AML Policy

I. Definitions

Introduction
Purpose of this Document

RockEx Limited s.r.o. offers services that could potentially be exploited by customers to launder money derived from illegal activities or to finance terrorism. In order to effectively prevent, detect, or eradicate such activities, it is mandatory under Czech law for the company to adhere to various regulatory requirements. To comply with these legal obligations, RockEx Limited s.r.o. issues this binding document, which outlines the internal regulations, procedures, and control measures necessary to incorporate these requirements into the company's operations.

Money laundering typically involves actions taken by a customer to hide the illicit origin of their assets, making them appear legitimate. These activities are closely related to those used in financing terrorism, hence the measures to combat both are largely the same and are implemented concurrently. Such regulations apply not only within the Czech Republic but also internationally, as money laundering and terrorism financing often transcend borders.

Moreover, the company is required to implement sanction measures imposed by the Czech Republic against a wide array of individuals and entities. This necessitates continuous monitoring to determine if a customer is subject to international sanctions, as detailed further below.

Failure to follow the procedures set out in this document can lead to violations of statutory obligations, with all the associated consequences.

General Terms

AML Act: This refers to Act No. 253/2008 Coll. on certain measures against the legalization of proceeds from criminal activities and the financing of terrorism, as amended.

Legalization of Proceeds from Criminal Activities: According to the AML Act, this includes activities designed to obscure the illicit origin of any economic benefit derived from criminal activities, aiming to make them appear legitimate. These activities involve:

  • Modifying or transferring property known to be derived from criminal activities to conceal its origin or help someone involved avoid legal consequences.
  • Concealing or disguising the true nature, source, location, movement, or ownership of property known to be derived from criminal activities.
  • Acquiring, holding, or using property known to be derived from criminal activities.
  • Participating in a criminal conspiracy to carry out any of the aforementioned actions.

Financing of Terrorism: As defined by the AML Act, this includes:

  • Collecting or providing funds or assets with the knowledge that they will be used, in whole or in part, to commit terrorist acts, support terrorist groups, or facilitate such activities.
  • Providing rewards or compensation to individuals involved in terrorist acts or raising funds for such purposes.
  • This also extends to funding the distribution of weapons of mass destruction, which involves the collection or provision of funds or assets, knowing they will be used for such distribution in violation of international laws.

Obliged Person: This term refers to RockEx Limited s.r.o., registered in the Czech Republic (the "Company"), which offers services related to virtual assets.

Customer: For the purposes of this document, a customer is any natural person or legal entity:

  • With whom the Company has established a business relationship.
  • Who has started negotiations with the Company to establish a business relationship.
  • Who has previously engaged in business relations with the Company.
  • Who becomes a user of the Company's virtual asset services.
  • Acting as an agent for another customer, such as someone authorized to manage virtual assets on behalf of another.

It is irrelevant whether the customer is a natural person or a legal entity involved in business activities. For legal entities, it is assumed that a specific natural person acts on their behalf (e.g., a member of the statutory authority or an employee).

Virtual Assets Service: This term encompasses any handling of customer property or service provision as mentioned in §4(8) of the AML Act, including:

  • Virtual assets wallet service: creating or storing encrypted keys for customers to hold, store, and transfer virtual assets.
  • Virtual assets exchange service: facilitating exchanges between virtual assets and fiat currencies or between different virtual assets.

As per §4(9) of the AML Act, a virtual asset is an electronically storable or transferable unit capable of performing payment, exchange, or investment functions, unless it is:

  • A security, investment instrument, or monetary instrument under the Act on Payments.
  • An entity referred to in Section 3(3)(c)(4) to (7) of the Act on Payments.
  • A unit used for making payments pursuant to Section 3(3)(e) of the Act on Payments.
  • A unit with limited use for narrowly defined goods or services.

This also includes any service provided without the necessary authorization, registration, or license, even if it contradicts the law.

Business Relation: This refers to a contractual relationship between the customer and the Company, based on which the customer is provided with virtual asset services. Such a relationship is typically established through a framework contract for virtual asset services, not through a one-time payment transaction agreement.

