BVOX AML/KYC POLICIES AND PROCEDURES
【Updated and Effective Date: February 22, 2024】 * The primary update in the section of Higher Risk Categories highlights the specific restrictions against offering services to residents of countries identified by the FATF and subject to OFAC's comprehensive sanctions.
We ensure that we will comply with the Know-Your-Customer and Anti-Money-Laundering laws and regulations, and will not knowingly violate the Know-Your-Customer and Anti-Money-Laundering policies. To the extent of our reasonable control, we will adopt necessary measures and technology to provide you with services that are safe and secure, to protect you against the loss caused by money laundering to the greatest extent possible.
BVOX is committed to supporting AML/KYC efforts. In principle, we are committed to, amongst other things:
-
Exercising due diligence when dealing with our customers, natural persons appointed to act for our customers’ behalf;
-
Conducting our business in conformity with high ethical standards, and to, as far as possible, guard against establishing any business relations that is or may be connected with or may facilitate money-laundering or terrorism-financing;
-
We will, to the fullest extent possible, assist and cooperate with relevant law authorities to prevent the threat of money-laundering and terrorism-financing.
Risk Assessment and Risk Mitigation
Risk Assessment
We envisage that the majority of our customers would be retail customers, and that we would, as of the date of this Policy, be mainly operating in Canada.
In this regard, we would:
-
document and/or collect documentation in relation to:
-
the identities of our customers;
-
the countries or jurisdictions that our customers are from or in; and
-
ensure, to the best of our knowledge, skill, and ability, that our customers, connected persons, individuals appointed to act on behalf of a customer, and beneficial owners are assessed and screened using the List of Designated Individuals and Entities, amongst other categories. In line with this, we've implemented robust controls to exclude customers from FATF jurisdictions subject to Call for Action. Furthermore, we apply enhanced diligence procedures for customers from FATF's grey-listed countries or jurisdictions under increased monitoring, thereby providing a comprehensive approach to manage and mitigate associated risks.
Risk Mitigation
If identified, we shall not deal with any persons identified in the List of Designated Individuals and Entities.
Approach to New Products, Practices and Technologies
We are committed to being well-informed and vigilant in identifying and assessing potential risks of money laundering and terrorism financing. This is particularly relevant when developing new products or business practices, as well as implementing new or emerging technologies, whether they apply to new or pre-existing services. We will pay heightened attention to any innovation, including new products, business practices, delivery mechanisms, or technologies, especially those that may promote anonymity such as digital tokens (security, payment, and/or utility tokens). Our goal is to maintain the highest standards of risk management while embracing technological advancements.
Approach to CDD (“Customer Due Diligence”)
We strictly prohibit opening or maintaining anonymous accounts or accounts under fictitious names. Furthermore, we refuse to establish business relationships or conduct transactions if we suspect that a customer's assets or funds are connected to illegal activities, including drug dealing or other criminal conduct. In such cases, we file a Suspicious Transaction Report and share a copy with the relevant Financial Intelligence Unit.
Our Customer Due Diligence measures apply in the following scenarios:
-
When establishing business relationships with any customer.
-
When conducting any transaction for a customer with whom we haven't previously established a business relationship.
-
When facilitating or receiving cryptocurrency transfers for such customers.
-
If we suspect involvement in money laundering or terrorism financing.
-
If we question the truthfulness or adequacy of any provided information.
If we suspect two or more transactions may be related or deliberately structured to evade anti-money laundering and counter-terrorism financing measures, we consider these transactions as one and aggregate their values, in line with our commitment to uphold the principles of Prevention of Money Laundering and Countering the Financing of Terrorism.
Identification Process
We shall identify each of our customers.
To identify our customers, we shall obtain, at least:
-
their full names, including aliases;
-
their unique identification numbers (such as an identity card number, birth certificate number, or passport number, or where the customer is not a natural person, their business registration numbers and ownership structure etc.); or
-
their registration address, or if applicable, their registered business address, and if different, their principal place of business;
AND
-
their date of birth, establishment, incorporation or registration; and
-
their nationality, place of incorporation or registration
Where the customer is a legal person or legal arrangement, we shall apart from obtaining the relevant information as aforesaid above, identify its legal form, constitution and powers that regulate and bind the legal person or legal arrangement; we shall also identify connected parties of it (e.g., directors, partners of and/or persons having executive authority of it), by obtaining at least the following information of each connected party:
-
full name, including aliases; and
-
unique identification number such as identity card number, birth certificate number, or passport number of the connected party).
