Anti-money laundering and countering the financing of terrorism policy

Last Updated: 21 July 2023

General Provisions

IOOI Sp. z O.O. (trading as “Inqud”) (hereinafter – “IOOI Sp. z O.O.”, the “Company”, “we” or “Inqud”) is a private company limited by shares, incorporated under the Laws of the Republic of Poland under a registration number 525273421, having its registered address at Gęsia 8/205, 31-535 Kraków, Polska.

It is registered with the Lithuanian Register of Legal Entities to carry out the activities of a virtual currency exchange operator and (or) as a depository virtual currency wallet operator and is regulated by the Lithuanian  Financial Crime Investigation  Service in accordance with the current Lithuanian legislation, namely Law on the Prevention of Money Laundering and Terrorist Financing.  

The principal objective of this policy is to outline IOOI Sp. z O.O.’s internal guidelines in relation to the prevention of money laundering and terrorist financing and external reporting obligations within the regulatory framework and legislation of the Republic of Lithuania and EU which also include, inter alia, Law on the Implementation of Economic and other International Sanctions of the Republic of Lithuania, applicable resolutions of the Government of the Republic of Lithuania and instructions by the Central Bank of Lithuania in relation to AML/ CFT, the guidance notes of the Lithuanian Financial Crime Investigation Unit, the UN sanctions lists and resolutions, FATF recommendations, the Basel Committee recommendations, and Wolfsberg AML principles. 

By adopting AML/CFT Policy IOOI Sp. z O.O. aims to ensure comprehensive customer due diligence, record keeping and information sharing, prompt identification, and reporting of suspicious transactions, extensive employee training, promotion of cooperation with law enforcement authorities, and securing compliance with internal policies and procedures. This AML/CFT policy is subject to annual reviews and approval by the senior management based on the recommendations of the Money Laundering Reporting Officer who sets out and implements internal risk-assessment policies, in order to guarantee full compliance with applicable legislation in force.

This AML/CFT Policy applies to all the employees of the Company and regular employee trainings in AML/CFT are to be conducted by the MLRO.

IOOI Sp. z O.O. may provide servicesof a virtual currency exchange operator and/or a depositary virtual currency wallet operator  which are offered through its online platform (the website) (hereinafter referred as “Services”) operated by the IOOI Sp. z O.O. 

1. Definitions

  1. Beneficial Owner” refers to an individual who meets the following criteria:

The individual who ultimately owns or controls the customer and/or the person on whose behalf a transaction or activity is being carried out.

(ii) In the case of a legal entity, the individual who ultimately owns or manages the entity through direct or indirect ownership of a significant percentage of shares, voting rights, or ownership interest in that entity. This includes ownership through bearer shareholdings or control through other means. Direct ownership refers to a situation where a natural person holds 25 (twenty-five) percent or more of the shares or ownership interest in a company, while indirect ownership refers to a situation where a company controlled by a natural person holds 25 (twenty-five) percent or more of the shares or ownership interest in a company.

(iii) In the case of a trust, civil law partnership, community, or legal arrangement, the beneficial owner is the individual who ultimately controls the association through direct or indirect ownership or by other means. The beneficial owner can be the settlor or the person who transferred the property to the asset pool, the trustee, the manager, the possessor of the property, the person responsible for overseeing and controlling the preservation of the property (if appointed), or the beneficiary. If the beneficiary or beneficiaries have yet to be determined, the beneficial owner refers to the class of individuals for whom the association is primarily established or operates.

1.2. The term "Business Relationship" refers to a connection or association between the customer and the Company that can be characterized as a business, professional, or commercial relationship. This relationship is established either through the signing of a long-term agreement for the provision of a service in economic or professional activities, or it may not be based on a long-term agreement but still involves a certain expected duration at the time the agreement or professional activities are established, while the service is being provided.

1.3. “Customer” refers to an individual or legal entity that utilizes, has previously utilized, or has expressed an intention to utilize the services offered by the Company.

1.4. “Customer Due Diligence” and/or “CDD” encompasses a series of checks performed to verify the identities of customers and evaluate their risk profiles.

1.5. “Employee” and/or “Employees” pertains to the personnel of the Company and any other individual who participates in the implementation of the AML/CFT Policy.

1.6. “FCIS” shall mean the Financial Crime Investigation Service of the Republic of Lithuania.

