AML/KYC Policy

AML PROCEDURE AND COMPLIANCE WITH INTERNATIONAL SANCTIONS

The following content is only an epitome from UPMarket's full AML policy that can be found at the end of this article and is established by the decision of the management board of Upmarkets OÜ (hereinafter Provider of Service). The whole content is compliance and supervised by the relevant authorities and international law. For detailed questions, feel free to contact our support at support@upmarkets.eu

1.General provisions

1.1. These rules of procedure for prevention of money laundering and terrorist financing, and compliance with international sanctions (hereinafter Rules) lay down requirements for screening the clients and transactions in order to prevent entering into deals involving suspected money laundering and terrorist financing, and to ensure identification and reporting of such.
1.2. The obligation to observe the rules rests with management board members and employees of the provider of service, including temporary staff, agents of the provider of service who initiate or establish business relationship (as defined in section 2.6) (hereinafter all together called the Representative). Every representative must confirm awareness of the rules with the signature.
1.3. The rules are primarily based on the regulations of Money Laundering and Terrorist Financing Prevention Act (hereinafter the Act) and International Sanctions Act (hereinafter ISA).

2. Definitions

2.1. Money laundering–– –– is a set of activities with the property derived from criminal activity or property obtained instead of such property with the purpose to:
• conceal or disguise the true nature of ownership or other rights related to such property;
• convert, transfer, acquire, possess or use such property for the purpose of concealing or disguising the illicit origin of a property
2.2. Terrorist financing – acts of financing of terrorism as defined in – 2373 of the Penal Code of Estonia.
2.3. International Sanctions – list of non-military measures that are aimed to maintain or restore peace,
prevent conflicts and restore international security, support and reinforce democracy, follow the rule of law.
2.4. Compliance Officer or CO – representative that is responsible for the effectiveness of the Rules, conducting compliance over the adherence to the Rules and serving as contact person of the FIU.
2.5. FIU - Financial Intelligence Unit of the Police and Border Guard Board of Estonia.
2.6. Business Relationship – a relationship of the provider of service established in its economic and professional activities with the client.
2.7. Transaction –payment order or cryptocurrency wiring from a client to the Provider of service and vice versa.
2.8. lient – a natural or legal person, who uses services of the provider of service.
2.9. Beneficial Owner – is a natural person, who is taking advantage of his influence, exercises control over a transaction, operation or another person and in whose interests or favour or on whose account a transaction or operation is performed
2.10 Provider of service – Upmarkets OÜ, registry code 14661260, address Päikese tn 6, Märja alevik, Tartu linn, 61406.
2.10. Management Board or MB – management board of the provider of service. Member of the MB, as appointed by relevant MB decision, is responsible for implementation of the rules.
2.11. Virtual currency (–cryptocurrency–) - a value represented in the digital form, which is digitally transferable, preservable or tradable and which persons accept as a payment instrument.

3. Description of activities of the Provider of service

3.1. The provider of service is the provider of a service of exchanging a cryptocurrency against cryptocurrency, a cryptocurrency against a fiat currency, and vice versa.
3.2. The provider of service is the provider of a cryptocurrency wallet service in the framework of which the provider of service encrypts the wallets of the clients and gives access through the provider of service–s platform. These keys can be used for the purpose of keeping and/or storing and/or transferring virtual currencies.

4. Compliance Officer

4.1. The MB shall appoint a CO whose principal tasks are to:
• monitor the compliance of the rules with the relevant laws and compliance of the activity of the representatives with the procedures established by the rules;
• compile and keep updated the data regarding countries with low tax risk, high and low risk of money laundering and terrorist financing and economical activities with great exposure to money laundering and terrorist financing;
• carry out training, instruct and update the representatives on matters pertaining to procedures for prevention of money laundering and terrorist financing;
• collect, process and analyse the data received from the representatives or Clients concerning suspicious and unusual activities;
• collaborate with and report to the FIU on events of suspected money laundering–– –or Terrorist financing, and respond to enquiries of the FIU;