Verification Process
We shall verify the identities of our customers using reliable, independent source data, documents or information. Where our customer is a legal person or legal arrangement, we shall verify the legal form, proof of existence, constitution and powers that regulate and bind the customer, using reliable, independent source data, documents or information.
Authenticating and Confirming the Identities of Authorized Individuals Acting on a Customer's Behalf
When a customer designates one or more individuals to act on their behalf in establishing a business relationship with us, or if the customer is an entity rather than an individual, we will:
Obtain the following details for each authorized representative:
- Full name,
- Unique identification number,
- Residential address,
- Date of birth,
- Nationality, and
- Authenticate their identities utilizing trustworthy, independent sources of data or documents.
Moreover, we will verify each representative's authorization to act on our customer's behalf by procuring:
-
Appropriate documented evidence that validates the customer's appointment of such individuals,
-
The specimen signature of each appointed person.
In cases where the customer is a government entity, we will acquire only the necessary information required to confirm the customer's status as a government body as claimed."
Authenticating and Confirming Beneficial Owners
We will inquire if there exist any beneficial owners in relation to a customer.
Where there is 1 or more beneficial owner in relation to a customer, we shall identify the beneficial owners and take reasonable measures to verify the identities of the beneficial owners using relevant information or data obtained from reliable, independent sources. We shall:
IF the customer is a legal person:
-
identify the natural persons (whether acting alone or together) who ultimate own the legal person;
-
where there is doubt as to whether as to whether natural persons who ultimately own a legal person are the beneficial owners or where no natural person ultimately owns the legal person, identify the natural persons (if applicable) who ultimately control the legal person or have ultimate effective control of the legal person; and
-
where no natural persons are identified, identify natural persons having executive authority in such legal persons;
IF the customer is a legal arrangement:
-
for trusts, identify the settlor, the trustee, the protector (if applicable), the beneficiaries, any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust; and
-
for other types of legal arrangements, identify person in equivalent positions.
Where our customer is not natural person, we shall identify the nature of our customers’ business, its ownership and control structure.
We shall be required if there exist any beneficial owners for customers who are:
-
an entity listed on the stock exchange;
-
an entity listed on a stock exchange that is subject to regulatory disclosure requirements; and requirements relating to adequate transparency relating to its beneficial owners;
-
a financial institution;
-
a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by FATF; or
-
an investment vehicle where the managers are financial institutions, or are subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF;
unless we have doubts about the veracity of the CDD information, or suspect that our customers, business relations with, or transactions for the customer, may be connected with money laundering or terrorism financing.
We shall also document the basis for our determination.
Transaction Supervision
We constantly set and adjust daily trading and withdrawal limits based on security requirements and the actual state of transactions. If the transaction occurs frequently in an account registered by you or is beyond reasonable circumstances, our professional team will assess and determine whether such transaction is suspicious. If we identify a specific transaction as suspicious on the basis of our assessment, we may adopt such restrictive measures as suspending the transaction or denying the transaction, and if it is possible, we may even reverse the transaction as soon as possible, and report to the competent authorities, without, however, notifying you. For more detail about the Virtual Assets and Fiat transactions and risk assessment of the VAs, please refer to the document
"Comprehensive Policies and Procedures for Virtual Assets and Fiat Related"
Timing for Verification
We commit to verifying the identities of our customers, their appointed representatives, and beneficial owners prior to:
-
Establishing business relations,
-
Conducting any transaction for customers without pre-established business relations, or
-
Facilitating or receiving digital token transfers by value for customers without pre-established business relations.
In cases where the timely completion of identity verification could disrupt normal business operations and the associated money laundering and terrorism financing risks can be effectively managed, we may initiate business relations before completing the verification process.
When we do establish business relations prior to identity verification, we:
-
Develop and enact internal risk management policies detailing the conditions for initiating such relations, and
-
Expedite the verification process and complete it as soon as reasonably possible.
Where Measures are Not Completed
If we are unable to fulfill the required measures, we will neither initiate nor continue business relations, nor conduct any transactions for the customer.
If such measures cannot be completed, we will evaluate the situation to determine if its suspicious nature warrants the filing of a Suspicious Transaction Report (STR).