1.7 “International Sanctions” and/or “Sanctions” shall mean the list of non-military measures that include:

  1. international sanctions which are imposed with regard to a state, territory, territorial unit, regime, organization, association, group, or person by a resolution of the United Nations Security Council, a decision of the Council of the European Union, or any other legislation imposing obligations on the Republic of Lithuania; and 

  2. sanctions of the Government of the Republic of Lithuania which is a tool of foreign policy which may be imposed in addition to the objectives specified in clause 1.3. (i) in order to protect the security or interests of the Republic of Lithuania

1.8. “MLRO” shall mean the Money Laundering and Reporting Officer, who is appointed to the Company as a person responsible for receiving internal disclosures and making reports to the FCIS and other duties as prescribed by applicable legislation. 

1.9. “Manager” shall mean the senior managing employee of the Company, with the title of the Director or Chief Executive Officer, and who manages the day-to-day business operation of the company and other respective obligations and duties.

1.10. “Money Laundering” and/or “ML” shall mean a set of activities with the property derived from criminal activity or property obtained instead of such property with the purpose to:

  1. conceal or disguise the true nature, origin, source, location, disposition, movement, right of ownership, or other rights related to such property;

  2. convert, transfer, acquire, possess or use such property for the purpose of concealing or disguising the illicit origin of the property or of assisting a person who is involved in the commission of such criminal activity to evade the legal consequences of his or her action; and 

  3. participation in, association to commit, attempts to commit, and aiding, abetting, facilitating, and counseling the commission of any of the actions referred to in subsections 1.10 (i) and 1.10 (ii).

1.11. “Politically Exposed Person” and/or “PEP” shall mean a natural person who performs or has performed prominent public functions and regarding whom related risks remain.

1.12. “Policy” and/or “Policies” shall mean this AML/CFT Policy and all related internal guidelines, and instructions connected to this document.

1.13. “Suspicious Transaction Report” and/or “STR” shall mean the report that must be submitted to FCIS by IOOI Sp. z O.O. if there are reasonable grounds to suspect that such a transaction that occurs or is attempted is related to the commission or the attempted commission of an ML/TF offense. 

1.14. “Terrorist Financing” and “TF” shall mean any act that constitutes an offense within the meaning of Article 2 of the International Convention for the Suppression of the Financing of Terrorism of 9 December 1999.

1.15. “Transaction” shall mean cash flow or payment order or virtual currency wiring from the Customer to the Company.

1.16. “Virtual Currencies” shall mean an instrument with a digital value but which has no legal status as a currency or money, which is not authorized or misled by the central bank or other public authority, and which is not necessarily linked to the currency, but which is recognized by natural or legal persons as a means of exchange and which may be transferred, stored, sold, exchanged, invested and used for settlements by electronic means.

1.16. “Virtual Currency Address” refers to an address or account generated through a combination of letters, numbers, and/or symbols within the blockchain. This address is utilized by the blockchain to allocate virtual currency to its owner or recipient.

2. Money Laundering and Reporting Officer

2.1. MLRO, appointed by the Company, assumes responsibilities in risk management and compliance functions, including:

  1. Developing and regularly updating the Company's Policies in accordance with relevant laws and legislative changes pertaining to Money Laundering, Terrorist Financing, and International Sanctions.

  2. Acting as a senior employee, as defined by the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, to organize the implementation of AML/CFT measures and the enforcement of international sanctions outlined in the Policy and applicable legal regulations governing AML/CFT and International Sanctions

  3. Continuously monitoring and verifying compliance of the Company's Policy with relevant laws, as well as ensuring conformity of activities and related internal regulations with external laws and regulations.

  4. Providing guidance and support to the Company's Employees for the effective implementation of rules pertaining to Money Laundering, Terrorist Financing, and this Policy

  5. Informing and training Employees about the Policy, measures, and mechanisms for preventing Money Laundering and Terrorist Financing

  6. Registering and investigating notifications regarding questionable Customer activities and determining whether such activities can be justified or raise suspicion

  7. Collaborating and communicating with the FCIS (Financial Crime Investigation Service) and timely reporting events suspected of Money Laundering or Terrorist Financing, as well as responding to inquiries from the FCIS.

  8. Reviewing and assessing whether the Company's internal policies and AML/CFT mechanisms effectively prevent the use of the Company for Money Laundering and/or Terrorist Financing.

  9. Managing the collection and analysis of information concerning unusual transactions, transactions, or circumstances suspected of Money Laundering or Terrorist Financing that have surfaced within the Company's operations.

  10. Developing and maintaining an ML/TF (Money Laundering/Terrorist Financing) risk assessment for the entire business and individual risk assessments.

  11. Identifying areas where AML/CFT and International Sanctions controls should be implemented or enhanced and making appropriate recommendations for improvements.

  12. Providing the Manager with information on the level of exposure to ML/TF and International Sanctions risks, along with measures taken or recommended to mitigate and effectively manage these risks.