Employee: For this document, an employee is anyone who, in the course of their work tasks, is authorized by the Company to:

  • Negotiate the establishment of a business relationship with a potential customer.
  • Establish a business relationship with a customer.
  • Negotiate with a customer on virtual asset service provision or receive customer instructions.
  • Perform individual acts in providing virtual asset service to a customer.
  • Participate in negotiations with a customer or activities connected with providing virtual asset service.

An employee may be a direct employee or someone performing such activities based on another relationship, including a negotiator. This also includes individuals temporarily authorized to perform activities assigned to employees by this document.

Persons Related to the Customer: For this document, persons related to customers include:

  • Statutory authority or members of it.
  • Beneficial owners or controlling persons of the customer.
  • Persons authorized to negotiate with the Company on behalf of the customer.
  • Persons authorized by the customer to engage in business (e.g., enter virtual asset orders).

AML Officer: An AML officer is a person authorized to ensure compliance with legal regulations regarding the prevention of criminal proceeds, terrorism financing, and the application of international sanctions. This includes compliance with:

  • AML Act.
  • Act No. 69/2006 Coll. on the implementation of international sanctions.
  • Regulation No. 67/2018 Coll. on selected requirements for systems of internal regulations, procedures, and control measures against the legalization of proceeds from crime and financing of terrorism.
  • Approved AML standards communicated by the Czech National Bank.

Responsible Person: The responsible person of the obliged entity refers to any member of the statutory authority of the obliged person.

II. Responsibilities and Roles

Key Roles and Their Responsibilities
1. AML Officer Responsibilities:

The AML Officer is responsible for ensuring that the Company adheres to all relevant laws and regulations concerning anti-money laundering (AML) and counter-terrorism financing (CTF). This includes compliance with:

  • The AML Act.
  • Act No. 69/2006 Coll. on the implementation of international sanctions.
  • Regulation No. 67/2018 Coll. on internal regulations, procedures, and control measures against money laundering and terrorism financing.
  • AML standards approved by the Czech National Bank.

The AML Officer must stay updated on any changes to these laws and standards and ensure that the Company's internal policies and procedures are updated accordingly. The AML Officer is also tasked with reporting any suspicious activities to the appropriate authorities.

2. Responsibilities of the Responsible Person:

The Responsible Person, typically a member of the Company's statutory authority, ensures that all AML and CTF procedures are properly implemented and followed within the organization. They are accountable for:

  • Overseeing the AML Officer's work.
  • Ensuring that staff is adequately trained and informed about AML and CTF policies.
  • Monitoring the effectiveness of the Company's AML and CTF measures and making necessary adjustments.
  • Ensuring that the Company’s virtual asset services comply with all regulatory requirements.
3. Employee Responsibilities:

Employees, including temporary staff and representatives, must:

  • Comply with all AML and CTF policies and procedures set forth by the Company.
  • Report any suspicious transactions or activities to the AML Officer.
  • Ensure that all customer information is accurately recorded and verified according to the Company’s due diligence requirements.
  • Participate in AML and CTF training programs provided by the Company.
4. Training and Awareness:

All employees must undergo regular training to stay informed about the latest AML and CTF regulations and best practices. The training program will cover:

  • How to identify and report suspicious activities.
  • Understanding the Company's AML and CTF policies and procedures.
  • Updates on new regulations and emerging risks in the field of AML and CTF.
5. Customer Due Diligence (CDD):

The Company will conduct thorough customer due diligence to verify the identity of all clients. This includes:

  • Collecting and verifying identification documents.
  • Understanding the nature of the customer's business and the purpose of the business relationship.
  • Monitoring transactions for any unusual or suspicious activity.
6. Enhanced Due Diligence (EDD):

For higher-risk customers, the Company will implement enhanced due diligence procedures, which may include:

  • More detailed background checks.
  • Continuous monitoring of the customer's transactions.
  • Regular reviews of the customer's business relationship with the Company.
Internal Controls and Procedures
1. Transaction Monitoring:

The Company will use automated systems to monitor transactions for any unusual or suspicious activities. These systems will be regularly updated to address new risks and comply with evolving regulatory requirements.

