Sign in Sign up

Anti-money laundering and "Know-Your-Client" (AML & KYC) Policy

Document overview

Version (date): 1.0, dated 20.12.2022
Company name (information): EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE
Approved by: Daniel Pande Raja - MLRO
Distribution: Internal and to whom it may concern

TABLE OF CONTENTS

INTERPRETATION

INTRODUCTION

1. RISK ASSESSMENT
1.1 REGULATORY FRAMEWORKS
1.2. RISK BASED APPROACH AND CLIENT RISK GROUPS
1.3. RISK ASSESSMENT CRITERIA AND PROCEDURE
1.4. SANCTIONS SCREENING
1.5. POLITICALLY EXPOSED PERSONS (PEPs)
1.6. PROHIBITIONS ON CLIENT RELATIONSHIPS

2. RISK MITIGATION MEASURES
2.1. CLIENT RISK MITIGATION PROCEDURE
2.2 CLIENT DUE DILIGENCE
2.3. CLIENT IDENTIFICATION.
2.4. SIMPLIFIED DUE DILIGENCE (SDD)
2.5. ENHANCED DUE DILIGENCE (EDD)
2.6. BENEFICIAL OWNERSHIP IDENTIFICATION

3. TRANSACTION MONITORING
3.1. GENERAL PROVISIONS
3.1.1. DESCRIPTION OF CRYPTO ACTIVITIES
3.2. TRANSACTION MONITORING PROCEDURE
3.3. ENHANCED TRANSACTION MONITORING
3.4. CRYPTO TRANSACTION MONITORING

4. MLRO'S ROLES AND RESPONSIBILITIES
5. SUSPICIOUS ACTIVITY AND TRANSACTION REPORTS
6. TRAINING OF EMPLOYEES

APPENDIX А RESTRICTED COUNTRIES

INTERPRETATION

Company EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE
Beneficial Owner (UBO) Any natural person who ultimately owns or controls a client and (or) the natural person on whose behalf a transaction or activity is being conducted. Beneficial owners include beneficial owners of corporate entities, beneficial owners of trusts and beneficial owners of legal entities such as foundations, or legal arrangements similar to trusts. Beneficial owners may own or control the client through either direct or indirect ownership
Business Relationship Any business, professional or commercial relationship which is connected with the professional activities of the client and which is expected, at the time when the contact established, to have an element of duration
Cardholder Cardholder is the client of merchant willing to make a payment for goods or services offered at the website
CDD (Client Due Diligence) Identifying and verifying the identity of the client and any beneficial owner of the client, and obtaining information on the purpose of intended nature of the business relationship
Cryptocurrency A digital currency in which transactions are verified and records maintained by a decentralized system using cryptography, rather than by a centralized authority
Criminal Conduct Conduct which constitutes an offence in or would constitute an offence in any part of El Salvador if it occurred there
CTF Counter terrorism financing
CurrencyCloud Engine with embedded Transaction Monitoring functionality
Direct Ownership A shareholding of 25% plus one share or an ownership interest of more than 25% in the client held by a natural person
Enhanced Due Diligence (EDD) Additional client due diligence measure that must be applied:
  • where the client has not been physically present for identification purposes;
  • where the client is a PEP or in any other situation which by its nature can present a higher risk of money laundering or terrorist financing
Enhanced Transaction Monitoring Monitoring of client transaction which is conducted additionally to transaction monitoring. The scope of transaction monitoring may include due diligence of all counterparties of the transaction, identification of their beneficial ownership and corporate governance structure, analysis of agreement, identification of the source of funds, examination of customs and tax declarations, etc.
Family members of PEPs Any of the following persons:
  • the spouse, or a person considered to be equivalent to a spouse, of a politically exposed person;
  • the children and their spouses, or persons considered to be equivalent to a spouse, of a politically exposed person;
  • the parents of a politically exposed person
FIU PPATK (Pusat Pelaporan dan Analisis Transaksi Keuangan/ Center for Financial Transaction Reporting and Analysis)
Fiat money Fiat money is government-issued currency that is not backed by a physical commodity, such as gold or silver, but rather by the government that issued it.
KYC Know Your Client
MLRO (Nominated Officer) Money Laundering Reporting Officer, a person responsible within the company for the oversight of all activity related to anti-financial crime issues
Persons known to be close associates of PEP Any of the following persons:
  • natural persons who are known to have joint beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person;
  • natural persons who have sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a politically exposed person
Politically Exposed Person (PEP) A natural person who is or who has been entrusted with prominent public functions, and includes the following:
  • heads of states, heads of governmental authorities, ministers and deputy or assistant ministers;
  • members of parliament or similar legislative bodies;
  • members of the governing bodies or political parties;
  • members of supreme courts, of constitutional courts or other high level judicial bodies, the decisions of which are not subject to further appeal, except in exceptional circumstances;
  • members of courts of auditors or the boards of central banks;
  • high ranking officers in the armed forces;
  • members of the administrative, management or supervisory bodies of state owned enterprises;
  • directors, deputy directors and members of the board or equivalent function of an international organization
The definition excludes middle ranking or more junior officials.
Transaction The provision of any advice by a business or individual to a client by way of business, or the handling of the client’s finances by way of business. A transaction could be simply operating across a client’s account
Transaction Monitoring Monitoring of client transaction with towards money laundering and terrorist financing risks. Historical and current information and interactions of a client is assessed within transaction monitoring

INTRODUCTION

This document, approved by Daniel Pande Raja (MLRO), describes the Company's AML&KYC Policy The policy is based on the approved guidelines issued by OECD and FATF.

The KYC guidelines have regularly been revised in the context of the recommendations made by the FATF and OECD on KYC, AML, CTF and other standards. These guidelines advise Financial Institutions (FI) to follow certain client Identification Procedure for opening of accounts and monitoring suspicious transactions in order to report to appropriate authority.

Any changes to this document must go through the same process as described above.

