KYC - AML Policy
Money Laundering – what is it?
Money laundering comprises, in summary, being in possession of, or dealing in any way, or assisting another party in connection with, property arising from any criminal offence, including terrorist related activities. Accordingly, if suspicion is formed about such an activity, it needs to be reported to the Money Laundering Reporting Officer (MLRO) for consideration, which in this case is the External Consultant. Criminal property means any pecuniary or proprietary benefit arising from criminal conduct. Money laundering also includes any matters connected with funds being used or provided for any terrorism related purpose where no other crime may have taken place. We are not required to become experts in criminal law. But we should apply our general knowledge and experience in seeking to fulfil our legal obligations. Apart from the more obvious offences relating to drugs trafficking, terrorism, fraud, theft and false accounting, and such offences as you may be aware of from service line specific knowledge, consideration also needs to be given to other potential offences which may well be encountered in business. These include bribery, corruption and criminal breach of competition. If in doubt, we should contact our advisor, which plays the relevant role in such cases.
Fraud – what is it?
Fraud, for the purposes of these procedures, relates to actions taken by potential or existed customers to make fraudulent moves and transactions to the detriment of our company by using false identities and personal details &/or false credit card details to deposit and withdraw money which will possibly be reclaimed at a later stage through a chargeback by the rightful owners. Fraud could also relate to a legitimate customer who falsely claims that his credentials- ways of payment (e.g. Credit Card) was used without his knowledge so that he can recover monies lost on bets. Internal fraud is covered by other internal controls and procedures implemented by STREAMFLOW EOOD.
General Policy KYC-AML
- 2.1 STREAMFLOW EOOD shall only carry on business with persons whom they have adequately identified and in whom there is no suspicion of criminal or terrorist activity.
- 2.2 STREAMFLOW EOOD shall not accept to open anonymous accounts or accounts in fictitious names such that the true beneficial owner is not known.
- 2.3 STREAMFLOW EOOD shall not accept customer residing from a non reputable jurisdictions.
- 2.4 STREAMFLOW EOOD shall keep at all times a secure online list of all registered customers and also keep contact with them.
- 2.5 STREAMFLOW EOOD must not launder money or assist others to do so intentionally or otherwise.
- 2.6 STREAMFLOW EOOD shall take all measures necessary to detect and prevent fraudulent customers and activity through regular monitoring.
- 2.7 STREAMFLOW EOOD must not impede, by action or inaction, any official investigation of money laundering.
- 2.8 STREAMFLOW EOOD personnel must report any suspicion of money laundering to the MLRO – The External Auditor- Counsellor.
- 2.9 The personnel shall affect all Anti-Money Laundering Actions through its MLRO who will in turn escalate the reports as necessary.
- 2.10 STREAMFLOW EOOD shall, as much as possible, follow the relevant 40 + 9 recommendations of the Financial Actions Task Force (www.fatf-gafi.org).
- 2.11 STREAMFLOW EOOD shall follow all the laws and regulations relating to anti-money laundering and prevention of terrorism.
- 2.12 STREAMFLOW EOOD shall provide the necessary training for its personnel in anti-money laundering and fraud procedures.
- 2.13 STREAMFLOW EOOD shall keep records of all procedures carried out and reporting effected.
STREAMFLOW EOOD’ approach
- We should endeavour to establish the identity of our customers as soon as is reasonably and practically possible where deposit turnover exceeds €2.000 per day or over €15,000 per month whichever happens first. This only goes, with our registered customers in our data-base.
- We are inter-mediators of cash handling- via electronic vouchers or similar means of handling and transferring money, only, with well-respected Credit, E-Money institutions as well as Publicly Known Institutions or Regulated Banking Institutes. Our Major Clients- are considered to be these Institutions.
- We do not Co-operate or have any business relationship with shell banks- and we do not intent to.