2. Record Keeping:

The Company will maintain comprehensive records of all transactions and customer information for a minimum period as required by law. This includes:

  • Copies of identification documents.
  • Transaction records.
  • Correspondence with customers.
3. Reporting Obligations:

The Company is required to report any suspicious activities to the relevant authorities promptly. This includes:

  • Suspicious Transaction Reports (STRs).
  • Reports on transactions that exceed a certain threshold as specified by law.
4. Audits and Reviews:

Regular audits and reviews will be conducted to ensure the effectiveness of the Company's AML and CTF policies. This will involve:

  • Internal audits conducted by the Company’s compliance team.
  • External audits performed by independent auditors.
Compliance with International Sanctions
1. Sanctions Screening:

The Company will screen all customers and transactions against international sanctions lists to ensure compliance with all applicable sanctions regulations. This includes:

  • Checking customers against lists provided by the United Nations, European Union, and other relevant authorities.
  • Ensuring that no transactions involve sanctioned individuals or entities.
2. Ongoing Monitoring:

The Company will continuously monitor its customer base and transactions for any potential sanctions risks. This includes:

  • Regularly updating sanctions lists.
  • Re-screening customers periodically to identify any new sanctions risks.
3. Sanctions Reporting:

Any transactions or customer relationships that are found to be in violation of international sanctions will be reported to the relevant authorities. The Company will also take immediate steps to freeze any related assets and terminate the business relationship.

III. Procedures for Identifying and Reporting Suspicious Activities

Identifying Suspicious Activities
1. Suspicious Transaction Indicators:

Employees should be aware of various indicators that may suggest suspicious activity, such as:

  • Transactions that are unusually large or complex.
  • Transactions that have no apparent economic or lawful purpose.
  • Customers who are unwilling to provide required information or documentation.
  • Rapid movement of funds between accounts or countries without clear justification.
2. Monitoring Customer Behavior:

The Company will monitor customer behavior for any signs of suspicious activity, including:

  • Changes in the customer's transaction patterns.
  • Transactions that do not fit the customer's known business profile.
  • Unusual requests for anonymity or secrecy.
Reporting Suspicious Activities
1. Internal Reporting Procedures:

Employees must report any suspicious activities to the AML Officer immediately. The report should include:

  • A detailed description of the suspicious activity.
  • Any relevant documentation or evidence.
  • The identity of the customer involved.
2. External Reporting Obligations:

The AML Officer will evaluate the internal report and, if necessary, submit a Suspicious Transaction Report (STR) to the appropriate authorities. The Company is required to:

  • Report suspicious activities without alerting the customer involved.
  • Cooperate fully with authorities during any investigation.
3. Confidentiality and Protection:

Employees who report suspicious activities are protected by law from any form of retaliation or discrimination. The Company will ensure the confidentiality of all reports and protect the identity of employees who report suspicious activities.

IV. Risk Assessment and Management

Risk-Based Approach
1. Risk Assessment Framework:

The Company will adopt a risk-based approach to manage and mitigate risks related to money laundering and terrorist financing. This involves:

  • Conducting regular risk assessments to identify potential risks.
  • Categorizing customers and transactions based on their risk levels.
  • Implementing appropriate measures to mitigate identified risks.
2. Risk Categorization:

Customers and transactions will be classified into different risk categories, such as:

  • Low Risk: Customers with transparent business activities and low transaction volumes.
  • Medium Risk: Customers with moderately complex transactions or those operating in industries with some exposure to risk.
  • High Risk: Customers with complex transactions, high volumes, or those operating in high-risk industries or regions.
3. Risk Mitigation Measures:

Depending on the risk category, the Company will implement suitable measures, including:

  • Enhanced due diligence for high-risk customers.
  • Regular monitoring and review of high-risk transactions.
  • Training employees on how to handle high-risk situations.
Ongoing Risk Management
1. Continuous Monitoring:

The Company will continuously monitor customer activities and transactions to identify any changes in risk levels. This includes:

  • Regularly updating customer risk profiles.
  • Monitoring transactions for patterns that may indicate increased risk.
  • Adjusting risk mitigation measures as needed.
2. Regular Reviews:

Periodic reviews of the risk management framework will be conducted to ensure its effectiveness. This involves:

  • Reviewing and updating risk assessment procedures.
  • Evaluating the effectiveness of risk mitigation measures.
  • Making necessary adjustments based on new regulations or emerging risks.
3. Training and Awareness:

Employees will receive ongoing training to stay informed about the latest risk management practices and regulatory requirements. This includes:

  • Regular updates on changes to the risk landscape.
  • Training on how to identify and manage emerging risks.
  • Providing resources and support to help employees effectively manage risks.

