KYC-AML Policy
1. GENERAL PROVISIONS
1.1. In current code of conduct and its annexes have been established in the internal security measures of World Fund for Development and Planning for (WFDP Wallet) to ensure due diligence for the prevention of money laundering and terrorist financing, identify suspicious and unusual transactions and fulfil the obligation laid down in the International Sanctions Act.
1.2. Security measures within the meaning of this code of conduct are remedies used in economic activities by WFDP Wallet to:
1.2.1. define the party to a transaction or an operation;
1.2.2. achieve necessary due diligence in turnover;
1.2.3. avoid fraud, mistakes or other abuse;
1.2.4. appropriately fulfill any obligations laid down in law or other regulations.
1.3. The employees of WFDP Wallet must be familiar with and strictly follow the requirements laid down in the Money Laundering and Terrorist Financing Prevention Act, instructions issued by the Financial Intelligence Unit for identifying transactions in regards to which there is a suspicion of money laundering and terrorist financing, other instructions for the implementation of the Money Laundering and Terrorist Financing Prevention Act that govern the activities of WFDP Wallet and requirements laid down in the International Sanctions Act and this code of conduct. The employees of WFDP Wallet must also familiarize themselves with the changes to laws and other legislation that are published on the website of the Financial Intelligence Unit (https://www.fiu.ee/).
1.4. The employees of WFDP Wallet must confirm with a handwritten signature that they have familiarized themselves with this code of conduct.
1.5. The employees of WFDP Wallet are personally responsible for fulfilling the requirements laid down in the Money Laundering and Terrorist Financing Prevention Act, the national sanctions act and other normative acts related to them, in accordance with the procedure established by law.
2. TERMS
2.1. Money laundering means the concealment of the true nature, origin, location, manner of disposal, relocation or right of ownership of property acquired as a result of a criminal activity or property acquired instead of such property or the concealment of other rights related to such property; conversion, transfer, acquisition, possession or use of property derived from criminal activity or property obtained instead of such property for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions. Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.
2.2. Terrorist financing means the allocation or collection of funds to plan or commit terrorist acts within the meaning of the Penal Code or finance terrorist associations or knowing that these funds will be used for the aforementioned purpose.
2.3. Politically exposed person means a natural person who performs or has performed prominent public functions, also the family members and persons known to be close associates of such a person. A person who has not performed prominent public functions for at least one year prior to the date of the transaction is not be deemed a politically exposed person, nor the family members and persons known to be close associates of such person. For the identification of a politically exposed person, public search systems, national and international public databases of politically exposed persons and technical solutions offered by service providers are used.
Persons performing prominent public functions within the meaning of this guide of conduct are:
head of State or head of government, minister, deputy minister or assistant minister;
member of a legislative body;
a justice of a supreme court, constitutional court or another court the judgments of which can be appealed against only in exceptional circumstances;
a member of the supervisory board of a state audit institution or central bank;
ambassador, chargé d’affaires and high-ranking officer;
a member of a directing, supervisory or administrative body of a state company.
The term includes positions in the European Union and other international organisations. A family member of a person performing prominent public functions is:
their spouse;
a partner equal to a spouse under the law of the person’s country of residence or a person who as of the date of carrying out the transaction had shared the household with the person for no less than a year;
their children and their spouses or partners within the meaning of clause 2;
their parent.
A close associate of a person performing prominent public functions is:
a natural person who has a close business relationship with a person performing prominent public functions or with whom a person performing prominent public functions is the joint beneficial owner of a legal person or contractual legal arrangement;
a person who as a beneficial owner has full ownership of a legal person or contractual legal arrangement, which is known to have been founded for the benefit of the person performing prominent public functions.
2.4. International financial sanction means a financial sanction that fully or partially prevents the subject of an international financial sanction using and disposing of financial means and economic resources or giving thereof to its possession.
2.5. Subject to international sanction means a natural or legal person, an agency, a civil law partnership or any other entity which is directly specified in the act on the imposition or implementation of international sanctions and with regard to whom the measures prescribed therein are taken.
2.6. Money Laundering and Terrorist Financing Prevention Act regulates the activities of credit and financial institutions and other undertakings and institutions stipulated in the Money Laundering and Terrorist Financing Prevention Act, as well as the activities of the Financial Intelligence Unit in preventing money laundering and terrorist financing.
2.7. Contact person is an employee appointed by the decision of the management board of the undertaking who is the contact person with the Financial Intelligence Unit and ensures the implementation of the measures established to prevent money laundering and terrorist financing in the institution. The contact person appointed by the board is Aivar Pihlak.
2.8. Responsible person is an employee appointed by the decision of the management board of the undertaking who is the responsible person with the Financial Intelligence Unit and ensures that the institution that appointed them fulfils the requirements of the International Sanctions Act. The responsible person appointed by the board is Aivar Pihlak.
2.9. Client is a person who uses or has used a single service or multiple services provided by the institution on the basis of a contract concluded by WFDP Wallet. A client may be a natural or a legal person.
2.10. Business relationship within the meaning of this code of conduct means the services of the undertaking specified in the contract concluded with the client.
2.11. Financial Intelligence Unit is a separate government agency under the administration of the Ministry of Finance, whose main task is to prevent money laundering and terrorist financing in Estonia. The Financial Intelligence Unit analyses and verifies information received from obligated subjects and other persons regarding suspicion of money laundering or terrorist financing and, if necessary, takes measures to preserve assets and, upon discovery of signs of a crime, immediately forwards the material to the competent authorities. The main tasks of the Financial Intelligence Unit are specified in detail in the Money Laundering and Terrorist Financing Prevention Act. Postal address: Pronksi tn 12, 10117 Tallinn; e-mail: info@fiu.ee, online notification form: https://rabisweb.politsei.ee.
3. MANAGEMENT OF RISKS ARISING FROM THE ACTIVITIES OF WFDP WALLET
3.1. WFDP Wallet prepares a risk assessment to identify, evaluate and analyse the money laundering and terrorist financing risks associated with its activities, taking into account at least the following risk categories:
3.1.1. client-related risks;
3.1.2. risks related to countries or geographic areas or jurisdictions;
3.1.3. risks related to products, services or transactions;
3.1.4. risks related to the communication or mediation channels between WFDP Wallet and clients or the delivery channels for products, services or transactions.
3.2. As a result of the risk assessment, WFDP Wallet determines:
3.2.1. risk appetite, including the volume and scope of products and services offered in the course of business;
3.2.2. risk management model, including enhanced due diligence measures to mitigate identified risks.
3.3. Risk appetite is a set of risk levels and risk types that WFDP Wallet is willing to take in order to realise its economic activities and strategic goals and which is confirmed in writing by the senior management of WFDP Wallet. The implementation of the above must take into account the risks that WFDP Wallet is willing to take or that it wants to avoid in relation to its economic activities, as well as qualitative and quantitative compensation mechanisms, such as planned income, measures implemented using capital or other liquid assets, or other circumstances, such as reputational risks and legal and other risks related to money laundering and terrorism financing or other unethical activities.