- We wish to do business only with well-respected rated Institutions, and therefore we ask them to provide us with their
~ Publicly known Ranking
~ KYC and AMC Policies and Procedures
~ Permissions or chart of authorities, for conducting relevant business in their based country.
- We should obtain reasonable information, adequately documented and corroborated, about the identity of all our customers when required to do so, if there is doubt about the authenticity of the customer or when money transferring figures raise concern.
- From the information gathered, we should be able to obtain a reasonable assurance about the identity of our customer and that he or she is not involved in any criminal or terrorist activity or activities.
- If we should develop suspicions of money laundering activities regarding a client or a proposed client, or any third party observed in the course of our business, (wherever that client or third party may be located) we should report promptly to the company’s Money Laundering Reporting Officer (MLRO). The MLRO will investigate, analyze, consult and, if appropriate, report the activity to authorities and also BoG. The company reserves the right to take any other action considered legal and necessary.
Anti - Money Laundering and Fraud Guidance- Terminology
This Guidance is based on regulatory requirements and FATF40+9 recommendations – breach of which may well result in legal liability for the company and/or the individuals concerned. Adherence to this Guidance is, therefore, important for your protection as well as that of the company. Legalization of Revenue that may come from criminal activities (ML- MONEY LAUNDERING), according to Greek legislation (L.3691/2008, article 2) may consist from the following actions:
- The conversion or transfer of property, in the knowledge that comes from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of, or assistance to anyone involved in these activities, In order to avoid the legal consequences of these (illegal) actions.
- Concealment or disguise of the truth by any means or manner, regarding the nature, origin, distribution, handling, or use of property or the place where it has been acquired or is situated. Likewise by the ownership of the property or related property rights, aware of the fact that such property is derived from criminal activity or from an act of participation in such criminal activities etc.
- The acquisition, possession, management or use of property, knowing at the time of the acquisition or management, the fact that the property was derived or come from criminal activity or from an act of participation in such criminal activities.
- The use of the financial sector with the placing in this or using this sector through transactions, with income derived from criminal activities, with a view to give some semblance to such revenue (that come from illegal activities).
- The organization in a team or group from at least two people to commit one or more of the acts referred to in the above elements and the participation in such an organization, team or group.
- Laundering of income (revenue) from criminal activities, the activities of which comes the to legitimise property, when these activities took place at the territory of another Country, where they considered to be basic offense if committed in Greece and be punishable in accordance with the legislation of that Country.
- We are looking thorough the Country of Main Professional Activity of our customer. Therefore as Country of Main professional activity is defined, the country from which:
- Comes the main part (bulk) of the funds of the Customer,
- Where mainly operates as professional (the customer),
- Where the business transactions of the customer are carried out mainly, either directly or through partner(s),
- Where the Customer has an important political or entrepreneurial activity and presence (i.e. country in which it is considered as politically exposed person).
- Caution: in case of offshore companies the above points (1) – (4) should be assessed in relation to the real beneficiary (Beneficial Owner).
- Indicative parameters for the assessment of the countries in which the customer operates, is also the country of residence and nationality of the Customer.
Under the principle «Know Your Customer» requires the continuous monitoring of the following:
- The determination of the country’s main business activity for each Customer, and
- The selection and classification of the most dangerous country (high risk, e.g. Not FATF countries), in which case the customer operates his main professional activities, when is more than one country.
- EXAMPLE- Customer located in Greece, has been active in exports to Russia (which is directed toward the 1/3 of exports) and in China (where directed the 2/3 of exports). The countries of Russia and China are not included in non-high risk for ML. Between the two is selected as the country Main professional activity for the particular customer, China, as well as the customer develop toward this greater business activity
Client authentication procedures and “know your client” (KYC) information
The identification of the customer (beneficial owner) must be carried out before entering into business relations and in any case before the conclusion of transactions and with the use of reliable third party sources (third party diligence) which their data are hard to be falsified/ forge/faked.
