Legal and Privacy

ANTI-MONEY LAUNDERING AND COUNTER TERRORIST FINANCING COMPLIANCE POLICY




  1. TERMS AND DEFINITIONS

    1. Money laundering” or “ML” means the following conduct when committed intentionally:

  2. the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person's action;

  3. the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such activity;

  4. the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such activity;

  5. participation in, association to commit, attempts to commit and aiding, abetting, facilitating, and counseling the commission of any of the actions referred to in points a, b, and c.

  1.  “Terrorist financing” or “TF” means the provision of funds, directly or indirectly, with the intention that they should be used or in the knowledge that they are to be used in order to carry out any of the offences within the meaning of Articles 1-4 of Council of the European Union Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (as amended by Framework Decision 2008/919/JHA of 28 November 2008) and falling under Articles 250, 2501 – 2506 of the Criminal Code of the Republic of Lithuania.

  2. Company” means UAB NEW SOFTWARE SOLUTIONS. The term “Company” when used in this Policy also refers to the management bodies of the Company and the members of such bodies as well as the employees of the Company. UAB New Software Solutions (hereinafter – the “Company”) is a virtual currency exchange and depository wallet operator, acting in accordance with the laws of the Republic of Lithuania. The Company is committed to conducting business operations in a transparent and open manner consistent with its regulatory obligations.

  3. Employee of the Company” or “Employee” means any natural person who is employed by the Company on the basis of an employment agreement or other agreements (outsourcing and freelance agreements). The term “Employee” when used in this Policy also refers to the management bodies of the Company and the members of such bodies, unless the context requires otherwise.

  4. “Terms and Conditions” mean an agreement (https://credits.com/legal.html) between a Client and the Company published on the company’s website and available in a company's app. 

  5. Client” means a person that uses Services provided by the Company by accepting Terms and Conditions.

  6. Services” means services provided to the Client by the Company, specifically:

  1. Custodian Virtual Currency operator service, which allows to the Client open Custodian Virtual Currency Wallet on the Client's name and make transactions with this wallet: to deposit Virtual Currency and to withdraw deposited Virtual Currency to another wallet(s);

  2. Virtual Currency exchange operator service, which allows the Client to exchange, purchase and sell Virtual Currency.

The Company’s business model is to provide these Services to natural persons only.

  1. Business relationship” means a business, professional or commercial relationship of the Company with a Client that is expected, at the time when entering into such a relationship, to have an element of duration.

  2. Transaction” means a contractual arrangement between the Company and the Client on the provision of the Services.

  3. Suspicious Transaction” means a Transaction that relates to either the funds derived from the illegal activities or the funds obtained in the course of the illegal activities or the Terrorist financing and which meets at least one of the criteria established by the Order of the Director of the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Lithuania No V-240 of 5 December 2014 as described in details in Section 9 below.

  4. Politically exposed natural person” or “PEP” means a natural person who is or has been entrusted with Prominent public functions and Close family members or close associates. A person is considered to be a PEP for a period of 1 year after ceasing to be entrusted with Prominent public functions.

  5. Prominent public functions” means functions within the Lithuanian, European Union, international or foreign public authorities:

  1. the head of the State, the head of the government, a minister, a vice-minister or a deputy minister, a secretary of the State, a chancellor of the parliament, government or a ministry, members of royal families and honorary officials;

  2. a member of the parliament;

  3. a member of the Supreme Court, the Constitutional Court or any other supreme judicial authorities whose decisions are not subject to appeal;

  4. a mayor of the municipality, a head of the municipal administration;

  5. a member of the management body of the supreme institution of state audit or control, or a chair, deputy chair or a member of the board of the central bank;

  6. an ambassador, a chargé daffaires ad interim, a special envoy and a minister plenipotentiary or a high-ranking military officer;

  7. a member of the management or supervisory body of a public undertaking, a public limited company or a private limited company, whose shares or part of shares, carrying more than 1/2 of the total votes at the general meeting of shareholders of such companies, are owned by the State;

  8. a member of the management or supervisory body of a municipal undertaking, a public limited company or a private limited company whose shares or part of shares, carrying more than 1/2 of the total votes at the general meeting of shareholders of such companies, are owned by the State, and which are considered as large enterprises in terms of the Law of the Republic of Lithuania on Financial Statements of Entities;

  9. a director, a deputy director or a member of the management or supervisory body of an international intergovernmental organisation;

  10. a leader, a deputy leader or a member of the management body of a political party;

  11. candidate for a political position.

  1. Close associate” means a natural person who:

  1. participates in the same legal entity or maintains other business relationships with a person who performs or previously performed the Prominent public functions;

  2. is the sole owner of the legal entity set up or operating de facto with the aim of acquiring property or another personal benefit for a person who performs or previously performed the Prominent public functions.

  1. Close family member” means spouse, a person in registered partnership (cohabitant), parent, brother, sister, child, and child’s spouse or child’s cohabitant.

