Anti-Money Laundering AML CTF | E-wallet Clients and Merchants Risk Mitigation Procedure | Electronic Money and Authorized Payment Institution | Template for FCA Applications and Authorised Firms

← Return to the Table of Contents for all EMI and API pages

TERMS AND ABBREVIATIONS

1 INTRODUCTION

1.1. HIRETT LTD is an Authorised Electronic Money Institution providing e-commerce and payment services.

1.2. This document has been created for the employees of Hirett, a company with headquarter in London, to use as guidelines for the AML responsibilities of both the company and the staff. Basically, the guidelines contain the information which all members of staff need to be aware of in order to prevent the business being used to launder the proceeds of crime or terrorist financing. The AML/CTF & KYC Policy’s guidelines will provide the basis for all employees to comply with all applicable requirements in this area and will contribute employees in preserving the good name and reputation of our company. The guidelines also have the procedures at place that deeply describe the rules that all staff member is obliged to comply and to use on daily basis fulfilling their responsibilities.

1.3. Hirett will always seek to disrupt this activity by cooperating fully with the authorities and reporting all suspicious activity to National Crime Agency (NCA).

1.4.   The main goal of Hirett AML/CTF & KYC Policy and related procedures is to minimize all possible risks in order to prohibit and actively prevent Money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under Bank Secrecy Act (BSA)/Anti-Money Laundering (USA), Directive (EU) of the European Parliament and of the Council and Visa and MasterCard regulation regarding Money laundering prevention.

1.5. Hirett AML/CTF & KYC Policy has a strong risk-mitigation approach (fraud prevention tools and customized risk rules) which helps guarantee compliance with all existing AML stipulations.

2 MONEY LAUNDERING

2.1.   Cash first enters the financial system at the “placement” stage, where the cash generated from criminal activities is converted into monetary instruments. Such monetary instruments could be: money orders or traveller’s checks, deposited into accounts at financial institutions, dividing the cash into smaller amounts and make various deposits into one or more accounts at one or more banks; Client opens several accounts in different names at different institutions; employ or persuade others to deposit funds for them; purchasing goods such as jewellery, art and other assets with a view to reselling them at a later date; making deposits with the help of employees of the relevant financial institution.

2.2.   Placement. Cash generated from crime is placed in the financial system. This is the point when proceeds of crime are most apparent and at risk of detection.

2.2.1. Placement Red flags for Hirett Ltd:

2.2.1.1. Transactions from multiple accounts for the same receiver;

2.2.1.2. Transactions from one account to multiple receivers;

2.2.1.3. Transactions coming from accounts created by auction houses, betting sites or e-wallets providers mainly used by gambling and betting sites;

2.2.1.4. Transactions from pre-paid credit cards.

2.3. Layering. At the “layering” stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. As example: Selling assets or switching to other forms of investment; transferring money to accounts at other financial institutions; wiring transfers abroad (often using shell companies); depositing cash in overseas banking systems. Once proceeds of crime are in the financial system, layering obscures their origins by passing the money through complex transactions. These often involve different entities like companies and trusts and can take place in multiple jurisdictions.

2.4.   Integration. Once the origin of the funds has been obscured, the criminal is able to make the funds reappear as legitimate funds or assets. At the “integration” stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses, for example – an inheritance, loan payments, asset sales abroad.

2.5. Terrorist financing may not involve the proceeds of Criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations.

2.6. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

2.7. All members of staff are at risk of committing a criminal offence if they assist in a criminal transaction by missing the warning signs.

2.7.1. Integration Red flags for Hirett Ltd:

2.7.1.1. Outgoing transactions to countries known as “offshore” banking countries;

2.7.1.2. Clients are using funds of a sales of assets like as house or jewellery;

2.7.1.3. Clients are using the funds for purchases of real estate, buying stakes in companies, or other large assets;

2.7.1.4. Incoming/outgoing transactions from private people to a company;

2.7.1.5. Prepaid credit card transferred funds to bank accounts (unusual that the receiver is more financially inclusion than the remitter).

3 REGULATORY FRAMEWORK

3.1. European legislation has been adopted to protect the financial system and other vulnerable professions and activities from being misused for money laundering and financing of terrorism purposes. The primary European Union act that applies to the financial sector is the 4rd anti-Money Laundering Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. The Directive has been transposed to United Kingdom legislation in form of Law on the Prevention of Laundering the Proceeds from Criminal Activity (Money Laundering) and of Terrorist Financing.

3.2. The legislation in United Kingdom governing money laundering and Terrorist Financing and the fight against it is contained in the following:

3.2.1.   Proceeds of Crime Act 2002 (as amended);

3.2.2.   Terrorism Act 2006;

3.2.3.   Money Laundering Regulations 2017;

3.2.4.   UK bribery act 2010;

3.2.5.   Payment Services Regulations 2017;

3.2.6.   E-Money Regulations 2011;

3.2.7.   Counter-Terrorism Act 2008, HM Treasury Sanction Notices;

3.2.8.   FCA Handbook;

3.2.9.   JMLSG Guidance.

3.3. AML/CTF & KYC Policy and related procedures framework are designed to lay down a framework to:

3.3.1.   prevent Hirett from being used, intentionally or unintentionally, by criminal elements for money laundering or financing terrorist activities;

3.3.2.   enable Hirett to know and understand its Clients, contributors, and other contacts with which Hirett has any financial dealings with (collectively, “Clients”) and their financial background and source of funds better, which in turn would help it to manage its risks prudently;

3.3.3.   put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws, procedures and regulatory guidelines; and equip employees and contractors of Hirett with the necessary training and measures to deal with matters concerning AML/CTF & KYC Policy and related procedures and reporting obligations.

3.4. AML/CTF & KYC Policy and related procedures are reviewed and updated on a regular basis to ensure appropriate procedures and internal controls are in place to account for both changes in regulations and changes in our business.

3.5. The Policies are revised periodically and amended from time to time based on prevailing industry standards and international regulations designed to facilitate the prevention of illicit activity including money laundering and terrorist financing. All senior management and employees of Hirett are required to acknowledge and be familiar with the Policies.

3.6. This document covers AML Policies regarding electronic money account services, which is Hirett’s main business activity

4 MLRO’S ROLE AND RESPONSIBILITIES

4.1. All staff must take steps to ensure compliance with this Policy and ensure that they fully understand the material contained in this manual.

4.2. Responsible for overall compliance Policy of Hirett and ensuring adequate resources are provided for the proper training of staff and the implementation of risk systems. This includes computer software to assist in oversight.

4.3. The MLRO (Money Laundering Reporting Officer) holds copies of all training materials. Updated AML training is given annually. Records of all training including dates delivered and by whom are kept both centrally and on staff personnel files.

4.4. Senior management will be sent monthly updates by the MLRO on compliance. They will also receive and consider the annual MLRO report and implement any recommendations made within it. Assistance may be given to the MLRO in the preparation of the AML manual.

4.5. The MLRO of Hirett is also holding the formal position of CEO organizing the company using the risk mitigation and fraud prevention. Our company has risk based approach that is why we have chosen our MLRO to become the company CEO to guide and lead us in this way.