V. Customer Due Diligence (CDD)

Procedures for Customer Due Diligence
1. Verification of Identity:

The Company will verify the identity of all customers by collecting and verifying relevant documents, such as:

  • Government-issued identification (e.g., passport, ID card).
  • Proof of address (e.g., utility bill, bank statement).
2. Understanding the Customer’s Business:

To ensure a comprehensive understanding of the customer’s business, the Company will:

  • Gather information about the customer’s business activities.
  • Understand the nature and purpose of the business relationship.
  • Identify the source of the customer’s funds.
3. Ongoing Monitoring:

The Company will continuously monitor customer transactions to ensure they are consistent with the customer’s risk profile. This includes:

  • Regularly updating customer information.
  • Monitoring transactions for any unusual or suspicious activity.
  • Conducting periodic reviews of high-risk customers.
Enhanced Due Diligence (EDD)
1. Criteria for Enhanced Due Diligence:

Enhanced due diligence will be applied to high-risk customers and transactions. Criteria for EDD include:

  • Customers from high-risk countries or industries.
  • Politically exposed persons (PEPs).
  • Complex or unusually large transactions.
2. Additional Verification Steps:

For high-risk customers, the Company will implement additional verification steps, such as:

  • Obtaining additional identification documents.
  • Conducting in-depth background checks.
  • Verifying the source of funds through additional documentation.
3. Continuous Monitoring and Review:

High-risk customers and transactions will be subject to continuous monitoring and regular reviews. This includes:

  • More frequent updates to customer risk profiles.
  • Detailed transaction analysis to identify any suspicious activities.
  • Regular reassessment of the customer’s risk level.

VI. Record Keeping and Data Protection

Record Keeping Requirements
1. Retention of Records:

The Company will maintain comprehensive records of all transactions and customer information for a minimum period required by law. This includes:

  • Copies of identification documents.
  • Detailed transaction records.
  • Correspondence with customers.
2. Access to Records:

Records will be securely stored and accessible only to authorized personnel. The Company will ensure that:

  • Records are kept in a secure manner to prevent unauthorized access.
  • Access to records is granted only to individuals with a legitimate need.
3. Destruction of Records:

After the required retention period, records will be securely destroyed to protect customer information. The Company will ensure that:

  • Records are destroyed in a manner that prevents reconstruction.
  • The destruction process is documented and monitored.
Data Protection and Privacy
1. Compliance with Data Protection Laws:

The Company will comply with all relevant data protection and privacy laws. This includes:

  • Implementing measures to protect customer data.
  • Ensuring customer data is used only for legitimate purposes.
  • Obtaining customer consent for data processing where required.
2. Data Security Measures:

The Company will implement robust data security measures to protect customer information. This includes:

  • Using encryption and other security technologies.
  • Regularly updating security protocols to address new threats.
  • Conducting regular security audits to ensure compliance.
3. Customer Rights:

Customers have the right to access their personal data and request corrections or deletions. The Company will:

  • Provide customers with access to their data upon request.
  • Correct any inaccuracies in customer data.
  • Delete customer data when requested, in accordance with legal requirements.

