transaction incident in the designated procedure (please refer to Section 8 of this Manual).

It is noted that the Company shall complete the prescribed procedures for the verification of customers’ identity before the establishment of a business relationship. In those extraordinary cases where the verification of a customer or beneficial owner’s identity takes place during the establishment of a business relationship (after the initial contact), the Company shall take into consideration this point of the Manual as well as the designated internal procedure that is described in detail within this Manual as APPENDIX 6.

          1. In cases where the Company is unable to comply with points (a) to (c) of Section 11.2 of the Manual, the Company shall not carry out a transaction through a bank account, establish a Business Relationship or carry out the transaction, or must terminate the business relationship and shall consider making a report to the Unit.
          2. Identification procedures and Client due diligence requirements shall be applied not only to all new Clients but also to existing Clients at appropriate times (see points (b)

to (d) of Section 11.1 of the Manual), depending on the level of risk of being involved in money laundering or terrorist financing (see points (b) to (d) of Section 11.1 of the Manual).

11.6. Construction of an Economic Profile and General Client Identification and Due Diligence Principles

          1. The construction of the Client’s economic profile needs to include/follow the principles below:
            • the Company shall be satisfied that it’s dealing with a real person and, for this reason, the Company shall obtain sufficient evidence of identity to verify that the person is who he claims to be. Furthermore, the Company shall verify the identity of the Beneficial Owner(s) of the Clients’ accounts. In the cases of legal persons, the Company shall obtain adequate data and information so as to understand the ownership and control structure of the Client. Irrespective of the Client type (e.g. natural or legal person, sole trader or partnership), the Company shall request and obtain sufficient data and information regarding the Client business activities and the expected pattern and level of transactions. However, it is noted that no single form of identification can be fully guaranteed as genuine or representing correct identity and, consequently, the identification process will generally need to be cumulative
            • the verification of the Clients’ identification shall be based on reliable data and information issued or obtained from independent and reliable sources, meaning those data, and information that are the most difficult to be amended or obtained illicitly
            • a person’s residential and business address will be an essential part of his identity
            • the Company will never use the same verification data or information for verifying the Client’s identity and verifying its home address
            • the data and information that are collected before the establishment of the

Business Relationship, with the aim of constructing the Client’s economic profile and, as a minimum, shall include the following:

          • the purpose and the reason for requesting the establishment of a Business Relationship
          • the anticipated account turnover, the nature of the transactions, the expected origin of incoming funds to be credited in the account and the expected destination of outgoing transfers/payments
          • the Client’s size of wealth and annual income and the clear description of the main business/professional activities/operations
          • the data and information that are used for the construction of the Client-legal person’s economic profile shall include, inter alia, the following:
            • the name of the company
            • the country of its incorporation
            • the head offices address
            • the names and the identification information of the Beneficial Owners
            • the names and the identification information of the directors
            • the names and the identification information of the authorised signatories financial information
            • the ownership structure of the group that the Client-legal person may be a part of (country of incorporation of the parent company, subsidiary companies and associate companies, main activities and financial information).

The said data and information are recorded in a separate form designed for this  purpose which is retained in the Client’s file along with all other documents as well as all internal records of meetings with the respective Client. The said form is updated regularly or whenever new information emerges that needs to be added to the economic profile of the Client or alters existing information that makes up the economic profile of the Client.

          • identical data and information with the abovementioned shall be obtained in the case of a Client-natural person, and in general, the same procedures with the abovementioned shall be followed
          • Client transactions transmitted for execution, shall be compared and evaluated against the anticipated account’s turnover, the usual turnover of the activities/operations of the Client and the data and information kept for the Client’s economic profile. Significant deviations are investigated and the findings are recorded in the respective Client’s file. Transactions that are not justified by the available information on the Client, are thoroughly examined so as to determine whether suspicions over money laundering or terrorist financing arise for the purposes of submitting an internal report to the MLCO, according to point (e) of Section 6.2 of the Manual, and then by the latter to the Unit, according to point (g) of Section 6.2 of the Manual.
          1. The Company shall apply each of the Client due diligence measures and identification procedures set out in point (1) above, but may determine the extent of such measures on a risk-sensitive basis depending on the type of Client, Business Relationship, product or transaction. The Company shall be able to demonstrate to [List local Authority] that the extent of the measures is appropriate in view of the risks of the use of the Investment and Ancillary Services for the purposes of Money Laundering and Terrorist Financing.
          2. For the purposes of the provisions relating to identification procedures and Client due diligence requirements, proof of identity is satisfactory if-
            • it is reasonable possible to establish that the Client is the person he claims to be; and,
            • the person who examines the evidence is satisfied, in accordance with the procedures followed under the Law, that the Client is actually the person he claims to be.

The construction of the Client’s economic profile according to the provisions above shall be undertaken by the MLCO. In this respect, the data and information collected for the construction of the economic profile shall be fully documented and filed, as applicable, by the Administration/Back-Office Department.

11.7. Further Obligations for Client Identification and Due Diligence Procedures

          1. In addition to the principles described in Section 11.6. above, the Company, and specifically the MLCO shall:
            • ensure that the Client identification records remain completely updated with all relevant identification data and information throughout the Business Relationship
            • examine and check, on a regular basis, the validity and adequacy of the Client identification data and information that he maintains, especially those concerning high risk Clients.

The procedures and controls of point (a) in Section 6.2 of the Manual also determine implicitly the timeframe during which the regular review, examination and update of the Client identification is conducted. The outcome of the said review shall be recorded in a separate note/form which shall be kept in the respective Client file.

          1. Despite the obligation described in point (1) above and while taking into consideration the level of risk, if at any time during the Business Relationship, the Company becomes aware that reliable or adequate data and information are missing from the identity and the economic profile of the Client, then the Company takes all necessary action, by applying the Client identification and due diligence procedures according to the Manual, to collect the missing data and information, the soonest possible, so as to identify the Client and update and complete the Client’s economic profile.
          2. In addition to the obligation of points (1) and (2) above, the Company shall check the adequacy of the data and information of the Client’s identity and economic profile, whenever one of the following events or incidents occurs:
            • an important transaction takes place which appears to be unusual and/or significant compared to the normal pattern of transactions and the economic profile of the Client
            • a material change in the Client’s legal status and situation, such as:
              1. change of directors/secretary
              2. change of registered shareholders and/or Beneficial Owners
          • change of registered office
          1. change of trustees
          2. change of corporate name and/or trading name
          3. change of the principal trading partners and/or undertaking of major new business activities
          • a material change in the way and the rules the Client’s account operates, such as:
            1. change in the persons that are authorised to operate the account
            2. application for the opening of a new account for the provision of new investment services and/or financial instruments.
          1. In addition to the above, the Company, when making transfers of money between

Clients’ accounts, shall apply the following procedures in accordance to LAW ON MEASURES AGAINST MONEY LAUNDERING, as applicable:

          • Ask, from both Clients directly involved (originator of the transfer and recipient of the transfer), to complete a form of order and acceptance of the money transfer between the Clients’ accounts.
          • Before performing the money transfer, the responsible, for this purpose, person (e.g. Head of the Accounting Department) shall confirm the order and acceptance of the money transfer
          • The MLCO shall:
            1. verify the authenticity of the signatures on the aforementioned form
            2. record (e.g. on the form) the reasons and confirm the legality of the purpose for which the transfer of money is made
          • keep/file all records and information related to this purpose in the involved Clients’ files.

11.8. Simplified Client Identification and Due Diligence Procedures

With respect to the provisions of the Law and the Directive for simplified Client Identification and Due Diligence Procedures, the following shall apply:

          1. In the cases of points (a), (b) and (d) of Section 11.1, the Company may not apply the measures described in Section 11.2, point (1) of Section 11.5 and Sections 11.6 and 11.7 of the Manual for a Client who may be categorised as a low risk Client according to the criteria set in Section 10.4.1 of the Manual.
          2. For simplified Client Identification and Due Diligence Procedures, the Company may not verify the identification of the client or the beneficial owner, neither collect information regarding the purpose and the intended nature of the business relationship or perform verification of the identity of the customer and the beneficial owner after the establishment of the business relationship or the execution of an occasional transaction;
          3. In addition to the above, the Company must exercise continuous monitoring of the business relationships mentioned in Section 10.4.1. according to the provisions of the paragraph (d) of Section 11.2. or report to the Unit any suspicious transaction or any attempt to carry out a suspicious transaction
          4. Further to the above, [List local Authority], may permit simplified KYC for low risk products and transactions, subject to specific criteria as defined in the AML Law as amended.
          5. It is provided that the Company shall collect sufficient information, so as to decide whether the Client can be exempted according to the provisions of point (1) – already mentioned in Section 10.4.1. The Company when assessing the abovementioned shall pay special attention to any activity of those Clients or to any type of transactions which may be regarded as particularly likely, by its nature, to be used or abused for money laundering or terrorist financing purposes.
          6. The Company shall not consider that Clients or transactions referred to in point (1) above represent a low risk of money laundering or terrorist financing if there is information available to suggest that the risk of money laundering or terrorist financing may not be low.
          7. With respect to public authorities or public bodies of the EEA countries, for which the provisions of point (1) of Section 11.6 may not be applied, they must fulfil all the following criteria:
            • the Client has been entrusted with public functions pursuant to the Treaty on European Union, the Treaties on the Communities or Community secondary legislation
            • the Client’s identity is publicly available, transparent and certain
            • the activities of the Client, as well as its accounting practices, are transparent
            • either the Client is accountable to a community institution or to the authorities of a member state, or appropriate check and balance procedures exist ensuring control of the Client’s activity.