RISK ASSESSMENT
1.1 REGULATORY FRAMEWORKS

The legislation governing money laundering and terrorist financing and the fight against it is as follows:

1.2 RISK BASED APPROACH AND CLIENT RISK GROUPS

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE applies a “risk-based approach” to its clients. This approach includes the following consequent actions applied to each client:

a) identifying money laundering and terrorist financing risks that a relevant to the client’s business;
b) carrying out risk assessment in the course of onboarding and periodically in the course of business relations, with the emphasis of the client’s behavior, delivery channels, patterns and irregularities;
c) designing and putting in place effective controls for the client;
d) overseeing and monitoring the client’s practices, improving the established controls, where necessary;
e) maintaining records of risk assessment carried out.

Records of risk assessment must be approved by the MLRO. The MLRO has sufficient seniority and experience to approve the risk assessment of each client.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE continuously reviews its implementation of risk-based approach based on best practices of applying risk-based approach, adopted in a public and private sector.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE does not provide its services to the companies, if their activity relates to the following:

Technological risk
Company also takes into account Technological risk factors when assessing risk and the extent of measures which should be taken to manage and mitigate that risk. The Company’s business model of receiving or paying cryptocurrencies, converting to fiat, and transmitting fiat funds to a merchant.

Our Risk Assessment of the Company’s vulnerability to being utilized in any or all of these stages of money laundering is based upon a review how the business model targets client segments in each jurisdiction, outsourcing arrangements especially of critical activities, volumes of transactions, how a client’s use of our services develops as their relationship with the Company matures, and the basis on which we select cryptocurrencies to be made available for conversion into fiat; all these parameters may feature in determining on what basis the Company may be exposed to money-laundering.

However, the new technologies are also opening the way for the new types of monitoring. For example, the biometric face match and analysis of all parts of the blockchain in order to trace all illegal activities happened to the analyzed funds.

Client risk groups
All clients are classified into three risk groups:
a) low risk clients;
b) medium risk clients;
c) high risk clients.

Criteria for the classification include:
a) client risk factors, including whether:
(i) the business relationship is conducted in unusual circumstances;
(ii) the client is resident in a geographical area of high risk;
(iii) the client is a legal person or legal arrangement that is a vehicle for holding personal assets;
(iv) the client is a company that has nominee shareholders or shares in bearer form;
(v) the client is a business that is cash intensive;
(vi) the corporate structure of the client is unusual or excessively complex given the nature of the

b) company’s business, namely product, service, transaction or delivery channel risk factors, including whether:
(i) the product involves private banking;
(ii) the product or transaction is one which might favour anonymity;
(iii) the situation involves non-face-to-face business relationships or transactions, without certain
safeguards, such as electronic signatures;
(iv) payments will be received from unknown or unassociated third parties;
(v) new products and new business practices are involved, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products;
(vi) the service involves the provision of nominee directors, nominee shareholders or shadow directors, or the formation of companies in a third country;

c) geographical risk factors, including:
(i) countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective systems to counter money laundering or terrorist financing;
(ii) countries identified by credible sources as having significant levels of corruption or other criminal
activity, such as terrorism, money laundering, and the production and supply of illicit drugs;
(iii) countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations;
(iv) countries providing funding or support for terrorism;
(v) countries that have organisations operating within their territory which have been designated by countries governments, international organisations as terrorist organisations; (vi) countries identified by credible sources, such as evaluations, detailed assessment reports or published follow-up reports published by the Financial Action Task Force, Asia/Pacific Group on Money Laundering (APG), the International Monetary Fund, the World Bank, the Organisation for Economic Co-operation and Development or other international bodies or nongovernmental organisations as not implementing requirements to counter money laundering and terrorist financing that are consistent with the recommendations published by the Financial Action Task Force.

Low risk clients

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE uses its risk assessment in every case to determine the risk category for clients. Whilst easily identifiable clients may be indicative of lower risk, it must still consider the other relevant factors before a conclusion is drawn.

If a business relationship with, or transaction of the client has been assessed to represent a low risk of money laundering, such client should be deemed to be of low risk. Low risk clients are subject to simplified due diligence measures.

Low risk with full KYC documentation on file is subject to approval by MLRO on a case-by-case basis.

The following clients may be deemed to be of low risk:
a) public administration, or publicly owned enterprise;
b) a credit institution or a financial institution which is supervised for compliance with those requirements in accordance with OJK Regulation No.12/POJK.01/2017, 2017;
c) a company whose securities are listed on a regulated market, and the location of
the regulated market.

The following products, services, transactions or delivery channels may be deemed to be of low risk:
a) a life insurance policy for which the premium is low;
b) a financial product or service that provides appropriately defined and limited services to certain types of clients to increase access for financial inclusion purposes in El Salvador.

The following geographical factors (including where the client is resident, established, registered or operates) may be deemed to be of low risk:
a) El Salvador;
b) a third country which identified as having a low level of corruption or other criminal activity, such as terrorism, money laundering and the production and supply of illicit drugs, and has effective regulatory frameworks, monitoring and enforcement systems, as mat be officially reported by the Financial Action Task Force, the International Monetary Fund, the World bank, the Organization of Economic Co-operation and Development, etc.

Low risk clients and their beneficial owners must be identified, and their identities must be verified.

Medium risk clients

clients who are of neither high risk nor low risk (medium risk clients) include those remaining beyond the joint scope of high risk and low risk clients. They are subject to:

High risk clients

High risk clients include:

The above does not constitute an exhaustive list.

Ongoing monitoring of client identity

Ongoing monitoring of client identity is done on a risk-based approach according to the frequency of the client’s risk assessment. This includes all information within the client file.

1.3 RISK ASSESSMENT CRITERIA AND PROCEDURE

The client risk assessment scoring system represents by a numeric value the total money laundering and terrorist financing risk level of the client. The total number of points forms the overall risk profile of the client.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE determines and maintains the scoring assigned to each risk factor and ensures it is automated application to determine the client’s risk level.