4.6. All issues related to any noticed suspicious activity must be referred to MLRO in the first instance. The duties of the Money Laundering Reporting Officer include:

4.6.1.   Monitoring Hirett’s compliance with AML obligations;

4.6.2.   To design, develop and implement AML/СTF internal control system and risk management measures;

4.6.3.   To design, develop and implement the AML/CTF & KYC policy and related procedures, and controls of the Hirett;

4.6.4.   To coordinate and monitor AML compliance programs;

4.6.5.   Being designated for, and accessible to, receiving and reviewing reports of suspicious activity from employees;

4.6.6.   Considering of such reports and determining whether any suspicious activity as reported gives rise to a knowledge or suspicion that a Client is or could be engaged in money laundering or terrorist financing;

4.6.7.   Overseeing communication and training for employees;

4.6.8.   To ensure that Hirett keeps and maintains all of the required AML records and will ensure that Suspicious Activity Reports are filed. MLRO is vested with full responsibility and authority to enforce the firm’s AML program;

4.6.9. To receive disclosures from employees (also known as Suspicious Activity Report-SAR’s);

4.6.10. To decide if disclosures should be passed on to the National Crime Agency (NCA);

4.6.11. To review all new laws and deciding how they impact on the operational process of the Hirett;

4.6.12.  To make sure appropriate due diligence is carried out on Clients and business partners;

4.6.13.  To keep and review records of all decisions relating to SARs appropriately;

4.6.14.  To ensure that staff receive appropriate training, when they join and that the receive regular refresher training on annual basis or if necessary;

4.6.15.  To monitor business relationships and record reviews and decisions taken;

4.6.16.  To make a decision on continuing or terminating trading activity with particular Client;

4.6.17.  To make sure that all business records are kept for at least five years from the date of the last Client transaction.

4.7. MLRO may only grant an exemption where he is clearly required, or where practical experience reveals that it is necessary to do so. All exemptions will be considered on a case by case basis. Hirett has adopted a risk-based approach to achieving its regulatory objectives and exemptions should not be considered as a way to avoid meeting our regulatory obligations. Careful consideration will be given to issues of transparency, equity and competitive neutrality in issuing exemptions. MLRO assesses the potential implications of applying an exemption and aims to adopt a consistent approach, taking account of the facts and circumstances particular to each case. Request for Exemptions from standard Client Identification Process requirements may be received from AML department in circumstances where, taking account of the CDD which has been obtained, MLRO is satisfied that the ML/TF risk has been adequately addressed. AML must use the “E-mail Exemption Request” when requesting an exemption from the Client Identification Process. The completed e-mail must be sent to MLRO and must be approved by return of email by MLRO before any exemption can be provided.

5 AML DEPARTMENT’S ROLE AND RESPONSIBILITIES

5.1. The AML Department is responsible for the performance of the AML/CTF & KYC measures set in this this AML/CTF & KYC Policy and related procedures within the area of AML Department ‘s and each Employee’s competence and authorization.

5.2. The AML Department’s obligation, alongside their direct obligations, is:

5.2.1.   To пet acquainted with the this Policy and terms of the AML/CTF & KYC measures, follow them and apply them, while performing their duties;

5.2.2.   Not to exceed the Employee’s level of authorization with respect to AML/CTF & KYC;

5.2.3.   Follow-up on changes to the AML/CTF & KYC Policy and related procedures according to the information provided by MLRO;

5.3. Timely request consultations on the application of the AML/CTF & KYC Policy and related procedures to particular cases from MLRO and perform their obligations according to the received instructions;

5.4. While performing their obligations not to allow nor directly, nor indirectly any action or lack of action, whose aim is to hide transactions related to money-laundering and financing of terrorism, or attempts thereof;

5.5. To inform in a timely manner the MLRO about ones desire to undergo a training in AML/CTF & KYC, if this is necessary for the Employee to perform his or her work obligations.

5.6. Alongside with these AML/CTF & KYC requirements, the HIRETT’s Employees must while offering financial services to the HIRETT’s Clients follow also the terms of the Contracts signed on behalf of the HIRETT, their appendices, Agreements and similar legal documents, as well as the publicly available General terms and conditions of transactions. In case discrepancies among the terms of the above mentioned documents are established or they are potentially possible, the Employee informs the MLRO electronically. MLRO takes decision on further action in each particular case.

5.7. The key functional responsibilities of the employees of AML Department shall include:

5.7.1. To plan, develop and implement AML/TF internal control system and risk management measures;

5.7.2. To develop, implement, maintain and enhance the AML policies, procedures, and controls of the Company;

5.7.3. To monitor AML compliance programs;

5.7.4. To prepare reports (reviews, accountings) in accordance with the United Kingdom legislation and requirements of the Financial Conduct Authority (FCA);

5.7.5. To prepare and provide the necessary information and reports for Her Majesty’s Revenue and Customs (HMRC) of United Kingdom;

5.7.6. To provide reports of unusual and suspicious transactions to the Financial Intelligence Unit (FIU);

5.7.7. To provide effective communication with FCA and correspondent banks;

5.7.8.   To ensure sanction compliance requirements, sanction risk control and risk mitigation measures, inform MLRO and educate Employees;

5.7.9. The duties performed by FATCA (Foreign Account Tax Compliance Act) and OECD (The Organization for Economic Cooperation and Development) CRS (Common reporting standard) requirements (if applicable).

6 RISK BASED APPROACH

6.1. As per the Money Laundering Regulations 2017, HIRETT as regulated Authorised Electronic Money Institution must exercise a ‘risk based approach’ to its Clients, products and business practices.

6.2. HIRETT operates a regimented system based upon processes, our 5-step approach is:

6.2.1. Identify the money laundering risks that are relevant to our business;

6.2.2. Carry out periodic risk assessments on various parts of our business, focusing on Client behaviour, delivery channels, patterns, irregularities;

6.2.3. MLRO to design and put in place effective controls to manage and reduce the impact of the risks;

6.2.4. MLRO/AML department to monitor the controls and improve efficiency;

6.2.5. Maintain records of processes/systems that were checked and why we checked them.

6.2.6. The results of HIRETT annual risk assessment is presented and approved by the Board of Directors.

6.3. HIRETT identifies the money laundering and terrorist risks presented by:

6.3.1. Geographic area of operation;

6.3.2. Product;

6.3.3. Client;

6.3.4. Delivery channel.

6.4. Clients are classified according to their risk level:

6.4.1. Low Risk;

6.4.2. Medium Risk;

6.4.3. High Risk (a prior MLRO approval is required).

6.5. In determining a risk assessment for a Client, the presence of one factor that might indicate higher risk does not automatically establish that a Client is higher risk. Equally, the presence of one lower-risk factor should not automatically lead to a determination that a Client is lower risk.

6.6. The Risk-Based approach helps to drive the HIRETT’s compliance resource allocation, internal controls strategy, system structures, and enables an organization to focus on higher risk areas. HIRETT considers the Risk-Based approach as two-tiered concept. First of all, every financial institution should estimate all possible money laundering and terrorist financing risks. Secondly, every financial institution should implement its own, most appropriate for its type of business prevention concept.

6.7. HIRETT policies are formed by using the FATF guidance on the Risk-Based Approach, that a regulated firm should adhere to, in order to effectively combat Money Laundering and Terrorist Financing. The FATF guidance supports HIRETT in the development of:

6.7.1.   A common understanding of what the Risk-Based approach involves;

6.7.2.   Outlining the high-level principles involved in applying a Risk-Based approach;

6.7.3.   Promoting HIRETT in the eyes of its partners, as our Risk-Based approach indicates a good public and private sector practice.

6.8. It is recognized that a higher level of due diligence and monitoring would be specified for business areas prone to higher AML risks. Accordingly, entities, their owners, directors whose identities can be easily identified and transactions implemented by them and large conform to the known profile, may be categorized as low risk.

6.9. Further, Clients that are liked to pose a higher than average risk to the HIRETT may be categorized as medium or high risk depending on factors such as Client’s backgrounds nature and location of activity etc.

6.10. All in all, the risk assessment’s scope includes, but not limited to: the type, scale and complexity of the business, the products and services sold, target markets, high risk Clients, jurisdiction exposure, distribution channels, transaction size and volumes as compared to historic trends, systems, major organizational changes, and compliance testing, audit and regulatory findings.

6.11. The risk assessment should include as much information as is obtainable to provide a clear and accurate assessment.

