INTRODUCTION
Helvetia Finance & Trust AG operates under the regulatory supervision of d’Organisme de Surveillance pour Intermédiaires Financiers & Trustees (“SOFIT”), holding membership number 1268, a supervisory body officially recognised and authorised by the Swiss Financial Market Supervisory Authority (“FINMA”).
When carrying out activities which constitute “relevant activity” Helvetia Finance & Trust AG is required to comply with the requirements of the Prevention of Money Laundering Act, 1994 (Chapter 373 of the laws of Switzerland) (the “Act”) and the Regulations which require Helvetia Finance & Trust AG to adhere to the provisions contained in the Act, the Regulations and the Swiss Financial Market Supervisory Authority (“FINMA”) Implementing Procedures.
Helvetia Finance & Trust AG compliance personnel and others using these procedures should also refer, where relevant, to the Act, the Regulations, the provisions of the Sub-Title, Of Acts of Terrorism, Funding of Terrorism and Ancillary Offences of Title IV A of Part II of Book First of the Criminal Code and any relevant measures/ guidelines which may be issued from time to time by the Swiss Financial Market Supervisory Authority (“FINMA”) and/or any relevant authority or agency.
The procedures set forth herein are intended to assist Helvetia Finance & Trust AG in compliance with its obligations at law by taking all reasonable steps and exercising all due diligence to avoid the commission of an offence of money laundering or funding of terrorism.
Helvetia Finance & Trust AG supports Switzerland’s commitment within the Financial Action Task Force (“FATF”) to achieve greater harmonization of national regulations to combat money laundering and terrorist financing and is committed to the highest standards of Anti-Money Laundering (AML) compliance. As such, Helvetia Finance & Trust AG has put in place the AML Manual to identify, assess, and mitigate possible risks of Helvetia Finance & Trust AG being involved in any kind of illegal activity.
The measures applied by the Company are proportionate to the degree of identified risk. In the course of a risk-based approach, Helvetia Finance & Trust AG assesses the probability of the risks becoming real and the consequences of such an event. When assessing the probability, the possibility the occurrence of the relevant circumstances must be taken into account, including the possibility of potential risks that may affect the activities of both the customer and Helvetia Finance & Trust AG, and the possibility that the probability of the occurrence of this risk increases.
KYC & RISK BASED ASSEMSSMENT
Legislation and directives:
This model for the identification and management of risks relating to the customer and its activities was constructed in accordance with the regulatory framework provided by:
· Prevention of Money Laundering Act, 1994 (Chapter 373 of the laws of Switzerland) (the “Act”) and the Regulations which require Helvetia Finance & Trust AG to adhere to the provisions contained in the Act, the Regulations and the Swiss Financial Market Supervisory Authority (“FINMA”) Implementing Procedures.
Helvetia Finance & Trust AG compliance personnel and others using these procedures should also refer, where relevant, to the Act, the Regulations, the provisions of the Sub-Title, Of Acts of Terrorism, Funding of Terrorism and Ancillary Offences of Title IV A of Part II of Book First of the Criminal Code and any relevant measures/ guidelines which may be issued from time to time by the Swiss Financial Market Supervisory Authority (“FINMA”) and/or any relevant authority or agency.
· MiFiD || Money Laundering and Terrorist Financing Prevention Act, the International Sanctions Act, and the Directive (EU) 2015/849 of the European Parliament and of the Council and includes:
o the model for the identification and management of the risks arising from the customer and their activities and the determination of the risk profile of the customer;
o the model for the identification and management of the risks arising from the activities of FUNDFLEX , including the procedure of identification and management of the risks related to new and available technologies and services and products, including new or nontraditional sale channels and new or developing technologies.
CUSTOMER IDENTIFICATION SPECIFICATIONS:
FUNDFLEX will identify its prospective customers by live electronic verification system – “SUM&SUB” –and create the initial customer onboarding and screening file.
In order to successfully verify your identify and approve your account with FUNDFLEX, all customers must submit:
Proof of Identification (POI) document.
The prospective customer will be requested to show their POI and face during a liveliness test. SUM& SUB will compare the biometric signature or the customer’s face and the picture in the presented POI document. FUNDFLEX reserves the right to request a second piece of ID at its own discretion.
POI documents must adhere to the following guidelines:
· POI Document must be government issued, valid, and must not expire in the next 3 months.