  2. Financial institution” means the credit institutions and financial undertakings as defined in the Law of the Republic of Lithuania on Financial Institutions, payment institutions as defined in the Law of the Republic of Lithuania on Payment Institutions, electronic money institutions as defined in the Law of the Republic of Lithuania on Electronic Money and Electronic Money Institutions, operators of currency exchange offices as defined in the Law of the Republic of Lithuania on Currency Exchange Operators, operators of crowdfunding platforms as defined in the Law of the Republic of Lithuania on Crowdfunding, operators of peer-to-peer lending platforms as defined in the Law of the Republic of Lithuania on Consumer Credit and the Law of the Republic of Lithuania on Credit Relating to Immovable Property, insurance undertakings engaged in life insurance activities and insurance brokerage firms engaged in insurance mediation activities relating to life insurance as defined in the Law of the Republic of Lithuania on Insurance as well as investment companies with variable capital and collective investment undertakings intended for informed investors and management companies managing only those undertakings; branches of these foreign financial institutions set up in the Republic of Lithuania as well as electronic money institutions and payment institutions whose registered office is in another European Union Member State providing services in the Republic of Lithuania through agents, natural or legal persons.

  3. European Union Member State” or “EU Member State” means a state which is a Member State of the European Union (“EU”) or a state of the European Economic Area (“EEA”).

  4. Third party” means a Financial institution or another entity as defined in the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania as well as a financial institution or another entity registered in another EEA Member State or a state which is not an EEA Member State (third country), who meets the following requirements:

  1. they are subject to mandatory professional registration, recognised by law;

  2. They are registered in an EU Member State or in a third country which applies requirements that are equivalent to the EU identification requirements and record-keeping requirements in respect of Clients, and which is monitored by the competent authorities in terms of the compliance with the said requirements.

  1. Other than FATF country” means (i) a country that is not a member of the Financial Action Task Force (“FATF”) on  or of an international organization with observer status at FATF that participates in the efforts to combat money laundering and terrorist financing and (ii) identified as High-risk and non-cooperative jurisdiction by the European Commission or the FATF. The list of the countries other than FATF countries is provided under the following link: http://www.fatf-gafi.org/countries/#high-risk

  2. Target territory” means a foreign state or zone as specified in the Law on Corporate Income Tax of the Republic of Lithuania. Please refer to Annex III.

  3. Financial intelligence unit” or “FIU” means the Financial Crime Investigation Service under the Ministry of the Interior of the Republic of Lithuania.

  4. Money laundering reporting officer” or “Officer” means an Employee of the Company who is appointed by the managing director of the Company as the officer responsible for the ML/ TF prevention in the Company.

  5. Policy” means this Policy on the prevention of Money Laundering and Terrorist Financing and all its Annexes as may be further amended from time to time.

  6. Register” means all and any electronic register which the Company keeps:

1.

Log of Submitted SARs

To be kept for 8 years after terminating business relationship

2.

Log of virtual currency exchange and transactions equal to or greater than EUR 15 000 or currency/virtual currency equivalent

3.

Log of all customer transactions

4.

Log of business relationships terminated due to ML/TF reasons

5.

Copies of ID documents, identification information, and KYC information

6.

Digital currency wallet address together with owner’s identity information

7.

Correspondence with customer

To be kept for 5 years after terminating business relationship

8.

Supporting documents obtained from customer

To be kept for 8 years after completing transaction

9.

Internal investigation records of suspicious transactions

To be kept for 5 years

10.

Other records

To be kept for 8 years

Other records:

  • evidence of the training programs on ML/TF prevention whether in-house or external;

  • other records if required under the AML law of Lithuania as well as other legal acts related to the prevention of money laundering/terrorism financing.

  1. Virtual Currency” or “Digital Assets” means a value represented in the digital form, which is digitally transferable, preservable, or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC, and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp 35–127) or a payment transaction for the purposes of points (k) and (l) of Article 3 of the same Directive.

  2. Client Due Diligence (“due diligence” or “CDD”) refers to the acts of collecting identifying information in order to verify a Client’s identity and more accurately assess the level of ML/TF risk they present.

  3. High-risk products or services” involve (i) unlimited third-party transactions (e.g., demand deposit accounts) (ii) limited transparency (e.g., Internet banking, prepaid access, ATM, trust), and: (iii) significant international transactions (e.g., correspondent banking).

  1. ROLES AND RESPONSIBILITIES

    1. The Board has a critical oversight role - as the senior-most management of the Company, they should approve and oversee policies for risk, risk management, and compliance. The Board also should have a clear understanding of the ML/TF  risks, including timely, complete, and accurate information related to the risk assessment to make informed decisions. Along with the General manager, the Board should appoint a qualified AML Officer with overall responsibility for the AML function and provide this senior-level officer with sufficient authority that when issues are raised they get the appropriate attention from the Board, the General manager, and the business lines. The Board is responsible for the overall AML/CTF compliance policy of the Company and for ensuring adequate resources are provided for the proper training of employees and the implementation of risk systems. The Board will receive and consider quarterly compliance reports presented by the AML Officer.

    2. The General Manager will receive and consider the monthly compliance reports sent by the AML Officer and authorise changes based on the recommendations if required. The General Manager will also receive reports on particularly significant changes that may present a risk to the organisation. Assistance may be given to the AML Officer in the preparation of the AML programs.

    3. The Compliance Officer (AML Officer) is responsible for managing compliance risks, developing Company’s policies and procedures, and monitoring compliance issues. The AML Officer is responsible for internal reporting of significant changes that may present high ML/TF risks to the Company. The AML Officer prepares monthly and quarterly reports for consideration to the General Manager and the Board and conducts risk assessments of compliance systems, and develops regular random analyses. The AML Officer establishes and implements the risk scoring matrix following regulatory guidance and for review and approval by the General Manager.

