CROSSCHANGE INTERNATIONAL OÜ
SEPTEMBER 1, 2020
These Rules of Procedure are based on the Money Laundering and Terrorist Financing Prevention Act and the International Sanctions Act and are intended for the internal use.
1. DEFINITIONS AND ABBREVIATIONS
1.1. RahaPTS – the Money Laundering and Terrorist Financing Prevention Act.
1.2. RSanS – the International Sanctions Act.
1.3. Private Limited Company – Crosschange International OÜ, registry code: 114707163, address: Harju maakond, Tallinn, Kesklinna linnaosa, Ahtri tn 6a, 10151.
1.4. Customer or Client – person who has a business relationship with an obliged entity.
1.5. Money Laundering means:
1.5.1. the conversion or transfer of property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions;
1.5.2. the acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein;
1.5.3. the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;
1.5.4. Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.
1.6. Terrorist financing – the allocation or collection of funds for the design or commission of terrorist acts or the financing of terrorist organizations for the purposes of the Penal Code or knowing that these funds will be used for the aforementioned purpose.
1.7. International Sanction – A measure that is not related to the use of the armed forces and the determination of which has been decided by the European Union, the United Nations, another international organization or the Government of the Republic in pursuit of the following objectives:
1.7.1. To maintain or restore peace.
1.7.2. Prevent conflicts and strengthen international security.
1.7.3. Support and consolidate democracy.
1.7.4. Respect the rule of law, human rights and international law.
1.7.5. Achieve other objectives of the European Union’s Common Foreign and Security Policy.
1.8. The actual beneficiary - a natural person who, by exploiting his or her influence, uses a transaction or operation, or otherwise controls the transaction, operation or other person and for whose benefit or on whose account the transaction or operation is performed. In the case of a commercial association, the beneficial owner is a natural person who ultimately owns or controls a legal entity through a sufficient number of shares, voting rights or ownership, whether directly or indirectly, including in the form of bearer shares, or by any other means.
1.8.1. Direct ownership is the way in which a natural person holds a 25% stake in a company, plus one share, or more than 25% of ownership. Indirect ownership is the way of exercising a control in which a company owns a 25% stake plus one share, or more than 25% ownership of a company controlled by a natural person or several commercial associations, being controlled by the same natural person.
1.8.2. If, after any method of detection, it is not possible to identify that person and there is no doubt that such a person exists, or if it is doubtful whether the identified person is the beneficial owner, the beneficial owner is deemed to be a natural person – member of the senior management body.
1.9. Financial Intelligence Unit – the independent structural unit of the Estonian Police and Border Guard Board (PBGB), which monitors and applies national enforcement on the grounds and in the manner prescribed by the law. Postal address: Tööstuse 52, 10416 Tallinn; e-mail: firstname.lastname@example.org; tel.: (+372) 612 3840.
1.10. Risk appetite - the total of the exposure level and types of the Private Limited Company, which the Private Limited Company is prepared to assume for the purpose of its economic activities and attainment of its strategic goals, and which is established by the senior management of the Private Limited Company in writing.
1.11. A low-tax territory - a territory in which the tax liability of persons registered there is minimal or non-existent. There is no official list of countries that are considered low-tax territories. When defining low-tax areas, the Regulation No. 55 of the Minister of Finance of 18 December 2014 “List of Territories Not Considered Low-Tax Territories” (RT I, 19.12.2014, 15) shall be followed.
2. GENERAL PROVISIONS
2.1. This Guide establishes internal security measures to comply with the requirements for the prevention of money laundering and terrorism and international sanctions, as well as the identification of suspicious and unusual transactions.
2.2. The employees of the Private Limited Company must recognize and strictly observe the requirements of international sanction, regulations on detecting suspicious transaction traits of money laundering and terrorist financing, issued by the Financial Intelligence Unit, other instructions regulating the compliance with the Money Laundering and Terrorist Financing Prevention Act and the requirements herein.
2.3. The employees of the Private Limited Company must independently review the amendments to laws and other legal acts that appear on the website of the Financial Intelligence Unit at https://www2.politsei.ee/en/organisatsioon/rahapesu-andmeburoo/.
