1. Purpose and scope
FinCras & InvCras Digital Services’s core activity is providing fiat exchange services to virtual currency to its customers, which inherently involves the risk that customers will use the products and services offered for the purpose of money laundering or terrorist financing and fraud (hereinafter AML risk).
Risk appetite is a key component of management of risk. The purpose of the Risk Appetite Statement (hereinafter RAS) is to state clearly the general principles for the Company’s risk taking, to raise risk awareness across the organisation, and to set the level and types of risk that FinCras & InvCras Digital Services is prepared to pursue, retain or take for the purpose of its economic activities and attainment of its strategy goals, and which is established to control and limit the AML risk associated with financial services.
The RAS is implemented through the Company’s operational policies and procedures, monitoring metrics and internal controls. The RAS will thereby be embedded in the Company’s core presses and affects the operations of the Company in a holistic way.
AML risk appetite is defined as:
• in particular, the setting of prohibitions and restrictions on customers, services and activities and general principles for the application of enhanced due diligence measures, including target groups, products/services offered to customers, their volumes, planned income.
The RAS has been prepared in accordance with the Money Laundering and Terrorist Financing Prevention Act (MLTFPA), international sanctions laws and legislations (ind. EU Council regulations, international agreements and conventions, guidelines issued by international
organisations and supervisory bodies) and the Financial Supervision Authority’s recommended guidelines on the prevention of money laundering.
2. General AML principles in establishing and managing a customer relationship
FinCras & InvCras Digital Services is willing to do business only with reliable customers who use the Company’s products and services for legitimate purposes and whose identity, ultimate beneficial owner(s) and source of wealth can be identified and verified.
The implementation of Know-Your-Customer (KYC) measures, including the application of enhanced due diligence measures, is based on a risk-based approach: the customer is subject to due diligence measures to the extent necessary to mitigate the customer associated risks.
In order to decide on the application of appropriate due diligence measures, FinCras & InvCras Digital Services assigns a risk level to each customer, which is calculated considering at least the
following:
• customer and its ultimate beneficial’s owner’s field of business; customer activity volumes;
• customer and its ultimate beneficial owner’s incorporation country and place of business;
• the communication channel between FinCras & InvCras Digital Services and the customer, inter alia, the channel used to establish the business relationship;
• customer or its ultimate beneficial owner’s PEP-status (Politically Exposed Person).
The risk categories and methodology are analysed more in depth in the Company’s AML Policy and Risk Assessment documents.
In order to mitigate the risk, restrictions on transaction volumes are applied to electronically identified persons, considering both the risks associated with a particular service/product and the maximum permitted limits outlined in the local and international legislation.
FinCras & InvCras Digital Services establishes business relations with both residents and nonresidents, including residents whose business activities take place outside of Vincent and the Grenadines. E-residents are treated as non-resident customers in practice, i.e. e-residency does not provide additional privileges or pose a higher level of risk when assessing or mitigating the customer’s risk level.
The country-related risk assessment is based on the list of high-risk countries, which must also be prepared in accordance with international recommendations. The list of high-risk countries is maintained and kept up to date by the MLRO. The company reserves the right not to do business with prohibited countries. The Company does not provide services to persons residing in more than 60 countries, including Canada and Japan. Both high risk (third) country and prohibited country lists are included in the Company’s AML Policy and AML Risk Assessment document, and kept up to date by the MLRO.
Access to the Company’s online platform are provided to individuals from an age of 18+ or legal entities that must have read and agreed to the Customer Agreement of FinCras & InvCras Digital Services and use services of the company provided through tWebsite Platform. Customers are onboarded via Company’s online platform or F2F meetings, if necessary due to enhanced due diligence requirements.
3. Prohibited activities, products and customer relationships
FinCras & InvCras Digital Services is prohibited from establishing a business relationship or engaging in an occasional business transaction with the following individuals or entities:
• that engage in criminal activities, including drug trafficking, human trafficking, terrorism, tax fraud, etc.
• a company that has nominee shareholders or bearer shares or whose affiliate has nominee shareholders or bearer shares;
• a partnership or other similar contractual entity, anonymous and/or fictitious person or front/straw man;
a credit institution or financial institution, or an institution that carries out activities equivalent to those carried out by credit institutions and financial institutions, which is incorporated in a jurisdiction or country in which it has no management or administration or physical presence for
purposeful business activities and which is unaffiliated with a regulated credit or financial group (shell bank);
• a credit institution or financial institution in business relationship with shell banks;
• entities whose field of business is the arms industry or trade that is not related to Vincent and the Grenadinesn national defence or NATO;
• individuals or entities residing or registered in a country in prohibited country list;
• FinCras & InvCras Digital Services does not rely on third parties established in a high-risk third country to identify customers or engage in other business activities.