  13. Notifying the Manager if the allocated human and technical resources for AML/CFT and International Sanctions compliance are insufficient and require reinforcement.

  14. Submitting reports to the Manager regarding the fulfillment of assigned duties.

  15. Informing the Manager of any significant AML/CFT, International Sanctions issues, breaches, and recommending actions to rectify them.

  16. Acting as a senior manager, as defined by the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania, providing approval for establishing or continuing business relationships with Politically Exposed Persons (PEPs), correspondent relationships, and other high-risk customers.

  17. (xvii)Receiving necessary data and information to fulfill the duties of the Money Laundering Reporting Officer.

  18. (xviii)Making proposals to the Company concerning the process of submitting notifications for suspicious and unusual transactions.

  19. issuing demands to a structural unit of the Company to rectify identified deficiencies in the implementation of the Policy, International Sanctions requirements, and other related AML/CFT measures within a reasonable timeframe.

  20. Performing any other duties and obligations related to compliance with applicable acts regulating AML/CFT and the Policy.

3. Customer Due Diligence

3.1. Customer Due Diligence allows financial institutions and other obliged entities to evaluate information received as part of an onboarding process or during the course of a business relationship with an existing customer, either an individual or a legal entity. A risk-based approach is applied throughout this process, depending on the risk scoring of the client and additional information may be requested as part of  ongoing monitoring efforts. The CDD measures consist of 3 levels, depending on the risk profile of the customer:

  1. Simplified Due Diligence (hereinafter “SDD”);

  2. Standard Due Diligence (hereinafter “StDD”); and 

  3. Enhanced Due Diligence (hereinafter “EDD”);

3.2. Simplified Due Diligence

3.2.1. Measures for Simplified Due Diligence (SDD) are implemented when the Customer's risk profile indicates a low level of risk for Money Laundering/Terrorist Financing (ML/TF) and if:

  1. The Customer is listed on a regulated market that adheres to disclosure requirements consistent with European Union law;

  2. The Customer is a legal entity governed by public law established in the Republic of Lithuania, specifically the Bank of Lithuania;

  3. The Customer is a governmental authority or another authority performing public functions in the Republic of Lithuania or a contracting state of the European Economic Area;

  4. The Customer is an authority of the European Union;

  5. The Customer is a credit institution or a financial institution, operating on its own behalf, located in a contracting state of the European Economic Area or in a third country. In the country where it operates, it is subject to comparable requirements and is supervised by the relevant state authorities.

3.3. Standard Due Diligence

3.3.1. StDD measures are applied to all Customers according to the Policy. The following StDD measures should be applied:

  1. Identification of the Customer and verification of the provided information based on on reliable and independent source;

  2. Identification and verification of a representative of the Customer and their authorization to act on behalf of the Customer;

  3. Identification of the Beneficial Owner and, for the purpose of verifying their identity, taking measures to ensure that the Company knows who the Beneficial Owner is and understands the ownership and control structure of the Customer;

  4. Understanding the Business Relationship or Transaction and, if relevant, gathering information related to it;

  5. Gathering information on whether the Customer is a Politically Exposed Person (PEP), their family member, or a known close associate; and

  6. Monitoring the Business Relationship.

3.3.2. The specified StDD measures must be applied before establishing the Business Relationship or conducting a Transaction.

3.4. Enhanced Due Diligence

3.4.1. Enhanced Due Diligence (EDD) measures are implemented to manage and mitigate the established risk of Money Laundering and Terrorist Financing when the risk level of the Customer and/or Transaction is high.

3.4.2. EDD measures are applied to both the Customer and the Beneficial Owner, when:

  1. There is a Transaction or Business Relationship with a a Politically Exposed Person (PEP);

  2. The Transaction and/or Business Relationship are conducted with the Customer established/residing in a high-risk third country identified by European Commission;

  3. The Transaction and/or Business Relationship are conducted with a Customer established/residing in a high-risk third country that does not fully comply with combating Money Laundering and/or Terrorist Financing, according to the Financial Action Task Force (FATF);

  4. The risk profile of the Customer indicates a high-risk level of Money Laundering and/or Terrorist Financing;

  5. Cross-border correspondent relationships are established with a Customer who is a financial institution in a third country.

3.4.3. During the application of EDD measures the Company considers the following aspects:

  1. Customer risk factors, including unusual conduct, residency in a third country, legal persons or entities acting as personal asset-holding vehicles, nominee shareholders, bearer shares, cash-intensive business, and complex ownership structures.

  2. Product, service, Transaction, or delivery channel risk factors, such as private banking, products or transactions favoring anonymity, payments received from unknown or non-associated third parties, new products and business practices, and transactions involving high-risk goods or materials.

