ANTI-MONEY LAUNDERING POLICY

ANTI-MONEY LAUNDERING POLICY

General Definitions

For the purpose of this Manual, unless the context shall prescribe otherwise

“Beneficial Owner” means a natural person or persons who ultimately owns or controls a customer or the natural person on whose behalf a transaction is being conducted and includes those persons who exercise ultimate effective control over a legal person or arrangement;

“Business Relationship” means the arrangement between a person and Traze whose primary purpose is to facilitate an occasional or regular course of business dealings between them.

“Client” in relation to a transaction or an account, includes— 92 Supplement to Official Gazette [6th March, 2020] (a) the person in whose name a transaction or account is arranged, opened or undertaken; (b) a signatory to a transaction or account; (c) any person to whom a transaction has been assigned or transferred; (d) any person who is authorised to conduct a transaction; or (e) such other person as may be prescribed by regulations;

“Company” means any of the following entities listed below:

Oslo Capital (VG) LLC which is incorporated in Financial Services Commission (FSC) with registration number8422618-1 and Security Dealer license 2032226 
 “CRO” means Compliance 
“Law” means the ANTI-MONEY LAUNDERING AND COUNTERING THE FINANCING OF TERRORISM ACT, 2020 (Act 5 of 2020) 
“Manual” means the company’s Risk Management & Procedures Manual. “ML” means money laundering.

“Money Laundering and Terrorist Financing” means the offence defined in section 3,4 and 5 of the Law.

“TF” means terrorist financing.

Introduction

The purpose of the Manual is to lay down the company’s internal practice, measures, procedures and controls relevant to the prevention of Money Laundering and Terrorist Financing.

The Manual is developed and periodically updated by the compliance and reporting officer (hereinafter the “CRO”) based on the general principles set up by the company’s Board of Directors (hereinafter the “Board”) in relation to the prevention of Money Laundering and Terrorist Financing. All amendments and/or changes to the Manual must be approved by the Board.

The Manual shall be communicated by the CRO to all the employees of the company that manage, monitor or control in any way the Client’s transactions and have the responsibility for the application of the practices, measures, procedures and controls that have been determined herein. The Manual has been prepared to comply with the provisions of the Law.

Manual Applicability

The type of The Manual applies to all types of services offered to the company’s clients as well as the relevant company dealings with its Clients, including but not limited to foreign exchange trading transactions, which either do not aim to physically deliver the agreed foreign currency or are not materially settled in cash, irrespective of the Client account size and frequency of trading.

In this respect, CRO shall be responsible to update the Manual so as to comply with the Law’s future requirements, as applicable, and regarding due diligence procedures being applied for Clients who deal in but not limited to foreign exchange trading transactions with the company.

Responsibilities of the Board of Directors

The responsibilities of the Board in relation to the prevention of Money Laundering and Terrorist Financing include the following:

1. To determine, record and approve the general policy principles of company in relation to the prevention of Money Laundering and Terrorist Financing and communicate them to the CRO.
2. To appoint a CRO with overall responsibility for AML/CFT compliance.
3. To approve the Manual.
4. To ensure that all relevant requirements of the Law are applied, and assure that appropriate, effective and sufficient systems and controls are introduced for achieving the above mentioned requirement.
5. To ensure that the CRO and his assistants, if any, and any other person who has been assigned with the duty of implementing the procedures for the prevention of Money Laundering and Terrorist Financing (i.e. personnel of the Administration/Back-Office Department), have complete and timely access to all data and information concerning Client’s identity, transactions’ documents (as and where applicable) and other relevant files and information, so as to be fully facilitated in the effective execution of their duties, as included herein.
6. To establish a clear and quick reporting chain based on which information regarding suspicious transactions is passed without delay to the CRO, either directly or through his assistants, if any, and notifies accordingly the CRO for its explicit prescription in the Manual.
7. To ensure that the CRO and the Head of Administration/Back-Office Department have sufficient resources, including competent staff and technological equipment, for the effective discharge of their duties.

Responsibilities of the Compliance and Reporting Officer

The CRO shall belong hierarchically to the higher ranks of the company’s organization structure to command the necessary authority. Furthermore, the CRO shall lead the company’s Money Laundering Compliance procedures and processes and report to the Senior Management. The CRO shall also have access to all relevant information necessary to perform his duties.