5. Identification of a person

5.1. Upon implementing DD measures the following person shall be identified:
• Client – a natural or legal person;
• Representative of the client– an individual who is authorized to act on behalf of the Client;
• Beneficial owner of the client;
5.2. Upon establishing the relationship with the client and when carrying out a transaction, the provider of serviceshall identify and verify the client while being present at the same place as the client or by using information technology means.
5.3. For identification of a client and verification of the identity of a client by using information technology means, the provider of service shall use:
• a document issued by the Republic of Estonia for the purpose of digital identification;
• another electronic identification system within the meaning of the Regulation (EU) No 910/2014 of the European Parliament and of the Council. If the client is a foreign national, the identity document issued by the competent authority of the foreign country is also used simultaneously.
5.4. In case of identification of a client and verification of the identity of a client by using information technology means the provider of service shall additionally obtain data from a reliable and independent source, e.g. identity documents databases.–––
5.5. Identification of a client being a natural person and a representative of a client who is a legal person
• Upon establishing a Business Relationship,identification takes place, above all, during a face-to-face meeting or by using information technology means.
• Identity of a client being a natural person, or a representative of a client who is a
5.6. Identification of a client being a legal person
To identify a client who is a legal person, the representative shall take the following actions: • Check the information concerning a legal person by accessing the relevant electronic databases (e-commercial register/ e-äriregister and European Business Register);
• If it is not possible to obtain an original extract from the register or the respective data, request documents (extract from the relevant registry, certificate of registration or equivalent document) certified or authenticated by a notary public or authenticated officially for verification of the identity of the legal person, or use data obtained from other reliable and independent sources (including electronical identification) on condition that information is obtained from at least two different sources;
• Ask the representative of a foreign legal person to present an identity documents and a document evidencing of his/her power of attorney, which has been notarised or authenticated pursuant to an equal procedure and legalised or authenticated by a certificate substituting for legalisation (apostille), unless otherwise prescribed by an international agreement;
5.7. Documents that can be used for identification
5.7.1. In case of clients being natural persons and the representatives of Clients, the following documents can be used for identification:
• Personal ID card (whether ID card, e-resident card or residence permit card);
• Passport or diplomatic passport;
• Travel document issued in a foreign country;
• Driving licence (if it has name, facial image, signature and personal code or date of birth of holder on it).
5.7.2. In addition to an identity document, the representative of a client shall submit a document in the required format certifying the right of representation.
5.7.3. Legal person and its passive legal capacity shall be identified and verified on the basis of the following documents:
• in case of legal persons registered in Estonia and branches of foreign companies registered in Estonia, the identification shall be conducted on the basis of an extract of a registry card of commercial register;
• foreign legal persons shall be identified on the basis of an extract of the relevant register or a transcript of the registration certificate or an equal document, which has been issued by competent authority or body not earlier that six months before submission thereof.
5.8. If the client is a natural person, the following data shall be recorded:
• Name of the client;
• Personal identification code (in case of absence the date and place of birth and place of residence);
• Information regarding identification and verification of the right of representation. If the right of representation does not arise from law, name of the document used for establishing and verification of the right of representation, the date of issue and the name or name of the issuing party.
5.9. If the client is a legal person, the following data shall be recorded:
• Name of the client;
• Registry code (or registration number and registration date) of the client;
• Names and authorisations of members of the Management Board or the head of branch or the other relevant body;
• Telecommunications numbers.

6. Normal due diligence measures

6.1. The Provider of service shall conduct normal DD in the following cases:
• Upon establishing a new Business Relationship;
• If during one year the value of a single transaction exceeds EUR 15 000, regardless of whether the financial obligation is performed in one payment or in a series of related payments;
• In the event of insufficiency or suspected incorrectness of the documents or information gathered previously in the course of carrying out DD measures;
• Upon suspicion of money laundering or terrorist financing.
6.2. No new business relationship can be formed or transaction executed, if the Client, in spite of the respective request, has failed to present documents and appropriate information required to conduct DD, or if based on the presented documents, the representative suspects money laundering or terrorist financing.
6.3. The provider of service shall not enter into Business Relationships with anonymous clients.

