M

AML/KYC Policy

Last updated on the date of 05/16/22

Svelge OÜ, operating the platform https://topexchange.io/, provides its services by utilizing high-quality software and adhering to the highest security standards.

Where we partner with reliable payment solutions for fiat and/or digital currency, we use custodian services with insured cold storage.

The client funds shall be always kept secure regardless of our ongoing business developments.

We use SumSub for KYC / AML and Identity Verification, thus assuring that we always deal with proper individual or legal entities.

We always put the client in the centre of our attention and make sure that we will provide the best prices and liquidity.

We solicit companies and individuals with our crypto exchange and crypto wallet services.

Client identification

The following information is requested to identify clients:

Proof of identity document

We accept as proof of identity government issued valid documents with photos including:

  • EU/EEA ID card
  • International Passport
  • Driving license

The provided documents must be readable, of good quality and with all relevant data provided in English alphabet characters.

Proof of address document

To confirm the address of the customer we accept the following documents, not older than 3 months:

  • Utility bill for gas, electricity, water, internet, etc. linked to the property
  • Bank statement with date of issue and name of the account holder
  • Lease agreement that is current and has the signatures of the landlord and the tenant
  • Credit card statement
  • Letter from a recognized public authority or public

Selfie

The Selfie could be either a live video or image(s) of the customer holding a Passport/ID card.

Source of Funds

In case of a large deposit made through bank transfer, we may require proof of source of funds. It could be a bank statement showing transaction history and origin of the funds transferred to a customer account or a document issued by a relevant authority or organization containing the source of income information.

In the case of a large crypto deposit, we require proof and explanations of how and when the crypto assets were obtained.

The customer could be asked to complete a questionnaire and confirm the origin of funds or crypto assets.

Identification of a legal person

  • Corporation enrollment and registration certificates of the legal person;
  • Copy of the articles of association and memorandum of the legal person;
  • Detailed certification materials of the ownership structure and ownership description of the legal person, and the decision of the board of directors on designating the authorized agent of the company responsible for the opening and execution of the account of the company with Svelge OU;
  • Identity documents of the directors, major shareholders of the legal person as well as the authorized signatory for the account opened with us, as are required to be provided in accordance with relevant rules;
  • Legal person’s main business address or mailing address if it is different from the main business address of the company.
  • Other certification documents, documents issued by competent authorities and other documents we may deem necessary in light of the laws and regulations of relevant jurisdictions and in light of the specific nature of the legal entity.

PEP watchlist and Adverse media checks

All clients undergo thorough checks for holding prominent public functions, as well as the existence of negative information related to them. If prospective clients will raise suspicion of our specialists, we will refuse to provide services to such clients.

Document storage

All documents submitted by those wishing to purchase cryptocurrency (i.e., passport copy, bank statement, cryptocurrency wallet balance, proof of residence) will be processed and stored for a period of 5 years on the company cloud which is hosted on secure virtual servers with maximum protection and 100% uptime guaranteed. The data authenticity is verified by our specialists. In case of suspicion, the client file along with relevant documentation shall be escalated to the MLRO.

Use of external tools

We may use third-party providers to validate customer identity, documents, crypto wallets, contact information, transactions and any other customer data we receive when providing our service.

Risk Assessment

Customer’s risk levels

Customer due diligence is applied based on a risk-sensitive basis, i.e. the nature of the business relationship or transaction and the risks arising therefrom shall be taken into account upon selection and application of the measures. Risk-based customer due diligence calls for the prior weighing of the specific business relationships or transaction risks and, as a result thereof, qualification of the business relationship in order to decide on the nature of the measure to be taken (for instance, normal, enhanced or simplified due diligence measures could be applied).

If the risk level of a customer or a person participating in a transaction is low, the Company may apply simplified due diligence measures but is not allowed to skip customer due diligence entirely. If the risk level arising from a customer or a person participating in a transaction is high, enhanced due diligence measures will be applied.