    4. The Money Laundering Reporting Officer (MLRO) is responsible for making mandatory reports and notifications to the FNTT, for liaising with the FNTT on processing requests and keeping communication as well as for the independent review, whether the Company is compliant with the requirements of the identification and reporting of the suspicious monetary operations or transactions, mandatory notifications and keeping mandatory registrars and logs. First point of contact for all compliance issues from Employees. MLRO undertakes a regular random analysis of transactions including assessment of documentary evidence provided by Clients and suggests necessary amendments to the Policy in line with risk assessment. MLRO ensures everyone is periodically informed of any changes in anti-money laundering and anti-terrorist financing legislation, policies, and procedures, as well as current developments and changes in ML or TF schemes particular to their jobs, constructing AML/CTF-related content for Employee’s training programs.

    5. Other Employees are responsible to familiarize themselves with this Policy, and other internal procedures related to their job role, and understanding responsibilities. Ensure AML/CTF procedures are adhered to. Ensure that all suspicious activity is reported to the Compliance (AML) Officer. Training programs must be completed successfully.




  1. KYC PROCEDURES (CLIENT DUE DILIGENCE)

    1. Client Due Diligence refers to the acts of collecting identifying information in order to verify a Client’s identity and more accurately assess the level of ML/TF risk they present. 

    2. Identification includes collection and verification of a Client’s full name, date of birth, gender, address, proof of residence, ID documents, selfie and/or a video of yourself, email, and phone number.

    3. The following procedures which constitute the ML/TF prevention measures shall be carried out in order to perform customer due diligence at the inception of a Business relationship with a Client:

  1. identification of persons who apply to the Company as the potential Client;

  2. verification if the potential Client acts as a principal; if the potential Client is represented by another person (agent), the identification and verification of the representative (agent) apply as well;

  3. obtaining information on the purpose and intended nature of the relationship with the Company;

The above steps are essential prior to initiation of a Business relationship with the potential Client and after the Client is engaged in the Business relationship, the following ML/TF prevention measure must be taken:

  1. ongoing monitoring of the Business relationship with the Client and Transactions of the Client.

  2. The Client can be turned away before a Business relationship is formed, during the due diligence process, or in the stages following acceptance of a Business relationship.

  3. IDENTIFICATION OF THE CLIENTS

    1. The Company requires a good working knowledge of the Client’s activities in order to provide an effective service, including evidence of their identity. The Company needs to identify the Clients in the following circumstances:

  1. prior to establishing a Business relationship. The creation of a deposit wallet of Virtual Currencies is not a Business relationship if no more than one Transaction, operation, deposit or withdrawal has taken place in that wallet within six months and the amount is less than EUR 1 000 or currency/Virtual Currency equivalent;

  2. before

    1. executing occasional Virtual Currency exchange transactions or operations in Virtual Currency with funds equal to or above EUR 1,000 or currency/Virtual Currency equivalent;

    2. occasional depositing or withdrawing of Virtual Currency amounting to or above EUR 1,000 or currency/Virtual Currency equivalent;

    3. The transaction is carried out in one or more interrelated Transactions (the value of the Virtual Currency being determined at the time of the operation) unless the Client has already been identified.

  3. when there are doubts about the veracity or adequacy of previously obtained identification data of the Client and/or the representative of the Client (where applicable);

  4. in any other case when there are suspicions that the act of ML or TF is, was or will be performed.

  1. The identification evidence must be obtained before the provision of any Services to a prospective Client or an established Client – if sufficient evidence cannot be obtained the Company must not proceed with the business. 

  1. IDENTIFICATION METHODS

    1. Clients may be identified by face-to-face contact or using non-face-to-face identification methods. This also applies to those cases where the Client is represented by another person. 

    2. The Company only uses a non-face-to-face identification when dealing with its Clients. It can be executed.


  1. RISK ASSESSMENT

    1. An important aspect of the due diligence process is the assessment of the risks involved and the acceptability of a prospective Client. Before agreeing to provide a service to a prospective Client, an assessment of the risks involved should be completed. This involves assessing the acceptability as a Client and the risk associated with the particular Services requested by the Client. This ongoing evaluation is necessary to consider relevant issues before deciding whether the required services should be provided.

    2. When entering into the Business relationship with the Client, the ML/TF risk is assessed on the basis of the documentation and information obtained from a prospective Client. Special attention must be given to the behavior of and the verbal communication with a prospective client as well as the criteria of the High-Risk Clients and Low-Risk Clients as listed in Sections 7 and 8 below. When assessing the ML/TF risk the aim is to establish and assess the following circumstances:

  1. type of the Client, i.e. whether a prospective Client meets the profile of the typical Client of the Company; if not, the additional clarification and/or documentation must be requested from the Client seeking to establish if there is a high ML/TF risk; the special attention is given to the following circumstances which may increase the ML/TF risk:

  2. if the Client is a PEP;

  3. other circumstances indicated in this Policy.

  1. commercial relationships, i.e. assessing if the behaviour of a prospective Client reveals that the aims and duration of the relationship expected by a prospective Client may considerably differ from what is inherent to the profile of the typical Client of the Company; if yes, the additional clarification and/or documentation must be requested from the Client seeking to establish if there is a high ML/TF risk; in addition it needs to be established if the Client acts as a principal or is represented by the third person (agent);

  2. product, i.e. assessing if the services in which a prospective Client is interested correspond the Transaction profile of such prospective Client; if not, the additional clarification and/or documentation must be requested from the Client seeking to establish if there is a high ML/TF risk;

  3. territory, i.e. assessing where the main place of interests of a prospective Client is situated, e.g. where the Client is living; it is important to establish if such main place of interests of the Client is situated in the Other than FATF country or in the Target territory; in such event the Client has to be considered as a High Risk Client.