· All the data must be presented and transmitted in a way that is legible, in high quality.
· The presented POI must be the ORIGINAL document and in color. Images of the original document will not be accepted upon the live video identification.
· For Switzerland, the European Economic Area (EEA), Switzerland or the United Kingdom the following may be used as a POI: Passport or Drivers License or Identity Card.
· For all other countries/jurisdictions, the only acceptable POI document is a valid passport.
· In case of POI rejection by SUM& SUB and or miss-matched biometric features, FUNDFLEX ’s compliance team will manually check the document’s validity and will either reject the customer for onboarding, request another POI /further documents, or approve the customer’s POI.
Proof or Address (POA) Document:
In order to verify the customer’s account, FUNDFLEX will also collect a Proof of Identification (POA document) from all of its prospective customers.
· POA may include the following documents:
o Rent/lease/ownership agreement
o Utility bills that are address fixed such as gas, electricity, LAND LINE telephone, or internet bill that was paid, bank account statement sent directly to the verified address (no electronic copies).
o Governmental/Municipality MAIL correspondence such as municipality fees/taxes payment or invoice, pension, social walefare etc.
***Mobile phone bills will not be accepted as a Proof of Address**
POA must have been issued in the last 90 days from the time it is first used to verfiy your account with FUNDFLEX.
The procedures containing additional details for the customer identification based on the information from other reliable and independent sources shall be established in the rules of procedure.
RISK ASSESSMENT METHODOLOGY:
FUNDFLEX will assess and classify its customers to one of the following risk levels at any given time:
A – Low risk
B – Medium risk
C – Banned/High risk
As part of its on-going monitoring activities, FUNDFLEX performs all due diligence measures as required by law. The extent of the implementation of the measures depends on the nature of the specific business relationship or transaction or the level of risk of the person or customer participating in the transaction or act, i.e., the “know your customer” principle must be followed.
When determining and defining the risk levels of the customer or a person participating in the transaction, the FUNDFLEX shall take into account, inter alia, the following risk categories:
CUSTOMER RELATED RISK
RISK RELATED TO LEGAL NATURE OF CUSTOMER AND IDENTIFICATION OF BENEFICIAL OWNERS.
Below are examples of FUNDFLEX ’s risk levels assessments as relating to customer-related risk:
Low risk:
· a company listed on a regulated market, which is subject to disclosure obligations that establish requirements for ensuring sufficient transparency regarding the beneficial owner;
· a legal person as governed by Canadian Public Law;
· a governmental authority or another authority performing public functions in Switzerland or a contracting state of the European Economic Area;
· an institution of the European Union;
· a credit institution or financial institution acting on its own behalf or a credit institution or financial institution located in a contracting state of the European Economic Area, Switzerland or the United Kingdom. or a third country, which in its country of location is subject to requirements equal to those established in Directive (EU) 2015/849 of the European Parliament and of the Council and subject to state supervision;
Medium risk:
· a natural person;
· a company with a firm and transparent structure and data of management bodies and beneficial owners.
High risk :
· the beneficial owner of the natural person is some third party;
· the customer is a legal entity of any form whose structure of the management bodies and/or beneficial owners are segregated and nestled. The relevant data is verified on the basis of the statement of the customer’s representative and/or internal or non-public documents provided by the customer.
· the customer is a company, or the company related to the customer, has shareholders acting as a front or bearer shares;
· the ownership structure of the customer company seems, when considering the activities of the company, unusual or too complicated;
· the customer is a foundation, civil law partnership, trust, or common fund;
· the customer is a person registered in a low tax territory.
· the customer is a subject of European Union or UN sanction.
RISK RELATED TO COUNTRIES, TERRITORIES & JURISDICTIONS
A full list of FUNDFLEX ’s customer acceptance policy and acceptable jurisdictions by risk levels can be found in the following link and is updated regularly: https://FUNDFLEX.IO/acceptance-policy/
Below are examples of FUNDFLEX ’s risk levels assessments as relating to jurisdiction risk:
Low risk :
· The customer is from, or their place of residence or location (hereinafter location) is in Switzerland;
· the location of the customer is in another country of the European Union or the European Economic Area;
· the location of the customer is included within the list of jurisdictions a third equivalent country which is provided by the common position adopted by the European Union (Appendix 16), which including Australia, Switzerland, Japan, South Korea, Singapore, Switzerland.