2.4. The Management Board of the Private Limited Company is required to present these Guidelines to all members of the Private Limited Company.
2.5. The employees of the Private Limited Company are obliged to confirm the reviewing of this manual with a handwritten signature.
2.6. The employees of the Private Limited Company are personally liable for compliance with the requirements of the Money Laundering and Terrorist Financing Prevention Act pursuant to the procedure provided by law.
3. CLIENT EVALUATION AND RISK ANALYSIS
3.1. Each client of the Private Limited Company is assessed in accordance with these guidelines and due diligence measures.
3.2. In the evaluation of the Client, the Private Company proceeds from the “Know Your Customer” principle and international standards and practices.
3.3. When conducting a preliminary background check of a potential Client, the assessment of the risks of money laundering and terrorist financing is based on the Client’s residence, economic and personal activities, legal form, expected volume of transactions and selected services, as well as identification of potential customer and verification of potential customer’s identity data with the help of information technology means.
3.4. In the assessment of a potential Client, his reputation is also taken into account.
3.5. The following background study is conducted for the client:
3.5.1. Information about the Client’s personal or economic activities;
3.5.2. Information on the origin of the Client’s financial resources;
3.5.3. Information about the actual beneficiary;
3.5.4. Tracking transactions on the client’s account and, if necessary, asking for documents related to transactions;
3.5.5. Keeping and protecting the information received and updating regular information and documents.
3.6. The private limited company does not serve or co-operate with the following persons:
3.6.1. that are not identified in conformity with law requirements due to the lack of data provided;
3.6.2. Who fails to submit the requested documents that are required by law and are necessary for the establishment of the account and the execution of transactions or attempts to circumvent the submission of documents or to submit fewer documents than required;
3.6.3. There is a reason to doubt the authenticity of the documents submitted;
3.6.4. Who refuses to provide data on the origin of his or her financial means where the provision of such information is required by law;
3.6.5. There are grounds for believing that he or she has participated in or contributed to the commission of a terrorist act;
3.6.6. Under 18 years of age;
3.6.7. about whom information has been gathered accord to which there are grounds for believing that money laundering or terrorist financing may be involved;
3.6.8. to whom international sanctions apply.
4. ASSESSMENT OF RISKS AND DETERMINATION OF THE LEVEL OF APPLIED DUE DILIGENCE MEASURES
4.1. In case of establishing a business relationship and/or making a transaction with a client of a private limited company if the value of the client’s transactions in a calendar month exceeds 1000 euro, regardless of whether the financial liability is fulfilled in a single payment or in the amount of several interrelated payments in a period of up to one month or an equivalent amount in another currency, the degree of risk of money laundering and terrorist financing must be assessed and, accordingly, the appropriate diligence measures chosen and applied.
4.2. The following categories must be taken into account when assessing the level of risk of money laundering and terrorist financing:
4.2.1. Geographical risk.
4.2.2. Customer risk.
4.2.3. Risk associated with products, services or transactions, as well as through communication channels between the private limited company and customers.
4.3. The risk assessment performed by the private limited company highlights the risks on the basis of which specific risk factors can be specified and, according to the result, attention can be drawn to factors with already higher risk, which may have a greater potential impact on the private limited company’s economic activities. In addition to risk mapping, risk assessment provides prerequisites for more efficient use of resources and specification of relevant internal procedures. The result will also help supervisors to apply risk-based supervision more effectively.
4.4. The determination of risk appetite takes into account the risks that the private limited company is prepared to take or wishes to avoid in connection with its economic activities and qualitative and quantitative compensation mechanisms, such as planned income, capital or other liquidity measures or other factors such as reputational risks and money laundering and terrorist financing or other unethical practices.