  3. Geographical risk factors, including countries lacking anti-money laundering and/or counter-terrorism financing legislation, countries with significant levels of corruption or criminal activity, countries subject to International Sanctions or embargoes, and countries supporting or hosting designated terrorist organizations.

3.5. Customer Identification within the CDD

3.5.1. Customer Due Diligence (CDD) encompasses the process of identifying the Customer before establishing a Business Relationship through the Company's service platform. This includes identifying:

  1. The Customer, whether an individual or legal entity.

  2. The representative of the Customer, an authorized individual acting on behalf of the Customer.

  3. The Beneficial Owner of the Customer.

  4. PEPs, if the Customer or a connected person is a Politically Exposed Person.

3.5.2. The Company must identify and verify the identity of the Customer:

  1. Prior to establishing a Business Relationship with the Customer.

  2. Before conducting Virtual Currency Transactions with funds equal to or exceeding EUR 700 or equivalent in fiat currencies or Virtual Currencies, or before depositing or withdrawing an amount equal to or exceeding EUR 700 or equivalent in fiat currencies or Virtual Currencies into/from a Virtual Currency wallet. This applies to single or multiple interrelated Transactions unless the Customer and Beneficial Owner have already been identified.

  3. Before conducting multiple Virtual Currency Transactions in Virtual Currencies with funds equal to or exceeding EUR 700 or equivalent in fiat currencies or Virtual Currencies per day, or multiple Virtual Currency deposit or withdrawal operations per day with an amount equal to or greater than EUR 700 or equivalent in fiat currencies or Virtual Currencies.

3.6. Identification of the Customer – Natural Person

3.6.1. The Company is responsible for identifying Customers who are natural persons and retaining the following data:

  1. Full Name(s) and Surname(s)

  2. Identity document number and type

  3. Date of Birth

  4. Mobile phone number and email address

  5. Citizenship

  6. Residency and Residential address

  7. Photograph and signature

3.6.2. The Company may use the following documents for identification purposes:

  1. Identity document issued by the Republic of Lithuania;

  2. Identity document issued by a foreign state;

  3. A residence permit in the Republic of Lithuania;

Driving license issued in a state of the European Economic Area in accordance with the requirements specified in Annex I to Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licenses (recast);

3.7. Identification of the Customer – Legal Entity

3.7.1. The Company must gather the following information and documents for identification purposes:

  1. Business name of the Customer;

  2. Legal form of the Customer;

  3. Registration number, if issued;

  4. Date of registration;

  5. Tax number;

  6. Website;

  7. Customer’s email address;

  8. Name(s) and surname(s), personal number, date of birth, citizenship and residency of beneficial owners, shareholder(s), director(s) or member(s) of another equivalent body, and their authorities in representing the Customer;

  9. Extract of registration and its date of issuance;

  10. Registered office (address) and factual address where business operations are conducted; 

  11. Registry card of the relevant register (issued within the last 6 months); or

  12. Registration certificate of the relevant register (issued within the last 6 months); or

  13. Document equivalent with the aforementioned documents or relevant documents of the establishment of the Customer.

3.7.2. If the shareholder of the Customer is a legal entity, the Company must obtain the following information and documents for identification purposes::

  1. Business name of the Beneficial Owner;

  2. Legal form of the Beneficial Owner;

  3. Registration number, if issued;

  4. Registered office (address) and factual address;

  5. Percentage of ownership of the Customer.

3.7.3. For identification purposes of the Customer's Beneficial Owners, the Company requires the following information and documents:

  1. Name(s) and Surname(s);

  2. Identity document and type;

  3. Date of Birth;

  4. Citizenship;

  5. Residency and Residential address; 

  6. Percentage of ownership of the Customer.

3.7.4. If the Customer's representative is a natural person, the Company must obtain the following information and documents for identification purposes:

  1. Name(s) and Surname(s);

  2. Number of the identity document and its type;

  3. Mobile phone number;

  4. Email;

  5. Citizenship;

  6. Residency and Residential address; 

  7. Photograph and signature;

  8. Date of birth;

  9. Capacity (Title) within the Customer’s business;

  10. Document according to which such capacity has been granted (Power of Attorney, Articles of Association, other relevant documents).

3.8. An identity document may only be accepted and used for Customer identification if it meets the following requirements:

  1. The document is issued by a competent authority and all necessary data is accurately entered;

  2. The document is not expired;

  3. The document is in usable condition, allowing for the identification of its contents, verification of the holder's identity, and the correctness of the information provided;

  4. The document is complete and undamaged. If any numbers or characters are illegible, the document is considered spoiled;

  5. The document, including its photograph (in the case of electronic identification), visually appears to meet the typical requirements for documents of that type, with no visible signs of falsification or tampering with its security features.

