SCENARIOS OF CUSTOMER TYPES

Small and Medium Sized Enterprises:

Small and medium business enterprise customers usually entail domestic companies with simple ownership structures. Most of these businesses deal with cash and multiple persons that can act on its behalf. The likelihood that funds deposited are from an illegitimate source is HIGH, since it can‘t easily be identified and can have a major impact on a large number of SME customers. Thus, the risk assessment and risk rating result is HIGH.

International Corporations:

International corporate customers have complex ownership structures with foreign beneficial ownership (often). Although there are only a few of those customers, it is often the case that most are located in offshore locations. The likelihood of Money Laundering is High because of the limited number of customers of this type and the beneficial ownership could be questionable, with two criteria that in this scenario result in a possible risk impact of moderate and a moderate risk assessment.

Note: The above risk analysis is a general one for types or categories of customers. It is the starting point for the risk classification of an individual customer. Based on the circumstances of an individual customer, such as its background or information provided, the risk classification of an individual customer can be adjusted. Based on that individual risk classification, customer due diligence measures should be applied.

B.      Country or geographic risk factors:

Country or geographical risk may arise because of the location of a customer, the origin of a destination of transactions of the customer, but also because of the business activities of the Company itself, its location and the location of its geographical units. Country or geographical risk, combined with other risk categories, provides useful information on potential exposure to ML/TF. The factors that may indicate a high risk are as follow:

i)        Countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports by international bodies such as the FATF, as not having adequate AML/CFT systems;

ii)      Countries subject to sanctions, embargos or similar measures issued by, for example, the United Nations;

iii)    Countries identified by credible sources as having significant levels of corruption or other criminal activity  

iv)    Countries or geographic areas identified by credible sources as providing funds or support for terrorist activities, or that have designated terrorist organizations operating within their country;

v)      Entities and individuals from jurisdictions which are known tax heavens;

C.     PRODUCT, SERVICE, TRANSACTION OR DELIVERY CHANNEL RISK FACTORS:

The Company, while doing its ML/TF risk assessment, takes into account the potential risks arising from the products, services, and transactions that the Company offers to its customers and the way these products and services are delivered. In identifying the risks of products, services, and transactions, the following factors are considered:

i)        Anonymous transactions (which may include cash);

ii)      Transaction for which payments are made from more than two bank accounts of a customer;

iii)    Products that involve large payment or receipt in cash of more than or equivalent R24,999.99

D.     LOW RISK CLASSIFICATION FACTORS:

a.       Customer risk factors:

Ø  The customer is a regulated person or bank and is subject to requirements to combat money laundering and terrorist financing consistent with the FATF recommendations and are supervised for compliance with those requirements; or

Ø  Public listed companies that are subject to regulatory disclosure requirements to ensure adequate transparency of beneficial ownership;

b.      Product, service, transaction or delivery channel risk factors:

Financial products or services that provide appropriately defined and limited services to certain types of customers.

c.       Country risk factors:

Ø  Countries identified by credible sources, such as mutual evaluation or detailed assessment reports, as having effective AML/CFT systems.

Ø  Countries identified by credible sources as having a low level of corruption or other criminal activity.

In making a risk assessment, the Company could, when appropriate, also take into account possible variations in ML/TF risk between different regions or areas within a country.

1.       RISK MATRIX

In assessing the risk of money laundering and terrorism financing, the Company will establish whether all identified categories of risks pose a low, moderate, high or unacceptable risk to the business operations. The Company will review different factors, e.g., number and scope of transactions, geographical location, and nature of the business relationship. In doing so, it must also review the differences in the manner in which it establishes and maintains a business relationship with a customer (e.g., direct contact or non-face-to-face). It is due to the combination of these factors and the variety of their combinations, that the level of money laundering and terrorism financing differs from institution to institution. The geographical risk should be seen in correlation with other risk factors in order to come up with an assessment of the total money laundering and terrorism financing risk.

