World Crypto Council OU AML & KYC Policy.
The Company is committed to prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the Money Laundering and Terrorism (Prevention) Act, Money Laundering and Terrorism (Prevention) Act Guidelines, Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Guidelines, FATF recommendations and its implementing regulations. By this way World Crypto Council OU has implemented the highest standards of anti-money laundering (AML) compliance and requires management and employees to adhere to these standards to prevent use of our products and services for money laundering purposes. The program includes client screening and monitoring requirements, “know your customer” policies (including the requirement to establish the identity of beneficial owners), Embargo policies, record keeping requirements, the reporting of suspicious circumstances in accordance with relevant laws, and training.
World Crypto Council OU AML Compliance Person.
The Company has designated its Compliance Officer (CO) as its Anti-Money Laundering Program Compliance Person (AML Compliance Person), with full responsibility for the firm’s AML program. CO has a working knowledge of compliance requirements and its implementing regulations and is qualified by experience, knowledge and training. The duties of the AML Compliance Person will include monitoring the firm’s compliance with AML obligations, overseeing communication and training for employees. The AML Compliance Person will also ensure that the firm keeps and maintains all of the required AML records and will ensure that Suspicious transaction reports (STR) are filed with the Financial Intelligence Unit (FIU) when appropriate. The AML Compliance Person is vested with full responsibility and authority to enforce the firm’s AML program. The Company has provided the Authorities with contact information for the AML Compliance Person, including: (1) name; (2) title; (3) mailing address; (4) email address; (5) telephone number; and (6) facsimile number. The Company will promptly notify the Authority of any change in this information and will review, and if necessary update, this information within 14 business days after the end of each calendar year. The annual review of FCS information will be conducted by CO and will be completed with all necessary updates being provided no later than 17 business days following the end of each calendar year. In addition, if there is any change to the information, CO will update the information promptly, but in any event not later than 30 days following the change.
World Crypto Council OU Preventive Measures.
This section underlines that “Countries should ensure that Money Laundering and Terrorism (Prevention) Act do not inhibit implementation of the FATF Recommendations. Financial institutions should be prohibited from keeping anonymous accounts or accounts in obviously fictitious names.
Financial institutions should be required to undertake customer due diligence (CDD) measures when:
(i) establishing business relations;
(ii) carrying out occasional transactions (i) above the applicable designated threshold (USD/EUR 15,000); or (ii) that are wire transfers in the circumstances covered by the Interpretive Note to Recommendation 16;
(iii) there is a suspicion of money laundering or terrorist financing;
or (iv) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. The principle that financial institutions should conduct CDD should be set out in law. Each country may determine how it imposes specific CDD obligations, either through law or enforceable means. The CDD measures to be taken are as follows:
(a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information.
(b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner, such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions understanding the ownership and control structure of the customer.
(c) Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship.
(d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds.
(i) Above the applicable designated threshold (USD/EUR 15,000); or (ii) that are wire transfers in the circumstances covered by the Interpretive Note to Recommendation 16;
(iii) There is a suspicion of money laundering or terrorist financing; or (iv) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. The principle that financial institutions should conduct CDD should be set out in law. Each country may determine how it imposes specific CDD obligations, either through law or enforceable means.
The CDD measures to be taken are as follows:
(a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information.
(b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner, such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions understanding the ownership Financial institutions should be required to apply each of the CDD measures under (a) to (d) above, but should determine the extent of such measures using a risk-based approach (RBA) in accordance with the Interpretive Notes to this Recommendation and to Recommendation 1. Financial institutions should be required to verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers. Countries may permit financial institutions to complete the verification as soon as reasonably practicable following the establishment of the relationship, where the money laundering and terrorist financing risks are effectively managed and where this is essential not to interrupt the normal conduct of business.
Where the financial institution is unable to comply with the applicable requirements under paragraphs (a) to (d) above (subject to appropriate modification of the extent of the measures on a risk-based approach), it should be required not to open the account, commence business relations or perform the transaction; or should be required to terminate the business relationship; and should consider making a suspicious transactions report in relation to the customer. These requirements should apply to all new customers, although financial institutions should also apply this recommendation to existing customers on the basis of materiality and risk, and should conduct due diligence on such existing relationships at appropriate times.