11.9. Enhanced Client Identification and Due Diligence (High Risk Clients)

11.9.1. General Provisions

The MLCO shall apply enhanced due diligence measures, in addition to the measures referred to in Sections 11.2, 11.5, 11.6 and 11.7, with respect to the Clients categorised as high risk Clients according to the criteria set in Section 10.4.3 of this Manual.

These measures include the following:

          • where the Client has not been physically present for identification purposes, the Company shall apply one or more of the following measures:
            1. take supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by a credit or financial institution
            2. ensure that the first payment of the operations is carried out through an account opened in the Client’s name with a credit institution which operates in a country within the EEA.
          • In respect of cross-frontier correspondent banking relationships with credit institutions-Clients from third countries, the Company shall:
            1. gather sufficient information about the credit institution-Client to understand fully the nature of the business and the activities of the Client and to assess, from publicly available information, the reputation of the institution and the quality of its supervision
            2. assess the systems and procedures applied by the credit institution-Client for the prevention of Money Laundering and Terrorist Financing
          • obtain approval from the Senior Management before entering into correspondent bank account relationship
          1. document the respective responsibilities of the person engaged in financial or Other Business Activities and of the credit institution-Client
          2. with respect to payable-through accounts, must be ensured that the credit institution-Client has verified the identity of its Clients and performed ongoing due diligence on the Clients having direct access to the correspondent bank accounts and that it is able to provide relevant Client’s due diligence data to the correspondent institution, upon request.
          • With respect to transactions or Business Relationships with PEPs, the Company shall:
            1. have appropriate risk-based procedures to determine whether the Client (or the Beneficial Owner) is a PEP
            2. have Senior Management approval for establishing Business Relationships with such Clients or of the continuation of the business relationships with existing Clients which have become PEPs.
          • take adequate measures to establish the source of wealth and source of funds that are involved in the Business Relationship or transaction
          1. conduct enhanced on-going monitoring of the Business Relationship.
          • Documents from very high risk clientele, from jurisdictions which apply a lower degree of measures and controls over the AML in EU, should provide, in addition to the main KYC procedure described above, at least 1 out of the three following documents:
            1. Bank Reference Letter;
            2. Criminal Record Certificate;
          • Official Reference Letter from the Employer Below are described due diligence and identification procedures with respect to high risk Clients:

11.9.2. Non face-to-face Clients

          1. The Company shall apply the following with respect to non face-to-face Clients:
            1. Whenever a customer requests the establishment of a Business Relationship or an Occasional Transaction, a personal interview is recommended during which all information for customer identification should be obtained. In situations where a customer, especially a non-resident of the Country, requests the establishment of a Business Relationship or an Occasional Transaction by  internet without presenting himself for a personal interview, the Company shall follow the established customer identification and due diligence procedures, as applied for customers with whom it comes in direct and personal contact and obtain the same identification information and documents as required by the Law and the Directive, depending on the type of the customer. The said identification information and documents kept by the Company in its records shall take the following form:
              1. Original, or
              2. Certified true copy of the original, where the certification is made by the Company, in cases where it establishes the customer’s identity itself, once the original is presented thereto, or
          • Certified true copy of the original, where the certification is made by third parties, in cases where they establish the customer’s identity, pursuant to paragraph 11.11, or
          1. Certified true copy of the original, where the certification is made by a competent authority or person that, pursuant to the relevant provision of the laws of their country, is responsible to certify the authenticity of documentation or information, or
          2. Provided that at least one of the procedures referred to in paragraph b below is followed:
            1. Copy of the original, or
            2. Identification information and documents collected via electronic verification in accordance with the provisions of paragraph c. below.
          3. Instead of the measure prescribed in point (ii) of Section 11.9.1 (a), other practical procedures, which may be adopted for the implementation of the measure of point (a)(i) of Section 11.9.1 with regard to customers with whom the Company does not come to immediate and personal contact, are as follows:
            1. The Company ensures that the first payment of the operations is carried out through an account opened in the customer’s name with a credit institution operating and licensed in a third country, which, according to the Advisory Authority’s decision, imposes requirements on combating money laundering equivalent to those of the EU Directive,
          1. The Company obtains a direct confirmation of the establishment of a business relationship through direct personal contact, as well as, the true name, address and passport/identity card number of the customer, from a credit institution or a financial institution with which the customer cooperates, operating in a Member State or in a Third Country, which, according to the Advisory Authority’s decision, imposes requirements on combating money laundering equivalent to those of the EU Directive (or a certified true copy of the confirmation),
          • The Company arranges a telephone contact with the customer at his home or office, on a telephone number which has been verified from independent and reliable sources. During the telephone contact, the Company shall confirm additional aspects of the identity information submitted by the customer during the procedure of opening his account. It is noted that the Company shall keep records of the respective call,
          1. The Company arranges a communication via video call with the customer, provided the video recording and screen shot safeguards apply to the communication. It is provided that a customer, whose identity was verified hereunder cannot deposit an amount over €2.000 per annum, irrespective of the number of accounts that he keeps with the Company, unless an additional measure of paragraph (b) of the present or of Article 64(1)(a)(ii) of the Law is taken in order to verify his identity. During the internet communication, the Company shall confirm additional aspects of the identity details submitted by the customer when opening his account.

It is provided that the Company shall apply appropriate measures and procedures in order to:

          1. confirm and monitor both the amount of the customer’s deposit and the risk for money laundering or terrorist financing and take additional measures to verify the customer’s identity depending on the degree of the risk;
          2. ensure the normal conduct of business is not interrupted where the amount of the deposit exceeds the amount of €2.000 per annum;
          3. warn the customer appropriately and in due time for the above procedure in order to obtain the customer’s express consent prior to its commencement.
          1. The Company arranges a communication with the customer at an address that the Company has previously verified from independent and reliable sources, in the form of a registered letter (For example, such communication may take the form of a direct mailing of account opening documentation to him, which the customer shall return to the Company or the Company may send security codes required by the customer to access the accounts opened through the internet).
          2. The Company performs an electronic verification:
            1. Electronic identity verification is carried out either directly by the Company or through a third party. Both the Company and the said third parties cumulatively satisfy the following conditions:
              1. the electronic databases kept by the third party or to which the third person or the Company has access are registered to and/or approved from the Data Protection Commissioner in order to safeguard personal data (or the corresponding competent authority in the country the said databases are kept),
              2. electronic databases provide access to information referred to both present and past situations showing that the person really exists and providing both positive information (at least the customer’s full name, address and date of birth) and negative information (e.g. committing of offences such as identity theft, inclusion in deceased persons records, inclusion in sanctions and restrictive measures’ list by the Council of the European Union and the UN Security Council).
          • electronic databases include a wide range of sources with information from different time periods with real-time update and trigger alerts when important data alter.
          1. transparent procedures have been established allowing the Company to know which information was searched, the result of such search and its significance in relation to the level of assurance as to the customer’s identity verification.
          2. procedures have been established allowing the Company to record and save the information used and the result in relation to identity verification.
          1. The information must come from two or more sources. The electronic verification procedure shall at least satisfy the following correlation standard:
            1. identification of the customer’s full name and current address from one source, and
            2. identification of the customer’s full name and either his current address or date of birth from a second source.
          2. For purposes of carrying out the electronic verification, the Company shall establish procedures in order to satisfy the completeness, validity and reliability of the information to which it has access. It is provided that the verification procedure shall include a search of both positive and negative information.
          3. It is understood that the Company evaluates the results of the verification of the identity in order the conditions of Section 11.6.3 to be satisfied. The Company establishes mechanisms for the carrying out of quality controls in order to assess the quality of the information on which it intends to rely.
          4. The requirements of Section 11.9.1 shall also apply to companies or other legal persons requesting to establish a Business Relationship or an Occasional Transaction  through the internet. The Company shall take additional measures to ensure that the companies or other legal persons operate from the address of their main offices and carry out legitimate activities in all respects.

11.9.3. Account in names of companies whose shares are in bearer form The MLCO shall apply the following with respect to accounts in names of companies whose shares are in bearer form:

          1. The Company may accept a request for the establishment of a Business Relationship or for an Occasional Transaction from companies whose own shares or those of their parent companies (if any) have been issued in bearer form by applying, in addition to the procedures of Section 11.10.6, all the following supplementary due diligence measures:
          • the Company takes physical custody of the bearer share certificates while the Business Relationship is maintained or obtains a confirmation from a bank operating in the Country or a country of the EEA that it has under its own custody the bearer share certificates and, in case of transferring their ownership to another person, shall inform the Company accordingly
          • the account is closely monitored throughout its operation. At least once a year, a review of the accounts’ transactions and turnover is carried out and a note is prepared summarising the results of the review which shall be kept in the Client’s file
          • if the opening of the account has been recommended by a third person as defined in Section 11.11, at least once every year, the third person who has introduced the Client provides a written confirmation that the capital base and the shareholding structure of the company-Client or that of its holding company (if any) has not been altered by the issue of new bearer shares or the cancellation of existing ones. If the account has been opened directly by the company-Client, then the written confirmation is provided by the company-Client’s directors
          • when here is a change to the Beneficial Owners, the Company examines whether or not to permit the continuance of the account’s operation.

11.9.4. Trust accounts

The MLCO shall apply the following with respect to trust accounts:

          1. When the Company establishes a Business Relationship or carries out an Occasional Transaction with trusts, it shall ascertain the legal substance, the name and the date of establishment of the trust and verify the identity of the trustor, trustee and Beneficial Owners, according to the Client identification procedures prescribed in throughout Section 11 of this Manual.
          2. Furthermore, the Company shall ascertain the nature of activities and the purpose of establishment of the trust as well as the source and origin of funds requesting the relevant extracts from the trust deed and any other relevant information from the trustees. All relevant data and information shall be recorded and kept in the Client’s file.