7. Simplified due diligence measures

Simplified DD measures may be taken, if the client is:
• A company listed on a regulated market that is subject to disclosure requirements consistent with European Union law;
• a legal person governed by public law founded in Estonia;
• a governmental authority or another authority performing public functions in Estonia or a contracting state of the European Economic Area;
• an authority of the European Union;
• a credit institution or a financial institution, acting on behalf of itself, located in a contracting state of the European Economic Area or in a third country (see Exhibit 1), which in the country of location is subject to equal requirements and the performance of which is subject to state supervision.

8. Enhanced due diligence measures

8.1. Enhanced DD measures must be taken in cases where the risk level of the client or transaction is higher (e.g. European Union cross-border transactions, transactions where the client has no apparent need for it or link with the transaction etc.).
8.2. The representative shall apply enhanced DD measures in the following situations:
• when suspicion arises regarding truthfulness of the provided data and/or of authenticity of the identification documents regarding the client or its Beneficial Owners;
• the client is a Politically exposed person (excluding local subjects, if there are no relevant circumstances, leading to the higher risks);
• the client is from or the seat of a client being a legal person is located in a third country, which is included in the list of risk countries (see Exhibit 1);
• in case of unusually large transactions and unusual patterns of transactions, which have no apparent economic or lawful purpose;
• in case of companies that have nominee, shareholders or shares in bearer form;
• in a situation with higher risk of money laundering and terrorists financing as described in Sections 10.1 and 10.3.

9. Risk assessment

9.1. The representative will establish a risk profile of a client based on information gathered under the rules.
9.2. The provider of service applies the following risk categories:
• Normal risk (the risk level is normal, there are no high risk characteristics present);
• High risk, which is subcategorized as High risk I and High risk II.
9.3. Assessment of risk profile of natural persons
When establishing the risk category of a client being a natural person, the country of residence of the client, the beneficiaries of the transaction, the region where the client operates. If there are several characteristics of the category –High risk I– present, or if, in addition to the characteristics of –High risk I–, at least one of the –High risk II– characteristics is present, the client shall be determined to be falling into the category –High risk II–.
9.4. Assessment of risk profile of legal persons
• When establishing the risk category of a legal person, assessment shall be based on the country of location of the legal person, its area of activity, the transparency of ownership structure and the management.
• If there are several characteristics of the category –High risk I–, or if, in addition to the characteristics of –High risk I–, at least one of the –High risk II– characteristics is present, the Client shall be determined to be falling into the category –High risk II–.

10. Registration and storage of data

10.1. Registration of data of a client who is natural person
The following obtained data shall be recorded in the provider of service–s information system:
• Name, personal ID code or, in the absence of the latter, date of birth and the address of the person–s permanent place of residence and other places of residence;
• the name and number of the document used for identification and verification of the identity of the person, its date of issue and the name of the issuing authority;
• occupation, profession or area of activity – establish the area of activity (occupation) and the status of the person (trader, employee, student, pensioner);
• Citizenship and the country of tax residency;
• the origin of assets.
10.2. Registration of data of a client who is a legal person
The following information on the client being a legal person shall be recorded:
• Name, legal form, registry code, address, date of registration and activity locations;
• information concerning means of communication and contact person(s);
• names of the members of the management board or an equivalent governing body, and their powers to represent the client;
• information about the Beneficial Owners;
• Field(s) of activity (i.e. the NACE codes);
• name and number of the document used for identification and verification of the identity, its date of issue and the name of the issuing authority;
• country of tax residency of the legal person (VAT number);
• date of registration of the legal person in the Provider of service–s database; • purpose of the Business Relationship;
• origin of assets (normal business operations/other);
• expected Transactions with the client, the amount(s) and geographical region (EU, EEA/other). 10.3. Storage of Data
• The respective data is stored in a written format and/or in a format reproducible in writing and, if required, it shall be accessible by all appropriate staff of the Provider of service–
• Information regarding transactions reported to the FIU shall be stored by the CO and shall be accessible only to the MB.
• The originals or copies of the documents, which serve as the basis for identification a person, and of the documents serving as the basis for establishing a Business Relationship, shall be stored for at least five (5) years following the termination of the Business Relationship.