7 PROHIBITIONS ON CLIENTS RELATIONSHIPS

7.1. HIRETT in considering money laundering risks, regulations and guidance decided that certain types of relationship are unacceptable:

7.1.1. shell banks;

7.1.2. individuals or entities that are on relevant sanctions lists issued by countries in compliance with UN resolutions or to which countries have applied sanctions unilaterally (UK, US and others);

7.1.3. individuals or entity whose identity cannot be verified or

7.1.4. who refuses to provide information required to verify identity or required for account opening purposes; or;

7.1.5. who has provided information that contains inconsistencies that cannot be resolved after further investigation;

7.1.6. Where there is suspicion or evidence of found, money laundering or other criminal activity or involvement;

7.1.7. If falsified documentation or information is detected during the account opening/relationship establishment process;

7.1.8. Individuals, entities and organizations sanctioned by UN, EU, HM Treasury list or OFAC;

7.1.9. An account using a pseudonym or number rather than the actual name of the Client;

7.1.10. Anonymous ownership entity accounts, where the ownership of the entity cannot be determined because the entity has a form or structure that prevents an account accurate identification of the Beneficial Owners;

7.1.11. Unlicensed financial institutions, including unlicensed currency exchange houses and money transmitters and

7.1.12. Persons involved in unlawful internet gaming business;

7.1.13. Clients – merchants, whose business Merchant Category Code (MCC) is included into the International Card organisations prohibition list.

8 E-WALLET CLIENTS MITIGATION PROCEDURE

8.1. Identification process speaking about e-wallets is the most difficult one from different points of view. Based on each country legislation there are a lot of restrictions and also card schemes have own regulations on this question.

8.2. One of the ways of how HIRETT can go with e-wallet is to build the concept of motivation, remuneration and strict control.

8.3. Motivation to use the wallet should be:

8.3.1. Stability;

8.3.2. Safety of funds;

8.3.3. Easy and understandable registration process;

8.3.4. Availability on mobile devices;

8.3.5. Worldwide accessibility;

8.3.6. Opportunity to pay on different websites;

8.3.7. Fast wallet top-up and funds withdraw;

8.3.8. Immediate payments;

8.3.9. Multi-currency accounts;

8.3.10. 24/7 Clients support.

8.4. Registration is the initial step and probably the most important step in process of attracting a new Client to a product. To make registration as painless and simple as possible, HIRETT attempts to capitalize on the waiver provided by the European regulatory regime.

8.5 Simplified due diligence. Simplified due diligence may be applied to non-reloadable purses, accounts, and otherwise payment instruments in physical and digital form. Where electronic money purses cannot be recharged and the total purse limit does not exceed 500 EUR, verification of identity does not need to be undertaken. This takes into account the ability of individuals to purchase multiple purses and to therefore accumulate a higher overall total of purchased value.

8.6 For those issuers that provide electronic money purses that can be recharged, whether card or purely server-based, are required to undertake verification of identity procedures only when the annual turnover limit of 2,500 EUR is exceeded, or if the Client seeks to redeem (withdraw in cash) more than the 1000.00 EUR annual allowance.

8.7 Where purses can both send and receive payments, such as, for example, in online account-based products that enable person to person payments, the 2500.00 EUR turnover limit is applied separately to sending and receiving transactions. In other words, the turnover limit is calculated separately for credit and debit transactions, and the verification requirement applied when either of the two is exceeded.

8.8 In respect of products benefitting from simplified due diligence, identity must be verified before cumulative turnover limits are exceeded. Systems must therefore be in place to anticipate the approach of limits and to seek identification evidence in good time, before the annual turnover limits are reached. The Client’s account must be frozen if the limits are reached before verification of identity has been completed.

8.9 Gradation of e-wallet user levels and access:

8.10. Verified Client:

8.10.1. Verified Client account allows Client had passed full AML/KYC procedures and we fully know our Client and his personality.

8.11. Verification process:

8.11.1. Pass screening procedures in LexisNexis and other services;

8.11.2. Pass documents due-diligence procedure;

8.11.3. Pass social media due-diligence;

8.11.4 Verify bank account with 1 USD (EUR) transaction;

8.11.5. Pass address verification by receiving an envelope with secure 4 digits and 2 letters code;

8.11.6. Pass video verification (5 minutes internal video call with record).

8.12. Unlimited Client:

8.12.1 Unlimited Client refers to client rage who has active wallet during the last 6 months from the registration period. These Clients are not simply verified account holders but also clients that are active and we see their financial flows and understand income sources.

8.13. Unlimited Client account status:

8.13.1. Pass all verification procedures;

8.13.2. Active account for the last 6 months;

8.13.3. Added +1 family member of colleague with verified account;

8.13.4. Active usage of IBAN account top-up and settlement method;

8.13.5. For the Clients who operate with more than.

8.14. Client KYC/AML profile:

8.14.1. This profile is used be monitoring and risk department to have a full access to Clients profiles and data with opportunity to open any day log file and investigate his activity or unusual behaviour.

Personal account:

Registration process:

8.15. After the first stage HIRETT should:

8.15.1. Create Client profile;

8.15.2. Tick the verified email or phone number;

8.15.3. Check person in screening services for alerts;

8.15.4. Activate the profile.

8.16. Based on this stage he can already top-up the wallet without any rights to transfer his funds to any other person or merchant. The max. limit of such top-up should be 350 EUR based on EU law.

8.17. Second stage include additional verification to grant user right to operate with account:

8.17.1. Add ID data;

8.17.2. Add physical and declared address;

8.17.3. Upload ID scan;

8.17.4. Upload utility bill.

8.18. Completing this stage HIRETT risk department should check provided documents, run LexisNexis and assign the first level of HIRETT e-wallet user account grade. User based on this verification can:

8.18.1. Transfer money;

8.18.2. Pay for goods and services;

8.18.3. Receive money;

8.18.4. Withdraw money to his bank account.

8.18.5. There should be also assigned the monthly and annual limit.

9. MERCHANTS RISK MITIGATION PROCEDURE

9.1. A merchant works with HIRETT to apply for and receive a merchant account (an account that allows the merchant to accept credit and debit cards). Whenever a Client (Cardholder) purchases an item with a credit or debit card, the merchant submits the purchase transaction information to HIRETT, which will then submit it through the card association network to the Cardholder’s issuing bank. The issuing bank will approve or decline the charge and bill the Cardholder the amount due to the merchant.

9.2. HIRETT understands that the Risk Assessment starts during the Underwriting Stage. That is why merchant screenings are implemented in order to spot any potential threat to our business operations and to our reputation. HIRETT partners with world first class risk prevention and mitigation services and others to enhance the merchant checks by doing the following:

9.2.1. Merchant screening before boarding: a comprehensive background report is provided, which allows us to know who we’re dealing with before signing the contract. It also reduces the time needed to conduct due diligence of merchants;

9.2.2. Simple and regular Merchant monitoring: it provides automatic follow ups on our current merchants’ online activities;

9.2.3. Constant long-term protection: the software protects HIRETT reputation by reducing the risk of falling victim of fraudulent merchants.

9.3. Also during the underwriting stage, the merchant is provided with general and specific processing rules which serve as guidelines for the future partnership with HIRETT. Among other things, such rules aim to anticipate and reduce the threats associated to each type of merchant.

10. CARDHOLDERS MONITORING

10.1. HIRETT follows reasonable procedures to verify and/or identify Cardholders who makes transactions for large amounts. Such procedure of identification and verification of Cardholders based on information HIRETT collects from the Merchants and then this information is verified.

10.2. AML department, first of all, collects certain Cardholders identification information about each Cardholder who implements transaction for large amount, secondly, utilizes risk-based measures to verify the identity of every Cardholders who implements transaction for large amount, thirdly, records Cardholders identification information and the verification methods and results, finally, using gathered information about the Cardholder, AML department makes Cardholder screening against OFAC and other sanction lists.

