Client on-Boarding Procedure | Anti-Money Laundering AML and KYC Lifecycle | Electronic Money and Authorized Payment Institution | Template for FCA Applications and Authorised Firms

← Return to the Table of Contents for all EMI and API pages

TERMS AND ABBREVIATIONS

1. AML KYC ONBOARDING LIFECYCLE

1.1. The AML KYC lifecycle involves three distinct phases that are listed and explained below:

1.1.1. AML KYC On-boarding process

1.1.2. Client Identification Program (CIP)

1.1.3. Client due diligence (CDD)

• Standard due diligence (SDD)
• Enhanced due diligence (EDD)

1.1.4. Account opening

1.1.5. Ongoing monitoring

1.1.6. Regular review

1.2. The first phase of the AML KYC on-boarding process is the Client Identification Program (CIP), which involves collecting and verifying information on natural person as a potential Client or as a UBO, representative of a legal entity.

1.3. For online verification CIP is performed with cooperation with KYC Service. The document verification and person identity verification processes are performed during this step. Upon completion the CIP Result is received, which is used further for decision making in the next step of AML KYC on-boarding process. CIP can be performed also in person (face-to-face) in manual mode, carried out by an Employee with support of external resources.

1.4. After CIP is passed, the next phase in the AML KYC on-boarding process is the Client due diligence (CDD) phase, which involves assessing the Client and determination as to whether that person or company should be given a low, medium, or high risk AML rating. During CDD the Client is checked against Screening lists. Also, the Client may be asked to provide additional documentation, especially relevant for legal entities.

1.5. Client risk assessment is incorporated into HIRETT’s AML KYC lifecycle (in accordance with the “Risk Assessment Procedure”) and during AML KYC on-boarding process it is performed in an automated mode for natural persons with CIP Result equal to “clear”, and with negative matching result against Screening lists. In all other cases, for both legal and natural persons, risk assessment is performed in a manual mode by an Employee.

1.6. In cases where a Client is deemed to pose a higher than accepted risk during SDD, the case is escalated to the MLRO or AML Compliance officer and then rejection can follow or enhanced due diligence (EDD) can be requested. EDD is performed by the Employee with support of AML System and in close cooperation with the potential Client. The industry best practices and new regulatory requirements are followed during this phase. EDD result should be approved by MLRO or AML Compliance officer.

1.7. Only after CDD/EDD has been approved, should an account be opened in accordance with financial regulations and requirements. Account opening is the final phase in the AML KYC onboarding process flow. In the event that the application poses too much of a risk, the next process is for the MLRO or AML Compliance officer to reject the application and close the opened account.

1.8. AML KYC lifecycle is continuous and ongoing monitoring, which consists of daily checks of the whole CBS Clients portfolio against Screening lists, as well as from instant checks of all incoming and outgoing transactions against Screening lists.

1.9. Depending on the risk assessment of the Client, there has to be an ongoing periodical review of the Client’s behaviour and registration information with updates to Client’s KYC Questionnaire. For high risk Clients, the standard process is to conduct a review annually. For low to medium risk Clients, conduct a review once in three years.

1.10. CLIENT IDENTIFICATION

1.11. HIRETT commences business relationship with

1.11.1. a Client natural person, if the Client is identified by KYC Service partner service or personally identified and a minimal Client due diligence (SDD) in accordance with requirements set out in the Procedure has been carried out.

1.11.2. a Client legal entity only if the Client is personally identified and Client due diligence (SDD/EDD) has been carried out in accordance with requirements set out in the Procedure.

1.12. An Employee shall verify the original personal identity documents, which the Client must exhibit personally, shall make copies thereof, carry out certification as to the accuracy of the copy, safe-keep the copy in the Client file, make digital copy and save it in CBS.

1.13. An Employee shall receive a Client’s KYC Questionnaire electronically or during a face-to face meeting.

1.14. If the Client is a legal entity or a natural person, acting in the interests of other person, we should receive a completed UBO card.

1.15. An Employee shall carry out identification of a representative of the Client in accordance with natural person identification requirements, as set out in the Procedure, and shall check his/her rights to represent the Client.

1.16. An Employee shall carry out verification of identification data of the Client, representative, UBO in the AML System in accordance with the procedure established in the manuals of the respective system and using information available in public information sources (e.g. internet, using the search engine “Google”, in state enterprise registers or registers of citizens, identity document databases).

1.17. Requirements for identity documents

1.17.1. Identity documents shall meet the following requirements:

• the document is valid (the term of validity of the document has not expired at the date of exhibiting);
• the document contains no evident signs of forgery, corrections, deletions or erasures;
• the document is not damaged (not torn up, not smeared with paint, not pierced, etc.)
• the natural person’s photo image on the document and other information (eye colour, height, etc.) must concur with the presenter of the document.

1.17.2. Upon reciept of legal documents from the Client, the Employee shall ascertain that those are legally valid in the Domestic territory.

1.17.3. A public document or the copy of document, that is not made in the Domestic territory by a sworn notary (or at a public officer equated to a sworn notary), shall meet the following requirements:

• the document shall meet the requirements specified in this Procedure;
• it shall be duly apostilled or legalized:

1) Apostille is required for documents issued in member countries of the Hague Convention of 5 October 1961;
2) legalization is required for documents issued in countries that have not joined the Hague Convention of 5 October 1961;
3) Apostille or legalization is not required for public documents issued in those countries with whom the government of the Domestic territory has concluded bilateral or multilateral agreements “ On legal assistance and legal relations in civil, family and criminal cases”; 4) legalization is not required if a document is issued in a member state of the European Union, the European Economic Zone, or the Swiss Confederation and the document is drawn up or authenticated by a public officer (a notary, etc.) of the country, within his competence, and in accordance with the established format.

1.18. Requirements for identification of a natural person

1.18.1. Natural person shall be identified by verifying the person’s identity against the Client’s original identity document.

1.18.2. When identifying a natural person, the visual similarity of the Client, who is exhibiting the person’s identity document, shall be compared with the person’s photo image contained in the document. In the event of any doubt or justified suspicions that the Client is not the same person as the one seen in the photo image, then the identification process shall be terminated. In case of KYC Service, if CIP Result is equal to “consider”, additional manual verification is required.