11. Reporting of Suspicious Transactions

11.1. Notification of the CO is done under any circumstances identified in the business relationship are unusual or suspicious or there are characteristics which point to money laundering, terrorist financing, or an attempt of the same the representative shall promptly notify the CO. The CO shall analyse and forward the respective information to the MB.
11.2. Notification of FIU is done with The CO making a notation –AML– behind the name of the client in the provider of service–s client database or on the documents, and notfiying the FIU of the transaction promptly, but not later than within 2 business days after discovering any activities or circumstances or arising of suspicion, using the respective web-form for notifying the FIU. Copies of the documents as set forth by guidelines of FIU or further requested by FIU shall be appended to the notice.
11.3. Termination of the business relationship with a client and cancelling a transaction in the event of suspected money laundering and terrorist financing Pursuant to law, the provider of service is obliged to extraordinarily and unilaterally terminate the business relationship and cancel all transactions with the client, without observing the advance notification period, if:
• The client fails to present upon identification or upon updating the previously gathered data or the taking of DD measures, true, full and accurate information, or
• The client or a person associated with the client does not present data and documents evidencing of the lawfulness of the economic activities of the client, or the legal origin of the funds used in the transaction, or
• The client uses fictitious persons to carry out the transaction, or
• the provider of service suspects for any other reasons that the client or the person associated with the client is involved in money laundering or terrorist financing, or
• the documents and data submitted by the client do not dispel the provider of service–s suspicions about the client–s possible links with money laundering or terrorist financing.

12. Implementation of International Sanctions

12.1. The Provider of service is required to implement International Sanctions in force.
12.2. Representatives shall draw special attention to all its clients (present and new), to the activities of the Clients and to the facts which refer to the possibility that the client is a subject to International Sanctions. Control and verification of possibly imposed International Sanctions shall be conducted by the representatives as part of DD measures applied to the clients in accordance with these rules.
12.3. The representatives who have doubts or who know that a client is subject to International Sanctions, shall immediately notify the CO. In case of doubt, if the CO finds it appropriate, the representative shall ask the client to provide additional information that may help to identify whether he/she is subject to International Sanctions or not.––
12.4. The CO shall be responsible for the implementation of International Sanctions.

13. Training

13.1. The Provider of service shall ensure that all representatives who have contacts with clients or matters involving money laundering–– –are provided with regular training and information about the nature of the money laundering and terrorist financing risks, as well as any new trends within the field. The CO shall arrange regular training concerning prevention of money laundering and terrorist financing to explain the respective requirements and obligations.
13.2. Training is provided regularly, at least once a year, to all representatives and other relevant designated staff of the provider of service. Training may be provided also using electronic means (conference calls, continuous e-mail updates provided confirmation on receipt and acceptance is returned and similar means).

14.Internal audit and amendment of the rules

14.1. Compliance with the rules shall be inspected at least once a year by the CO,
14.2. The report on the results of the inspection concerning the compliance with the measures for prevention of money laundering and terrorist financing shall set out the following information:
• time of the inspection;
• name and position of the person conducting the inspection;
• purpose and description of the inspection;
• analysis of the inspection results, or the conclusions drawn on the basis of the inspection. 14.3. If the inspection reveals any deficiencies in the rules or their implementation, the report shall set out the measures to be applied to remedy the deficiencies, as well as the respective time schedule and the time of a follow-up inspection.
14.4. If a follow-up inspection is carried out, the results of the follow-up inspection shall be added to the inspection report, which shall state the list of measures to remedy any deficiencies discovered in the course of the follow-up inspection, and the time actually spent on remedying the same.
14.5. The inspection report shall be presented to the MB, who shall decide on taking measures to remedy any deficiencies discovered.


Contact us

For any help feel free to contact us. Our support team will help you
with every question. Please fill the fields correctly.

Please enter valid details