The first requirement for the measures of prevention of money laundering and terrorist financing is that the Company does not enter into transactions or establish relationships with anonymous or unidentified persons. Legislation requires that the Company waives a transaction or the establishment of a business relationship if a person fails to provide sufficient information to identify the person or about the purpose of the transactions or if the operations of the person involve a higher risk of money laundering or terrorist financing. Also, legislation requires the Company to terminate continuing relations without prior notification if the customer fails to submit sufficient information for the application of customer due diligence measures.

General Obligatory Identification Rules

The Code of Conduct for the application of customer due diligence measures stipulates mandatory identification and verification when establishing business relationships with persons with whom the Company has no previous relations, economic or professional activities via agents or affiliates.

The Company has the right, taking into account the special requirements and restrictions provided by law, to use the services of a third party under a contract the subject of which is the continuing performance of activities and continued taking of steps required for the provision of (a) service(s) by the Company to its customers and that would normally be performed and taken by the Company itself.

The Company may hire a competent third party for AML compliance after having assessed the ability of such a person/entity to fulfil the requirements provided for in the Money Laundering and Terrorist Financing Prevention Act and to ensure the reliability and the required qualifications of such a person.

The Company that outsourced its activities remains liable for infringement of any of the applicable laws and regulations.

Upon outsourcing an activity (activities), the Company shall ensure that the third party has the knowledge, skills and qualifications required, above all, to identify and properly resolve situations of a suspicious and unusual nature.

The outsourcing contract shall specify the rights and duties of the parties intact with the requirements provided by law. Activities outsourcing shall not impede state supervision over the Company and the latter shall grant the competent authorities access to the third party to whom the Company has outsourced its duties, tasks or functions.

The Company shall immediately notify the Financial Intelligence Unit if enters into such an outsourcing agreement.

Risk-based approach

The Company shall recognize, assess and understand money laundering and terrorist financing risks in its own activities and in the activities of its customers and take measures to mitigate the risks. The applicable measures shall correspond to the identified risk level.

In the course of the risk-based approach, the Company shall assess the probability of the realization of risks and what the consequences of their realization are. Upon assessment of probability, the chance of an increase in the threat and the possibility of occurrence of the respective circumstances shall be taken into account, e.g., the possible threats that may influence the activities of the customer and the service provider shall be taken into account.

The Company shall take all necessary customer due diligence measures outlined hereunder. The scope of taking the measures depends on the characteristics of the given business relationship or the risk level of the customer.

Upon identifying and substantiating the risk levels of a customer or a person participating in a transaction, the Company shall take into account, among other things, the following risk factors:

  • Customer type – e.g., individuals, listed companies, private companies, joint ventures, partnerships or financial institutions;
  • Geographic location – jurisdiction(s) of residence or citizenship of the customer;
  • Product and/or service – risk factors derived from the customer’s economic activities or the exposure of a specific product or service to potential money laundering risks; whether the service is rendered to anonymous customers and the likelihood that the product/service requested might be used for money laundering or terrorist financing;
  • Risks relating to communication, mediation or products, services, transactions or delivery channels between the Company and customers. Mitigation measures of such risks:
  • Identification and management of risks of technology and services. The Company uses safe technological solutions for providing services and implements physical and personal measures to ensure safety, such as service architecture with cryptographic algorithms.
  • The Company uses encryption solutions to keep the provided service and transaction history safe. Virtual currency and wallet transaction security is provided by the blockchain network itself.
  • Advantages of the authorisation process, securing of user’s accounts. The authorisation process is accomplished through SSL, cryptographic, 2FA and IP protection.
  • In case of a loss or theft of private cryptographic keys or user credentials by the Clients, the Company uses strong crypto algorithms and a restore system.
  • Activities for mitigation of risk, including backup system in case of hacking of the technological solution – The Company uses multiple servers, a separate one for cryptocurrency wallets, users’ accounts, transactions networks.
  • The server connection is performed by secured protocol and locked by a firewall.
  • The Company sets limits for holding each cryptocurrency and after increasing the balance on any wallets more than the limited amount, the funds are automatically sent to the Client’s wallet.
  • The Company’s safety securing: support team of the technical solution, monitors, identifies threats and reports to board members.
  • Board members are personally responsible for the security, monitoring, identification and diligent reporting of cases.
  • As a rule, the Company systematically, on a quarterly basis, analyses whether the adoption of additional security measures is required.