  1. The following circumstances shall indicate a high risk and accordingly trigger high risk due diligence level:

  1. a prospective Client starts to expresses his interest in the topics related to ML/TF;

  2. a prospective Client is reluctant to perform the actions necessary for identification and to provide information related to the Client and its financial activity;

  3. a prospective Client refuses to provide documents or information for the identification purposes, especially information/documentation evidencing the financial activity of the Client; 

  4. the doubts regarding the correctness or authenticity of the documents or information provided by a prospective Client arises;

  5. a prospective client is not able to answer the questions related to the financial activity of the potential Client, the nature and the aims of such activity;

  6. a prospective Client is unusually stressed and nervous during the verbal communication with the Employee, especially when asked the questions related to the financial activity of a prospective Client.

  1. The Officer has to assess the above circumstances, indicated in Points 6.2 and 6.3 above, and decide whether to refuse to accept the Business relationship with such potential Client or, if decided to further proceed with the due diligence procedure, the enhanced due diligence has to be applied

  2. After the risk assessment is performed the Client is assigned to one of three categories according to their risk profile:

  1. Average Risk Clients who do not qualify as High-Risk Clients or Low-Risk Clients – the standard due diligence and ML/TF prevention measures apply;

  2. High-Risk Clients who are defined in Section 7 below – the enhanced due diligence and ML/TF prevention measures apply;

  3. Low-Risk Clients who are defined in Section 8 below – the simplified due diligence and ML/TF prevention measures may apply. 

  1. The profile of the Client is reviewed periodically (at least once a year) reflecting the changes in the Business relationship and behavior of the Client as well as based on the results of the ongoing monitoring of the Client. Thus, the risk profile and, accordingly, the ML/TF prevention measures applied with respect to the Client may change from time to time. 

  2. The Company must ensure that all risk assessment documentation as well as the results of the risk assessment and all changes to the risk profile of the Client are available in the Company’s records (i.e. database) and may be made available for 8 years or longer if required by the relevant authorities.


  1. ENHANCED DUE DILIGENCE PROCEDURES

The Company applies the enhanced due diligence procedures in the following instances:

  1. High-Risk Clients and High-Risk Products and Services

  2. All High-Risk Clients must be subject to the application of enhanced due diligence. For instance, PEPs and the Clients from the target territories are considered to pose a higher risk of ML/TF and automatically require the application of enhanced due diligence and ongoing monitoring. 

  3. High-Risk Clients are also those Clients who are assigned to this category after the risk assessment or due to the results of the ongoing monitoring, e.g. the High-Risk Clients are as follows:

  4. those who do not correspond to the profile of the typical Client of the Company significantly and after carrying an additional investigation the Employee decided that the Client or its activity raises high ML/TF risk;

  5. those whose behavior during the due diligence procedure was suspicious and, therefore, reported to the Officer who after carrying an additional investigation decided to proceed further with the enhanced due diligence;

  6. whose behaviour during the due diligence procedure were unusual and after carrying an additional investigation it is decided that the Client or its activity raises high ML/TF risk;

  7. the Client is from a target territory;

  8. the permanent place of residence of the Client – natural person is a territory other than FATF country;

  9. the main place of the interests of the Client is situated in the country other than FATF country or in the Target territory;

  10. the unusual behaviour of the Client is established that does not correspond to the ordinary course of activities of the Client (e.g. increasing amounts of Transactions);

  11. those who were assigned to the category of the High Risk Client due to other reasons that raises high ML/TF risk of the Client.


  1. Politically Exposed Persons

  1. The identification and risk assessment process or the ongoing monitoring may reveal the Client to be a PEP as defined in Section 1 of this Policy. If it is established that the Client is a PEP then:

  2. this must be notified to the Officer who verifies the information and documentation obtained as well as the additional sources (if needed) and decides whether to refuse (terminate) the Business relationship with such Client or to apply to the authorized senior management of the Company for the approval to establish (continue) a Business relationship with such Client;

  3. the appropriate measures must be taken to establish the source of wealth and funds related to the Business relationship or Transaction;

  4. The enhanced ongoing monitoring of the Business relationship with the PEP must apply to ensure that the source of wealth and funds that are involved in the PEP’s personal/business Transactions are legitimate.


  1. Enhanced Due Diligence Measures

    1. In all of the above instances and apart from normal due diligence procedures, all of the following additional measures must be taken:

  1. the additional data, documents or information have to be used to establish the Client’s identity;

  2. the supplementary measures have to be undertaken to verify or certify the submitted documents or the confirmatory certification issued by other financial institution has to be required;

  3. ensuring that the first payment is carried out through an account held by the Client in his name with a credit institution authorized in the EEA Member State or the third country which imposes equivalent requirements to those laid down in the laws of the Republic of Lithuania;

  4. obtaining additional information on the intended nature of the Business Relationship;

  5. obtaining information on the source of funds and source of wealth of the Client;

  6. obtaining information on the reasons for the intended or performed transactions;

  7. perform ongoing monitoring of the Business Relationship with the Client by increasing the number and timing of controls applied, and selecting patterns of Transactions that need further examination.