By way of derogation- from the previous paragraph- shall be permitted to complete the verification of the identity of the customer (beneficial owner) when entering into business relations, where this is required, so as not, to, interrupt the smooth provision of services. However, even in this case, the risk money laundering from criminal activities or terrorist financing must be small. In these cases, the proceedings are terminated as soon as possible after the initial contact, and in any case no later than 30 days. The data for the identification of the customers (true) identity as well as the process of opening a new customer’s file is included, in the process of operations.
For the preparation of the profile of the customer, we request as minimum the following:
- The description of the professional or business activity,
- The elements of the Group/ associated companies/ the ownership structure and composition of shareholders , the country Headquarters of the Group / the associated companies,
- The real beneficiaries, historical data of growth, professional and operational activity,
- Assets size sources and assets and in general the economic background
Economic /Transactional profile:
- Real country of operations
- The purpose of the relationship and the business – financial services accounts ,
- The nature of the requested banking/ non-banking services ,
- The planned movement of accounts, and money transferring
- The variety and the amount of trade ,
- Country/countries of destination for outgoing transfers or payments,
- Reference to the risks that could result from the relation, example due to Country Risk, legal form, kind of transactions, services, and products .etc.
It should be noted that the data collection should be carried out taking into account comply with the principle of protection of personal data of the Customer.
A. For Recurrent – Business Customers- Partners
The company accepts the customer only where they do not belong to any of the categories of non-eligible customers. The verification of the customer is been carried out in accordance with the Operations procedures (registration process /Identification / Acceptance of prospective customer).
- During the assessment of the customers, the policy of the company for the Money Laundering (from now ML) and (Financing Terrorism) (from now on FT) is taken seriously into account. Moreover the risks involved and occur, from the operation of the company since the beginning of the relationship.
III. If, during the course of the cooperation, issues occur that are grounds for breaking off this cooperation and from the beginning rejection of the relationship for reasons ML and FT, the decision shall be communicated to the customer without mentioning the real reasons and inform immediately the MLRO.
- The company may revoke its decision on co-operation in case problems occur:
– During the stage of identification of the Customer
– During the presentation and control of legitimising documents
– During the relationship
B. For non-Recurrent Customers (Physical Persons)
- Non recurrent is considered to be a customer, that is not strategically selected, as a business partner, all of the times it is a physical person, so there, limited KYC and AML Procedures do apply.
- Non Recurrent customers, are considered to be those customers (physical persons) that use STREAMFLOW EOOD’ electronic of E-Voucher services, but the issuing of these vouchers are done by a third party (business partner/ customer) that goes through KYC procedures, within his own network and takes logical measures (Due Diligence Procedures).
- For those customers, the strategic partner/ customer must demonstrate the KYC and AML Procedures that he performs in order for STREAMFLOW EOOD to obtain a third party reliance upon the no-recurrent customer.
- Also Business Partner/ Customer shall demonstrate the collection and verification of information and also identification of information, which is carried out, under specific thresholds. In any case, STREAMFLOW EOOD and the relevant MLRO officer or External Auditor has the authority to conduct audits to this matter.
- When there are reasonable grounds for suspecting money laundering from criminal activities or financing of terrorism regardless of any derogation, exclusion or threshold amount (minimum threshold) of the transaction to be carried out, then we apply measures of due diligence independent from the amount of transaction, despite the measures that our business customer partner applied.