Financial institutions should be required to maintain, for at least seven years, all necessary records on transactions, both domestic and international, to enable them to comply swiftly with information requests from the competent authorities. Such records must be sufficient to permit reconstruction of individual transactions (including the amounts and types of currency involved, if any) so as to provide, if necessary, evidence for prosecution of criminal activity. Financial institutions should be required to keep all records obtained through CDD measures (e.g. copies or records of official identification documents like passports, identity cards, driving licences or similar documents), account files and business correspondence, including the results of any analysis undertaken (e.g. inquiries to establish the background and purpose of complex, unusual large transactions), for at least seven years after the business relationship is ended, or after the date of the occasional transaction. Financial institutions should be required by law to maintain records on transactions and information obtained through the CDD measures. The CDD information and the transaction records should be available to domestic competent authorities upon appropriate authority.
Financial institutions should be required to apply enhanced due diligence measures to business relationships and transactions with natural and legal persons, and financial institutions, from countries for which this is called for by the FATF. The type of enhanced due diligence measures applied should be effective and proportionate to the risks. Countries should be able to apply appropriate countermeasures when called upon to do so by the FATF. Countries should also be able to apply counter measures independently of any call by the FATF to do so. Such countermeasures should be effective and proportionate to the risks. The above mentioned measures can also be applied to our industry as per the section 22 of INTERNATIONAL STANDARDS ON COMBATING MONEY LAUNDERING AND THE FINANCING OF TERRORISM & PROLIFERATION, the FATF Recommendations (February 2012)
World Crypto Council OU Checking the Office of Foreign Assets Control Listings.
Before final approval of a client, and on an ongoing basis, CO will check to ensure that a customer does not appear on the SDN list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC. (See the OFAC Web site for the SDN list and listings of current sanctions and embargoes). Because the SDN list and listings of economic sanctions and embargoes are updated frequently, we will consult them on a regular basis and subscribe to receive any available updates when they occur. With respect to the SDN list, we may also access that list through various software programs to ensure speed and accuracy including FINRA’s OFAC Search Tool that screens names against the SDN list. CO will also review existing accounts against the SDN list and listings of current sanctions and embargoes when they are updated and [he or she] will document the review. If the Company determine that a customer is on the SDN list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC, the Company will reject the transaction and/or block the customer's assets and file a blocked assets and/or rejected transaction form with OFAC within 10 days. The Company will also call the OFAC Hotline at (800) 540-6322 immediately. The Company review will include customer corporate documents, accounts, transactions involving customers (including activity that passes through the firm such as wires).
World Crypto Council OU Customer Identification Program.
In addition to the information the Company must collect under Anti-Money Laundering And Counter- Terrorism Financing Act No. 13 of 2014, Ministry of Finance; FINRA Rule 2010 (Standards of Commercial Honor and Principles of Trade) and Books and Records, we have established, documented and maintained a written Customer Identification Program (CIP). The Company will collect certain customer identification information from each customer who give us assets for management, utilize risk-based measures to verify the identity of each customer who opens an account; record customer identification information and the verification methods and results; provide the required adequate CIP notice to customers that the Company will seek identification information to verify their identities; and compare customer identification information with government-provided lists of suspected terrorists, once such lists have been issued by the government.
a. Required Customer Information
Prior to approving our services, CO will collect the following information for all customers, if applicable, for any person, entity or organization:
(1) the name;
(2) an address, which will be a residential or business street address (for an individual), an Army Post Office (APO) or Fleet Post Office (FPO) box number, or residential or business street address of next of kin or another contact individual (for an individual who does not have a residential or business street address), or a principal place of business, local office, or other physical location (for a person other than an individual);
b. Customers Who Refuse to Provide Information
If a potential or existing customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, the Company will not offer its services and, after considering the risks involved, consider closing any business with the client. In either case, our AML Compliance Person will be notified so that the Company can determine whether we should report the situation to FIU on a STR.