3.4. When applying the risk appetite, WFDP Wallet determines as a minimum which persons with which characteristics it wants to avoid doing business with and in which cases it applies enhanced due diligence measures, including assessing the risks associated with such persons for WFDP Wallet and determining appropriate measures to mitigate these risks.
3.5. The risk assessment and determination of the risk profile are documented and these documents are updated on the basis of necessity and the published results of the national risk assessment. At the request of the competent supervisory authority, WFDP WALLET submits the documents prepared on the basis of this section to the supervisory authority.
3.6. If WFDP Wallet has a representative office, branch or majority-owned subsidiary in a third country where the minimum requirements for the prevention of money laundering and terrorist financing are not equivalent to the requirements of Directive (EU) 2018/843 of the European Parliament and of the Council, the procedural rules and internal control standards that meet the requirements of the Money Laundering and Terrorist Financing Prevention Act are be applied in such representative office, branch and majority-owned subsidiary, including personal data protection requirements to the extent permitted by the law of the third country.
3.7. Should WFDP Wallet discover that the law of a third country does not allow the application of procedural rules and internal control standards that meet the requirements of the Money Laundering and Terrorist Financing Prevention Act in its representative office, branch or majority-owned subsidiary, it informs a competent supervisory authority of such circumstances. The competent supervisory authority informs the countries of the client and, if applicable, the European supervisory authorities, if, according to the first sentence of this paragraph, it has become clear that the law of the third country does not allow the group to implement procedural rules and internal control standards that meet the requirements of Directive (EU) 2018/843 of the European Parliament and of the Council. In such case, WFDP Wallet ensures the implementation of additional measures in the respective representative office, branch or majority-owned subsidiary, which allow effective management of risks related to money laundering or terrorist financing in other ways and notifies the competent supervisory authority of the measures taken. In this event, the competent supervisory authority has the right to demand inter alia, by injunction, that WFDP Wallet and the representative office, branch or majority-owned subsidiary of WFDP Wallet do the following:
3.7.1. not establish new business relationships in that country;
3.7.2. terminate existing business relationships in that country;
3.7.3. suspend the provision of the service partially or completely;
3.7.4. cease its activities;
3.8. implement other measures provided for in the regulatory technical standards established by the European Commission on the basis of Article 45(7) of Directive (EU) 2015/849 of the European Parliament and of the Council.
3.9. Information about a suspicion reported to the Financial Intelligence Unit may be shared within the group, unless the Financial Intelligence Unit has given a different order.
3.10. A branch of a foreign service provider WFDP Wallet registered in the Estonian commercial register or a majority-owned subsidiary of a foreign service provider shall not apply group-wide procedural rules and internal control rules to the extent that their implementation would be inconsistent with the internal risk assessment prepared on the basis of this code of conduct or the requirements stipulated in this code of conduct or established on the basis thereof.
4. RISK LEVELS
4.1. For the purposes of this code of conduct, clients are divided as follows:
4.1.1. low-risk clients;
4.1.2. normal-risk clients;
4.1.3. high-risk clients.
4.2. For clients with low and normal risk levels, WFDP Wallet applies simplified due diligence when establishing business relationships and in the course of business relationships.
4.3. WFDP Wallet may also apply enhanced due diligence to a client with a low and normal risk level should the behaviour of the client or executed transactions cause doubts about the reliability of the client and the purpose of using the services.
4.4. Special attention must be paid to a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, and whose actions and circumstances indicate the possibility that the person is the subject of an international financial sanction.
4.5. The website of the Financial Intelligence Unit on which the former publishes or makes available information about the establishment, modification or termination of an international financial sanction immediately after receiving such information should be periodically monitored and the measures laid down in the legislation establishing or implementing an international financial sanction must be implemented without delay in order to ensure that the goal of the international financial sanction is achieved and to avoid breach of international financial sanctions.
4.6. Upon entry into force, amendment, repeal or expiration of the legislation establishing or implementing an international financial sanction, it must be checked whether a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, is the subject of the international financial sanction established, amended or terminated.
4.7. If an act on the imposition or implementation of international financial sanction is repealed, expires or is amended in such a manner that the implementation of the international financial sanction with regard to the subject of the international financial sanction is terminated wholly or partially, the implementation of the measure must be ceased to the extent provided for in the act on the imposition or application of the international financial sanction.
5. APPLICATION OF SIMPLIFIED DUE DILIGENCE
5.1. WFDP Wallet may apply simplified due diligence if it has determined that the client and the clientrelated activities present a lower than normal risk of money laundering or terrorist financing.
5.2. Simplified due diligence can be applied to the client when establishing a business relationship or to a transaction performed by the client during the course of the business relationship.
5.3. Regardless of the lower than normal risk level assigned to the client, simplified due diligence may be applied to the transactions of the client if at least the following conditions are met:
5.3.1. a long-term contract has been concluded with the client in a written or electronic format or in a format which can be reproduced in writing;
5.3.2. in the course of the business relationship, payments addressed to WFDP Wallet are received only through an account located in a credit institution entered in the commercial register in Estonia or through a branch of a foreign credit institution or a credit institution that is established or has its place of business in a European Economic Area country or a country where requirements equivalent to those stipulated in the relevant directives of the European Parliament and the Council apply;
5.3.3. the total annual value of incoming or outgoing payments for transactions made in the course of a business relationship does not exceed 30,000 euros.
5.4. Simplified due diligence when establishing a business relationship may include the following:
5.4.1. verification of the identity of the client or their representative during the establishment of a business relationship, using information obtained from a reliable and independent source, if this is necessary in order to avoid disturbing the normal course of business;
5.4.2. assuming the nature and purpose of the business relationship, because the service is created for one specific purpose;
5.4.3. obtaining information from the client, rather than from an independent source, when verifying the identity of the beneficial owner.
5.5. Simplified due diligence in the course of continuous monitoring of the business relationship may include the following:
5.5.1. adjusting the frequency of updating and reviewing customer due diligence measures
5.5.2. adjusting the frequency and intensity of transaction monitoring.
5.6. Regardless of the application of simplified due diligence, WFDP Wallet must ensure sufficient monitoring of the business relationship in order to be able to detect, among other things, unusual transactions and to enable the reporting of suspicious transactions to the Financial Intelligence Unit.
5.7. The information gathered during the implementation of simplified due diligence must be sufficient to give WFDP Wallet the confidence that its assessment that the risk related to the client or business relationship is lower than normal is justified.
5.8. WFDP Wallet documents and, at the request of the supervisory authority, indicates why, in which part and which simplified due diligence measures WFDP Wallet has implemented when establishing a business relationship or carrying out transactions during the business relationship with the respective client.
6. APPLICATION OF ENHANCED DUE DILIGENCE
6.1. Enhanced due diligence must be applied when:
6.1.1. during the identification of the person or verification of the provided information there is doubt as to the accuracy of the provided data or the authenticity of the documents or the identification of the real beneficiary or real beneficiaries;
6.1.2. a person or client participating in a transaction or professional act carried out in the course of economic or professional activity is a politically exposed person from another member state of the European Economic Area or a third country, or a family member or close associate of such person; 6.1.3. a person participating in a professional act, a person using a professional service or a client is related to a high-risk third country;
6.1.4. the nature of the situation entails a high risk of money laundering or terrorist financing.