The total client risk assessment scoring system score in the client’s overall risk profile is 100 points.

The above number of points in the client risk assessment scoring system upon the assessment of the nature of company’s economic activity and the client’s risks is broken down by risk segments as follows:

For each risk segment considered within the assessment, the risk score can never be zero. Whilst the risks within a factor can be extremely low, there is always an inherent money laundering and terrorist financing risk which needs to be acknowledged by EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE.

The monitoring employees ensure updates of the client’s risk profile by applying the client risk assessment scoring system each time when it is required to carry out due diligence of the client.

The client risk assessment scoring system is utilized to apply risk mitigation measures pursuant to this AML&KYC Policy or when EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE has obtained (through IT reports, client service or due diligence, mass media etc.) information concerning the client, its beneficial owner, personal or economic activity as well.

The monitoring employee, based on the risk assessment and the risk profile of the client (awarded score), determines the necessary due diligence measures and their regularity. The client’s due diligence measures and their regularity is determined based on the existing level of risk.

At least once a year or more often (if necessary) if EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE obtains information which indicates changes in information on which the initial numerical score assigned to the risk factors was based, the company updates the numerical score.

The total numerical score assigned to the client in the client risk assessment scoring system shall be set according to the risk score indicated below regarding each of the following risk factors:

Client risk:

The maximum value of client risk amounts to 33 points.

Risk enhancing factor Risk score
The legal entity with core activity in El Salvador. 1
The legal entity with core activity outside El Salvador but is a part of a publicly known foreign group with a good reputation. 2
The legal entity with core activity outside El Salvador and is not a part of a publicly known foreign group with a good reputation. 3
The legal formation, whose beneficial owner or representative is a PEP. 2
The legal entity recognized as a shell company. 3
The client or the beneficial owner of the client, or the representative of the client is an outsourced bookkeeper, lawyer or provides services for establishing and running legal entities who wish to conclude a contract with the company in his name to perform financial transactions on behalf of the client. 2
The activity of the client or the beneficial owner of the client is related to: gambling; encashment; cash, currency exchange, marketing services; IT development, foreign exchange transactions, trading precious metals, weapons and other activity that is hard to document and trace. 3
The client or the beneficial owner of the client is interested in the company’s assessment policies and procedures or procedures that apply to PEP. 1
The client or the BO of the client is a person related to the business sector with high risk of corruption. 2
The client or the beneficial owner of the client is a person related to the business sector where cash transactions have an essential role. 2
The reason for the establishment of the legal entity is unclear and the information on the legal and economic purpose of the client’s activity is general or limited or is not available. 2
It is suspected that the beneficial owner is attempting to hide their identity by using family members or closely associated persons. 2
The previous activity and professional experience of the client or the beneficial owner of the client is not related to the planned economic activity. 2
The economic activity does not correspond to the financial state of the client or the beneficial owner of the client. 2
The legal or economic grounds of the type of the client’s economic activity or transactions are unclear 2
Automatic report vendor received regarding the client indicates that the client has high risk. 2

National and geographic risk

The maximum value of national and geographic risk amounts to 20 points.

Risk enhancing factor Risk score
The client, the beneficial owner of the client or the main cooperation partner is related to a country or a territory included in the cabinet list of low tax territories. 2
The client, the beneficial owner of the client or the main cooperation partner is related to a country or a territory associated with financial or civil restrictions imposed by El Salvador, the UN, the USA or the EU. 2
The clients, the beneficial owner of the client or the main cooperation partner is related to a country or territory which is included in FATF list of "NonCooperative Countries or Territories" (NCCTs) or regarding which the FATF has issued a statement as a country or territory that has no laws and regulations for the money laundering and terrorist financing or where they have significant shortcomings and they do not meet international requirements. 2
The client, the beneficial owner of the client or the main cooperation partner is related to a country which is included in the list of states which have been identified as high money laundering and terrorist financing risk countries approved by the European Commission. 2
The client, the beneficial owner of the client or the main cooperation partner is related to a country where there are significant gaps in the area of money laundering and terrorist financing risk prevention. 2
The client, the beneficial owner of the client or the main cooperation partner is related to a country with a high level of crime that may result in money laundering 3
The client, the beneficial owner of the client or the main cooperation partner is related to a country or a territory where there are no requirements to submit reports on the financial activities of the company or it is allowed to register a company without specifying the actual location. 2
The client, the beneficial owner of the client or the main cooperation partner is related to a country with a high risk of corruption 2
The client, the beneficial owner of the client or the main cooperation partner is related to a country with an unstable political situation 3

Product/Services related risk

The maximum value of risk related to services and products used by the client amounts to 27 points.

Risk enhancing factor Risk score
The client requests options for anonymity and international use (e.g., online payments, prepaid cards, payment orders, payments made by phone and others) that provide an opportunity for large transactions (more than 10.000 EUR per month) or large number of orders (more than 10.000 per month). 3
The client has been set/assigned an unusually large transaction limit or unlimited transactions. 3
The client can carry out large, complex transactions (exceeding 10.000 EUR per month) with a large number of parties (more than 3). 3
The client has not participated in face-to-face identification. 3
The client is found through agents without money laundering and terrorist financing risk prevention requirements or are not adequately monitored. 3
The provision of financial services is based on technological solutions which limits the identification of the client and the information about the personal and economic activity. 3

Service and product delivery channel risk

The maximum value of service and product delivery channel risk amounts to 20 points

Risk enhancing factor Risk score
The annual credit turnover exceeds the equivalent of 120.000 EUR or significantly exceeds other, lower threshold (10 percent of the limit value) set by EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE based on the results of the investigation of the client’s economic activity. 2
At least six months elapse between the date of the first transaction for the benefit of the client and the date of establishing the business relationship with the client, and the monthly credit turnover has reached the equivalent of 10.000 EUR. 2
The average number of operations per month exceeds 10.000 EUR. 2
The average amount per operation exceeds 1000 EUR 2
The client is an association or foundation and during the business relationship money is transferred abroad and the amount of the transaction exceeds the equivalent of 10.000 EUR. 2
The client risk assessment scoring system shall include the following information:

Each assessment score shall be recorded in the client risk assessment scoring system, as well as printed and signed by the employee who performed the risk assessment and added to the client’s file.

