Legal & Privacy

AML-KYC Policy

Last updated: December 1, 2019

1. Definitions

    1. Cypher OÜ (the “Company”): a Limited Liability Company incorporated in the Republic of Estonia under registration code 14626039 and with registered business address at Roosikrantsi tn 2-648K, Tallinn 10119, Estonia. An obliged entity in accordance with §2 of the Act.
    2. The Act: Money Laundering and Terrorist Financing Prevention Act of the Republic of Estonia.
    3. Virtual Currency: value represented in digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of the Directive (EU) 2015/2366 and Regulation (EU) 1093/2010.
    4. Our Services (the “Services”): exchange of virtual currency against a fiat currency in accordance with the Act.
    5. Clients: a natural or legal person who accepts the Terms and Conditions and enters into a binding contract with the Company for access and use of the Company’s services.
    6. Business Relationship: a relationship established between the Company and its Clients upon the conclusion of an online contract, also referred to as Terms and Conditions, for the provision of the Services.
    7. Compliance Officer: representative appointed by the Management Board responsible for the effectiveness of the Rules, conducting compliance over the adherence to the Rules and serving as the contact person of the Financial Investigations Unit (“FIU”) of the Republic of Estonia.
    8. Money Laundering: the conversion or transfer of property derived from criminal activity or property obtained instead such property knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions. The acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein. The concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property derived from criminal activity or from an act of participation in such an activity. Money laundering also means participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counseling the commission of any of the activities referred to in this section. Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.
    9. Terrorist Financing: the financing and supporting of an act of terrorism and commissioning thereof as defined in §237 of the Penal Code of Estonia.
    10. International Sanctions: list of non-military measures decided by the European Union, the United Nations, any other International Organization or the Government of the Republic of Estonia and aimed to maintain or restore peace, prevent conflicts and restore international security, support and reinforce democracy, follow the rule of law, human rights and international law and achieve other objectives of the common foreign and security policy of the European Union.
    11. Beneficial Owner: is a natural person who taking advantage of his/her influence, exercises control over a transaction, operation or another person and in whose interests or favor or on whose account a transaction or operation is performed taking advantage of his/her influence, makes a transaction, act, action, operation or step or over another person and in whose interests or favor or on whose account a transaction, act, action, operation or step is made. Ultimately owns or controls a legal person through direct or indirect ownership of a sufficient percentage of the shares or voting rights or ownership interest in that person, including through bearer shareholdings, or through control via other means. Direct ownership is a manner whereby a natural person holds a shareholding of 25% plus one share or ownership interest of more than 25% in a company. Indirect ownership is a manner of exercising control whereby a company that is under the control of a natural person holds or multiple companies that are under the control of the same natural person hold a shareholding of 25% plus one share or ownership interest of more than 25% in a company. Holds the position of a senior managing official, if, after all, possible means of identification have been exhausted, the person specified herein cannot be identified and there is no doubt that such person exists or where there are doubts as to whether the identified person is a beneficial owner. In the case of a trust, civil law partnership, community or legal arrangement, the beneficial owner is the natural person who ultimately controls the association via direct or indirect ownership otherwise and is such association’s settlor or person who has handed over property to the asset pool, trustee or manager or possessor of the property, person ensuring and controlling the preservation of the property, where such person has been appointed, or the beneficiary, or where the beneficiary or beneficiaries have yet to be determined, the class of persons in whose main interest such association is set up or operates.
    12. Politically Exposed Person (“PEP”): is a natural person who is or who has been entrusted with prominent public functions including a head of state, head of government, minister and deputy or assistant minister; a member of parliament or of a similar legislative body, a member of a governing body of a political party, a member of a supreme court, a member of a court of auditors or of the board of the central bank; an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces; a member of an administrative, management or supervisory body of a state-owned enterprise; a director, a deputy director and member of the board or equivalent function of an international organization, except middle-ranking or more junior officials. The provisions set out herein also include positions in the European Union and in other international organizations. A family member of a person performing prominent public functions is the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person; a child and their spouse, or a person considered to be equivalent to a spouse, of a politically exposed person; a parent of a politically exposed person. A close associate of a person performing prominent public functions is a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a politically exposed person; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the facto benefit of a politically exposed person.