VII. Politically Exposed Persons (PEPs)

Definition and Identification of PEPs
1. Definition:

Politically Exposed Persons (PEPs) are individuals who are or have been entrusted with prominent public functions. This category also includes their immediate family members and close associates. PEPs may include, but are not limited to:

  • Heads of state, heads of government, ministers, and deputy or assistant ministers.
  • Members of parliaments or similar legislative bodies.
  • Members of supreme courts, constitutional courts, or other high-level judicial bodies.
  • Senior executives of state-owned corporations.
  • Important political party officials.
2. Identification:

The Company will take reasonable steps to determine whether a customer or beneficial owner is a PEP. This involves:

  • Asking customers during the onboarding process.
  • Using publicly available information and commercial databases.
  • Regularly updating the status of existing customers to identify any changes.
Enhanced Due Diligence for PEPs
1. Additional Verification:

When a customer or beneficial owner is identified as a PEP, the Company will apply enhanced due diligence (EDD) measures. These measures include:

  • Obtaining senior management approval before establishing or continuing the business relationship.
  • Taking reasonable measures to establish the source of wealth and source of funds.
  • Conducting enhanced ongoing monitoring of the business relationship.
2. Senior Management Involvement:

Senior management must be involved in the decision-making process when dealing with PEPs. This includes:

  • Approving the initiation or continuation of business relationships with PEPs.
  • Reviewing and approving the findings from the EDD process.
3. Continuous Monitoring:

The business relationship with a PEP must be continuously monitored to detect any suspicious activities. This involves:

  • Frequent reviews of the PEP’s transactions.
  • Regular updates to the customer’s risk profile.
  • Monitoring for any changes in the PEP’s status or activities.

VIII. Legal Entities

1. Identification and Verification of Entities:

Legal Entity Identification: Prior to onboarding, we require comprehensive identification and verification of legal entities intending to transact on our platform.

Verification Documentation: Legal entities must submit relevant documentation, including but not limited to company registration certificates, articles of association, and proof of beneficial ownership.

Ultimate Beneficial Ownership (UBO) Verification: We conduct thorough due diligence to ascertain the UBO of the entity, ensuring transparency and compliance with regulatory standards.

2. Risk Assessment and Monitoring:

Risk-Based Approach: Our AML policy incorporates a risk-based approach to assess the level of risk associated with each entity transaction, considering factors such as jurisdiction, business activities, and transaction volumes.

Ongoing Monitoring: Entities engaging in transactions on our platform are subject to continuous monitoring to detect any suspicious activities or deviations from expected behavior.

3. Transaction Monitoring and Reporting:

Transaction Monitoring Systems: We employ advanced transaction monitoring systems to identify and analyze patterns of transactions that may indicate money laundering or terrorist financing activities.

Suspicious Activity Reporting: Any suspicious activities detected during transaction monitoring are promptly reported to the relevant authorities in accordance with Czech AML regulations.

4. Record Keeping:

Retention of Transaction Records: We maintain comprehensive records of all entity transactions, including transaction details, parties involved, and supporting documentation, in compliance with statutory retention periods.

5. Customer Due Diligence (CDD) for Entities:

Enhanced Due Diligence (EDD): Entities are subject to enhanced due diligence measures, including additional documentation requirements and intensified monitoring, based on the assessed level of risk.

6. Third-Party Relationships:

Due Diligence on Third Parties: We conduct due diligence on third-party service providers and counterparties to ensure they adhere to AML standards and do not pose undue risk to our operations.

IX. Procedure for Verification of International Sanctions

International Sanctions

(1) International sanctions are a set of restrictive measures that the international communities (UN, EU) use as a tool to maintain or restore international peace and security, protect fundamental human rights, and fight terrorism. They are accepted by the competent authorities (UN Security Council, EU Council or European Commission) in the form of resolutions or decisions and regulations. In addition, the Czech Republic has a local individual list of 'intra-European terrorist groups'.

(2) The Czech Republic applies two types of sanctions:

  • (a) sanctions, which it applies towards specific natural and legal persons, listed on the sanction lists (so called sanctioned persons)
  • (b) sanctions, which it applies towards certain types of goods (so called sector sanctions).

(3) The following types of sanction regulations are legally binding (directly applicable) in the Czech Republic:

(4) Carrying out of international sanctions in the Czech Republic is partially regulated by the AML Act and also by Act No. 69/2006 Coll., on Carrying out of International Sanctions.

(5) For more information on the application of international sanctions, please consult the Financial Analytical Office website at: http://www.financnianalytickyurad.cz/mezinarodni-sankce.html.

(6) The obligation to enforce international sanctions also applies to any other activities of RockEx Limited s.r.o., not only to those covered by this document.