Risk assessment (overview)

The risk level of Svelge OÜ clients will be assessed by several parameters, including national identity, country of residence and source of funds.

Representatives of Svelge OÜ shall be extremely wary of and immediately decline customers from high-risk countries (http://www.fatf-gafi.org/countries/#high-risk ). We also do not accept customers that are residents of the following countries:

Afghanistan, Albania, Bahamas, Barbados, Botswana, Burkina Faso, Cambodia, Cayman Islands, Central African Republic, Chad, China, Congo, Crimea, Cuba, Democratic Republic of the Congo, Democratic People’s Republic of Korea, Eritrea, Haiti, Ghana, Guinea-Bissau, Iran, Iraq, Japan, Jamaica, Lebanon, Libya, Mali, Mauritius, Morocco, Mongolia, Myanmar, Namibia, Nicaragua, Pakistan, Panama, Philippines, Somalia, South Sudan, State of Palestine, Sudan, Syria, Tajikistan, Uganda, Venezuela, Yemen, United States of America

Specific risks related to virtual currency trade and risk mitigation measures

The AML/CFT risks specific to virtual currency trade are:

  • the anonymity ensured by online trading of virtual currency
  • the limited opportunities for proper identification and verification of participants
  • the lack of clarity regarding the responsibility for AML/CFT compliance, supervision and enforcement actions over transactions segmented across multiple jurisdictions
  • the lack of a central oversight body

The Company applies the following measures to mitigate the aforementioned risks:

  • the deposit for virtual currency purchase shall be originating from the customer bank account
  • the Company shall not engage in any transactions a party thereto remains anonymous or cannot be sufficiently identified in accordance with the present AML Policy and the applicable laws and regulations.
  • For each transaction exceeding 15,000 EUR or the equal amount in another currency, the Company shall require from the client evidence of the source of funds.

Transaction control

Enhanced control

If the transaction amount exceeds 15,000 EUR or the party to a transaction is a person from a high-risk country suspected of criminal activity, money laundering or terrorism financing, we will request additional information about the origin of funds. After receiving information, the data will be checked by our specialists, as well risk assessment will be performed for the particular transaction. Upon identifying increased risk, our specialists will escalate the case to the MLRO.

Simplified control

If the transaction’s value does not exceed 15,000 EUR and the customer is not a citizen or resident of a high-risk country, their data will be recorded by our specialists in a simplified form.

Simplified Due Diligence measures may be taken, if the Client is:

  1. A company listed on a regulated market that is subject to disclosure requirements consistent with European Union law;
  2. a legal person governed by public law founded in Estonia;

iii. a governmental authority or another authority performing public functions in Estonia or a contracting state of the European Economic Area;

  1. an authority of the European Union;
  2. a credit institution or a financial institution, acting on behalf of itself, located in a contracting state of the European Economic Area or in a third country, which in the country of location is subject to equal requirements and the performance of which is subject to state supervision.

Upon identifying and screening such Clients, the following circumstances, if present concurrently, shall be considered criteria pointing to a low level of risk:

  1. the Client can be identified on the basis of publicly available information;
  2. the ownership and control structure of the Client is transparent and constant;

iii. the operations of the Client and their accounting or payment policies are transparent;

  1. Client reports to and is controlled by authority of executive power of Estonia or a contracting state of the European Economic Area, another agency performing public duties, or authority of the European Union.

