Anti-Money Laundering and Know Your Customer Policy
Last updated: 10/01/2022
Introduction
The purposes of this Bitrizza cryptocurrency exchange service (hereinafter we, Bitrizza) Anti-Money Laundering, Counter-Terrorist Financing Policy and Know Your Customer Policy (hereinafter referred to as the AML/KYC or AML/CFT policy is to outline how Bitrizza UAB, the controlling entity behind the bitrizza.com website aims to comply with the relevant Lithuanian and European legislation and normative legal acts, in regards to identification, prevention and mitigation of the AML/CFT risks, which are present constantly during day-to-day operations of the company. Bitrizza invests significant effort into protecting the users and the platform from being unlawfully exploited by the third parties, attempting to use the functionality of the platform for ML/TF purposes.
In conformity with international and local regulations, Bitrizza has established a number of written procedures, as well as a number of technical solutions to prevent the users from conducting activities such as money laundering, terrorist financing, drug and human trafficking, proliferation of weapons of mass destruction, corruption and bribery, or any other activity, which could be deemed as illicit by any of the jurisdictions in which Bitrizza operates. Bitrizza has an ability to react appropriately and quickly to prevent such actions from being undertaken.
Money laundering can be defined as: the conversion or transfer of property, knowing that such property is derived directly from criminal activity, or obscurely, by participating in an illicit activity as an intermediary, for the purposes of concealing or disguising the illegal origin of the property, or assisting any person who is involved in the in such activities to evade the legal consequences. The main goal of a person involved in money laundering is to conceal and disguise the illicit nature of the funds by integrating the money into the banking system, or converting such funds into valuable assets, such as property, real estate, securities, etc. as if the funds were accumulated from a legal source.
Terrorist financing can be defined as: the willful provision or collection, by any means, directly or indirectly, of funds with the intention that the funds should be used, or in the knowledge that they are to be used, in order to carry out terrorist acts.
Bitrizza employs a “zero-tolerance” approach towards corruption, fraud, collusion, money laundering or terrorist financing, and other criminal conduct. Bitrizza would seek to implement all available legal means in order to be able to identify, prevent, and tackle any of such actions. The company reserves a right to report the suspicious activity of the main counterparties or the users of the website to relevant authorities, by submitting a Suspicious Activity Report.
All of the Lithuanian obliged entities (i.e. companies engaged into the provision of financial services, including virtual asset exchange and wallet services) are obliged to comply with the Money Laundering and Terrorist Financing Prevention Act 2017 (for the companies residing in the Republic of Lithuania), which provides guidelines on the appropriate due diligence which should be applied to the customers of the obliged entities, and the recommendations from the Financial Action Task Force (FATF), an inter-governmental body whose purpose is the development and promotion of national and international policies to combat money laundering and terrorist financing.
Other legislation that relates to this AML-KYC Policy includes:
- Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing;
- Payment Institutions and E-money Institutions Act 2010 (MERAS);
- 5th Anti-Money Laundering Directive ((EU) 2018/843).
Any any question or concern regarding the present AML-KYC policy should be directed to the following postal address: Bitrizza, or by email to [email protected].
Basic rules
Basic rules of the AML-KYC Policy include the following conditions:
- Bitrizza does not accept any cash deposit, and does not provide the service of cash withdrawal;
- Bitrizza does not accept third party deposits into a user’s account, or permit the management of an account on behalf of another party, etc.;
- Bitrizza cannot grant any exception or somehow amend the list of the documents, required for the verification, or requested over the course of the client’s interaction with the platform, on an individual basis;
- Bitrizza reserves the right to unilaterally refuse, cancel, or suspend the processing of any transaction, in case a reasonable suspicion occurs that the transaction may have an embedded ML/TF risk;
- As prescribed by the international legal practice, in case a Suspicious Activity Report is filed and submitted to the relevant authorities, the Company has a right, and sometimes an obligation not to disclose the fact of the submission to the reported party.
Internal rules and procedures
To comply with the requirements of counteracting the legalization and laundering of illegal funds, Bitrizza performs the following:
- Verification of the incoming customers, both natural persons and legal entities. An unverified user is restricted from conducting an exchange operation at the platform;
- Retaining the customer’s data for a period of at least 5 (five) years since the termination of the business relationship;
- Establishing the risk scoring, as well as the metrics, tools and solutions to identify, monitor, and suspend any suspicious transaction prior or during the commencement of such;
- Any obligations of the platform should be waived to the user, in case Bitrizza has managed to identify that the customer has conducted an action, violating any provision of AML/CFT policy of the company
- Pass or disclose the relevant information regarding certain transactions of a given user to the relevant authorities.
Verification procedures
In order to comply with the requirements of Money Laundering and Terrorist Financing Prevention Act of the Republic of Lithuania and to meet the necessary legal standards, Bitrizza requires all clients, to pass the verification procedure in order for the company to be able to identify who the customer is. Bitrizza’s user verification procedures is conducted via a secure third – party verification instrument, which corresponds to all of the relevant privacy law legislation including the GDPR. The verification is also a vital part of the registration at a financial institution, as it promotes a simplified procedure of the account recovery in case of an account loss.
In general terms, Bitrizza’s verification procedures are applied to any category of a client, signing up to use the services of the company. Bitrizza reserves a right to request additional documents from clients on an individual basis, depending on the risk profile assigned.
Under the terms of the Money Laundering and Terrorist Financing Prevention Act, Bitrizza is required to identify and verify any person and any beneficial owners who enters into a business relationship with Bitrizza, including the entities, making occasional transactions with Bitrizza.