3.9. The Company is responsible for:

  1. Verifying the consistency and integrity of the data obtained from various sources, ensuring that the Customer's name, personal identification code (or, if unavailable, the date and place of birth and residential address) match each other; and when the Customer provides a photo of an identity document for identification purposes:

  2. Confirming that the identity document complies with the requirements outlined in clause 3.8.

  3. Comparing the photograph on the document with the visual recording of the User, assessing their physical likeness and age.

  4. Requesting additional data and documents from the Customer if necessary.

  5. During the identification process, being attentive to any unusual or suspicious circumstances and promptly reporting them to the FCIS.

4. Risk-Based Approach 

4.1. The Company shall adopt a risk-based approach that will help to to evaluate the potential risks of Money Laundering and Terrorist Financing in the Business Relationship with the Customer, the Customer's profile, and Transactions.

4.2. The Company shall assess the risk of ML and TF by categorizing Customers into the following groups:

  1. Normal risk: Customers with a normal risk level, exhibiting no high-risk characteristics; 

  2. High risk.

4.3. High-risk Customers will be characterized based on the following categories:

  1. Customer profile risk: 

  2. the legal person is a non-profit association, trust, civil law partnership or another contractual legal arrangement with insufficiently regulated activities and liability, making the financing legitimacy difficult to verify.

  3. the representative or the Beneficial Owner of a legal person is a PEP their family member or close associate;

  4. Country-based risk and/or geographical area risk:

  5. the Customer is located in a country, listed in the high-risk countries list;

  6. the Customer registered outside the European Economic Area, who is operating outside its registered location;

  7. the Customer operates or is registered in a low tax rate country or the legal person's owners or Beneficial Owners, or the business territory is situated in a country listed in the high-risk countries list.;

  8. Product or service risk and/or operational risk:

  9. The Customer's activity is associated with enhanced Money Laundering risk.

  10. The Customer is suspected of being involved in financial offenses or other suspicious activities.

  11. The Transaction requested by the Customer, or the nature of the Transaction, does not align with the Customer's typical economic activities.

5. Reporting

5.1. The Company shall promptly, within 1 (one) working day of becoming aware or suspicious of such activity, submit a Suspicious Transaction Report (STR) to the FCIS under the following circumstances:

  1. The Company identifies a Customer engaging in a suspicious transaction;

  2. The Company has knowledge or suspicion that assets, of any value, have been obtained, directly or indirectly, from criminal activities or involvement in such activities; and/or

  3. The Company knows or suspects that such assets are being used to support terrorists or a terrorist organization.

5.2. In the event described in clause 5.1, the Company must suspend the Business Relationship or Transaction and notify the FCIS within 3 (three) working hours of the suspension.

5.3. If, due to the nature of the Transaction, the manner in which it is performed, or other circumstances, the Transaction cannot be immediately suspended, the FCIS must be notified no later than 3 (three) working hours after its identification. Immediate reporting is also required if Company Employees receive information that the Customer intends or is attempting to execute a suspicious Transaction.

5.4. The Company must unilaterally suspend a suspicious Transaction, and upon receiving a written order from the FCIS, suspend any suspicious Transaction performed by the Customer for a period of up to 10 (ten) working days from the specified time or circumstances in the order. During this period, the Company may resume the suspended Transaction/operation only with the permission of the FCIS.

5.5. If the Company is not required to execute the temporary restriction of ownership rights within 10 (ten) working days after receiving the notification or FCIS order, the operation or Transaction shall be resumed.

5.6.The notification of suspicious operations or Transactions to the FCIS must be submitted by logging into the FCIS information system and completing the approved electronic form for providing information on suspicious operations or Transactions.

5.7. Only in exceptional cases, if the Company cannot access the FCIS information system and complete the information submission form, or due to other technical reasons, it may also submit the information to the FCIS by phone, fax, or email in emergency situations.