6.2. In addition to the above, when choosing an enhanced due diligence measure, the employee takes into account the relevant guidelines of the European supervisory authorities on risk factors.
6.3. In the aforementioned case, the employee must apply at least one of the following enhanced due diligence measures:
6.3.1. identification and verification of a person on the basis of additional documents, data or information, which originates from a reliable and independent source or from a credit institution or the branch of a credit institution registered in the Estonian commercial register or from a credit institution, which has been registered or has its place of business in a European Economic Area country or in a country where requirements equal to the Money Laundering and Terrorist Financing Prevention Act are in force and if in such credit institution the person has been identified while being present at the same place as the person;
6.3.2. implementation of additional measures to ensure the authenticity of the submitted documents and the accuracy of the data contained in them, including requiring their notarial or official authentication or confirmation of the accuracy of the data by the credit institution that issued the document;
6.3.3. making the first payment related to the transaction through an account opened in the name of the person or the client participating in the transaction in a credit institution that is registered or has its place of business in a European Economic Area country or a country where requirements equal to the Money Laundering and Terrorist Financing Prevention Act are in force.
6.4. If a person participating in a professional act, a person using a professional service or a client is related to a high-risk third country, the following due diligence measures must be applied:
6.4.1. gathering additional information about the client and their beneficial owner;
6.4.2. gathering additional information on the planned substance of the business relationship;
6.4.3. gathering information on the origin of the funds and wealth of the client and their beneficial owner;
6.4.4. gathering information on the underlying reasons of planned or executed transactions;
6.4.5. receiving permission from the senior management to establish or continue a business relationship;
6.4.6. improving the monitoring of a business relationship by increasing the number and frequency of the applied control measures and by choosing transaction indicators or transaction patterns that are additionally verified.
6.5. The employee bases their choice of due diligence measures on clause 6.3. and the guidelines of the European supervisory authorities on risk factors.
6.6. It is prohibited to establish a business relationship or make a transaction if:
6.6.1. a person wants to make a cash payment of at least 15,000 euros or an equivalent sum in another currency is made to or by the trader, regardless of whether the financial obligation is performed in the transaction as a single payment or as several related payments, and the person does not submit documents and relevant information required to carry out due diligence;
6.6.2. the submitted documents or other information raise suspicion that money laundering or terrorist financing may be involved.
6.7. The employee immediately informs the contact person of such suspicion.
6.8. The employee has the right to refuse to make the transaction if the person, regardless of the respective request, does not submit documents proving the legal origin of the money or other property that is the object of the transaction.
6.9. The long-term contract serving as the basis for a business relationship may be terminated extraordinarily and without advance notification, if the person or client participating in the economic or professional act does not submit documents and relevant information, regardless of the respective request, or if the submitted documents and information do not eliminate the suspicion of the obligated person that the purpose of the transaction or business relationship may be money laundering or terrorist financing. 6.10. Information about the circumstances of refusal to establish a business relationship or carry out a transaction and/or the suspicion of money laundering or terrorist financing is registered and stored in accordance with the procedure provided by law.
6.11. Identification and management of risks relating to new and existing technologies, and services and products. Before offering new financial services or products or new or non-traditional sales channels to clients, or introducing new or emerging technologies, the board of WFDP Wallet assesses the associated risks of money laundering and terrorist financing in cooperation with the contact person. The risks associated with new and existing technologies include the anonymity of customers and the risk of fraud using the identity of another person.
6.12. During the risk assessment, both actual and potential risks are assessed and, if necessary, additional information is collected about risks and their mitigation measures.
6.13. After assessing the risks and their effects, WFDP Wallet evaluates the most appropriate countermeasures to mitigate specific risks to the appropriate level for WFDP Wallet and arranges the implementation of countermeasures, if necessary. The risks associated with anonymity and fraud are avoided by identifying persons by requiring the person concerned to provide a copy of an identity document and confirm its authenticity. In addition, the person is asked to provide copies of utility bills showing the address of their place of residence as well as the connection of this address to this specific person. If the person does not prove the aforementioned facts or WFDP Wallet has doubts about the authenticity of the submitted documents, no service will be provided to the person.
6.14. WFDP Wallet assesses whether, by applying countermeasures, it is possible to bring the money laundering and terrorist financing risks associated with new financial services or products, new or non-traditional sales channels, or new or developing technologies to such a level that they correspond to the risk appetite of WFDP Wallet.
6.15. New financial service or product, or new or non-traditional sales channels may be offered to clients or new or developing technologies introduced only if the accompanying money laundering and terrorist financing risks are in line with the risk appetite of WFDP Wallet or can be brought to an acceptable level by implementing countermeasures. At the same time, it is forbidden to conclude a contract or make a decision about opening an anonymous account.
7. IDENTIFICATION OF PERSONS WHEN CONDUCTING TRANSACTIONS AND ESTABLISHING CUSTOMER RELATIONSHIPS
7.1. Identification is a process carried out by an employee of WFDP Wallet, during which the customer’s personal name and personal identification code or registry code or, in the absence of a personal identification code, the date and place of birth and other data required in this code of conduct are determined.
7.2. The employee of WFDP Wallet applies the following procedural rules every time before making a transaction with a customer or establishing a business relationship:
7.2.1. identifies the client, the person participating in the transaction or their representative, verifies the accuracy of the submitted documents and data and records in writing the following personal data about the person participating in the transaction:
given name and surname;
personal identification code or date of birth;
place of birth;
address of place of residence;
profession or activity;
document name, number, name of the issuing authority and date of issue.
7.2.2. makes a copy of the page with the personal information and photo of the identity document.
7.2.3. if necessary, clarifies the purpose of the transaction and the nature of the business relationship.
7.3. An employee of WFDP Wallet may not make a transaction or conclude a contract:
7.3.1. with a person who refuses to provide the data specified in the previous clause, as well as with a person who the employee suspects to be a front;
7.3.2. if the client does not submit the required documents and relevant information or if the employee suspects, on the basis of the submitted documents, that money laundering or terrorist financing may be involved.
7.3.3. The employee must immediately report the circumstances mentioned in this section to the contact person of the Financial Intelligence Unit and record as much client data as possible for subsequent identification of the client.
7.4. The following valid documents may be used to identify a natural person:
7.4.1. documents specified in subsection 2(2) of the Identity Documents Act:
an identity card;
an Estonian citizen’s passport;
a diplomatic passport;
a seafarer’s discharge book;
an alien’s passport;
a temporary travel document;
a travel document for a refugee;
a certificate of record of service on ships;
a certificate of return;
a permit to return.
valid travel document issued by a foreign state.
7.5. Documents serving as basis for identification of legal persons must include at least the following data:
business name or a name of the legal person;
name and address of the person;
registry code or registration number of the person;
date of issue and the name of the issuing authority;
the name of the representative of the legal entity, their personal identification number, date of issue of the identity document and the name of the issuing authority, proof and basis of the right of representation.
