Bitunix's AML/KYC POLICIES AND PROCEDURES
This Policy relates to Bitunix's anti-money laundering and countering the financing of terrorism (“AML/KYC”) policies and procedures. This Policy is solely for the purpose of providing general information and is not, in any way, legally binding either on Bitunix and/or on any other person(s) (natural or otherwise).
1. Bitunix's Principles and Approach to AML/KYC Efforts
Bitunix is committed to supporting AML/KYC efforts. In principle, we are committed to, amongst other things:
-
exercising due diligence when dealing with our customers, natural persons appointed to act for our customers ‘behalf;
-
conducting our business in conformity with high ethical standards, and to, as far as possible, guard against establishing any business relations that is or may be connected with or may facilitate money-laundering or terrorism-financing;
-
we will, to the fullest extent possible, assist and cooperate with relevant law authorities to prevent the threat of money-laundering and terrorism-financing.
2. Bitunix's Approach to Risk Assessment and Risk Mitigation
The first layer includes a stringent customer identification(KYC) program, including verifying the identity of our customers, whether individuals or entities. In addition to obtaining identification documents, we obtain for non-natural persons their entities’ beneficial owners/natural persons consistent to international standards such as the Financial Action Task Force (FATF).
The second layer includes a risk-based system to warrant additional customer due diligence(CDD). To accomplish this, we screen our customers (including beneficial owners) against the entities/persons in any government-provided lists of sanctioned individuals and entities. We also may screen against other lists on a discretionary basis to protect our reputation and customers.
The third layer includes ongoing monitoring for suspicious activity. If our program suspects or has reason to suspect suspicious activities have occurred, we will file suspicious activities reports with local regulators. A suspicious transaction is often inconsistent with a customer’s known and legitimate business, or personal activities.
These are the primary components of our compliance program; however, the most important glue or connection to these layers are our leadership team and staff, including AML/Risk personnel that execute training, oversight and a sound compliance culture.
Risk Assessment
We envisage that the majority of our customers would be retail customers, and that we would, as of the date of this Policy, be mainly operating in the Singapore.
In this regard, we would:
a. document and/or collect documentation in relation to:
1) the identities of our customers;
2) the countries or jurisdictions that our customers are from or in; and
b. ensure that, to the best of our knowledge, skill and ability, our customers, connected persons of a customer, natural persons appointed to act on behalf of a customer, beneficial owners of a customer will be assessed and screened with the assistance of List of Designated Individuals and Entities which include (but are not limited to) the categories such as:
The Government of the Hong Kong SAR Gazette, United States Office of Foreign Assets Control (OFAC) Sanctions Lists, and the United Nation Security Council Sanctions List, etc
Risk Mitigation
If identified, we shall not deal with any persons identified in the List of Designated Individuals and Entities.
3. Our Approach to New Products, Practices and Technologies
We shall be properly advised, in relation to, identifying and assessing the money laundering and terrorism financing risks that may arise in relation to:
-
the development of new products and new business practices, including new delivery mechanisms;
-
the use of new or developing technologies for both new and pre- existing
We shall especially pay special attention to any new products and new business practices, including new delivery mechanisms, and new or developing technologies, that favour anonymity such as digital tokens (whether security, payment and/or utility tokens) that favour anonymity.
4. Our Approach to Customer Due Diligence (“CDD”)
We do not open, maintain or accept anonymous accounts or accounts in fictitious names.
We do not establish business relations with, or undertake a transaction for a customer that we have any reasonable grounds to suspect that the assets or funds of a customer are proceeds of drug dealing or criminal conduct. We shall lodge a Suspicious Transaction Report and extend a copy to the relevant Financial Intelligence Unit for such transactions.
-
We perform Customer Due Diligence:
-
when we establish business relations with any customer;
-
when we undertake any transaction for any customer whom we had not established business relations with;
-
when we effect or receive cryptocurrency by transfer for any customer whom we had not established business relations with;
-
when we have suspicion of money-laundering or terrorism financing;
-
when we have doubts about the veracity or adequacy of any information.