5.8. The STR form must include:

  1. Customer identity information, and for natural persons – full name, date of birth, personal code; for legal entities – name, legal form of the legal entity, registered address, legal code (if applicable);

  2. Criteria approved by the FCIS to recognize the operation or Transaction as suspicious;

  3. Method of performing a suspicious operation or Transaction;

  4. Date of the suspicious operation or Transaction, description of the property involved, and its value;

  5. Deposit wallet management methods;

  6. Customer contact information, and for natural persons – phone numbers, email addresses, contact persons; for legal entities – relevant contact details

  7. Beneficiary details in whose favor a suspicious operation or Transaction is performed, and for natural persons – full name, date of birth, personal code; for legal entities – name, legal form of the legal entity, registered address, legal code (if applicable)

  8. Date and time of suspension of the suspicious operation or Transaction;

  9. Reasons for not suspending the suspicious operation or Transaction if applicable;

  10. Any other relevant information that the Company deems necessary. 

5.9. The Company must report to the FCIS Customer identification data and information on executed Virtual Currencies exchange operations or Transactions in Virtual Currencies when the value of such operations or Transactions equals or exceeds EUR 15,000 in fiat currencies or Virtual Currencies, regardless of whether the Transaction is carried out in one or several related Transactions.

5.10. Multiple related Transactions refer to multiple Virtual Currencies exchange operations or Transactions in Virtual Currencies during the day, where the total amount of operations and Transactions equals or exceeds EUR 15,000 or the equivalent in fiat currencies or Virtual Currencies.

5.11. Notifications of operations or Transactions of EUR 15,000 or more must be submitted to the FCIS without delay and no later than 7 (seven) working days after the date of execution of the monetary operation or Transaction.

6. Monitoring 

6.1. The Company shall conduct ongoing monitoring of its Business Relationships through two ways:

  1. Ongoing Customer Due Diligence (CDD), which involves:

  2. Regularly reviewing documents, data, and information related to Customers to ensure compliance with AML/CTF requirements and verify their accuracy and relevance.

  3. Periodically updating and adjusting the risk profiles of Customers based on received and updated documents, data, and information.

  4. Transaction Monitoring, which includes: 

  5. Scrutinizing transactions conducted by customers to ensure consistency with the Company's knowledge of the Customer, their business, risk profile, and the source of funds.

  6. Identifying complex, unusually large, or unusual pattern transactions that lack an apparent economic or lawful purpose. Examining the background and purpose of such transactions and documenting the findings.

6.2. Ongoing CDD.

6.2.1. The Company must regularly review existing CDD records of customers and conduct reviews upon trigger events to ensure that the obtained documents, data, and information remain up-to-date and relevant. Clear policies and procedures should be established, outlining the frequency of periodic reviews and what qualifies as a trigger event.

6.2.2. All customers presenting high Money Laundering and Terrorist Financing risks must undergo a minimum of semi-annual reviews, or more frequent reviews if deemed necessary by the Company, to ensure that CDD information is current and relevant.

6.3. Transaction monitoring

6.3.1. The Company shall implement and maintain adequate systems and processes to monitor transactions. The design, automation level, and sophistication of the monitoring systems and processes should be appropriately tailored, taking into account factors such as:

  1. The size and complexity of the Company's business;

  2. The ML/TF risks associated with its business;

  3. the nature of its existing systems and controls;

  4. the monitoring procedures already in place to meet other business needs; and

  5. the nature of the products and services offered.

6.3.2. To identify suspicious or unusual transactions and ascertain the purpose and actual substance of a transaction, the Company shall take the following steps:

  1. Request additional information about the Customer's professional or economic activities, if necessary;

  2. Seek explanations from the Customer regarding the reasons for the transaction and, if needed, documents to evidence the origin of assets and/or the source of wealth;

  3. Exercise particular vigilance over transactions linked to natural or legal persons from countries where obtaining information about the Customer is challenging and transactions with persons originating from states with inadequate measures to prevent Money Laundering.

7. Record keeping

7.1. The Company is required to maintain records concerning its Customers and their Transactions to ensure high-quality services and provide comprehensive and timely responses to inquiries from the FCIS. Additionally, these records will assist other supervisory authorities and courts in any judicial proceedings or investigations as required by applicable legislation.

7.2. The Company shall retain the following information obtained from Customers:

  1. Data collected during the Customer Due Diligence (CDD) process;

  2. Copies of official identification documents of the Customer, identity data of Beneficial Owners, direct video streaming/direct video broadcasting recordings, and other information obtained during the Customer identity verification and Business Relationship establishment;

  3. Comprehensive records of Transactions to enable accurate reconstruction of individual Transactions from both the sender and receiver's perspectives;

  4. Records of Customers with terminated Transactions or Business Relationships due to the Customer's refusal to provide additional information in accordance with Money Laundering and/or Terrorist Financing prevention procedures;

  5. Records of unusual Transactions and Transactions with atypical patterns, along with the results of any relevant investigations;

  6. Business correspondence with the Customer; and

  7. Virtual currency addresses of the Transaction's recipient and receiver.

7.3. The Company shall keep the information outlined in clause 7.2.(i), (ii), (iii), and (vii) updated and stored for a minimum of 8 (eight) years from the date of concluding the Transaction and/or Business Relationship with the Customer or the date of termination of the Transaction and/or Business Relationship.