Completing the measures refers to the scenario in which we have gathered, scrutinized, and confirmed all necessary Customer Due Diligence (CDD) information, and received satisfactory responses to all inquiries regarding such required CDD information.
Non-Face-to-Face Account Onboarding
In our bid to offer flexibility and convenience to our users while ensuring compliance with our AML policies, we permit non-face-to-face account onboarding processes. Our customers can easily and efficiently set up their accounts from any location and at any time, as our robust digital onboarding system is designed to facilitate user-friendly interaction.
Our platform acknowledges the potential risks associated with non-face-to-face onboarding, such as impersonation and document forgery. To counteract these risks, we have implemented rigorous identity verification procedures and checks within our onboarding process. This includes multi-factor authentication, identity document verification, liveness checks, and biometric analysis where necessary.
External Audit Assessment
To ensure the effectiveness of our non-face-to-face onboarding process and to verify its ability to mitigate impersonation risk and document forgery, we subject our system to external audit assessments. The objective of these audits is to evaluate the integrity, efficiency, and compliance of our onboarding process.
The audits provide an impartial evaluation of our procedures and protocols, allowing us to continually enhance our security measures and effectively prevent potential risks. The outcomes of these audits serve as a testament to our commitment towards upholding the highest standards of security and compliance in all our operations.
Screening
We shall screen a customer, natural persons appointed to act on behalf of the customer, connected parties of the customer and beneficial owners of the customer against relevant money laundering and terrorism financing information sources, as well as lists and information provided by the Authority for the purposes of determining if there are any money laundering or terrorism financing risks in relation to the customer.
We shall screen the person:
-
when, or as soon as reasonably practicable after, we establish business relations with a customer;
-
before we undertake any transaction for any customer who has not otherwise established business relations;
-
before we effect or receive digital payment tokens by value transfer, for a customer who has not otherwise established business relations with us;
-
on a periodic basis after we establish business relations with our customers; and
-
when there are any changes or updates to:
-
the lists and information provided by the Authority to the payment service provider; or
-
the natural person appointed to act on behalf of a customer, connected parties of a customer or beneficial owners
We shall screen all value transfer originators and value transfer beneficiaries, against lists and information provided by the Authority for the purposes of determining if there are any money laundering or terrorism financing risks.
We shall document the results of all screenings.
Approach to ECDD ("Enhanced Customer Due Diligence")
Politically Exposed Persons (PEP)
We shall use all reasonable means to determine if a customer, any natural person appointed to act on behalf of a customer, any connected party of the customer or any beneficial owner of the customer, is a politically exposed person, or a family member or close associate of a politically exposed person.
We shall, in addition to performing CDD measures, perform at least the following enhanced due diligence measures where a customer or any beneficial owner of the customer is determined by us to be a politically exposed person, or a family member or close associate of a politically exposed person:
-
obtain approval from senior management to establish and continue business relations with the customer;
-
establish by reasonable means, the source of wealth and source of funds of the customer and any beneficial owner of the customer; and
-
conduct, during the course of business relations with the customer, enhanced monitoring of the business relations with the customer. We shall increase the degree and nature of monitoring for any transactions that appear unusual
Higher Risk Categories
In our commitment to combat money laundering and terrorism financing, we recognize that certain situations inherently present a higher risk. These include, but are not limited to:
- Customers or beneficial owners who are from or in countries or jurisdictions subject to countermeasures called for by the Financial Action Task Force (FATF). All business relations and transactions with such customers will be treated as higher risk.
- Customers or beneficial owners who are from or in countries or jurisdictions identified as having inadequate anti-money laundering and counter-terrorism financing (AML/CFT) measures by the payment service provider, or as notified by the Authority or other foreign regulatory authorities. Each customer from such locations will be assessed individually to determine the level of risk they present.
In addition to FATF-listed countries, we will also incorporate a sanctions list for comprehensively prohibited countries as designated by the Office of Foreign Assets Control (OFAC). Customers from OFAC-sanctioned countries will automatically be classified as presenting a higher risk. Enhanced Customer Due Diligence (CDD) will be performed on customers identified as higher risk for money laundering or terrorism financing. This also extends to any customer notified to us by the Authority as presenting a higher risk.