Simplified Due Diligence measures may be taken regarding a Transaction if all of the following conditions have been fulfilled:

  • a contract in written (or in a format which can be reproduced in written) or electronic format has been entered into with a Client for an indefinite or a long-time period;
  • payments are made through the account of a Client, which has been opened in a credit institution or a branch of a foreign credit institution registered in the Estonian commercial register or in a credit institution that has been established or has its place of business in a contracting state of the European Economic Area or in an Equivalent Third;
  • the annual total value of the performance of financial obligations arising from Transactions does not exceed EUR 15 000;
  • the benefits derived from the Transaction are not realized as benefits of a third person, excluding the event of the Client’s death.

Source of funds

If our specialists have doubts about the origin of funds of a particular customer and there is an evaluated risk of money laundering, such client’s data shall be transferred to the MLRO for further consultation.

Risk level assessment

Combinations of the following parameters shall be endorsed for the risk level assessment of Svelge OÜ:

Risk classification

To ensure the best control of risks emanating from clients, Svelge OÜ classifies clients into three risk categories: low, medium and high. Each category type has certain control restrictions/specifics described further in this document.

  • Low risk – Low-risk level is assigned to clients having a risk status from 4.9 to 7.9;
  • Medium risk – Medium-risk level is assigned to clients having a risk status from 8 to 10.9;
  • High risk – High-risk level is assigned to clients having a risk status from 11 to 14. High-risk clients are subject to having their client agreements terminated.

The risk statuses are assigned according to the risk scale, ranging from 4.9 to 14, where 4.9 means the lowest risk and 14 means the highest risk. The risk score is determined upon analysis of data collected from clients and the application of a weighting factor to the different risk categories. The risk status is assigned according to the final score on the risk scale. Risks are assessed based on several criteria, which are outlined below:

  • Country of registration;
  • Type of registration, i.e., a physical person or legal entity;
  • Screening results (e.g., sanctions, adverse media, PEP);
  • Nature of product/services;
  • Specifics of communication, mediation or products, services, transactions or delivery channels.

For the purpose of this policy, the assessment and monitoring of the above criteria are performed in three steps:

  • Step 1 – Pre-application client classification.
  • Step 2 – Client application handling.
  • Step 3 – Post-application client management.

Each step of the assessment of client applications will be further reviewed in detail.

Pre-application client classification

The first pillar of the Svelge OÜ risk-based approach is client initial risk group segregation based on the country of registration. European Union nationals fall under the “low risk” category and have the preliminary zero score on the risk scale. However, this is not the final risk status of the client as it is а construct of various factors outlined hereunder.

Further, the Company takes necessary steps to eliminate and avoid a certain degree of risks associated with the client’s nationality and background before accepting an application for services. In this endeavour, our decision whether to establish any relationships with the client or not is bound to the most recent updates of the official FATF blacklist or watchlist. FATF calls on its members and other jurisdictions to apply counter-measures to protect the international financial system from the ongoing and substantial money laundering and terrorism financing (ML/TF) risks emanating from a list of countries. The following countries, for such reasons, are not supported by Svelge OÜ, and clients coming from these countries will have their application rejected: Iran, Democratic People’s Republic of Korea (DPRK), Myanmar, Pakistan, Syria, and Yemen.

Moreover, Svelge OÜ observes the list of countries that are on the monitor of FATF that require a less radical approach. The following countries are identified by FATF as “Improving Global AML/CFT Compliance: ongoing process”: Albania, Angola, Argentina, Kenya, Kuwait, Kyrgyzstan, Lao PDR, Mongolia, Namibia, Nepal, Nicaragua, Papua New Guinea, Sudan, Tajikistan, Tanzania. Clients originating from these countries will not have their registrations rejected, however, will initially fall under the “high risk” category and have a preliminary score of 3 on the risk scale.

Finally, we separate clients into two more categories depending on the country of their residence:

1) Latin America and African residents fall under the “medium risk” category.

2) Residents of Asia Pacific countries fall under the “low risk” category.

