Anti-Money Laundering Policy
1. Purpose and Objective
Ad Cards Ltd is committed to being fully compliant with the provisions of the Money Laundering Regulations 2017, the Proceeds of Crime Act 2002 and anti-terrorism laws.
The purpose of this policy is to set the high-level principles and standards of management of financial crime risks, including money laundering, terrorist financing and sanctions breaches, for Ad Cards Ltd (the Company). The objective of this policy is to ensure regulatory compliance and to establish an internal framework that minimises the risk of sanctions breaches and any possible abuse of the Company’s products and services for money laundering and terrorist financing purposes, and this is in full alignment with the Company’s strategy.
2. Scope and application
The Policy applies to all employees and persons in a comparable position, all functions in the Company. The aim of the Company is not only to comply with relevant legal requirements, but also to mitigate and reduce the potential risk to the Company of our customers using our products and services to launder the proceeds of illegal activity, fund terrorist activity or perform transactions in breach of financial sanctions.
3. Target group
This Policy is relevant to all employees and contractors or sub-contractors of the Company. This policy is also available for any authority, government entity, partner, client or service provider upon request.
4. Requirements
The Company must comply with the relevant laws and regulations in force and may, based on its risk tolerance, adopt more exacting standards. The Company must comply with the requirements set out in the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 as amended (MLRs) and applicable sanctions regimes as detailed in this document.
5. Definitions
Money laundering and terrorist financing
For the purpose of this Policy, the act of Money Laundering shall have the same meaning as provided in Article 1(3) of the EU AMLD IV, which provides that it, when committed intentionally, encompasses:
(a)the conversion or transfer of property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s action;
(b)the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property, knowing that such property is derived from criminal activity or from an act of participation in such an activity;
(c)the acquisition, possession or use of property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation in such an activity;
(d)participation in, association to commit, attempts to commit and aiding, abetting, facilitating and counselling the commission of any of the actions referred to in points (a), (b) and (c).
Money laundering shall be regarded as such even where the activities which generated the property to be laundered were carried out in the territory of another Member State or in that of a third country. For the purpose of this Policy, the act of Terrorist Financing shall have the same meaning as provided in Article 1(5) of the EU AMLD IV, which provides that it encompasses; “the provision or collection of funds, by any means, directly or indirectly, with the intention that they be used or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offences within the meaning of Articles 1 to 4 of Council Framework Decision 2002/475/JHA”. For the purpose of this Policy the act of Terrorist financing refers to the provision or collection of funds, by any means, directly or indirectly, with the intention that they be used or in the knowledge that they are to be used, in full or in part, in order to carry out an act of terror, or that the funds will be used to support any terrorist group, persons or association.
Financial sanctions
Financial sanctions are measures imposed by national governments and multinational bodies which seek to alter the behaviour and decisions of other national governments or non-state actors that may (i) threaten the security of the global community, or (ii) violate international norms of behaviour (e.g. human rights violations). The Company will comply with the following sanctions measures:
1. The United Nations (UN) Security Council consolidated sanctions list;
2. The EU’s consolidated list of persons, groups and entities;
3. The US Department of the Treasury, Office of Foreign Assets Control (OFAC) sanctions lists;
4. The US Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) list;
5. The UK HM Treasury (HMT), Office of Financial Sanctions Implementation, “consolidated list of targets” Financial Crime
For the purpose of this policy, Financial Crime is used as the collective term for Money Laundering, Terrorist Financing and Violations of Financial Sanctions.
Risk Based Approach
The Company shall apply a Risk Based Approach (RBA) to AML/CTF. This encompasses identifying, assessing and understanding the ML/TF (Money Laundering / Terrorism Funding) risks to which the Company is exposed and to take measures proportionate to those risks for the purpose of mitigating them effectively. This means that the range, degree, frequency or intensity of controls will be more comprehensive in situations assessed as posing a higher ML/TF risk while these measures will be reduced in situations assessed as posing a lower ML/TF risk. Applying a RBA, thereby, allows the Company to target its resources in the most efficient manner. Situations assessed as posing a lower risk must never imply that control measures are not applied.
6. The Company’s measures towards money laundering/terrorist financing and financial sanctions
The Company is undertaking a number of initiatives to strengthen its ability to ensure its compliance with the requirements outlined in this Policy. The Company will, therefore, continually assess its existing policies, procedures, controls and IT system and make necessary changes so as to be most effective in accordance with the risk based approach.
Governance
The Directors have to ensure that there is a robust approach within the Company to prevent money laundering, terrorist financing and breaches of financial sanctions. It is the responsibility of the Executive Board to ensure that the Company complies with the measures set forth in this Policy. The Executive Board is, furthermore, responsible for implementing this Policy and may delegate its responsibilities. The Executive Board shall appoint an “anti-money laundering responsible person” at management level with the responsibility to ensure that the Company complies with the legal requirements. The company is organised in separate departments (The Business Units), who, as the first line of defence, are accountable for the risks related to financial crime. Business Units as well as Senior Management can delegate tasks related to the mitigation of financial crime risks to Company Operations or other first line departments. However, delegating will not change the risk ownership and accountability for Business Units but will merely imply a new responsible unit for conducting the delegated process. The Company’s compliance, as the second line of defence, is responsible for the monitoring, assessment, guidance and reporting of money laundering, terrorist financing and financial sanctions risks. Internal Audit – as the third line of defence – is responsible for carrying out independent testing of the Company’s policies, procedures and controls.