11.9.5. ‘Client accounts’ in the name of a third person

The MLCO shall apply the following with respect to “Client accounts” in the name of a third person:

          1. The Company may open “client accounts” (e.g. omnibus accounts) in the name of financial institutions from EEA countries or a third country which, in accordance with a relevant decision of the Advisory Authority it has been determined that the relevant third country applies procedures and measures for preventing Money Laundering and Terrorist Financing equivalent to the requirements of the EU Directive (see Appendix 4 for the list of equivalent third countries). In these cases the Company shall ascertain the identity of the abovementioned financial institutions according to the Client identification procedures prescribed in throughout Section 11 of the Manual.

In case the Company receives a request to open “client accounts” (e.g. omnibus accounts) in the name of financial institutions originating from countries other than the EEA or an equivalent third country, then the Company shall examine such requests on a case by case basis and shall undertake additional due diligence measures on such financial institutions. Such additional measures shall include a country-profile assessment in terms of AML reputation and legislation, analysis of the AML measures applied by such financial institutions, whether he financial institution is supervised in terms of AML, analysis of the line of business and clientele type of the financial institution and any additional measures deemed necessary during the assessment. It is stressed that the Company shall be extra vigilant on such cases.

          1. In the case that the opening of a “client account” is requested by a third person acting as an auditor/accountant or an independent legal professional or a trust and company service provider situated in a country of the EEA or a third country which, in accordance with a relevant decision of the Advisory Authority it has been determined that the relevant third country applies procedures and measures for preventing money laundering and terrorist financing equivalent to the requirements of the EU Directive, (see Appendix 4 for the list of equivalent third countries), the Company shall proceed with the opening of the account provided that the following conditions are met:
            • the third person is subject to mandatory professional registration in accordance with the relevant laws of the country of operation
            • the third person is subject to regulation and supervision by an appropriate competent authority in the country of operation for Anti-Money Laundering and Terrorist Financing purposes
            • the MLCO has assessed the Client identification and due diligence procedures implemented by the third person and has found them to be in line with the Law and the Directive. A record of the assessment should be prepared and kept in a separate file maintained for each third person
            • the third person makes available to the Company all the data and documents prescribed in point (1) of Section 11.11 of the Manual.

11.9.6. “Politically Exposed Persons” accounts

The Company shall apply the following with respect to the accounts of “Politically Exposed Persons”:

          1. The establishment of a Business Relationship or the execution of an Occasional Transaction with politically exposed persons as interpreted in LAW ON MEASURES AGAINST MONEY LAUNDERING of the Law, may expose the Company to enhanced risks, especially if the potential Client seeking to establish a Business Relationship or the execution of an Occasional Transaction is a PEP, a member of his immediate family or a close associate that is known to be associated with a PEP. The Company shall pay more attention when the said persons originate from a country which is widely known to face problems of bribery, corruption and financial irregularity and whose anti-money laundering laws and regulations are not equivalent with international standards.
          2. In order to effectively manage such risks, the Company shall assess the countries of origin of its Clients in order to identify the ones that are more vulnerable to corruption or maintain laws and regulations that do not meet the 40+9 requirements of the FATF, according to Section 11.9.8 of the Manual.

With regard to the issue of corruption, one useful source of information is the Transparency International Corruption Perceptions Index which can be found on the website of Transparency International at www.transparency.org.

With regard to the issue of adequacy of application of the 40+9 recommendations of the FATF, the Company shall retrieve information from the country assessment reports prepared by the FATF or other regional bodies operating in accordance with FATF’s principles (e.g. Moneyval Committee of the Council of Europe) or the International Monetary Fund.

          1. The meaning ‘Politically Exposed Persons’ includes the following natural persons who are or have been entrusted with prominent public functions’ in [List local Country] or abroad:
            • heads of State, heads of government, ministers and deputy or assistant ministers (b) members of parliaments
            • members of supreme courts, of constitutional courts or of other high-level judicial bodies whose decisions are not subject to further appeal, except in exceptional circumstances
            • members of courts of auditors or of the boards of central banks
            • ambassadors, chargιs d’affaires and high-ranking officers in the armed forces
            • members of the administrative, management or supervisory bodies of State-owned enterprises.
          1. Without prejudice to the application, on a risk-sensitive basis, of enhanced Client due diligence measures (Section 11.9.1 of the Manual), where a person has ceased to be entrusted with a prominent public function within the meaning of point (4) above for a period of at least one year, the Company shall not be obliged to consider such a person as politically exposed.
          2. None of the categories set out in point (4) above shall be understood as covering middle ranking or more junior officials. ‘Immediate family members’ includes the following:
            • the spouse or the person with which cohabit for at least one year
            • the children and their spouses or the persons with which cohabit for at least one year
            • the parents.
          3. ‘Persons known to be close associates’ includes the following:
            • any natural person who is known to have joint Beneficial Ownership of legal entities or legal arrangements, or any other close business relations, with a person referred to in point (4) above
            • any natural person who has sole Beneficial Ownership of a legal entity or legal arrangement which is known to have been set up for the benefit de facto of the person referred to in point (4) above.
          4. Without prejudice to the provisions of point (c) Section 11.9.1 of the Manual, the Company adopts the following additional due diligence measures when it establishes a Business Relationship or carry out an Occasional Transaction with a PEP:
            • the Company puts in place appropriate risk management procedures to enable it to determine whether a prospective Client is a PEP. Such procedures may include, depending on the degree of risk, the acquisition and installation of a reliable commercial electronic database for PEPs, seeking and obtaining information from the Client himself or from publicly available information. In the case of legal entities and arrangements, the procedures will aim at verifying whether the Beneficial Owners, authorised signatories and persons authorised to act on behalf of the legal entities and arrangements constitute PEPs. In case of identifying one of the above as a PEP, then automatically the account of the legal entity or arrangement should be subject to the relevant procedures specified in this Section of the Manual
            • the decision for establishing a Business Relationship or the execution of an Occasional Transaction with a PEP is taken by an Executive Director of the Company and the decision is then forwarded to the MLCO. When establishing a Business Relationship with a Client (natural or legal person) and subsequently it is ascertained that the persons involved are or have become PEPs, then an approval is given for continuing the operation of the Business Relationship by an Executive Director of the Company which is then forwarded to the MLCO
            • before establishing a Business Relationship or executing an Occasional Transaction with a PEP, the Company shall obtain adequate documentation to ascertain not only the identity of the said person but also to assess his business reputation (e.g. reference letters from third parties)
            • the Company shall create the economic profile of the Client by obtaining the information specified in Section 11.6. The details of the expected business and nature of activities of the Client forms the basis for the future monitoring of the account. The profile shall be regularly reviewed and updated with new data and information. The Company shall be particularly cautious and most vigilant where its Clients are involved in businesses which appear to be most vulnerable to corruption such as trading in oil, arms, cigarettes and alcoholic drinks
            • the account shall be subject to annual review in order to determine whether to allow its continuance of operation. A short report shall be prepared summarising the results of the review by the person who is in charge of monitoring the account. The report shall be submitted for consideration and approval to the Board and filed in the Client’s personal file.

11.9.7. Electronic gambling/gaming through the internet

The Company shall apply the following with respect to accounts related to electronic gambling/gaming through the internet:

          1. The Company may establish a Business Relationship or execute an Occasional Transaction in the names of persons who are involved in the abovementioned activities provided that these persons are licensed by a competent authority of a country of the EEA or a third country which, in accordance with a relevant decision of the Advisory Authority it has been determined that the relevant third country applies procedures equivalent to the requirements of the EU Directive (see Appendix 4 for the list of equivalent third countries). For this purpose, the Company shall request and obtain, apart from the data and information required by the Manual, copy of the licence that has been granted to the said persons by the competent supervisory/regulatory authority, the authenticity of which must be verified either directly with the supervisory/regulatory authority or from other independent and reliable sources.
          2. Furthermore, the Company shall collect adequate information so as to understand the Clients’ control structure and ensure that the said Clients apply adequate and appropriate systems and procedures for Client identification and due diligence for the prevention of money laundering and terrorist financing.
          3. In the case that the Client is a person who offers services (e.g. payment providers, software houses, card acquirers) to the persons mentioned in point (1) above, then the Company shall request and obtain, apart from the data and information required by the Manual, adequate information so as to be satisfied that the services are offered only to licensed persons. Also, it will obtain information necessary to completely understand the ownership structure and the group in which the Client belongs, as well as any other information that is deemed necessary so as to establish the Client’s economic profile. Additionally, the Company shall obtain the signed agreement between its Client and the company that is duly licensed for electronic gambling/gaming activities through the internet, by a competent authority of a country mentioned in point (1) above.
          4. For all the above cases, the decision for the establishment of a Business Relationship or the execution of an Occasional Transaction is taken by an Executive Director of the Company and the decision is then forwarded to the MLCO. Moreover, the account of the said Client is closely monitored and subject to regular review with a view of deciding whether or not to permit the continuance of its operation. Accordingly, a report shall be prepared and submitted for consideration and approval to the Board and filed in the Client’s personal file.