2. Policy Statement

    1. This Anti-Money Laundering (“AML”) and Know Your Customer (“KYC”) Policy (“AML-KYC Policy”) has been designed, approved and implemented by Cryptology (“Cryptology”, “We”, or “Us”) as owner and operator of www.cryptology.com and mobile applications. Cryptology is committed to the protection of its users and the products and services it offers. Therefore, Cryptology is constantly working to improve its policies and practices to offer security and reliability to its users—as well as—to comply with regulations related to AML, KYC and Counter Financing of Terrorism (“CFT”) measures and requirements, most importantly, the Act.
    2. Furthermore, Cryptology is committed to complying with international standards and practices regarding AML, CFT and Proliferation Financing Risks (“PF”), and the current regulatory framework in Estonia. Moreover, Cryptology has taken as reference provisions from the European Union regulatory framework, mainly the Directive (EU) 2015/849 (“4AMLD”) as amended by Directive (EU) 2018/843 Art. 1 (2)(d) (“5AMLD”).
    3. It is important for us that you understand these rules and policies to the maximum extent possible. Please read this AML-KYC Policy carefully as it will influence your use of the Platform and the provision of our services. Cryptology identifies and assesses money laundering and financing of terrorism risks based on an overall group-wide understanding of our products and services, transaction types, countries and geographic areas, and user attributes (“Risk-Based Approach”) to implement mitigation measures proportionate with such risks. Further to Cryptology’s compliance commitment, Cryptology conducts constant training regarding its internal policies and relevant regulations throughout the entire organization.
    4. We may amend, update, replace this AML-KYC Policy from time-to-time, it is your responsibility to review the Legal and Privacy section on our website from time-to-time in order to keep apprised with the latest information, practices, and procedures.
    5. Cryptology’s principle is not to enter into business relationships with any criminals and/or terrorists, not to process transactions with result from criminal and/or terrorist activity and not to facilitate any transactions involving criminal and/or terrorist activity including the financing of terrorism. Cryptology undertakes to implement all policies and procedures necessary to prevent money laundering and to comply with all applicable legislation in this regard.
    6. Where any issue or matter is not addressed by this AML-KYC Policy, guidance is to be sought from the anti-money laundering legislation referred above.

3. User Confidentiality

    1. It is important to stress out that the reporting of your suspicion of money laundering does not constitute a breach of user confidentiality.

4. Specific money laundering provisions

    1. In order to facilitate recognition of suspicions of money laundering and reporting of the foregoing to the authorities and so that Cryptology may produce its part of the audit trail to assist in official investigation. In particular, Cryptology has:
      1. procedures to verify the identity of new users;
      2. procedures for employees to report any suspicious transactions; and,
      3. record keeping procedures relating to the identity of users and transactions effected for them.

5. Compliance

    1. Compliance with this AML-KYC Policy is of the utmost importance. Not only is it important to maintain Cryptology’s integrity, but failure to comply may constitute a criminal offense and call into question whether or not Cryptology is fit and proper to conduct the business. Failures by individuals to comply with this AML-KYC Policy can therefore result in serious negative consequences.

6. Business Relationships

    1. Cryptology may or may not — at its own discretion and risk assessment — carry out a one- off transaction or form a business relationship in the course of relevant financial business unless obtains the full name, including any aliases; unique identification number, such as an identity card number, birth certificate number or passport number, or where the user is not a natural person, incorporation number or business registration number; the user’s residential address (or registered address or business address when the user is not a natural person); date of birth (or establishment, incorporation or registration when the user is not a natural person); and nationality (or place of incorporation or place of registration (as may be appropriate). For legal persons, Cryptology identifies the natural persons who ultimately own the legal person; ultimately control the legal person; or have ultimate effective control of the legal person. Furthermore, when a user is a legal person, Cryptology identifies the legal form; constitution; powers that regulate and bind the legal person; and the connected parties.
    2. In order to maintain appropriate standards of AML compliance, Global Wire Accounts will only accept fiat funds deposits (currently only Euro wires or bank card deposits) and will allow this Global Wire Account holders to withdraw virtual currencies and fiat funds. Fiat funds will only be able to be withdrawn to the same wire account from where the funds where initially deposited, fiat withdrawals to bank cards are not supported.
    3. Trading Accounts, will allow deposits of virtual currencies and fiat funds (currently only Euro wires or bank card deposits) and will allow Trading Account holders to withdraw virtual currencies, however, it will not allow withdrawals in fiat funds.