4.5. In preparing the risk assessment and determining the risk profile of the Customer, the private limited company takes into account at least the following risk categories:
4.5.1. Low risk - There is no risk factor in this risk category, and the client and his activities are transparent and no different from those of a prudent and average person, and there is no doubt that risk factors may lead to the realization of the risk of money laundering and terrorist financing. At the same time, the Client’s risk level is low if there is no influencing risk factor in any of the higher risk categories and there is at least one risk mitigating circumstance, therefore it can be said that the Client’s activities may not increase the probability of money laundering and terrorist financing.
4.5.2. Normal level of risk - There may be one or more risk factors in this risk category, but the customer and his activities are still transparent and there is no doubt that the combination of risk factors could create a risk of money laundering or terrorist financing.
4.5.3. High risk - There are one or more risk factors in this risk category, the combination of which calls into question the identity of the customer and the transparency of its activities, making it different from the average person doing the same activity and therefore money laundering or terrorist financing is likely to occur.
4.6. If there are both lower and higher risk characteristics of the client or his / her activities, the principle of risk must be determined on the basis that if there is one higher risk characteristic, the risk level is considered to be high.
4.7. Geographic risk is considered to be high when a customer or transaction has a known relationship with the following countries or territories:
4.7.1. Countries and territories for which the UN or European Union sanction, embargo or other analogous measure has been implemented.
4.7.2. Countries where there are insufficient measures to combat money laundering and terrorist financing.
4.7.3. Countries that are undoubtedly known to support terrorism or where there is a high level of corruption.
4.8. Customer risk is considered to be high when the client:
4.8.1. is a person whose structure, form or relationship with other persons is unusual or systematized in such a way that it is not possible to identify the beneficial owner;
4.8.2. is a legal person, the majority of whose shares form the bearer’s shares;
4.8.3. is a legal entity registered in a low-tax area;
4.8.4. is a politically exposed person, his family member or a close associate;
4.8.5. listed on the UN or the European Union list of person’s subject to international financial sanctions;
4.8.6. is a natural or legal person that has, or has previously been, suspected of being involved in money laundering or terrorist financing;
4.8.7. appearance or behavior may indicate being an undercover person;
4.8.8. is a company associated with a higher risk of corruption (eg mining, healthcare, arms trade);
4.8.9. is a legal entity in any form, the structure of the management body and / or the beneficial owner
is not clear and the information provided cannot be verified;
4.8.10. is a company handling large amounts of cash.
4.9. The risk associated with the transaction is considered to be high if:
4.9.1. The transaction is paid by a non-party person;
4.9.2. A transaction is being requested, one of the objectives of which is to hide the actual dealers;
4.9.3. A transaction is requested that does not have a reasonable commercial, economic, fiscal or legal purpose;
4.9.4. A transaction may encourage anonymity;
4.9.5. A transaction relates to payments received from unknown or unrelated third parties;
4.9.6. A transaction involves a pecuniary obligation of more than 32 000 EUR or equivalent amount in another currency shall be settled in cash, whether or not the transaction made in a single payment or in several payments over a period of up to one year;
4.9.7. The client purchases virtual currencies with one or more related transactions worth more than 32,000 euros;
4.9.8. Communication with the customer or use of the service occurs incidentally using sales or communication channels that are not reliable or unusual.
4.10. The risk of money laundering or terrorist financing is considered to be high if there is any reason to suspect that a customer or customer transaction may be related to money laundering or terrorist financing.
4.11. If, for a client or transaction, at least one of the risks specified in this section appears, the reinforced due diligence measures listed in paragraph 8 must be applied to the client.