7.6. The following valid documents may be used to identify a legal person:
7.6.1. an extract of the registry card of the relevant register, issued by a competent authority or body no earlier than six months before its submission (for a legal person registered in Estonia and a branch of a foreign company registered in Estonia);
7.6.2. an extract from the relevant register of a foreign country or a copy of the registration certificate or an equivalent document issued by a competent authority or body no earlier than six months before its submission (for a legal person of a foreign country).
7.7. An employee of WFDP Wallet registers the following additional information regarding a legal person:
7.7.1. the names of the director or member of the management board or the members of another body replacing it and their powers when representing the legal person;
7.7.2. the names of the beneficial owners of the legal person;
7.7.3. the area of activity of the legal person;
7.7.4. numbers of means of communication.
7.8. In addition to the identity document, the representative of the person participating in the transaction submits in the prescribed form a valid document certifying the right of representation.
7.9. The power of attorney issued to the representative of the legal person must contain at least:
information of the principal (name, location and registry code of the competent body);
information of the representative (given name and surname, personal identification code and place of residence);
date of issue of the document;
the period of validity of the authorisation;
the scope of the authorisation;
the right of delegation of authorisation, if granted to the representative.
7.10. The representative of a foreign legal person not registered in Estonia submits a notarised power of attorney to perform operations.
7.11. If the person participating in the transaction or the customer is related to another European Economic Area country or is a politically exposed person from a third country, information must also be registered on whether the person performs or has performed prominent public functions or is a close associate or family member of a person performing prominent public functions.
7.12. In order to identify a limited partnership fund and other associations of persons that do not have the status of a legal person, in addition to the implementation of due diligence for identifying the natural person, sufficient information must be collected to be sure that the identity of the beneficiary can be reliably verified at the time of disbursement or when the beneficiary exercises their rights.
7.13. WFDP Wallet has the right to apply additional measures at any time to identify the client and to fulfill the requirements for establishing a business relationship.
8.POLITICALLY EXPOSED PERSON AND ITS IDENTIFICATION
8.1. Politically exposed person means a natural person who is or who has been entrusted with prominent public functions including a head of State, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of a central bank; an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a State-owned enterprise; a director, deputy director and member of the board or equivalent function of an international organization, except middle-ranking or more junior officials; local politically exposed person means a person specified in clause 8.1 who is or who has been entrusted with prominent public functions in Estonia, another European Economic Area country or an institution of the European Union; family member means the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a child and their spouse, or a person considered to be equivalent to a spouse, of a politically exposed person or local politically exposed person; a parent of a politically exposed person or local politically exposed person; person known to be close associate’ means a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person or a local politically exposed person; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person or local politically exposed person.
8.2. In a situation where the client or its beneficial owner is a politically exposed person, a family member or a known close associate of a politically exposed person, WFDP Wallet applies the following due diligence:
receives approval from the highest supervisory body to establish or continue a business relationship with such person;
takes measures to determine the origin of that person’s wealth and the sources of the funds used in business or occasional transactions;
carries out enhanced periodic monitoring and control of such business relationships, except in the cases provided for by the legislation.
8.3. If a politically exposed person no longer fulfills the prominent public functions assigned to them, WFDP Wallet must take into account the risks that continue to be associated with the person in question and implement appropriate and risk-sensitive measures for at least 12 months until it is certain that the risks inherent to politically exposed person no longer apply to the relevant person.
8.4. WFDP Wallet may decide to not apply the due diligence provided for in this section to a politically exposed person, their family client or a person considered to be their close associate, if there are no other circumstances indicating a higher than normal risk.
8.5. WFDP Wallet must establish internal procedures to determine whether a potential client or a client’s actual beneficiary is a politically exposed person of another European Economic Area country or a third country, domestic politically exposed person or a person who performs or has performed prominent functions in international organizations. WFDP Wallet must identify close associates and family clients of politically exposed persons only if their connection to the person performing prominent public functions is known to the public or if WFDP Wallet has reason to believe that such a connection exists.
8.6. In the case of politically exposed persons, in addition to the appropriate due diligence, WFDP Wallet must implement, among others, the following measures:
1) requesting the necessary information from the client, including taking appropriate measures to determine the sources of wealth and funds that are used for the business relationship or transaction;
2) verification of data or making queries by using relevant databases or public databases, or making queries on or checking data from the websites of the respective supervisory authorities or institutions in the country of residence of the client or the person. In particular, the data is checked as follows:
a. domestic politically exposed persons can be checked on the website of the Financial Intelligence Unit at https://fiu.ee/kasulik-info/
b. foreign politically exposed persons can be checked by using the database NameScan https://namescan.io/FreePEPCheck.aspx, which has fair access and, if possible, any commercial databases (for example, Thomson Reuters, MemberCheck, etc.);
c. both domestic and foreign politically exposed persons must be further checked using Google and, if available, one of the search engines local to the client’s country of origin by entering the client’s name in both the Latin alphabet and the local alphabet together with the client’s date of birth.
8.7. The establishment of a business relationship with a politically exposed person must be decided by the management board, responsible board member or contact person of WFDP Wallet. If a business relationship has been established with the client and the client or the actual beneficiary later turns out to be or becomes politically exposed within the meaning of this code of conduct, the management board, the responsible board member or the contact person must be informed.
9. REGISTRATION AND STORAGE OF DATA
9.1. In addition to the data specified in this code of conduct, the employee of WFDP Wallet records the following data about the transaction to be performed:
9.1.1. transaction type;
9.1.2. unique transaction identifier
9.1.3. transaction price;
9.1.4. transaction period;
9.1.5. sending or recipient account number;
9.1.6. other special transaction conditions.
9.2. WFDP Wallet stores said data for at least five years after the transaction has been made in a manner that allows such data to be found and reproduced immediately, if necessary. All data is stored in the database created by WFDP Wallet, whereas information about fiat transactions is additionally stored in the database service provider, information related to virtual currency transactions is additionally stored in the service provider’s database and backup copies of the entire database of WFDP Wallet are stored in the AWS Amazon server. Only the person responsible and the persons designated by such a person have access to the stored data.
10. NOTIFYING THE FINANCIAL INTELLIGENCE UNIT
10.1. WFDP Wallet is obliged to notify the Financial Intelligence Unit of (i) activities or (ii) circumstances identified in the course of economic activity: 10.1.1. which have characteristics that indicate the use of proceeds from criminal activity or the commission of related criminal offenses (primarily related to reporting of suspicious and unusual transactions or activities);
10.1.2. which give rise to suspicion or which are known to be money laundering or the commission of related crimes, or the characteristics of which point to money laundering or the commission of related crimes (primarily related to reporting a suspected money laundering transaction or activity);
10.1.3. which give rise to suspicion or which are known to be terrorist financing or the commission of related crimes, or the characteristics of which point to terrorist financing or the commission of related crimes (primarily related to reporting a suspected terrorist financing transaction or activity);
10.1.4. in the event of which there is an attempt of the actions or circumstances specified in clauses 10.1.1 to 10.1.3;
10.1.5. in the event of which there is a suspicion or knowledge of the need to apply an international financial sanction (see chapter 11).