The Company will use a risk matrix as a method of assessing risk in order to identify the types or categories of customers that are in the low-risk category, those that carry somewhat higher, but still acceptable risk, and those that carry a high or unacceptable risk of money laundering and terrorism financing.

The development of a risk matrix can include the consideration of a wide range of risk categories, such as the products and services offered by the Company, the customers to whom the products and services are offered, the size and organizational structure, etc. A risk matrix is not static: it changes as the circumstances of the Company change. A risk analysis will assist the Company to recognize that ML/TF risks may vary across customers, products, and geographic areas and thereby focus its efforts on high-risk areas in its business.

Note: When conducting risk assessment, the Company does not have to follow the processes in this document. As long as it complies with the obligations under the Act and any other applicable laws or regulations, the Company has a choice to select the method of risk.

A.     RISK MANAGEMENT:

1.       Risk Mitigation

        I.            The Company will develop appropriate policies, procedures and controls that will enable it to manage and mitigate effectively the inherent risks that it has identified, including the national risks. Company will monitor the implementation of those controls and enhance them, if necessary. The policies, controls and procedures will be approved by the senior management of the Company, and the measures will be taken to manage and mitigate the risks (whether higher or lower) to ensure that measures are consistent with legal and regulatory requirements.

The nature and extent of AML/CFT controls the Company puts in place depends on a number of aspects, which include:

a.       The nature, scale and complexity of the Company’s business;

b.       Diversity, including geographical diversity of the Company’s operations;

c.       The Company’s customer, product and activity profile;

d.       Volume and size of transactions;

Extent of reliance or dealing through third parties or intermediaries, which is minimal in case of Company and restricted to Administration department related services;

Some of the risk mitigation measures that the Company may consider include:

i)        Determining the scope of the identification and verification requirements or ongoing monitoring based on the risks posed by particular customers;

ii)      setting transaction limits for higher-risk customers or products;

iii)    requiring senior management approval for higher-risk transactions, including those involving PEPs;

iv)    determining the circumstances under which they may refuse to take on or terminate/cease high risk customers/products or services;

v)      Determining the circumstances requiring senior management approval (e.g. high risk or large transactions, when establishing relationship with high risk customers such as PEPs).

     II.            Evaluating Residual Risk and Comparing with the Risk Tolerance:

Subsequent to establishing the risk mitigation measures, the Company will evaluate its residual risk, which is the risk remaining after taking into consideration the risk mitigation measures and controls. Residual risks are kept in line with the Company’s overall risk tolerance and this sets the cornerstone of accepting and continuing business relations.

2.       MONITORING AML/CFT SYSTEMS AND CONTROLS:

The Company will have systems in place to monitor the risks identified and assessed as they may change or evolve over time due to certain changes in risk factors, which may include changes in customer conduct, development of new technologies, new embargoes and new sanctions. The Company will update their systems as appropriate to suit the change in risks.

Additionally, the Company will assess the effectiveness of their risk mitigation procedures and controls, and identify areas for improvement, where needed. For that purpose, the Company will need to consider monitoring certain aspects which include:

a.       the ability to identify changes in a customer profile or transaction activity/behaviour, which come to light in the normal course of business

b.       the potential for abuse of products and services by reviewing ways in which different products and services may be used for ML/TF purposes, and how these ways may change, supported by typologies/law enforcement feedback, etc.;

c.       the adequacy of employee training and awareness;

d.       the adequacy of internal coordination mechanisms i.e., between AML/CFT compliance and other functions/areas;

e.       the compliance arrangements (such as internal audit);

f.        changes in relevant laws or regulatory requirements; and

g.       changes in the risk profile of countries to which the Company or its customers are exposed to.

DOCUMENTATION AND REPORTING:

Documentation of relevant policies, procedures, review results and responses will enable the Company to demonstrate to the Commission:

a.       risk assessment systems including how the Company will assess ML/TF risks;

b.       details of the implementation of appropriate systems and procedures, including due diligence requirements, in light of its risk assessment;

c.       will monitor and, as necessary, improves the effectiveness of its systems and procedures; and

d.       arrangements for reporting to senior management on the results of ML/TF risk assessments and

e.       implementation of its ML/TF risk management systems and control processes.