  1. SIMPLIFIED DUE DILIGENCE

    1. The simplified due diligence is allowed when the Client represents a low ML/TF risk.

    2. Simplified due diligence cannot apply if there exist circumstances when the conduction of the enhanced Client identification is required. 

    3. Simplified due diligence also cannot apply, if a separate decision of the European Commission has been adopted on this issue.

    4. Where it is established that the simplified due diligence can be used, the Company has to apply measures listed in Annex I. 

    5. This notwithstanding, the Company must ensure that supporting documentation is available in the Company’s records and may be made available if required by the relevant authorities.


  1. SUSPICIOUS OPERATIONS AND TRANSACTIONS

    1. Transactions   which   appear   unusual   are not   necessarily   suspicious. Therefore, the unusual is, in the first instance, only a basis for further inquiry.  This would then require judgment as to whether it constitutes suspicion. Below is the list of criteria for ML/TF which also serve as examples of the ML/TF activities.

    2. Suspicious transactions are determined by the Employees of the Company when applying the ML/TF prevention measures established under this Policy and paying attention to the Transactions which according to the documentation and information obtained and the criteria listed below could be related to ML/TF. Considering the activity of the Company and the nature of Services provided by the Company, Transaction could be regarded as suspicious, if it meets at least one of the following criteria:

  1. the Transactions of the Client do not correspond to the usual cooperation with the Company;

  2. the character of performed by the Client raises suspicion that it is sought to avoid the inclusion of the transactions in the Suspicious and unusual Transactions maintained by the Company;

  3. the Client regularly concludes transactions with legal persons or other organisations registered in the Target territory where there are no clear economic grounds for such activities;

  4. the Client concludes Transactions without clear economic grounds;

  5. the Client or person to whose benefit the Transaction is performed is subject to financial sanctions in accordance with the Law of the Republic of Lithuania on the Implementation of Economic and other International Sanctions;

  6. the frequency of small Virtual Currency transfers from different accounts to the account of the Client increases without clear grounds;

  7. the age, job, financial condition of the Client (the income of the Client is too small compared to the scope of his financial activities) objectively fail to correspond to the financial activities carried out by the Client;

  8. the Client's account is transit: virtual currencies deposited into the account are soon transferred to another account, while other Transactions are almost non-existent;

  9. international payments are made to PEP related natural persons, Close associates or Close family members without clear economic grounds.

  1. Suspicious Transactions shall be also identified in accordance with the criteria for the identification of Suspicious Transactions approved by Resolution No. V-240 of December 5th of 2014 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania "On the Approval of the List of Criteria for Money Laundering and Suspicious or Unusual Monetary Operations or Transactions Identification".

  2. Proper attention should be given to other circumstances which are not explicitly listed above, but may raise suspicions on ML/TF. Also, special attention must be given to complex or unusually large transactions and all unusual patterns of transactions which have no apparent economic or visible lawful purpose, and Business relationships or Transactions with Clients from countries outside the EU.

  3. If any suspicious activity listed above or other types of suspicious activity are noticed, such activity should be immediately reported to the Officer. If necessary, an investigation of the matter may include gathering additional information internally or from Third parties or other sources as well as suspending the Transaction and filing a Suspicious Transaction Report with the FIU.

  1. ONGOING MONITORING

    1. After the proper due diligence procedure is undertaken and based on the results of the latter the Client is accepted, the further monitoring of the Client, its Business relationship (where applicable), and Transactions must apply. Ongoing monitoring is carried out to ensure that the Clients meet the requirements stipulated in this Policy and the Company’s services are not used for any ML/TF purposes as well as to enable us to establish the possible ML/TF actions and undertake the respective preventative measures. 

    2. To monitor all the transactions undertaken by the Client and be able to assess their consistency with the knowledge and risk profile of the Client. During this procedure, it must be assessed whether the risk profile or financial position of the Client changed throughout the year. Records should be amended to reflect these changes. Previous records should still be kept in file.

    3. The Client Due Diligence measures should be also taken every time where the following circumstances reveal:  

  1. when there are doubts about the veracity or adequacy of previously obtained identification data of the Client;

  2. in any other case when there are suspicions that the act of ML/TF is, was or will be performed.

  1. The Company must ensure that supporting documentation of the ongoing monitoring of the Clients is available in the Company’s records and may be made available if required by the relevant authorities.


  1. IN THE CASE OF SUSPECT

    1. Internal Report. If it is identified, what is believed to be a Suspicious Transaction, must immediately be reported to the Officer. This report should be made in writing and before executing the Client’s instructions to effect a Transaction. 

    2. Tipping off. No Employee may disclose to the Client concerned or to a third party, the fact that an investigation is being carried out, or that information has been transmitted to the FIU since such disclosure might prejudice any investigation being carried out. Furthermore, at no stage may any  Employee, tip off or warn the Client specifically about the Company’s reporting obligations or that it has filed a report as this would be tantamount to alerting a suspected criminal that the Company has uncovered his illegal activity. Furthermore, such tipping off to the Client is likely to prejudice the effectiveness of any investigation or actions in regard to a Suspicious Transaction.

    3. In the event that the Client is inadvertently alerted to ongoing investigations, the Company is to immediately seek guidance from the FIU as to how the Company should act.