11.9.8. Clients from countries which inadequately apply FATF’s recommendations

          1. The FATF 40+9 Recommendations constitute the primary internationally recognised standards for the prevention and detection of Money Laundering and Terrorist Financing.
          2. The Company shall apply the following with respect to Clients from countries which inadequately apply FATF’s recommendations:
            • exercise additional monitoring procedures and pay special attention to Business Relationships and transactions with persons, including companies and financial institutions, from countries which do not apply or apply inadequately the aforesaid recommendations. Documents from very high risk clientele according to FATF list should provide, in addition to the main KYC procedure described above, at least 1 out of the three following documents:
              • Bank Reference Letter;
              • Criminal Record Certificate;
              • Official Reference Letter from the Employer
            • transactions with persons from the said countries, for which there is no apparent economic or visible lawful purpose, are further examined for the establishment of their economic, business or investment background and purpose. If the Company cannot be fully satisfied as to the legitimacy of a transaction, then a suspicious transaction report is filed to the Unit, according to point (g) Section 6.2 of the Manual.
            • with the aim of implementing the above, the Head of the Administration/BackOffice Department and the MLCO shall consult the country assessment reports prepared by the FATF (http://www.fatf-gafi.org), the other regional bodies that have been established and work on the principles of FATF [e.g. Moneyval Committee of the Council of Europe (coe.int/moneyval)] and the International Monetary Fund (www.imf.org). Based on the said reports, the MLCO assesses the risk from transactions and Business Relationships with persons from various countries and decides of the countries that inadequately apply the FATF’s recommendations. According to the aforesaid decision of the MLCO, the Company applies, when deemed necessary, enhanced due diligence measures for identifying and monitoring transactions of persons originating from countries with significant shortcomings and strategic deficiencies in their legal and administrative systems for the prevention of Money Laundering and Terrorist Financing.

11.9.9. Clients included in the leaked documents of Mossack Fonseca (Panama Papers)

          1. Further to the issuance of [List local Authority] Circulars C125 and C132, in relation to the leaked documents of Mossack Fonseca which refers to persons who may be involved in tax evasion, corruption and/or money laundering activities (colloquially known as the “Panama Papers”) the Company shall categorise such clients as High Risk with respect to the Money Laundering and Terrorist Financing risk which the Company faces.

Before the establishment of a business relationship or the carrying out of an occasional transaction, the Company should check whether the potential clients are mentioned in the Panama Papers and/or whether:

          1. they maintain or maintained any relationship with the company Mossack Fonseca, either directly or with any third person acting for or representing Mossack Fonseca;
          1. they maintain or maintained any business relationship with customers introduced or managed by Mossack Fonseca or by any third person acting for or representing Mossack Fonseca.

If the potential client (or the Beneficial Owner) is included in the Panama Papers and/or the points 1 and/or 2 above applies, then the decision for establishing a Business Relationship or the execution of an Occasional Transaction with the Client shall be undertaken by an Executive Director of the Company. The same shall apply for the maintenance/continuation of a business relationship of an existing Client (natural or legal person) subject to this Section of the Manual.

          1. Following the above, and in cases where the Company is willing to accept Clients subject to this Section of the Manual, then the provisions of Sections 11.5.2 and 11.5.2A of the Manual shall not apply. This means that the Company shall follow the provisions of Section 11.5.2 of the Manual and perform the verification of the identity of such Clients or Beneficial Owners before the establishment of a Business Relationship or the carrying out of a transaction.
          2. With respect to transactions or Business Relationships with clients subject to this Section of the Manual, the MLCO shall:
            1. apply enhanced due diligence measures for identifying and monitoring such clients, as prescribed in this Manual;
            2. collect adequate information so as to understand the clients’ profile;
            3. take supplementary measures to verify or certify the documents supplied, or require confirmatory certification by a credit or financial institution covered by the EU Directive or
            4. ensure that the first payment of the operations is carried out through an account opened in the client’s name with a credit institution which operates in a country within the EEA;
            5. take adequate measures to establish the source of wealth and source of funds that are involved in the Business Relationship or transaction;
            6. conduct enhanced on-going monitoring of the Business Relationship;
            7. obtain adequate documentation to ascertain not only the identity of the said person but also to assess his business reputation (e.g. reference letters from third parties);
            8. seek and obtain information from the client himself or from publicly available information (incl. the reliable commercial electronic database used by the Company);
          1. create the economic profile of the client by obtaining the information specified in this Manual. The details of the expected business and nature of activities of the client forms the basis for the future monitoring of the account. The profile shall be regularly reviewed and updated with new data and information;
          2. review on an annual basis the clients’ trading account in order to determine whether to allow its continuance of operation. A short report shall be prepared summarizing the results of the review by the MLCO. The report shall be submitted for consideration and approval to the Board and filed in the client’s personal file;
          1. Transactions with persons subject to this Section of the Manual, for which there is no apparent economic or visible lawful purpose, are further examined for the establishment of their economic, business or investment background and purpose. If the Company cannot be fully satisfied as to the legitimacy of a transaction, then a suspicious transaction report is filed to the MOKAS.
          2. The MLCO should keep records of Clients subject to this Section of the Manual as prescribed in Appendix 5 below.

11.10. Client Identification and Due Diligence Procedures (Specific Cases)

The MLCO shall ensure that the appropriate documents and information with respect to the following cases shall be duly obtained, as applicable and appropriate:

11.10.1. Natural persons residing in the Country of [List local Country]

          1. The Company shall obtain the following information to ascertain the true identity of the natural persons residing in the Country:
            • true name and/or names used as these are stated on the official identity card or passport
            • full permanent address in the Country, including postal code
            • telephone (home and mobile) and fax numbers
            • e-mail address, if any
            • date and place of birth
            • nationality and
            • details of the profession and other occupations of the Client including the name of employer/business organisation.
          2. In order to verify the Client’s identity/name the Company shall request the Client to present an original document which is issued by an independent and reliable source that carries the Client’s photo (e.g. Passport, National Identity cards, Driving Licence etc). After the Company is satisfied for the Client’s identity from the original identification document presented, it will keep copies.

It is provided that, the Company shall be able to prove that the said document is issued by an independent and reliable source. In this respect, the MLCO shall be responsible to evaluate the independence and reliability of the source and shall duly document and file the relevant data and information used for the evaluation, as applicable.

          1. The Client’s permanent address shall be verified using one of the following ways:
            • visit at the place of residence (in such a case, the Company employee who carries out the visit prepares a memo which is retained in the Client’s file), and
            • the production of a recent (up to 6 months) utility bill, local authority tax bill or a bank statement or any other document same with the aforesaid.
          1. In addition to the above, the Company shall require and receive information on public positions which the prospective Client holds or held in the last twelve (12) months as well as whether he is a close relative or associate of such individual, in order to verify if the Client is a PEP.
          2. In addition to the above, the procedure for the verification of a Client’s identity is reinforced if the said Client is introduced by a reliable staff member of the Company, or by another existing reliable Client who is personally known to a member of the Board. Details of such introductions are kept in the Client’s file.

11.10.2. Natural persons not residing in the Country

          1. The Company shall obtain the information described in Section 11.10.1 to ascertain the true identity of the natural persons not residing in the Country.
          2. Furthermore, passports shall always be requested from the Clients not residing in the Country and, if available, official national identity cards issued by the competent authorities of their country of origin shall be obtained. Certified true copies of the pages containing the relevant information from the said documents shall also be obtained and kept in the Client’s files. In addition, if in doubt for the genuineness of any document (passport, national identity card or documentary evidence of address), the Company shall seek verification of identity with an Embassy or the Consulate of the issuing country or a reputable credit or financial institution situated in the Client’s country of residence.  As derogation to the general rule to request and obtain from clients the documentation described in Section 11.10.1 above in order to verify a customer’s identity/name and permanent address, the Company may alternatively obtain identification information and documents collected via electronic verification in accordance with the provisions of Paragraph 1.a.v.ii of Section 11.9.2 above.
          3. In addition to the aim of preventing Money Laundering and Terrorist Financing, the abovementioned information is also essential for implementing the financial sanctions imposed against various persons by the United Nations and the European Union. In this respect, passport’s number, issuing date and country as well as the Client’s date of birth always appear on the documents obtained, so that the Company would be in the position to verify precisely whether a Client is included in the relevant list of persons subject to financial sanctions which are issued by the United Nations or the European Union based on a United Nations Security Council’s Resolution and Regulation or a Common Position of the European Union’s Council respectively.

11.10.3. Joint accounts

In the cases of joint accounts of two or more persons, the identity of all individuals that hold or have the right to manage the account, are verified according to the procedures set in Sections 11.10.1 and 11.10.2 above.

11.10.4. Accounts of unions, societies, clubs, provident funds and charities

In the case of accounts in the name of unions, societies, provident funds and charities, the Company ascertains their purpose of operation and verifies their legitimacy by requesting the production of the articles and memorandum of association/procedure rules and registration documents with the competent governmental authorities (in case the law requires such registration).

Furthermore, the Company shall obtain a list of the members of board of directors/management committee of the abovementioned organisations and verifies the identity of all individuals that have been authorised to manage the account according to the procedures set in Sections 11.10.1 and 11.10.2.

11.10.5. Accounts of unincorporated businesses, partnerships and other persons with no legal substance

          1. In the case of unincorporated businesses, partnerships and other persons with no legal substance, the identity of the directors, partners, Beneficial Owners and other individuals who are authorised to manage the account shall be verified according to the procedures set in Sections 11.10.1 and 11.10.2. In addition, in the case of partnerships, the original or a certified true copy of the partnership’s registration certificate shall be obtained.
          2. The Company shall obtain documentary evidence of the head office address of the business, ascertains the nature and size of its activities and receives all the information required according to Section 11.6 for the creation of the economic profile of the business.
          3. The Company shall request, in cases where exists, the formal partnership agreement and shall also obtain mandate from the partnership authorising the opening of the account and confirming authority to a specific person who will be responsible for its operation.