7. Application of Due Diligence Measures

    1. Cryptology as soon as reasonably practicable after the first contact has been made, and in any event before transferring or paying any money out to a third party, that satisfactory evidence is produced or such other measures are taken as will produce satisfactory evidence of the identity of any user. If a user appears to be acting on behalf of another person, identification obligations extend to obtaining sufficient evidence of that third party’s identity.
    2. Where satisfactory evidence is not supplied, Cryptology will not proceed with any further business and bring to an end any understanding it has reached with the user. If there is knowledge or suspicion of money laundering, it will be reported without delay as provided under these procedures and internal AML Policy.
    3. Cryptology will make sure that it is dealing with a real person or legal entity, and obtain sufficient evidence to establish that the user is that person or organization. When reliance is being placed on any third party to identify or confirm the identity of any user, the overall legal responsibility to ensure that the procedures and evidence obtained are satisfactory rests with the third party.
    4. You may only submit your information and your own payment details and mediums of payment. Cryptology reserves the right to reject your application to open an account or start a trading activity when your name is not on the credit or debit card that you present as part of the identification process. Cryptology reserves the right to reject your application to open an account or start a trading activity when your name is not on the documentation that you have provided and/or it deems that it has not accurately identified you as a user.
    5. As no single form of identification can be fully guaranteed as genuine, or representing correct identity, the identification process will need to be cumulative, and no single document or source of data (except for a database constructed from a number of other reliable data sources) must therefore be used to verify both name and permanent address.
    6. Cryptology will take all required measures, according to applicable law and regulations issued by regulatory authorities, to establish the identity of its users and, where applicable, their respective beneficial owners
    7. If Cryptology deems necessary, in addition to identify the user, Cryptology may request information regarding the source of wealth; estimated net worth; source of funds to be invested; references or other documentation to corroborate the information; independent background checks through a reputable screening system.
    8. For individual users the identity will be established to Cryptology’s satisfaction by reference to official identity papers or such other evidence as may be appropriate under certain circumstances. Information on identity will include, without limitation: full name; date of birth; nationality; complete residential address. Identification documents must be current at the time of the submission. Documents used for user identification purposes will typically include: a passport, a national identity card or an equivalent in the relevant jurisdiction; A separate document confirming the residential address (utility bill, bank statement, acknowledgement of address issued by a relevant official).
    9. For corporate users, where the user’s company is listed on a recognized or approved stock exchange or where there is independent evidence to show that the applicant is a wholly owned subsidiary or subsidiary under the control of such a company, no further steps to verify identity over and above the usual commercial checks and due diligence will normally be required.
    10. Where the applicant is an unquoted company, it will be subject to a procedure aimed to identify it, confirm its existence, good standing and authority of persons acting on its behalf. Documentation required for such purposes may change depending on each particular jurisdiction and will typically include: Certificate of incorporation/certificate of trade or the equivalent, evidencing the company is indeed incorporated in a particular jurisdiction under the respective legislation; Certificate of Incumbency or an equivalent document, listing current directors of the company; Statutes, Memorandum and Articles of Association or equivalent documents confirming the authority of the respective officers of the company to legally bind it and the manner in which this may be done; Extract from the Commercial Register of the country of incorporation may also be used to confirm the aforementioned information, if such information is provided in the extract; Share certificates and other supplementary documents that will ascertain beneficial ownership.
    11. Due diligence must be done on all principal owners identified in accordance with the following principles:
    12. Natural persons: where a user is an individual, Cryptology shall clearly establish, based on information and documentation provided by the user, whether the user is acting on his/her own behalf.
    13. Legal entities: where the user is a company, such as a private investment company, Cryptology shall understand the structure of the company, based on information and documentation provided by the user, sufficiently to determine the provider of funds, principal owner(s) of the shares and those who have control over the funds, e.g. the directors and those with the power to give direction to the directors of the company. With regard to other shareholders Cryptology will make a reasonable judgment as to the need for further due diligence. This principal applies regardless of whether the share capital is in registered or bearer form.
    14. While use of clear scanned versions of documents will be accepted and in case any further clarification is needed, attested scanned copies or original attested copies may be sought for.
    15. The certifiers may be: - a notary public or another authority with equivalent power to certify copies of documents in the relevant jurisdiction; or - a relevant state official (judge, police officer, consular official, etc); or - an authorized financial institution. - If any document regarding the corporate entity (such as extract from the Commerce Register) is available online through an official website of the relevant state authority, Cryptology may refer to such online version of the document, provided that a printout is made by a staff member of Cryptology and stored in the respective user file.
    16. The users may also be asked to provide relevant contact details, such as phone number and email address.