Risk scale

  • Blacklisted countries – Prohibited onboarding
  • Improving Global AML/CFT Compliance countries – 3
  • Latin America and Africa – 2
  • Asia Pacific and rest of the world – 1
  • Europe – 0

It should be noted we check the FATF country lists on an ongoing basis as well as other reputable authorities for up-to-date information on suggested restrictions applicable to high-risk countries. Should there be any change in policies and/or recommendations, Svelge OÜ shall, as soon as practicable, review its client database to identify whether the risk assessment needs to be done repeatedly considering the latest information. This policy shall also be updated immediately once legislative changes or international recommendations become available.

Having the country risk established, client applications are analysed for further risk factors in step 2, which addresses the handling of client applications once submitted.

Client application handling

The second step encompasses consideration of several risk categories further outlined in more detail.

Svelge OÜ shall not provide the customer with access to their account (including processing any payments thereto) until the client’s account is successfully verified on the basis of the information and documents provided in view of the inherent risks. Moreover, the customer shall not be able to order any funds transfer since Svelge OÜ bank details are available via the client area only to those who have completed the account verification.

Physical person vs Legal entity

It is crucial for our operations to get the customer’s type established during the application process since it will further affect the Know Your Client (KYC) procedures applied. Therefore, using the registration form, the Company will establish whether the prospective client is a physical person or a legal entity. Physical persons are carefully assessed for having citizenship/residence in countries subjection to sanctions, as well as being considered PEPs. Supplemental factors such as unclear place of residence or detected connections with jurisdiction with preferential tax regimes have implications on the total risk scale. However, a different approach is applied to legal entities, outlined in the paragraph below.

Furthermore, we are obliged to examine whether the client is the sole beneficiary of the account, or there are several stakeholders (beneficial owners). This is performed using the registration form, where the client shall specify such parties. Should there be several beneficial owners, all such parties (either legal or physical) shall be identified on the basis of relevant documentation according to the procedures outlined within this AML policy and any supplementary instructions. The account shall not be opened until all the beneficial owners are properly identified and verified.

Legal entities

Legal entities pose a higher risk due to unlimited variations of legal structures diminishing their transparency and making the establishment of the source of corporate capital very complex. Svelge OÜ strives to protect itself from attempts of money-laundering or terrorism financing, hence, being guided by The Wolfsberg Group principles, distinguishes the following legal entity types that are not eligible for our services:

  • Cash (and cash equivalent) intensive businesses including money services businesses (remittance houses, exchange houses, casas de cambio, bureaux de change, money transfer agents and banknote traders), casinos, betting and other gambling-related activities, or businesses that while not normally cash-intensive, generate substantial amounts of cash for certain transactions.
  • Unregulated charities and other unregulated “not for profit” organisations (especially those operating on a “cross-border” basis).
  • Dealers in high value or precious goods (e.g., jewellery, gems and precious metals dealers, art and antique dealers and auction houses, estate agents and real estate brokers).
  • “Gatekeepers” such as accountants, auditors, lawyers, or other professionals, have the ability to either block or facilitate the entry of illegitimate money into the financial system. Accounts for clients introduced by such gatekeepers pose a higher risk where the financial institutions place unreasonable reliance on the gatekeeper for KYC and AML matters.
  • Armament manufacturers, dealers and intermediaries.

Newly registered client screening

Svelge OÜ uses an automated system designed to screen clients through third-party tools and databases upon their registration submissions. At the first step of verification, our clients are asked to submit detailed personal information where first name, last name, date of birth and passport number (optional) are collected to have the data screened against the available databases.

The screening results could be saved on the platform as “pending” and are to be reviewed by the Compliance Officer. The Compliance Officer shall review screening results with the “pending” status on a daily basis and decide whether there is a match with the registered client or these have been false-positive results. Following that, a search result report is attached to the client profile, and the respective status is applied.