1.18.3. Upon verification of the person, verification of the personal data and person’s identity document data shall be carried out:

1) By parnter KYC Service for online verification or, in case of manual verification, by an Employee using AML system and publicly available internet websites of a relevant country, where the validity (invalidity) of a person’s identity document can be checked;
2) when commencing a business relationship, in CBS, by entering identification data in the Client profile, that automatically checks against locally stored Screening lists).

1.18.4. In respect of a Client, who has personal identity document issued abroad, we should make use, if possible, of that particular country’s databases, where a machine-readable zone number of the document can be checked.

1.18.5. For automated online verification, held by KYC Service, all the gathered natural person’s information shall be downloaded and stored in Client’s/Person’s profile in CBS.

1.18.6. For manual verification, the Employee:

1.18.6.1. shall check the Client’s identity document in publicly available registers, databases (e.g. shall compare and check the number of document submitted by the Client, ascertain that the document is not stolen, lost, irreversibly damaged, cancelled, or is not used by a third party, etc.).

1.18.6.2. shall use publicly available information (commercial databases, for example, AML System, that provides information on types and validity of personal identity documents in various countries).

1.18.6.3. shall pay attention to ascertain that the personal identity document is fully legally valid. The Employee shall ascertain that the personal identity document is valid and is not expired, not damaged and does not display indicia of fraud.

1.18.6.4. The Employee shall print out the information obtained during the verification of person’s identity document and personal data in publicly available sources and shall endorse the printouts by his/her own signature, indicating next to the signature his/her name, surname and the date, thereupon shall attach those to the Client file, or, if the person is not Client, attach those to a Person file. The digital copy of the signed printout shall be stored in Client’s/Person’s file in CBS.

1.18.6.5. If, when carrying out verification of information, the Employee establishes that the person’s document is invalid or dubious, or cannot be verified, the Employee shall terminate the person identification process and shall contact the head of his/her organizational unit, who shall decide on other ways of verification of the document (e.g. using of other, restricted access websites, involvement of security service, etc.) and, if necessary, shall inform the AML Department and shall act further in accordance with instructions from the AML Department.

1.18.7. Only a valid domestic or foreign personal identity documents hall be used for personal identification:

1) passport:

 Domestic or Foreign citizen passport;
 diplomatic passport;
 service passport;
 a stateless citizen travelling document;
 a refugee travelling document;
 a travelling document of a person, who has been granted alternative status in a domestic state.

2) person’s identity card (a personal ID card):

 identity cards of the European Union, European Economic Area state
 personal ID of an employee of a foreign diplomatic or consular representation office accredited in the United Kingdom, international organisation or its representation office, consular institution or a family member of such employee;

3) driving licence (UK only)
4) residence permit (UK only)
5) entry permit (UK only, for manual verification only).

1.18.8. Person’s identification shall be carried out based on a personal identity document, observing the following requirements:

1) it is valid;
2) an identity document shall contain the following information: person’s name, surname, date of birth, person’s photo image, personal identity document number and date of issue, a country and authority (institution) that issued the document;
3) visual image or selfie (for online identivication) does match the photo in the document;
4) it expires not sooner than one calendar month after the date of the identification;

1.18.9. a copy, paper and/or digital, of personal identity document and a copy of visa, or a residence permit, shall be made, since these testify to the person’s right to enter and/or reside in the country;

1.19. Requirements for identification of a legal entity

1.19.1. The Employee shall identify a legal entity by:

• obtaining documents testifying to the legal entity’s incorporation, state registration and actual legal status;
• obtaining information about the Client’s legal address;
• obtaining information about the Client’s legal and authorised (if any such persons represent the Client in the relationships with the HIRETT) actual representatives (e.g. board members, directors and holders of capital units/shares;
• identifying a person that is entitled to represent a legal entity in relationships with HIRETT, pursuant to requirements set out in this Procedure, and obtaining a fully legally valid document certifying the rights to represent the legal entity.

1.19.2. When performing identification of a domestic tax resident legal entity Client, Companies House service, supported by the UK government (http://www.companieshouse.gov.uk), shall be utilised. Additionally, the Employee shall obtain the documents that are specified in Annex 1 from the Client.

1.19.3. Client’s documents shall contain the following information:

• type of legal entity’s commercial activity;
• name;
• registration number;
• date of registration;
• legal address;
• company’s officials who are entitled to represent the legal entity in relationships with third persons;
• information on the legal entity’s governance structure;
• information on organizational structure of the legal entity, ownership rights and control structure;
• tax residence country and tax payer’s number, the Client’s asset structure (active or passive company), in order to determine FATCA status.

1.19.4. An Employee verifies Client’s incorporation, representation and ownership rights (incl. UBO) upon receipt of a printout obtained from the European Business register or other Register. The Employee shall make note “Verification is completed”, date and sign the printout (specifying his/her name and surname next to the signature). In this event, in addition, only identification of the Client’s representative shall be performed. The printout shall be scanned and stored in the CBS.

1.19.5. When performing identification of a non-domestic tax resident legal entity Client, the Employee shall receive the documents that are specified in Annex 1 from the Client.

1.19.6. Non-domestic tax resident Client’s documents shall contain the following information:

• type of legal entity’s business activity;
• name;
• country of registration;
• registration number;
• date of registration;
• legal address;
• confirmation of the actual legal status, unless it can be checked in publicly available source of information;
• list of company officials who have the right to represent the legal entity in business relationships with third parties;
• information on legal entity’s governance structure;
• information on owners of legal entity’s holdings/shares, information (substantiation) about UBO of the legal entity;
• information regarding the country of tax residence and taxpayer number, structure of the Client’s assets (active or passive company), in order to determine FATCA status;

1.19.7. During identification process, the Client shall be represented by a person entitled to represent the Client and identified in accordance with requirements for identification of a natural person, as set out in the Procedure.

1.19.8. In the event if the Client, the legal entity Client, that is not a domestic tax resident, has been operating for a long period of time (at least one year), it is necessary to additionally obtain documents that reaffirm the validity of data obtained in the course of the Client identification and such documents must be issued not earlier than one year before the commencement of business relationship (e.g. by requesting the Client to submit a reference from the register, that should be issued not earlier than one year ago, about the Client’s status or any other type of reference covering information about the Client’s status (active or dissolved company) and structure (e.g. Incumbency Certificate, Certificate of Good Standing).