-
When we suspect that 2 or more transactions are or may be related, linked or the result of a deliberate restructuring of an otherwise single transaction into smaller transactions in order to evade the Prevention of Money Laundering and Countering the Financing of Terrorism measures, we shall treat the transactions as a single transaction and aggregate their values for the purpose of complying with Prevention of Money Laundering and Countering the Financing of Terrorism principles.
-
Identifying our Customers
We shall identify each of our customers.
To identify our customers, we shall obtain, at least:
-
their full names, including aliases;
-
their unique identification numbers (such as an identity card number, birth certificate number, or passport number, or where the customer is not a natural person, their business registration numbers); or
-
their registration address, or if applicable, their registered business address, and if different, their principal place of business;
AND
-
their date of births, establishment, incorporation or registration; and
-
their nationality, place of incorporation or registration
Where the customer is a legal person or legal arrangement, we shall apart from obtaining the relevant information as aforesaid above, identify its legal form, constitution and powers that regulate and bind the legal person or legal arrangement; we shall also identify connected parties of it (e.g., directors, partners of and/or persons having executive authority of it), by obtaining at least the following information of each connected party:
-
full name, including aliases; and
-
unique identification number such as identify card number, birth certificate number, or passport number of the connected party).
Verifying the Identities of our Customers
We shall verify the identities of our customers using reliable, independent source data, documents or information. Where our customer is a legal person or legal arrangement, we shall verify the legal form, proof of existence, constitution and powers that regulate and bind the customer, using reliable, independent source data, documents or information.
Identifying and Verifying the Identities of Natural Persons Appointed to Act on a Customer’s behalf
Where a customer appoints 1 or more natural person to act on his behalf in establishing business relations with us, or if the customer is not a natural person, we shall:
-
identify each natural person who acts or is appointed to act on behalf of the customer by obtaining:
-
their full name;
-
their unique identification number;
-
residential address;
-
date of birth;
-
nationality; and'
-
verify the identities of the aforesaid natural persons using reliable, independent source data, documents or
We shall also verify due authority of each natural person appointed to act on behalf of our customers by obtaining:
-
appropriate documentary evidence authorising the appointment of such natural persons by our customers;
-
the specimen signature of each natural person
Where the customer is a Government entity, we shall only obtain such information as may be required to confirm that the customer is a Government entity as asserted.
Identifying and Verifying Beneficial Owners
We will inquire if there exist any beneficial owners in relation to a customer.
Where there is 1 or more beneficial owner in relation to a customer, we shall identify the beneficial owners and take reasonable measures to verify the identities of the beneficial owners using relevant information or data obtained from reliable, independent sources. We shall:
if the customer is a legal person –
-
identify the natural persons (whether acting alone or together) who ultimate own the legal person;
-
where there is doubt as to whether as to whether natural persons who ultimately own a legal person are the beneficial owners or where no natural person ultimately own the legal person, identify the natural persons (if applicable) who ultimately control the legal person or have ultimate effective control of the legal person; and
-
where no natural persons are identified, identify natural persons having executive authority in such legal persons;
if the customer is a legal arrangement –
-
for trusts, identify the settlor, the trustee, the protector (if applicable), the beneficiaries, any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust; and
-
for other types of legal arrangements, identify person in equivalent positions.
Where our customer is not natural person, we shall identify the nature of our customers’ business, its ownership and control structure.
We shall be required if there exist any beneficial owners for customers who are:
-
an entity listed on the stock exchange;
-
an entity listed on a stock exchange that is subject to regulatory disclosure requirements; and requirements relating to adequate transparency relating to its beneficial owners;
-
a financial institution;
-
a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by FATF; or
-
an investment vehicle where the managers are financial institutions, or are subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF;
unless we have doubts about the veracity of the CDD information, or suspect that our customers, business relations with, or transactions for the customer, may be connected with money laundering or terrorism financing.