Before establishing business relationship, the monitoring employee, upon receiving the potential client’s risk score in the client risk assessment scoring system, should:
During the business relationship, the monitoring employee, upon receiving the potential client’s risk score in the client risk assessment scoring system, should:

The monitoring employee, in regard to each client, shall monitor whether the risk score assigned to the client is effective and complies with the management of the relevant risks. Having found gaps or inconsistencies in the client risk assessment scoring system the client monitoring employee shall immediately notify the MLRO responsible for money laundering and terrorist financing risk prevention.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE shall terminate the business relationship with the client if within 30 days after the preconditions for due diligence have been established the minimum requirements for client due diligence cannot be met and there is no sufficient evidence to provide the legal and economic purpose of the client’s transactions.

The client’s risk score assigned in client risk assessment scoring system upon making the decision on the cooperation with the potential client or the cooperation with the existing client and:

1.4. SANCTIONS SCREENING

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE screens each client against:

The Company uses AML screening solution for quick identification of persons associated with criminal activity or those who are prohibited from certain industries and activities.

The scope of sanctions screening includes, without limitation, the following:

Should onboarding process in relation to any client be initiated, PT. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE screens the client on a daily basis, until the client relationship ends.

Each transaction is subject to sanctions screening, regardless of value of the transaction and the client’s risk status or other characteristics. No transaction is effected unless sanctions screening is conducted via special software.

Sanctions screening is run by MLRO. He or she is responsible for running the software and reviewing screening output. If a client is found in any of the above listed sanctions lists, he or she informs the MLRO immediately.

The MLRO investigates whether there is risk of money laundering or terrorist financing in the case or not, and decides to reject the transaction and (or) block the client’s assets, or to allow it.

client’s account would get blocked by MLRO and senior management would be notified. The MLRO is obliged to investigate each case of rejected transaction and determine possible money laundering or terrorist financing risks. Upon such investigation, the MLRO reports to the Director regarding the client who is suspected in money laundering or terrorist financing activities and recommends the Director what further actions should be taken.

Upon the MLRO’s recommendation, the Director decides to refuse to continue the client relationship or to continue them.

The MLRO reports each case of suspicious activity to competent authorities, regardless of the Director’s decision on the suspected client.

1.5. POLITICALLY EXPOSED PERSONS (PEPs)

PEPs are regarded as high-risk clients
Within the period when a PEP holds its status and the period of 12 months when the PEP ceases to hold its status, he or she is subject to:

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE ensures that all accounts of PEP are approved by MLRO in overall or each separately EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE runs a check against several databases to verify if the client is a PEP.

In addition, PEP status of the client is monitored with the use of automatic screening.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE requests from each client a written declaration of its PEP status. For identification of a PEP, the following sources are used by EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE:

The provisions of this section should apply to family members of PEP and the persons known to be close associates of PEP, as well as to the persons who has, at any time in the preceding year, been known to be a PEP, and the persons who are suspected to be a PEP.

1.6. PROHIBITIONS ON CLIENT RELATIONSHIPS

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE does not enter into, or does not continue, any client relationship with the clients, who(-se):

This above list is not exhaustive. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE may refuse to enter into or continue client relationship with any clients who is reasonably suspected in money laundering or terrorist financing.

Prohibition to cooperate with shell banks “Shell bank” means a credit institution or a financial institution, or an institution engaged in equivalent activities to those carried out by credit institutions or financial institutions, incorporated in a jurisdiction in which it has no physical presence involving meaningful decision-making and management, and which is not a part of a financial conglomerate.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE does not enter into, or continues a corresponding relationship with either a shell bank or a credit or a financial institution which is known to allow its account to be used by a shell bank

Banned clients
EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE does not provide its services to the companies, if their activity relates to the following:

2. RISK MITIGATION MEASURES

2.1 CLIENT RISK MITIGATION PROCEDURE

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE understands that the Risk Assessment starts during the underwriting stage. That is why client screenings are implemented in order to spot any potential threat to our business operations and to our reputation.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE partners with world`s first-class risk prevention and mitigation services enhances client checks by doing the following:

Also, during the underwriting stage, the client is provided with general and specific processing rules which serve as guidelines for future partnership with EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE. Among other things, such rules aim to anticipate and reduce the threats associated with each type of client.

Risk mitigation procedure:
The usage of internet online research tools and sources below has a significant role in AML risk mitigation process when speaking about the business client.
  1. information on the website;
  2. scoring systems usage;
  3. Website PageRank like Google;
  4. social bookmarks;
  5. wayback machine;
  6. reverse-IP analysis;
  7. text analysis;
  8. source code analysis;
  9. extensive internet research;
  10. corporate data collection sites;
  11. online complaints boards;
  12. reverse image search;
  13. Google analytics;
  14. TOR-browser and proxy server.

2.2 CLIENT DUE DILIGENCE

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE applies Due Diligence at the start of client engagement by identifying and verifying client identity on the basis of documents, data or information obtained from a reliable and independent source.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE conducts CDD both for natural clients, business clients, merchants and cardholders as detailed below.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE identifies the beneficial owner of the client (for both legal entities and individuals) and takes adequate measures, on a risk sensitive basis to verify his identity (including in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure).

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE creates policies and procedures that relate to client due diligence, ongoing monitoring, and suspicious transaction reporting and record keeping.

If any suspicions are identified, these should be raised to the MLRO for further investigation by completing the relevant internal suspicious activity report (SAR) form.