Sanction lists

(1) Two groups of sanction lists are legally binding for the Czech Republic:

(1) The responsible person shall give employees access to these lists.

X. List of Suspicious Business Features and Their Assessment

Suspicious business in general

(1) A suspicious business shall be understood as the service provided in circumstances which give rise to a suspicion to perform a legalization of proceeds of crime, or a suspicion that the assets which are subject to certain service are determined for the terrorism financing purposes.

(2) A suspicious business may be also understood as the customer's behaviour which is not directly intended to be provided with a service, but is giving rise to a substantiated suspicion that a customer is aimed to act illegally, i.e., within the scope of mentioned unfair activity. A suspicious business or transaction may be also a service which has not been provided by the employee, or if the case was recognised only as a customer's attempt to establish the business relationship.

Features and circumstances of a suspicious business

(1) Features and circumstances which might indicate the case of a suspicious business:

  • (a) the payment was credited from other account then usually in particular customer's case, or the payments are credited from the account or even various accounts which are not owned by the customer, and there is no apparent connection between the owner of that account and the customer
  • (b) the customer is from the country in which the company usually does not offer its services
  • (c) the customer is using services (Enters the virtual asset orders, etc.) from more countries
  • (d) the customer uses funds to purchase such type goods, and eventually also such volume of goods which does not correspond to usual behavior of a customer or to its financial means
  • (e) the customer asks for the virtual assets service and makes or requests the payment in cash and vice versa
  • (f) the customer resells goods or services purchased for funds for no apparent economic reason
  • (g) the customer uses funds as a deposit instrument (stores and holds assets there for no apparent reason) and then requests a redemption
  • (h) the customer requests external transfer to an account that does not belong to him / her - belonging to a person with no apparent relationship with the customer
  • (i) the customer's business or place where funds can be used is fictitious or difficult to verify or otherwise non-standard
  • (j) a "sleeping" customer - the customer with whom the business relationship was established does not use the services and the view will change without any justification, or the frequency and volume of the services used will suddenly cease again
  • (k) the purpose for which the customer uses the services is contrary to the declared purpose
  • (l) the volume of services used by the customer does not correspond to the customer's property and economic conditions (and it is contrary to what the Company knows about the customer)
  • (m) the virtual assets service of the company are probably used by a person other than the customer himself
  • (n) the customer makes multiple transfers and the volume of these transfers is just below 1 000 EUR or below15 000 EUR as they consider that they are not subject to monitoring
  • (o) the customer offers the employee money or other remuneration for performing a non-standard service or potentially suspicious transaction or for establishing a business relationship where the employee does not require all the particulars (identification, control, etc.)
  • (p) the customer mentions that the funds which are the subject of the service are of illegal origin or intended to finance terrorism
  • (q) the customer unreasonably assures the employee that the funds which are the subject of the service have been acquired in accordance with the law or that the money is not of illegal origin or that it is not intended to finance terrorism
  • (r) the customer shows an unusual interest in the policies, procedures and measures which the Company follows within the System of Internal Rules and Risk Assessment
  • (s) the customer has extensive knowledge of legalization of proceeds of crime or terrorism financing
  • (t) the customer is unreasonably nervous during the negotiations and gives the impression that he has been instructed by another person
  • (u) the customer is unusually trying to converse with an employee on the topic of money laundering or terrorism financing
  • (v) the customer deliberately seeks to establish a friendly relationship with the employee
  • (w) the person acting on behalf of the customer is accompanied by another person and is monitored
  • (x) the customer uses the services of multiple companies for no apparent reason
  • (y) the customer uses services that are normally provided by banks and is willing to use the services of the company without justification even if it is significantly more expensive for him
  • (z) the customer uses the services of the company without any links to the Czech Republic and without it, i.e., it tries to introduce another country into the transfers in order to make it difficult to trace the financial flows
  • (aa) the customer carries out activities that may help to conceal his identity or to conceal the identity of his beneficial owner
  • (bb) the customer submits an identity document that shows any of the features related to ID Unsuitable for Identification
  • (cc) the customer presents only copies of identity cards or unverified copies of other documents
  • (dd) the customer requests identification on the basis of a document other than that required by the employee
  • (ee) there are reasons to refuse to provide a service or the obligation to terminate a business relationship
  • (ff) the customer tries to persuade the employee not to request some data that is necessary for identification or control purposes
  • (gg) the customer asks questions that lead to suspicion that he is trying to avoid identification and control
  • (hh) the customer provides confusing, deceptive or contradictory information
  • (ii) the customer knows little details about the purpose of the business relationship or the origin of the funds
  • (jj) the customer over-explains the origin of the funds or the purpose of the transaction
  • (kk) the customer carries out high-volume transactions using funds obviously used for business purposes, but the customer does not wish to associate them with the business (i.e., to tell the business person which funds belong to and for whom he is acting)
  • (ll) the counterparty of the service is a person whose activity is linked to a country where measures against money laundering or terrorism financing are applied insufficiently or not at all
  • (mm) the employee knows from a reliable source (e.g., television, newspapers, etc.) that the customer or business counterparty is involved in illegal activities or has a criminal history
  • (nn) in the course of one day or in the days immediately following, the customer will carry out noticeably more deals than is usual for his activity
  • (oo) the customer indicates the purpose of the transaction, which is hardly compatible with his activity
  • (pp) the customer is a non-profit or charitable organization and the purpose of the business that he or she communicates is contrary to the activity that he or she states or publicly declares.