11.10.6. Accounts of legal persons

          1. For Clients that are legal persons, the Company shall establish that the natural person appearing to act on their behalf, is appropriately authorised to do so and his identity is established and verified according to the procedures set in Sections 11.10.1 and 11.10.2.
          2. The Company shall take all necessary measures for the full ascertainment of the legal person’s control and ownership structure as well as the verification of the identity of the natural persons who are the Beneficial Owners and exercise control over the legal person according to the procedures set in Sections 11.10.1 and 11.10.2.
          3. The verification of the identification of a legal person that requests the establishment of a Business Relationship or the execution of an Occasional Transaction, comprises the ascertainment of the following:
            • the registered number
            • the registered corporate name and trading name used
            • the full addresses of the registered office and the head offices
            • the telephone numbers, fax numbers and e-mail address
            • the members of the board of directors
            • the individuals that are duly authorised to operate the account and to act on behalf of the legal person
            • the Beneficial Owners of private companies and public companies that are not listed in a Regulated Market of an EEA country or a third country with equivalent disclosure and transparency requirements
            • the registered shareholders that act as nominees of the Beneficial Owners (i) the economic profile of the legal person, according to the provisions of Section 11.6.
          1. For the verification of the identity of the legal person, the Company shall request and obtain, among others, original or certified true copies of the following documents:
            • certificate of incorporation and certificate of good standing (where available) of the legal person
            • certificate of registered office
            • certificate of directors and secretary
            • certificate of registered shareholders in the case of private companies and public companies that are not listed in a Regulated Market of an EEA country or a third country with equivalent disclosure and transparency requirements
            • memorandum and articles of association of the legal person
            • a resolution of the board of directors of the legal person for the opening of the account and granting authority to those who will operate it
            • in the cases where the registered shareholders act as nominees of the Beneficial Owners, a copy of the trust deed/agreement concluded between the nominee shareholder and the Beneficial Owner, by virtue of which the registration of the shares on the nominee shareholder’s name on behalf of the Beneficial Owner has been agreed
            • documents and data for the verification, according to the procedures set in Sections 11.10.1 and 11.10.2, of the identity of the persons that are authorised by the legal person to operate the account, as well as the registered shareholders and Beneficial Owners of the legal person.
          2. Where deemed necessary for a better understanding of the activities, sources and uses of funds/assets of a legal person, the Company shall obtain copies of its latest audited financial statements (if available), and/or copies of its latest management accounts.
          3. For legal persons incorporated outside the Country, the Company requests and obtains documents similar to the above.
          4. As an additional due diligence measure, on a risk-sensitive basis, the Company shall carry out (when deemed necessary) a search and obtain information from the records of the Registrar of Companies and Official Receiver of the Country (for domestic companies) or from a corresponding authority in the company’s (legal person’s) country of incorporation (for foreign companies) and/or request information from other sources in order to establish that the applicant company (legal person) is not, nor is in the process of being dissolved or liquidated or struck off from the registry of the Registrar of Companies and Official Receiver and that it continues to be registered as an operating company in the records of the Registrar of Companies and Official Receiver of the Country or by an appropriate authority outside the Country. It is pointed out that, if at any later stage any changes occur in the structure or the ownership status or to any details of the legal person, or any suspicions arise emanating from changes in the nature of the transactions performed by the legal person via its account, then it is imperative that further enquiries should be made for ascertaining the consequences of these changes on the documentation and information held by the Company for the legal person and all additional documentation and information for updating the economic profile of the legal person is collected.
          1. In the case of a Client-legal person that requests the establishment of a Business Relationship or the execution of an Occasional Transaction and whose direct/immediate and principal shareholder is another legal person, registered in the Country or abroad, the Company, before establishing a Business Relationship or executing an Occasional Transaction, shall verify the ownership structure and the identity of the natural persons who are the Beneficial Owners and/or control the other legal person.
          2. Apart from verifying the identity of the Beneficial Owners, the Company shall identify the persons who have the ultimate control over the legal person’s business and assets. In the cases that the ultimate control rests with the persons who have the power to manage the funds, accounts or investments of the legal person without requiring authorisation and who would be in a position to override the internal procedures of the legal person, the Company, shall verify the identity of the natural persons who exercise ultimate control as described above even if those persons have no direct or indirect interest or an interest of less than 10% in the legal person’s ordinary share capital or voting rights.
          3. In cases where the Beneficial Owner of a legal person, requesting the establishment of a Business Relationship or the execution of an Occasional Transaction, is a trust set up in the Country or abroad, the Company shall implement the following procedure:
            • the Company shall ascertain the legal substance, the name and the date of establishment of the trust and verify the identity of the trustor, trustee and Beneficial Owners, according to the procedures set in Sections 11.10.1 and 11.10.2
            • furthermore, the Company shall ascertain the nature of activities and the purpose of establishment of the trust as well as the source and origin of funds requesting the relevant extracts from the trust deed and any other relevant information from the trustees. All relevant data and information should be recorded and kept in the Client’s file.

11.10.7. Investment funds, mutual funds and firms providing financial or investment services

          1. The Company shall establish and maintain Business Relationships or execute Occasional Transactions with persons who carry out the above services and activities which are incorporated and/or operating in countries of the EEA or a third country which according to a relevant decision of the Advisory Authority it has been determined that applies requirements equivalent to those laid down in the EU Directive, (see Appendix 4 for the list of equivalent third countries) provided that the said persons:
            • possess the necessary licence or authorisation from a competent supervisory/regulatory authority of the country of their incorporation and operation to provide the said services, and
            • are subject to supervision for the prevention of Money Laundering and Terrorist Financing purposes.
          2. In the case of the establishment of a Business Relationship or the execution of an Occasional Transaction with persons who carry out the above services and activities and which are incorporated and/or operating in a third country other than those mentioned in point (1) above, the Company shall request and obtain, in addition to the abovementioned, in previous points, documentation and the information required by the Manual for the identification and verification of persons, including the Beneficial Owners, the following:
            • a copy of the licence or authorisation granted to the said person from a competent supervisory/regulatory authority of its country of incorporation and operation, whose authenticity should be verified either directly with the relevant supervisory/regulatory authority or from other independent and reliable sources, and
            • adequate documentation and sufficient information in order to fully understand the control structure and management of the business activities as well as the nature of the services and activities provided by the Client.
          3. In the case of investment funds and mutual funds the Company, apart from identifying Beneficial Owners, shall obtain information regarding their objectives and control structure, including documentation and information for the verification of the identity of investment managers, investment advisors, administrators and custodians.

11.10.8. Nominees or agents of third persons

          1. The Company shall take reasonable measures to obtain adequate documents, data or information for the purpose of establishing and verifying the identity, according to the procedures set in Sections 11.10.1 and 11.10.2 of the Manual:
            • the nominee or the agent of the third person, and
            • any third person on whose behalf the nominee or the agent is acting.
          2. In addition, the Company shall obtain a copy of the authorisation agreement that has been concluded between the interested parties.

11.11. Reliance on Third Persons for Client Identification and Due Diligence Purposes

          1. The Company may rely on third persons for the implementation of points (a), (b) and (c) of Client identification procedures and due diligence measures of Section 11.2 of the Manual, provided that:
            • the third person makes immediately available all data and information, which must be certified true copies of the originals or as otherwise acceptable by current [List local Authority] practices, that were collected in the course of applying Client identification and due diligence procedures
            • the Company applies the appropriate due diligence measures on the third person with respect to his professional registration and procedures and measures applied from the third person for the prevention of Money Laundering and Terrorist Financing, according to the provisions of the Directive.
            • the ultimate responsibility for meeting those requirements of Client identification and due diligence shall remain with the Company.
          2. For the purposes of this Section of the Manual, third person means credit institutions or financial institutions or auditors or accountants or tax consultants or independent legal professionals or persons providing to third party trust and company services included in paragraphs (e) and (f) of the definition of the term “Other Business Activities”, falling under the EU Directive and which are active in the Country or in another country of the EEA which:
            • they are subject to mandatory professional registration, recognised by law; and
            • they are subject to supervision regarding their compliance with the requirements of the EU Directive.
          3. Further to point 2 above, third person for the purposes of this Section of the Manual may also be any other person who is engaged in financial business (as defined in Section 2 of the Law), or auditors or accountants or tax consultants or independent legal professionals or persons providing to third parties trust and company services as included in the definition of the term “Other Business Activities” and who operate in countries outside the EEA and which according to a relevant decision of the Advisory Authority, have been determined that they impose equivalent procedures and measures for the prevention of Money Laundering and Terrorist Financing to those laid down by the EU Directive (see Appendix 4 for the list of equivalent third countries). It is provided that the abovementioned third persons have to fulfil the requirements set out in points 2(a) above and are subject to supervision as regards their compliance with the legislation of the country where they operate.
          4. The Company must request from the third party to:
            • make immediately available data, information and documents obtained as a result of the application of the procedures establishing identity and customers due diligence measures in accordance with of points (a), (b) and (c) of Client identification procedures and due diligence measures of Section 11.2 of the Manual,
            • forward immediately to them, copies of these documents and relevant information on the identity of customer or the beneficial owner which the third party collected when applying the above procedures and measures.
          5. By way of derogation from point 3(b) above, the identification data and information obtained for the customer and beneficial owner, are forwarded immediately from the following third parties to the Company following its request, taking into consideration the degree of risk that arises from the type of the customer, the business relationship, the product or transaction:
            • Credit institutions or financial organisations that fall under the scope of the EU directive and are active in the Country or in another country of the EEA.
            • Any third party conducting financial activities (as per the definition) operating outside the EEA which are in accordance with a decision taken by the Advisory Authority for Combating Money Laundering and Terrorist Financing it has been determined that it applies requirements equivalent to those laid down in the European Union Directive It is provided that the abovementioned third persons have to fulfil the requirements set out in point 2(a) above and are subject to supervision as regards their compliance with the legislation of the country where they operate.
          6. The Company may rely on third persons only at the outset of establishing a Business Relationship or the execution of an Occasional Transaction for the purpose of verifying the identity of their Clients. According to the degree of risk any additional data and information for the purpose of updating the Client’s economic profile or for the purpose of examining unusual transactions executed through the account, is obtained from the natural persons (directors, Beneficial Owners) who control and manage the activities of the Client and have the ultimate responsibility of decision making as regards to the management of funds and assets.
          7. Further to point 3 above, in the case where the third person of subparagraph (1) is an auditor of accountant or tax consultant or an independent legal professional or a trust and company services provider from a country which is a member of the EEA or a third country that the Advisory Authority has determined to be applying procedures and measures for the prevention of Money Laundering and Terrorist Financing equivalent to the EU Directive, (see Appendix 4 for the list of equivalent third countries), then the Company, before accepting the Client identification data verified by the said third person, shall apply the following additional measures/procedures:
            • the MLCO or the appointed person shall assess and evaluate, according to point (l) of Section 6.2 of this Manual, the systems and procedures applied by the third person for the prevention of Money Laundering and Terrorist Financing, as applicable
            • as a result of the assessment of point (a) above, the MLCO must be satisfied that the third person implements Client identification and due diligence systems and procedures which are in line with the requirements of the Law and the Directive
            • the MLCO shall maintain a separate file for every third person of the present paragraph, where it stores the assessment report of point (a) and other relevant information (for example identification details, records of meetings, evidence of the data and information of point 2 above)
            • the commencement of the cooperation with the third person and the acceptance of Client identification data verified by the third person is subject to approval by the MLCO, according to point (l) of Section 6.2 of the Manual.