During the execution of his duties and the control of the compliance of the company with the Law, the CRO shall obtain and utilise data, information and reports issued by international organisations.

The duties of the CRO shall include the following:

1. establishing and maintaining a manual of compliance procedures;
2. establishing an audit function to test AML/CFT procedures and systems;
3. taking overall responsibility for all STRs, Where a potentially suspicious transaction or service has been identified by Traze, the compliance and reporting officer (CRO) must examine the relevant records to confirm whether there are reasonable grounds to suspect that the service or transaction may be related, directly or indirectly, to the commission of serious criminal conduct (including money laundering or terrorist financing). This is the threshold for triggering the core STR obligation under s 10 of the AML Act.; and
4. ensuring that all officers, employees, and agents:

(i) are screened by the CRO and other appropriate officers before recruitment;

(ii) are trained to recognise suspicious transactions and trends and particular risks associated with money laundering and financing of terrorism; and

(iii) comply with all relevant obligations under AML/CFT laws and with the internal compliance manual

The constant monitoring of the Clients’ accounts and transactions is an imperative element in the effective controlling of the risk of Money Laundering and Terrorist Financing. In this respect, the CRO shall be responsible for maintaining as well as developing the on-going monitoring process of the company.

Responsibilities of the Internal Auditors

The following obligations of the Internal Auditor are addressed specifically for the prevention of Money Laundering and Terrorist Financing:

1. The Internal Auditor shall review and evaluate, at least on an annual basis, the appropriateness, effectiveness and adequacy of the policy, practices, measures, procedures and control mechanisms applied for the prevention of Money Laundering and Terrorist Financing mentioned in the Manual.
2. The findings and observations of the Internal Auditor, in relation to point (1) above, shall be submitted, in a written report form, to the Board.

Customer Due Diligence (CDD) Workflow Risk-Based Approach (RBA)

The risk based approach mean that Traze will identify, assess and understand the ML/TF risks to which they are exposed and take AML/CFT measures commensurate with those risks in order to manage and mitigate them effectively.

Under the RBA, Traze will seek to identify, assess and understand its ML/TF risks in relation to

(a) its customers;

(b) the countries or jurisdictions its customers are from or in;

(c) the countries or jurisdictions the AI has operations in; and

(d) the products, services, transactions and delivery channels of the AI.

Customer due diligence (CDD), as defined in the AML Regulations, has four key components:

(a) identifying customers, including any person acting on behalf of a non- individual customer, and verifying their identity;

(b) where the customer is not the beneficial owner, identifying the beneficial owner and taking reasonable measures to verify the beneficial owner’s identity;

(c) obtaining enough information about the nature of the business relationship and the customer or beneficial owner’s business to identify complex or unusual transactions or patterns of transactions and other high-risk activity; and

(d) taking reasonable measures to ascertain the purpose of one-off transactions (defined in r 5 as transactions outside an existing business relationship that exceed R 100,000 or R 50,000 in cash, whether in a single or several linked operations), and the origin and ultimate destination of all funds transfers.

The adopted risk-based approach that is followed by the company, and described in the Manual, has the following general characteristics:

1. Recognises that the money laundering or terrorist financing threat varies across clients, countries, services and financial instruments.
2. Allows the Board to differentiate between Clients of the company in a way that matches the risk of their particular business.
3. Allows the Board to apply its own approach in the formulation of policies, procedures and controls in response to the company’s particular circumstances and characteristics.
4. Helps to produce a more cost-effective system
5. Identifying and assessing the Money Laundering and Terrorist Financing risks emanating from particular Clients or types of Clients, financial instruments, services, and geographical areas of operation of its Clients .
6. Managing and mitigating the assessed risks by the application of appropriate and effective measures, procedures and controls.
7. Continuous monitoring and improvements in the effective operation of the policies, procedures and controls.

Ongoing monitoring

Ongoing monitoring has two key components:

1. Scrutinising transactions for consistency with the customer’s business, risk profile, and source of funds/wealth; and
2. Keeping all CDD information and documentation up to date.

Sanctioned and high risk jurisdictions

The company will refer to UN, EU, FATF and US name and country lists when determining the risk level of its counterparts.

Client Identification Procedures

The CRO shall ensure that the appropriate documents and information with respect to the following cases shall be duly obtained, as applicable and appropriate:

1. All identification and verification procedures, including both internal and external communications, should be documented in writing and preserved as records under the AML Act.