The purpose of the client due diligence (CDD) process is to collect, process, verify and keep the information about EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE clients, in order to minimize the possible and potential ML/TF risks. There are circumstances in which enhanced due diligence should be applied and those in which simplified due diligence may be appropriate:

Since EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE deals with clients whose residences are often outside of El Salvador, all foreign language documents received as a part of client due diligence that are not in English language must be translated by a professional into English.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE uses a minimal allowed limit of 100 EUR to those clients who have opened an account with minimum requirements. The specified turnover limit is applied separately to sending and receiving transactions, and the verification requirement applied when either of the two are exceeded.

In respect of products benefiting from due diligence, identity must be verified before cumulative turnover limits are exceeded. Therefore, the systems are in place to anticipate the approach of limits and to seek identification evidence in good time before the annual turnover limits are reached. The client’s account must be frozen if the limits are reached before the verification of identity has been completed.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE applies client due diligence measures when:

When the client is not a high value dealer or a casino, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE must also apply client due diligence measures if such relevant person carries out an occasional transaction that amounts to 10.000 EUR (or the equivalent in another currency (including cryptocurrency)) or more, whether the transaction is executed in a single operation or in several operations, which appear to be linked.

2.3 CLIENT IDENTIFICATION

Client identification is an essential element of ‘know your client’ (KYC) standards. Current KYC forms are available electronically on the www.bitritm.com after a client’s registration of its personal account.

Whether the client is a business or individual, the client should be identified in the risk assessment and with standard due diligence procedure implemented by EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE maintains a systematic procedure for identifying new clients and cannot enter into a service relationship until the identity of a new client is successfully verified.

For clients who do not provide the relevant KYC documentation for CDD purposes, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE must access the reasons why and, where appropriate, consider raising a SAR.

Procedures document and enforce policies for identification of clients and those acting on their behalf. The best documents for verifying the identity of clients are those most difficult to obtain illicitly and to counterfeit.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE pays special attention in the case of non-resident clients and in no case, short-circuit identity procedure is followed just because the new client is unable to present enough documents and information to satisfy the KYC and due diligence procedures followed.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE can be exposed to reputational risk, and should therefore apply enhanced due diligence to such operations. In each case reputational risk may arise if EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE does not diligently follow established KYC procedures.

Particular safeguards have been put in place internally to protect confidentiality of clients and their business, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE ensures that equivalent scrutiny and monitoring of these clients and their business is conducted, e.g. it is available to be reviewed by MLRO.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE must identify its client unless the identity of that client is already known to and has been verified by the relevant person. After the client has been identified, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE must verify the client’s identity unless the client’s identity has already been verified by the relevant person. Amount of information to be received from a client depends on whether the client is a legal entity or an individual (natural person), namely:

Сlients who refuse to provide information:

In a case where a potential merchant refuses to provide required information, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE would not establish any business relationship with this merchant. If EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE reveals the fact that cardholder who implements large amounts of transactions does not want to provide the information needed for establishing his/her identity EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE would not approve the transactions and further transactions made by this cardholder, unless he provides all required documents.

Сlients – insufficient or suspicious information:

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE scrutinizes transaction flow throughout the course of any business relationship to ensure consistency with the knowledge of clients, their business and risk profile.

The MLRO conducts ongoing monitoring of all high-risk activity including clients who regularly implement large amount of transactions.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE collects the following information for identification purposes respectively for legal entities and natural persons:

For natural persons (beneficiaries and authorities) – at minimum
For legal entities
List of acceptable identification - individual:
List of acceptable identification - legal entity:

KYC optional documents

For some specific clients’ applications (related to higher risk or for merchants providing services that may be regulated by some authorities) EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE might request some more specific documents:
Website compliance check EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE implements checks of clients’ websites that must comply with the following requirements. Every website that is about to be used for ecommerce processing must comply with the specific requirements regulated by card schemes (Visa/MC, Union): Contact information and client support are always verified by performing test calls/emails.
Automated check In addition to manual screening EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE screens its clients with the use of AML verification service providers - This verification services provider allows to achieve high accurateness of verification through the automated check system, namely:

2.4. SIMPLIFIED DUE DILIGENCE (SDD)

Simplified due diligence means not applying all measures of standard client due diligence. It is, however, still necessary to conduct on-going monitoring of the business relationship. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE must have reasonable grounds for believing that the client, transaction or product relating to such transaction falls within one of the categories set out and may have to demonstrate this to their supervisory authority.

SDD triggers

Usually, if the client is a well-known public authority, listed on a regulated market or their transaction is below a certain amount, to remove unnecessary friction, they are exempt from tougher CDD checks.

Prior to applying SDD, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE will conduct and document appropriate testing to satisfy itself that the client qualifies for the simplified treatment under this policy and applicable legislation.

If at any point during relationship with the client additional information, which suggests that the client or service may pose a higher risk than originally expected, becomes available, standard or enhanced due diligence shall be conducted according to established risk profile of the client.

SDD measures

Unlike in standard or enhanced due diligence, SDD does not require verifying a client’s identity. Clearly, for operating purpose PT. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE will nevertheless need to maintain a base of information about the client. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE may apply a ‘lighter touch’ in terms of the extent of CDD undertaken.

Also, under SDD, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE might omit sanctions and PEP’s screening procedure if a client is categorized as a low-risk.

2.3.4 ENHANCED DUE DILIGENCE (EDD)

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE conducts enhanced due diligence in the following cases:
The scope of enhanced due diligence includes the following:

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE increases the degree and nature of monitoring, in order to determine whether those transactions or activities appear suspicious.

In addition to the actions reflecting the minimum scope of enhanced due diligence, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE may perform identification of the source of funds, by requesting the client’s declaration on its origin of funds, analyzing its tax filings, and transactions documents. The degree of enhanced due diligence is determined by MLRO on a case-by-case basis.

2.6. BENEFICIAL OWNERSHIP IDENTIFICATION

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE analyses the entire ownership chain of each client who is a body corporate. Such ownership chains may include persons with significant control, who may be represented by legal entities, individuals, trusts and firms.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE keeps records of actions taken in order to identify the beneficial ownership. In each case, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE determines the nature and extent of the beneficial interest is held.

