1. CLIENT RISK ASSESSMENT
1.1. In the implementation and maintenance of the Client risk assessment scoring system, the HIRETT’s goals are to identify, assess and ensure clear understanding of MLTF risks to which the HIRETT is exposed, as well as to take MLTF risk prevention measures based on the existing risks.
1.2. The regulations determine the procedure for the assessment MLTF risk associated with the Client, Clients’ country of residence (registration), business or personal activity, use of services and transactions in the Client risk assessment scoring system. The Client risk assessment scoring system represents by a numeric value the total MLTF risk level of the Client.
1.3. In the regulations the HIRETT sets a specific number of points for each risk enhancing factor found during the assessment process. The total number of points forms the overall risk profile of the Client (i.e., the Client’s total MLTF risk, formed by the total risk enhancing factors associated with the Client). HIRETT determined and maintains the scoring assigned to each risk factor (i.e., the assessment of the importance of the impact of the risk factor which represents a numerical expression of the impact of the risk factor on the overall level of risk) and ensures it’s automated application to determine the Client risk level.
1.4. The total Client risk assessment scoring system score in the Client’s overall risk profile is 100 points. The above number of points in the Client risk assessment scoring system upon the assessment of the nature of the Client’s economic activity and the related MLTF risks is broken down by risk segments as follows:
1.4.1. Client risk – 55 points;
1.4.2. National and geographic risk – 21 points;
1.4.3. Risk related to services and products used by the Client – 15 points;
1.4.4. Service and product delivery channel risk – 9 points.
1.5. AML Department ensures the updating of the Client’s risk profile by applying the Client risk assessment scoring system each time when it is required to carry out due diligence of the Client or apply risk mitigation measures pursuant to the HIRETT regulations or when the HIRETT has obtained (through IT reports, customer service or due diligence, mass media etc.) information concerning the Client, its BO, personal or economic activity.
1.6. AML Department, based on the risk assessment and the risk profile of the Client (awarded score), determines the necessary due diligence measures and their regularity. The Client due diligence measures and their regularity is determined based on the existing level of risk.
1.7. HIRETT updates the numerical score assigned to the risk factors at least once a year or more often, if necessary, if it obtains information that indicates changes in information on which the initial numerical score assigned to the risk factors was based.
1.8. In order to perform regular update of the numerical score assigned to the risk factor, AML Department selects at least 10 (ten) Clients (focus group) and the relevance of the numerical score assigned to each risk factor, as well as the necessary changes in the numerical score assigned to each risk factor is based on the monitoring of the activity of the focus group.
1.9. Before the implementation of a new Client risk assessment scoring system or significant changes to the existing Client risk assessment scoring system, MLRO approval is a must.
1.10. The Client risk assessment scoring system shall include the following Client identification information:
1.10.1. Name of the Client;
1.10.2. Country of registration of the Client;
1.10.3. Registration number of the Client;
1.10.4. Representatives of the Client;
1.10.5. Beneficial owners of the Client;
1.10.6. Online store website of the Client.
1.11 The total numerical score assigned to the Client in the Client risk assessment scoring system shall be set according to the risk score indicated below regarding each of the following risk factors:
2.1. Client Risk
No.