2. Traze should first establish to its satisfaction that it is dealing with a real person (natural or legal) and that any person purporting to act on behalf of a non- individual client or customer is properly authorised to act.
3. Traze should take the necessary steps to identify the beneficial owner or owners of the assets which form the basis of the proposed relationship or transaction, and make appropriate inquiries into the purpose and nature of that relationship or transaction.
4. Documents issued by reputable government sources (e.g. identity cards and passports) should be required. Where practicable, copies of the supporting evidence should be retained. Alternatively, reference numbers and other relevant details should be fully recorded.
5. Where Traze is not able to identify and verify the identity of the prospective client/customer and all relevant beneficial owners in accordance with the AML Regulations, Traze should (a) not establish (or terminate) any business relationship, (b) decline to carry out any transaction, and (c) make an immediate STR to the FIU.

Reliance on Third Persons for Client Identification and Due Diligence Purposes

Company may rely on third persons for the implementation of Client identification and due diligence procedures, provided that:

1. The third person makes immediately available all data and information, which must be certified true copies of the originals, which were collected in the course of applying Client identification and due diligence procedures.
2. The company applies the appropriate due diligence measures on the third person with respect to his professional registration and procedures and measures applied from the third person for the prevention of Money Laundering and Terrorist Financing. The CRO shall be responsible for the implementation of the provisions mentioned above.

Suspicious Transactions

The definition of a suspicious transaction as well as the types of suspicious transactions which may be used for Money Laundering and Terrorist Financing are almost unlimited. A suspicious transaction will often be one which is inconsistent with a Client’s known, legitimate business or personal activities or with the normal business of the specific account, or in general with the economic profile that the company has created for the Client. The company shall ensure that it maintains adequate information and knows enough about its Clients’ activities in order to recognise on time that a transaction or a series of transactions is unusual or suspicious .

In order to identify suspicious transactions the CRO shall perform the following activities:

1. Monitor on a continuous basis any changes in the Client’s financial status, business activities, type of transactions.
2. Monitor on a continuous basis if any Client is engaged in any of the practices described in the list below of what might constitute suspicious transactions/activities related to Money Laundering and Terrorist Financing.

Where a potentially suspicious transaction or service has been identified by Traze, the compliance and reporting officer (CRO) must examine the relevant records to confirm whether there are reasonable grounds to suspect that the service or transaction may be related, directly or indirectly, to the commission of serious criminal conduct (including money laundering or terrorist financing)

If after completing this review, the CRO decides that reasonable grounds for suspicion exist, then he/she must immediately proceed to make an STR to the FIU. All STRs must be made within two working days of forming the relevant suspicion (or knowledge).

Where Traze has made an STR in relation to a service or transaction in respect of property in its possession or control, the entity is automatically prohibited from providing the service or proceeding with the transaction for 10 working days from the date of the STR, except with the written consent of the FIU (s 10(1)(d) of the AML Act). After that 10-day period, unless the FIU has issued an administrative freezing direction under s 10(4) of the AML Act, Traze may proceed with the service or transaction. However if a service or transaction that subsequently takes place does in fact constitute the crime of money laundering, the making of the initial STR will not be a defence for any participant with the requisite mens rea.

Money Laundering

A person is guilty of money laundering if, knowing or believing that property is or represents the benefit of criminal conduct or being reckless as to whether the property is or represents such benefit, the person, without lawful authority or excuse (the proof of which shall lie on the person) —

(a) converts, transfers or handles the property, or removes it from the Republic;

(b) conceals or disguises the true nature, source, location, disposition, movement or ownership of the property or any rights with respect to it; or

(c) acquires, possesses or uses the property.

Tipping off

(1) A person (and without prejudice to the generality of the foregoing a reporting entity, its officers, employees or agents) who, knowing or suspecting that—

(a) a suspicious transaction report or a direction of the FIU under section 48 has been or may be made or that further information has been given under section 48; Tipping off [6th March, 2020] Supplement to Official Gazette 147

(b) a reporting entity has formed a suspicion in relation to a transaction for the purpose of section 48;

(c) any other information from which the person to whom the information is disclosed could reasonably be expected to infer that a suspicion has been formed or that a suspicious transaction report has been or may be made;

(d) a search warrant is to be issued or has been issued;

(e) an application is to be made, or has been made, under this Act for a production order;

(f) an investigation has commenced concerning the circumstances that gave rise to the suspicious transaction report, the warrant or the production order; or

(g) makes any disclosure which could or may or be likely to prejudice the implementation of the warrant, the making available of the material in accordance with the production order, or the investigation, commits an offence and is liable on conviction to imprisonment up to six months or to a fine not exceeding SCR200,000 or to both.