1.19.9. If the Client, that is a legal entity, has another legal entity acting as its director, the Employee shall pay a particular attention to this case, and also assess the status of that legal person (active or dissolved company).For verification of the status, the Employee shall request the Client to submit document confirming signing authorities of that legal entity’s (Client’s director’s) representative, along with a document (being not older than one year) confirming the legal status of the company (the Client’s director and/or shareholder), e.g. Incumbency Certificate, Certificate of Good Standing, reference from the Enterprise Register;

1.19.10. Additionally, for identification of UBO of a very high risk Client, that is a Shell Arrangement, and that has legal entity nominee shareholders, the Employee shall obtain documents that were issued not earlier that one year ago and affirm the active status of the nominee shareholders (e.g. Incumbency Certificate, Certificate of Good Standing, reference from the Enterprise Register).

1.19.11. The Employee has the right to obtain documents certifying establishment or legal registration of the legal entity Client, from a publicly available credible and independent source of information, from commercial register databases of particular countries, for example:

 United Kingdom: http://www.companieshouse.gov.uk;
 Ireland: http://www.cro.ie
 Cyprus: http://www.mcit.gov.cy/mcit/drcor/drcor.nsf/index_en
 Luxembourg: http://lbr.lu
 Switzerland: http://www.zefix.ch

1.19.12. An HIRETT employee shall verify information on the Client, its representatives, authorised persons and the Client’s key business partners in the CBS, against HIRETT’s Screening lists (the “Black List”, Sanctions List, etc.) by data (by name, surname, personal identity number, in respect of legal entities – by company name, register number, address). In the event of any data matching information on HIRETT’s Screening lists, the Employee shall submit Client file/information to MLRO or AML Compliance officer via e-mail, and MLRO or AML Compliance officer shall check the circumstances of data matching and decide whether Client identification and due diligence may be continued. The Employee is allowed to carry out verification of the Client’s incorporation, legal status, representation (a legal representative’s) right and property rights (the UBO) only by using information that is checked in reliable and independent publicly available sources of information (e.g. foreign register of enterprises); such information should be printed out and should bear the note “Verification completed”, be dated and signed by the Employee (indicating the name and surname next to the signature). In that event, the Client shall not be required to present legal documents, Articles of Association, Memorandum, rights of representation, since these facts can be verified in a public register. Only identification of the Client’s representative shall be carried out in addition to the above. The printout shall be scanned and stored in the CBS.

1.20. Identification of the Client’s representative

1.20.1. HIRETT Employee shall perform identification of the Client’s legal or authorized representative (who is entitled to represent the Client by law, on the basis of the Articles of Association or a Power of Attorney), in accordance with requirements for natural person identification, after obtaining legal grounds – on what basis and to what extent the Client’s representative may represent the Client.

1.21. Identification of legal representative

1.21.1. A legal representative of a Legal entity or a partnership shall represent the Client on the basis of law, the Articles of Association, Memorandum, Operating Agreement, and shall be appointed in accordance with an internal document of this legal entity or partnership and registered in the Enterprises Register of a relevant country, if required by local law.

1.21.2. The following persons may act a legal entity’s legal representative with representation rights:

• chairman of the board or a board member with the rights to represent the legal entity individually;
• several board members with the rights to represent the legal entity jointly;
• director or executive director;
• other person entitled with the representation rights.

1.21.3. The following persons may act as legal representative of a natural person:

• parents (for minors);
• guardian (person designated or approved in accordance with the procedure established by law to secure protection of child’s rights and interests);
• trustee (designated by court’s decision).

1.21.4. If a legal representative of a natural person Client wishes to open an Account on behalf of the Client and to manage the funds in that Account or to carry out other actions, then the Employee shall require the representative to present the following documents, thereupon the Employee shall verify and make copies of those:

• respective original decision of the domestic custody court that contains information about the representative and the natural person Client’s property, which the legal representative has the right to manage. The mentioned requirement does not apply in the event when an account in the name of a minor is being opened by the minor’s parents, though the custody court decision is necessary if the parents are wishing to manage funds held in the account;
• identity document of the representative, and if the Client is a minor, then an original birth certificate.

1.21.5. If there has been a decision by a foreign institution or a copy of decision, notarised abroad has been received, or if the Employee has any doubts about the validity of the decision, the Employee shall forward this decision to MLRO or AML Compliance officer in the form of a document or electronically, in the form of a scanned document, and only upon receipt of a positive acceptance from MLRO or AML Compliance officer, the Employee shall be allowed to accept it, and to enable the representative to represent the Client. An acceptance issued by MLRO or AML Compliance officer may be provided electronically in CBS, via e-mail, or by making a note on the other page of the document that has been submitted for consideration.

1.21.6. An Employee shall make digital copy of the representative’s identity document and the decision, received from the Client, as well as Signature specimen Card, and shall attach the copies to the Client file.

1.22. Identification of an authorised person

1.22.1. An authorised person of a legal entity may represent the entity on the basis of a valid Power of Attorney that may be executed in the following way:

• by notary or by other means, equated to notarized certification in the respective country (i.e. there should be a public notary certification of the Power of Attorney issuance and the authenticity of signature of the person, who has issued said Power of Attorney, along with certification of that person’s rights to sign the Power of Attorney on behalf of the legal entity);
• by filling in an authorization document, in the presence of the Employee and according to the Form “Power of Attorney for Legal Entity”;

1.22.2. An authorised person of an natural person represents the Client on the basis of a Power of Attorney, that may be executed as follows:

• by a notary or in any other way equated to notarized certification in the respective country (i.e. there must be a public notary’s certification of the issuance of the Power of Attorney and the authenticity of signature of the person who issued said Power of Attorney);
• By filling in an authorization document in the presence of the HIRETT Employee, according to the form “Power of Attorney for a Natural Person”.

1.22.3. Power of Attorney issued by the Client to the Employee is to be checked in accordance with the requirements determined for Client identification documents.

1.22.4. If a Power of Attorney, issued in the form approved by HIRETT, was submitted in the presence of an Employee of HIRETT, that Employee shall identify the Client and its authorised person, ask the Client and its authorised person to present, in person, their personal identity documents, of which the Employee shall make copies. The Client shall sign the Power of Attorney in the presence of the Employee.

1.22.5. A notarized Power of Attorney may be submitted by the Client itself or by its authorised person, and it shall state an authorization to represent the Client in any legal relationships with the HIRETT, to the same extent as it is done by the Client, or the Power of Attorney shall be a universal / general Power of Attorney.