Medium risk:
· The location of the customer is in a third country not listed above, excluding a third High-Risk country.
High risk:
· The risk is primarily increased in such an event where the customer, person participating in a transaction or the transaction itself is related to a country or jurisdiction which, based on the trustworthy sources in the country like mutual assessments, detailed assessment reports or published follow-up reports, has no valid and efficient systems of the prevention of money laundering and terrorist financing.
· The list of countries deemed as High-Risk – Black or Grey List – or under sanctions are determined by the Financial Action Task Force (FATF). The updated list appears on and updated on the following webpage:
http://www.fatf-gafi.org/countries/# High-Risk.
Additionally, the following customers may also be considered High-Risk or Banned:
· Customer is subjected to sanctions, embargo or similar measures issued by, for example, the European Union or the United Nations.
The list of EU sanctions for countries is available online: https://sanctionsmap.eu; the list of UN sanctions is available online: https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list;
· This is crossed referenced against tools such as Refinitive WorldCheck ONE and other screening systems employed by FUNDFLEX such as Sum&Sub.
· That provide funding or support for terrorist activities. These countries include DPR Korea, Syria, Sudan and Iran and they are primarily defined by the data of the United States State Department. This is crossed referenced against tools such as Refinitive WorldCheck ONE.
· That have designated terrorist organizations operating within their territory, as identified by Switzerland, United States, The European Union or the United Nations. These countries primarily include Syria, Iraq, Libya, Sudan, Somalia, Nigeria, Pakistan, India, Lebanon, Palestine, Sri Lanka, Philippines, Tajikistan, Uzbekistan, Yemen. .
RISK RELATED TO CUSTOMER ACTIVITY OR BUSINESS SECTOR
A full list of FUNDFLEX ’s customer acceptance policy and acceptable jurisdictions by risk levels can be found in the following link and is updated regularly: https://FUNDFLEX.IO/acceptance-policy/
Below are examples of FUNDFLEX ’s risk levels assessments as relating to activity or business sectors risk:
Low risk:
· Customer is a person performing usual and normal economic and professional activities and the turnover of the financial instruments of the customer, or the planned turnover of the financial instruments, is significantly small and does not exceed 40,000 CAD per one year.
Medium risk :
· Customer is a person performing usual and normal economic and professional activities and the turnover of the financial instruments of the customer, or the planned turnover of the financial instruments, exceeds 40 000 CAD per one month.
High risk:
· The business relationship takes place under unusual circumstances, including when the transactions are complicated and have unusually large scale, when the transaction patterns are unusual.
· The customer is a legal entity or another association of persons that does not have the status of a legal entity
· Customer’s economic activity does not have a reasonable and clear economic or lawful objective or it is not characteristic of a specific business field or if the customer’s activity includes any of the following, regardless of the amount of the turnover:
o private or personal banking;
o providing or intermediating a product or service which may promote anonymity;
o personal asset holding;
o undertaking handling large amounts of cash;
o currency exchange, conversion transactions;
o providing gambling services (in a casino, on the internet or at sports events);
o purchasing and selling gold (incl. scrap gold), other precious metals or gemstones;
o purchasing and selling luxury goods;
o providing internet advertising;
o providing innovative services;
o establishing, selling, and managing companies;
o other activities with a higher than Medium risk of money laundering or terrorist financing;
o customer is providing services via untraditional sales channels;
o there is a constant change of customers;
o the person’s customer base has grown rapidly;
RISK RELATED TO BILLING & ONGOING TRANSACTIONS
Low risk :
· A long-term contract is entered into with the customer that is in a written or electronic format or in a format that can be reproduced in writing;
· the customer receives payments within the scope of the business relationship only via an account located in a credit institution entered in the Commercial Register in Switzerland or in a branch of a foreign credit institution or in a credit institution that has been established or whose place of business is in Switzerland, the European Economic Area (EEA) or in a state where requirements equal to those established in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations.
· the total value of the incoming or outgoing payments of transactions made in the business relationship does not exceed $15,000 CAD per year and less than 20 transactions per month.