The documents specified in this section are additional to the documents collected by EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE in the course of due diligence. The data obtained from the documents should be compared and analyzed comprehensively.

Procedure
EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE takes all reasonable steps to identify beneficial owners and control structure of each client, thus exhausts all possible means to perform, unless:
The scope of analysis under this section should be as follows:
To identify beneficial ownership of a client, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE relies on the following evidence:
The following information should be found in relation to each beneficial owner:
Circumstances which are indicative of beneficial ownership

In addition to cases when beneficial ownership is obvious, EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE may examine the client against common scenarios where a person exercises control over business. The scenarios demonstrate, what precisely may constitute a beneficial ownership. They include the following.

1) A person has absolute decision rights or veto rights related to the running of the client’s business, for example:
2) However, if a person holds absolute veto rights for the purposes of protecting minority interests in the entity then this is unlikely, on its own, to constitute control over the client. When used for the purposes of protecting minority interests these veto rights could include:

3) Where a person holds absolute veto rights over the appointment of majority of directors.

4) A person shall not be deemed having beneficial ownership where the absolute decision rights or veto derive solely from being a prospective vendor or purchaser in relation to the entity, for a temporary period of time.

5) A person has the right to exercise beneficial ownership over a trust or firm if that person has the right to direct or influence the running of the activities of such trust or firm. For example:

Such person may be the trustee, settlor, beneficiary or other person who is actively involved in directing activities of the trust.

6) In the case of a firm, such as a limited partnership, each person who controls the management or activities of the firm should be considered being a beneficial owner.

The above does not constitute an exhaustive list. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE should review each client against any other scenarios that are known to its management and employees.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE considers the following situations, which are indicative of a person actually is a beneficial owner.

1) All relationships that a person has with the client’s management bodies, including directors, should be taken into account, to identify whether the cumulative effect of those relationships places the individual in a position where they actually exercise beneficial ownership. For example: A director who owns important assets or has key relationships that are important to the running of the business (e.g. intellectual property rights), and uses this additional power to influence the outcome of decisions related to the running of the client’s business.

2) A person would be a beneficial owner if he or she is involved in the day-to-day management and direction of the client’s business activities. For example: A person who is not a member of the Management Board, regularly or consistently directs or influences a significant section of the board, or is regularly consulted on board decisions and whose views influence decisions made by the board.

3) A person whose recommendations are always or almost always followed by shareholders which hold the majority of the voting rights in the entity, when they are decided how to vote. For example:
Where a founder of the entity no longer has a significant shareholding in it, but makes recommendations to the other shareholders on how to vote, and their recommendations are generally followed.

3. TRANSACTION SCREENING

3.1 GENERAL PROVISIONS

Each transaction of a client is subject to transaction monitoring.

Enhanced transaction monitoring should apply to on a risk-based approach, and specifically to the following categories:

Transaction monitoring and enhanced transaction monitoring are conducted on a real time basis, i.e. where a transaction takes place or is about to take place.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE does not allow:
Transaction limits
The following transaction thresholds are imposed in relation to different categories of client:
Risk factors
The following factors increasing risk of money laundering and terrorist financing are considered in the course of transaction monitoring: The listed above shall not constitute and exhaustive list.

Money laundering scenarios and “red flags”

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE puts emphasis on stages of and related scenarios of money laundering and terrorist financing. In the course of transaction monitoring,

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE examines transaction patterns in order to detect risks of criminal activity.

“Red flags” are indicative of such activity. At every stage of money laundering and terrorist financing, the following is under scrutiny.

Stage Red flags
Placement - cash generated from crime is placed in the financial system. The funds are transferred or moved into other accounts or other financial institutions in order to separate the money from its criminal origin. When debit cards are used, a debit card may be obtained without exposing identity, and with the purpose to add illicit money into such debit card. Agents may be hired at this stage. Such agents are intended to deposit funds into multiple debit cards a) transactions from multiple accounts for the same receiver;
b) transactions from one account to multiple receivers;
c) transactions coming from accounts created by auction houses, betting sites or e-wallets or e-wallet mainly used by gambling and betting sites;
d) transactions from pre-paid credit cards;
e) depositing funds into multiple debit cards, especially when that is done by a hired agent.
Layering – money passes through complex transactions, often between different entities, probably in multiple jurisdictions. The funds are transferred or moved into other accounts or other financial institutions. When debit cards are used, funds are transferred among a significant amount of debit cards. a) Selling assets or switching to other forms of investment;
b) transferring money to accounts at other financial institutions,
c) wiring transfers abroad (often using shell companies),
d) depositing cash in overseas banking systems;
e) allocating funds among multiple debit cards.
Integration – the funds are made reappear in legitimate funds or assets through purchases, inheritance, loan payments, etc.
Debit cards may be used to repayment of loans, or as a pledge to apply for loan. 		a) Outgoing transactions to countries with not transparent banking systems, which were known as “offshore” countries;
b) clients are using funds of a sales of assets like as house or jewelry;
c) clients are using funds for purchases of real estate, buying stakes in companies or other large assets;
d) incoming or outgoing transactions from private people to a company;
e) transfers from prepaid credit cards to bank accounts;
f) transactions made to repay loans, or to provide a pledge for loan repayment.

3.1.1. DESCRIPTION OF CRYPTO ACTIVITIES

Operations Overview

Crypto to fiat payments overview
Providing wallets to clients ensures that acceptable cryptocurrencies are immediately available for exchange into fiat. Each wallet provided to the clients enables them to pay with cryptocurrencies using existing payment mechanism and wallets are managed and accessible solely through Company interfaces.

Each wallet will consist of an account established for a Client on the Company’s records to reflect the amount of each type of cryptocurrency that the Company holds in a custodial fashion and which is then available to purchase fiat. For each type of permitted cryptocurrency, the Company will maintain three separate multi-signature cryptocurrency wallets. The Company will use these Wallets only for the purpose of holding all cryptocurrency the Company receives in connection with the Wallets in a pooled custodial manner on behalf of its Clients, with the Company maintaining a sub-account ledge noting the amount of each type of cryptocurrency that it holds for each Client in the pooled Wallets.