NOTE: For the purposes of this Section of the Manual, the terms financial institutions and persons engaged in financial business activities do not include currency exchange offices.

The MLCO shall be responsible for the implementation of the provisions mentioned in this Section of the Manual.

The Internal Auditor shall be responsible to review the adequate implementation of the provisions mentioned herein, at least annually.

    1. ON-GOING MONITORING PROCESS

12.1. General

The Company has a full understanding of normal and reasonable account activity of its Clients as well as of their economic profile and has the means of identifying transactions which fall outside the regular pattern of an account’s activity or to identify complex or unusual transactions or transactions without obvious economic purpose or clear legitimate reason. Without such knowledge, the Company shall not be able to discharge its legal obligation to identify and report suspicious transactions to the Unit, according to point (g) of Section 6.2 and Section 13 of the Manual.

The constant monitoring of the Clients’ accounts and transactions is an imperative element in the effective controlling of the risk of Money Laundering and Terrorist Financing.

In this respect, the MLCO shall be responsible for maintaining as well as developing the on-going monitoring process of the Company. The Internal Auditor shall review the Company’s procedures with respect to the on-going monitoring process, at least annually.

12.2. Procedures

The procedures and intensity of monitoring Clients’ accounts and examining transactions on the Client’s level of risk shall include the following:

        • the identification of:
          • all high risk Clients, as applicable; the Company shall be able to produce detailed lists of high risk Clients, so as to facilitate enhanced monitoring of accounts and transactions, as deemed necessary
          • transactions which, as of their nature, may be associated with money laundering or terrorist financing
          • unusual or suspicious transactions that are inconsistent with the economic profile of the Client for the purposes of further investigation.
          • in case of any unusual or suspicious transactions, the head of the department providing the relevant investment and/or ancillary service or any other person who identified the unusual or suspicious transactions (e.g. the Head of the Administration/BackOffice Department) shall be responsible to communicate with the MLCO
        • further to point (a) above, the investigation of unusual or suspicious transactions by the MLCO. The results of the investigations are recorded in a separate memo and kept in the file of the Clients concerned
        • the ascertainment of the source and origin of the funds credited to accounts
        • the on-going monitoring of the business relationship in order to determine whether there are reasonable grounds to suspect that client accounts contain proceeds derived from serious tax offences.
        • the use of appropriate and proportionate IT systems including:
          1. adequate automated electronic management information systems which will be capable of supplying the Board of Directors and the MLCO, on a timely basis, all the valid and necessary information for the identification, analysis and effective monitoring of Client accounts and transactions based on the assessed risk for money laundering or terrorist financing purposes, in view of the nature, scale and complexity of the Company’s business and the nature and range of the investment services undertaken in the course of that business
          2. automated electronic management information systems to extract data and information that is missing regarding the Client identification and the construction of a Client’s economic profile.
        • for all accounts, automated electronic management information systems to add up the movement of all related accounts on a consolidated basis and detect unusual or suspicious activities and types of transactions. This can be done by setting limits for a particular type, or category of accounts (e.g. high risk accounts) or transactions (e.g. deposits and withdrawals in cash, transactions that do not seem reasonable based on usual business or commercial terms, significant movement of the account incompatible with the size of the account balance), taking into account the economic profile of the Client, the country of his origin, the source of the funds, the type of transaction or other risk factors. The Company shall pay particular attention to transactions exceeding the abovementioned limits, which may indicate that a Client might be involved in unusual or suspicious activities.
        • the monitoring of accounts and transactions in relation to specific types of transactions and the economic profile, as well as by comparing periodically the actual movement of the account with the expected turnover as declared at the establishment of the business relationship. Furthermore, the monitoring covers Clients who do not have a contact with the Company as well as dormant accounts exhibiting unexpected movements.
    1. RECOGNITION AND REPORTING OF SUSPICIOUS TRANSACTIONS / ACTIVITIES TO THE UNIT

13.1. Reporting of Suspicious Transactions to the Unit

The Company, in cases where there is an attempt of executing transactions which knows or suspects that are related to money laundering or terrorist financing, reports, through the MLCO its suspicion to the Unit in accordance with point (g) of Section 6.2 and Section 13 of the Manual.

13.2. Suspicious Transactions

          1. The definition of a suspicious transaction as well as the types of suspicious transactions which may be used for Money Laundering and Terrorist Financing are almost unlimited. A suspicious transaction will often be one which is inconsistent with a Client’s known, legitimate business or personal activities or with the normal business of the specific account, or in general with the economic profile that the Company has created for the Client. The Company shall ensure that it maintains adequate information and knows enough about its Clients’ activities in order to recognise on time that a transaction or a series of transactions is unusual or suspicious.
          2. Examples of what might constitute suspicious transactions/activities related to Money Laundering and Terrorist Financing are listed in Appendix 3 of the Manual. The relevant list is not exhaustive nor it includes all types of transactions that may be used, nevertheless it can assist the Company and its employees (especially the MLCO and the Head of the Administration/Back-Office Department) in recognising the main methods used for Money Laundering and Terrorist Financing. The detection by the Company of any of the transactions contained in the said list prompts further investigation and constitutes a valid cause for seeking additional information and/or explanations as to the source and origin of the funds, the nature and economic/business purpose of the underlying transaction, and the circumstances surrounding the particular activity.
          3. In order to identify suspicious transactions the MLCO shall perform the following activities:
            • monitor on a continuous basis any changes in the Client’s financial status, business activities, type of transactions etc
            • monitor on a continuous basis if any Client is engaged in any of the practices described in the list containing examples of what might constitute suspicious transactions/activities related to Money Laundering and Terrorist Financing which is mentioned in Appendix 3 of this Manual. Furthermore, the MLCO shall perform the following activities:
          • receive and investigate information from the Company’s employees, on suspicious transactions which creates the belief or suspicion of money laundering. This information is reported on the Internal Suspicion Report according to point (e) of Section 6.2 of the Manual. The said reports are archived by the MLCO
          • evaluate and check the information received from the employees of the Company, with reference to other available sources of information and the exchanging of information in relation to the specific case with the reporter and, where this is deemed necessary, with the reporter’s supervisors. The information which is contained on the report which is submitted to the MLCO is evaluated on the Internal Evaluation Report according to point (f) of Section 6.2 of the Manual, which is also filed in a relevant file
          • if, as a result of the evaluation described above, the MLCO decides to disclose this information to the Unit, then he prepares a written report, which he submits to the Unit, according to point (g) of Section 6.2 and Section 13.4 of the Manual.
          • if as a result of the evaluation described above, the MLCO decides not to disclose the relevant information to the Unit, then he fully explain the reasons for his decision on the Internal Evaluation Report.

13.3. MLCO’s Report to the Unit

According to Circular C058, all the reports of the MLCO of point (g) of Section 6.2 of the Manual should be prepared online on the web-application of the Unit and submitted to it, though the goAML reporting system.

After the submission of a suspicion report of point (g) of Section 6.2 of the Manual, the Company may subsequently wish to terminate its relationship with the Client concerned for risk avoidance reasons. In such an event, the Company exercises particular caution, according to Section 48 of the Law, not to alert the Client concerned that a suspicion report has been submitted to the Unit. Close liaison with the Unit is, therefore, maintained in an effort to avoid any frustration to the investigations conducted.

After submitting the suspicion report of point (g) of Section 6.2 of the Manual, the Company adheres to any instructions given by the Unit and, in particular, as to whether or not to continue or suspend a particular transaction or to maintain the particular account active.