    4. External report. When a Suspicious Transaction is detected, a documented investigation must be completed, that operation or Transaction must be suspended, and a report made to the FIU within three business hours. There is no minimum threshold or limit for such a report. Once a Suspicious Transaction is reported to the FIU then they are required to respond within ten working days. If the FIU requests further information, then a response to that request must be provided immediately.

    5. The Company may be also instructed by the FIU to suspend the particular Transaction which the FIU alleges to be an ML/TF mean. In the latter event, the Company must suspend such Transaction when possible for up to 10 (ten) business days.

    6. The FIU must verify the reported Transaction within 10 (ten) business days as of the receipt of the respective report or as of the submission of the respective instructions to the Company. If within 10 (ten) business days of the suspension of the Suspicious Transaction the Company is not required to perform temporary restriction of ownership rights according to the procedure established by the Code of Criminal Procedure of the Republic of Lithuania, the Transaction has to be resumed.

    7. The FIU may request the Company to provide all necessary information that is needed for the FIU to carry out the verification of the Suspicious Transaction. In the latter event, the Company must provide the requested information within 1 (one) business day after the receipt of the respective request of the FIU.

    8. The FIU must be urgently reported (no suspension is needed) by the Company, if the Company obtains the information that the Client intends or will attempt to perform a Suspicious Transaction.

    9. The Company shall notify the FIU of the Client's identity data and information on the executed Virtual Currency exchange Transactions (Virtual Currency purchase or sale in decree currency) or Virtual Currency Transactions (Virtual Currency asset settlements) the value of a Transaction is equal to or greater than EUR 15 000 or currency/Virtual Currency equivalent, whether the Transaction is carried out in the context of one or more related operations. The value of the Virtual Currency is determined at the time of the Transaction.

    10. The Company has to ensure that any information requested by the FIU is provided to the FIU within 14 (fourteen) business days unless the shorter periods are established in this Policy or by the law.

    11. The Company, including its Employees acting in good faith, is not responsible to the Client for the non-fulfillment of any contractual obligations and for the damage caused due to the reporting and suspension of the Suspicious Transactions as well as for the provision of the information upon the request of the FIU.

    12. All reports to the FIU must be submitted to the FIU electronic system by filling the respective electronic form of a report. If due for any reason the submission of the report to the FIU via the FIU electronic system is not available, the respective report must be submitted via e-mail or fax without any delay.

    13. The FIU may ask for additional information in writing or via email. In the latter event, the requested information must be provided in writing or via e-mail or fax.

    14. All correspondence with the FIU is to be retained, and written records of all telephone conversations are made. Copies of all relative documentation are to be kept in the file bearing the name “Prevention of Money Laundering and Terrorist Funding”.

    15. The Officer is to request guidance from the FIU on all relevant matters.

  2. RECORD KEEPING 

  1. The Company must keep the following records:

  2. Client Identification Records:

    1. all records of steps taken to obtain identification records, as well as copies of evidence of the identity of the Clients;

    2. all risk assessment records as well as the Client risk profile;

    3. a standard application form must be completed for every new Client as well as for the existing Client where the identification of the Client is needed under this Policy; the filled application form must be signed off by all the Clients and prospective Clients;

    4. all records related to the ongoing monitoring of the Clients.

  3. Record of Transactions:

    1. a record containing details of all Transactions undertaken in the course of an established Business relationship; this is to include a record of all work performed for or the Services provided to the Clients;

    2. Transaction records are to be kept in a form that will allow a satisfactory audit trail to be completed where necessary, and which may establish a financial profile of any suspect Client;

    3. records on internal and external Suspicious Transactions reporting.

  4. Other Records:

    1. evidence of the training programs on ML/TF prevention whether in-house or external;

    2. evidence of the proper acknowledgment of the Employees with this Policy and their amendments as may be needed from time to time;

    3. other records if required under this Policy or the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania as well as other legal acts related to the prevention of ML/TF.

  1. Registers. The Company keeps the electronic Registers as defined in Section 1 above. Entries in the Registers must be executed in chronological order without any delay, but not later than within 3 (three) business days as if the respective Transaction is executed or the respective circumstances occurred. The Registers are managed and the respective entries in the Registers are made by the Officer unless another person(s) is(are) appointed by the managing director of the Company.

  2. The following data have to be filled in the Registers:

  1. name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes, if the personal number is not available);

  2. data on the Transaction: date, description of the assets used and its value, amount, Virtual Currency;

  3. data on the payee, if available: name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes, if the personal number is not available);

  4. for the Register of the Suspicious Transactions as well as the Register of the Clients with whom Transactions or Business relationships have been terminated. due to the circumstances related to the ML/TF or the infringement of this Policy only: name, surname, date of birth, personal number (or another unique combination of characters assigned to the person for identification purposes, if the personal number is not available);

  5. criterion under which the Transaction is considered as Suspicious Transaction in accordance with the order of the Director of the FIU No V-240 of 5 December 2014 for the Register of the Suspicious Transactions only;

  6. reasons for the termination of the Transactions or Business relationship for the Register of the Clients with whom Transactions or Business relationship has been terminated due to the circumstances related to the ML/TF or the infringement of this Policy only.