10.3. Minimum information to create Client’s file

10.3.1. Natural persons:

10.3.1.1. Name, surname;

10.3.1.2. Original and current identification evidencing nationality or residence and bearing a photograph or similar safeguard, such a passport, national identification card or alien identification card with date of birth and place of birth;

10.3.1.3. Living address and postal code;

10.3.1.4. Officially certified copies of the above documents;

10.3.1.5. Disclaimer/questionnaire for the origin of funds not being derived from the proceeds of crime.

10.3.2. Legal entities:

10.3.2.1. Company’s name;

10.3.2.2. Beneficial owner name;

10.3.2.3. Ownership memorandum, article of association etc.;

10.3.2.4. Legal and physical address;

10.3.2.5. Other relevant documentation such as company’s activity details, expected turnover or expected etc.;

10.3.2.6. Officially certified copies of the above documents;

10.3.2.7. Expected type and volume of transaction;

10.3.2.8. Main counterparties and countries;

10.3.2.9. Disclaimer/questionnaire for the origin of funds not being derived from the proceeds of crime.

10.4. HIRETT requirements for the Cardholders who exceed certain thresholds include following documents:

10.4.1. A signed Authorization Form (form must be as provided by HIRETT or approved by the Risk and Compliance Department if furnished by the Merchant);

10.4.2. A copy of a valid government issued ID with photo;

10.4.3. A copy of the Credit or Debit card(s) listed on the Authorization form, both front and back with digits 7 through 12 (from the left) of the card covered or masked, the expiration date covered or masked and the CVV (security code) on the back of the card covered or masked;

10.4.4. A copy of a recent utility bill or a bank statement displaying the home address as stated in the Authorization Form.

10.5. In verifying the information, HIRETT considers whether the identifying information that HIRETT receives, such as the Client’s name, street address, zip code, telephone number (if provided), date of birth allows us to determine that HIRETT has a reasonable belief that HIRETT knows the true identity of the Client (e.g., whether the information is logical or contains inconsistencies).

10.6. Appropriate documents for verifying the identity of Clients include the following:

10.6.1. For an individual, an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport; and

10.6.2. For a person other than an individual, documents showing the existence of the entity, such as certified articles of incorporation, a government-issued business license, a partnership agreement or a trust instrument.

11. POLITICALLY EXPOSED PERSONS (PEPS)

11.1. PEPs are defined as individuals who have been entrusted with a prominent public function outside of the UK. HIRETT will also extended the definition of a PEP to any immediate family member and/or close associate of the person mentioned above in order to comply with regulations, HIRETT ensure that all accounts relating to PEP’s must:

11.2. Be approved by the MLRO;

11.3. Be subject to enhanced due diligence;

11.4. HIRETT consider all transactions and any association with a PEP as high risk. Any transactions or requests from a PEP (or someone who you think is a PEP) must be signed by MLRO. Any PEP wishing to become HIRETT’s Client shall be asked to verify the source of their funds.

11.5. The definition of a PEP is set out below:

11.5.1. Is or has, at any time in the preceding year, been entrusted with prominent public functions;

11.5.2. Is an immediate family member of such a person;

11.5.3. Is a known associate of such a person;

11.5.4. Is resident outside the UK;

11.5.5. Is or has, at any time in the preceding year, been entrusted with a prominent public function by:

11.5.6. A state other than the UK;

11.5.7. The European Community; or

11.5.8. An international body; or

11.5.9. Is an immediate family member or a known close associate of a person referred to in the paragraph immediately above.

11.6. Clients are required to indicate whether they or any member of their family has previously worked in a non-EU country at any time in the preceding 12 months. In case the answer is yes, the Employee must make enquiries to establish whether the Client may meet the criteria for being ‘politically exposed’.

11.7. In cases where a PEP is identified:

11.7.1. Senior management approval should always be sought before establishing a business relationship with a PEP;

11.7.2. The source of funds should be established;

11.7.3. The business relationship should be subject to enhanced monitoring.

12. SANCTIONS SCREENING

12.1. Sanctions are normally used by the international community for one or more of the following reasons:

12.1.1. to encourage a change in behaviour of a target country or regime;

12.1.2. to apply pressure on a target country to comply with set objectives;

12.1.3. as an enforcement tool when international peace and security has been threatened and diplomatic efforts have failed;

12.1.4. to prevent and suppress the financing of terrorists and terrorist acts.

12.2. Financial sanctions are normally one element of a package of measures used to achieve one or more of the above. Financial sanctions measures can vary from the comprehensive – prohibiting the transfer of funds to a sanctioned country and freezing the assets of a government, the corporate entities and residents of the target country – to targeted asset freezes on individuals/entities.

12.3. Taken into consideration United Kingdom, US and EU regulations, HIRETT uses additional tools to check potential or actual Merchants against OFAC and non-OFAC sanction lists. It is essentially important for HIRETT not to establish any business activity with the companies (individuals) which are included in these lists.

12.4. Before opening an account, and on an ongoing basis, HIRETT will check to ensure that a Client does not appear on sanction list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by United Kingdom, US, EU and United Nations.

12.5. HIRETT checks every Merchant and their cardholder who implements transactions for large amounts against existed Sanctions Lists

12.6. If HIRETT determines that a Client is on the one of sanctions list or is engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by regulations, HIRETT will reject the transaction and/or block the Client’s assets and file a blocked asset and/or rejected transaction.

12.7. Taking into account the cross-border business of HIRETT, it is very carefully processing its Clients CDD, EDD, ongoing transaction monitoring and other activities to prevent possible violation of the ML/TF and other limitations/restrictions.

12.8. As HIRETT uses automated screening program with ‘fuzzy matching’ logic and which is calibrated in accordance to HIRETT risk level, once the integrated screening lists (including OFAC SDN list) is updated within the program, the screening process is performed using the most recent lists immediately, but in any case, not later than within 1 week after the screening lists updated.

12.9. Clients with whom a business relationship is established would be screened against relevant notices published by:

12.9.1. The Office of Foreign Assets Control (OFAC);

12.9.2. Her Majesty’s Treasury Department – UK (HMT);

12.9.3. European Union sanctions (EU);

12.9.4. United Nations (UN).

12.10. If a positive match is discovered, the responsible employee must inform AML Department and MLRO immediately. AML Department must investigate received information and if positive match, inform the responsible employee which must block the Client in operational system until consent is given to proceed or refuse. MLRO makes a disclosure to the relevant.

13. GROUP OF CLIENTS

13.1. When performing Client’s identification and establishing business relationships with the Client, HIRETT shall obtain and verify information, whether the Client is a part of a Group of Client.

13.2. Key criteria for determining a group of Clients is the Client’s BO. Each Group of Clients operates on behalf of its BO and for the benefit of the BO.

13.3. Indicators pointing to the existence of a Group of Clients.

13.3.1. one of the Clients has control (directly or indirectly) over other Client(s), except in cases, where the controlling Client is the state or municipality, EU Member States, states of Organisation for Economic Co-operation and Development, states of the European Economic Area, municipalities of the EU or EEA Member States;

13.3.2. the BOs of two or more Clients are family members (spouses, children, parents);

13.3.3. the same words (terms), except words of international meaning (such as „global”, „international”, „finance”, etc.), are used in the legal names of the Clients.

13.3.4. the Clients have common (the same) contact information (address of the management, phone number, fax number, e-mail address);

13.3.5. The Clients have the same Authorized Person;

13.3.6. other factors, whose nature suggests possible link between the Clients.

13.4. In cases, when it is detected that the Client forms a Group of Clients the Employee shall indicate the obtained information in written form and accordingly assess ML/TF risks related to providing services to this Client.

13.5. After detecting the Group of Clients the Employee shall deliver the above mentioned information to the MLRO, who:

13.5.1. ensures that all Clients, who are members of the respective Group of Clients, are connected within the CRM;

13.5.2. adjusts the ML/TF risk group in accordance with the highest risk, which has been assigned to a member of the relevant Group of Clients.

14. STANDART DUE DILIGENCE (DD)

14.1. HIRETT applies DD at the start of Client engagement by identifying and verifying the Client’s identity on the basis of documents, data or information obtained from a reliable and independent source.