1.22.6. HIRETT shall not accept an authorization if the authorization is not executed in accordance with the requirements of HIRETT, is not sufficiently clear or evident, or due to any other important reasons according to the opinion of HIRETT’s Legal Department or AML Department. A notarized Power of Attorney must contain a notary’s certification of the legal capacity of the Client (of the issuer of the Power of Attorney).

1.22.7. If a Power of Attorney is notarized abroad or if the Employee has any doubts whether the extent of the authorization is sufficiently wide or about the validity, then the document must be submitted, in the form of a document or electronically in the form of a scanned document, to the Legal Department, and only upon receipt of a positive accept from the Legal Department the Employee shall have the right to accept said POA, and to enable the authorised person to represent the Client.

1.22.8. An authorization for the authorised person is valid up to the expiry of the term specified in the authorization or up to the date when HIRETT has received a written revocation from the Client or from the authorised person, and has registered it in the CBS.

1.22.9. After verification and additional verificationthe Employee shall enter information about the authorised person in CBS.

1.22.10. The Client shall scan the copy of identity document of the authorised person and legal documents, received from the Client, on the basis of which the Client’s authorised person represents the Client, a Signature Specimen Card, and shall attach those to the Client file.

1.23. Client Re-identification and Updating of Identification Data

1.23.1. The Employee shall ascertain the accuracy of the Client identification data and, if necessary, shall perform a repeated Client identification.

1.23.2. Client identification data should be updated in the following cases:

• during Client supervision and servicing process, in order to ascertain whether the identification documents submitted by the Client previously are still in force (valid) and the Client’s or its representative’s status has not changed;
• if term of Client or its representative authorities has ended; the term of authorization of the Client or the Client’s representative has expired;
• if the effective date of restrictions of the extent of representative’s rights or the effective date of restrictions of the scope of rights is due;
• if there are any suspicious related to ML/TF;
• if the Client wishes to use HIRETT’s new products or services, which the Client has not been previously using and which are not incidental to the Client’s personal or economic activity, and this causes suspicions of ML/TF;
• if there are any doubts regarding the credibility of previously obtained Client identification or due diligence data;
• if it has become known that data of the Client or that of the Client’s representative(s) has significantly changed:

1) identity data has changed (e.g. surname, personal number);
2) person’s identity document has been changed;
3) significant changes in the registration (foundation) documents of the legal entity Client took place;

– legal representatives (e.g. board members, directors) of the Client or authorised representatives (e.g. procurator, authorised person) have changed;
– Client’s UBO or participants or shareholders have changed;
– Client’s legal address has changed;
– Client’s name has changed;

4) in respect of a legal arrangement – a trust or a provider of trust services (trustee/s) have changed;

5) any other significant changes in the Client’s or its representative’s documents (e.g. the form of commercial activity has changed, insolvency has been registered, etc.).

1.23.3. When carrying out repeated identification of the Client or its representative, the Employee shall register any changes occurred in the Client identification data in HIRETT’s information systems pursuant to the procedure stipulated in the user guides for these systems.

1.24. Identification of the Ultimate Beneficial Owner

1.24.1. The Employee shall identify a Client’s UBO in the events if:

• the Client is the legal entity;
• in respect of natural persons, if it is known or there are any suspicions that the transaction is carried out in the interests of other person or by order of other person.

1.24.2. Before starting business relationships with the Client, the Employee shall identify the Client’s UBO, obtaining at least the following information:

• name, surname, date of birth, the number and date of issue of the personal identity document, the country and the state authority that issued the personal identity document.

1.24.3. An Employee shall obtain a copy of foreign UBO’s Personal identity document, in order to ascertain that the obtained UBO identification information is credible and the UBO is a real person.

1.24.4. An Employee shall obtain the UBO Card, duly signed by the Client or hand-signed by the UBO himself.

1.24.5. The Employee shall identify the UBO by obtaining the information required for UBO identification by at least one of the following ways:

• by receiving UBO Card signed by the Client;
• by using information or documents received from information systems of the UK or foreign countries;
• When identifying the UBO, an Employee shall document his conclusion in the UBO Identification Act, in free format, in the event if information about the UBO cannot be obtained in other way. MLRO or AML Compliance officer shall decide on the validity of this conclusion. The obtained information about UBO shall be entered in CBS, and the supporting documents shall be attached to the Client file.

1.24.6. When identifying a legal entity Client, the Employee shall obtain a signed UBO Card from Client’s representative, which must contain data for identification of the UBO down to the level of a natural person. In the UBO Card, the Client’s UBO or the Client’s representative shall specify the UBO’s residential address, but in respect of those Clients who specify that their assets structure is “passive”, information regarding the UBO’s tax residence and UBO’s taxpayer number should also be specified. The UBO Card may be filled in manually and/or electronically.

1.24.7. When identifying the UBO for legal entities, it is required to find out only the percentage breakdown of the capital holdings, however it does not mean that a person who holds at least 25 percent of the Client’s capital is the Client’s UBO. The UBO may also be another person, a third party. If the Employee is not able to establish the identity of a natural person who owns at least 25 percent of holdings in the Client’s capital, the Employee shall establish the identity of a person who exercises control over the Client’s activity or on whose behalf and/or in whose interests the business relationships have been established. The Employee shall perform measures, commensurate with Client’s ML/TF risks, in order to establish the identity of a person who exercises control over the Client.

1.24.8. In the event where one natural person holds the majority of capital shares (51% and more), it may also be necessary to establish the identity of other natural persons who have holdings in the Client’s capital. If the Employee has any doubts that a person who holds the majority of capital shares is the person who controls the Client, and a high ML/TF risk is inherent to the Client, then it is also required to confirm the identity of other persons, and assess those, who hold shares in the Client’s capital, with the aim of establishing the identity of the person who ultimately controls the Client. It is also important to confirm the identity of any other holders of capital shares, in the case where capital shareholders have the right to represent the Client individually or together with other persons, since shareholders exercise control over the Client through the rights of representation. Therefore, the Employee shall evaluate who of the holders of capital shares have control over the Client (e.g. five natural persons each hold 20 percent in the capital and there are three of five shareholders, each having the right to represent the Client individually).

1.24.9. If the Client’s ML/TF risk is identified as a high risk, or if the Employee has any doubt as to the information about the UBO, as provided by the Client’s representative, or any risk reducing measures have been applied to the Client, the Employee shall require the respective UBO’s signature, hand-written by the UBO himself, on the UBO Card signed by the Client’s representative, or shall perform a face-to-face identification of the UBO.