4.12. A private limited company does not establish business relations in the following cases:
4.12.1. The client is from a high-risk third country or is domiciled in a high-risk third country;
4.12.2. The client is subject to European Union or United Nations sanctions;
4.12.3. Customer data cannot be verified;
4.12.4. The client is a known undercover agent who does not carry out the transaction in his own interest;
4.12.5. The client is a person with a higher risk national background;
4.12.6. The Client is a foundation, trust fund or contractual investment fund;
4.12.7. Due diligence cannot be applied to the customer for any reason.
5. IDENTITY OF PERSONALITY IN EXECUTION OF TRANSACTIONS AND ESTABLISHING CUSTOMER RELATIONS
5.1. An employee of the private limited company shall apply the following rules of procedure each time before the customer establishes a business relationship or makes a transaction if the value of the client’s transactions in a calendar month exceeds 1000 euros or equivalent in another currency, regardless of whether the obligation is fulfilled in a single payment or in a series of interrelated or multiple interconnected payments:
5.1.1. A customer’s representative of a natural person or a legal entity is identified on the basis of the following documents:
the document specified in subsection 2 (2) of the Identity Documents Act;
a valid travel document issued in a foreign state;
a driving permit meeting the conditions provided for in subsection 4 (1) of the Identity Documents Act; or
for a person under 7 years of age, the birth certificate specified in § 30 (1) of the Vital Statistics Registration Act. Where the original document specified in 5.1.1. of this section is not available, the identity can be verified on the basis of a document specified in 5.1.1., which has been authenticated by a notary or certified by a notary or officially, or on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions, thereby using at least two different sources for verification of data in such an event.
22.214.171.124. The Client is identified on the basis of an identity document whose personal data and photocopy of the page are kept in the Private Company’s customer database. Identity is determined on the basis of the following documents: on the basis of the Estonian citizen’s passport, ID card, alien’s passport, residence permit or driving license issued in Estonia, travel document issued in a foreign country (in a Member State of the European Union and in a third country).
126.96.36.199. The following data are recorded and stored for a natural person:
188.8.131.52.1. Name, representative’s name.
184.108.40.206.2. Personal code, or, in its absence, the date and place of birth.
220.127.116.11.3. Name, number, date of issue and name of the issuing authority for the document used to identify and verify the person.
18.104.22.168.4. Residential address.
22.214.171.124.5. Person’s occupation or field of activity.
126.96.36.199. If a person is a natural person in another Contracting Party to the European Economic Area or third country, in addition to the data above, the following data shall be recorded:
188.8.131.52.1. Whether a person performs or has performed essential functions of public authority.
184.108.40.206.2. Whether he is a close associate or a family member who performs important functions of public authority.
220.127.116.11. If a person is a representative of a foreign legal person, he or she must submit a document approved notarial or in the equal manner, certifying his or her authority, which is legalized or approved by a certificate replacing legalization, unless otherwise provided by an international agreement.
5.1.2. A customer of a legal nature is identified and stored on the basis of the following information:
the business name or the name of the legal entity;
the registry code or registration number and time;
the name of the director or the names of the members of the Management Board or other body replacing it and their powers in representing a legal person;
the data of the means of communication of a legal person.
18.104.22.168. The identity of a legal entity registered in Estonia and a branch of a foreign company registered in Estonia is identified by an extract from the relevant registry card.
22.214.171.124. The identity of a foreign legal person is established on the basis of an extract from the relevant register or a copy of the certificate of registration or equivalent, issued by the competent authority or body not earlier than six months before it is submitted.
126.96.36.199. The document submitted to identify a person must at least include:
188.8.131.52.1. Business name, or name, location and address of legal entity.
184.108.40.206.2. Registry code or registration number.
220.127.116.11.3. Date of issue and name of the issuing authority.
18.104.22.168.4. The name of director or names of the members of the Management Board or members of other body replacing it, and their powers in representing a legal person.
22.214.171.124.5. Field of activity of a legal person.
126.96.36.199.6. Means of communication: telephone and e-mail address.
188.8.131.52.7. The data of beneficial owners of a legal entity.
184.108.40.206. If a legal entity can be associated with a politically exposed person from another state of the EEA Agreement or a third country, the following information must also be recorded:
220.127.116.11.1. Whether a person performs or has performed essential functions of public authority.
18.104.22.168.2. Whether he is a close associate or a family member who performs important functions of public authority.
5.1.3. A private limited company shall not enter into a contract and shall not perform a transaction:
22.214.171.124. with a person who refuses to provide the information and documents specified in this section as well as with a person who is suspected of being a shadow person.
126.96.36.199. If the client fails to submit the required documents and relevant information, or if, on the basis of the documents submitted, it is suspected that there may be money laundering or terrorist financing or there is a person subject to an international sanction.