14.2. HIRETT conducts DD both for natural Clients, business Clients, merchants and cardholders.

14.3. HIRETT verifies the Beneficial Owner of the Client (in case of both, legal entities and individuals) and takes adequate measures, on a risk sensitive basis to verify his identity (including in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure).

14.4. Standard Due Diligence before starting cooperation is a set of measures aimed at risk assessment, during which HIRETT:

14.4.1. obtains information on the Client, the Client’s Authorized persons, representatives, Beneficial Owners and business character, as well as check the obtained data for matches with the special lists maintained by HIRETT and, if the information obtained matches with the information contained in the special lists, a prior MLRO approval is required for further actions;

14.4.2. ensures adequate assessment of the ML/TF risk level related to servicing the particular Client and set appropriate measures for risk control and minimization;

14.4.3. ensures storage and regular updating of all documentation, data and information collected during the CDD/EDD process.

14.5. When defining the scope and process of Due Diligence, the AML Department shall pay attention to the ML/TF risks factors that arise from the Client’s country of residence (country of registration/incorporation), its legal form, type of business, utilized HIRETT services and conducted transactions.

14.6. For Clients who are subject to an EDD before starting cooperation as prescribed by AML/CFT & KYC Policy the AML Department conducts additional activities to ensure that the necessary documents and information is obtained on time.

14.7. The AML Department collects the information, documentation and conducts due diligence of the Client’s business activities on the basis of the information presented by the Client in the questionnaires.

14.8. Any findings that support the KYC information should be recorded by the AML Department and added to the Client Profile.

14.9. In all cases when during the course of the due diligence arise doubts concerning the information submitted by the Client, the AML Department requests the Client to submit, for confirmation, documents confirming the Client’s business activities, including contracts, invoices, customs documents, etc., as well as draws up a graphic chart of the Client’s business activities and analyses their economic reasonableness.

14.10. Before making decision on starting or rejecting cooperation, the AML Department shall conduct negotiations with the potential Client in order to understand the Client’s business and to obtain the information required to be collected under AML/CFT Policies and Procedures and to record the information obtained in the course of the negotiations.

14.11. Regarding any potential Client and to the practically possible extent, the AML Department checks data submitted by the Client in publicly available registers available on the internet.

14.12. The information obtained from any source or internet shall be attached to the Client’s Profile electronically and be shared with the relevant staff.

14.13. All the information sent and received during the communications with Client should be held in Client’s profile.

14.14. AML Department making the decision on particular case should provide reasons and facts that promoted particular decision.

14.15. If Client has come out with High risk level, a prior MLRO approval is required for further actions;

14.16. If any suspicions are identified, then these should be raised to the MLRO for further investigation by completing the relevant internal Suspicious Activity Report (SAR) form.

14.17. The purpose of the DD process is to collect, process, verify and keep the information about the HIRETT Clients, due to minimize the possible and potential ML/TF risks. There are circumstances in which enhanced due diligence should be applied and others in which simplified due diligence may be appropriate:

14.17.1. It should be recognized that certain situations present a greater risk of money laundering or terrorist financing. Although the identity and business profile of all Clients should be established, there are cases in which particularly rigorous Clients identification and verification procedures are required;

14.17.2. Relationships with individuals who hold or who have held important public functions, within the Union or internationally, and particularly individuals from countries where corruption is widespread.

15. SIMPLIFIED DUE DILIGENCE

15.1. Simplified due diligence is the lowest level of due diligence that can be completed on a Client. This is appropriate where there is little opportunity or risk of your services or Client becoming involved in money laundering or terrorist financing.

15.2. Where HIRETT is satisfied that a Client, product and services fall into simplified due diligence criteria then HIRETT’s only requirement is to identify Client. When completing simplified due diligence, there is no requirement to verify the Client’s identity as HIRETT would with a standard or enhanced due diligence approach. The business relationship should be continually monitored for trigger events which may create a requirement for further due diligence in future.

15.3. There are a number of factors that can help determine if a situation is low risk such as the service or product being provided or the type of Client that HIRETT is engaging with. Often Clients that are required to disclose information regarding their ownership structure and business activities or companies that are subject to the Money Laundering Regulations are seen to be a lower risk.

15.4. For example, if a Client is a public authority in the UK or listed on a regulated market they may be perceived to be a lower risk as they are required to disclose information.

15.5. If at any point during the relationship with Client additional intelligence becomes available which suggests that the Client or product may pose a higher risk than originally thought a more enhanced level of due diligence should be conducted.

15.6. It is, however, still necessary to conduct on-going monitoring of the business relationship. HIRETT must have reasonable grounds for believing that the Client, transaction or product relating to such transaction falls within one of the categories set out and may have to demonstrate this to their supervisory authority.

15.7. Clearly, for operating purpose HIRETT will nevertheless need to maintain a base of information about the Client. HIRETT may apply a ‘lighter touch’ in terms of the extent of CDD undertaken.

15.8. Also, mandatory would be applied under SDD, sanctions and PEP’s screening procedure to ensure that companies Clients are not listed before getting into relationships.

15.9. Clients without full KYC documentation on file are limited to:

15.9.1. no more than 500.00 EUR or 600.00 GBP for a single transaction;

15.9.2. no more than 1,000.00 EUR or 1200.00 GBP in a 12-month period;

15.9.3. no more than 2 approved transactions in 6 months.

15.9.4. The limits above apply to the Client, regardless of number of cards used.

15.10. Clients with full KYC documentation on file and approved by HIRETT AML Department:

15.10.1. Transaction amounts less than an agreed upon threshold will be Captured Automatically;

15.10.2. Transaction amounts in excess of an agreed upon threshold will be placed in a queue for approval by HIRETT AML Department.

15.11. HIRETT only accepts transactions for Countries that are not considered high risk jurisdictions by FATF and OFAC and when the beneficial owner is identified.

16. ENCHANCED DUE DILIGENCE (EDD)

16.1. HIRETT’s Enhanced Due Diligence (EDD) process is designed to obtain as much information as possible in order to ensure the validity of the transaction and that HIRETT complies with ML Regulations (2017), POCA (2002), Terrorism Act (2000) and the EU Money Laundering Directives. In practical terms, EDD will include:

16.1.1. taking reasonable measures to establish a Client’s source of wealth – source of wealth is distinct from source of funds, and describes the activities that have generated the total net worth of a person, i.e. those activities that have generated a Client’s income and property;

16.1.2. considering whether it is appropriate to take measures to verify source of funds and wealth from either the Client or independent sources (such as the Internet, public or commercially available databases);obtaining further DD information (identification information and relationship information);

16.1.3. taking additional steps to verify the DD information obtained;

16.1.4. commissioning due diligence reports from independent experts to confirm the veracity of DD information held;

16.1.5. requiring more frequent reviews of business relationships (twice per year);

16.1.6. carrying out stricter monitoring of transactions and setting lower transaction thresholds for transactions connected with the business relationship, and;

16.1.7. setting alert thresholds for automated monitoring at a lower threshold for PEPs.

16.1.8. Clients subject to EDD are required to provide a written confirmation regarding the legal origin of funds. Failure to provide such may result in a transaction being held.

16.1.9. The degree of EDD must be determined by MLRO on a case-by-case basis.

17. BUSINESS CLIENTS/MERCHANTS FULL DUE DILIGENCE (FDD)

17.1. It is important for HIRETT’s AML program to obtain sufficient information about each Business Client/Merchant that allows to evaluate the risk presented by that Client and to detect suspicious activity.

17.2. Business Client/Merchant Due Diligence of a risk sensitive basis is depending on the type of Client, business relationship, or services to be provided is the foundation of HIRETT AML program. Merchant Due Diligence provides HIRETT with a baseline for evaluating Client transactions to determine whether the transactions are suspicious and need to be reported.