In certain situations (e.g. due to the regulatory or legal requirements, or due to high risks) Bitrizza may require enhanced identity verification for any user. This may include requirements to verify details or sources of funds regarding transactions which users have made or received during purchases made on Bitrizza as well as bitcoin transactions that a user have sent or received from its Bitrizza account.
The Bitrizza identification procedure requires the user to provide Bitrizza with reliable, independent source documents, data or information (for example, a national ID card, an international passport), as well as a document, which could confirm the current residential address of a person (such as, for example, a bank statement or a utility bill). For the purposes AML-KYC Policy compliance, Bitrizza reserves the right to collect the user's identification information, which includes:
For individuals:
- Full name;
- Date and place of birth;
- Country of residence (thereby identifying risks associated with countries, geographic areas or jurisdictions);
- Residential address
- Passport or any government issued ID details;
- Contact email address and/or phone number.
- Legal name of the company and DBA name;
- Registration number;
- Date and country of incorporation;
- The same personal data of the director and beneficiary as for individuals;
- Contact email address and/or phone number.
For individuals:
- Identity document: color copy of the passport (the first, second page with photos, as well as a page with registration data), or a color copy of the document that is able to confirm the identity of the user according to the legislation of the country of which the user is a resident.
- A utility bill dated not older than 3 months
- A bank statement dated not older than 3 months
- Any governmentally issued document (e.g. a tax statement), clearly indicating the residential address of a person
- Copy of the certificate of incorporation;
- Copy of the memorandum and articles of association or equivalent document, duly registered in the appropriate register;
- Copy of extract from protocol of general meeting of participants/shareholders, Certificate of directors and secretary, minutes of first meeting of directors, register of directors or another document, confirming the appointment of the directors, or equivalent document confirming registration of the corporate acts and amendments, and powers of the company head;
- Certificate of shareholders or register of members;
- Certificate of good standing;
- Passport copy of the head of the company (additionally, passport copies may be requested of all individuals who, directly or indirectly, as well as through third parties, own more than 25 percent in the share capital of the company);
- Document confirming the legal entity location or the actual business address, where it operates (copy of utility bill not older than 3 months or copy of the office rental agreement);
- Reference letter from the bank confirming the opening of a current account, or a copy of the contract with the bank about the account opening.
Bitrizza will take steps to confirm the authenticity of documents and information provided by users. All legal methods for double-checking identification information will be used, and Bitrizza reserves the right to investigate the cases of certain users whose identities have been identified as suspicious or carrying risk.
Bitrizza reserves the right to verify conduct an identity check on an outgoing basis, especially when the identification document is close to the expiration date or activities appear suspicious (not corresponding to the usual transaction pattern for the user). In addition, Bitrizza reserves the right to request up-to-date documents from the user, or any additional documents and additional information needed for identification or verification purposes, even though they have passed identity verification in the past.
If the user refuses to provide the requested documents and information in response to a request from Bitrizza without proper justification, Bitrizza will either not start a contractual relation with the user, or may even terminate the business relationship with an existing user, as well as reserves a right to report such an occurrence to the regulator.
Information about users and their identification will be collected, stored, shared and protected strictly in accordance with the Bitrizza Privacy Policy, as well as the Lithuanian and the European regulation.
Аfter the identity verification procedure has been completed, Bitrizza has the right to refuse to provide services to users if Bitrizza learns or suspects that its services are used for the purposes of conducting illegal activities.
Bitrizza has a regulatory requirement to verify the source of fiat funds or cryptocurrency to confirm that the source of funds used to trade are legitimate. Over the course of such process, a customer is requested to provide documentation, explicitly showing the origin of the funds.
Transactions monitoring
According to existing practices, users are known not only by verifying their identity (who they are) but, more importantly, by analyzing their transactional patterns (how the payments are made). Therefore, Bitrizza relies on data analysis as a risk assessment as well as on the manual checks and the automated transaction monitoring solutions. Bitrizza performs a variety of compliance-related tasks, including capturing data, filtering, record-keeping, investigation management, and reporting.
Bitrizza’s system functionalities include:
- Check of users’ presence on recognised “black and negative watch lists” (e.g. Sanctions lists with EU, UN, OFAC, HM Treasury, Interpol database, lost and stolen documents list), aggregating transfers by multiple data points, placing users on watch and service denial lists, opening cases for investigation where needed, sending internal communications and filling out statutory reports, if applicable;
- Transaction monitoring tools;
- Case, document and record management.
- Ensure that transactions of a suspicious nature are reported to the authorised regulator or relevant law enforcement by the Compliance officer;
- At any time request that the user provide any additional information and documents in case of suspicious transactions or activity;
- Suspend or terminate a user's account when Bitrizza has a reasonable suspicion that such user is engaged in illegal activity.
Compliance officer
The Compliance officer is the person, duly authorised by Bitrizza, whose duty is to ensure the effective implementation and enforcement of the AML-KYC Policy. It is the Compliance officer’s responsibility to supervise all aspects of Bitrizza’s anti-money laundering and counter-terrorist financing procedures, in particular:
- Collecting and verifying users’ identification information;
- Establishing and updating internal policies and procedures for the completion, review, submission and retention of all reports and records required under the applicable laws and regulations;
- Monitoring transactions and investigating any significant deviations from normal activity;
- Implementing a records management system for appropriate storage and retrieval of documents, files, forms and logs, updating risk assessment regularly;
- Providing law enforcement or local regulators with information as required under the applicable laws and regulations, and also interacting with law enforcement involved in the prevention of money laundering, terrorist financing and other illegal activities.