Medium risk:
· the customer uses the following during transactions with the Company:
· a limited amount of cash that does not exceed $50,000 CAD or the equal amount in another currency, regardless of whether the transaction is made as one payment or as several connected payments within a period of up to one year;
High risk:
· the customer uses the following during transactions with the Company:
· credit institution, financial institution, paying institution or tax system that promotes anonymity;
· credit institution, financial institution, paying institution or tax system that is located in a High-Risk third country;
· settlement channels and accounts belonging to unknown or unrelated third persons;
· settlement channels and accounts belonging to third persons who are unknown or unrelated;
· large amounts of cash that exceeds 50,000 CAD or the equivalent sum in another currency, regardless of whether the transaction is made as one payment or as several connected payments within a period of up to one year;
· a credit institution, financial institution, payment institution or a payment system that is not located in a High-Risk third country or promoting anonymity and that is, according to its own experience or independent sources, reliable, and performs controls against money laundering and terrorist financing;
RISK ARISING FROM PUBLICALY EXPOSED PERSONS (PEP)
Low risk:
· the customer is not a politically exposed person, the family member of the politically exposed person or a person known to be the close associate of the customer who is a politically exposed person.
Medium risk (Refused onboarding under the current risk appetite policy):
· The customer is not a politically exposed person or the family member of the politically exposed person, however the customer is personally familiar with a low-level PEP.
C. High-Risk (Refused onboarding under the current risk appetite policy):
· The customer is a politically exposed person and/or the family member of the politically exposed person and/or a person known to be the close associate/has close familiarity with a politically exposed person. In such a case, as per the company’s risk appetite, the customer will be denied of service.
The background of the customer is verified primarily by:
· The information, documents and statements received from the customer;
· Using the Refinitive WorldCheckOne database scan for PEP, negative media, known criminal record, sanctions lists etc.
· Using Sum&Sub screening tool for PEP
· Using Google and the local search engine of the customer’s country of origin, if any, by entering the customer’s name in both Latin and local alphabet with the customer’s date of birth;
RISK RELATED TO CUSTOMER IDENTIFICATION
A. Low risk :
the natural person who is the resident of Switzerland, the European Economic Area (EEA), Switzerland and the United Kingdom who is identified face to face or by a video identification service.
the customer who is a legal entity entered in the commercial register of Switzerland, or the register of non-profit associations and foundations, is identified on the basis of original documents provided.
B. Medium risk :
A foreign natural person customer is identified face-to-face or through a video identification service;
the foreign customer who is a legal entity is identified on the basis of original documents provided and on the basis of the public information of the commercial register, or the register of non-profit associations and foundations face-to-face with the customer or the representative of the customer by identifying the representative on the basis of documents provided on the basis of a notarized or equivalent document certifying their authority, which has been legalized or certified by a certificate (apostille) replacing legalization, unless otherwise determined.
The identity of a natural person or legal entity is verified by a notary or officially certified copy of the documents provided.
C. High-Risk :
during establishing the identity or verifying the information provided, suspicion has arisen as to the truthfulness, accuracy, integrity or completeness of the information provided or the authenticity of the documents or the identification of the natural person or beneficial owner / Director/ legal entity executive especially relating to AML reporting Know your customer (KYC) and Know Your Business (KYB) screening;
the person is identified on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions, thereby using at least two different sources for verification of data in such an event;
the representative of the customer is a legal entity.
RISK RELATED TO CHANNELS OF COMMUNICATION OR
TRANSMISSION BETWEEN THE COMPANY AND THE CUSTOMER.
A. Low risk :
the customer is communicated through a communication or mediation channel that is agreed upon at the start of the business relationship or transaction or reliably changed during the course of the business relationship;
products or services are delivered to the customer through a reliably modified delivery channel during the business relationship or at the initiative of the transaction.
B. Medium risk :
at the start of the business relationship or transaction, the customer is communicated with through a temporary communication or mediation channel;
the products or services are delivered to the customer through another temporary product or service delivery channel transmitted through an agreed communication or intermediation channel initiated by the business relationship or transaction.
C. High-Risk :
the customer is communicated through an accidental, unreliable, or unusual communication or mediation channel;
products or services are delivered to the customer through an accidental, unreliable, or unusual delivery channel;
the existence and nature of a risk factor associated with the service provider used to deliver the service or product being sold;
the distance between the location of the customer and the service provided or product offered is significantly high.
Taking into account the above risk categories, FUNDFLEX determines the risk level of the person involved in the transaction or the customer, for example whether the customer’s money laundering or terrorist financing risk is low, normal, or high or corresponds to other risk levels specified and used by the Company.