In addition, the Company does not accept transfers to/from an account at a bank and/or other payment institution incorporated in the Countries identified by the FATF as high risk or noncooperative jurisdictions. ln ease the Company knows or suspects or has reasonable grounds to know or suspect that the Customer became a resident of a country not serviced by the Company, The Company will immediately close all outstanding positions and suspend the account in question.
The Company does not provide services to persons who reside in the countries identified by the FATF as high risk or non-cooperative jurisdictions having strategic AML/CFT deficiencies. The full list of restricted countries will be available in the Company’s renewed AML Policy. FinCras & InvCras Digital Services does not provide the following services to its customers: serving asa payment intermediary to high-risk countries specified by the FATF; trust and company services, including company formation or related advice; consultation services in the field of accounting or taxation; cross-border cash or securities transactions; correspondent banking for credit institutions.
The Company, at its sole and absolute discretion, may from time to time provide information to the Customer on practical aspects of buying/selling or exchanging cryptocurrencies. The Customer shall not be entitled to rely on the Company for advice on the timing or terms of any exchange or
transaction order.
4. Restrictions on the provision of services and products
The Company, in principle, refuses or restricts the provision of services to the following legal entities whose related parties (UBOS, legal representatives, owners):
• individuals who have committed a serious offence, or if there are continuing suspicions based on publicly available sources, that the individual or a person related to him or her has committed a serious offence, in particular in the financial or fiscal field;
• individuals or entities whose accounts have been misused for money laundering or terrorist financing purposes or whose transactions indicate a predicate offence of money laundering (tax fraud, corruption, etc.);
• an individual or entity whose account has been used for fraudulent purposes;
• individuals or entities refusing to provide information or documentation in relation to their identity or transactions;
• an individual, entity or associated person who has been identified to be involved in a money laundering scheme (e.g. Laundromat, Panama Papers, etc.);
• individuals or entities whose transactions are not related to the customer’s alleged economic activity or do not correspond to the declared goods, or if the transportation of goods or provision of services is not sufficiently clear;
• individuals or entities that are suspected of engaging in fictitious transactions;
• individuals or entities suspected of illegally seeking to evade taxes or currency controls through entities;
• individuals or entities whose documents are suspected of being forged or whose documents have been signed by persons who do not have a legal authority to do so.
The Company shall neither receive nor disburse Customer’s funds in cash. All transactions between the Customer and the Company shall be performed by wire transfer or other electronic means, in which the identities of both the sending and receiving parties can be verified by the
Company and which the Company, at its sole discretion, shall deem appropriate.
The Company shall not accept transactions from any third party for the benefit of the Customer, and the Company shall not withdraw any Funds from the Customer’s Account to the benefit of a third party unless otherwise agreed in writing between the parties hereto. The Company shall perform wire transactions only between the Customer’s account and another account which is held in the Customer’s name or of which the Customer clearly demonstrates ownership.
Customer is entirely responsible for any and all activities conducted through Customer’s Account. Customer agrees to notify the Company immediately of any unauthorised use of Customer’s Account, as well as of any other breach of security. While the Company may implement certain
monitoring procedures designed to alert Customer to fraudulent activity, The Company is not responsible for any unauthorised use of Customer’s Account, and Customer agrees that he/she is solely responsible for such unauthorised use and for protecting the confidentiality of Customer’s
password and other Account credentials.
Customer must not make a deposit through a Payment Service Provider if Customer is not the named holder of the account with such Payment Service Provider. Violation of this requirement may be treated asa suspicion transaction in terms of The Company’s AML Policy and resolved in compliance with the respective procedures.
Due to the Company’s fraud protection measures a withdrawal ora deposit from/to credit/debit card will be possible only from/to the credit/debit card if this card belongs to the Customer. Withdrawals and deposits from/to credit or debit card are prohibited if the card belongs to a person other than the Customer.
5. High-risk customers
A higher risk level is considered when/in ease of:
• the Customer is from a high-risk geographical area or whose ultimate beneficial owner, legal owner and/or representative is from a high-risk country;
• there is substantial negative news about the Customer – any information that exposes a person’s involvement in crime – financial or otherwise – or any risk-relevant information that is available to
the general public;
• entity has a complex or overly complicated ownership structure (incl. trusts etc.); where UBO is difficult to establish;
• Payment Service Providers/Money Service Businesses (cryptocurrency traders, FinTech etc.);
• tax residency in a low tax country or “tax haven”;
• the Customer is a personal/fund/asset manager;
• the Customer is a private banker;
• non-profit organisations, NGOs;
• mediators/commissioners;
• investment advisors;
• offshore companies;
• the customer is an HNWI or UHNWI;
• domestic Politically Exposed Persons {PEPs), depending on specific circumstances;
• the customer is a PEP from a third/sanctioned country or an associated individual is a person with a foreign {except for EU) PEP background.
