Dear Nodexx users worldwide,
Please read Nodexx’s AML (Anti-Money Laundering) and KYC (Know Your Customer) policies carefully.
Nodexx’s AML/KYC Policies and Procedures
This policy concerns Nodexx’s Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) policies and procedures. This policy is for general informational purposes only and does not create any legal obligations for Nodexx and/or any other person (natural or otherwise).
A. Principles and Approaches of Nodexx AML/CFT Operations
Nodexx is committed to supporting AML/CFT operations. In principle, we are dedicated to:
Conducting due diligence when dealing with our customers and natural persons appointed to act on behalf of our customers;
Developing business in accordance with high ethical standards and preventing, as much as possible, the establishment of any business relationships related to or potentially facilitating money laundering or terrorist financing;
Making every effort to assist and cooperate with relevant legal authorities to prevent threats of money laundering and terrorist financing.
B. Nodexx’s Risk Assessment and Risk Mitigation Approach
Risk Assessment
We expect most of our clients to be retail customers, and as of the date of this policy release, we primarily operate in the Republic of Seychelles.
In this regard, we will:
a. Record and/or collect documents regarding the following:
1) The identity of our customers;
2) The country or jurisdiction from which our customers come or where they are located; and
b. Based on our knowledge, skills, and capabilities, ensure assessment and screening of our customers, their related parties, natural persons appointed to act on behalf of customers, and customers’ beneficial owners with the assistance of designated individual and entity lists, which include (but are not limited to) the following categories:
Democratic People's Republic of Korea;
Democratic Republic of the Congo;
Iran;
Libya;
Somalia;
South Sudan;
Sudan;
Yemen;
UN1267/1989 Al-Qaeda Sanctions List;
UN1988 Taliban Sanctions List;
Persons identified in Schedule 1 of the Terrorism (Suppression of Financing) Ordinance (Cap. 325).
Risk Mitigation
If identified, we will not engage with any individuals or entities listed on the designated individual and entity lists.
C. Our New Products, Practices, and Technological Approaches
We will provide appropriate advice on identifying and assessing money laundering and terrorist financing risks that may arise from:
The development of new products and new business practices, including new delivery mechanisms;
The use of new or emerging technologies for new and existing products. We will pay particular attention to any new products and business practices that facilitate anonymity, including new delivery mechanisms, and new or emerging technologies such as digital tokens that facilitate anonymity (whether securities, payment, and/or utility tokens).
D. Our Customer Due Diligence (CDD) Approach
We do not open, maintain, or accept anonymous or pseudonymous accounts.
If we have any reasonable grounds to suspect that a customer’s assets or funds are proceeds of drug trafficking or criminal activity, we will not establish a business relationship with the customer or conduct transactions on their behalf. We will submit a suspicious transaction report for such transactions and provide a copy to the relevant financial intelligence units.
We will perform customer due diligence in the following circumstances:
When establishing a business relationship with any customer;
When conducting transactions for any customer who has not established a business relationship with us;
When receiving cryptocurrency transfers for customers who have not established a business relationship with us;
When money laundering or terrorist financing is suspected;
When there is suspicion about the authenticity or sufficiency of any information.
If we suspect that two or more transactions are or may be related, connected, or deliberately structured as smaller transactions to evade AML/CFT measures, we will treat these as a single transaction and aggregate their value to comply with AML and CFT principles.
Customer Verification
We will verify every one of our customers.
To verify our customers, we need to know at least:
Their full name, including any aliases;
Their unique identification number (e.g., ID number, birth certificate number, or passport number, or if the customer is not a natural person, their business registration number); or
Their registered address or registered business address (if applicable), and if the registered address differs from the business address, the primary place of business;
Their date of birth, establishment, or registration; and
Their nationality or place of registration.
If the customer is a legal entity, in addition to obtaining the above information, we will also determine its legal form, articles of association, and the rules and constraints governing the entity’s powers; we will also identify its related parties (e.g., directors, partners, and/or persons with executive authority) by obtaining at least the following information for each related party:
Full name, including any aliases; and
Unique identification number, such as the related party’s ID number, birth certificate number, or passport number.
Verifying Customer Identity
We will use reliable, independent source data, documents, or information to verify our customers' identities. If our customer is a legal person or legal arrangement, we will use reliable, independent source data, documents, or information to verify legal form, proof of existence, articles of association, and the rules and constraints governing the customer's powers.
Identifying and Verifying the Identity of Natural Persons Designated to Act
a. Customer Representatives
If a customer appoints one or more natural persons to represent them in establishing a business relationship with us, or if the customer is not a natural person, we will:
Identify each natural person acting or appointed to act on behalf of the customer by obtaining the following information:
Their full name;
Their unique identification number;
Address;
Date of birth;
Nationality; and
Verify the above natural persons’ identities using reliable, independent source data and documents.