Ø  The Company will note that the ML/TF risk assessment is not a one-time exercise and therefore, they must ensure that their ML/TF risk management processes are kept under regular review which is at least annually. Further, the Company management should review the program’s adequacy when the reporting entity adds new products or services, opens or closes accounts with high-risk customers, or expands through mergers or acquisitions.

Ø  The Company will demonstrate to the Commission, the adequacy of its assessment, management and mitigation of ML/TF risks; its customer acceptance policy; its procedures and policies concerning customer identification and verification; its ongoing monitoring and procedures for reporting suspicious transactions; and all measures taken in the context of

Ø  AML/CFT, during the on-site inspection. The Company will maintain Risk Assessment Tables (Annexure 1), AML/CFT Compliance Assessment Template (Annexure 2) and Control Assessment Template (Annexure 3) within the period as required by the Commission from time to time.

NEW PRODUCTS AND TECHNOLOGIES:

The company provides electronic verification should also have processes that allow the Firm to record and store the information they used to verify an identity

a.       Electronic verification of documentation;

b.       Data and transaction screening systems; or

c.       The use of virtual or digital currencies

·         The Company will undertake a risk assessment prior to open the account and take appropriate measures to manage and mitigate the risks.

·         These policy and procedures provides governance framework to prevent the misuse of technological development in ML/TF schemes, particularly those technologies that favor anonymity. For example, securities trading and investment business on the Internet, add a new dimension to the Company’s activities. The unregulated nature of the Internet is attractive to criminals, opening up alternative possibilities for ML/TF, and fraud.

·         To insulate itself against risk of anonymity of customer, Company offer an on-line account opening only after appropriate identification checks and fulfillment of its all applicable KYC requirements.

·         To maintain adequate systems, the Company will ensure that its systems and procedures will be kept up to date with such developments and the potential new risks and impact they may have on the products and services offered by the Company. Risks identified must be fed into the Company business risk assessment.

3.       CROSS-BORDER CORRESPONDENT RELATIONSHIP:

Cross-border correspondent relationships are the provision of services by one institution to another institution (the respondent institution). Correspondent institutions that process or execute transactions for their customer ‘s (i.e. respondent institution ‘s) customers may present high ML/TF risk and as such may require Enhanced Due Diligence (EDD).

4.       CUSTOMER DUE DILIGENCE:

According to Section 21C of the Financial Intelligence Act 2001, “If an accountable institution suspects that a transaction or activity is suspicious or unusual as contemplated in section 29, and the institution reasonably believes that performing the customer due diligence requirements in terms of this section will disclose to the client that a report will be made in terms of section 29, it may discontinue the customer due diligence process and consider making a report under section 29.”.

The Company will take steps to know who their customers are. The Company as a policy matter will not open anonymous accounts or accounts in fictitious names and alias. Hence, for customers which are natural person, names contained in their national registration card or Passports will be used as title of account, and same is verified from regulatory authority record. For entities the title of account offered is same as the one contained in their establishing/incorporation document. The Company will conduct CDD, which will comprise of identification and verification of customers including beneficial owners (such that it is satisfied that it knows who the beneficial owner is), understanding the intended nature and purpose of the relationship, and ownership and control structure of the customer.

Additionally, Company will conduct ongoing due diligence on the business relationship and scrutinize transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the Company‘s knowledge of the customer, its business and risk profile (Annexure 4), including, where necessary, the source of funds. The Company will conduct CDD when establishing a business relationship if:

There is a suspicion of ML/TF, Annexure 5 gives some examples of potentially suspicious activities or ―red flags‖ for ML/TF. Although these may not be exhaustive in nature, it may help the Company to recognize possible ML/TF schemes and may warrant additional scrutiny, when encountered. The mere presence of a red flag is not by itself evidence of criminal activity. Closer scrutiny will assist in determining whether the activity is unusual or suspicious or one for which there does not appear to be a reasonable business or legal purpose; or

a.       There are doubts as to the veracity or adequacy of the previously obtained customer identification information.