  1. The Registers are managed in digital format. The Registers are stored on the servers of the Company and are accessible via the internal network of the Company only. The Registers are managed in the Microsoft Office Excel format. There is a possibility to print out the content of the Registers on paper and this possibility remains after the data is copied into another durable medium. The IT system will have a backup function that will allow reversing the Registers. Registers’ data will be also stored on another server to duplicate all transactions as well as actions within the Company. The IT system allows duplicating information in less than 24 hours.

  2. All Client information and documentation have to be kept for the period of 8 (eight) years as of the end of the Transactions or Business relationship with the Client, except the correspondence with the Client regarding the business relationship, which has to be kept for the period of 5 (five) years as of the end of the Transaction or Business relationship with the Client.

  3. The data of the Registers have to be kept for the period of 8 (eight) years as of the end of the Transaction or Business relationship with the Client.

  4. Records may be kept both in hard copies and in soft copies, save the Registers which are kept in digital format only.

  5. Backups of soft copies of all Transactions undertaken are to be taken on a regular basis at least once a month. Certain original documents or certified copies of documents obtained are to be retained in hard copies and these should never be held exclusively in electronic format.


  1. IMPLEMENTATION OF ML/TF PREVENTION MEASURES 

    1. Implementation of ML/TF Prevention Measures. The Company’s preventative ML/TF measures are adapted taking into account the latest supra-national and national risk assessment documents, including the documents indicated below which shall be reviewed and updated from time to time:

  1. the results of the European Commission and national ML/TF  risk assessment unless it is decided during the national money laundering and terrorist financing risk assessment not to comply with certain recommendations of the European Commission;

  2. instructions, as much as they apply to Virtual Currency exchange operators, approved by the Bank of Lithuania, FNTT;

  3. documentation of the European Supervisory Authorities regarding the risks that should be taken into account and the measures that need to be taken in cases when simplified Client identification is permitted;

  4. guidelines of the European Supervisory Authorities regarding the risks that should be taken into account and the measures that need to be taken in cases when it is appropriate to apply enhanced Client identification measures.

  1. The managing director of the Company is responsible for the proper compliance of the Company with the requirements established by the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania as well as other legal acts related to the prevention of ML/TF. Therefore, the managing director has to arrange the following:

  1. the preparation and approval of this Policy as well as proper revision of this Policy as may be needed from time to time;

  2. the appointment of the Officer and replacement of the Officer as may be needed from time to time as well as arrangement of the respective notification on the latter to the FIU;

  3. ensure the proper acknowledgment of the existing and new Employees with this Policy as well as the amendments thereto as may be needed from time to time;

  4. ensure the proper trainings of the existing and new Employees on the ML/TF prevention measures prior to their commencement of the duties related to the ML/TF prevention as well as further periodical trainings, including the trainings in case of new ML/TF prevention regulation is issued and/or this Policy are amended as may be needed from time to time;

  5. ensure the proper implementation of this Policy in the Company, including but not limited to: due diligence of the Clients; ML/TF risk assessment and management; ongoing monitoring of the Clients; establishment, suspension and reporting of the Suspicious Transactions; recording and keeping the ML/TF prevention-related information and documentation, including the proper maintenance and keeling of the Registers;

  6. other duties established under the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and other legal acts.

  1. When performing the above duties the managing director of the Company may appoint other persons to be responsible for the particular duties on the ML/TF prevention in the Company. In such an event, the managing director of the Company remains liable under the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania and the related legal acts for the proper fulfillment of the above duties.

  2. The Officer is to be appointed by the managing director of the Company. The managing director of the Company may appoint an alternate Officer during periods when the Officer is going to be unavailable for period of time so as to ensure continuity in the Company’s obligations related to the ML/TF prevention. Upon appointment or replacement (whether temporary or permanent) of the Officer, the FIU is to be notified on the latter within 7 (seven) calendar days.

  3. The Officer is responsible for the oversight of all aspects of the Company’s ML/TF prevention activities and is the focal point for all such acts of the Company, including the Client's Due Diligence and further ongoing monitoring of the Clients as well as the suspension and reporting to the FIU of the Suspicious Transactions and all communication with the FIU.

  4. If during the Due Diligence stage or later during the ongoing monitoring of the Client the Employee has any doubts regarding the Client or its financial activity, the Employee must apply to the Officer. The Officer has to undertake the needed internal investigation actions and decide if the circumstances reported by the Employee raise a high risk of ML/TF. The Officer decides if the Client who raised the doubts can be accepted, which risk category such Client has to be assigned and if enhanced due diligence and ongoing monitoring have to be undertaken with respect to such Client. All decisions of the Officer as well as reasons for such decisions should always be documented and retained by the Officer on file.

  5. Employees should always file a report to the Officer upon knowledge or suspicion of ML/FT, and it is the Officer who would then consider if a Transaction has to be suspended and reported to the FIU. If the Officer decides that the Transaction reported to Officer by the Employee is not a Suspicious Transaction and there is no need to suspend it and report to the FIU, the reasons for such a decision should always be documented and retained by the Officer on file.

  6. Once an internal report on the Suspicious Transaction is lodged with the Officer, the latter should then consider the report in the light of all other relevant information in the Company’s possession. The Officer is to determine whether the transaction gives rise to knowledge or suspicion that a Client is or could be engaged in ML or TF. The Officer is not expected to investigate the transaction other than internally or to determine whether the funds are the proceeds of criminal activity.

  7. If the Officer is in doubt as to the possibility of ML/TF involvement, he may seek guidance from the FIU. If the report on the suspicious Transaction is not filed with the FIU, the Officer should document the reasons for such a decision.