17.3. The main goals of FDD for HIRETT are:

17.3.1. Be satisfied that Business Client/Merchants are who they say they are;

17.3.2. Understand whether its Clients are acting on behalf of others and the identity of any Beneficial Owner(s);

17.3.3. Understand its Clients’ circumstances to guard against their being used for fraud, money laundering or other criminal activity.

17.4. Steps of Business Client/Merchant Due Diligence:

17.4.1. Obtaining information to identify the Business Client/Merchant(s);

17.4.2. Verifying the Business Client/Merchant and/or Beneficial Owner(s) identification information;

17.4.3. Collecting KYC optional documents;

17.4.4. Conducting Business Client/Merchants screening

17.5. Obtaining information to identify the Business Client/Merchant(s):

17.5.1. HIRETT follows procedures to identify all Business Clients/Merchants that the company has relationships with. During underwriting stage, HIRETT requires all the documents needed for the Business Client/Merchant identification. Business Client/Merchant boarding and application process starts with completing merchant’s KYC. Our document requirements comply and often surpass the standard requirements:

17.5.1.1. HIRETT forms;

17.5.1.2. Corporate documents:

17.5.1.3. Certificate of incorporation;

17.5.1.4. Incorporation documents showing directors and shareholders (not only company representatives, we perform full Beneficial Owner identification, in case of more complex structures, we collect information about all owning companies).

17.5.1.5. Passport/national ID(s) of directors and shareholders owning more than 2% company shares (we do accept companies created with hosts);

17.5.1.6. Bank statements as a proof of accomplished bank’s verification procedures (recent 3-6 months);

17.5.1.7. Processing statements (recent 3-6 months);

17.5.1.8. Company utility bills;

17.5.1.9. Re-presentment files;

17.5.1.10. Domain ownership.

17.5.1.11. Forms:

17.5.1.12. Pre-application form – containing basic information, useful while presenting a merchant;

17.5.1.13. Preliminary scan form – a substitution (along with forecast) for the pre-application. Contains basic company data required to start automated reputational checks;

17.5.1.14. Contact form – 8 key contacts, strategic from the point of view of business development;

17.5.1.15. Bank details form;

17.5.1.16. Forecast form– ongoing four-month processing prognosis, part of the agreement;

17.5.1.17. Transaction limits or recurring billing form.

17.5.2. Verifying the Business Client/Merchant and/or Beneficial Owner(s) identification information:

17.5.3. In some cases, the Business Client/Merchant’s information is obtained directly from the Client. In other situations, the information is obtained from other sources. Irrespective of how or where the identification information is obtained, a determination must be made whether the information also needs to be verified.

17.6. Irregularities in the above documentations may be indicators for suspicion, leading AML staffs to do additional research.

17.7. Before onboarding process, HIRETT estimate all risks connected with:

17.7.1. Business Client/Merchant’s actual or anticipated business activity;

17.7.2. Business Client/Merchant’s ownership structure;

17.7.3. Anticipated or actual volume and types of transactions;

17.7.4. Transactions involving high-risk jurisdictions.

17.8. KYB Optional Documents:

17.8.1. For some specific merchant applications (related to higher risk or for merchants providing services that may be regulated by some authorities) HIRETT might request some more specific documents:

17.8.2. Resume or CV(s) of directors and owners and detailed business plans with 6-month prognosis (if processing history not available);

17.8.3. Annual tax documents (for company and director or shareholder);

17.8.4. Business / operating licenses and permits;

17.8.5. Legal opinions – in case of any doubts about the Merchant’s business if it is legal in the incorporation country;

17.8.6. Certificate of Good Standing issued by competent authorities (issued for example by states secretaries);

17.8.7. List of businesses that Client’s principals and/or Beneficial Owners own(ed)/operated) or have been involved in the past 5 years (statement).

17.9. Apart from additional documents in some cases collaterals could be implemented and have to be properly calculated (for example in case of long breaks between payment and fulfilment, i.e. Travel agencies).

17.10. Conducting Business Client/Merchants screening:

17.10.1. HIRETT understands that the Risk Assessment starts during the Underwriting Stage. That is why merchant screenings are implemented in order to spot any potential threat to our business operations and to HIRETT reputation;

17.10.2. Reputation should be handled in two ways – manual and automatic/semi-automatic. For manual checks the key tool is the web search engine (i.e. Google, Bing, Yahoo) along with some more specific tools like who.is (for domain information), robtex.com (for domain and IP related checks) and alexa.com (to estimate the website traffic);

17.10.3. During manual check some key data like Business Client/Merchant name, directors’ names, URL address and related phones, emails and addresses should be checked along with phrases that may occur in regard to the business model (i.e. crime, scam, review) to narrow search results to the results really interesting in terms of international investigation (i.e. if merchant’s director is a felon or a convict or known fraudster);

17.10.4. Generally, in case of suspicious Business Client/merchants usually director’s full name or merchant’s company name should return some results that will give the initial information to follow up or reject application at the early stage, however that is not a rule and sometimes the important results are found in most unexpected places.

17.11. Website Compliance Check:

17.11.1. HIRETT implements checks of Business Client/Merchant websites that must comply to the following requirements. Every website that is about to be used for ecommerce processing must comply to the specific requirements regulated by card schemes (Visa/MC):

17.11.1.1. Clear posting of the Refund and Return Policy;

17.11.1.2. Clear Privacy Policy;

17.11.1.3. Clear statement on website regarding security controls used to protect Clients;

17.11.1.4. Clear posting of the Terms and Conditions;

17.11.1.5. Clear posting of the Client service telephone number and email address;

17.11.1.6. Clear posting of delivery methods and delivery times (if applicable);

17.11.1.7. Clear posting of the company legal name and corporate address;

17.11.1.8. Clear posting of the billing descriptor on the payment page;

17.11.1.9. Card Schemes logos visible on the payment page.

17.11.1.10. Contact information and Client support are always verified by performing test calls/emails.

17.11.2. Automated Checks:

17.11.2.1. Parallel to manual screening we are also executing external tools provided by 3rd party companies, i.e.

17.11.2.2. To run that automated screening HIRETT requires completed preliminary scan form, that contains following data:

17.11.2.3. Company name, registration number and address;

17.11.2.4. Director’s name, passport number and email address;

17.11.2.5. Beneficial Owner’s name, passport number and address;

17.11.2.6. Merchants bank details;

17.11.2.7. Website address.

18. CLIENT IDENTIFICATION

18.1. HIRETT must identify its Clients unless the identity of that Client is already known to, and has been verified by, the relevant person.

18.2. For identification of natural persons must be used a national passport or other personal identification document (Personal ID) with MRZ line. Note that not all the documents contain MRZ line. If the document does not contain MRZ line the Employee should ask for another identification document with MRZ. If the person has no document containing MRZ line the Employee should ask for additional document issued by official authorities supporting the identification document.

18.3. For identification of legal persons must be used documents issued by register of entities where the legal person is registered.

18.4. In case of a face-to-face meeting, for the purpose of identification a personal identification document valid in the relevant country (if the identification is performed within the state of the Client’s residence) should be used, or a document, which allows the Client or its representative to enter the country, where the identification is performed.

18.5. The document presented for identification must be relevant to the country that has issued this document and must NOT have any visible falsification marks.

18.6. If a face-to-face identification is performed the Employee makes a copy of the ID document from the original document and personally declares “true copy of the original taken by: Name Surname, Date, Place.”

18.7. If identification of the Client is performed non face-to-face and the documents for identification were received without any relevance to electronic signatures, HIRETT before establishing business relationships or before starting provision of financial services performs one or several of additional risk mitigation measures:

18.7.1. seeks additional independent, reliable sources to verify information provided by the Client;

18.7.2. receives first payment and in a month period one more payment from this Client’s account opened in the organization that conducts financial services within the European Union and is licensed and regulated by EU financial authority;

18.7.3. performs face-to-face identification;

18.7.4. face-to-face meeting, checks if the person visually matches the one from ID document and records this information;

18.7.5. performs video identification (for Natural Persons only) via Skype or similar software;

18.7.6. receives a selfie of a person under identification photographed with submitted ID document.