|
Risk segment | No. |
Risk enhancing factor Compliance with the factor (Yes / No) |
Risk score | |
1 | Client risk | ||||
1.1. | Types of risk | 1 | Legal Entity (LE) with core activity in UK, | Yes | 1 |
No | 0 | ||||
2 | LE with core activity outside UK but is a part of a publicly known foreign group with a good reputation, | Yes | 2 | ||
No | 0 | ||||
3 | LE with core activity outside UK and is not a part of a publicly known foreign group with a good reputation, | Yes | 3 | ||
No | 0 | ||||
4 | Legal formation, whose BO or representative is a PIP | Yes | 3 | ||
No | 0 | ||||
5 | LE recognized as a shell company | Yes | 3 | ||
No | 0 | ||||
1.2. | The economic activity of the Client | 1 | The Client or the BO of the Client, or the representative of the Client is an outsourced bookkeeper, lawyer or provides services for establishing and running legal entities who wishes to conclude a contract with the Company in is name to perform financial transactions on behalf of the Client | Yes | 2 |
No | 0 | ||||
2 | the activity of the Client or the BO of the Client is related to: gambling; encashment; RE intermediation; cash, currency exchange, marketing services; IT development, FX transactions, trading precious metals, weapons and other activity that is hard to document and trace. | Yes | 3 | ||
No | 0 | ||||
3 | the Client or the BO of the Client is interested in the Company’s MLTF assessment policies and procedures or procedures that apply to PIP | Yes | 1 | ||
No | 0 | ||||
4 | the Client or the BO of the Client is a person related to business sector with high risk of corruption | Yes | 2 | ||
No | 0 | ||||
5 | the Client or the BO of the Client is a person related to business sector where cash transactions have an essential role | Yes | 2 | ||
No | 0 | ||||
6 | the reason of the establishment of the LE is unclear and the information on the legal and economic purpose of the Client’s activity is general or limited, or is not available. | Yes | 2 | ||
No | 0 | ||||
7 | It is suspected that the BO is attempting to hide their identity by using family members or closely associated persons | Yes | 2 | ||
No | 0 | ||||
8 | the previous activity and professional experience of the Client or the BO of the Client is not related to the planned economic activity | Yes | 2 | ||
No | 0 | ||||
9 | the economic activity does not correspond to the financial state of the Client or the BO of the Client | Yes | 2 | ||
No | 0 | ||||
10 | the legal or economic grounds of the type of the Client’s economic activity or transactions are unclear (for example, it is not possible to properly ascertain the movement of goods and services, the goods are sold outside the EU borders etc.) | Yes | 2 | ||
No | 0 | ||||
11 | The G2 Web Services Full Global Boarding report or Web Shield Limited Global Entity Due Dilligence report received regarding the Client indicates that the Client has high MLTF risk | Yes | 3 | ||
No | 0 | ||||
1.3 | Client’s legal form and structure | 1 | the Client is a LE who emits or has the right to emit bearer shares (equity securities); | Yes | 2 |
No | 0 | ||||
2 | the Client is a LE whose owner or member structure makes it difficult to determine the BO and, if the Client’s owner structure has changed, the reasons for the change are unclear; | Yes | 2 | ||
No | 0 | ||||
3 | During the previous 3 (three) months the composition of the beneficial owners of the Client or the representatives of the Client has changed (in case of newly established Client, i.e., if the Client has been registered in the past 3 (three) months, mark “Yes”) | Yes | 1 | ||
No | 0 | ||||
4 | the Client is an association, foundation or equivalent LE of a non-profit nature, except if it has a status of a public benefit organization in UK or it operates in UK and its monthly credit turnover does not exceed 7 000 EUR; | Yes | 2 | ||
No | 0 | ||||
5 | the Client’s transactions or payments are complex, unusually large for the economic or personal activity of the Client or their legal and economic purpose is uncertain; | Yes | 2 | ||
No | 0 | ||||
6 | there are grounds to believe that the Clients is trying to avoid certain limit values; | Yes | 2 | ||
No | 0 | ||||
7 | the Clients is trying to avoid providing information or is trying to hide its economic activity | Yes | 2 | ||
No | 0 | ||||
1.4. | Client’s reputation | 1 | there is negative information about the Client or the BO of the Client indicating possible connection to MLTF; | Yes | 3 |
No | 0 | ||||
2 | the Client’s or the BO’s of the Client funds have been frozen in the past or arrested in connection with possible criminal activities; | Yes | 2 | ||
No | 0 | ||||
3 | there has been reports of suspicious transactions associated with the Client or the BO of the Client | Yes | 2 | ||
No | 0 |
National and geographic risk:
No.