Risk tolerance
The Company does not tolerate any breach of the requirements set forth in this Policy. The Company does not accept any business relationship with a designated person, group and entity subject to financial sanctions. In order to comply with financial sanctions regulations, the Company must be able to verify the identity of its customers.
The Company will take all relevant steps to reduce the provision of products and services to legal entities where the Company has a reason to suspect that the legal entity will use the Company’s products and/or services for financial crime.
Customer due diligence
The Company is a Business to Business provider (B2B) and as such it only offers its products and services to business clients. The Company’s goal of developing its knowledge of its customers so as to improve the value of advice it can offer is closely related to the due diligence obligations of the Company. In parallel to the verification of a customer’s identity, the Company applies a risk based approach towards the collection, registration, and monitoring of information in relation to the nature and intent of the customer relationship. The data gathering, which is conducted to meet the above-mentioned requirements, forms the baseline for transaction monitoring and constitutes a foundation in the Company’s IT-driven AML, CTF and financial sanctions risk assessment model.
For all new and existing clients, the Company requires to see original documentation or high resolution, legible copies of originals. The Company may also use third party providers who search external electronic databases as part of this diligence process. The Company shall apply a risk based approach towards due diligence through the risk scoring with reference to a customer’s geographic ties, chosen products and / or services, delivery channels and customer specific factors.
The Company undertakes significant effort to determine the ownership and the control structure of the legal entities it conducts business with. Therefore, the Company must identify and verify the identity of any natural persons who ultimately owns or controls the customer.
Screening of politically exposed persons
In order to ensure that all natural persons defined as politically exposed persons (“PEPs”) are identified and registered in the Company’s system as such, a PEP screening process is conducted when new clients are on-boarded. Furthermore, the customer database is screened for PEPs on an ongoing basis.
Enhanced Due Diligence and Ongoing Due Diligence
The Company performs enhanced due diligence and on-going due diligence measures proportionate with the risk profile of the customer. Any customers that are deemed as high risk will therefore either not be onboarded or will be subject to enhanced due diligence and annual on-going due diligence. Ongoing due diligence processes will be applied to all existing customers within a specific period that will determine by whether they are scored as medium or low.
The Company’s IT platform is designed and continuously adapted to ensure that robust internal controls of customer due diligence are maintained. This requires good process flows, strong data quality and, where possible, automatic ongoing due diligence between public registries and the Company’s IT systems in relation to customer data. Data quality shall be measured and reported as a key performance indicator. Customer onboarding and subsequent actions will are limited until customer ID validation checks have taken place.
Transaction monitoring
The Company applies a risk based approach to transaction monitoring which includes automated as well as manual processes. Transaction monitoring is conducted in order to evaluate whether the activities of the customer (the use of their products and/or services and/or their general behaviour) is consistent with the obtained information on the purpose and intended nature of the business relationship. As part of its transaction monitoring, the Company further investigates activities that are deemed to be “unusual” with regard to the stated position of the customer. The manual transaction monitoring – investigating and reporting of the unusual activity to the designated Money Laundering Reporting Officer (MLRO) – is achieved through training and awareness campaigns. The MLRO is responsible for assessing whether the described activities in the “unusual activity report” are genuinely suspicious and warrant the filing of a “suspicious activity report” to the local Financial Intelligence Unit.
Tipping off
The Company will report to the National Crime Agency or the local Financial Intelligence Unit or other relevant authorities any suspicion or knowledge regarding money laundering or the proceeds of crime. The Company is not permitted or required to notify its clients of the fact that such reports have been made.
Confidentiality
The Company’s legal obligation and duty to report to the relevant authorities may take priority over any duty to keep client information and the detail of any transactions confidential.
Source of funds
The Company is required to know the source of funds involved in the transactions the Company is undertaking. The Company also will always enquire about the source of funds from all its clients. The Company will accept no responsibility for any transactions being delayed while this information is awaited.
Customer screening
The customer screening solution ensures that the customers registered in the Company’s IT systems, namely legal entities and their beneficial owners, are screened against the relevant sanctions lists of designated persons, groups and entities. Persons, groups and/or entities designated by the UN and EU shall be highlighted and may be subject to reporting to appropriate authorities. The Company will, terminate or limit the services offered to natural persons and legal entities designated by OFAC as Specially Designated Nationals.
Retention and record keeping
For the purpose of preventing, detecting and investigating unusual and suspicious transactions, the Company keeps electronic records of all transactions and due diligence measures carried out in accordance with this Policy. Records must be kept in a manner making information and documents available to all employees having appropriate access to the customer in question (within the Company’s existing IT solution). Documentation is kept during the lifetime of the customer’s relationship with the Company and at least five years after termination of the customer relationship or after the date of an occasional transaction. The data held is GDPR compliant.
Training and awareness
The Company requires that all employees possess an adequate awareness level of the risks of financial crime. As such, the Company will make sure that all employees have a suitable degree of awareness, i.e. when staff encounter something unusual relating to a customer’s behaviour in their daily work, they must consider whether the unusual behaviour may be related to ML, TF and/or sanction evasion.
7. Review
This Policy must be reviewed by the Company at least annually. Any changes to the Policy must be endorsed by the Executive Board, the Audit Committee and approved by the Board of Directors.