We will also verify the appropriate authority of each natural person designated to act on behalf of our customers by obtaining:
Appropriate written evidence authorizing our customer to designate such natural persons;
Signature specimens of each natural person.
If the customer is a government entity, we will only obtain the information necessary to confirm that the customer is the government entity claimed.
Identifying and Verifying Beneficial Owners
We will inquire whether there are any beneficial owners related to the customer.
If the customer has one or more beneficial owners, we will identify them and take reasonable measures to verify their identities using relevant information or data obtained from reliable, independent sources. We should:
If the customer is a legal person —
Identify the natural persons who ultimately own the legal person (whether acting alone or jointly);
If there is doubt about whether the natural person ultimately owning the legal person is the beneficial owner, or if no natural person ultimately owns the legal person, identify the natural person who ultimately controls the legal person or owns the legal person (if applicable) with ultimate effective control; and
If no natural person is identified, identify the natural person exercising executive authority in such legal persons;
If the customer is a legal arrangement —
For trusts, identify the settlor, trustee, protector (if applicable), beneficiaries, and any natural person exercising ultimate ownership, control, or ultimate effective control over the trust; and
For other types of legal arrangements, identify persons holding equivalent positions.
If our customer is not a natural person, we will determine the nature, ownership, and control structure of the customer's business.
If any of the following customers’ beneficial owners exist, we will be required to confirm identities:
Entities listed on a stock exchange;
Entities listed on a stock exchange that are subject to regulatory disclosure requirements and sufficient transparency requirements regarding their beneficial owners;
Financial institutions;
Financial institutions which comply with and supervise AML/CFT requirements consistent with FATF standards; or
Investment instruments managed by financial institutions or subject to AML/CFT requirements consistent with FATF standards;
Unless we suspect the authenticity of the CDD information or suspect that our customer, the business relationship with the customer, or transactions conducted for the customer may relate to money laundering or terrorist financing.
We will also record the basis for our determinations.
Information on Business Relationships Without Account Opening and the Purpose and Expected Nature of Transactions*
When handling applications to establish business relationships or non-account-based transactions, we should understand and, where appropriate, obtain information from the customer about the purpose and expected nature of the business relationship or transaction.
Review of Transactions Without Account Opening*
If we conduct one or more transactions for a customer without opening an account (current transactions), we will review the customer's previous transactions to ensure the current transactions are consistent with our understanding of the customer, their business and risk profile, and the source of funds.
When establishing a business relationship with a customer, payment service providers should review all transactions prior to establishing the business relationship to ensure consistency with our understanding of the customer, their business and risk profile, and the source of funds.
We will pay particular attention to all complex, unusually large, or unusual transaction patterns that lack apparent economic purpose and do not involve account opening. We will investigate the background and purpose of such transactions as much as possible and record the investigation results to provide this information to relevant authorities if required.
To review transactions conducted without account opening, we will establish and implement appropriate systems and processes proportional to the scale and complexity of the payment service provider to:
Monitor transactions conducted without account opening for customers; and
Detect and report suspicious, complex, unusually large, or unusual transaction patterns conducted without accounts.
If there are reasonable grounds to suspect that transactions conducted without account opening relate to money laundering or terrorist financing, and we consider it appropriate to conduct the transaction, the payment service provider should confirm and record the reasons for conducting the transaction.
Ongoing Monitoring
We continuously monitor business relationships with customers. During the business relationship, we observe customer account activity and review transactions throughout the relationship to ensure transactions align with our understanding of the customer, their business, and risk profile, and, where appropriate, the source of funds.
If transactions involve transferring cryptocurrency to or receiving cryptocurrency from the following entities, we will implement our risk mitigation measures:
Financial institutions; or
Financial institutions that comply with FATF standards for AML/CFT requirements and are supervised accordingly.
We will pay particular attention to all complex, unusually large, or unusual transaction patterns throughout the business relationship that lack apparent economic or legitimate purpose. We will investigate the background and purpose of such transactions as much as possible and record the investigation results to provide this information to relevant authorities if required.
For ongoing monitoring purposes, we will establish and implement appropriate systems and processes proportional to the scale and complexity of the payment service provider to:
Monitor business relationships with customers; and
Detect and report suspicious, complex, unusually large, or unusual transaction patterns throughout the business relationship.
We will ensure that CDD data, documents, and information obtained about customers, natural persons appointed to act on behalf of customers, related parties, and beneficial owners are relevant and kept up to date by reviewing existing CDD data, documents, and information, especially for higher-risk customer categories.