According to Section 26(2)(c) of the Law, the Unit may instruct the Company to refrain from executing or delay the execution of a Client’s transaction without such action constituting a violation of any contractual or other obligation of the Company and its employees.

Furthermore, after the submission of a suspicion report of point (g) of Section 6.2 of the

Manual, the Clients’ accounts concerned as well as any other connected accounts are placed under the close monitoring of the MLCO.

13.4. Submission of Information to the Unit

The Company shall ensure (see also Section 14 of the Manual) that in the case of a suspicious transaction investigation by the Unit, the MLCO will be able to provide without delay the following information:

          • the identity of the account holders
          • the identity of the Beneficial Owners of the account
          • the identity of the persons authorised to manage the account
          • data of the volume of funds or level of transactions flowing through the account
          • connected accounts
          • in relation to specific transactions:
            1. the origin of the funds
            2. the type and amount of the currency involved in the transaction
          • the form in which the funds were placed or withdrawn, for example cash, cheques, wire transfers
          1. the identity of the person that gave the order for the transaction
          2. the destination of the funds
          3. the form of instructions and authorisation that have been given vii. the type and identifying number of any account involved in the transaction.
    1. RECORD-KEEPING PROCEDURES

14.1. General

The Administration/Back-Office Department of the Company shall maintain records of:

          • the Client identification documents and information obtained during the Client identification and due diligence procedures, as applicable
          • the details of all relevant records with respect to the provision of investment services to Clients

The documents/data mentioned above shall be kept for a period of at least five (5) years, which is calculated after the execution of the transactions or the termination of the Business Relationship.

It is provided that the documents/data mentioned in points (a) and (b) above which may be relevant to on-going investigations shall be kept by the Company until the Unit confirms that the investigation has been completed and the case has been closed.

14.2. Format of Records

The Administration/Back-Office Department may retain the documents/data mentioned in Section 14.1 of the Manual, other than the original documents or their Certified true copies that are kept in a hard copy form, in other forms, such as electronic form, provided that the Administration/Back-Office Department shall be able to retrieve the relevant documents/data without undue delay and present them at any time, to [List local Authority] or to the Unit, after a relevant request.

In case the Company will establish a documents/data retention policy, the MLCO shall ensure that the said policy shall take into consideration the requirements of the Law and the Directive.

The Internal Auditor shall review the adherence of the Company to the above, at least annually.

14.3. Certification and language of documents

          1. The documents/data obtained, shall be in their original form or in a certified true copy form. In the case that the documents/data are certified as true by a different person than the Company itself or by the third person mentioned in Section 11.11, the documents/data must be apostilled or notarised.
          2. A true translation shall be attached in the case that the documents of point (1) above are in a language other than Greek of English.

Each time the Company shall proceed with the acceptance of a new Client, the Head Administration/Back-Office Department shall be responsible for ensuring compliance with the provisions of points 1 and 2 above.

    1. EMPLOYEES’ OBLIGATIONS, EDUCATION AND TRAINING

15.1. Employees’ Obligations

          • The Company’s employees shall be personally liable for failure to report information or suspicion, regarding money laundering or terrorist financing
          • the employees must cooperate and report, without delay, according to point (e) of Section 6.2, anything that comes to their attention in relation to transactions for which there is a slight suspicion that are related to money laundering or terrorist financing
          • according to the Law, the Company’s employees shall fulfil their legal obligation to report their suspicions regarding Money Laundering and Terrorist Financing, after their compliance with point (b) above.

15.2. Education and Training

15.2.1. Employees’ Education and Training Policy

          • The Company shall ensure that its employees are fully aware of their legal obligations according to the Law and the Directive, by introducing a complete employees’ education and training program
          • the timing and content of the training provided to the employees of the various departments will be determined according to the needs of the Company. The frequency of the training can vary depending on to the amendments of legal and/or regulatory requirements, employees’ duties as well as any other changes in the financial system of the Country
          • the training program aims at educating the Company’s employees on the latest developments in the prevention of Money Laundering and Terrorist Financing, including the practical methods and trends used for this purpose
          • the training program will have a different structure for new employees, existing employees and for different departments of the Company according to the services that they provide. On-going training shall be given at regular intervals so as to ensure that the employees are reminded of their duties and responsibilities and kept informed of any new developments.

The MLCO shall be responsible to refer to the relevant details and information in his/her Annual Report in respect of the employees’ education and training program undertaken each year.

15.2.2. MLCO Education and Training Program

The Senior Management of the Company shall be responsible for the MLCO of the Company to attend external training.  Based on his/her training, the MLCO will then provide training to the employees of the Company further to Section 15.2.1 above.

The person to be appointed as MLCO must possess the relevant certification mentioned in [List Local Directive] of [List local Authority].

The main purpose of the MLCO training is to ensure that relevant employee(s) become aware of:

          • the Law and the Directive
          • the Company’s Anti-Money Laundering Policy
          • the statutory obligations of the Company to report suspicious transactions
          • the employees own personal obligation to refrain from activity that would result in money laundering
          • the importance of the Clients’ due diligence and identification measures requirements for money laundering prevention purposes.

The MLCO shall be responsible to include information in respect of his/her education and training program(s) attended during the year in his/her Annual Report.

APPENDIX 1

INTERNAL SUSPICION REPORT FOR MONEY LAUNDERING AND

TERRORIST FINANCING

INFORMER’S DETAILS

Name: ……………………………………………………… Tel: ………………………………………  Department: ……………………………………………… Fax: ……………………………………..

Position: …………………………………………………………………………………………………..

CLIENT’S DETAILS

Name: ……………………………………………………….  …………………………………………..

Address: ……………………………………………………  …………………………………………..  ………………………………………………………………… Date of Birth: ……………………….

Tel:  …………………………………………………………. Occupation:………………………….  Fax: …………………………………………………………. Details of Employer: …………….

…………………………………………..

Passport No.: …………………………………………….. Nationality: …………………………  ID Card No.: …………………………………………….. Other ID Details: …………………

INFORMATION/SUSPICION

Brief description of activities/transaction: …..    …………………………………………..  ………………………………………………………………..  …………………………………………..

Reason(s) for suspicion:……………………………… …………………………………………..

………………………………………………………………… …………………………………………..

Informer’s Signature                                           Date

……………………………………..                                ……………………………….

FOR MLCO USE

Date Received: ………………………  Time Received: ………………… Ref. …………….

Reported to the Unit: Yes/No ….  Date Reported: …………………. Ref ……………..

APPENDIX 2

INTERNAL EVALUATION REPORT FOR MONEY LAUNDERING AND

TERRORIST FINANCING

Reference: ………………………………………………. Client’s Details: ………………………..

Informer: ………………………………………………… Department: ……………………………..

INQUIRIES UNDERTAKEN (Brief Description)

…………………………………………………………………………………………………………………..

…………………………………………………………………………………………………………………..

………………………………………………………………………………………………………………….. …………………………………………………………………………………………………………………..  …………………………………………………………………………………………………………………..

ATTACHED DOCUMENTS

…………………………………………………………………………………………………………………..

…………………………………………………………………………………………………………………..

…………………………………………………………………………………………………………………..  …………………………………………………………………………………………………………………..

MLCO DECISION

…………………………………………………………………………………………………………………..  ………………………………………………………………………………………………………………….. …………………………………………………………………………………………………………………..

FILE NUMBER ………………………………………………………………………………………….

MLCO SIGNATURE                                                                    DATE

…………………..……………………….                            .…………………………

APPENDIX 3

EXAMPLES OF SUSPICIOUS TRANSACTIONS/ACTIVITIES RELATED TO

MONEY LAUNDERING AND TERRORIST FINANCING

Α. MONEY LAUNDERING

          1. Transactions with no discernible purpose or are unnecessarily complex.
          2. Use of foreign accounts of companies or group of companies with complicated ownership structure which is not justified based on the needs and economic profile of the Client.
          3. The transactions or the size of the transactions requested by the Client do not comply with his usual practice and business activity.
          4. Large volume of transactions and/or money deposited or credited into, an account when the nature of the Client’s business activities would not appear to justify such activity.
          5. The Business Relationship involves only one transaction or it has a short duration.
          6. There is no visible justification for a Client using the services of a particular financial organisation. For example the Client is situated far away from the particular financial organisation and in a place where he could be provided services by another financial organisation.
          7. There are frequent transactions in the same financial instrument without obvious reason and in conditions that appear unusual (churning).
          8. There are frequent small purchases of a particular financial instrument by a Client who settles in cash, and then the total number of the financial instrument is sold in one transaction with settlement in cash or with the proceeds being transferred, with the Client’s instructions, in an account other than his usual account.
          9. Any transaction the nature, size or frequency appear to be unusual, e.g. cancellation of an order, particularly after the deposit of the consideration.
          10. Transactions which are not in line with the conditions prevailing in the market, in relation, particularly, with the size of the order and the frequency.
          11. The settlement of any transaction but mainly large transactions, in cash.
          12. Settlement of the transaction by a third person which is different than the Client which gave the order.
          13. Instructions of payment to a third person that does not seem to be related with the instructor.
          14. Transfer of funds to and from countries or geographical areas which do not apply or they apply inadequately FATF’s recommendations on Money Laundering and

Terrorist Financing.