We shall also document the basis for our determination.
Information on the Purpose and Intended Nature of Business Relations and Transactions Undertaken without an Account being Opened*
We shall, when processing the application to establish business relations or undertake transactions without being opened, understood and as appropriate, obtain from the customer information as to the purpose and intended nature of business relations or transaction.
Review of Transactions Undertaken without an Account being Opened*
Where we undertake one or more transactions for a customer without an account being opened (“current transaction”), we shall review the earlier transactions undertaken by that customer to ensure that the current transaction is consistent with our knowledge of the customer, its business and risk profile and where appropriate, the source of funds.
Where we establish business relations with a customer, the payment service provider shall review any transaction undertaken before the business relations are established, to ensure that the business relations are consistent with our knowledge of the customer, its business and risk profile and, where appropriate, the source of funds.
We shall pay special attention to all complex, unusually large or unusual patterns of transactions undertaken without an account being opened that has no apparent or visible economic or lawful purpose. We shall, to the extent possible, inquire into the background and purpose of the aforesaid transactions and document its findings with a view to making this information available to the relevant authorities should the need arise.
For the purposes of reviewing transactions undertaken without an account being opened, we shall put in place and implement adequate systems and processes, commensurate with the size and complexity of the payment service provider to:
-
monitor its transactions undertaken without an account being opened for customers; and
-
detect and report suspicious, complex, unusually large or unusual patterns of transactions undertaken without an account being
Where there are any reasonable grounds for suspicion that a transaction for a customer undertaken without an account being opened is connected with money laundering or terrorism financing, and where we consider it appropriate to undertake the transaction, the payment service provider shall substantiate and document the reasons for undertaking the transaction.
Ongoing Monitoring
We shall monitor business relations with our customers on an ongoing basis. We shall, during the course of business relations with a customer, observe the conduct of the customer’s account and scrutinise transactions undertaken throughout the course of business relations, to ensure that the transactions are consistent with our knowledge of the customer, its business and risk profile and where appropriate, the source of funds.
We shall perform our risk mitigation measures where the transaction involves a transfer of cryptocurrency to or receipt of cryptocurrency from an entity other than:
-
a financial institution; or
-
a financial institution that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF.
We shall pay special attention to all complex, unusually large or unusual patterns of transactions, undertaken throughout the course of business relations, that have no apparent or visible economic or lawful purpose. We shall, to the extent possible, inquire into the background and purpose of the aforesaid transactions and document its findings with a view to making this information available to the relevant authorities should the need arise.
For the purposes of ongoing monitoring, we shall put in place and implement adequate systems and processes, commensurate with the size and complexity of the payment service provider to:
-
monitor its business relations with customers; and
-
detect and report suspicious, complex, unusually large or unusual patterns of transactions undertaken throughout the course of business relations.
We shall ensure that the CDD data, documents and information obtained in respect of customers, natural persons appointed to act on behalf of the customers, connected parties of the customers and beneficial owners of the customers, are relevant and kept up-to-date by undertaking reviews of existing CDD data, documents and information, particularly for higher risk categories of customers.
Where there are any reasonable grounds for suspicion that existing business relations with a customer are connected with money laundering or terrorism financing, and where we consider it appropriate to retain the customer:
-
we shall substantiate and document the reasons for retaining the customer; and
-
the customer’s business relations with us shall be subject to commensurate risk mitigation measures, including enhanced ongoing monitoring.
Where we assess the customer or the business relations with the customer to be of higher risk, the payment service provider shall perform enhanced CDD measures, which shall include obtaining the approval of our senior management to retain the customer.
CDD Measures for Non-Face-to-Face Business Relations or Non-Face-to-Face Transactions Undertaken without an Account Being Opened*
We shall develop policies and procedures to address any specific risks associated with non-face-to-face business relations with a customer or nonface-to-face transactions undertaken without an account being opened for a customer (“non-face-to-face business contact”).