1.24.10. If Enhanced Due Diligence has been applied to the Client, the Employee shall obtain an additional information on the UBO, including:

• information describing the financial situation of the Client’s UBO and supporting legal documents or the data and materials from publicly available sources of information. If information about the UBO is obtained from publicly available sources of information, then the Employee shall print it out and sign (indicating the name, surname) and date;
• information about UBO education, family status, personal property, occupation, (job) position;
• other information describing the origin of UBO’s funds.

1.24.11. The Employee shall obtain, document and assess supporting information about the Client’s UBO, including UBO declaration signed by the Client or the UBO, copies of personal identification documents, as well as other certifications (e.g. HIRETT’s statements testifying to the turnover of funds and financial instruments in the accounts controlled by the UBO, extracts in land registers regarding real estate owned by the UBO, extracts from transport registers regarding high net worth transport vehicles owned by the UBO, etc.).

1.24.12. In respect of Clients for whom initial enhanced due diligence prior to commencing business relationships or an enhanced due diligence during business relationships is to be performed, the Employee shall conduct additional activities in order to ascertain that the person specified as the UBO is indeed the actual UBO. For this purpose one or several of the documents specified bellow may be required:

• references or extracts from real estate registers or other property registers (land registers, Road Traffic Safety Directorate, ship register, etc.);
• extracts or references from enterprises (commercial) registers on capital shares held by the UBO;
• information about UBO-owned securities;
• references or information about the UBO’s place of employment, positions held, occupation, profession, education, etc.;
• information about UBO’s income level and type (salary, dividends, etc.);
• UBO’s tax declarations;
• agreements concluded by the UBO with companies;
• documents testifying to receipt of an inheritance or a gift;
• documents certifying the alienation of UBO-owned property;
• letters of reference (recommendations) from other HIRETT clients who provide services to the UBO;
• any other documents or information testifying to the UBO’s financial situation and the sources of its funds;
• UBO Card, hand-signed by UBO himself.

1.24.13. The Employee shall attach information on the UBO, which is at HIRETT’s disposal, to the UBO Card in the Client file.

1.25. Identification of Politically exposed persons (PEP) and their close associates

1.25.1. When starting business relationships with a Client, the Employee, while performing risk-based approach measures, shall ascertain whether the Client or its UBO is a PEP or a PEP family member, or a close associate of a PEP (hereinafter – the PEP).

1.25.2. Politically Exposed Person (PEP) status can be assigned to natural persons, only if they correspond to the status of a PEP, a PEP family member or a close associate of a PEP.

1.25.3. If the Client has self-declared himself/herself as a PEP, a family member of a PEP or a close associate, or a business partner of a PEP or if, during the course of verification, HIRETT obtains information testifying to the person’s matching the PEP status – the Employee shall terminate cooperation with the Client.

1.25.4. Persons with PEP status can be subdivided into:

• natural persons, who were recognized as PEPs, or family members of a PEP, or close associates of a PEP, shall be classified as PEPs, based on information submitted by the Client, that shall be verified by the HIRETT, or based on any other reliable information obtained by HIRETT under the due diligence procedure;
• legal entities shall be classified as Clients, whose UBO is a PEP, if the Client’s UBO corresponds to PEP status, if such person’s PEP status has been established while conducting verification in internal and external PEP lists;
• legal entities shall be classified as Clients that have a close association with a PEP – if it has been established that the Client’s Authorized persons, key business partners, or UBO(s) have close association with a person who corresponds to the PEP status, or there are any other indicators that testify to the same.

1.25.5. An Employee, who has the appropriate system user (access) rights, shall perform verification of the personal information in the CBS system (in respect of new Clients, new persons) and shall make use of the following information resources:

• special international databases (business information and research tools), which hold and update information on PEPs and to which HIRETT has access (AML System, KYC service, Screening lists);
• internet resources (websites), including:

https://www.cia.gov
http://www.europarl.europa.eu
http://www.google.com
http://www.yahoo.com

1.25.6. Information obtained from a respective register or a publicly available source of information shall be attached to the Client file.

1.25.7. An Employee shall perform verification of PEP information also through the use of other publicly available sources of information, in particular: income declarations of public officials, information on real estate properties, etc. – such information and the obtained results shall be attached to the Client file. When obtaining information from publicly available sources, the Employee shall ensure that all printouts bear the date and the name of source of information, as well as the Employee’s signature (along with Employee’s name and surname next to the signature).

1.25.8. If the Client has not indicated his/her PEP status, but the Employee has information that shows to the contrary, the Employee shall verify this information and submit it to the AML Department to make a determination regarding that Client’s status. An Employee shall decide on the necessity of assigning of the PEP status and shall forward his conclusion to the MLRO or AML Compliance officer for taking decision on starting/continuing/refusing cooperation. The decision, along with the documents with supporting information, shall be attached to the Client file. In the event of a positive decision, the AML employee shall immediately, not later that on the next business day, assign PEP status to the Client in CBS, and terminate cooperation – start Client deactivation process (change activity status to inactive, close accounts, disable users).

1.26. Identification of a Group of Clients

1.26.1. In order to assess a ML/TF risk that may be posed to HIRETT due to transactions conducted by HIRETT for a Group of Clients, the Employee shall evaluate the following information about the existence of the group of mutually connected Clients:

• if the Client itself submits information on the Group of Clients, participants, UBO(s), authorised persons, and business partners thereof, and specifies the purposes of creation of that Client group;
• AML Department detects the existence of a mutually connected Client group in the course of cooperation, while analysing information (legal documents, agreements, etc.), provided by the Clients, and transactions carried out by the Clients.

1.26.2. When performing Client due diligence, the Employee shall obtain information and verify whether the Client, together with another Client, constitutes a Group of Clients. The Client’s UBO shall be considered as the main criterion for identifying a group of mutually connected Clients. Each Group of Clients operates on behalf and in the interests of the UBO. The following patterns of mutual connections between a Client group and the UBO are considered to be the most common and justified patterns to be used for identifying Groups of Clients:

• two or several Clients have one and the same UBO;
• UBOs of two or several Clients are connected with close business interests and mutually linked transactions, or
• their mutual connections are defined by circumstances under which it becomes clear that the Clients have got united with the common aim of achieving economically justified commercial purposes;

1.26.3. When performing Client due diligence, applying a risk-based approach, the Employee shall ascertain that there are no indicators that may testify to the existence of a group of mutually connected Clients:

• one of the Clients directly or indirectly controls other Client(s);
• two or several Clients have one and the same UBO, or are related by kinship (spouses, children, parents, etc.);
• Clients have common contact information (actual address, phone number, e-mail);
• Clients share the same authorised person;
• mutual transactions of the Clients make up at least 30% of the Client’s monthly turnover, on a regular basis;
• other factors suggesting possible close mutual connection.