          1. A Client is reluctant to provide complete information when establishes a Business Relationship about the nature and purpose of its business activities, anticipated account activity, prior relationships with financial organisations, names of its officers and directors, or information on its business location. The Client usually provides minimum or misleading information that is difficult or expensive for the financial organisation to verify.
          2. A Client provides unusual or suspicious identification documents that cannot be readily verified.
          3. A Client’s home/business telephone is disconnected.
          4. A Client that makes frequent or large transactions and has no record of past or present employment experience.
          5. Difficulties or delays on the submission of the financial statements or other identification documents, of a Client/legal person.
          6. A Client who has been introduced by a foreign financial organisation, or by a third person whose countries or geographical areas of origin do not apply or they apply inadequately FATF’s recommendations on Money Laundering and Terrorist

Financing.

          1. Shared address for individuals involved in cash transactions, particularly when the address is also a business location and/or does not seem to correspond to the stated occupation (e.g. student, unemployed, self-employed, etc).
          2. The stated occupation of the Client is not commensurate with the level or size of the executed transactions.
          3. Financial transactions from non-profit or charitable organisations for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organisation and the other parties in the transaction.
          4. Unexplained inconsistencies arising during the process of identifying and verifying the Client (e.g. previous or current country of residence, country of issue of the passport, countries visited according to the passport, documents furnished to confirm name, address and date of birth etc).
          5. Complex trust or nominee network.
          6. Transactions or company structures established or working with an unneeded commercial way. e.g. companies with bearer shares or bearer financial instruments or use of a postal box.
          7. Use of general nominee documents in a way that restricts the control exercised by the company’s board of directors.
          8. Changes in the lifestyle of employees of the financial organisation, e.g. luxurious way of life or avoiding being out of office due to holidays.
          9. Changes the performance and the behaviour of the employees of the financial organisation.
          1. TERRORIST FINANCING
          2. Sources and methods

The funding of terrorist organisations is made from both legal and illegal revenue generating activities. Criminal activities generating such proceeds include kidnappings (requiring ransom), extortion (demanding “protection” money), smuggling, thefts, robbery and narcotics trafficking. Legal fund raising methods used by terrorist groups include:

          1. collection of membership dues and/or subscriptions
          2. sale of books and other publications
          • cultural and social events
          1. donations
          2. community solicitations and fund raising appeals.

Funds obtained from illegal sources are laundered by terrorist groups by the same methods used by criminal groups. These include cash smuggling by couriers or bulk cash shipments, structured deposits to or withdrawals from bank accounts, purchases of financial instruments, wire transfers by using “straw men”, false identities, front and shell companies as well as nominees from among their close family members, friends and associates.

          1. Non-profit organisations

Non–profit and charitable organisations are also used by terrorist groups as a means of raising funds and/or serving as cover for transferring funds in support of terrorist acts.

The potential misuse of non-profit and charitable organisations can be made in the following ways:

          1. Establishing a non-profit organisation with a specific charitable purpose but which actually exists only to channel funds to a terrorist organisation.
          2. A non-profit organisation with a legitimate humanitarian or charitable purpose is infiltrated by terrorists who divert funds collected for an ostensibly legitimate charitable purpose for the support of a terrorist group.
          • The non-profit organisation serves as an intermediary or cover for the movement of funds on an international basis.
          1. The non-profit organisation provides administrative support to the terrorist movement.

Unusual characteristics of non-profit organisations indicating that the they may be used for an unlawful purpose are the following:

          1. Inconsistencies between the apparent sources and amount of funds raised or moved.
          2. A mismatch between the type and size of financial transactions and the stated purpose and activity of the non-profit organisation.
          • A sudden increase in the frequency and amounts of financial transactions for the account of a non-profit organisation.
          1. Large and unexplained cash transactions by non-profit organisations.
          1. The absence of contributions from donors located within the country of origin of the non-profit organisation.

APPENDIX 4

Third countries outside the EEA which impose procedures and take measures for preventing money laundering and terrorist financing equivalent to those laid down by the EU Directive.

The list of the said countries may be reviewed, in particular in light of public evaluation reports adopted by the FATF, FSRBs, the IMF or the World Bank according to the revised 2003 FATF Recommendations and Methodology. As of February2012 these countries are:

          1. Australia
          2. Brazil
          3. Canada
          4. French overseas territories (Mayotte, New Caledonia, French Polynesia, Saint Pierre and Miquelon and Wallis and Futuna)*
          5. Dutch overseas territories (Aruba, Curacao, Sint Maarten, Bonaire, Sint Eustatius and Saba)*
          6. Hong Kong
          7. India
          8. Japan
          9. South Korea
          10. Mexico
          11. Singapore
          12. Switzerland
          13. South Africa
          14. The United States of America
          15. UK Crown Dependencies (Jersey, Guernsey, Isle of Man) may also be considered as equivalent by Member States.

* Those overseas territories are not members of the EU/EEA but are part of the membership of France and the Kingdom of the Netherlands of the FATF. 

APPENDIX 5

PANAMA PAPERS INFORMATION
Business relationship with persons (legal and natural), which are included into the

Panama Papers or for which you have or had any business relationship with Mossack Fonseca

A. Name of legal/natural person
B. Nationality

(applicable only to natural persons)

C. Country of incorporation (applicable only to legal persons)
D. Name of beneficial owners (applicable only to legal persons)
E. Nationality of beneficial owners
F. Business activities of legal/natural persons
G. Whether they are politically exposed persons
H. The investment services provided in accordance to the Law [List Local Directive]
I. ix. The AML/CFT risk categorisation (High/Normal/Low)
J. Reasoning if AML/CFT risk categorisation is HIGH (e.g. non-face-to-face, PEP, etc.)
K. Number of related internal suspicious reports and/or reports to MOKAS
L. Reasoning  if related internal suspicious reports and/or reports to MOKAS were issued
M. Total inflows of money in the legal/natural person’s client/bank accounts for the duration of the business relationship
N. Total outflows of money from the legal/natural person’s client/bank accounts for the duration of the business relationship
O. Confirmation whether the total inflows/outflows of money is consistent with the information included in the client’s economic profile (YES/NO)

APPENDIX 6

Completing the verification of identity during the establishment of a business relationship by way of derogation under  [List Local Directive]

          1. The Prevention and Suppression of Money Laundering and Terrorist Financing Law stress out, to the firms that provide financial services, the importance to perform the verification of the identity of their Clients before the establishment of a business relationship or the carrying out of an occasional transaction.
          2. However, the legislation, specifically [List Local Directive] provides an exception which enables the firms, that fall under the supervision of the [List local Country] Securities and Exchange Commission, to derogate from the above main requirement and where the verification of the identity of the Client and the beneficial owner may be completed during the establishment of a business relationship:
            1. if this is necessary not to interrupt the normal conduct of business, and
            2. where there is little/low risk of money laundering or terrorist financing occurring, and
            3. where the process of verifying the procedure is completed as soon as practicable after the initial contact.
          3. In such circumstances, where the Company makes use of such derogation in accordance with the factors described in paragraph 11.5. of this Manual, the verification procedure shall be completed as soon as practicable after the initial contact within the maximum period of 15days.
          4. From the AML and IOM Manuals of the Company it is evident that the Clients’ verification it is performed internally by the Back-Office (“BO”) officers. They are well aware about the procedure that should be followed for this particular matter and instantly updated, in case of new legislations being enacted, by the Compliance Officer and/or AML Compliance Officer of the Company. Furthermore, if the BO officer faces a case where the Client is unable to provide all the necessary documentation for the valid verification process due to reasonable, adequate and proportionate reasons, then the BO officer shall refer the matter to the AMLCO and/or Board of Directors for assessment.
          5. Further to that the AMLCO, or the Board of Directors after a consultation with the Compliance Officer, will assess, within 48 hours, the particular circumstances of the case and calculate the risks of money laundering or terrorist financing possibility. If, as a conclusion, the assessment will proof to be of a low risk and the reasoning of postponing the verification is of reasonable grounds then the company may apply the exception and derogate from the main obligatory rule of clients’ acceptance policy.
          6. It is of a vital importance to highlight that such exception can be implemented in cases where at least one of the factors described in paragraph 11.5. above is applied.
          7. Further to that, and after the AMLCO’s and/or Board’s approval for the implementation of such derogation right, the Back-Office officer will not categorize the client as “Approved” but instead as “Waiting Documents” and will inform the client, within 48 hours after the receival of request to be treated under this exception, that the verification process should be performed during the 15 days maximum, if such verification will not take place then the business relationship will be terminated.
          8. Moreover, the obligation of not trading ‘during the establishment of a business relationship’, while applying the exception at subject, is omitted. Thus, the client will be enabled to trade straight away however if the verification will not be completed due to any omission on behalf of the Client then the Company will freeze/block his account and disable the trading availability, unless the Company identifies a suspicious transaction of money laundering and is under the obligation to report the particular case to MOKAS and notify [List local Authority]. This matter will be followed by the Back-Office officers accordingly.
          9. During the timeframe of 15 days the BO officers will follow up with email notifications and/or calls on the Client in order to kindly remind him/her of the obligation to provide the necessary documentation and approve the account properly.

Termination Process

        1. The BO officers, while informing the Client that his account has been approved to be treated as an extraordinary case under the [List Local Directive], will ensure that the Client is aware of the fact that in case the verification process is not completed during the timeframe limit then the commencement of business relationship will be terminated and all the deposited funds will immediately be returned to the Client, regardless of whether the Client has requested or not, in the same bank account from which they originated. The funds that will be returned will include also the profits that have been originated, if any, or the loss occurred, during the limitation timeframe.
        2. In such case, if the client has opened positions in his trading account, the Company will close them in the last minute of the trading session on the date of the deadline’s expiration. This fact will also be notified on the Client by the BO officers during the first 48 hours as given above for assessment of the case.

This post is also available in: AR