AML and Domestic Regulations for Money Laundering and Investment in Terrorism

The Xchange service is committed to the application of Estonian law and respects the laws of other countries. To avoid illegal circulation of cryptocurrencies, experts have prepared AML provisions to control money laundering and financing of terrorist activities.
These actions of the service allow you to identify dubious operations and check them (details are not disclosed in the description). At the same time, the service reserves the right to carry out full identification and verification of the identity of any user. This procedure can be provided by the service or with the help of third parties.

1. Key Basics

1.1 The described AML policy was developed taking into account the Estonian legislation.
1.2 The service is located in the resource for the exchange of money and in all applications used in the bundle.
1.3 The user is considered to be a person over the age of 16, in accordance with the jurisdiction at the legislative level.
1.4 The AML methodology is a set of rules and regulations of an internal nature that were invented to check and detect illegal actions with electronic currencies.
1.5 The AML methodology is a set of norms that:
1.5.1 Regulates actions to exclude money laundering and illegal financing of terrorist organizations;
1.5.2 Carries out standardization of actions for employees;
1.5.3 Fixes the duration of the fulfillment of obligations by the auditors.
1.6 Additional programs are integrated into the methodology:
1.6.1 Conducting reviews for internal regulation;
1.6.2 Integration of methodology for internal use;
1.6.3 Conducting due diligence on customers and persons associated with the process;
1.6.4 Research and identification of risks;
1.6.5 Adjusting business relationships with clients;
1.6.6 Mandatory actions for the regulation in case of suspicion of participation in illegal activities;
1.6.7 Control over the exchange of information and documents;
1.6.8 Actions to capture data;
1.6.9 Carrying out refusal of transfers;
1.6.10 Training of service employees;
1.6.11 Conducting internal control;
1.6.12 Control over the maintenance of documents obtained in the course of internal control.
1.7 The person responsible for the accurate implementation of this policy is the current Director of Xchange Service.

2. Key technique for control

2.1 For the high-quality implementation of the AM policy, the service directorate has created a group of people who control security.
2.2 All operations for the control and verification of customers are carried out by special employees.
2.3 The person from clause 1.7 performs such procedures as:

  • analytical studies of a conducted or a transaction under development for its illegality;
  • ensuring financial control of clients and all persons associated with them;
  • creation of reports on the conduct of inspections;
  • conducting other procedures within the safety regulations.

3. Integration of methodology for control

3.1 A similar technique is used for the following cases:

  • during the creation and implementation of customer relationships;
  • if the transaction amount is more than 15 thousand euros;
  • if the client"s data is in doubt;
  • if the transaction has a high level of complexity, and it is not justified;
  • if there were suspicious transactions;
  • if transactions were detected with wallets of such organizations: Darknet Marketplace, Darknet Service, Fraudulent Exchange, Illegal Service, Mixing Service, Ransom, Scam, Stolen Coins (funds will be transferred back only if the user is identified).

3.2 Additional checks are carried out in the case of:

  •  if the exchange has no proven feasibility;
  • if exchange actions are irrational;
  • similar transactions take place in a short period of time;
  • the client does not provide data for verification and verification;
  • the client changes the translation using a non-standard method;
  • if unreasonable haste in the transaction was revealed;
  • if the changes were made before the transaction;
  • if the client does not communicate in any of the ways;
  • f there is a suspicion of providing false data;
  • the transaction has a high level of complexity for no reason or economic feasibility.

3.3 Additional options for control:

  • the customer provides additional data and comments on the transaction;
  • monitoring receives enhanced control as part of the security control.

4. Methodology for checking customers and persons associated with them

4.1 Identification at the initial stage according to the information provided to them.
4.1.1 Verification takes place when using a partner service.
4.1.2 Individuals are checked for the accuracy of the following information:

  • citizenship of the person;
  • date and place of his birth;
  • TIN;
  • the authenticity of the document provided to confirm the identity;
  • checking the place of residence;
  • checking the type of activity;
  • verification of contact information for authenticity and activity.

4.1.3 Verification of documents for authenticity is carried out in the event of:

  • receiving a positive answer about its reliability;
  • it has a photograph of the client;
  • whether the TIN corresponds to the indicated gender and age;
  • the service can take the help of government agencies for authentication if in doubt.

4.1.4 When providing an identity document, it is copied so that all data is readable.
4.1.5 Additionally, a check is carried out for the person"s involvement in public positions:

  • the person is related to public service;
  • the list of his relatives and close persons is checked;
  • the source of individual income is confirmed;
  • a request to the infobase is being prepared;
  • sending a request to the supervisory authorities;
  • a decision is made to start a relationship with a person in accordance with clause 2.1.

4.1.6 Information only from official sources can be used to conduct an audit.
4.1.7 A recommendation from a highly trusted client is not a reason to refuse verification.
4.1.8 The representative of a natural person is also subject to verification within the framework of this policy.
4.1.9 A check of an individual can be carried out several times, and the data must be updated.
4.2 All documents of foreign origin must be original and have an Apostille. This procedure does not apply to documentation from the following countries: Latvia, Lithuania, Poland, Russia. Ukraine.
4.3 In the case of minimal risk for the operations carried out, identification can follow a simplified scheme. Common databases are used for this. The minimum risk includes the following cases:

  • the person lives in Estonia or another country with an AML policy.

The simplified check does not exempt the organization from checking the transaction for transparency and legality.

4.4 In the case of a high risk score, the check is more rigorous. She may require additional information from the client. The process can be considered high-risk if:

  • the transaction takes place in unusual circumstances;
  • the operation takes place with a large amount of cash;
  • the goods under the transaction are unusual, new and the transaction itself is non-standard;
  • transfers are carried out anonymously;
  • after the transfers, third parties are involved;
  • other situations covered by the Law No. 37 “On Money Laundering in Estonia”.