1.26.4. In the event, when two or more Clients are detected to have an indicator of Group of Clients, which is to be assessed, e.g. UBO’s kinship, the same authorised representative or the same contact details, the Employee shall verify revealed indicators and, if necessary, obtain additional information, considering the indicators which may testify to the existence of a Group of Clients;

1.26.5. For instance, if the Employee has detected several Clients, which have the same actual address, the Employee shall find out what kind of building is situated at that particular address and whether it is an office building rented out to companies. In this case, the Employee shall assess if there are any connections between those Clients (e.g. it is planned to conduct mutual transactions), in order to establish whether the Clients shall be recognized as a group of Mutually related Clients.

2. DUE DILIGENCE OF CLIENT ACTIVITY PRIOR TO ENTERING INTO BUSINESS RELATIONSHIP

2.1. When performing identification and due diligence for a prospective Client, the Employee shall pay particular attention to the ML/TF risk increasing factors, the purpose behind incorporation of the legal entity Client, the purpose of using thereof, which is to be clear and economically justified. In order to ensure fulfilment of these tasks, the Employee may use the following:

• documented information about the Client’s previous economic/personal activity;
• documented information about the latest Client’s or the Client’s UBO’s economic or personal activity, as well as information about business partners of the Client;
• schematic image of the Client’s cooperation with business partners;
• any other adequate and credible information that, in accordance with the procedure, the Employee shall obtain with the aim of establishing the origin and turnover of funds.

2.2. The Employee, on the basis of the Client’s ML/TF risk assessment, shall obtain and document the following information:

– the purpose of business relationships and envisaged essence thereof;
– what services the Client intends to use;
– what is the origin of the Client’s funds;
– the volume and quantity of planned transactions;
– what is the Client’s personal or economic activity, within which the Client will use the respective services.

2.3. Due diligence of the Client’s personal activity.

2.3.1. The Employee shall perform a due diligence of the Client’s personal activity on the basis of information that the Client provides in the KYC Questionnaire.

2.3.2. The Employee shall require and obtain the KYC Questionnaire from all prospective Clients.

2.3.3. It is a duty of the Employee to provide to the Client explanations on the necessity and reasons of requesting the information in the KYC Questionnaire.

2.3.4. By submitting the KYC Questionnaire, the Client confirms the authenticity of information provided therein.

2.4. Due diligence of the Client’s economic Activity

2.4.1. The Employee shall perform a due diligence of the Client’s economic activity on the basis of information that the Client provides in the KYC Questionnaire.

2.4.2. The Employee shall request and obtain the KYC Questionnaire from all prospective legal entity Clients.

2.4.3. It is a duty of the Employee to provide to the Client explanations on the essence, necessity and reasons of requesting the information in the KYC Questionnaire.

2.4.4. The Employee shall check whether the type of the Client’s activity needs to be licenced, has any restrictions imposed, particularly ascertaining that the Client’s activity is not linked with a potential violation or a circumvention of sectoral sanctions, proliferation of mass destruction weapons, or that the goods, services, technologies or substances are not included in the dual-use lists.

2.4.5. By submitting the KYC Questionnaire, the Client confirms the authenticity of information provided therein.

2.4.6. In any case, whenever in the course of a due diligence any doubts arise in respect of information submitted by the Client, the Employee shall request the Client to provide documents supporting the Client’s economic activity, among others: contracts, waybills, customs documents, etc., and shall draw up a pattern of the Client’s business activity and analyse its economic justification thereof.

2.5. Due diligence of the origin of the Client’s funds and wealth

2.5.1. When performing a due diligence of the origin ofthe Client’s funds and wealth testifying to the financial situation of the Client, the Employee shall use information submitted by the Client in the Client KYC Questionnaire, including a confirmation of the legality of origin of funds being credited to the account, as provided to HIRETT.

2.5.2. The Employee shall conduct verification of the credibility of information on the legality of origin of funds and wealth, that testifies to the Client’s financial situation, prior to starting cooperation, and this shall be done on the basis of information submitted by the Client in the KYC Questionnaire, as well as on the basis of any obtained documentary evidence thereof.

2.5.3. As a proof of credibility, the Employee shall use references or extracts issued by the following competent institutions:

• references or extracts from real estate registers;
• references or extracts from registers of enterprises (commercial registers) about owned shares or holdings;
• information about securities owned by the Client;
• information about Client’s place of work, positions held, earnings, occupation, education;
• Client’s tax declarations;
• financial documents of companies where UBO has significant holdings;
• agreements concluded by the Client;
• documents certifying receipt of an inheritance or a gift;
• information about the Client from publicly available information sources. The Employee shall print out, date and sign the obtained information, specifying his name and surname next to the signature;
• a letter of reference from other HIRETT’s clients that provide services to the Client;
• other documents or information certifying the Client’s state of wealth and sources of funds.
• A comprehensive verification of data credibility must be conducted for those Clients who or whose planned transactions and requested services pose an increased ML/TF risk, as well as in all events, where there are any doubts regarding the completeness or accuracy of the information provided by the Client.

2.6. Analysis of the Client’s cash flow

2.6.1. The Employee shall perform an analysis of the Client’s cash flow on the basis of information submitted by the Client regarding its economic activity (profile, volumes, main business partners, sales markets, etc.).

2.6.2. In the event when the Client, the Client’s planned transactions or requested services, pose an increased ML/TF risk, the Employee shall perform a comprehensive analysis of the submitted information. In all events if, in the course of the analysis, arise any doubts about information submitted by the Client, the Employee shall request the Client to provide documents supporting cash flows, including: contracts, waybills, customs documents, etc., and, where necessary, shall draw up a graphic pattern of the Client’s cash flows.