|
Risk segment |
No.
|
Risk enhancing factor |
Compliance with the factor (Yes / No) |
Risk score |
2 | National and geographic risk | ||||
1 | the Client, the BO of the Client or the main cooperation partner is related to a country or a territory included in the Cabinet list of low tax and duty free countries and territories. | Yes | 2 | ||
No | 0 | ||||
2 | the Client, the BO of the Client or the main cooperation partner is related to a country or a territory associated with financial or civil restrictions imposed by the UN, USA or the EU. | Yes | 2 | ||
No | 0 | ||||
3 | the Clients, the BO of the Client or the main cooperation partner is related to a country or territory which is included in FATF list of non-cooperative countries or regarding which the FATF has issued a statement as a country or territory that has no laws and regulations for the MLTF or where they have significant shortcomings and they do not meet international requirements | Yes | 3 | ||
No | 0 | ||||
4 | the Client, the BO of the Client or the main cooperation partner is related to a country which is included in the list of states which have been identified as high MLTF risk countries approved by the European Commission. | Yes | 2 | ||
No | 0 | ||||
5 | the Client, the BO of the Client or the main cooperation partner is related to a country where there are significant gaps in the area of MLTF risk prevention. | Yes | 2 | ||
No | 0 | ||||
6 | the Client, the BO of the Client or the main cooperation partner is related to a country with a high level of crime that may result in money laundering. | Yes | 3 | ||
No | 0 | ||||
7 | the Client, the BO of the Client or the main cooperation partner is related to a country or a territory where there are no requirements to submit reports on the financial activities of the company or it is allowed to register a company without specifying the actual location. | Yes | 2 | ||
No | 0 | ||||
8 | the Client, the BO of the Client or the main cooperation partner is related to a country with a high risk of corruption (for example, according to the Transparency International corruption assessment tool http://www.transparency.org/cpi2015#map-container ) | Yes | 2 | ||
No | 0 | ||||
9 | the Client, the BO of the Client or the main cooperation partner is related to a country with an unstable political situation. | Yes | 3 | ||
No | 0 |
Risk related to services and products used by the Client:
No.
|
Risk segment |
No.
|
Risk enhancing factor |
Compliance with the factor (Yes / No) |
Risk score |
3 | Risk related to services and products used by the Client | ||||
1 | the Client uses options for anonymity and international use (e.g., online payments, prepaid cards, payment orders, payments made by phone and others) that provide an opportunity for large transactions (more than 100 000 EUR per month) or large number of orders (more than 1 000 per month); | Yes | 3 | ||
No | 0 | ||||
2 | the Client has been set/assigned an unusually large transaction limit or unlimited transactions; | Yes | 3 | ||
No | 0 | ||||
3 | The Client can carry out the conversion of cash to other easily transferable instruments that provide an opportunity for large transactions (more than 100 000 EUR per month) or large number of orders (more than 1 000 per month); | Yes | 3 | ||
No | 0 | ||||
4 | The Client can make unusually large cash transactions that are not compatible with its activity; | Yes | 3 | ||
No | 0 | ||||
5 | the Client can carry out large, complex transactions (exceeding 100 000 EUR per month) with a large number of parties (more than 3) | Yes | 3 | ||
No | 0 |
Service and product delivery channel risk:
No.
|
Risk segment |
No.
|
Risk enhancing factor |
Compliance with the factor (Yes / No) |
Risk score |
4 | Service and product delivery channel risk | ||||
1 | the Client has not participated in face-to-face identification; | Yes | 3 | ||
No | 0 | ||||
2 | the Client is found through agents without MLTF risk prevention requirements or are not adequately monitored; | Yes | 3 | ||
No | 0 | ||||
3 | the provision of financial services is based on technological solutions which limits the identification of the Client and the information about the personal and economic activity (for example, video identification, e-commerce and its variations) | Yes | 3 | ||
No | 0 |
In addition to the risk segments identified in the Regulations, HIRETT considers the following Client risk enhancing factors during the business relationship which are added to the Client’s risk score determined by the Client risk assessment scoring system:
No.