8. Record keeping procedures

    1. Cryptology will also keep all records for not less than 5 years from the date of completion of the transaction. These should include records verifying the identity of user and a record of transactions with or for that user.

9. Duty to report

    1. There is a statutory and regulatory obligation on all staff to report information which comes to their attention, which gives rise to knowledge or suspicion or reasonable grounds for knowledge or suspicion of money laundering. Knowing its users is Cryptology’s most important line of defense in preventing or detecting money laundering activities. It is important that Cryptology verifies the identity of new users and ensures that they are involved in bona fide business activities and that they share Cryptology’s high standards of integrity and business practice.

10. Suspicious transactions

    1. A suspicious transaction will often be one which is inconsistent with a user’s known legitimate business or actions. Emphasis will therefore be placed on knowing the user’s business and his/her requirements and usual transactions. It is the responsibility of all staff to report knowledge or suspicion of money laundering.
    2. The following questions may help to determine whether a transaction is suspicious:
      1. Is it inconsistent with the user’s known activities?
      2. Is the size of the transaction inconsistent with the normal activities of the user, or the user’s net worth, as determined at the initial identification stage?
      3. Are there any other transactions linked to the transaction in question of which Cryptology is aware and which could be designed to disguise money and divert it into other forms or other destinations or beneficiaries?
      4. Is the transaction rational for the user?
      5. Has the user’s pattern of transactions changed?
      6. Is the user’s proposed method of payment unusual?
    3. Steps should also be taken to monitor accounts held on behalf of users that hold positions of public trust such as government officials, politicians and any known connected accounts.
    4. When a suspicious transaction takes place, Cryptology may hold the transaction until is able to verify the identity of the user, and the purpose and legality of the transaction.
    5. Deposits from a specific wallet and withdrawal to another wallet without any trading activity will require further review and request of additional information before the order can be executed.

11. Confidentiality

    1. Reporting a suspicion is a defense to a claim for breach of confidence. Confidentiality whilst an investigation is ongoing is of the utmost importance and employees are reminded of the offense of “tipping-off”. Tipping-off, (i.e. inform) a person suspected of money laundering that (a) he or someone else has made a lawful disclosure (i.e. a SAR) or (b) there is a money laundering investigation taking place, where the tipping off is likely either to prejudice any investigation arising from the disclosure or to prejudice the investigation disclosed to the person suspected of money laundering.

12. High-risk countries

    1. Afghanistan
    2. Algeria
    3. United Arab Emirates
    4. Bahrein
    5. Bangladesh
    6. Egypt
    7. Indonesia
    8. Iraq
    9. Iran
    10. Yemen
    11. Jordanian
    12. Qatar
    13. Kuwait
    14. Lebanon
    15. Libya
    16. Malaysia
    17. Mali
    18. Morocco
    19. Mauritania
    20. Nigeria
    21. Oman
    22. Pakistan
    23. Palestine
    24. Saudi Arabia
    25. Somalia
    26. Sri Lanka
    27. Sudan
    28. Syria
    29. Tunisia
    30. Turkey
    31. Ethnic groups of Caucasus belonging to Russian Federation (chechens, lesgid, ossetians, ingushes etc.)