On-going screening

Svelge OÜ understands that a one-time client screening is not sufficient to mitigate and control client risks; therefore, we have also established an ongoing screening routine. The Company screens its entire client database on a daily basis. This allows identifying possible matches in a continuous manner and immediately establishing whether this data is relevant to any of our existing clients. In case of a match, we shall record the results in the client profile and, depending on the history of relations with the client and the type of match identified, decide whether to continue our relations with the client or not.

Result analysis

While client screening is conducted according to three different procedures, the result analysis is performed using a single model. For a better understanding of the action model, we further provide a list of databases and information contained in the screening solution delivered by third-party providers:

1) Global Sanction List aggregates information from the most important sanction lists around the world, which is comprised of individuals and companies with the highest risk score. The following lists are included: Her Majesty Treasury List, Bureau of Industry and Security, Department of State, EU Terrorism List, FBI Top Ten Most Wanted, Interpol Most Wanted, ICE List (U.S. Immigrations and Customs Enforcement), Office of Foreign Assets Control (OFAC) Sanctions, CBI List (The Central Bureau of Investigation), SDN & Blocked Entities, SECO List, Treasury PML List, UN Consolidated List, OCC Shell Bank List and World Bank Debarred Parties List.

2) PEP List. The Global PEP list includes profiles of Politically Exposed Persons, as well as those of their family members and close associates. Politically Exposed Persons (PEPs) are considered high risk per the present regulatory landscape. Application of enhanced due diligence is provided by the law when conducting business with Politically Exposed Persons. While there is no global definition of a PEP, the Financial Action Task Force (FATF) has issued guidelines that could be further interpreted to clarify the scope of the term. Local legislation, like the USA Patriot Act or the European Union AML Directive, uses similar definitions of a Politically Exposed Person, typically consisting of the following five categories:

  • Current or former senior official in the executive, legislative, administrative, military, or judicial branch of a foreign government (elected or not).
  • A senior official of a major foreign political party.
  • A senior executive of a foreign government-owned commercial enterprise, and/or being a corporation, business or other entity formed by or for the benefit of any such individual.
  • An immediate family member of such individual, meaning spouse, parents, siblings, children, and spouse’s parents or siblings.
  • Any individual publicly known (or actually known by the relevant financial institution) to be a close personal or professional associate.

3) Adverse Media List. The Global Adverse Media List is an extensive proprietary database of individuals and companies that have been linked to illicit activities by news sources. Listings are comprised of money launderers, fraudsters, arms dealers, drug dealers, and other criminals.

4) Enforcement List. The Global Enforcement List (GEL) is comprised of information received from regulatory and governmental authorities. It includes the content of warnings and actions against individuals and companies, listing drug dealers, money launderers, fraudsters, human traffickers, fugitives and other criminals.

Each client, regardless of being newly registered or already having an active account, is continuously screened against the lists above. Client data is reviewed against the data on the available screening lists for possible matches. Our company differentiates several preliminary match result statuses: positive (full match), false-positive/false-negative (partial match), or negative (no match).

  • Positive – Each positive match result is reviewed manually by designated employees on a case-by-case basis using the desktop platform.
  • False-positive – A full match (100%) or less coincidence rate identified, that after a thorough review, could be discounted, i.e., the end result does not reflect the factual situation.
  • False-negative – Same as false positive, except being applicable only to partial (non 100%) matches, that after a thorough review, have been established as full hits on the basis of one of the results obtained.
  • Negative – Negative matches are recorded in client profiles only once to reflect that the required screening has been conducted. No further actions are required in relation to the client.

Clients identified with a positive match based on any of the above lists, except the PEP List, will have their applications immediately rejected with relevant information registered and an appropriate report of suspicious activity submitted to the Financial Intelligence Unit. Clients identified as PEPs will have a corresponding notation on the system (the marking designation will be further explained in the “Post-application client management” section). Any further dealings with customers once classified as PEPs shall be subject to special review by the Member of the Board.

Once the client’s legal form is established, and the screening results are obtained and analysed, the declared financial standing of the client is further assessed.