7.4. The information specified in clause 7.2.(iv), (v), and (vi) shall be updated and stored for a minimum of 5 (five) years from the date of concluding the Transaction and/or Business Relationship with the Customer or the date of termination of the Transaction and/or Business Relationship.

8. International Sanctions

8.1. The Company shall diligently employ all applicable mechanisms and restrictive measures to effectively adhere to International Sanctions. Accordingly, the Company shall:

  1. Establish procedures to identify subjects of International Sanctions and/or transactions that violate such Sanctions; and

  2. Take necessary actions upon identifying subjects of International Sanctions and/or transactions that breach such Sanctions.

8.2. To ensure continuous compliance with this Policy, prevent violations of International Sanctions, and effectively implement them, Employees shall:

  1. Conduct measures to control and verify new Customers to determine whether they are subjects of International Sanctions;

  2. Engage in ongoing monitoring and control of existing Customers' activities and relevant information indicating the possibility of their involvement in International Sanctions;

  3. Immediately inform the MLRO in case of suspicion or evidence of the Customer's breach of International Sanctions;

  4. Cooperate with the MLRO by providing additional information about the Customer when requested, while investigating suspicions or breaches of International Sanctions; and

  5. Refrain from executing transactions and terminate transactions or Business Relationships with new or existing Customers if they refuse to provide additional information upon request and within specified time limits.

8.3. To ensure continual compliance with this Policy, prevent violations of International Sanctions, and effectively implement them, the MLRO shall:

  1. Assist and, if necessary, request additional information about the Customer upon receiving notifications from Employees to identify if the Customer is subject to International Sanctions;

  2. Notify the FCIS when there is suspicion or evidence that the Customer is subject to International Sanctions;

  3. Monitor sources such as the FCIS website, databases, acts, amendments, decrees, ordinances, codes, regulations, and recommendations for any changes related to the imposition and/or implementation of International Sanctions;

  4. Maintain an updated list of subjects under International Sanctions and provide this information to Employees for timely identification of such subjects;

  5. Promptly record and subsequently report if the Customer refuses or evades providing additional information upon request and within specified time limits;

  6. Organize and conduct regular training for Employees to inform them about new measures or mechanisms required to identify subjects of International Sanctions and/or transactions violating them;

  7. Keep records of conducted checks, notifications submitted to the FCIS regarding suspicions or breaches of International Sanctions, and measures imposed on such Customers;

  8. Review, update, and oversee compliance with the rules of this Policy concerning the implementation of International Sanctions;

  9. Check immediately upon the entry into force, amendment, repeal, or expiry of an act related to the imposition or implementation of International Sanctions whether any Customers are subject to such Sanctions;

  10. If an act on the imposition or implementation of International Sanctions is repealed, expires, or amended in a way that completely or partially terminates the implementation of International Sanctions against a subject, cease the relevant measures as specified in the act on the imposition or application of International Sanctions.

9. Training

9.1. One of the major internal controls over the prevention and detection of Money Laundering and Terrorist Financing is to have Employees who understand these risks. The Company shall ensure that its Employees, who perform actions for preventing the use of the Company's business activity for Money Laundering and Terrorist Financing have the relevant qualifications for these actions. 

9.2 When an Employee is recruited or engaged, the Employee’s qualifications are checked as part of the recruitment/appointment process by carrying out background checks, which are documented using a special standard form assessing Employee suitability. 

9.3. The Company shall provide adequate training for Employees to:

  1. ensure adequate implementation of Company’s AML/CFT systems and/or rules; and

  2. ensure effective identification of activities and/or transactions that are related to Money Laundering and the Financing of Terrorism.  

9.4. The scope and frequency of training are tailored to the specific risks faced by the Company and pitched according to the Employees' job functions, responsibilities, and experience. New Employees should be obliged to attend initial training as soon as possible after being hired or appointed. Apart from the initial training, the Company should also provide refresher training regularly to ensure that its Employees are reminded of their responsibilities and are kept informed of new developments related to Money Laundering and Terrorist Financing.

9.5. Employees should be made aware of:

  1. the Company’s and their statutory obligations and the possible consequences for failure to comply with customer due diligence and record-keeping requirements under the Policy and other rules and obligations;

  2. the Company’s policies and procedures relating to AML/CFT, including suspicious transaction identification and reporting; 

  3. any new and emerging techniques, methods, and trends in Money Laundering and/or Terrorist Financing to the extent that such information is needed by the Employees to carry out their particular roles in the Company concerning AML/CFT.