We shall implement the policies and procedures when establishing business relations with a customer and when conducting ongoing due diligence.
Where there is no face-to-face contact, the payment service provider shall perform CDD measures that are at least as stringent as those that would be required to be performed if there was face-to-face contact.
Where a payment service provider conducts its first non-face-to-face business contact, the payment service provider shall, at his or its own expense, appoint an external auditor or an independent qualified consultant to assess the effectiveness of the policies and procedures, including the effectiveness of any technology solutions used to manage impersonation risks.
We shall appoint an external auditor or an independent qualified consultant to carry out an assessment of the new policies and procedures, and shall submit the report of the assessment to the Authority no later than one year after the implementation of the change in policies and procedures.
Reliance by Acquiring Payment Service Provider on Measures Already Performed
When we (“acquiring payment service provider”) acquires, either in whole or in part, the business of another payment service provider, we shall perform the measures on the customers acquired with the business at the time of acquisition except where the acquiring payment service provider has:
-
acquired at the same time all corresponding customer records (including CDD information) and has no doubt or concerns about the veracity or adequacy of the information so acquired; and
-
conducted due diligence enquiries that have not raised any doubt on the part of the acquiring payment service provider as to the adequacy of AML/CFT measures previously adopted in relation to the business or part thereof now acquired by the acquiring payment service provider, and document such process.
Measures for Non-Account Holder*
If we undertake any transaction for any customer who does not otherwise have business relations with us, we shall:
-
perform CDD measures as if the customer had applied to the payment service provider to establish business relations; and
-
record adequate details of the relevant transaction so as to permit the reconstruction of the transaction, including the nature and date of the transaction, the type and amount of currency involved, the value date, and the details of the payee or beneficiary
Timing for Verification
We shall complete verification of the identity of a customer, natural persons appointed to act on behalf of the customer and beneficial owners of the customer before:
-
the payment service provider establishes business relations with the customer;
-
the payment service provider undertakes any transaction for the customer, where the customer has not otherwise established business relations with the payment service provider; or
-
the payment service provider effects or receives digital payment tokens by value transfer for the customer, where the customer has not otherwise established business relations with the payment service provider.
We provider may establish business relations with a customer before completing the verification of the identity of the customer, natural persons appointed to act on behalf of the customer and beneficial owners of the customer if:
-
the deferral of completion of the verification is essential in order not to interrupt the normal conduct of business operations; and
-
the risks of money laundering and terrorism financing can be effectively managed by the payment service
Where we establish business relations with a customer before verifying the identity of the customer, natural persons appointed to act on behalf of the customer, and beneficial owners of the customer, we shall:
-
develop and implement internal risk management policies and procedures concerning the conditions under which such business relations may be established prior to verification; and
-
complete such verification as soon as is reasonably
Where Measures are Not Completed
Where we are unable to complete the measures as required, we shall not commence or continue business relations with any customer, or undertake any transaction for any customer.
Where we are unable to complete the measures, the payment service provider shall consider if the circumstances are suspicious so as to warrant the filing of an STR.
Completion of the measures means the situation where the payment service provider has obtained, screened and verified (including by delayed verification as allowed under paragraphs 6.43 and 6.44) all necessary CDD information under paragraphs 6, 7 and 8, and where the payment service provider has received satisfactory responses to all inquiries in relation to such necessary CDD information.
Joint Accounts
In the case of a joint account, we shall perform CDD measures on all of the joint account holders as if each of them were individual customers of the payment service provider.
Screening
We shall screen a customer, natural persons appointed to act on behalf of the customer, connected parties of the customer and beneficial owners of the customer against relevant money laundering and terrorism financing information sources, as well as lists and information provided by the Authority for the purposes of determining if there are any money laundering or terrorism financing risks in relation to the customer.