In addition, the Company will generate Client specific public keys for the relevant pooled custodial wallet used by the Company to receive cryptocurrency. Clients will send cryptocurrency to these addresses, which will allow the Company to track such transfers on an individual Client basis.

The transfer of cryptocurrency assets depends upon a confidential transaction signing “key” which is associated with the wallet that holds the assets. Without this key the accounts are inaccessible, however possession of the key for cryptocurrencies provides the key holder with ability to immediately & irrevocably transfer the associated cryptocurrency.

The use of multi-signature wallets, which allow cryptocurrency assets to be assigned to a wallet that is linked to multiple private keys, with a majority of the keys needed to produce a valid transaction.

The Company uses 2-out-of 3 multi-signature approach, in which two keys are held online by the Company and one held offline for back-up purposes. When producing a new transaction, the transaction will be signed with the two online keys and then broadcast to the appropriate blockchain network for validation. A key advantage of a multisignature wallet is that the wallet can remain on-line while providing a heightened level of security since more than one key is needed to authenticate any given transaction.

Transfer of Cryptocurrency to a client’s wallet
To transfer cryptocurrency to a client wallet, a Client will make a request, through their preferred interface. The Company will then generate a unique transfer address, associated with one of the pooled custodial wallets used by the Company to receive Crypto currency and to which the client will send their cryptocurrency.

The client will then create a transaction transferring cryptocurrency from the client’s external wallet to the unique transfer address and submit it to blockchain to be validated.

Once validated by blockchain, thus finalizing the transfer of the cryptocurrency to the unique transfer address and this the associated pooled custodial wallet used by the Company to receive cryptocurrency, the Company will then credit the Client’s Wallet – that is the Company’s subaccount ledger noting the amount of cryptocurrency held for the

Client with the relevant type and amount of cryptocurrency
The Client is now in a position to use their cryptocurrency to convert into fiat and spend as the wish, Company, upon completing the conversion, will send fiat to either:

Transfer of Cryptocurrency from a client’s wallet
To transfer cryptocurrency from their wallet held with the Company to their external wallet, a client would log-on to their preferred interface, enter their request, authenticate and the submit to the Company.

Upon receipt of the transfer request the Company would check the requested transfer amount against the available balance in the Client’s Wallet and perform any checks required under the AML Procedure.

Once completed the Client’s Wallet balance will be reduced accordingly and the Company initiates a transfer of the relevant cryptocurrency by submitting an authenticated transaction i.e. one signed by 2 of the 3 keys as noted previously, to be validated by blockchain. Once validated, the transfer of the cryptocurrency to the Client’s external wallet will be complete.

3.2. TRANSACTION MONITORING PROCEDURE

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE operates transaction screening through special software and appoints responsible employees to run such software and perform non-automatically, when necessary.

The software is represented by Aksata, which operates 24/7.

Should any of the risk factors appear within the software, the responsible employee becomes aware of it and immediately reports a case of suspicious activity to MLRO. The suspicious transaction is blocked. The MLRO investigates the case and takes any (including several) of the following decisions:

3.3 ENHANCED TRANSACTION MONITORING

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE conducts enhanced ongoing monitoring in the following cases: The lower transaction thresholds may be imposed, as MLRO may decide.

3.4 CRYPTO TRANSACTION MONITORING

The Company is exposed to two primary aspects of transactions, the first is the inbound transactions, the receipt of crypto from clients to fund the clients intended crypto spending.

The second is the outbound payments, whether with cards or bank payments. There is a technical third issue raised by the partners acting to interchange the crypto for fiat, but this will be dealt with by only operating with a small number of regulated or otherwise reputable partners.

Inbound Crypto Transactions
Company monitors on an ongoing basis all transactions (however complex, unusual, suspicious, large or other transactions). The Company’s outsourced partner for undertaking transaction analysis is Chainalysis and their capability covers Bitcoin, Ethereum, Litecoin and other major coins.

In essence, Chainalysis takes an entire history of coin transactions and runs clustering algorithms over them to estimate wallets. Two different clustering or heuristic techniques are used to estimate wallet addresses, Co-spend and Behavioural, this forms the basis for transaction monitoring activity to be undertaken by Compliance.

Note SAR’s are not automatically submitted as a consequence of alerts issued by our transaction monitoring activities; rather, the requirement is to submit after monitoring, in essence detecting those transactions that fall outside the expected parameters for that profile of client(s), these being included in our exception alerts and after suitable investigation of the transactions, values, sources of transactions.

Transaction reporting capability will be calibrated to issue exception alerts on transactions that fall outside normal parameters or those that may flag higher risk provenance i.e. emanating from dark net markets.

The Company shall monitor the activities of any individual involved in the activity that results in a SAR for repeated behaviour and will report on recurring activity as appropriate to the FIU.

Comprehensive guidance on reporting SAR’s may be found in the FIU website which outlines how SAR’ may reported online or manually.

Outbound Transactions
The other side of the Company’s transaction risk is where we transmit fiat cash to third parties, both card payments and bank payments.

We are working to extend our systems to allow us to build a client profile that allows us to monitor the behaviour of the client, as well as monitoring the client in general against adverse media lists (not just PEP lists).

All individual transfers out by bank transfer should be run against blacklists of bank accounts available from anti money laundering system providers.

Any attempts to send funds to known blacklist payments accounts will be blocked and will result in a referral to compliance for investigation and the possible raising of a SAR.

client behaviour profiles will signal unusual information that can be blocked unless the client is able to explain to the satisfaction of Compliance.

4. MLRO’S ROLES AND RESPONSIBILITIES

All staff must take steps to ensure compliance with this policy and ensure that they fully understand the material contained in this document.