2.7. Verification and documentation of the Client’s information

2.7.1. Upon receipt of all required documents from the Client, the Employee shall perform the following actions:

• to the extent possible, by using publicly available registers and the internet (Google, special websites), the Employee shall check information submitted by the Client and check all persons referred to in the Client’s documents (its representatives, UBOs, business partners and their UBOs); shall analyse obtained information, paying a particular attention to negative information; shall print out obtained information and mark with a colour highlighter those sections where the Client or a person referred to are mentioned; shall date those print-outs, sign (specifying one’s own name and surname next to the signature), specify the source of information, if it does not appear on a printout, and the type of connection with the Client,

e.g. “UBO’s experience”, “Client Project”;

• shall check the Client and all persons mentioned in the Client’s documents (representatives, UBOs, business partners and their UBOs) in the AML System, and Screening lists;
• shall enter the Client information in CBS, by creating the Client risk profile;
• shall document results of the Client due diligence, enhanced Client due diligence in CBS, in Section appropriate to the Client’s risk level, specifying a justification for one’s conclusion and documents on which the conclusion is based;
• to the extent possible, in respect of non-resident Clients, whose risk category is identified as higher than moderate, the Employee shall verify the existence of contact information and existence of the address, as specified in the Client’s KYC Questionnaire and its UBO Card, and shall document the obtained results respectively.

2.8. An Employee shall compile all information received from the Client, along with results of the due diligence and analysis, and shall upload it into the Client file in CBS.

2.9. An Employee shall ensure that any KYC Questionnaires and forms, used for KYC purposes, contain decisions/resolutions and signatures of all Employees who have been involved in the Client due diligence and decision-making process.

3. INITIAL ENHANCED CLIENT DUE DILIGENCE PRIOR TO COMMENCING OF COOPERATION

3.1. The level of the Client ML/TF risk shall provide for the scope and procedure for the Client due diligence or enhanced Client due diligence, that should be applied to Clients before starting cooperation. An initial enhanced Client due diligence is the scope of activities, based on the risk assessment, that are to be performed, in addition to the Client due diligence, before starting cooperation, in order to:

3.1.1. establish the identity of the UBO, to ascertain that the person specified by the Client as its UBO is indeed the Client’s UBO;

3.1.2. conduct an enhanced due diligence of the Client’s personal or economic activity.

3.2. Initial enhanced Client due diligence must be performed in each and every case, in accordance with the “Risk Assessment Procedure”.

3.3. In all cases where the Client’s matching of increased ML/TF risk criteria has been established, that automatically subjects the Client to enhanced due diligence, and the Employee shall perform the initial enhanced Client due diligence prior to commencement of cooperation, which shall include the following actions:

3.3.1. shall obtain additional information on the type of the Client’s business or personal activity, on the origin of funds, existing and envisaged cooperation with HIRETT, as well as the information on the Client’s key business partners, the nature of business relationships, volume of planned transactions, place of business, or the place of the Client’s residence (the Client’s actual address);

3.3.2. shall ascertain the Client UBO, if the Client is a legal entity or if it is known or any suspicions arise that the Client has established business relationship with HIRETT in the interests or by order of other person;

3.3.3. shall ascertain, according to publicly available information, whether the Client, the Client’s authorised person or the UBO have not been previously convicted or suspected of fraudulent activities, legalization of criminal proceeds or an attempt thereof. The obtained information on conviction or on suspicions of fraudulent activities, legalization of criminal proceeds, or of an attempt thereof, shall be printed out, signed (indicating the name, surname next to the signature) and dated by the Employee, and the Employee shall also specify the source of the information (if not specified). Digital copy shall be stored in Client’s profile in CBS. After such information is discovered, in order to establish business relationship with such Client, the Employee shall obtain MLRO’s or AML Compliance officer’s approval.

3.3.4. the Employee shall obtain and document supporting information about the Client’s UBO, including the UBO card signed by the Client or the UBO, copies of personal identity documents, as well as other documentary evidence (e.g. HIRETT statement certifying a turnover of funds in accounts controlled by the UBO, excerpts from the Land Registers regarding real estate owned by the UBO, excerpts from transport registers regarding high net worth motor vehicles owned by the UBO, etc.);

3.3.5. if the Client, whose personal or commercial activity is not linked to the UK, wishes to establish business relationship with HIRETT, we should properly identify the reasons for this, and documentary assessment of the validity of explanations submitted by the Client should be provided;

3.3.6. shall ascertain that the Client has the licence, special permission, or is registered at the respective competent state authority, if it is legally mandatory for conduct of the activity declared by the Client;

3.3.7. shall request a legal entity Client, that issues or is entitled to issue bearer shares / capital securities (as is the case e.g. with Swiss AG/SA type companies), to provide a confirmation in writing to ensure continuous awareness for HIRETT of any possible change(s) of the Client’s UBO(s), at all times during cooperation with HIRETT;

3.4. Apart from the final conclusions of due diligence, facts, circumstances and approaches for assessment thereof that have been utilised to come to the respective conclusion must also be specified.

3.5. If it is established that a prospective Client is a payment services institution, electronic money institution or the Client is planning to provide payment services to other persons, then AML Department shall carry out the initial enhanced Client due diligence.

4. CLIENT ML/TF RISK ASSESSMENT

4.1. Classification of the Client’s risk is to carried out with the aim of assessing possible ML/TF risks that can be posed to HIRETT in the course of provision of financial services to the Client and determining the measures to be taken by the HIRETT to restrict and reduce those risks.

4.2. The procedures for determination of the Client risk profile and risk category are established in the “Risk Assessment Procedure”.

4.3. In order to determine the scope of the Client due diligence to be performed, the Employee shall perform assessment of ML/TF risk increasing factors and shall determine the Client risk profile.

4.4. The Client risk profile and risk category shall be determined and changed according to the procedure established in the “Risk Assessment Procedure”.

4.5. Client ML/TF risk categories

4.5.1. HIRETT CBS classifies Clients into the following ML/TF risk categories:

• Low risk;
• Medium risk;
• High risk.

4.6. The Client’s ML/TF risk category shall be assigned in line the information obtained during the Client due diligence.

4.7. The Client’s ML/TF risk category determines the procedure for taking decisions regarding commencing, maintaining and ceasing of cooperation with the Client.

4.8. In the course of cooperation, the Client risk category may be changed in line with identified ML/TF risks and the Client risk profile in the CBS.