10.2. The Financial Intelligence Unit must also be notified of the following:
10.2.1. the circumstances of refusing to establish a business relationship or an occasional transaction, if the basis for the refusal is suspicion of money laundering or terrorist financing, or if WFDP Wallet is unable to apply the due diligence that must be applied when establishing a business relationship, because the client does not or refuses to provide the relevant data, or the data provided is not sufficient to ensure the adequacy of collected data;
10.2.2. the extraordinary termination of the business relationship, if the business relationship is terminated because it is not possible to apply the due diligence again as after a reasonable period of time WFDP Wallet has still not been able to apply sufficient due diligence to exhaustively collect data, verify the accuracy of data or eliminate money laundering or terrorist financing suspicion, or because the client does not provide or refuses to provide the relevant data, or the data provided is not sufficient to ensure the adequacy of collected data (primarily reporting a suspicious and unusual transaction or activity).
10.3. The notifications specified in clauses 10.1 and 10.2 must be made before making a transaction, which gives rise to suspicion or which is known to be money laundering or terrorist financing or the commission of related crimes and if such circumstances are detected before making the transaction. Given the speed with which money laundering and terrorist financing crimes are committed, fulfilling this pre-transaction notification obligation may be appropriate in other cases as well. If postponing the transaction may cause significant damage, not making the transaction is not possible, or may prevent the capture of a potential perpetrator of money laundering or terrorist financing, the transaction is executed and then a report is submitted to the Financial Intelligence Unit. In order to identify such circumstances, the obliged person is in contact with the Financial Intelligence Unit.
10.4. In any event (i.e. also in a situation where an activity or a circumstance is detected after the transaction has been made), the reporting obligation must be fulfilled immediately but no later than two working days after the detection of such an activity or circumstance, or when a real suspicion arises (i.e. a situation where the suspicion cannot be refuted). The purpose of immediate notification is to give the Financial Intelligence Unit the opportunity to raise its own suspicions and apply its own measures, given that money laundering is a process where assets obtained as a result of criminal activity, especially financial assets, can often be transferred through the credit and financial institutions of several countries within one working day, therefore prompt notification helps track down so-called dirty money more effectively.
10.5. In addition to the situation mentioned in clause 10.3, WFDP Wallet must also wait for the feedback of the Financial Intelligence Unit in other relevant cases before refusing to establish a business relationship or terminating the business relationship in an emergency.
10.6. If a so-called amount-based notification or a notification resulting from the establishment or extraordinary termination of a business relationship is being made and when the obliged person has identified the existence of activities or circumstances specified in clause 10.1 in regards to the client or circumstances connected to such a client, the notification obligation must also be fulfilled in the sense of clause 10.1, whereas this may also take place within the same notification process but by making reference to different indicators.
10.7. If the basis for fulfilling the reporting obligation is not the suspicion of money laundering or terrorist financing but a so-called suspicious or unusual transaction and there are several such suspicious and unusual transactions and the reports made on the basis thereof are numerous or they are continuous (and such reporting does not require an emergency meeting with the Financial Intelligence Unit), the obliged person must have a suspicion of money laundering or terrorist financing, after which, in addition to the relevant notification, due diligence must also be applied in other respects and a decision to refuse the transaction must be made.
10.8. If WFDP Wallet detects a risky transaction in the course of making transactions, or if the person making the transaction does not submit an identity document, or when there is a doubt about the accuracy or authenticity of documents submitted, or if there is any other violation of the obligation of the person making the transaction, the circumstances related to the transaction shall be considered suspicious and the transaction is treated with extreme caution.
10.9. If an employee of WFDP Wallet detects activities or circumstances in the course of economic or professional activities or operations the characteristics of which indicate money laundering or terrorist financing, or in regards to which they suspect or know that money laundering or terrorist financing is involved, they immediately inform the contact person of the company, who forwards the information to the Financial Intelligence Unit.
10.10. WFDP Wallet, its structural unit, a member of a directing body and its employee is prohibited to notify a person, the beneficial owner or representative of the person about a notification given to the Financial Intelligence Unit, about the plan to submit such notification or the occurrence of such notification and about the precepts made by the Financial Intelligence Unit or initiation of criminal proceedings. WFDP Wallet may notify the person of the disposal of the account assigned to him by the Financial Intelligence Unit or other restriction after the fulfillment of the precept made by the Financial Intelligence Unit. The prohibition set forth in this clause shall not be applied in the cases provided for in subsections 51(2) and 51(3) of the Money Laundering and Terrorist Financing Prevention Act.
10.11. Indicators of suspicious transactions are given in the guidelines on the characteristics of suspicious transactions on the website of the Financial Intelligence Unit at https://wfdp-igo.org. Compliance with this document is obligatory.
10.12. The law obliges to report cash transactions over 32,000 euros or an equivalent amount in another currency, regardless of whether the transaction is made as a single payment or as several related payments.
10.13. To the completed notification form, the contact person adds copies of the documents underlying the transaction, as well as copies of the documents underlying the identification of the person. Copies of other documents characterising the nature of the transaction may also be attached to the notification. The notification form to be submitted to the Financial Intelligence Unit and its completion instructions are located at https://fiu.ee/media/78/download.
10.14. The notice is delivered on an online electronic form on the website of the Financial Intelligence Unit. If there is no such possibility, the notice can be sent in any form that allows reproduction to the email address: info@wfdp-igo.org
10.15. The employee of WFDP Wallet is obliged to provide the information required in the order at the first request of the Financial Intelligence Unit.
11. IMPOSING INTERNATIONAL SANCTIONS
11.1. The objective of the national imposition of international sanctions and the implementation thereof is, in compliance with the United Nations Charter, to maintain or restore peace, prevent conflicts and reinforce international security, support and reinforce democracy, follow the rule of law, human rights and international law and achieve other objectives of the common foreign and security policy of the European Union. An international sanction within the meaning of this code of conduct is a measure that is not related to the use of armed forces and which has been decided to be imposed by the European Union, the United Nations, another international organization or the Government of the Republic in order to achieve the aforementioned goal.
11.2. Subject to international sanctions means a natural or legal person, entity or body which is directly specified in the act on the imposition or implementation of international sanctions and with regard to whom the measures prescribed therein are taken.
11.3. A person with special obligations, to whom the special obligations of the International Sanctions Act apply is, among other things, a virtual currency service provider within the meaning of the Money Laundering and Terrorist Financing Prevention Act.
11.4. WFDP Wallet (hereinafter also person with special obligations) takes measures to fulfil the resulting obligations upon the entry into force of the legislation establishing or implementing an international financial sanction and demonstrates the diligence necessary to ensure the achievement of the goal of the international financial sanction and to avoid breach of the sanction. A natural or legal person who has a suspicion or who knows that a person with whom they have a business relationship or are making a transaction or operation with, as well as a person with whom they are planning to establish a business relationship or make a transaction or operation, is subject to an international financial sanction, immediately notifies the Financial Intelligence Unit of the identification of the subject of the international financial sanction, the relevant suspicion and the measures taken.