If there are reasonable grounds to suspect that an existing business relationship with a customer relates to money laundering or terrorist financing and we consider retaining the customer appropriate:
We will confirm and record the reasons for retention; and
The business relationship with the customer will be subject to corresponding risk mitigation measures, including enhanced ongoing monitoring.
When assessing that a customer or business relationship is higher risk, payment service providers should apply enhanced CDD measures, including obtaining approval from senior management to retain the customer.
CDD Measures for Non-Face-to-Face Business Relationships or Transactions*
We will develop policies and procedures to address any specific risks related to non-face-to-face business relationships or non-face-to-face transactions conducted without opening an account (non-face-to-face business contacts).
We will implement these policies and procedures when establishing business relationships and conducting ongoing due diligence.
If no face-to-face contact occurs, payment service providers should apply CDD measures that are at least as rigorous as those required for face-to-face contact.
When payment service providers conduct the first non-face-to-face business contact, they should, at their own expense, engage an external auditor or independent qualified consultant to assess the effectiveness of policies and procedures, including any technological solutions used to manage impersonation risk.
We will appoint an external auditor or an independent qualified consultant to evaluate new policies and procedures and submit an evaluation report to the authorities within one year after the implementation of policy and procedural changes.
Reliance on Measures Executed by Acquired Payment Service Providers
When we (the acquiring payment service provider) acquire all or part of another payment service provider’s business, we will apply measures to customers obtained through that business at acquisition unless the acquiring payment service provider:
Simultaneously obtains all corresponding customer records (including CDD information) and has no doubts or concerns about the accuracy or sufficiency of the obtained information; and
Conducts due diligence without questioning the adequacy of AML/CFT measures taken by the acquired payment service provider for the business or part of the business now acquired, and records this process.
Measures for Non-Account Holders*
If we conduct transactions for any customer with whom we have no other business relationship, we will:
Perform CDD measures as if the customer has applied to establish a business relationship with the payment service provider; and
Record sufficient details of the relevant transactions to reconstruct the transactions, including the nature and date of transactions, types and amounts of currency involved, value dates, and detailed information about the payee or beneficiary.
Timing of Verification
We will complete identity verification of customers, natural persons designated to act on behalf of customers, and beneficial owners before:
Establishing a business relationship with the customer;
Conducting any transaction for customers who have not established a business relationship with the payment service provider; or
Realizing or receiving digital payment tokens for customers through value transfer where the customer has not established a business relationship with the payment service provider.
In the following cases, our providers may establish business relationships with customers before completing identity verification of customers, natural persons designated to act on behalf of customers, and beneficial owners:
Delaying verification is essential to prevent disruption of normal business operations; and
The risks of money laundering and terrorist financing can be effectively managed by the payment service.
If we establish a business relationship before verifying the identities of customers, designated natural persons, and beneficial owners, we should:
Develop and implement internal risk management policies and procedures specifying conditions for establishing such relationships before identity verification.
Complete identity verification as soon as reasonably practicable.
If Measures Are Not Completed
If we cannot complete the required measures, we will not start or continue any business relationship with any customer or conduct any transactions for any customer.
If we cannot complete these measures, payment service providers should consider whether the situation is suspicious and whether it is necessary to submit a suspicious transaction report.
Completion of measures means that the payment service provider has obtained, screened, and verified (including delayed verification as described in paragraphs 6.43 and 6.44) all necessary customer identification information as specified in paragraphs 6, 7, and 8, and has received satisfactory responses to all inquiries related to this necessary customer identification information.
Joint Accounts
For joint accounts, we will treat each joint account holder as an individual customer of the payment service provider and apply customer due diligence measures accordingly.
Screening
We will screen customers, natural persons designated to act on behalf of customers, related parties, and beneficial owners against information sources related to money laundering and terrorist financing and lists and information provided by authorities to identify any money laundering or terrorist financing risks.
We will conduct screening in the following situations and for the following persons:
When establishing a business relationship with a customer (or as soon as reasonably practicable after establishing the relationship).
Before conducting any transactions for customers who have not established a business relationship with the payment service provider.
Before facilitating or receiving digital asset transfers for customers who have not established any other business relationship with us.
Regularly after establishing a business relationship with a customer; and
Whenever there are any changes or updates to:
Lists and information provided by authorities to payment service providers; or
Natural persons designated to act on behalf of customers, their related parties, or beneficial owners.
We will screen all value transfer remitters and value transfer recipients against lists and information provided by authorities to determine money laundering or terrorist financing risks and record all screening results.
E. Our Enhanced Customer Due Diligence Approach
Politically Exposed Persons
We will use all reasonable means to determine whether customers, any natural persons designated to act on behalf of customers, any related parties, beneficial owners, or their family members or close associates are politically exposed persons (PEPs).