4.5 Application of the methodology for control can be excluded only with the permission of a special control bureau.
4.6 A transaction with a high risk indicator is not carried out without the decision of the controlling bureau.

5. Conducting a risk assessment

5.1 Any client and his planned transaction is carried out with an assessment of possible risks.
5.1.1 In a risk assessment, a client is assigned a status from low to high.
5.1.2 To carry out this assessment, the following means are used:

  • if the client is related to public service;
  • if his actions are in the interests of a third party;
  • if there are problems with verification;
  • the client is related to low tax jurisdictions;
  • the client has been imposed international sanctions;
  • cooperation with the client has a positive experience;
  • the term of cooperation and the date of registration of the account are checked;
  • the nature of the transaction is being clarified;
  • the amount of the transaction is checked;
  • the stability and constancy of exchange is taken into account;
  • the source of receipt of goods or other property is not determined.

5.2 Transactions are assessed to establish the level of risk.
5.2.1 Low, medium or high status can be assigned under the following factors:

  • a private bank is involved in the transaction;
  • the translation takes place in alternative ways;
  • carrying out an exchange due to participation in gambling.

5.3 Geographic risk assessment.
5.3.1 A transaction is assigned a status taking into account a number of geographic aspects:

  • the exchange takes place with the territory of a high-risk state;
  • the exchange takes place with a client from a country with a high level of corruption;
  • the user participates in the transaction, in respect of whom the sanctions are applied;
  • other positions that increase risks.

5.4 Risks associated with relatives or partners are subject to assessment.
5.5 The assessment is carried out by assigning a status from one to three:

  • the optimal indicator is assigned if the categories have no doubt factors and the transactions are as transparent as possible;
  • medium risk - if the factors in the transaction are not obvious and there are suspicions of illegal activity;
  • high risk - in the presence of several risk factors and conducting an opaque operation.

The overall result is obtained by adding a factor to all categories, while the risks of the client and his partner are doubled, and the total amount is divided by indicator 4:

  • below 2 - low level;
  • 2 - 2.75 - medium;
  • more than 2.75 - high.

If one of the categories is high risk, then the overall factor will be considered high, regardless of the calculation.

6. Analysis of commercial relations

6.1 All commercial actions are performed only after consent to carry out actions within the framework of AML and service standards.

7. Actions in case of suspicion are to obtain data.

7.1 If questions arise before the start of the operation or during its execution, the transaction is canceled.
7.2 All suspicions are registered and analyzed at the bureau, and all regulatory authorities are required to be notified.
7.3 All data on transfers of more than 32 thousand euros or more are sent to the control office of Estonia.
7.4. If the refusal to carry out the transaction causes damage to one of the parties, then this transaction is frozen until the circumstances are clarified.
7.5 All data is transferred to the Financial Supervision Authority and stored in the archive. All results of the analysis are also subject to storage.
7.6 Persons who have fallen under suspicion are not informed about this and that a check has been started in relation to them.

8. Correspondence exchange procedure

8.1 If the Service Directorate or the Control Bureau decides to exchange correspondence with a third party, this will provide more accurate data.
8.2 The exchange is carried out using control standards.
8.3 The exchange is not carried out with shadow organizations or companies without a license.

9. Carrying out data registration

9.1 The data logging methodology applies to the employee of the company. The document must include:
9.1.1 Type of transfer and reasons for assigning high status;
9.1.2 Data on the transaction, including the volume and type of currency;
9.1.3 Data on all participants in the process;
9.1.4 Data on applied control methods.

10. Procedure for cancellation of the transaction

10.1 If the client has not submitted the required document for control, the exchange will be canceled.
10.2 If data on the source of funds was not provided.
10.3 Information is subject to storage in accordance with the law and in accordance with the service policy.
10.4 In case of refusal, the following are saved:

  • data on the grounds for refusal;
  • why the cooperation was terminated;
  • data on the reasons for the emergence of suspicions.

10.5 The decision to refuse is canceled if the user transfers all the data in full and they pass the check with a positive result, or the decision is taken by the supervisory authority or the court of Estonia.

11. Training

11.1 The Service Directorate is obliged to train employees and draw up instructions for work. The briefing is carried out at a high level within a month from the date of commencement of work.

12. Verification under internal control

12.1 This type of control ensures legal compliance. Employees must act within the rules.
12.2 Internal control involves the following:
12.2.1 Every six months, checks are carried out for compliance with the rules and regulations;
12.2.2 The Directorate must receive regular reports on all suspicions and violations.
12.2.3 All illegal actions are eliminated using the tools selected by the service management.

13. Document service

13.1 All documents on user identification and other actions are stored for 5 years.
13.2 Documentation, which is the basis for state bodies, is stored for 5 years.
13.3 Data on inquiries made for control purposes are stored for 5 years. The term is counted from the moment the relationship begins. After the end of the cooperation, the user"s data in digital format is stored for 5 years.
13.4 Documentation should be kept in such a way that a written derivation is available. They should be easily accessible to all control authorities, as they can be used in criminal, civil and other proceedings.
The rules of control in the internal environment make it possible to standardize all information during identity verification and other processes at the legislative level.

14. Requests from state regulatory authorities

Organizations involved in the fight against illicit trafficking in funds and the financing of terrorism send inquiries to corporate email [email protected]

The service considers only requests of an official nature on forms accepted by law and with all seals. Additionally, feedback contacts should be provided to clarify the authenticity of the request. Response times may vary depending on circumstances, time differences and communication speeds.