|
Risk enhancing factor |
Compliance with the factor (Yes / No) |
Risk score |
1 | Requests have been received from the recipient bank of the Client’s financial transactions regarding the Client or the Client’s transactions; | Yes | 2 |
No | 0 | ||
2 | the Client is a payment institution and a monitoring institution has imposed sanctions on violations of MLTF requirements or faults; | Yes | 2 |
No | 0 | ||
3 | The payment received or made significantly (10 percent of the set limit value) exceeds the limit value set by the Company based on the results of the investigation of the Client’s economic activity; | Yes | 2 |
No | 0 | ||
4 | The monthly credit turnover exceeds the equivalent of 300 000 EUR or significantly exceeds other, lower threshold (10 percent of the limit value) set by the Company based on the results of the investigation of the Client’s economic activity; | Yes | 2 |
No | 0 | ||
5 | The three-month credit turnover exceeds the equivalent of 700 000 EUR or significantly exceeds other, lower threshold (10 percent of the limit value) set by the Company based on the results of the investigation of the Client’s economic activity; | Yes | 2 |
No | 0 | ||
6 | The annual credit turnover exceeds the equivalent of 3 000 000 EUR or significantly exceeds other, lower threshold (10 percent of the limit value) set by the Company based on the results of the investigation of the Client’s economic activity; | Yes | 2 |
No | 0 | ||
7 | The first transaction for the benefit of the Client made in the Company’s system is made six months from the day of establishing the business relationship with the Client and the monthly credit turnover has reached the equivalent of 70 000 EUR; | Yes | 2 |
No | 0 | ||
8 | The average number of operations per month exceeds 1 000 | Yes | 2 |
No | 0 | ||
9 | The average amount per operation exceeds 500 EUR | Yes | 2 |
No | |||
10 | the Client is an association or foundation and during the business relationship money is transferred abroad and the amount of the transaction exceeds the equivalent of 10 000 EUR | Yes | 2 |
No | 0 |
3. THE SCORING SYSTEM
3.1. The summary of Client risk assessment shall include the following information:
3.1.1. The Client’s initial assessment date, name and surname of the Company employee who performed the risk assessment, as well as the resulting Client risk score;
3.1.2. The date of each further Client’s assessment, name and surname of the Company employee who performed the risk assessment, as well as the resulting Client risk score;
3.1.3. Each assessment score shall be recorded in the Client risk assessment scoring system, as well as printed and signed by the Company employee who performed the risk assessment and added to the Client’s file.
4. BEFORE ESTABLISHING BUSINESS RELATIONSHIP
4.1. Before establishing business relationship AML Department, upon receiving the potential Client’s risk score in the Client risk assessment scoring system, shall:
4.1.1. print out the Client risk assessment scoring system score summary regarding the potential Client, sign it and include it in the potential Client’s case;
4.1.2. record the information about the potential Client’s risk score in HIRETT system and AML Department’s statement on the client (Client On-Boarding Summary Form);
4.1.3. If according to the result generated by the Client risk assessment scoring system a Client due diligence is required upon establishing business relationship, AML Department shall carry out Client due diligence in addition to the initial Client assessment process pursuant to the AML/CTF&KYC Policy regulations.
4.2. When all data, and Client risk assessment is obtained AML Department places this information electronically to the Client’s profile/case and notifies MLRO about availability of this information.
4.3. MLRO analyses the information mentioned above, if needed asks AML Department to present any necessary information to perform DD or EDD, oversees scoring calculation and summarizes the results and, if needed, additionally asks AML Department to describe evaluation for AML compliance.
4.4. MLRO, if needed, before establishing a business relationship records risk mitigation process.
4.5. MLRO after receiving all necessary information makes the decision to establish or reject business relationships with the Client within 5 business days.