c. Verifying Information
Based on the risk, and to the extent reasonable and practicable, the Company will ensure that don't have a reasonable belief that the Company know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information the Company get about our customers. CO will analyze the information the Company obtains to determine whether the information is sufficient to form a reasonable belief that the Company know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
The Company will verify customer identity through documentary means collected. The Company will use documents to verify customer identity when appropriate documents are available. In light of the increased instances of identity fraud, the Company will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. The Company may also use non-documentary means, if it's still uncertain about whether the Company know the true identity of the customer. In verifying the information, the Company will consider whether the identifying information that the Company receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth and Social Security number, allow the Company to determine that there's a reasonable belief that the Company know the true identity of the customer (e.g., whether the information is logical or contains inconsistencies).
Appropriate documents for verifying the identity of customers include the following:
- For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport;
- For a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.
The Company understands that we it's not required to take steps to determine whether the document that the customer has provided for identity verification has been validly issued and that the Company may rely on a government-issued identification as verification of a customer’s identity. If, however, the Company note that the document shows some obvious form of fraud, the Company must consider that factor in determining whether can form a reasonable belief that know the customer’s true identity.
The Company will use the following non-documentary methods of verifying identity:
- Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or other;
- Checking references with other financial institutions; or
- Obtaining a financial statement.
The Company will use non-documentary methods of verification when:
(1) the customer is unable to present an unexpired government-issued identification document with a photograph or other similar safeguard;
(2) the firm is unfamiliar with the documents the customer presents for identification verification;
(3) the customer and firm do not have face-to-face contact; and
(4) there are other circumstances that increase the risk that the firm will be unable to verify the true identity of the customer through documentary means.
World Crypto Council OU follows established bookkeeping and documentation standards.
The Company will document its verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. The Company will keep records containing a description of any document that it relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non- documentary verification, the Company will retain documents that describe the methods and the results of any measures it tooks to verify the identity of a customer. The Company will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. The Company will retain records made about verification of the customer's identity for seven years after the record is made.
e. Comparison with Government-Provided Lists of Terrorists
At such time as the Company receive notice that a federal government agency has issued a list of known or suspected terrorists and identified the list as a list for CIP purposes, the Company will, within a reasonable period of time after entering into an agreement (or earlier, if required by another federal law or regulation or federal directive issued in connection with an applicable list), determine whether a customer appears on any such list of known or suspected terrorists or terrorist organizations issued by any federal government agency and designated as such by Treasury in consultation with the federal functional regulators. The Company will follow all directives issued in connection with such lists.
The Company will continue to comply separately with OFAC rules prohibiting transactions with certain foreign countries or their nationals.
f. Notice to Customers
The Company will provide notice to customers that the firm is requesting information from them to verify their identities, as required by law. The Company will use the following method to provide notice to customers: Email, Phone call or certified mail.
g. Reliance on another Financial Institution for Identity Verification
The Company may, under the following circumstances, rely on the performance by another financial institution (including an affiliate) of some or all of the elements of the Company CIP with respect to any customer that is entering into an agreement or similar business relationship with the other financial institution to provide or engage in services, dealings or other financial transactions:
- when such reliance is reasonable under the circumstances;
- when the other financial institution is subject to a rule implementing the anti-money laundering compliance program requirements, and is regulated by a federal functional regulator; and
- when the other financial institution has entered into a contract with our firm requiring it to certify annually to us that it has implemented its anti-money laundering program and that it will perform (or its agent will perform) specified requirements of the customer identification program.
World Crypto Council OU High Risk Customer Due Diligence.
For customers that the company has deemed to be higher risk, the company will obtain the following information:
- the source of funds;
- the beneficial owners information;
- the customer’s (or beneficial owner’s) occupation or type of business; financial statements;
- banking references;
- domicile (where the customer’s business is organized);
- description of customer’s primary trade area and whether international transactions are expected to be routine;
- description of the business operations and anticipated volume of trading.
The company will also ensure that the customer information remains accurate by following the established procedures of World Crypto Council OU.
World Crypto Council OU Acceptable Methods of Fund Transfers.