Responsible for overall compliance policy of EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE and ensuring adequate resources are provided for the proper training of staff and the implementation of risk systems. This includes computer software to assist in oversight.

The MLRO (Money Laundering Reporting Officer) holds copies of all training materials. Updated AML training is given annually. Records of all training including dates delivered and by whom are kept both centrally and on staff personnel files.

Senior management will be sent monthly updates by the MLRO on compliance. They will also receive and consider the annual MLRO report and implement any recommendations made within it. Assistance may be given to the MLRO in the preparation of the AML manual.

The MLRO of EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE is also holding the formal position of CRO (Chief Risk Officer) organizing the company risk management using the risk mitigation and fraud prevention tools and procedures. EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE has a risk-based approach that is why we have chosen our MLRO to become the company CRO to guide and lead us in this way.

All issues related to any noticed suspicious activity must be referred to MLRO in the first instance. The duties of the Money Laundering Reporting Officer include:
  1. Monitoring the firm’s compliance with AML obligations;
  2. Being designated for, and accessible to, receiving and reviewing reports of suspicious activity from employees;
  3. Considering of such reports and determining whether any suspicious activity as reported gives rise to a knowledge or suspicion that a client is or could be engaged in money laundering or terrorist financing;
  4. Overseeing communication and training for relevant employees;
  5. Ensures that the firm keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports are filed. The Money Laundering Reporting Officer is vested with full responsibility and authority to enforce the firm’s AML program;
  6. To receive disclosures from employees (also known as Suspicious Activity Report-SAR’s);
  7. To decide if disclosures should be passed on to the Financial Intelligence Unit (FIU);
  8. To review all new laws and decide how they impact on the operational process of the company;
  9. To prepare a written procedures manual and make it available to all staff and other stakeholders;
  10. To make sure appropriate due diligence is carried out on clients and business partners;
  11. To receive internal Suspicious Activity Reports (SARs) from relevant staff;
  12. To keep and review records of all decisions relating to SARs appropriately;
  13. To ensure that relevant staff receive appropriate training, when they join and that the receive regular refresher training on annual basis or if necessary;
  14. To monitor business relationships and record reviews and decisions taken;
  15. To make a decision on continuing or terminating trading activity with particular client;
  16. To make sure that all business records are kept for at least five years from the date of the last client transaction.

Provision of Exemptions:
MLRO may only grant an exemption where he is clearly required, or where practical experience reveals that it is necessary to do so. All exemptions will be considered on a case-by-case basis.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE has adopted a risk-based approach to achieving its regulatory objectives and exemptions should not be considered as a way to avoid meeting our regulatory obligations. Careful consideration will be given to issues of transparency, equity and competitive neutrality in issuing exemptions.

5. SUSPICIOUS ACTIVITY AND TRANSACTION REPORTS

MLRO shall be responsible for reporting to Financial Intelligence Unit. Each employee who is involved in activities under this AML&KYC Policy, should immediately report MLRO of the cases where criminal acidity is seen.

Procedure
EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE reports to FIUs in a state of its business activities in the manner prescribed by the PPATK (Center for Financial Transaction Reporting and Analysis) Español laws promptly reports to FIUs when it knows, suspects or has reasonable ground to suspect that funds, regardless of the amount involved, are the proceeds of criminal activity or are related to terrorist financing EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE is obliged to promptly respond to requests by the FIU for additional information on such cases.

All suspicious transactions, including attempted transactions, must be reported immediately, including the events where it was discovered that the transaction is related to proceeds of criminal activity after the moment when such transaction was made. The scope of report should include the fact of suspected criminal activity, parties and beneficiaries of the transaction.

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE ensures that it does not carry out any transactions which are known to be related to proceeds of criminal activity, and comply with instructions issued by FIU on such transactions.

6. TRAINING OF EMPLOYEES

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE ensures that its employees involved at anti-money laundering and counter terrorist financing meet relevant Training and Competence requirements and are competent enough for carrying out relevant activities.

MRLO is responsible to oversee that the above requirements are fulfilled, on an annual basis.

MRLO develops and maintains training schedules for the employees and arranges refresher training annually.

MRLO supervises daily performance of the employees and raises disciplinary issues, when necessary. The following requirements should be met:

EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE ensures that its employees are aware of the typologies that criminals use, as they are identified by relevant authorities, as well as the scenarios defined to detect them, the red flags to identify them and the investigation techniques to validate them.

APPENDIX A "RESTRICTED COUNTRIES"

In order to meet anti-money laundering and sanction screening requirements, currently EXCHANGE TECHNOLOGIES, SOCIEDAD ANONIMA DE CAPITAL VARIABLE cannot make payments to the following countries:

Afghanistan Republic
Algeria People's Democratic Republic
Angola Republic
Bahamas Commonwealth
Belarus Republic
Bolivia Plurinational State
Botswana Republic
Burkina Faso Republic
Cambodia Kingdom
Central African Republic
Columbia Republic
Congo Democratic Republic
Cote d’Ivoire Ivory Coast
Crimea Region Republic
Cuba Republic
Eritrea State
Ethiopia Federal Democratic Republic
Ghana Republic
Iceland Republic
Iraq Republic
Iran Islamic Republic
Lebanon Republic
Liberia Republic
Mongolia Republic
Mozambique Republic
Myanmar Union Republic (formerly Burma)
Namibia Republic
Nigeria Federal Republic
North Korea Democratic People's Republic
Northern Cyprus
Turkish Republic (Lefkosa)
Pakistan Islamic Republic
Palestinian Territory (State of Palestine)
Panama Republic
Serbia Republic
Sierra leone Republic
Somali Federal Republic
South Sudan Republic
Sri Lanka Democratic Socialist Republic
Sudan Republic
Swaziland (Eswatini Kingdom)
Syria Arab Republic
Timor-Leste Democratic Republic (East Timor)
Trinidad and Tobago Republic
Tunisia Republic
Turkmenistan Republic
Vanuatu Republic