In order to determine the impact of each risk category, FUNDFLEX assesses the probability of the occurrence of risk factors in that risk category. To determine the impact of a particular risk category, a qualifying amount of the presence of risk factors that characterize it can be used to consider a particular risk factor as having “impact” or “no impact” for a given person when a certain threshold is exceeded.
Instructions for defining low/medium level of risk:
Generally, the customer’s level of risk is low if there is no influential risk factor in any of the risk categories so it can be concluded that the customer and their activities do not have different characteristics from normal and transparent activities, and there is no doubt that the customer’s activities may increase money laundering and terrorism financing.
In the situations where due diligence is required by legal acts, and the information about the customer and its beneficial owner is publicly available, where the person’s activities and transactions are consistent with their usual economic activity and do not differ from other similar customers’ payments practices and behaviour, or where there are quantitative or other absolute restrictions, the Company may consider the customer‘s expected risk of money laundering or terrorist financing to be low.
In the situation where at least one risk category qualifies as high, the risk of money laundering or terrorist financing cannot generally be low. On the contrary, low risk does not necessarily mean that the customer’s activities cannot be linked to money laundering or terrorist financing.
If the risk arising from the business relationship, the customer or the party to the transaction or the transaction is low, based on the risk levels assigned to the party or customer and other conditions provided for are met, the Company may apply simplified due diligence measures.
Instructions for defining high level of risk:
Generally, the customer’s risk level can be considered high if, when assessing the risk categories as a whole, there is a suspicion that the customer’s activities are not usual or transparent, incl. there are influential risk factors, and it can be assumed the risk of money laundering or terrorist financing is high or significantly increased. The customer’s risk level is also high if it is indicated by some separate feature of the risk factor. However, High-Risk does not necessarily mean that the customer is engaged in money laundering or terrorist financing.
If the Company considers the risk of the customer or the person involved in the transaction to be high, the Company must apply enhanced due diligence measures in order to properly manage the respective risks. The due diligence measures must be applied in accordance with the provisions warranted.
FUNDFLEX shall document, update, and disclose the determination of the level of risk to the competent authorities if necessary.
· FUNDFLEX is obliged to inform the employees of the company on an ongoing basis about changes in the risk assessment arising from the Company’s activities and changes in the company’s long-term and short-term doctrine and separate viewpoints and instructions (according to the market situation, the political and economic situation, the arrangements of the supervisory authorities, etc) in order to comply with the provisions of the . This information and these notices do not necessarily have to be in the form of appendices to these guidelines and may be provided at meetings, through the heads of structural units, via e-mail or orally, but regardless of the method of transmission, it is mandatory to comply with and follow this information and these notices.
RISK RELATED TO ACTIVITIES OF THE COMPANY &
NATURE OF SERVICES PROVIDED
The following lists the risk factors and circumstances related to the customer’s degree of risk arising from the nature and volume of services provided by FUNDFLEX to the customer
A. Low risk :
FUNDFLEX will accept funds to the customer account and the customer pays for it through a payment account located in a credit institution, electronic money institution or payment institution established in Switzerland or within the European Economic Area (EEA), The United Kingdom or Switzerland.
FUNDFLEX provides the customer with Currency wallet and remittance services.
B. Medium risk :
FUNDFLEX converts currency to the customer and the customer pays for it through a payment account located in a credit institution, electronic money institution or payment institution established in Switzerland or in a contractual state of the European Economic Area.
C. High-Risk :
FUNDFLEX funds a currency account held by the customer and the customer pays for it through a payment account located in a credit institution, electronic money institution or payment institution established outside of a contractual state of the European Economic Area.
If the total amount of incoming or outgoing payments related to business transactions or service contract in one calendar month exceeds 15 000 CAD for a natural person and 25 000 CAD for a legal entity.
RISK RELATED TO IDENTITY THEFT AND ANONYMOUS VERIFICATION ATTEMPTS:
As a part of its AML obligations, FUNDFLEX will verify the identity of any prospective customer.
Due to breaches in security of numerous web-sites (unrelated to FUNDFLEX in any way) a wide variety of personal, sensitive information can be obtained through the “Dark Net” and may be used to steal individual identities. It may also be used by criminals to attempt and onboard with FUNDFLEX to commit other crimes amongst others related to Money Laundering and terrorist financing all the while acting anonymously and maintaining the criminal’s true identity hidden.