(2) In proceedings against a person for an offence under this section it shall be a defence to prove that the person had lawful authority or reasonable excuse for making the disclosure.

(3) Subsection (1) shall not apply to disclosures made to —

(a) an officer or employee or agent of the reporting entity for any purpose connected with the performance of that person’s duties;

(b) a legal practitioner, attorney or legal adviser for the purpose of obtaining legal advice or representation in relation to the matter; 148 Supplement to Official Gazette [6th March, 2020]

(c) the supervisory authority of the reporting entity for the purpose of carrying out the supervisory authority’s functions.

(4) No person referred to in subsection (3)(b) to whom disclosure of any information to which that subsection applies has been made shall disclose that information except to another person of the kind referred to in that subsection, for the purpose of —

(a) the performance of his duties; or

(b) obtaining legal advice or representation in relation to the matter.

(5) No person referred to in subsection (3)(c) to whom disclosure of any information to which that subsection applies has been made shall disclose that information except to a person referred to in that subsection for the purpose of giving advice or making representations in relation to the matter.

Record-Keeping Procedures

The Administration/Back-Office Department of the company shall maintain records of:

1. The nature of the evidence of identity obtained on any client, and
2. Either a copy of that evidence, or information sufficient to enable a copy to be

obtained without delay.

1. All transactions and related correspondence carried out by the company.
2. Records of all AML/CFT enquiries received from the FIU and all reports made to

the FIU under s 10 of the AML Act

5. All documents collected and reports made during both client onboarding and on going monitoring.
6. Documents obtained and reports created during the CDD process.

All records must be kept for a minimum period of seven (7) years from the date of the relevant event or, in the case of an ongoing business relationship, after the business relationship ceases, in a form which is immediately accessible upon request.

Format of Records

The Administration/Back-Office Department shall retain the documents/data mentioned above, other than the original documents or their Certified true copies that are kept in a hard copy form, in other forms, such as electronic form, provided that the Administration/Back-Office Department shall be able to retrieve the relevant documents/data without undue delay and present them at any time, to regulatory bodies, after a relevant request.

The company will establish a documents/data retention policy, it will ensure that the said policy shall take into consideration the requirements of the Law.

1. The documents/data obtained, shall be in their original form or in a certified true copy form. In the case that the documents/data are certified as true by a different person than the company itself or by the third person mentioned in “Reliance on Third Persons for Client Identification and Due Diligence Purposes, the documents/data must be notarised.

2. A true translation shall be attached in the case that the documents of point (1) above are in a language other than English.

Each time the company shall proceed with the acceptance of a new Client, the Head Administration/Back-Office Department shall be responsible for ensuring compliance with the provisions of points

(1) and (2) above.

Employees’ Obligations, Education and Training Employees’ Obligation, Staff should be made aware of:

1. The company’s and their own personal statutory obligations and the possible consequences for failure to comply with CDD and record-keeping requirements under the AML act and Prevention of terrorism act.
2. Any other statutory and regulatory obligations that concern their AIs and themselves under the AML act, Prevention of terrorism act and other related acts and regulations, and the possible consequences of breaches of these obligations;
3. The company’s policies and procedures relating to AML/CFT, including suspicious transaction identification and reporting
4. Any new and emerging techniques, methods and trends in ML/TF to the extent that such information is needed by the staff to carry out their particular roles in the company with respect to AML/CFT.

Education and Training Policy

1. The CRO shall ensure that its employees are fully aware of their legal obligations according to the Law, by introducing a complete employees’ education and training program.
2. The timing and content of the training provided to the employees of the various departments will be determined according to the needs of the company. The frequency of the training can vary depending on to the amendments of legal and/or regulatory requirements, employees’ duties as well as any other changes in the financial system.
3. The training program aims at educating the company’s employees on the latest developments in the prevention of Money Laundering and Terrorist Financing, including the practical methods and trends used for this purpose.