11.5. In its economic activities WFDP Wallet pays special attention to the activities of the person with whom it is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, and circumstances that indicate the possibility that the person is the subject of an international financial sanction.
11.6. WFDP Wallet periodically monitors the website of the Financial Intelligence Unit and immediately takes the measures provided for in the legislation establishing or implementing the international financial sanction in order to ensure the achievement of the goal of the international financial sanction and to prevent breaches of the international financial sanction.
11.7. Upon entry into force, amendment, invalidation or expiration of an international financial sanction legislation, WFDP Wallet, as a person with special obligations, immediately checks whether the person with whom it is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, is the subject of the international financial sanction imposed, amended or lifted.
11.8. If the legal act establishing or implementing an international financial sanction is declared invalid, it expires, or it is changed in such a way that the application of the international financial sanction to the subject of the international financial sanction is lifted in whole or in part, WFDP Wallet, as a person with special obligations, immediately ceases the implementation of the measure to the extent provided for in the act on the imposition or application of the international financial sanction.
11.9. WFDP Wallet establishes in writing or in a format which can be reproduced in writing procedural rules for the implementation of an international financial sanction and the fulfilment of the obligations arising from the respective law and procedure for checking the compliance with these procedural rules, and appoints the person responsible for the implementation of the international financial sanction, whose contact details he forwards to the supervisory authority.
11.10. According to the International Sanctions Act, persons with special obligations must carry out additional due diligence to identify situations when international financial sanctions must be applied. To this end, the named persons must:
exercise extra diligence with respect to the client and the circumstances of the transaction (including the other party to the transaction) when establishing a business relationship and conducting transactions;
credit and financial institutions pay attention to all parties and circumstances of the transaction (including goods) in trade finance transactions to ensure enforcement of international sanctions;
monitor the information on sanctions in their activities and the corresponding lists on the website of the Financial Intelligence Unit; 4)
notify the Financial Intelligence Unit of the identification of a subject of the financial sanction and the implementation of a financial sanction on the basis of such information; collect additional information (including from the customer) if there is a suspicion that a person is subject to financial sanctions; in the event of there still being a suspicion of financial transaction regarding the person or the circumstances of the transaction and the other party after collecting additional information, notify the Financial Intelligence Unit of the suspicion (also if additional information cannot be collected), while refusing to make further transactions and/or establish a business relationship; notify the Financial Intelligence Unit of the refusal to establish a business relationship or make a transaction if the grounds for such refusal were the possible exposure of the person, the country, the transaction or the goods underlying the transaction to the international sanctions regime;
inform the Financial Intelligence Unit of a suspicion that a person is under the direct or indirect control of a subject to international sanctions;
have the procedural rules and contact person necessary for the implementation of the financial sanction;
carry out checks to identify financial sanctions;
store data related to financial sanction suspicions, implementations and corresponding controls.
Upon identification of the subject of international financial sanctions, it is necessary to identify the measures established to sanction this person. The measures to be taken are described in the legislation establishing the sanction, so the exact sanction imposed on the person must be identified in order to ensure the legal and correct implementation of the measures.
All other persons must show due diligence in the course of their activities in order to identify the need for the implementation of an international financial sanction. A natural or legal person who has a suspicion or who knows that the person with whom it is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, immediately notifies the Financial Intelligence Unit of the identification of the subject of the international financial sanction, the relevant suspicion and the measures taken.
The Financial Intelligence Unit will check the application of the financial sanction within 10 working days from the receipt of the notification, including whether the subject of the financial sanction has been correctly identified and whether the measures have been taken legally, and then inform the person that submitted the notification about the result of the inspection within 2 working days.
11.11. A person with special obligations collects and preserves for five years the following information in the course of enforcing the requirements of subsection 3 of this section:
inspection time;
the name of the inspecting person;
results of the inspection;
measures taken.
11.12. If a person with special obligations or a person authorised by them doubts whether a person with whom it is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, is the subject of an international financial sanction, they ask additional information from that person for the identification of said fact. If a person who is in business relations or is making transactions or is carrying out acts with the person having specific obligations, as well as a person who intends to create business relations, make a transaction or carry out an act, refuses to provide additional information or it is impossible to identify by means thereof if the person is a subject of international financial sanction, the person having specific obligations or a person authorized by them refuses to make a transaction or act, takes measures provided for in the act on the imposition or implementation of international financial sanction and notifies immediately the Financial Intelligence Unit of their doubts and of the measures taken.
11.13. Upon entry into force of an act on the imposition or implementation of international financial sanctions the employees of WFDP Wallet take measures to fulfil the obligations arising therefrom and demonstrate due diligence to ensure the achievement of the objective of the international financial sanction and avoid breach of the sanction.
11.14. An employee of WFDP Wallet who has doubts or who knows that a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, is a subject of international financial sanction, immediately notifies the Financial Intelligence Unit of the identification of the subject of international financial sanction, of the doubt thereof and of the measures taken.
11.15. In the economic activity of WFDP Wallet, an employee of WFDP Wallet pays special attention to the activities of the person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, and to the circumstances which refer to the possibility that the person is a subject of an international financial sanction.
11.16. If an employee of WFDP Wallet doubts whether a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, is the subject of an international financial sanction, they inform the board of with WFDP Wallet of this suspicion, which in turn asks the said person for additional information in order to determine whether these suspicions are correct.
11.17. If a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, refuses to provide additional information or it is impossible to identify by means thereof if the person is a subject of international financial sanction, WFDP Wallet refuses to make a transaction or act, takes measures provided for in the act on the imposition or implementation of international financial sanction and notifies immediately the Financial Intelligence Unit of their doubts and of the measures taken.
11.18. If an act on the imposition or implementation of international financial sanction is repealed, expires, or is amended in such a manner that the implementation of the international financial sanction with regard to the subject of the international financial sanction is terminated wholly or partially, WFDP Wallet ceases the implementation of the measure to the extent provided for in the act on the imposition or application of the international financial sanction.
11.19. European Union sanctions against countries can be checked online on the website at https://www.sanctionsmap.eu; it is possible to check the sanctions of the European Union and the United Nations against subjects on the website of the Financial Intelligence Unit at https://www.fiu.ee.
11.20. The responsible person or the person appointed by them checks the entry into force, amendment and termination of sanctions using automated technological solutions and public databases of the key partners of WFDP Wallet. Sanctions are monitored automatically and in the event of receipt of inaccurate or incomplete data, the responsible person or a person designated by them may organise an additional manual check. Also, the automated control is structured in such a way that it monitors the existing customer base in real-time and when sanctions come into force against a specific client, it immediately transmits the information via e-mail to the responsible person. In addition, if the automated system detects a contradiction with the information in the databases, it immediately sends the message via e-mail to the responsible person. The responsible person or the person appointed by them checks the operation of the automated system at least monthly.