High-risk customers are subject to enhanced due diligence measures that are applied according to the Company’s AML policies and standard operating procedures, at a minimum:
• business relationships with high-risk clients are established through Member of Board;
• the Company reserves the right to monitor the transactions of high-risk customers more than usual and regularly request additional documentation or information throughout the customer relationship, such as freight documents, lease agreements, annual reports, proof of VAT and
income tax payments to tax authorities, etc.;
• customer entities registered in a low-tax or-tax-free region/country are obliged to provide their annual reports;
• additional information is obtained about the nature of the business and purpose of the relationship in order to build a more thorough customer profile, for example, performing open source searches via publicly available databases, screening for negative news or commissioning inquiries from an independent source.
Examples of information that can be searched include:
• nature of the customer’s field of business or employment to establish sufficient understanding of the customer’s activities, i.e. whether there is a functioning website, number of employees, key partners {manufacturers, suppliers, customers), global/regional presence, location of the offices and/or warehouses, transportation modes and routes of the goods, whether the movements of funds and goods make sense, for example through image captures;
• information on source of wealth/funds to obtain reasonable assurance that they are legitimate;
• ownership structure and/or the customer’s relationship with other related legal entities
• {e.g. entities within group, subsidiaries, etc.), negative news about the ultimate beneficial owner found via open source (e.g. Google, etc.);
• information on any associations that the customer may have with other jurisdictions (headquarters, operating units, branches, etc.) and individuals who may influence its operations or, if the customer resides in another country, rationale on why they seek financial services outside their jurisdiction.
6. Politically Exposed Persons
If an individual or his or her Associated Person is a PEP , such person is considered a high-risk customer automatically who is subject to enhanced due diligence measures.
Above all, the customer relationship should be terminated in a situation where, considering all the circumstances, the Company is unable to effectively manage and control the risk arising from customer’s PEP status. If the status of an existing customer or associated person changes from a non-resident to PEP, an action plan must be developed for such a customer to implement enhanced due diligence measures and to decide on the continuation or termination of the business relationship.
7. Sanctions risk appetite
FinCras & InvCras Digital Services does not engage in transactions involving entities or individuals appearing on:
• UN Security Council sanctions list (UN);
• European Union consolidated economic sanctions list (EU);
• Sanctions lists maintained by the United States’ Office of Foreign Assets Control (OFAC), including the Specially Designated Persons (SDN) and the Blocked Persons list.
In addition, FinCras & InvCras Digital Services does not engage in a defined subset of prohibited activities with targeted parties listed on Sectoral Sanctions programs such as OFAC Sectoral Sanctions identifications (SSI). OFAC publishes a list to identify persons operating in sectors of the Russian economy identified by the US Secretary of the Treasury pursuant to Executive Order 13662. Screening transactions for targeted parties will not detect the sectoral sanctions risk without further additional information about the specific underlying activity – the appropriate process is outlined in the Company’s standard operating procedure.
FinCras & InvCras Digital Services does not establish a business relationship with individuals or entities whose activities directly or indirectly involve the export, transfer, brokering and transit of such goods outside the European Union or similar activities to Russia that may qualify as dual-use items under EU Council Directive (EU) 428/2009. The following categories of goods are considered dual-use items:
• nuclear-related goods including nuclear materials, nuclear reactors and nuclear processing plants;
• special materials and related equipment;
• materials processing;
• computers;
• electronic equipment;
• telecommunications equipment, cryptographic goods and “information security”;
• sensors, lasers and radars;
• navigation and avionic equipment;
• marine equipment;
• aerospace and propulsion equipment.
8. AML risk company-wide monitoring
In order to understand the actual risk profile and its compliance with the approved risk appetite, MLRO monitors the risk and reports it to the senior management.
The following company-wide risk indicators are monitored and reported to the senior management on a quarterly basis:
• ratio of the deposits of high-risk customers to the total volume of deposits/transactions;
• number and percentage of customers registered in tax-free or low-tax countries;
• ratio of the total number of deposits/transactions of high-risk customers to the total volume of transactions;
• distribution of the client portfolio by risk levels (number of clients, deposits/transactions, exchange amounts);
• number of customers whose data has not been updated (more than 2 years since last update);
• number of notifications submitted to the FIU.