- The minimum data that our Business Customer/ Partner has to collect – regarding physical persons (non recurrent customers) and people that are using STREAMFLOW EOOD’ money transaction services (E-Vouchers) are the following,
In simplified Due Diligence
Required information Documents Required Certification
- Name- Surname
- Date –Place of birth
- I.D. / Passport number
- Issuing authority
An identity card or passport (or equivalent document) –valid- or identity card of Armed/ Security forces, which bring photo of the Customer. Valid (current) Home Address and contact phone Utility +phone bill Profession and current address of workplace Copy of his employer, copy of last salary statement or beginning ca –tax office, professional identity or document of Social Security Institution. Tax Identification Number Photocopy of salary slip/ tax awareness document or utility account
In Normal and Increased Due Diligence (most of the cases)
Business relationship & trade without physical presence of the Customer
Because of the nature of the object of our company, all transactions are carried out without the physical presence of the customer. So the same or additional measuresmay apply. Additional measures, such as: Client identification with additional supporting documents, data or information from valid reliable 3rd party sources. Ensuring that the first payment, within the framework of the business relationship, or any individual transactions, carried out through an account opened in the customer’s name with a credit institution established in one of the Member States of the European Union or in a state with an equivalent supervisory regime and Controlling State Authorities. Countries characterised by the FATF as “uncooperative” or the countries which do not apply or apply poorly the recommendations of the FATF, considered high-risk countries. There are no business relationships with natural or legal persons, including credit institutions and financial institutions, which are derived or have establishment of headquarters in these countries. Transactions which may come/ result from these countries, regarding market products services that our customers’ needs, shall be examined with particular attention and are subject to continuous monitoring.
Customer Data- Maintaining files
The completeness of the supporting documents that have been collected for the certification and verification of the identity of strategic customers and partners by STREAMFLOW EOOD, and on some and physical entities/ persons, is checked on the basis of the “Condition Required supporting Authentication Legal (and physical) Persons”, by specific employees or the MLRO. This situation is part of the file each Customer.
Also, we check the quality of the supporting documents, which must in any case be:
- Legible and readable
- Formal and official documents
- Valid at the beginning of the relationship
With respect to the certification of the identity of the legal persons or entities, the validity of legitimising the required documents shall be certified by the cooperating law consultant office/ employees of our company.
With regard to the legal persons established outside Greece without installation in the country, the documents to be presented should be bearing the stamp Apostille and translated into officially Greek language, if the company deems it necessary.
The identification of the customers, as well as the legal documents of companies should be checked annually and updated accordingly. The photocopies of the above documents authentication shall be kept for a period of at least five years after the end of the business relationship, in such a way as to ensure the confidentiality of collected data. The financial transactions should be kept for ten years or as long as the EU and Local Legislation requires.
Responsible, for further communication with the Greek AML State Authority or other competent State authority is the Legal Representor (or CEO) of STREAMFLOW EOOD- in case that these been requested:
- Data authentication of the beneficiaries of the account,
- Data authentication of persons who have the right of controlling the account ,
- Legal documents of all kinds legal entities/ persons ,
- Data authentication of administrators and their legal representatives who are authorized to initiate and move the account of a legal person, legal documents and supporting documents of trade,
- Data relating to the volume and the transactions carried out by the means of account which indicates the
- origin of the money,
- Type and amount of currency of the transaction ,
- The way in which the money deposited or taken, i.e. cash, electronic transfers etc
- Identity of the person who carried out the transaction ,
- Destination of the money ,
- Written approvals and authorisations of Customers
- Type and number of account involved in the transaction
Where identification procedures do not satisfy us as to the true identity of the customer the MLRO must be consulted to determine if the issues can be resolved. This is vital as consent from the authorities may be required before we proceed if we are to avoid being charged with non-compliance with applicable regulations.
Rating Strategic Customers/ partners
The company, for the identification and evaluation of the overall risk facing, take into account at least:
- The risk from the business/ professional activity of the customer (e.g. complex ownership structure legal persons, PEP, etc),
- The risk from the market behavior of the customer (e.g. difficulties in identifying the source and origin of the assets of the client, reluctance to disclose their real owners legal person etc.),
- The risk from the products and services provided to the customer (e.g. web check out, mobile check out etc.),
- Country Risk (Origin, destination funds or carrying out work).
The parameter taken into account for the assessment and the classification of customers by degree of risk is:
As a result of this evaluation, the customers of the company are classified internally in three categories:
- Low Risk
- Medium Risk
- High Risk
STREAMFLOW EOOD, carries out, periodic assessment clients from the Commercial Department for all customers. In addition, may hold an emergency assessment and customer accounts. The special assessment shall be carried out according to the criteria in the system. In particular, the emergency procedure evaluation is activated on the following cases:
- When the customer makes an important for him and for his profile transaction (if the average trade increased both in volume and value over 20 %.)