12. CONTACT PERSON AND RESPONSIBLE PERSON
12.1. The duties of the contact person are:
12.1.1. checking compliance with anti-money laundering requirements; 12.1.2. transfer of information to the Financial Intelligence Unit in case of suspicion of money laundering or terrorist financing;
12.1.3. responding to requests made by the Financial Intelligence Unit and complying with its orders;
12.1.4. collection of data received on suspicious and/or unusual operations and processing and storage of such data either in a designated electronic file or on paper, in which the details of the suspicious or unusual transaction, data provider, date and place can be seen;
12.1.5. submitting periodic written reports to the management board on compliance with procedural rules;
12.1.6. informing the management board in writing about deficiencies in compliance with internal control regulations, guidelines and other legislation.
12.2. The rights of the contact person are:
12.2.1. checking transactions and their formalization in accordance with the legislation of the Republic of Estonia and this code of conduct;
12.2.2. during the provision of the service, monitoring of activities to ensure their compliance with activities to prevent money laundering and terrorist financing.
12.3. The contact person may only transmit information or data that has become known to them in connection with suspected money laundering:
12.3.1. to the management board and the employee appointed by the board;
12.3.2. Financial Intelligence Unit;
12.3.3. to the preliminary investigation authority in connection with criminal proceedings;
12.3.4. to the court on the basis of a court order or decision.
12.4. An employee must inform the contact person immediately, but no later than within the same working day, of all cases of refusal to establish a business relationship based on subsection 27(1) of the Money Laundering and Terrorist Financing Prevention Act, suspected money laundering or unusual transactions, cases of extraordinary termination of a long-term contract. The notice is given in writing or through electronic means of communication.
12.5. Regarding suspicious or unusual transactions, the following information is recorded in a format which can be reproduced in writing:
12.5.1. details of a suspicious or unusual transaction;
12.5.2. person(s) involved in the transaction;
12.5.3. date and location of the transaction.
12.6. The employee must notify the contact person and the latter the Financial Intelligence Unit as soon as possible, but no later than within two working days, of each activity or circumstance that has the characteristics and/or meets the conditions stated in section 10 of the rules of procedure. The employee must also follow the guidelines on the characteristics of suspicious transactions, which is available at https://fiu.ee/oigusaktid-ja- vivisdid/juhendid#juhend-kahtlaste-teh and inform the contact person as soon as possible if there is an indicator or circumstance that requires the contact person to notify the Financial Intelligence Unit. The employee must also notify the contact person and the latter the Financial Intelligence Unit of every transaction where a financial obligation over 32,000 euros or an equivalent amount in another currency is settled in cash, regardless of whether the transaction is made as a single payment or as several related payments. The said reporting obligation is based on the amount and does not depend on whether the employee suspects money laundering or not.
12.7. The notice is given to the Financial Intelligence Unit in writing or through electronic means of communication. Copies of the documents underlying the transaction, as well as the data or a copy of the document used to identify the person, are attached to the completed notification form. When submitting a notification to the Financial Intelligence Unit, the contact person follows Regulation No 51 of the Minister of the Interior of 4 October 2010 in which are stipulated the form of the notification to be submitted to the Financial Intelligence Unit and the instructions for completing it https://fiu.ee/media/78/download.
12.8. Notifications prepared by the contact person are stored, used and preserved analogously to other information in accordance with the provisions of these procedural rules.
13. RESPONSIBLE PERSON
The duties of the responsible person are to:
13.1. periodically monitor the website of the Financial Intelligence Unit (https://www.fiu.ee), which contains information on the establishment, amendment and termination of international sanctions, in order to ensure the achievement of the goal of the international financial sanction and to prevent breach of the international financial sanction. Also, to monitor the validity of sanctions in real time, WFDP Wallet also uses public search systems, international sanctions databases and technical solutions provided by key partners;
13.2. check the client if the amount of the transaction exceeds 50,000 euros and if there are changes in the management bodies, owners, or representatives. If the client is a legal body, their representative, members of management bodies and actual beneficiaries must be checked;
13.3. check the entire customer base and automated monitoring systems at least once a month.
13.4. In accordance with the International Sanctions Act, the responsible person collects and preserves for five years the following information:
inspection time;
the name of the inspecting person;
results of the inspection;
measures taken.
13.5. If there is a doubt whether a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, is the subject of an international financial sanction, additional information must be requested from the respective person to determine whether these suspicions are correct.
13.6. If a person with whom WFDP Wallet is in business relations or is making a transaction or carrying out an act, as well as a person intending to create business relations, make a transaction or carry out an act, refuses to provide additional information or it is impossible to identify by means thereof if the person is a subject of international financial sanction, the person having specific obligations or a person authorized by them refuses to make a transaction or operation, takes measures provided for in the act on the imposition or implementation of international financial sanction and notifies immediately the Financial Intelligence Unit and the management board of WFDP Wallet of their doubts and of the measures taken.
13.7. If the activity of a person does not fully qualify as an activity that must be reported to the Financial Intelligence Unit, according to these instructions, the client’s further activity must be taken under increased attention. The Financial Intelligence Unit must be notified as soon as there is a reasonable suspicion of suspicious behaviour by the customer.
13.8. The notice is submitted on an online electronic form on the website of the Financial Intelligence Unit. If there is no such possibility, the notice can be sent in any form that allows reproduction to the email address: info@wfdp-igo.org
13.9. Notification of the Financial Intelligence and submitting relevant data is not considered a breach of a contractual or legal confidentiality requirement and these persons are not subject to the responsibility prescribed by legislation or contract for publishing the respective data.
14. PROCEDURE FOR ENSURING COMPLIANCE WITH THE RULES OF PROCEDURE AND INTERNAL CONTROL STANDARDS
14.1. Supervision over the compliance of the management board of WFDP WALLET with the requirements of the Money Laundering and Terrorist Financing Prevention Act and the legislation established on the basis thereof is carried out by the Financial Intelligence Unit and/or other competent authorities and institutions designated by relevant laws.
14.2. Compliance of the employees of WFDP Wallet, its structural units and contact person with the requirements of the Money Laundering and Terrorist Financing Prevention Act and the legislation established on the basis thereof is monitored and controlled by the management board of the undertaking, responsible board member or contact person.
14.3. The competence of the employees of WFDP Wallet to comply with the requirements of the Money Laundering and Terrorist Financing Prevention Act and the legislation established on the basis thereof:
14.4. only those employees who have been authorised to do so by the management board or the responsible board member and who have thoroughly familiarised themselves with the relevant legislation, information issued by the competent authorities, with these rules of procedure and have exhaustive knowledge in the field of AML/KYC may handle operations related to the fulfilment of requirements and obligations arising from the Money Laundering and Terrorist Financing Prevention Act and of the legislation established on the basis thereof, including the implementation of due diligence, whereby only those employees also have the right to decide on the initiation, creation and continuation of business relationships;
14.5. in matters related to the fulfilment of requirements and obligations arising from the Money Laundering and Terrorist Financing Prevention Act and of the legislation established on the basis thereof, the employees and heads of structural units of WFDP Wallet primarily consult with the contact person and, in the absence of such person, with the responsible member of the management board. The responsible board member always has the right to control the activities of the employees, heads of structural units and the contact person of WFDP Wallet.