Funds should only be accepted if they arrive by bank, or in case of cash the proof of cashing from the bank must be provided.
The amount of funds received should match exactly the amount invoiced to client;
The funds should come from a reputable bank;
The following issues should be given special attention and clarification obtained:
- Receipt of unexpected funds;
- Receipts of funds from a country on the non-compliant list;
- Receipts of funds which exceed the amount invoiced to the client;
- Receipt of funds from unknown sources;
If there is a case when a client insists on paying with cash or cash equivalent without providing any proof of cashing, the Compliance Officer has to be notified immediately prior to conducting any further transaction with such client.
World Crypto Council OU Monitoring Clients for Suspicious Activity.
The company will monitor account activity for unusual size, volume, pattern or type of transactions, taking into account risk factors and red flags that are appropriate to the company business. Monitoring will be conducted through the following methods: CO will be responsible for this monitoring, will review any activity that our monitoring system detects, will determine whether any additional steps are required, will document when and how this monitoring is carried out, and will report suspicious activities to the appropriate authorities.
The company will conduct the following reviews of activity that its monitoring system detects: Complete Account Review. The company will document its monitoring and reviews as follows: according to AML Compliance. The AML Compliance Person or his or her designee will conduct an appropriate investigation and review relevant information from internal or third-party sources before a STR is filed.
a. Emergency Notification to Law Enforcement by Telephone
In situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, the company will immediately call an appropriate law enforcement authority. If the company notifies the appropriate law enforcement authority of any such activity, it must still file a timely STR.
Although the company is not required to, in cases where the company has filed a STR that may require immediate attention by the FIU, the company may contact the FIU.
b. Red Flags
Red flags that signal possible money laundering or terrorist financing include, but are not limited to:
Customers – Insufficient or Suspicious Information
• Provides unusual or suspicious identification documents that cannot be readily verified.
• Reluctant to provide complete information about nature and purpose of business, prior banking relationships, anticipated account activity, officers and directors or business location.
• Refuses to identify a legitimate source for funds or information is false, misleading or substantially incorrect.
• Background is questionable or differs from expectations based on business activities.
• Customer with no discernible reason for using the firm’s service.
Efforts to Avoid Reporting and Recordkeeping
• Reluctant to provide information needed to file reports or fails to proceed with transaction.
• Tries to persuade an employee not to file required reports or not to maintain required records.
• “Structures” deposits, withdrawals or purchase of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements.
• Unusual concern with the firm’s compliance with government reporting requirements and firm’s AML policies.
Certain Funds Transfer Activities
• Wire transfers to/from financial secrecy havens or high-risk geographic location without an apparent business reason.
• Many small, incoming wire transfers or deposits made using checks and money orders. Almost immediately withdrawn or wired out in manner inconsistent with customer’s business or history. May indicate a Ponzi scheme.
• Wire activity that is unexplained, repetitive, unusually large or shows unusual patterns or with no apparent business purpose.
Certain Deposits or Dispositions of Physical Certificates
• Physical certificate is titled differently than the account.
• Physical certificate does not bear a restrictive legend, but based on history of the stock and/or volume of shares trading, it should have such a legend.
• Customer’s explanation of how he or she acquired the certificate does not make sense or changes.
• Customer deposits the certificate with a request to journal the shares to multiple accounts, or to sell or otherwise transfer ownership of the shares.
Activity Inconsistent With Business
• Transactions patterns show a sudden change inconsistent with normal activities.
• Unusual transfers of funds or journal entries among accounts without any apparent business purpose.
• Maintains multiple accounts, or maintains accounts in the names of family members or corporate entities with no apparent business or other purpose.
• Appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information.
Other Suspicious Customer Activity
• Unexplained high level of account activity with very low levels of securities transactions.
• Funds deposits for purchase of a long-term investment followed shortly by a request to liquidate the position and transfer the proceeds out of the account.
• Law enforcement subpoenas.
• Large numbers of securities transactions across a number of jurisdictions.
• Buying and selling securities with no purpose or in unusual circumstances (e.g., churning at customer’s request).
• Payment by third-party check or money transfer without an apparent connection to the customer.