- When the customer may have high volume disputed transactions
- When there is a significant change in customer information (e.g. on the operations of the customer)
- When the company realized that lacks sufficient information for an existing customer or there are doubts as to the accuracy and adequacy of the data collected in the past.
Generally, customers are classified into three (3) risk categories with the following characteristics:
Α = High Risk Grade:
- Legal persons established outside Single Economic Space and FATF offshore companies (Not Applicable)
- Legal persons or associations of persons non-profit-making body, trusting funds, institutions and accounts for third.
- PEP of third country. (Not Applicable)
- Customers operating in some of the classes which the company considers as high-risk
- Customers based or activity in one of the countries which the company considers as increased risk each other case which is classified in this category by the responsible Compliance
Β = Medium Risk Grade:
All the other cases which are not covered by the specific categories
C = Low Risk Grade
- Credit institution or financial institution of a Member State of the European Union, or a credit institution or financial institution which is situated in a third country which imposes requirements which are equivalent to those laid down in European Community legislation and is subject to supervision with respect to the compliance with these requirements,
- Company whose securities are admitted to trading on a regulated market in a Member State of the European Union or in a third country are subject to transparency requirements that are equivalent to those laid down by European Community legislation,
- National Public Authorities.
For the purpose of calculating the limit of 15,000 euro will be taken into account all the transactions which it seems to have been a relationship between them- due to FATF regulations and conditions.
The above classification is carried out by means of a written risk analysis for each customer for the categories high and medium.
For the customer of high-risk measures apply enhanced due diligence.
Continuous Monitoring of business relationship
The business relationships are monitored continuously, through the continuous examination of transactions and activities of the customer and the actual beneficiaries throughout the duration of the relationship. If new information arises during the examination of the activities of the customer and the trade, from another unit of the Company or from independent sources which relate to the transaction or economic activity of the customer, then his profile shall be updated whenever the transactional/financial profile of the customer with care of the parties involved (Customer Relationship Officer, Commercial Address) and also reevaluate the relationship.
Document monitoring and Tracking
STREAMFLOW EOOD in addition of the responsibility of the collection and storage of the identity of clients, also has the responsibility of updating them throughout the duration of the business relationship and in particular when there are doubts about their validity. The verification of data shall be carried out on a periodic basis.
For the updating of the information letter is sent to the customer and the real beneficiary, in which all the data and documents in the possession of the company and calls for written confirmation on the accuracy and the validity of or send new updates supporting documents, in case of changes. The file of each customer is kept and all documents of reference samples shall be taken.
The MLRO reviews on a periodic basis the completeness of files of customers, the updating and the compliance with the current procedures.
In case that it is not possible to update the authentication of the client, shall be informed the Customer Relationship Officer for further action with the Customer.
If difficulties arise with regard to updating of the data, it is possible that:
a) We terminate the relationship
b) Submission of confidential reporting suspicious transactions to the corresponding AML State Authority, where there are visible signs of ML and FT.
Monitoring of accounts & transactions
STREAMFLOW EOOD and in particular the Economic Department continuously monitors the accounts and transactions of customers for the effective treatment of risk ML and FT, through to identify unusual or suspicious transactions. For example, controlled the nature of each individual transaction irrespective of the amount involved e.g. the category of financial instrument, the frequency of transactions, the complexity, the country of destination, the origin, if there is sufficient justification and whether it is compatible with the nature of the transaction, etc.. In any case, the transfer of funds shall be made into an account payment which has been opened and maintained by the customer in an approved credit institution within the EU.
Right of Audit
STREAMFLOW EOOD will ensure that all customer identification documentation is safe and is forwarded to local authorities, in a timely manner, only upon request.