Examples for customer documents and information that is susceptible to identity theft and misuse:
· Compromised images of Proof of Identity (POI) documents. E.g Passport, Drivers License, National ID
· Compromised images of Proof of Address (POA) documents. E.g Utility bills, tax returns, bank statements etc.
· Credit Score information
· Credit/Debit card images and information such as numbers, expiry dates and CVV codes
· Social Insurance numbers
· National ID or Drivers License numbers
· Full and/or maidan names
· Dates of birth etc.
· Residential address information
· Compromised email addresses
RISK OF HACKS IN ONLINE SERVICES, END DEVICES AND GENERAL ONLINE SCAMS
FUNDFLEX is aware that online scams frequently make use of Cryptocurrency exchanges with lax security measures to accept payments from their victims in Cryptocurrencies or accepting fiat funds while not providing cryptocurrency in return.
The scammers will try and persuade the victim to either:
· Use your FundFlex account to send funds to crypto exchange to make the funds available in Cryptocurrency.
· Take control over the victim’s end device and payment information (Credit Card for example) to purchase Cryptocurrency without the victim’s full knowledge or agreement, and send the coins to an external wallet.
Due to the technological nature of all Blockchain protocols, once a transfer transaction was finalized it cannot be cancelled, rejected or refunded. Furthermore, no regulatory body exist that can technically govern the movement of Cryptocurrencies within the Blockchain, thus leaving the victim without any recourse to re-claim their stolen funds.
The scammers will often try:
· To persuade their victims to hand over usernames and passwords for existing accounts including for Cryptocurrency Exchanges, Banks, Email accounts etc.
· To directly obtain authentication codes to complete money related activities such as account withdrawals.
· Take control over the victim’s end device (phone, tablet, or computer) via means of brute force, malware and malicious links.
· “Spoof” E-mails asking the victim for their login information pretending and impersonating to a body that the customer is well familiar with like a bank or email provider.
· Take control over the victim’s end device (phone, tablet, or computer) via means of remote controlling software such as AnyDesk, Team Viewer and others.
RISK APPETITE
FUNDFLEX shall not enter into business relations with natural persons and/or legal entities who are Categorized by one or more factors as “High Risk” or “Banned”, or prohibited by these guidelines and its appendices or laws, directives or policies that FUNDFLEX is obliged by. FUNDFLEX shall avoid business relations in particular with the following categories of customers:
It is not possible to identify the customer (legal or natural entity);
The end risk level upon onboarding is determined as “High Risk” or “Banned” by FUNDFLEX ’s compliance team and AMLRO for any of the risk assessment categories mentioned above. For example:
Customer is located in a High-Risk third country, subjected to sanctions.
The customer is a subject of the European Union or UN sanctions;
The customer has previously been convicted of money laundering, tax evasion, terrorist financing or any criminal activities or is under criminal proceedings.
MITIGATION OF RISKS
The following describes FUNDFLEX’s risk mitigation practices in place:
Identification and KYC procedures upon onboarding:
a. Upon onboarding, the prospective customer must be identified by a video identification call rather than relying on static files uploaded online and containing the required KYC documentation. Currently FUNDFLEX uses Sum&Sub platform to perform its video verification.
In order to mitigate the risk for identity theft or anonymous registration, Sum&Sub will also compare the biometric information on the submitted Proof of Identification (the customer’s photo in their POA) against the biometric information gathered during the video identification and will detect and reject mismatches.
b. Customer Screening: Customer assessment with at least two database aggregators to screen for PEP, negative media, criminal activity, pending or past legal cases against a legal entity (and its shareholders, directors, and company executives which hold signatory rights in the account or with the customer as a whole), or an individual.
Currently FUNDFLEX uses (i) Sum&Sub (ii) LGSE Worldcheck One to screen its prospective customers and monitor their ongoing activity. The search or the legal entity/individual names within the databases is set to 85% deviation sensitivity for the name collected upon onboarding or during transaction monitoring.
c. Upon registration FUNDFLEX will verify the customer’s email and phone details by a 2-FA (Two Factor Authentication) code.
Collection of the customer’s online footprint:
FUNDFLEX screens and collected customers’ IP, user agent information as well as last known web address visited upon onboarding, registration and login.
a. Attempts to register or access the platform via VPN will be blocked.
b. Mismatched Customer country/ phone number country and IP will flag the customer for further review.
c. Web referrals from known online scams for example unlicensed trading will also suspend the account pending further review.