5.2. In mediating a transaction between multiple clients, the employee of the private limited company is required to verify the identity of each person participating in the transaction and verify the information provided.
6. IDENTIFICATION OF PERSONS AND VERIFICATION OF PERSON’S IDENTITY DATA WITH INFORMATION TEHNOLOGY MEANS
6.1. A Private Limited Company establishes the requirements and procedural rules for identification of persons and verification of persons’ identity with information technology means, including the specification of the information disclosure requirements, the rules of procedure applicable upon the establishment of a business relationship and to the occasional conclusion of transactions using information technology means, requirements for activities related to the declarations of intent of the parties to a transaction, the guidelines for preparation of the identification questionnaire surveys and mandatory real-time interviews held upon establishment of a business relationship, conditions of processing of the photo of a person, and requirements for the quality of the synchronised audio and video stream during the procedures as well as for recording and for the reproducibility of recordings.
6.2. The technical requirements of and procedure for identification of persons and verification of data using information technology means are established according to a regulation of the Minister of Finance “Requirements and procedure for identification of persons and verification of person’s identity data with information technology means” (RT I, 25.05.2018, 17).
6.3. A Private Limited Company must identify a person and verify data with the help of information technology means where a business relationship is established with an e-resident or a person from a country outside the European Economic Area or whose place of residence or seat is in such country and where the due diligence measures are not applied while being physically in the same place as the person or their representative.
6.4. A Private Limited Company must identify a person and verify data with the help of information technology means where a business relationship is established with a person from a contracting state of the European Economic Area or whose place of residence or seat is in such a country and whose total sum of outgoing payments relating to a transaction or a service contract exceeds 15 000 euros per calendar month or, in the case of a customer who is a legal person, 25 000 euros per calendar month, and where the due diligence measures are not applied while being physically in the same place as the person or their representative.
6.5. Upon the identification of a person and verification of person’s identity with information technology means, a natural person or the legal representative of a legal entity provided in points 6.3. and 6.4. , who wants to establish a business relationship and occasionally conclude a transaction, must use a document intended for the digital identification of a person and issued on the basis of the Identity Documents Act or other high-confidence e-identification system, which has been added to the list published in the Official Journal of the European Union based on Article 9 of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, pp. 73–114), and an information technology means, which has a working camera, microphone, the hardware and software required for digital identification and an internet connection of adequate quality.
6.6. Where a person is a foreign national, the identity document issued by the competent authority of the foreign country must be used for the identification of the person and verification of data in addition to the means specified in 6.5.
6.7. Upon the identification of a person and verification of person’s identity, the employee of the private limited company may use such information technology means that allow to compare biometric data.
6.8. A customer identifies themselves when entering the information system and confirms upon the establishment of a business relationship and the conclusion of a transaction on occasional basis that customer have read the information about the use of information technology means on private limited company’s website or in the specified information system and agree to the terms and conditions of identification of a person and verification of person’s identity with information technology means, according to the subsections 14 (8) and 31 (6) of the Money Laundering and Terrorist Financing Prevention Act and regulation of Minister of Finance “Requirements and procedure for identification of persons and verification of person’s identity data with information technology means”.
6.9. The private limited company publishes information about the technical conditions for the identification of a person and verification of person’s identity with information technology means on its website or in the specified information system.
6.10. The private limited company does not serve or co-operate with the persons whose identification and verification of a person’s identity with the help of information technology means is considered unsuccessful. Following cases of the establishment of a business relationship are considered to be unsuccessful:
6.10.1. the potential customer has intentionally submitted data that do not correspond to the identification data entered in the identity documents database or do not coincide with the information or data obtained with other procedures;
6.10.2. the session expires or is interrupted during the identification of a customer, the identification questionnaire or the interview, or the information flow that transmits synchronised sound and image does not comply with the requirements set out in section 5 of the “Requirements and procedure for identification of persons and verification of person’s identity data with information technology means” regulation;
6.10.3. the potential customer has not given the confirmations stipulated in subsections 2 (4) to (6) of the “Requirements and procedure for identification of persons and verification of person’s identity data with information technology means” regulation;
6.10.4. the potential customer refuses to comply with the private limited company’s instructions;
6.10.5. the potential customer uses the assistance of another person without the private limited company’s permission;
6.10.6. there are circumstances that give rise to suspicions of money laundering or terrorist financing.