If a customer or any beneficial owner, family member, or close associate is identified as a politically exposed person, in addition to regular customer due diligence measures, we will at least carry out the following enhanced due diligence measures:
Obtain approval from senior management to establish and continue the business relationship with the customer.
Determine the wealth and source of funds of the customer and any beneficial owners by reasonable means.
Enhance monitoring of the business relationship with the customer during the relationship. For any seemingly unusual transactions, we will increase monitoring levels and escalate the nature of monitoring.
High-Risk Categories
We recognize that customers who have or may have higher money laundering or terrorist financing risks include but are not limited to the following situations:
If a customer or any beneficial owner comes from or is located in a country/region or jurisdiction where the Financial Action Task Force (FATF) requires AML and CFT measures, the payment service provider should treat any business relationship or transaction with such customers as having higher money laundering or terrorist financing risks.
If a customer or any beneficial owner comes from or is located in a country/region or jurisdiction identified by the payment service provider itself or notified by authorities or other foreign regulators as having known deficiencies in AML/CFT measures, the payment service provider should assess whether such customers have higher money laundering or terrorist financing risks.
We should apply enhanced customer due diligence measures for customers with higher money laundering or terrorist financing risks or any customers notified by authorities as having higher money laundering and terrorist financing risks.
F. Handling of Bearer Negotiable Instruments and Cash Payment Restrictions
We will not make any payments in the form of bearer negotiable instruments.
We do not make any cash payments in the course of conducting business.
G. Value Transfer Procedures (Implemented as Needed)*
If we are a remittance institution, before executing a value transfer, we should:
Identify the remitter and take reasonable measures to verify their identity (if not previously done).
Fully record details of the value transfer, including but not limited to the date of the value transfer, the type and value of the digital assets transferred, and the effective date.
If we are a remittance institution, the memorandum or payment instructions attached to or associated with the value transfer should indicate:
Name of the remitter.
Remitter’s account number (or unique transaction reference number, if applicable).
Name of the recipient.
Recipient’s account number (or unique transaction reference number, if applicable).
Value Transfers Exceeding a Specific Threshold
If we are a remittance institution, for value transfers exceeding a specific threshold, we should identify and verify the remitter’s identity, including the memorandum or payment instructions attached to or associated with the value transfer and the following:
Remitter’s address; or
Remitter’s registered address or business address (if different, the primary place of business should also be indicated).
Remitter’s unique identification number; or
Remitter’s date and place of birth, and registration or record of the value transfer.
We should immediately submit all information about the value transfer remitter and recipient to the receiving institution securely and keep records of all such information. If we, as a remittance institution, cannot meet these requirements, we will not execute the value transfer.
If we are the receiving institution, we should take reasonable measures to identify value transfers that lack necessary remitter or recipient information.
If we, as the receiving institution, pay the value of the transferred digital assets to the value transfer recipient in cash or cash equivalents, we should identify and verify the identity of the value transfer recipient (if not previously verified).
Before executing a value transfer, we should always review situations where value transfer remitter or recipient information is missing and record our follow-up actions.*
If we are an intermediary institution, we will retain all information related to the value transfer.
If we, as an intermediary institution, execute a value transfer to another intermediary institution or receiving institution, we should immediately provide the information attached to the value transfer to that other intermediary or receiving institution securely.
If we are an intermediary institution receiving a value transfer, we should retain all information received from the remittance institution or other intermediary institutions for at least five years.
We should take reasonable measures to identify value transfers missing necessary remitter or recipient information during straight-through processing.
H. Record Keeping
We will keep appropriate records for at least 5 years as required.
I. Personal Data*
We will protect customers’ personal data as required by regulations.
J. Suspicious Transaction Reports (STR)
We will notify the relevant authorities and submit suspicious transaction reports in accordance with the law. We will also retain all records and transactions related to all such transactions and suspicious transaction reports.
K. Our Compliance, Audit, and Training Policies
Among other measures, we will appoint an AML/CFT compliance officer at the management level, maintain independent audit capability, and actively conduct regular AML/CFT training for employees.
Comprehensive Enterprise-Wide Money Laundering/Terrorist Financing Risk Assessment
We will conduct a comprehensive enterprise-wide money laundering/terrorist financing risk assessment in three stages:
Stage 1: Inherent Risk Assessment We will assess the following inherent risks:
Customers or entities: We should assess the customers and/or entities we deal with.
Products or services: We should pay attention to recipients of over-the-counter cryptocurrency services.
Geographic scale: We must not deal with customers on the designated individual and entity lists.
Stage 2: Assessment of Risk Control Measures We will evaluate risk control measures related to the above situations. We will monitor any and all customers we consider suspicious and conduct enhanced due diligence on them.
Stage 3: Residual Risk Assessment We will assess residual risks after evaluating risk control measures.
Comments
0 comments
Article is closed for comments.