4.6. If the decision is negative MLRO in written form (Client On-Boarding Summary Form) explains the reasons of rejection.
4.7. The decision should be communicated to AML Department and MLRO not later than the next business day after it has been made.
4.8. If MLRO due to objective circumstances cannot make the decision he/she is in right to escalate the case to Head of AML Department.
4.9. If the decision is positive, AML Department marks Client profile/case accordingly.
4.10. If the decision is negative, the AML Department marks the Customer profile/case as “Rejected”.
4.11. If the business relationships are to be established with PEP, PEP close associates or close relatives, MLRO accept is a must and AML Department asks the approval of MLRO.
4.12. If the business relationships are to be established with PEP, PEP close associates or close relatives, MLRO accept is a must and AML Department asks the approval of MLRO.
4.13. If AML Department during any stage of risk assessment or DD processes suspects that the Client is a shell bank, person under sanctions or terrorist he/she immediately via e-mail notifies MLRO about it and does not perform any further actions without MLRO instructions.
4.14. If MLRO receives information under point 4.11 and 4.12. MLRO acts and makes further decisions in line with the AML/CTF & KYC Policy.
5. DURING THE BUSINESS RELATIONSHIP
5.1. During the business relationship AML Department, upon receiving the potential Client’s risk score in the Client risk assessment scoring system, shall:
5.1.1. print out the Client risk assessment scoring system score summary regarding the potential Client, sign it and include it in the Client’s profile/case;
5.1.2. record the information about the Client’s risk score in HIRETT system and AML Department’s statement on the client (Client Summary Form);
5.1.3. If according to the result generated by the Client risk assessment scoring system a Client due diligence is required during the business relationship, AML Department shall carry out Client due diligence in addition to the initial Client assessment process pursuant to the AML/CTF&KYC Policy regulations.
5.2. AML Department, in regard to each Client of the HIRETT, shall monitor whether the risk score assigned to the Client is effective and complies with the management of the relevant risks of the HIRETT. Having found gaps or inconsistencies in the Client risk assessment scoring system AML Department shall immediately notify the MLRO.
5.3. HIRETT shall terminate the business relationship with the Client if within 30 days after the preconditions for due diligence have been established the minimum requirements for Client due diligence cannot be met and there is no sufficient evidence to provide the legal and economic purpose of the Client’s transactions.
5.4. AML Department shall consider the Client’s risk score assigned in Client risk assessment scoring system upon making the decision on the cooperation with the potential Client or the cooperation with the existing Client and:
5.4.1. If the Client’s risk score in the section “Types of risk” is at least 3 – the Client is assigned a High risk Client status and due diligence is applied before establishing cooperation and during the cooperation;
5.4.2. If the Client’s risk score in the section “Client risk” is at least 8 – the Client is assigned a High risk Client status and due diligence is applied before establishing cooperation and during the cooperation;
5.4.3. If the Client’s risk score in the section “National and geographical risk” is at least 4 – the Client is assigned a High risk Client status and due diligence is applied before establishing cooperation and during the cooperation;
5.4.4. If the Client’s risk score in the section “Risk related to services and products used by the Client” is at least 3 – the Client is assigned a High risk Client status and due diligence is applied before establishing cooperation and during the cooperation;
5.4.5. If the Client’s total risk score is at least 10 – the Client is assigned a High risk Client status and due diligence is applied before establishing cooperation and during the cooperation;
5.4.6. If the Client’s total risk score is at least 10 – the Client is assigned a High risk Client status and C before establishing cooperation and during the cooperation;
5.4.7. If the Client’s total risk score is at least 15 – the Client is assigned a High risk Client status and due diligence is applied, as well as increased monitoring of transactions is carried out by setting one or more limitations;
5.4.8. If the Client’s total risk score is at least 20 – A decision to establish cooperation (business relationship) with the potential Client or to continue the cooperation (business relationship) with the existing Client could be made only by MLRO.