We are dedicated to adhering to the stringent guidelines set forth by regulatory bodies and will continuously update our policies to align with the latest global AML/CFT standards.
Record Keeping
We will keep proper records as required for a time period of at least 5 years.
Reporting
We have established risk-based policies, procedures, and monitoring processes that ensure efficient identification and reporting of suspicious activities. These measures are designed to meet all regulatory obligations, thus maintaining the trust and security of our clients.
Suspicious Activity Monitoring: We utilize advanced, automated systems to monitor suspicious deposit/withdrawal transactions or any suspicious activities. These systems employ cutting-edge technology and sophisticated algorithms to detect anomalies or patterns that may indicate illicit activity.
Regulatory Reporting Obligations: We understand and fulfill our regulatory obligations to report suspicious transactions to the relevant supervisory or regulatory authorities. This not only includes detecting and reporting such activities but also taking appropriate actions in response to these reports.
Compliance Policies for Reporting: Our entity has in place comprehensive policies, procedures, and processes that ensure compliance with suspicious transaction reporting requirements. These measures are regularly reviewed and updated to reflect any changes in regulations or our operating environment.
Review and Escalation Procedures: We have established policies, procedures, and processes for reviewing and escalating matters arising from the monitoring of customer transactions and activity. These procedures ensure that any potential issues are promptly identified, escalated, and resolved.
Our commitment to these reporting and monitoring measures allows us to maintain a safe, secure, and compliant environment for our clients and our business operations.
Policies on Compliance, Audit and Training
Amongst other things, we shall appoint an AML/CFT Compliance Officer at the Management Level, maintain an independent audit function, and take proactive measures in regularly training our employees and employees on AML/CFT matters.
In accordance with our commitment to maintain the highest standards of Anti-Money Laundering (AML), Counter Financing of Terrorism (CFT), and sanctions compliance, we conduct annual internal audits. These audits serve as a mechanism to scrutinize our procedures and ensure that they comply with regulatory obligations and industry best practices.
Our audit reviews cover the following areas:
-
AML, CFT, & Sanctions Policy and Procedures: Evaluating the efficiency, effectiveness, and compliance of our policies and procedures to identify any gaps or potential improvements.
-
KYC, CDD/EDD and Underlying Methodologies: Verifying the robustness of our customer identification and due diligence procedures and the methodologies employed in their implementation.
-
Transaction Monitoring: Reviewing our system's capability to track and assess deposit, withdrawal, and trading activities for any suspicious transactions or patterns.
-
Transaction Screening, including for Sanctions: Assessing our screening procedures for transactions, ensuring they adequately identify and respond to any sanctioned or illicit activity.
-
Name & Wallet Screening: Reviewing the effectiveness of our measures to screen customer identities and wallet addresses against databases of known illicit actors.
-
Training and Education of Staff: Confirming that our staff training programs are current, comprehensive, and effectively educating our employees about AML, CFT, and sanctions compliance.
-
Suspicious Transaction/Activity Reporting and Filing: Verifying our ability to detect, report, and file suspicious transactions or activities to the appropriate authorities.
-
Enterprise-Wide Risk Assessment: Evaluating our risk assessment mechanisms to ensure they effectively identify and assess enterprise-wide risks.
Any adverse findings from our internal audits are tracked to completion. Once the identified issues are resolved, they are re-evaluated to ensure the adequacy and completeness of the remedial measures. These extensive audit procedures ensure that our platform remains robust, secure, and compliant, maintaining the trust of our customers and stakeholders.
Enterprise-wide money-laundering/terrorism financing risk assessment
We will employ and enterprise-wide money-laundering/terrorism financing risk assessment in 3 phases:
Phase 1: Assessing inherent risk
We will assess the inherent risk in relation to our:
-
customer or entity: we will make an assessment in relation to our customers and/or entities we deal with;
-
product or services: we will and are mindful of who we serve in our cryptocurrency services;
-
Geographical level: we will not deal with customers from the List of Designated Individuals and Entities.
Phase 2: Assessing mitigating control
We will assess our mitigating controls in relation to the aforementioned. Any and/or all customer(s) whom we find suspicious will be first monitored, followed by exercising enhanced due diligence.
Phase 3: Assessing residual risk
We will assess our residual risks after assessing our mitigating controls.
BVOX Team
Comments
0 comments
Article is closed for comments.