·         In case of suspicion of ML/TF , the Company will:

i)        Seek to identify and verify the identity of the customer and the beneficial owner(s), irrespective of any specified threshold that might otherwise apply; and

ii)      File an STR with the FIC, in accordance with the requirements under the Law if the amount is equivalent or more than EU 15,000 or in foreign currency.

Ø  The Company will monitor transactions of foreign exchange operations in cash amounting to equivalent or more than EU 3,000 or equivalent to foreign currency amount to determine whether they are linked. Transactions could be deliberately restructured into two or more transactions of smaller values to circumvent the applicable threshold.

Ø  The Company will verify the identification of a customer using reliable independent source documents, data or information including verification.

Ø  Similarly, the Company will identify and verify the customer’s beneficial owner(s) to ensure that the Company understands who the ultimate beneficial owner is.

Ø  The Company will ensure that it understands the purpose and intended nature of the proposed business relationship or transaction. The Company will assess and ensures that the nature and purpose are in line with its expectation and use the information as a basis for ongoing monitoring.

Ø  The Regulations require the Company to identify and verify the identity of any person that is purporting to act on behalf of the customer (―authorized person‖). In this regard Company will also verify whether that authorized person is properly authorized to act on behalf of the customer by demanding an authorization letter in Company’s designed pro-forma (which requires reason for using third person) and matching customer signatures against those in Company’s record. Customer Call Back confirmation will also perform where customer signatures would be doubtful. The Company will conduct CDD on the authorized person(s) using the same standards that are applicable to a customer.

Ø  When performing CDD measures in relation to customers that are legal persons or legal arrangements, the Company identifies and verifies the identity of the customer, and understands the nature of its business, and its ownership and control structure.

The purpose of the requirements set out regarding the identification and verification of the applicant and the beneficial owner is twofold: first, to prevent the unlawful use of legal persons and arrangements, by gaining a sufficient understanding of the applicant to be able to properly assess the potential ML/TF risks associated with the business relationship; and second, to take appropriate steps to mitigate the risks. In this context, the Company will identify the customer and will verify its identity. The type of information that will be needed to perform this function shall be as specified in Annexure 6.

Ø  In the case of several monetary operations which appear to be linked, the customer must be identified immediately after establishing that several monetary operations are linked. Several operations shall be considered to be linked if the customer carries out within 2 days several virtual currency exchange operations or transactions in virtual currency with funds amounting to R24,999.99 or more, or the equivalent amount in foreign or virtual currency, or carries out within 2dyas several operations of depositing virtual currency to or withdrawing virtual currency from the depository virtual currency wallet in the amount equal to or exceeding EUR 1 000, or the equivalent amount in foreign or virtual currency.

If the Company will have any reason to believe that an applicant has been refused facilities by another exchange house of digital assets due to concerns over illicit activities of the customer, it will consider classifying that applicant as higher-risk and will apply enhanced due diligence procedures to the customer and the relationship, filing an STR and/or not accepting the customer in accordance with its own risk assessments and procedures.

A.     TIMING OF VERIFICATION:

The Company will undertake verification prior to entry into the business relationship or conducting a transaction.

Where CDD checks will raise suspicion or reasonable grounds to suspect that the assets or funds of the prospective customer may be the proceeds of predicate offences and crimes related to ML/TF, the Company will decline trading accounts to such customers. In such situations, the Company will consider filing an STR with the FIC and will ensure that the customer is not informed, even indirectly, that an STR has been, is being or shall be filed.