Ongoing transaction monitoring:
Upon each incoming or outgoing fiat transactions:
a. proper documentation justifying the transaction will be collected (invoice, agreements etc.) prior to finally crediting or debiting the transaction. The documents will then be approved, request for more information or rejected by FUNDFLEX’s compliance team.
b. Sender and beneficiary screening. The process is automatic via API and FUNDFLEX platform will suspend transactions that exceed its defined thresholds and place it in line for a manual review and release.
c. All customer deposits MUST originate from a bank account under FUNDFLEX’s registered customer ONLY. Funds sent from accounts under other names will be rejected unless a Power of Attorney can be provided.
Collection of customer waivers – Declaration of Deposit & Release of Claims (DOD) for transactions:
Suspicious transactions by amount, count, deviation from customer usual activity, suspicious web referrals or IPs will require the customer to sign an online form “Declaration of Deposit and Release of Claims” (DOD). The DOD will include the following waiver clauses:
· Risk warning by FUNDFLEX cautions from online scams.
· Confirmation of both the fiat deposits and Fx conversions transacted by the customer.
· Confirmation by the customer that they have transacted out of their own free will and were not coerced in any way by a third party, nor were solicited to purchased cryptocurrency by FUNDFLEX or by any third party.
Ongoing Customer monitoring and screening:
a. Collection of updated, recent Proof of Address (POA) and Proof of Identification or an additional Video Identification.
b. LSEG WorldCheck and Sum&Sub customer Screening for every incoming and outgoing transactions via API.
Activity Verification by a 2 Factor Authentication tools:
To ensure that customers themselves are the only ones that access and use the account, FUNDFLEX will require TWO 2-FA (2 Factor Authentication) for all sensitive activity on FUNDFLEX’s platform. FUNDFLEX will send 2 authentication codes to the customer (to their original registration email and phone number) prior to executing any of the following activity:
· Upon login
· Change of personal details
· Change of registered bank account
· Withdrawals of any currency.
Account restrictions:
Upon flagging of a suspicious transaction based on the criteria introduced above, account restrictions may be applied to the account:
a. Restrictions on deposit amount or deposit count in within a specific time frame.
b. Restrictions on / disable permitted activity in terms of jurisdictions, business sectors or specific beneficiaries or senders.
ENHANCED DUE DILLIGENCE (EDD) POLICY:
Triggers for Enhanced Due Diligence:
a. Flagging of a specific transaction, customer, sender or beneficiary that exceeds the threshold of Medium Risk scoring set forth by FUNDFLEX and its risk assessment policy.
b. Triggers include (but not limited to):
▪ transaction amounts
▪ Transaction count in a given time frame.
▪ Deviation from usual activity (for example changes in transactions amount, transaction count, new counterparties at High-Risk, new online footprint information such as mismatched IPs to country or inconsistent out of range IP use, VPN use
▪ Engaging with known High-Risk counterparts/business sectors,
▪ New negative screening results from WorldCheck One or Sum&Sub for the customer of its counterparties.
Enhanced Due Diligence Measures:
a. Collection of relevant information and documentation to better understand the nature or the flagged transactions and / or customer.
b. Collection of further documentation related to the customer and its activities. The requests may includes (but not limited) to the following:
· For legal entities:
o Submitting a suspicious transaction report by FUNDFLEX’s MLRO to the appropriate authorities in Switzerland’s authorities (SO-FIT, FINMA).
o FUNDFLEX’s MLRO may, at its own discretion submit a suspicious transaction report in the customer’s domiciled jurisdiction.
o Audited annual financial reports and most current balance sheet of the customer or its counterparties.
o Absence of criminal record, absence and history of legal proceedings that were filled against the legal entity and/or its shareholders, directors or executives which hold signatory rights.
o Second piece of Identification and Proof of Address for the legal entity’s shareholders, directors and executives who hold signatory rights.
o Second Video Identification for the legal entity’s shareholders, directors and executives who hold signatory rights and a detailed information interview regarding the background of the suspicious transaction/new findings.
· For individuals:
o Absence of criminal record, absence and history of legal proceedings that were filled against the legal entity and/or its shareholders, directors or executives which hold signatory rights.
o Individual Tax returns
o Additional Video Identification and interview verification of any reasoning behind the suspicious or flagged transactions.