  1. TRAINING OF EMPLOYEES 

    1. All Employees whose duties include the handling of Clients’ business, are to be adequately trained with respect to the procedures and the provisions of the Prevention of Money Laundering Act, the relevant Regulations, and the relevant provisions in the Criminal Code of the Republic of Lithuania.

    2. The level of training provided to individuals is to be appropriate to their role and seniority within the Company. In any case, all Employees must have and complete the proper training on ML/TF prevention prior to the commencement of their duties at the Company which involves the ML/TF risk.

    3. The managing director of the Company is responsible for the proper performance of the duties related to the training of the Employees. The managing director of the Company may appoint other persons who will undertake all necessary measures for the proper training of the Employees. 


Annex I

  1. Simplified Due Diligence 

  2. Using the simplified identification procedure, the Company collects only the below indicated information about the Client’s identity.

  3. Following information has to be collected from the personal identification document or the registration document used for due diligence purposes:

  4. as regards citizens of the Republic of Lithuania:

  5. name(s);

  6. surname(s);

  7. personal number;

  1. as regards foreign citizens;

  1. name(s);

  2. surname(s);

  3. date of birth (if available – personal number or another unique combination of characters assigned to the person for identification purposes).

  1. When applying the simplified due diligence, the Company obtains information indicated in point 1.2 of Annex I and also ensures that the first payment of the Client is performed from the account held in a credit institution, where the credit institution is registered in the European Union Member State or in a third country which has set the requirements equivalent to those laid down in the laws of the Republic of Lithuania and is monitored by competent authorities for compliance with these requirements, except in cases indicated in Section 9.2 (7) of the Policy.

  2. In cases indicated in Section 9.2 (7) of the Policy, the Company can deviate from the measures indicated in Sections 1.1-1.3 of Annex I, however, has to perform ongoing monitoring of the Client’s Business relationship, including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the Company’s knowledge of the Client, risk profile, and the source of funds and to ensure detection of complex or unusually large transactions and unusual patterns of transactions (the Company must analyse the grounds of performance and purpose of such operations or transactions, and execute the results of such analysis in writing).

  3. Information can be collected either through face-to-face contact or using electronic means.

  4. If the thresholds indicated in Section 1.2 are exceeded, the Company must apply the full identification procedure through face-to-face contact or using non-face-to-face identification measures.   






Annex II

  1. Non-face-to-face identification measures


  1. The identity of the Clients will be verified pursuant to the Policy, and the below-established rules applicable to physical persons. 


  1. Identification of a physical person


Requirements

Measures

Level 1: 

Simplified Due Diligence / Exemptions

Used when simplified due diligence is applied as described in Annex I. 

  1. The Client fills in the KYC questionnaire;

  2. The Company collects and verifies information as described in Annex I;

  3. The Company checks in the consolidated lists of persons, groups, and entities subject to the Lithuanian, EU, or United Nations financial sanctions: www.urm.lthttp://eeas.europa.eu/cfsp/sanctions/consol-list/index_en.htmhttps://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list.

In case Section 9.2 (1)-(6) of the Policy is used:

  1. The Company additionally requires the Client that the first payment to the electronic money account is done from the Client’s bank account.

Level 2:

Unlimited

The Company uses the following options:

  1. Option 1:

  2. The Client verifies his identity using a qualified electronic signature.

  1. Option 2:

  1. The Client’s facial image and original identity document are streamed live and compared. The machine-readable data is recognized and compared with the entered data by the Client; 

  2. Additional information is collected in the open databases to verify the existence of such a person (for instance, the name is matched to the date of birth).

  1. Option 3:

    1. The Client’s identity document is streamed live, machine-readable data is recognized and compared with the data from an advanced electronic signature;

    2. Additional information is collected in the open databases to verify the existence of such a person (for instance, the name is matched to the date of birth).


Annex III

The following countries, territories and zones are considered as the Target territories under the Policy:

  1. Andorra

  2. Anguilla

  3. Antigua and Barbuda

  4. Macau

  5. Aruba

  6. Azores

  7. Bahamas

  8. Bahrain

  9. Barbados

  10. Belize

  11. Bermuda

  12. Brunei

  13. Dominica

  14. Jersey

  15. Djibouti

  16. Ecuador

  17. Guernsey, Sark, Alderney

  18. Gibraltar

  19. Grenada

  20. Guatemala

  21. Hong Kong

  22. Jamaica

  23. United Arab Emirates

  24. Cayman Islands

  25. Kenya

  26. Costa Rica

  27. Cook Islands

  28. Kuwait

  29. Lebanon

  30. Liberia

  31. Liechtenstein

  32. Madeira

  33. Maldives

  34. Marshall Islands

  35. Mauritius

  36. Isle of Man

  37. British Virgin Islands

  38. U.S. Virgin Islands

  39. Monaco

  40. Montserrat

  41. New Caledonia

  42. Nauru

  43. Niue

  44. Netherlands Antilles

  45. Panama

  46. Samoa 

  47. San Marino 

  48. Seychelles 

  49. Saint Pierre and Miquelon 

  50. Saint Kitts and Nevis 

  51. Saint Vincent and the Grenadines

  52. Island of Saint Helen 

  53. Tahiti 

  54. Turks and Caicos Islands 

  55. Tonga 

  56. Uruguay 

  57. Vanuatu 

  58. Venezuela