9.6. The Company may use a mix of training techniques and tools in delivering training, depending on the available resources and learning needs of Employees. These techniques and tools include, but are not limited to, online learning systems, focused classroom training, relevant videos, and paper- or intranet-based procedures manuals. The Company also uses FATF papers and typologies as part of the training materials. All the materials are up-to-date and in line with current requirements and standards.

9.7. MLRO shall prepare a training program on the methods of controlling financial operations, by the control procedure guide, and with other applicable effective legislation and regulations.

9.8. The Company shall implement steps to ensure that all Employees are aware of:

  1. the laws relating to Money Laundering and Terrorist Financing;

  2. the risks that Money Laundering and Terrorist Financing pose to the Company, its business, and the jurisdiction;

  3. how the Company’s products and services may be used as a vehicle to launder money or finance terrorism, and the Company’s procedures for dealing with these risks;

  4. the risks posed by high-risk customers;

  5. the Company’s policies and procedures for preventing Money Laundering and Terrorist Financing, and its risk assessment strategy;

  6. the identity and responsibilities of the MLRO; and

  7. the consequences for them and the Company if they fail to implement the Company’s procedures.

9.9. All Employees should be informed of their responsibilities and those of the Company at the commencement of their employment, and of the statutory obligations under which the Company operates and under which the Employees could be held personally liable for failing to comply with these requirements.

9.10. All Employees, whether permanent or temporary, should be made aware of the importance of the contents of their institution’s policy and procedures handbook, especially the customer due diligence requirements for preventing Money Laundering and Terrorist Financing. This includes the relevance of customer identification procedures, the need to obtain additional customer due diligence information, and the need to monitor customer activity(ies).

9.11. The Company should be committed to providing Employees with adequate training and awareness within the AML prevention training regime and to ensuring that the Employees are aware of their legal obligations and personal responsibilities in preventing Money Laundering and Terrorist Financing. The training should be given to enable the Employees to recognize a Transaction that is unusual or suspicious against the Customer’s profile. The training should also address terrorist funding and terrorist activity(ies) to ensure that the Employees can identify Customer Transactions or activity(ies) that might be related to terrorism.

9.12. The Company should provide ongoing training to all relevant Employees at regular intervals. The methods of training should vary depending on the perceived need. Training should be face-to-face seminars or workshops and through refresher computer-based learning. As Money Laundering risks differ depending on the particular nature of the product or service and the method of delivery, the training should be tailored to reflect the duties of the pertinent Employees.

9.13. The Company monitors and maintains records of who has been trained, when the staff received the training, the subject material, the type of training provided, and test results, if applicable, that Employees were required to complete. Records should be maintained for a minimum of 3 (three) years.

9.14. The Company monitors the effectiveness of the training, including, but not limited, through: 

  1. testing Employees’ understanding of the Company’s policies and procedures to combat Money Laundering and Terrorist Financing, the understanding of their statutory and regulatory obligations, and also their ability to recognize suspicious transactions;

  2. monitoring the compliance of Employees with the Company’s AML/CFT systems as well as the quality and quantity of internal reports so that further training needs may be identified and appropriate action can be taken; and

  3. monitoring attendance and following up with Employees who miss such training without reasonable cause.

  4. Final Provisions

  5. The MLRO, under the guidance of the FCIS, is responsible for implementing measures to prevent ML/TF.

  6. Senior management is required to ensure that the MLRO has unrestricted access to all necessary information to fulfill their responsibilities. This includes information related to customer identity, beneficial owner details, customer business relationships, cash operations, transactions, and other pertinent information.

  7. The Board of Directors of IOOI Sp. z O.O. conducts an annual review of the MLRO's activity report and risk mitigation proposals. Additionally, the Board is responsible for approving the AML/CFT policy on an annual basis. The Policy shall take effect from the date of its approval, unless stated otherwise. Any amendments or withdrawals to the Policy can only be made by a decision of the Board of Directors based on the results of the organization-wide ML/TF risk assessment carried out by the AML/CFT compliance officer. Such changes will come into effect on the day following their adoption, and all Company Employees will be promptly informed of these updates.

Don't miss out on the most important updates. Subscribe now!


by submitting this form, you confirm that you agree to the storing and processing of your personal data


Company name IOOI Sp. z O.O.

Address - Gęsia 8/205, 31-535 Kraków, Polska

License number -RDWW-853.

Don't miss out on the most important updates. Subscribe now!


by submitting this form, you confirm that you agree to the storing and processing of your personal data

© Inqud. 2024. All rights reserved.