7. IMPLEMENTATION OF DUE DILLIGENCE MEASURES
7.1. The employee of the private limited company applies due diligence measures when establishing a business relationship with the client or in making or arranging transactions, if the value of the customer’s transactions in a calendar month exceeds 15000 euro or an equivalent amount in another currency, regardless of whether the financial obligation is executed in a transaction in one payment or several interconnected payments, unless otherwise provided by law.
7.2. Greater attention should be paid to the activities and circumstances of a person or customer involved in a transaction that refers to money laundering or terrorist financing, or which are likely to be linked to money laundering or terrorist financing, including complex, high value and unusual transactions that do not have a reasonable economic purpose.
7.3. There are following applicable diligence measures:
7.3.1. Identification of the person and verification of data using information technology means, who participates in a client or occasional transaction, and verification of the information provided, and the information obtained from a reliable and independent source, including e-identification and etransactions trust services.
7.3.2. Identification and verification of a customer or a person participating in an occasional transaction and their right of representation.
7.3.3. Identification of the beneficial owner, including the collection of information on the ownership and control structure of a legal entity, trust company, partnership or other such contractual legal entity, information supplied in the pre-contractual negotiations or other reliable information obtained from an independent source;
7.3.4. Obtaining information about the client’s business relationship and the purpose and nature of the transaction.
7.3.5. Continuous monitoring of the customer business relationship, including tracking transactions conducted during a business relationship, regular checking of the data used to identify the person, updating relevant documents, data and information, and, if necessary, identifying the source and origin of the funds used in the transaction.
7.4. Increased attention must be also paid to the activities and circumstances of a person or customer involved in the transaction if a person engaged in an economic or professional transaction or an official act, a person using the professional service, a customer or a beneficial owner thereof is a politically exposed person, a family member of a politically exposed person or a close associate of a politically exposed person.
7.4.1. „Family member” includes the following persons:
a) a person considered to be a spouse of a politically exposed person or a person deemed equivalent to a spouse;
b) children of a politically exposed person and their spouses or persons deemed equivalent to their spouses;
c) parents of a politically exposed person.
7.4.2. “Person considered as a close associate” includes the following persons:
(a) a natural person who is known to be a joint owner of a legal person or legal entity, who is deemed a beneficiary owner together with a politically exposed person or who has close business relations with a politically exposed person;
(b) a natural person who is the sole beneficial owner of a legal entity or legal unit known to be actually established for the benefit of a politically exposed person.
7.5. Applicable diligence measures are:
7.5.1. receiving an approval of the senior management for creation or continuation of a business relationship with this person;
7.5.2. the origin of the wealth of a person and the sources of funds that are used in business or occasional transactions, and the monitoring of this business relationship in an enhanced manner.
7.5.3. If a politically exposed person no longer fulfills the significant public tasks assigned to him, the Private Limited Company must, within a period of 12 months’ least, take into account the risks that continue to be associated with that person and implement appropriate and risk-sensitive measures as long as it is certain that the risks inherent to the person of politically exposed person no longer exist. The employees of the private limited company must independently seek and familiarize themselves with information about persons of the Estonian politically exposed persons, including information appearing on the website of the Financial Intelligence Unit: https://www2.politsei.ee/en/organisatsioon/rahapesu-andmeburoo/fius-advisory-guidelines/ and using other state portals.
7.6. In the application of due diligence measures, the facts to be determined are usually determined on the basis of the original documents submitted by the customer. If the original document cannot be obtained, the notarized or notarized or officially certified documents, i.e. documents approved by the lawyer, may be used. If this is not reasonable considering the level of risk, a copy of the original document must be certified with the corresponding stamp and / or issuer’s signature and may be transmitted electronically (in the reproducible in writing form). A copy may not be relied on if there is doubt as to its originality.