Analysis of planned investments of clients

It is crucial for our company to establish the potential investments of the client as well as sources of their funds beforehand. During the registration, Svelge OÜ clients are requested to provide the following information:

  • Gross annual income (less than 100,000 EUR; 100,000 – 250,000 EUR; 250,000-500,000 EUR; 500,000-2,000,000 EUR; more than 2,000,000 EUR).
  • Net worth (less than 100,000 EUR; 100,000-500,000 EUR; 500,000-1,500,000 EUR; more than 1,500,000 EUR).
  • Planned investments (less than 50,000 EUR; 50,000-250,000 EUR; 250,000-1,000,000 EUR; more than 1,000,000 EUR).
  • Origin of funds (salary, dividends, investment, real estate sale or other sources that should be specified).

The information provided should be consistent and be assessed by the Compliance Officer for potential conflicts or red flags (e.g. a client with a gross annual income of less than 100,000 EUR and the same net worth should raise awareness if the planned investment is more than 1,000,000 EUR). The assessment is performed using the following logic:

  1. What is the planned investment amount?
  2. Is the planned investment more than the annual income? (Yes/No)
  3. Is the net worth more than the planned investment? (Yes/No)

Risk scores

  • A risk score of 3 (high risk) is applied when the planned investment is higher than annual income but lower than net worth.
  • A risk score of 2 (medium risk) is applied when the planned investment is higher than both the annual income and the net worth.
  • A risk score of 1 (low risk) is applied when the planned investment is lower than the annual income.

It should be noted that this logic is applied not only to the client information initially collected with the application form but also extends to the ongoing transactions of the customer. Should the transactions in question be inconsistent with the information per the application form, the Payments Department shall report such a client to the Compliance Officer for manual transaction approval. The Compliance Officer may request a Declaration of Source of Funds (DSF) from the client, should they find it necessary to ensure that the funds originate from a legal source. If the client is unable to produce a valid DSF declaration, or it is rejected by the Compliance Officer, or the remitter of funds does not have an active account with Svelge OÜ, such a transfer shall be reversed. In the event that DSF is not produced or being rejected, a Suspicious Activity Report shall be filed with the competent authority.

Post-application client management

After client applications have been confirmed, the final risk score is calculated by summarising the information acquired. Risk statuses are applied according to the outcome, however, should the risk score be equal to or exceed 11 points on the total risk score, the client may be subject to rejection. Тhe Compliance Officer shall take the final decision after thoroughly and manually assessing all the information collected (additional information may be requested, or certain individual restrictions may be applied).

Svelge OÜ also takes practical measures to monitor client activity on a daily basis and in line with the assigned final risk status. However, irrespective of the risk status, clients are monitored separately and can be identified within the system using filtering tools, if necessary.

Low-risk clients

The client’s risk level is generally considered low if there is no risk factor of impact in any risk category and it can therefore be claimed that the client and its operations demonstrate elements that do not differ from those of an ordinary and transparent person; thereby there is no reason to suspect that the client’s operations may increase the probability of money laundering and terrorist financing.

High-risk clients

The client’s risk level is usually high, when assessing the risk categories on the whole it seems that the client’s operations are not ordinary or transparent; there are risk factors of impact due to which it may be presumed that the likelihood of money laundering or terrorist financing is high or considerably higher. The client’s risk level is also high if a risk factor such calls for this. High risk does not necessarily mean that the customer is laundering money or financing terrorists.

If an increased risk level is identified, our specialists will escalate the case to and transmit the customer’s data to our MLRO officer.

Data storage

Data on all transactions and clients will be stored for at least 5 (five) years in the company cloud which is hosted on secure virtual servers with maximum protection. The aforementioned records shall be provided upon explicit request from the Estonian Financial Intelligence Unit (Rahapesu AndmebÜroo).

Payment methods

Representatives of Svelge OÜ are trying to keep up with the latest developments and regulations of technologies and methods of payment (bank transfers, card payments, cryptocurrency, PayPal, and other alternative payment methods) and shall in every possible way impede fictitious transactions, money laundering and terrorism financing.