We shall screen the people:
-
when, or as soon as reasonably practicable after, we establish business relations with a customer;
-
before we undertake any transaction for any customer who has not otherwise established business relations with the payment service provider;
-
before we effect or receive digital payment tokens by value transfer, for a customer who has not otherwise established business relations with us;
-
on a periodic basis after we establish business relations with our customers; and
-
when there are any changes or updates to:
-
the lists and information provided by the Authority to the payment service provider; or
-
the natural persons appointed to act on behalf of a customer, connected parties of a customer or beneficial owners
We shall screen all value transfer originators and value transfer beneficiaries, against lists and information provided by the Authority for the purposes of determining if there are any money laundering or terrorism financing risks.
We shall document the results of all screenings.
5. Our Approach to Enhanced Customer Due Diligence
Politically Exposed Persons
We shall use all reasonable means to determine if a customer, any natural person appointed to act on behalf of a customer, any connected party of the customer or any beneficial owner of the customer, is a politically exposed person, or a family member or close associate of a politically exposed person.
We shall, in addition to performing CDD measures, perform at least the following enhanced due diligence measures where a customer or any beneficial owner of the customer is determined by us to be a politically exposed person, or a family member or close associate of a politically exposed person:
-
obtain approval from senior management to establish and continue business relations with the customer;
-
establish by reasonable means, the source of wealth and source of funds of the customer and any beneficial owner of the customer; and
-
conduct, during the course of business relations with the customer, enhanced monitoring of the business relations with the customer. We shall increase the degree and nature of monitoring for any transactions that appear unusual
Higher Risk Categories
We recognise that the following circumstances where a customer presents or may present a higher risk for money laundering or terrorism financing include but are not limited to the following:
-
where a customer or any beneficial owner of the customer is from or in a country or jurisdiction in relation to which the FATF has called for countermeasures, the payment service provider shall treat any business relations with or transactions for any such customer as presenting a higher risk for money laundering or terrorism financing; and
-
where a customer or any beneficial owner of the customer is from or in a country or jurisdiction known to have inadequate AML/CFT measures, as determined by the payment service provider for itself or notified to payment service providers generally by the Authority or other foreign regulatory authorities, the payment service provider shall assess whether any such customer presents a higher risk for money laundering or terrorism
-
We will perform enhanced CDD for customers who present a higher risk for money laundering or terrorism financing or any customer the Authority notify to us as presenting higher risk for money laundering and terrorism financing.
6. Our Approach to Bearer Negotiable Instrument and Restriction of Cash Payout
We will not make any payment for any sum of money in the form of a bearer negotiable instrument.
We will not pay any cash in any amount in the course of carrying on our business.
7. Record Keeping
We will keep proper records as required for a time period of at least 5 years.
8. Personal Data*
We will safeguard the personal data of our customers in the manner prescribed.
9. Suspicious Transactions Reporting (“STR”)
We will inform the relevant authorities and file STR Reports as required by law. We will also keep all records and transactions relating to all such transactions and STR Reports.
10. Our Policies on Compliance, Audit and Training
Amongst other things, we shall and take proactive measures in regularly training our employees and employees on AML/CFT matters.
Enterprise-wide money-laundering/terrorism financing risk assessment
We will employ and enterprise-wide money-laundering/terrorism financing risk assessment in 3 phases:
Phase 1: Assessing inherent risk
We will assess the inherent risk in relation to our:
-
customer or entity: we will make an assessment in relation to our customers and/or entities we deal with;
-
product or services: we will and are mindful of who we serve in our cryptocurrency OTC services;
-
Geographical level: we will not deal with customers from the List of Designated Individuals and Entities.
Phase 2: Assessing mitigating control
We will assess our mitigating controls in relation the aforesaid, any and/or all customer(s) whom we find suspicious will be first monitored, followed by exercising enhanced due diligence.
Phase 3: Assessing residual risk
We will assess our residual risks after assessing our mitigating controls.
Bitunix Team