18.8. After the Client has been identified, HIRETT must verify the Client’s identity unless the Client’s identity has already been verified by the relevant person. Amount of information to be received from a Client depends on whether the Client is a legal entity or an individual (natural person), namely:

18.8.1. If a Client is a legal entity, the at least following information must be received for identification purposes: company name; registration number; address of the registered office (and, if different, its principal lace of business); the law to which the legal person is subject; its constitution (whether set out in its articles of association or other governing documents); full names of the board of directors (or if there is no board, the members of the equivalent management body) and the senior persons responsible for the operations of the legal entity.

18.8.2. If a Client is an individual (natural person), then at least the following information must be received for identification purposes: name and surname; personal identity number (if such exists); date of birth; photograph on an official document which confirms his/her identity; residential address; number and date of issue of the personal identification document, state and authority which has issued the document; period of validity of identification document.

18.9. Clients who refuse to provide Information:

18.9.1. Risk-based approach lies in a very foundation of HIRETT AML program. The rule that HIRETT considers as one of the important is Know your Client in order to minimize all possible risks connected both with unknown identity of Natural Clients, Business Clients, Merchants as well as Cardholders, which can be caused by Lack of Verification and unusual merchants or Cardholders behaviour which could be detected during ongoing transactions monitoring.

18.9.2. In a case when potential Merchant refuses to provide required information, HIRETT doesn’t establish any business relationship with such kind of merchants and doesn’t take it on board. If HIRETT reveals the fact that Cardholder who implements large amount transaction doesn’t want to provide the information needed for establishing his/her identity HIRETT doesn’t approve this transaction and further transactions made by this Cardholder unless he provides all required documents.

18.9.3. Clients’ – Insufficient or Suspicious Information:

18.9.3.1. Provides unusual or suspicious identification documents that cannot be readily verified;

18.9.3.2. Reluctant to provide complete information about nature and purpose of business;

18.9.3.3. Background is questionable or differs from expectations based on business activities;

18.9.3.4. Client with no discernible reason for using HIRETT Services.

18.9.4. List of Acceptable Identification Verification:

18.9.4.1. Current passport.

18.9.4.2. Current National Identity Card.

18.9.4.3. Non-UK Residents – Due to new legislation Non-UK residents must always present their Passport or National Identity card when applying for an account.

18.9.5. List of Acceptable Address Verification:

18.9.5.1. Council tax bill (valid for current year).

18.9.5.2. Utility bill (dated within last 6 months).

18.9.5.3. Telephone bill (dated within last 6 months) – mobile phone bills are not acceptable.

18.9.5.4. Sky or Cable TV bills (dated within last 6 months).

18.9.5.5. Credit card bill (dated within last 6 months). Certain conditions may apply for overseas financial providers.

18.9.6. Non-UK Residents:

18.9.6.1. Due to new legislation Non-UK residents must always present their Passport or National Identity card when applying for an account.

← Return to the Table of Contents for all EMI and API pages

19. ONGOING TRANSACTIONS MONITORING REVIEW

19.1. HIRETT implements fraud-screening tools to identify high-risk transactions. HIRETT makes check of high-risk Clients and Business Clients addresses. It helps to reduce fraud by comparing the addresses given by the Clients or Business Clients to high-risk addresses in HIRETT own negative files. HIRETT pays special attention to high-risk locations such as mail drops, prisons, hospitals, and addresses with known fraudulent activity.

19.2. HIRETT establishes velocity limits and controls. Every Client has its own limits per every payment (as max permitted transactions per day, week and month along with permitted transactions amount).

19.3. HIRETT will always seek to disrupt this activity by cooperating fully with the authorities and reporting all suspicious activity to National Crime Agency (NCA).

19.4. HIRETT pays special attention to ongoing monitoring of transactions, Clients behaviours in order to prevent all the possibilities of fraud and money laundering appearance. HIRETT monitors Client’s’ instructions and transactions to ensure that they are consistent with those anticipated, that possible grounds to suspect money laundering will be noticed and scrutinized, and that changes requiring a re-assessment of money laundering risk will be acted upon.

19.5. Transaction monitoring refers to the monitoring of Client transactions, including assessing historical/current Client information and interactions to provide a complete picture of Client activity. This can include transfers, deposits, and withdrawals. HIRETT uses software to automatically analyse this data.

19.6. The most effective approach to transaction monitoring in AML is to manually stop and interrogate every transaction completed by a Client. Only after this review would the transaction be authorised for completion.

19.7. While the sheer amount of resources required makes this a ridiculous proposition, some organisations could be exposing themselves to potentially greater levels of risk through the automated approach adopted for their transaction monitoring systems.

19.8. Following possible risks can be connected with Client who uses payment cards:

19.8.1. Cardholder uses a stolen card or account number to fraudulently purchase goods/services online;

19.8.2. Uncharacteristic transactions which are not in keeping with the Client’s known activities;

19.8.3. Family member uses payment card to order goods/services online, but has not been authorized to do so;

19.8.4. Cardholder falsely claims that he or she did not receive a shipment.

19.8.5. Alerts posed by business Clients or Merchants:

19.8.6. Unscrupulous Merchant employee steals Cardholder data and fraudulently uses or sells it for unauthorized use or identity theft purposes;

19.8.7. Selling illegal or defective products (brand piracy, child pornography, prescription narcotics);

19.8.8. Circumventing blacklisting by the Merchant Category Code. Especially in the credit card industry this is referred to as “miscoding”.

19.8.9. Geography Alerts:

19.8.10. High-Risk IP addresses;

19.8.11. Peaks of activity at particular locations;

19.8.12. Multiple cards used from a single IP (Internet Protocol) address;

19.8.13. Multiple payments done from one location.

19.9. HIRETT scrutinizes transaction flow throughout the course of any business relationship to ensure consistency with the knowledge of Clients, their business and risk profile. The MLRO conducts ongoing monitoring of all high-risk activity including Clients who regularly implements transactions for large amounts.

20. SUSPICIOUS ACTIVITY REPORTING

20.1. The Proceeds of Crime Act 2002 (POCA) requires (amongst other things) that when in the course of business, a member of staff of HIRETT comes across what is described as Suspicious Activity that it should be reported in the first instance to the MLRO.

20.2. There is no definitive list of what constitutes suspicious activity, however if the principles of KYC are rigorously applied then in the course of conducting business with the client sufficient information should be available, to make a judgment about what constitutes suspicious activity in each case. HIRETT has defined its own manual for detecting suspicious activities.

20.3. When suspicious activity is suspected, the following procedures will be followed:

20.3.1. The Employee suspecting should immediately make a written report or e- mail to the MLRO If urgent telephone first, then follow up with a written report;

20.3.2. No discussion with other Employees should take place. A record of the date and time of report should be recorded;

20.3.3. Acknowledgement of the receipt of the report should be obtained from the MLRO. This can be done via a receipt email from the MLRO;

20.3.4. New suspicion of the same Client means a new report must be made;

20.3.5. The MLRO is responsible for providing information and updates to the legislation, as and when they occur.

20.4. HIRETT consider any failure to comply with any of the relevant legal or regulatory requirements by any member of staff to be gross misconduct and will lead to immediate dismissal of that member of staff.

20.5. HIRETT employees could face prosecution if it is proven that nobody did make a report to our own MLRO, even though one had reasonable grounds for suspicion. HIRETT has made a SAR template available to staff, all reports must be made using this template to ensure consistency.

20.6. From the moment, a suspicion of money laundering arises no further work will be carried out on the matter that gave rise to the suspicion. Neither commercial considerations nor the difficulty in responding to the client’s enquiries on the matter shall be permitted to take precedence over the HIRETTs legal obligations in this regard.

20.7. In such circumstances, the MLRO shall act with all possible speed to enable work to continue, and assist staff in any communications with the client affected.