• Payments to third-party without apparent connection to customer.
• No concern regarding the cost of transactions or fees (i.e., surrender fees, higher than necessary commissions, etc.).
c. Responding to Red Flags and Suspicious Activity
When an employee of the firm detects any red flag, or other activity that may be suspicious, he or she will notify. Under the direction of the AML Compliance Person, the firm will determine whether or not and how to further investigate the matter.
This may include gathering additional information internally or from third-party sources, contacting the government, freezing the account and/or filing a STR.
World Crypto Council OU Suspicious Transactions and BSA Reporting.
a. Filing a STR
The company will file STR with FIU for any transactions (including deposits and transfers) conducted or attempted by, at or through our firm involving $15,000 or more of funds or assets (either individually or in the aggregate) where the company know, suspect or have reason to suspect:
(1) the transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity as part of a plan to violate or evade federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;
(2) the transaction is designed, whether through structuring or otherwise, to evade any requirements of the IFSC regulations;
(3) the transaction has no business or apparent lawful purpose or is not the sort in which the customer would normally be expected to engage, and after examining the background, possible purpose of the transaction and other facts, we know of no reasonable explanation for the transaction; or
(4) the transaction involves the use of the firm to facilitate criminal activity.
The company will also file a STR and notify the appropriate law enforcement authority in situations involving violations that require immediate attention, such as terrorist financing or ongoing money laundering schemes.
The company will report suspicious transactions by completing a STR, and will collect and maintain supporting documentation as required by the IFSC and FIU regulations. The company will file a STR no later than 30 calendar days after the date of the initial detection of the facts that constitute a basis for filing a STR. If no suspect is identified on the date of initial detection, the company may delay filing the STR for an additional 30 calendar days pending identification of a suspect, but in no case will the reporting be delayed more than 60 calendar days after the date of initial detection. The phrase “initial detection” does not mean the moment a transaction is highlighted for review. A review must be initiated promptly upon identification of unusual activity that warrants investigation.
The company will retain copies of any STR filed and the original or business record equivalent of any supporting documentation for five years from the date of filing the STR. The company will identify and maintain supporting documentation and make such information available to FIU, any other appropriate law enforcement agencies, federal or state securities regulators.
The company will not notify any person involved in the transaction that the transaction has been reported, except as permitted by the IFSC and FIU regulations. The company understand that anyone who is subpoenaed or required to disclose a STR or the information contained in the STR will, except where disclosure is requested by FIU, or another appropriate law enforcement or regulatory agency, or to provide any information that would disclose that a STR was prepared or filed. The company will notify IFSC or FIU, or of any such request and its response.
b. Currency Transaction Reports
The company prohibits transactions involving currency and has the following procedures to prevent such transactions: Paying from other peoples bank accounts or credit cards. If the company discovers such transactions have occurred, will file with FIU for currency transactions that exceed $10,000. Also, the company will treat multiple transactions involving currency as a single transaction for purposes of determining whether to file a STR if they total more than $10,000 and are made by or on behalf of the same person during any one business day.
World Crypto Council OU AML Recordkeeping.
a. Responsibility for Required AML Records and STR Filing
The company AML Compliance Person and his or her designee will be responsible for ensuring that AML records are maintained properly and that STR is filed as required.
In addition, as part of the company AML program, it will create and maintain FIU, IFSC and relevant documentation on customer identity and verification and funds transmittals. The company will maintain FIU and their accompanying documentation for at least seven years. The company will keep other documents according to existing laws and other recordkeeping requirements.
b. SAR-SF Maintenance and Confidentiality
The company will hold STR and any supporting documentation confidential. The company won't inform anyone outside of FIU, or other appropriate law enforcement or regulatory agency about a STR. The company will refuse any subpoena requests for FIU or for information that would disclose that a STR has been prepared or filed and immediately notify FIU, FinCEN of any such subpoena requests that the company receive. The company will segregate STR filings and copies of supporting documentation from other firm books and records to avoid disclosing STR filings. The company AML Compliance Person will handle all subpoenas or other requests for FIU. The company may share information with another financial institution about suspicious transactions.