14.6. The employees and heads of structural units of WFDP Wallet undertake to strictly comply with:
14.6.1. International Sanctions Act;
14.6.2. Money Laundering and Terrorist Financing Prevention Act;
14.6.3. Directive (EU) 2015/849 of the European Parliament and of the Council;
14.6.4. relevant instructions and orders of the Financial Intelligence Unit and other competent authorities;
14.6.5. procedural rules and internal control rules established by the management board of WFDP Wallet;
14.6.6. relevant and legal orders and instructions of the management board, responsible board member and contact person of WFDP Wallet.
14.7. If an employee (or the manager of a structural unit) has a doubt as to whether a due diligence measure or other related criterion has been met (or the execution of a transaction or the establishment of business relations is permitted) – the employee (or the head of a structural unit) must immediately contact their immediate superior (head of a structural unit, contact person, responsible board member) and suspend the transaction or business relationship until they receive an answer to their request and an order on how to behave.
14.8. WFDP Wallet implements the following system of internal control over compliance with 14.6.2.
Money Laundering and Terrorist Financing Prevention Act and the legislation established on the basis thereof and the requirements of these procedural rules and internal control standards:
14.9. The activities of the employees of WFDP Wallet are monitored and controlled by:
14.10. the head of the structural unit of the employee;
14.11. in the absence of the head of the structural unit of the employee, the responsible board member and/or contact person.
14.12. The employee must transmit to the head of the structural unit or, in the absence thereof, to the responsible board member and/or to the contact person all relevant data concerning the identities of the clients of WFDP Wallet and the nature of the business relations established with them, including the client’s personal data, data of the transaction carried out with the client, the results of the implementation of due diligence measures and other important information at the latest on the next working day after the completion of data collection and implementation of due diligence.
14.13. The activities of the head of a structural unit of WFDP Wallet are monitored and controlled by the responsible board member of WFDP Wallet and/or to the contact person.
14.14. The head of the structural unit of WFDP Wallet must transmit to the contact person or the responsible member of the board at least once a month all relevant data collected by them or the employees of their structural unit on the identities of the clients of WFDP Wallet and the nature of the business relations established with them, together with relevant reports.
14.15. The activities of the contact person of WFDP Wallet are monitored and controlled by the responsible board member or management board.
14.16. The contact person checks the relevant data provided by the employees and heads of structural units of WFDP Wallet on the identities of the clients of WFDP Wallet and the nature of the business relationships established with them and organizes the storage of this data in accordance with the provisions of the Money Laundering and Terrorist Financing Prevention Act and this code of conduct. The contact person submits relevant reports to the management board of WFDP Wallet once per quarter.
14.17. The activities of the responsible board member of WFDP Wallet are monitored and controlled by other board members or, in exceptional cases, by the general meeting of shareholders.
14.18. In the event of a temporary absence of the contact person, the responsible board member or the person temporarily appointed by them checks the relevant data provided by the employees and heads of structural units of WFDP Wallet on the identities the clients of WFDP Wallet and the nature of the business relationships established with them, and organizes the storage of this data in accordance with the provisions of the Money Laundering and Terrorist Financing Prevention Act and this code of conduct.
14.19. The responsible board member and the management board of WFDP Wallet undertake to inform the employees of the undertaking on an ongoing basis about changes in legislation and new positions of supervisory institutions, the activities of WFDP Wallet, changes in its risk assessments and criteria arising from clients or certain client groups, changes in the long- and short-term business approach of the undertaking and separate positions and guidelines (according to the market situation, political and economic situation, orders of supervisory bodies, etc.) to fulfil the obligations arising from the Money Laundering and Terrorist Financing Prevention Act. Said information and notices do not necessarily have to be formalized as appendices to this manual and may be delivered at meetings, through individual managers, by e-mail, but they must be complied with and followed regardless of the delivery method.
14.20. Breach of the duty of care arising from the Money Laundering and Terrorist Financing Prevention Act, failure to comply with the order of the responsible board member, management board or contact person, or failure to inform the responsible board member, management board, contact person or the Financial Intelligence Unit in case of suspicion of money laundering or terrorist financing, either directly or through the head of the structural unit, is sufficient grounds for initiating disciplinary proceedings against the employee and/or head of structural unit and to terminate the employment relationship.
14.21. The management board of WFDP Wallet ensures that the resources allocated for ensuring compliance with the Money Laundering and Terrorist Financing Prevention Act and the requirements of this code of conduct are sufficient and that the employees directly involved in fulfilling the requirements of the Money Laundering and Terrorist Financing Prevention Act operate in conditions where they are fully aware of the requirements of the Money Laundering and Terrorist Financing Prevention Act and this code of conduct.
14.22. WFDP Wallet must carry out an internal audit. During the internal audit, adherence to procedural rules, compliance with internal control standards and the functioning of systems are also checked. The internal auditor is subject to the requirements and legal bases of the activity provided for the certified internal auditor in the Auditors Activities Act. The internal auditor checks the compliance of the activities of WFDP Wallet and its managers and employees with legislation, regulations of the Financial Intelligence Unit, decisions of management bodies, internal regulations, contracts signed by the virtual currency service provider and good practice.
14.23. The virtual currency service provider guarantees the internal auditor all the rights and working conditions necessary for the performance of their duties, including the right to receive explanations and information from the managers and employees of the virtual currency service provider and to monitor the elimination of discovered deficiencies and the implementation of suggestions made. The internal auditor is obliged to immediately forward in writing to the managers of the virtual currency service provider and the Financial Intelligence Unit any information that has become known to them about the virtual currency service provider and which points to violations of the law or damage to the interests of clients.
15. FINAL PROVISIONS
15.1. The training of the employees of the undertaking on proving money laundering and terrorist financing and international sanctions (hereinafter training) is conducted by the contact person or another employee of the institution designated by the board of the institution or an expert in the relevant field.
15.2. The contact person is responsible for conducting regular training. Training takes place as needed but at least once a year. Each person confirms their participation in the training with their signature.
15.3. After a new employee has signed their employment contract, the contact person must instruct them in accordance with the established procedure within at least one week after the new employee starts work and introduce this code of conduct to the new employee against a signature.
15.4. The contact person has the right to submit proposals to the management board of the undertaking regarding training providers. If the obligation to enforce the code of conduct is assigned to another person based on an authorization agreement, they must follow the code of conduct in full.
15.5. The user manuals and rules of use of the programs and information technology tools used in the provision of the services of WFDP Wallet are available to the employee in the corporate data processing cloud and access is granted via corporate email only to the employee of WFDP Wallet. Also, WFDP Wallet organizes training for the employee on the rules for using work tools and any relevant changes.
15.6. At the first request of an employee of the Financial Intelligence Unit, all documents necessary for the inspection must be submitted to the inspectors