20.8. As soon as an Employee forms or becomes aware of a suspicion of money laundering, no further work is to be done on the matter giving rise to suspicion. If there is any likelihood of the Client becoming aware that work has stopped, for example because an anticipated transaction has not gone through, the member of staff concerned must contact the MLRO for instructions on how to handle the matter with the client.

20.9. On receipt of a suspicion report, the MLRO shall:

20.9.1. Instruct the originator of the report and any other staff involved to cease work on the matter giving rise to suspicion;

20.9.2. In the shortest possible time whether all work for the Client concerned should be stopped, or whether other work that is not the cause of suspicion may continue, and advise relevant staff accordingly;

20.9.3. Assist all affected staff in handling the matter with the Client so that no tipping off offence is committed;

20.9.4. When work for a Client has been stopped, the MLRO shall carry out the evaluation of the suspicion report as quickly as possible to decide whether a disclosure must be made to the authorities;

20.9.5. If the MLRO decides that there are not reasonable grounds to suspect money laundering, he will give consent for work to continue on his own authority;

20.9.6. If the MLRO decides that a disclosure must be made, he will request AML Department to prepare a report to NCA.

20.9.7. On giving consent to continue, either on his own authority or on receipt of notice of consent or implied consent from NCA, the MLRO will confirm this in writing to involved staff.

20.9.8. If consent is refused by NCA, the MLRO will take advice from NCA and consult with the Board of Directors of the HIRETT continuation of or withdrawal from the Client relationship.

20.9.9. The NCA has up to seven (7) days to confirm whether or not the transaction, for which a consent has been requested, can proceed – until the NCA gives consent, the transaction cannot proceed – it is frozen. In these circumstances, the staff member must be very careful that they do not ‘tip off’ the Client about the reason for the delay in processing the transaction.

20.9.10. Where the NCA gives notice that consent to a transaction is refused, a further thirty-one (31) day period (the “Moratorium”) commences on the day that notice is given. The thirty-one (31) days include Saturdays, Sundays and public holidays. It is an offence to undertake the transaction during this period as the participant would not have the appropriate consent. The Moratorium period enables the NCA to further their investigation into the reported matter using the powers within the POCA in relation to the criminal property (e.g. imposing a restraint order). If the Moratorium period expires and no such action has been taken, the reporter is free to proceed with the act(s) detailed in the initial disclosure.

20.9.11. It is important that all employees are properly trained and remain vigilant of potential money laundering. The report should be made as soon as reasonably possible – this should normally be within the first 24 hours after discovery

21. STAFF TRAINING AND AWARENES

21.1. The Regulations requires all financial institution ensure that all employees are aware of the AML/CTF & KYC policies and procedures that have been put in place to prevent HIRETT from being sued for money laundering or terrorist financing purposes. HIRETT must also take steps to ensure that all employees are aware of the requirements and their own obligations.

21.2. The AML/CTF & KYC policies and procedures are given to all employees to meet the foregoing requirement. The AML/CTF & KYC policies and procedures with its more detailed provisions are given to employees having dealings with or other contact with Merchants and Cardholders to further support this obligation.

21.3. Non-compliance with AML/CTF & KYC requirements may result in disciplinary actions. Before a decision with regard to disciplinary action is taken, the seriousness and merits of each case shall be appraised by the Board of Directors.

21.4. HIRETT develops ongoing employee training under the leadership of the AML Department, MLRO and Board of Directors. The training occurs on at least an annual basis. It is important, as part of ongoing staff training, to make staff aware of changing behaviour and practices amongst money launderers and those financing terrorisms.

21.5. Staff training on anti-money laundering and counter terrorist financial is carried out annually for all staff members, and details will be recorded and stored in the company achieve.

21.6. One of HIRETT’s key controls in mitigating the threat of being used for money laundering is having staff that is aware of and alert to the threat. All staff, whether on a full-time, part-time or contract basis, are made aware of our anti-money laundering policy, manual and the obligations arising from them for both themselves and HIRETT provides training on anti-money laundering.

21.7. These training comprising two key elements:

21.7.1. Induction Training – The MLRO is responsible for identifying relevant new staff that are required to undertake induction training within 45 days after requirement. The training is provided by the AML Department and/or MLRO or MLRO will engage external AML Advisors and is face to face training. The content of the training includes awareness training, covering Money Laundering and Terrorist Financing. Understanding of the subject matter is assessed throughout the training through case studies. Until a new member of staff has been signed off as competent no direct Client contact is allowed;

21.7.2. Refresher Training – all relevant staff must undertake face to face refresher training on annual basis. The training is provided by AML Department and/or MLRO or the MLRO will engage AML Advisors and assessment of staff understanding is carried out throughout the training.

21.7.3. HIRETT obtains acknowledgement from staff that they have received the necessary training by requesting staff to sign their attendance at training sessions. Overall monitoring of attendance is recorded manually and stored on the AML file. Certificate will be provided to each participant on successful completion.

22. RECORDS KEEPING

22.1. HIRETT has to retain the following documents and information in accordance with national law for the purpose of preventing, detecting and investigating, by competent authorities, possible money laundering or terrorist financing:

22.1.1. In the case of Client due diligence, a copy of the documents and information which are necessary to comply with the Client due diligence requirements, for a period of five years after the end of the business relationship with their Client or after the date of an occasional transaction;

22.1.2. The supporting evidence and records of transactions, consisting of the original documents or copies admissible in judicial proceedings under the applicable national law, which are necessary to identify transactions, for a period of five years after the end of a business relationship with their Client or after the date of an occasional transaction.

22.2. DD and transaction records:

22.2.1. HIRETT stores records of all transactions for 5 years from the conclusion of the transaction on behalf of our Clients or the end of the relationship. The records we must keep are:

22.2.1.1. Copies of or references to the evidence of the Client’s ID obtained under our DD requirements; and

22.2.1.2. The supporting evidence and records in respect of the business relationships and occasional transactions, which are subject of DD or ongoing monitoring. All records of DD documentation are scanned and upload into HIRETT’s operational system linked in the Client unique reference number.

22.3. Internal and External SAR records:

22.3.1. As previously indicated, all internal reports will be kept on the SAR file as opposed to the Client file. The report will be kept for 5 (five) years. In addition to this all SAR submitted including correspondence with FCA or HMRC will be kept for unlimited period of time.

22.4. Training records:

22.4.1. HIRETT maintains records of all AML training undertaken by staff, the date it was provided and the results of any tests if applicable. These records will be kept for 5 (five) years following the end of employment with HIRETT

22.5. Audit results:

22.5.1. All audit results must be kept for 5 (five) years following the date of the Board of Directors approval of them.

22.6. AML program audit and testing:

22.6.1. To provide reasonable assurance that AML program is functioning effectively, HIRETT conducts an audit of its AML program. Audit is conducting the on regular bases, at least every 12-18 months, if ML Risk assessment results will be rated as moderate, high or severe and every 18-24 months is the results will be rated as law and intermediate.

22.6.2. The main actions of audit will cover:

22.6.2.1. Examination of AML processes compliance with applicable Law and regulation;

22.6.2.2. Clients’ files review;

22.6.2.3. Incoming/outgoing transactions review;

22.6.2.4. Examination of representative documents to determine whether Client identification and verification procedures are being followed;

22.6.2.5. Whether DD and EDD are being properly applied;

22.6.2.6. Whether suspicious activity is being properly alerted investigated, escalated and reported;

22.6.2.7. Whether severance of a Client relationship;

22.6.2.8. Merchant including process into International Card Organizations blacklists (VMAS/MATCH) and scoring systems;

22.6.2.9. Reporting process to International Card Organizations;

22.6.2.10. Whether complaints process was initiated by the Client etc.

22.6.2.11. The audit results must be reported and appropriate action plan must be established and presented directly to the Board of Directors.

← Return to the Table of Contents for all EMI and API pages