7.7. The application of diligence measures may be based on information, received in the reproducible in writing form from a branch registered in the commercial credit institution in Estonia or a foreign credit institution or a credit institution registered or whose place of business is in a Contracting State of the European Economic Area or a third country in which the requirements equivalent to those set forth in the RahaPTS apply.
7.8. The above-mentioned due diligence measures must be applied before the establishment of a business relationship or transaction.
7.9. The identity of the customer, of a person taking part in the transaction and the beneficial owner can be identified and the information checked during the establishment of the business relationship or transaction if this is necessary to ensure that the normal course of business is not interrupted or if the risk of money laundering or terrorist financing is low. In this case, due diligence measures should be discontinued as soon as possible after the first contact has been established and before the binding operations are carried out.
7.10. If necessary, to require the confirmation of the information and documents submitted by the person or client involved in the economic or professional activity or official action with the signature confirming the accuracy of the information and documents submitted for the application of the diligence measures.
8. IMPLEMENTATION OF DUE DILIGENCE MEASURES IN ENHANCED MANNER
8.1. The diligence measures must be implemented in an enhanced manner if:
8.1.1. The identity of a person or customer participating in the transaction is identified and submitted to the inspected person or the client without being present at the same place.
8.1.2. Identifying the identity or checking the information provided gives rise to the suspicion in the truth of the data submitted or in the authenticity of the documents or the identification of the actual beneficiary or actual beneficiaries.
8.1.3. person or customer participating in an economic or professional activity or transaction is a politically exposed person of another Member State or a third country, a member of his family or a close associate.
8.1.4. The nature of the situation is accompanied by a high risk of money laundering or terrorist financing.
8.2. A member of the private limited company must apply at least one of the following enhanced due diligence measures in the case referred to in clause 8.1:
8.2.1. Identification and verification of the information submitted on the basis of supporting documents, data or information originating from a reliable and independent source or from a credit institution incorporated in the commercial register in Estonia or a branch of a foreign credit institution or a credit institution registered or having a registered place of business in a Contracting State of the European Economic Area or in a country subject to the provisions equivalent to the requirements of the RahaPTS, and if the identity of that person is identified by the person present in the same place.
8.2.2. Implementation of additional measures to verify the authenticity of the documents submitted and the accuracy of the information contained therein, including requiring their notarial or formal confirmation or validation of the data by the credit institution referred to in clause 8.2.1 of the document.
8.2.3. Making a first payment related to a transaction through an account opened in the name of the person participating in the transaction or in the name of the client in a credit institution that is registered or whose place of business is in a Contracting State of the European Economic Area or in a country where requirements equivalent to those set forth in the RahaPTS are enforced.
9. DATA COLLECTION, STORAGE AND PROTECTION
9.1. The obligated person registers the date or a period for making the transaction and the description of the content of the transaction. The obligated person registers, in addition to point 9.1.:
a) information on the circumstances of the establishment of the business relationship by the obligated person or, in the event of a case of refusal to do so, the circumstances of refusal from the transaction;
b) about the establishment of the business relation or the transaction at the initiative of a person participating in a transaction or official action, of a person using the official service or at the customer’s initiative, including the circumstances of the waiver of the transaction if the waiver is related to the application of due diligence measures by the obligated person;
c) information if due diligence cannot be implemented through IT measures;
d) information on the circumstances surrounding the termination of the business relationship with the impossibility of applying due diligence measures;
e) information about the activity or circumstances in the course of business or professional activity, official action or in the provision of professional services, where characteristics indicate the use of the proceeds of a criminal activity, the financing of terrorism or the commissioning of related crimes or the testing of such activity, or if it is suspected or he knows that it is a money laundering or terrorist financing or the commissioning of related crimes. A member of the private limited company is required to inform the Financial Intelligence Unit without delay, but no later than two working days after the identification of the activity or circumstances or the arisen suspicion.
f) information on any transaction that has become known, in which a financial obligation of more than EUR 32,000 or equivalent in another currency is settled in cash regardless of whether the transaction is carried out in a single payment or in a series of interrelated payments within a period of up to one year.
g) when making transactions with the representative of the association of persons or a private foundation that has no status of legal personality of partnership, association or other legal entity, the circumstance that the person has such a status and the extract from the registry card or a certificate from the registrar in which the association of persons with no legal personality is registered.