Internal control regulations

Internal control at Svelge OÜ is within the responsibilities of our MLRO. We intend to conduct internal control on a monthly basis (analyse and monitor all transactions for the previous month at the beginning of each month). Internal control will include the analysis of all transactions completed during the month, the analysis of incoming and outgoing payments to the company, the analysis of information about the company’s clients, and the calculation of profits or losses of the company. If any violations are identified in the course of internal control, employees of our company involved in these violations will be subject to а verbal warning or a monetary penalty depending on the extent of the breach. In the event of severe and repeated violations or fraud, employees of our company involved in the defiance will be dismissed from Svelge OÜ, and the relevant reports will be submitted to the Financial Intelligence Unit, Law Enforcement Authorities and other competent state agencies.

Due Diligence measures

Simplified Due Diligence

Our AML officer will apply simplified due diligence measures, if, under § 20 (7) of this Law and pursuant to §§ 11, 13 and 34, it is determined during the risk assessment that, in the course of their economic or professional activity, the client poses a low risk of money laundering or terrorism financing. Before applying the simplified procedure, our employees need to make sure that the particular client has a low-risk score. We allow simplified due diligence only if we know the origin of the client’s funds, the client’s identity has been successfully verified and there are no doubts about the authenticity of the documents provided, the person is not from a high-risk country, and the transaction amount does not exceed 15,000 EUR.

Enhanced Due Diligence

Our AML officer will apply the enhanced control to reduce the risk of money laundering and terrorism financing if:

  • Offshore companies are revealed when assessing the origin of the client’s funds.
  • The Client is from a high-risk country.

The origin of funds raises doubts of our specialists in terms of their legality in cases they are linked to offshore entities. Enhanced due diligence measures include obtaining additional information on the customer (identifying the person, verifying the accuracy of the data and the authenticity of the documents provided), obtaining information on the source of funds, and enhanced monitoring of the business relationship. PEPs fall within the scope of enhanced controls; therefore, if such a person is identified when checking the activities of our clients, they will be subject to services refusal, the account on our website will be closed, and relevant client data will be escalated to our MLRO.

Suspicious activity report

Should we suspect or have reasonable grounds to suspect that our client funds are the proceeds of criminal activity or related to money laundering, associated predicate offences or terrorist financing, we are under obligation to file a suspicious activity report (SAR) with the Financial Intelligence Unit (Rahapesu andmebÜroo: phone: +372 696 0500, email: [email protected]) within 2 business days. When notifying the authority, we undertake to provide full records we keep for the transaction in question, including but not limited to the data and documents used for identification and verification of the customer, copies of relevant files and where necessary senior management approval.

The SAR format and instructions for the preparation thereof shall be established by a regulation of the Minister of the Interior.

Confidentiality obligations

The Company, our directors, officers and employees are prohibited from disclosing (tipping-off) the fact that suspicious activity report or related information is being filed with the Financial Intelligence Unit. Restrictions apply to information regarding every customer, their beneficial owner or representative about the submitted report and precepts issued by the Financial Intelligence Unit or the initiation of proceedings under § 57 of the Money Laundering and Terrorist Financing Prevention Act. After a precept issued by the Financial Intelligence Unit has been complied with, the Company may notify the customer of the account limitations or other restrictions imposed by the Financial Intelligence Unit.

Training

In line with the best industry standards, we provide our employees with ongoing training relating to the prevention of money-laundering activities. As part of this, we take steps to ensure that staff understand risk assessment, policies and procedures, and how they have to be applied in daily work, how to recognize suspicious or unusual transactions and activities, and how to proceed in such cases. Board members are not kept isolated from the regulatory AML/CFT requirements; therefore, they are mostly engaged with meeting other industry representatives and competent authorities (e.g., round tables, conferences and training), and processes to feedback any findings to relevant in-house specialists.