CDD SHALL BE PERFORM FOR THE FOLLOWING OCCASIONAL TRANSACTIONS:

1.       A single operation or several operations which appear to be linked or transactions the value whereof equals or exceeds EUR 15,000 or an equivalent amount in foreign currency;

2.       currency exchange operations (buying or selling currency) in cash, where the amount of cash being acquired or sold amounts to or exceeds EUR 3,000 or an equivalent amount in foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked;

3.       Virtual currency exchange operations or transactions in virtual currency the value whereof equals or exceeds R24,999.99 or an equivalent amount in foreign or virtual currency, or before depositing identified. or withdrawing virtual currency amounting to or above EUR 1,000 or an equivalent amount in foreign or virtual currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked (the value of the virtual currency is determined at the time of the monetary operation or transaction), unless the Customer and BO have already been Identified.

4.       For the purposes of effective ongoing monitoring of the Business Relationship and Occasional Transactions referred and timely determination of the several related monetary operations or transactions, the Firm has to perform Identification on the payer and the payee carrying out the transaction, and screen the payer and the payee against the relevant financial sanctions list even where the transaction is performed below the thresholds.

B.      EXISTING CUSTOMERS:

The Company will apply CDD/EDD measures to existing customers on the basis of materiality and risk, and to conduct due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained. For this purpose, Company will perform CDD/EDD measures on its existing customers at the frequency as defined in the following section of Period Risk Reviews.

        I.            Further, if the Company will have suspicion of ML/TF or will become aware at any time that it lacks sufficient information about an existing customer, it will take steps to ensure that all relevant information is obtained as quickly as possible irrespective of CDD/EDD revised information collection frequency set as per risk classification of customer.

      II.            The Company will rely on the identification and verification steps that it has already

undertaken, unless it has doubts about the veracity of that information. Examples of situations that might lead Company to have doubt include significant change in the value of injections into his/her trading account, or change in correspondent address to an area / country with high susceptibility to money laundering, terrorist financing or other predicated offences.

   III.            Where the Company will be unable to complete and comply with ongoing CDD/EDD requirements as specified above, the Company will terminate the relationship. Additionally, the Company will consider filing an STR to the FIC.

REFUSAL TO ON-BOARD / TERMINATION OF A BUSINESS RELATIONSHIP OR OCCASIONAL TRANSACTIONS

In case of a new Customer, if the company is unable to fulfil its CDD obligations (e.g. verify the Customer ‘s identity) because the data or documents allowing the Identification and/or verification of a Customer or BO‘s identity, or determination of a purpose and intended nature of the Business Relationship or Occasional Transactions adhering to the criteria CDD cannot be obtained due to the fact that:

i)        The Customer is uncooperative and/or does not provide the requested data or information necessary to perform CDD; and/or

ii)      If there are no relevant reliable and independent sources to verify the information provided by the Customer, the company must duly assess the ML/TF risk and take appropriate measures to mitigate such risk which may include the refusal to on-board such a Customer or perform the Occasional Transaction adhering to the criteria in CDD.

The termination of the Business Relationship or Occasional Transaction adhering to the criteria specified in CDD must be taken only if it is proportionate and should be possible only after the other appropriate measures are exhausted and the Firm is still unable to comply with the AML/CFT requirements.

IDENTIFICATION AND VERIFICATION OF THE CUSTOMER WHEN THE CUSTOMER IS NOT PHYSICALLY PRESENT:

The Customer and BO can be identified and their identities verified without the Customer being physically present for identification in one of the following alternative ways:

1.       when using the Third Party information on the Customer and BO;

2.       When using electronic means allowing video-streaming by one of the following methods:

a.       The original of the identification document or the equivalent residence permit in South Africa

is captured through video streaming and the Customer’s identity is confirmed by at least the advanced electronic signature in line with the requirements.

b.       The Customer’s facial image and the original of the identification document or the equivalent residence permit in South Africa produced by the Customer are captured by way of video-streaming,

3.       in cases where:

Before commencing the use of the services of the Firm, a payment order is made to the payment account of the Firm from the account held on behalf of the Customer in the credit institution which is registered in South Africa State which applies the requirements equivalent to the requirements of the Law and which is monitored by competent authorities as to the compliance with such requirements; and