9.2. The information flow containing image and sound is recorded in such a manner that allows for it to be reproduced with a quality equal to the initial transmission of synchronised sound and image. The information flow that contains image and sound must is recorded with the time stamp, the client’s IP address, the personal identification code of the person to be identified, if there is no personal identification code, then the birth date and place and country of residence, whilst the time stamp must be tied to the data concerning it in such a manner that any later changes in data, the person who made the changes, and the time, manner and reason thereof can be identified.
9.3. The private limited company records the data collected with identification questionnaires:
the identification of the person;
the unsuccessful identification of a person and verification of person’s identity data;
the carrying out of the mandatory real-time interview.
9.4. The private limited company must maintain the originals or copies of documents establishing the identification and the documents based on the verification of the submitted information, and the documents establishing the basis for the establishment of the business relationship (including the identification of the natural person and the legal person, the underlying documents and the data collected for the client and the information specified in section 9.1., 9.2., 9.3.). five years after the termination of the business relationship.
10. TRANSMITTING OF INFORMATION TO THE FINANCIAL INTELLIGENCE UNIT
10.1. If a member of the Private Limited Company identifies in the course of an economic or professional activity or an official action, activities or circumstances whose features indicate money laundering or terrorist financing, or if he is suspicious or knows that there is money laundering or terrorist financing, if the establishment of a business relationship, transaction, operation or provision of services remains unfulfilled and in the event of occurrence of the circumstances specified in § 42 and § 43 of the RahaPTS, he immediately informs the company’s contact person who transmits the information to the FIU, in accordance with the requirements for the content of the notification, the form and the instruction on submission of a notification to the Financial Intelligence Unit.
10.2. An employee of the private limited company is forbidden to inform the person about whom the information is forwarded to the Financial Intelligence Unit to notify the person thereof.
10.3. For the completed notification form, the contact person shall enclose copies of the underlying documents of the transaction as well as copies of the documents on which the identification of the person is based. Copies of other documents characterizing the nature of the transaction may be enclosed to the notice.
10.4. An employee of the private limited company is required to forward the information requested in the precept at the first request of the Financial Intelligence Unit.
11. TRAINING OF EMPLOYEES
11.1. Responsibility for training of the employees of the private limited company on the prevention of money laundering and terrorist financing and compliance with international sanctions rests with the Contact person or employee appointed by the management board or a specialist in the field.
11.2. Training is carried out as needed, but not less than once a year.
11.3. The employee confirms participation in the training with his/her signature.
11.4. The contact person has the right to make proposals to the management board of the institution regarding the educators.
12.1. The compliance with the requirements of the RahaPTS and legislation established on the basis thereof shall be monitored and controlled by the Management Board of the Private Limited Company.
12.2. The monitoring of the compliance by the Private Limited Company with the RahaPTS and the legislation established on the basis thereof is carried out by the Financial Intelligence Unit.
12.3. The compliance of the RSanS and the legislation established on the basis thereof with the employees of the Private Company is monitored and controlled by the Management Board of the Private Limited Company.
12.4. The monitoring of the compliance by the private limited company with RSanS and the legislation established on the basis thereof is carried out by the Financial Intelligence Unit.
13. INTERNAL CONTROL AND RESPONSIBLE PERSONS
13.1. The compliance with the requirements for the prevention of money laundering and terrorist financing by the employees of the Private Limited Company is monitored and controlled by the Management Board of the Private Limited Company.
13.2. The risk assessment and the identification and control of the customer’s personal data referred to in Section 4 is carried out by a specifically trained employee of the Private Limited Company.
13.3. The control over the customer’s activities and operations (i.e., analysis, monitoring, etc.) is performed by a specifically trained employee of the Private Limited Company.