4.9. Client risk influencing factors and indicators

4.9.1. Client ML/TF risk assessment is based on “risk based approach” principles, as determined in the AML/CTF & KYC Policy, and it provides for identification of ML/TF risks for all Clients, with whom HIRETT has established business relationships, by assessing those in the following risk segments:

• Client risks;
• Country and geographical risk;
• Risk of services and goods used by the Client;
• Risk of services and goods delivery channels.

4.10. The Employee shall determine Client’s ML/TF risk factors according to the indicators specified below, and, whenever those are detected, shall register them in the CBS Client Profile.

4.11. When assessing Client related ML/TF risk, the following Client risk affecting factors are to be taken into consideration:

• Client’s or Client UBO’s economic or personal activity;
• legal form, ownership structure and behaviour of the Client;
• Client’s or the Client UBO’s reputation.

5. CLIENT RISK PROFILE

5.1. Client risk profile shall be identified by the Empolyee that discoveres the Client ML/TF risk category, in accordance with the procedure as follows:

5.1.1. Upon receipt of all necessary Client’s documents, and verification of the person’s identity and data, the Employee shall complete the CBS Client risk profile (KYC Questionnaire), assess and specify the Client ML/TF risk level, according to ML/FT risk factors and classification thereof, as described in the “Risk Assessment Procedure”;

5.1.2. An Employee shall obtain information that describes the Client, by using information contained in legal documents, UBO information, results of the personal or economic activity due diligence, in conjunction with the Client’s planned transactions and volumes thereof.

5.1.3. The level of the anticipated ML/TF risk of the cooperation with the Client exceeds the acceptable level, if the Client refuses to submit an important information or submits inconsistent and/or suspicious information that does not seem credible. The cooperation with such a Client shall not be commenced/continued;

5.1.4. Client’s ML/TF risk classification assigned in the CBS to the Client, shall constitute grounds for applying the risk-based approach in respect of:

• volume of information to be requested from the Client;
• need for further Client due diligence and analysis;
• Client monitoring measures;
• procedure for th Client’s regular supervision at the beginning of cooperation and during further periods;
• risk reducing measures;
• terms and restrictions for cooperation with the Client (limits for transactions and procedure for observance thereof);

5.1.5. On the basis of the decision taken, the Employee shall carry out relevant actions in the CBS KYC Questionnaire, in order to obtain necessary acceptances from the AML Department and enable the CBS to register the Client in an automated way in the CBS;

5.1.6. HIRETT’s Employee shall assess information submitted by the Client, which affects the ML/TF risk level and, based on that assessment, shall perform Client due diligence or enhanced Client due diligence prior to commencing cooperation;

5.1.7. Decision on ML/TF risk category to be assigned to the Client shall be made by the Employee, as stipulated in the “Risk Assessment Procedure”;

5.1.8. Review of the Client risk profile in CBS shall be made at any stage of monitoring of the Client’s economic / personal activity, including when the AML Department performs monitoring of the Client or the Client’s transactions or performs an enhanced Client due diligence or accepts significant amendments in the Client data provided in KYC Questionnaire or otherwise.

6. DECISION ON COMMENCEMENT OF COOPERATION

6.1. A decision on commencement of cooperation with the Client shall be made only by the Employee, who has been granted the appropriate powers, and only after the requirements specified in the Procedure have been fulfilled, among others, the Employee shall:

6.2. perform initial Client due diligence and, if necessary, initial enhanced Client due diligence;

6.3. identify the Client’s risk increasing factors, enter the data in CBS KYC Questionnaire Client risk profile, and obtain the Client risk category;

6.4. prepare the Client’s legal file and due diligence documents, as required for commencement of cooperation with the Client;

6.5. forward the legal entity Client’s legal file documents to the Legal Department for verification:

• foreign legal entities;
• domestic legal entities, whose ownership structure is complicated, or whose UBO may not be directly verified in a credible public register;
• Clients who are represented by a person acting on the basis of a narrow, non-standard power of attorney or a complicated, unconventional decision of a court or a public authority, and who are in disagreement with the Employee, refusing cooperation due to the reason that the Client’s authorization is narrower that HIRETT’s standard Power of Attorney and is not a universal / general Power of Attorney;

6.6. if the requirements set out in the Procedure are fulfilled, the Employee shall make a decision on commencement of cooperation.

6.7. If the Client information and due diligence results are testifying to a high level of risk or if those cause doubts as to the Client’s compatibility with requirements specified in the’s AML/CTF & KYC Policy, then the Employee, may require to take this issue further to the MLRO or Compliance office for review, and in this event the risk profile and activity of the Client shall be reviewed by the MLRO or AML Compliance officer, who is entitled to make a final determination regarding commencement or refusal of cooperation with that prospective Client.
If the MLRO or AML Compliance officer has taken a positive decision, the Employee shall verify the all data of the Client’s representative, UBO, and the Client is entered in the CBS.

ANNEX

List of Documents requested from potential corporate Client for onboarding

1. Operating License/Proof of listing status;
2. Certificate of Good Standing in the event that the company has been incorporated for more than a year;
3. Legal ownership structure signed by the UBO;
4. Certificate of Incorporation and Change of Name Certificate (if applicable);
5. Certificate of Registered Office (if applicable);
6. Certificate of Directors & Secretary or document similar in nature;
7. Certificate of Shareholders or document similar in nature;
8. Memorandum & Articles of Association;
9. Proof of Business Address;
10.  Declaration of Trust (if applicable);
11. Trust Deed(s)/Trust Settlement Agreement(s) (if applicable);
12. Latest (Audited) Financial Statements as well as latest available Interim Financial Statements (in case there is no obligation for the preparation of FS within the jurisdiction, management accounts should be provided);
13. For each Director/ Shareholder (individual) being a physical person please provide (for Shareholders above 10%):

• Proof of Identity;
• Proof of residential address;
• Curriculum Vitae;
• Questionnaire for Director/Signatory ;
• Questionnaire for Shareholder (individual).

14. For each Director being an entity please provide

• Memorandum & Articles of Association;
• Certificate of shareholders (individuals) or document similar in nature;
• Certificate of directors (individuals) or document similar in nature.

15. For each Ultimate Beneficial Owner please provide:

• Proof of Identity;
• Proof of residential address;
• Curriculum Vitae;
• Bank Reference;
• Questionnaire for Ultimate beneficial owner.

16. For each signatory, please provide:

• Proof of identity;
• Proof of residential address;
• Questionnaire for Director/Signothories

← Return to the Table of Contents for all EMI and API pages