(2) The present list is only a non-exhaustive. Practical experience can include also other circumstances not stated here, these indicate that the service might be used to legalize the proceeds of crime and financing terrorism, therefore this could the case of a suspicious business.

(3) On the other hand, if the business shows any of the stated features, this is not necessarily the case of a suspicious business.

Business that is always suspicious

(1) The always suspicious business is that one which shows at least one of the following features:

  • (a) A customer refuses to undergo the verification or does not support us with sufficient cooperation during the verification and check (typical customer reaction: "I am not going to discuss something like this with you…" or "This is not your business…" or a customer suddenly stops the dialog).
  • (b) A customer refuses to submit identification data of a person, on behalf of which he/she is acting.
  • (c) A customer of its beneficial owner (in case of a legal person) is a person, towards which the Czech Republic applies the international sanctions in accordance with applicable law on international sanctions application.
  • (d) Subject matter of the business is or should be the goods or services towards which the Czech Republic applies the sanctions in accordance with applicable law on international sanctions application

XI. Obligation to Assess Regulations and Update Them

Frequency of assessment of AML rules and updates

(1) The responsible person shall assess, at least every 12 calendar months, whether the provisions set out in this document and in the Risk Assessment document are current, proportionate to the nature, scale and complexity of currency exchange services and related activities. If necessary, it performs or arranges for updates to keep the regulations current and in line with the actual situation.

(2) In addition to this regular 12-month interval, the responsible person shall, without undue delay (ideally in advance), review and update this document and the Risk Assessment if any such need arises:

(3) The responsible person will always create a written record of the assessment result and any further steps (whether the update and other details have been made).

(4) If there is a change in the Risk Assessment, the responsible person shall record the procedures used to draw up or update the Risk Assessment and shall also record the reasons on which it has drawn the conclusions contained therein.

(5) Furthermore, if the procedures set out in this document or in the Risk Assessment are substantially changed, the responsible person will organize training for the staff affected. It will record the content and attendance of the training.

(6) Changes in this document and in the Risk Assessment are approved by the Company's statutory body.

XII. Amendments to Regulations

Monitoring of Amendments to Regulations

(1) Persons responsible, i.e., an AML officers, are obliged to perform permanent monitoring of the development in the field of measures against legalization of proceeds of crime and financing of terrorism (i.e., the Acts, Decrees, Notices, etc.). Relevant regulations are published by the FAU (Financial Analytical Office) on its websites www.financnianalytickyurad.cz, and also on the websites of the Czech National Bank at: https://www.cnb.cz/cs/dohled-financni-trh/legislativni-zakladna/legalizace-vynosu-z-trestne-cinnosti/. The websites shall be understood as information source only, and a person responsible shall be actively involved in this kind of activity.

XIII. Contact

For any inquiries or further clarification regarding our AML policy, please do not hesitate to contact our dedicated compliance team: