AML AND SANCTIONS POLICY

RULES OF PROCEDURE VALID AT ARBONUM LIMITED LIABILITY COMPANY

FOR MONEY LAUNDERING AND TERRORIST FINANCING PREVENTION AND FOR THE APPLICATION OF INTERNATIONAL SANCTIONS, AND THE PROCEDURE OF VERIFYING ADHERENCE THERETO

These present rules procedure for money laundering and terrorist financing prevention and for the application of international sanctions (hereinafter referred to as the Guideline) have been prepared by

ARBONUM L.L.C-FZ, a limited liability company registered under the laws of the Dubai, United Arab Emirates with Registration Number 2310797 and registered office at Business Center 1,  M Floor, The Meydan, Nad Al Sheba, Dubai, U.A.E

And

ROWLING LIMITED, a limited liability company registered under the laws of the Republic of Cyprus with Registration Number HE 237792 and registered office at Christabel House, 118 AgiasFylaxeos St., 3087, Limassol, Cyprus

(hereafter both referred to as ARBONUM) to set out the practice policy for complying with AML/CTF regime and European regulation. European AML regulation is based on a series of legislative directives. The policy has been prepared by  ARBONUM to set out the practice policy for complying with AML/CTF regime and European regulations. European AML regulation is based on of the following legal acts:

•         Directive (EU) 2015/849 of May 20, 2015 (the "4th Directive");

•         Anti-Money Laundering Directive (EU) 2018/1673 ("6th Directive");

•         Laws of UAE (including  Cabinet Resolution No. 74 of 2020, Federal Decree No. 26 of 2021, Federal Decree No. 20 of 2018);

•         International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation issued by the Financial Action Task Force (the FATF Recommendations);

•         other similar anti-money laundering laws and authorities in other jurisdictions in which the ARBONUM operates.

Definitions

The definitions listed below shall be used in the present Guideline in the following meaning:

A beneficial owner means a natural person who, via ownership or other type of control, has the final dominant influence over a natural or legal person, or in whose interests, for the benefit of whom or in whose name a transaction or operation is made. Where a beneficial owner cannot be identified in the manner specified above, the beneficial owner of a company is a natural person whose direct or indirect shareholding or the total shareholding of all of the direct and indirect shareholdings in the company exceeds 25 per cent, including shareholdings in the form of bearer shares or otherwise. ‘Direct shareholding’ means that a natural person personally holds shares in a company.  ‘Indirect shareholding’ means that a natural person holds shares in a company via one or multiple persons or a chain of persons. Where, after all possible means of identification have been exhausted, it is not possible to identify a beneficial owner, the natural person who holds the position of a senior managing official is deemed to be the beneficial owner. Where there are several senior managing officials, several senior managemet of ARBONUM bodies or where another legal person holds shares in a company via one or several persons or chains of persons, the person(s) who exercise(s) actual control over the company and make(s) strategic decisions in the company or, upon absence of such persons, perform(s) day-to-day and regular managemet of ARBONUM is (are) considered the beneficial owner(s).

Terrorist financing means any kind of financial support of a terrorist organisation, its member or a person whose activities have been aimed at committing an act of terrorism, collecting money for this purpose, or making the means for that available.

Money laundering means a transaction made or an attempt to make a transaction using the property derived from criminal activity or property obtained instead of such property for the purpose of concealing or disguising the actual (illicit) origin of the property, the beneficial owner, or the owner, or of assisting any person who is involved in the commission of criminal activity to evade the legal consequences of that person’s actions.

A compliance officer means a person assigned by the ARBONUM. Only a person who has the education, professional suitability, abilities, personal qualities, experience and impeccable reputation required for performance of the duties of a compliance officer may be appointed as a compliance officer. An employee or a structural unit may perform the duties of a compliance officer.  Where a structural unit performs the duties of a compliance officer, the head of the respective structural unit is responsible for performance of the given duties.

A transaction means the process of acceptance of financial means from customers to the  ARBONUM account / payment of financial means to suppliers from the ARBONUM account.

A customer / supplier is any natural or legal entity that:

●      is using or has used the services provided by  ARBONUM;

●      is providing or has provided the services to ARBONUM.

A politically exposed person means a natural person who performs or has performed prominent public functions and with regard to whom related risks remain, also family members and close associates of such a person. Middle-ranking or more junior officials are not considered politically exposed persons. The following persons are deemed to perform prominent public functions: head of State or head of government, minister, deputy minister or assistant minister, member of a legislative body, member of a governing body of a political party, judge of the highest court of a country, auditor general or a member of the supervisory managemet of ARBONUM or executive   a central bank, ambassador, envoy or chargé d’affaires, high-ranking officer in the armed forces, member of an administrative, managemet of ARBONUM or supervisory body of a state-owned enterprise, director, deputy director and member of a managemet of ARBONUM body of an international organisation.

A family member of a politically exposed person means:

●               his or her spouse;

●               a partner equal to a spouse under the law of the person’s country of residence or a person who as of the date of carrying out the transaction had shared the household with the person for no less than a year;

●               his or her children and their spouses or partners within the meaning of the previous clause;

●               his or her parents.

A close associate of a person performing prominent public functions is:

●               a natural person who has a close business relationship with a person performing prominent public functions or with whom a person performing prominent public functions is the joint beneficial owner of a legal person or contractual legal arrangement.

●               a person, to whom a legal person or contractual legal person belongs as a beneficial owner, which is known to have been founded for the benefit of the person performing prominent public functions.

An international sanction means a measure which is not related to the use of armed forces and the imposition thereof has been decided by the UAE, European Union, the United Nations or another international organisation to achieve the following objectives: to maintain or restore peace, prevent conflicts and restore international security, support and reinforce democracy, follow the rule of law, human rights and international law.

The subject of international sanction means a state, a certain territory, a territorial unit, a regime, an organisation, an association or a group against whom the measures prescribed by the act on the imposition of international sanctions are taken; also a natural or legal person, an agency, a civil law partnership or any other entity which is directly specified in the act on the imposition or implementation of international sanctions and with regard to whom the measures prescribed therein are taken.

A high-risk third country means a country specified in a delegated act adopted on the basis of Article 9(2) of Directive (EU) 2015/849 of the European Parliament and of the Council.

Business relationship, within the meaning of the present Guideline, means the relationship between ARBONUM and the customer / supplier that is established upon conclusion of the customer / supplier Contract.

A reliable source, among others, also means the data available in the relevant state registries or the documents issued by state institutions. With regards to document assessment, the main criterion of reliability is whether or not it is an original copy, or whether or not a copy of the original has been certified by the notary, and also an indicator of the reliability of the document is the time and/or place of its issue or preparation. In order to identify or to verify a beneficial owner(s) under the transaction, electronic web-based or other public sources may be used.

Area and profile of activities of a customer / supplier who is a legal person When  ARBONUM establishes business relationship with a customer / supplier who is a legal person, a responsible employee should ascertain the area and profile of activities of the customer / supplier with a view to distinguish the circumstances which indicate money laundering or terrorist financing in the conduct of the customer / supplier. The responsible employee shall, among other things, ascertain permanent business establishments in third countries, its essential business partners and payment practices of the customer / supplier, with due consideration of specifics of operation of ARBONUM.

If it is not possible to establish the area or profile of activities of a legal person on the basis of the information provided by a customer / supplier or his or her representative in a convincing manner, the responsible employee should get in touch with public sources (Register of Commercial Activities, Commercial Register, published annual business reports), Internet (search engines, information registers), and check the information a customer / supplier has submitted and supplement it whenever required.

  1. EXCEPTIONS FROM THE С / supplier PROFILE

1.1.           ARBONUM shall not establish business relationship and refuse from providing services to the persons having the following characteristics:

1.1.1.     anonymous and fictitious persons

1.1.2.     partnerships, trusts, and the providers of trust managemet of ARBONUM service.

1.2.          To reduce risk of geographical factors ARBONUM will not onmanagemet of ARBONUM the customer / suppliers who are the residents of the following countries:

Afghanistan, Albania, Angola, Algeria, Bangladesh, Barbados, Bolivia, Botswana, Burma (Myanmar), Burundi, Cambodia, Central African Republic, Chad, Congo, Conakry, Ivory Coast, Crimea (Ukraine), Cuba, Democratic People's Republic of Korea (DPRK), Ecuador, Egypt, Equatorial Guinea, Eritrea, Ghana, Guinea-Bissau, Haiti, Guyana, Iran, Iraq, Lao People's Democratic Republic, Lebanon, Libya, Mali, Morocco, Myanmar, Nepal, Nicaragua, Northern Macedonia, Pakistan, Panama, Qatar, Saudi Arabia, Somalia, South Sudan, Sudan, Syria, Tunisia, Uganda, Vanuatu, Venezuela, Yemen, Zimbabwe, Jamaica.

ARBONUM also will not accept customer / suppliers from the following disputed territories, since they do not provide generally recognized official documents: Donetsk People's Republic (DPR) / Luhansk People's Republic (LPR), Pridnestrovian Moldavian Republic, The Nagorno-Karabakh Republic, Republic of Abkhazia, Republic of Somaliland, Republic of South Ossetia, Turkish Republic of Northern Cyprus, The Republic of China (Taiwan), Republic of Kosovo, Sahrawi Arab Democratic Republic, Republic of Artsakh.

Passports issued by the Russian Federation in Crimea and passports issued to residents of Donetsk and Luhansk regions of Ukraine are not subject to verification.

2.     ESTABLISHING BUSINESS RELATIONSHIP WITH PERSONS COMING FROM HIGH-RISK THIRD COUNTRIES

2.1.          Enhanced due diligence measures shall be applied with regard to the persons coming from high-risk third countries:

2.1.1.     additional identity documents shall be asked from the customer / supplier and/or his or her beneficial owner and verified using a reliable and independent source;

2.1.2.     additional information about the beneficial owner shall be obtained;

2.1.3.     a permit for establishing business relationship or carrying out a transaction shall be obtained from the managemet of ARBONUM of ARBONUM;

2.1.4.     a monitoring over business relationship with the application of more frequent and detailed measures shall be implemented.

3.     DETERMINING THE RISK PROFILE OF A CUSTOMER / SUPPLIER

3.1.          The code of practice when establishing business relationship or making a transaction in case of different risk profiles:

3.1.1.     Low risk – an employee may establish a business relationship and make a transaction immediately.

3.1.2.     Average risk – an employee must analyse whether or not it is required to apply additional due diligence measures, and if there is no need for that, he or she may establish a business relationship or make a transaction. In the event of emergence of the need to apply additional due diligence measures, an employee must apply additional due diligence measures and, proceeding from their result, decide whether or not a business relationship may be established, and whether or not a transaction may be made.

3.1.3.     High risk – if the customer / supplier or a transaction have a "high" risk profile, before carrying out a transaction, enhanced due diligence measures should be applied, including obtaining a permit from the managemet of ARBONUM for establishing business relationship or making a transaction.

4.     GENERAL REQUIREMENTS FOR ESTABLISHING IDENTITY

4.1.          In order to establish identity on the basis of submitted documents, the following shall be assessed:

●               the validity of a document in accordance with their terms of validity,

●               the person resembles the person depicted on the document photo in terms of appearance and age and the data included in the document,

●               whether or not the document has visible signs of forgery or is damaged.

4.2.          The identity of a natural person representative of a legal person shall be established under the same conditions as of a natural person customer / supplier.

5.     PROCEDURES FOR APPLICATION OF DUE DILIGENCE MEASURES

5.1.          When providing a ARBONUM’s service, the employees of ARBONUM shall apply the following due diligence measures:

5.1.1.     identification of a customer / supplier or a person participating in a transaction on the basis of the documents and data submitted by him or her based on information obtained from a reliable and independent source, including using means of electronic identification and of trust services for electronic transactions;

5.1.2.     identification and verification of a representative of a natural or a legal person and their right of representation;

5.1.3.     identification of the beneficial owner and, for the purpose of verifying their identity, taking measures to the extent that allows ARBONUM to make certain that it knows who the beneficial owner is, and understands the ownership and control structure of the customer / supplier;

5.1.4.     understanding the purpose of the business relationship or the purpose of the transaction, identifying, inter alia, the permanent seat, place of business or place of residence, profession or field of activity, main contracting partners, payment habits, and, in the case of a legal person, also the experience of the customer / supplier;

5.1.5.     gathering information on whether a person is a politically exposed person, their family member or a person known to be close associate;

5.1.6.     monitoring of a business relationship;

5.1.7.     in the relevant case, gathering information about the origin of the wealth of the customer / supplier.

5.2.           ARBONUM must identify a person and verify data using information technology means where the establishment of business relationships take place with a person.

6.     ESTABLISHING IDENTITY OF A NATURAL PERSON UPON ESTABLISHMENT OF BUSINESS RELATIONSHIP

6.1.           ARBONUM identifies the customer / supplier, and, where relevant, their representative and retains the following data on the person and, where relevant, their representative:

6.1.1.     first name and surname;

6.1.2.     personal identification code or, where none, the date and place of birth;

6.1.3.     place of residence or seat;

6.1.4.     information on the identification and verification of the right of representation and scope thereof and, where the right of representation does not arise from law, the name of the document serving as the basis for the right of representation, the date of issue, and the name of the issuer;

6.1.5.     activity profile;

6.1.6.     profession and field of activity;

6.1.7.     purpose and nature of establishment of business relationship;

6.1.8.     a beneficial owner, if applicable.

6.2.          The establishment and verification of identity of a natural person takes place on the basis of an identity document. Identification and verification of identity shall be carried out by the employees of  ARBONUM  that come into immediate contact with the customer / supplier.

6.3.          The responsible employee shall put down the data in writing on the basis of a questionnaire, and a person must sign the document in order to confirm the correctness of the data.

6.4.          Documents used for identification purposes:

6.4.1.     an identity document;

6.4.2.     a digital identity document;

6.4.3.     a residence permit;

6.4.4.     a passport;

6.4.5.     a diplomatic passport;

6.4.6.     a seafarer's discharge book;

6.4.7.     an alien passport;

6.4.8.     a temporary travel document;

6.4.9.     a refugee’s travel document;

6.4.10.  a certificate of record of service;

6.4.11.  a certificate of return;

6.4.12.  a permit for return;

6.4.13.  a valid travel document issued in a foreign state;

6.4.14.  a driving licence that has a name of the user, his or her photo or face image, signature, or a signature image, and a date of birth or a personal identification number on it.

6.5.          The responsible employee at ARBONUM shall assess the following:

6.5.1.     the term of validity of a document, according to the terms of validity;

6.5.2.     the person resembles the person depicted on the document photo in terms of appearance and age;

6.5.3.     the personal identification number corresponds to sex and age;

6.5.4.     if a responsible employee has some doubts as to the authenticity of the document with regard to the information contained in the codes issued to natural persons by a foreign state or to their identity, the employee shall consult with a foreign representative office or another competent institution.

6.6.          The employee shall make a copy from the pages with personal information and a photo in the submitted document and register other data collected about a person in the information system of ARBONUM.

6.7.          A politically exposed person:

6.7.1.     In addition to identification, the employee of ARBONUM upon the application of due diligence measures shall also ascertain whether or not the customer / supplier is a politically exposed person.

6.7.2.     First and foremost, the employee must try to ascertain whether or not the customer / supplier is a politically exposed person on the basis of his or her statements or assertions. If the employee suspects that, regardless of the statements of the customer / supplier, he or she is a politically exposed person, the employee must carry out an initial check-up, using online search engines or relevant databases. If suspicions persist, the employee should turn for further instructions to his or her head/supervisor, who, whenever required, shall consult with a compliance officer or with the    ARBONUM.

6.7.3.     The employee of ARBONUM shall also ascertain close associates and family members of a politically exposed person if there is reason to believe that there is a connection.

6.8.          A beneficial owner of a natural person shall be identified if the employee has a suspicion that the natural person has been asked, tempted, threatened, bribed, or in any other manner forced to establish business relationship or make a transaction. In this case a person that exercises control over a natural person shall be considered a beneficial owner of a natural person.

6.9.          Verification of documents and data:

6.9.1.     The employee of ARBONUM shall check the data submitted for the purpose of establishing the identity of a natural person as well as relevant references by means of reliable and independent sources, including public registers and official bodies.

6.9.2.     The responsible employee at ARBONUM shall be in charge of regular verification of data.

7.     ESTABLISHING IDENTITY OF A LEGAL PERSON UPON ESTABLISHMENT OF BUSINESS RELATIONSHIP

7.1.          When establishing the identity of a legal person, the following shall be ascertained:

7.1.1.     business name;

7.1.2.     registry code, or registration number and time;

7.1.3.     place of seat and field of activity;

7.1.4.     information about the legal form and legal capacity;

7.1.5.     name of the head of the company or the names of the members of the management of company or the members of another body acting on behalf of the management of company and their authorities upon the representation of the legal entity;

7.1.6.     means of communication;

7.1.7.     existence of politically exposed persons;

7.1.8.     data concerning a beneficial owner.

7.2.          A legal person is identified on the basis of the data contained in the register. If ARBONUM  has access to the Commercial Register, a Register of Non-Profit Associations and Foundations, or to the data contained in relevant foreign registers, the customer / supplier does not have to submit a registration card to ARBONUM. The responsible employee shall register the data concerning a legal person on the basis of the questionnaire, and a representative of a legal entity undertakes to confirm the correctness of data by his or her signature.

7.3.          The responsible employee shall make copies of identity documents of the representatives of a person and register the data of a legal person in the information system of  ARBONUM.

7.4.          If it is not directly obvious from the documents submitted for the purpose of identification or from any other documents who a beneficial owner of a legal person is, the relevant data shall be registered on the basis of written confirmation provided by the representative of a legal person. The correctness of the data contained in the written confirmation shall be verified by applying reasonable measures, including making enquiries into relevant registers, asking for the submission of annual year reports of a legal person or for the submission of other relevant documents.

7.5.          Establishing and verifying the right of representation:

7.5.1.     The responsible employee must make sure whether or not a person is acting on his or her own behalf or on behalf of some other (natural or legal) person. If a person is acting on behalf of some other person, the employee must establish who this person is.

7.5.2.     The employee must ascertain the ground for the right of representation of a representative, its scope, and term of validity.

7.5.3.     With regard to authorized and legal representatives, the employee should find out whether the representative knows the person he or she is representing. Hereby, among other things, it should be checked whether the representative knows: the essence and purpose of the expressions of will of a person he or she is representing; his or her economic and professional activities; the goal of transactions; the partners of a person; the circle of owners of a legal person.

7.5.4.     The representative shall confirm with his or her signature that he or she knows and is sure of the source and the legal origin of the funds used within the transaction carried out on behalf of the person he or she is representing.

7.6.          Procedure for updating data/documents used for the purpose of identification:

7.6.1.     The employee of ARBONUM updates the data obtained in the course of identification and verification at least one (1) time a year, and with regard to high-risk cases, every six (6) months.

7.6.2.     For updating, the employee of ARBONUM uses the following means and measures: verifies data in public databases and registries; when the term of validity of a document is coming to an end, the employee shall get in touch with the customer / supplier and ask him or her to submit an updated document.

8.     CUSTOMER / SUPPLIER’S TRANSACTIONS AND OPERATIONS MONITORING

8.1.          After establishing a relationship with the customer / supplier, the customer / supplier’s business relationships, including transaction and operations, are monitored on an ongoing basis- ongoing customer / supplier due diligence (ODD) is applied. This shall ensure that transactions and operations are consistent with ARBONUM’s information of the customer / supplier, its business and risk profile.  ARBONUM maintains real–time and retrospective monitoring of business relationships and operations.

8.2.          Responsible employees of ARBONUM must monitor customer / supplier’s transactions on an ongoing basis for any unusual operations or activities. Unusual features may be related to the size of the transaction, which is inconsistent with the customer / supplier’s past known business, the customer / supplier’s knowledge or experience, the unusual nature of the transaction as distinguished from other customer / supplier’s methods of operation or similar usual business practices, the complex structure of the transaction as compared to similar transactions in a similar profile of the customer / supplier or the market. ODD also means that ARBONUM periodically updates customer / supplier’s information. Before crediting supplier’s crypto account ARBONUM has to check that crypto account is not involved in ML and CTF, as well as obtain the documents proving that supplier is the owner of the crypto account, including written notice from payment services provider, screenshot from personal cabinet of the supplier (showing the full name), etc.

8.3.          In the event of any employee of the  ARBONUM having any doubts about the legality, economic or legal validity of the customer / supplier’s activities or of any particular operation or transaction, its non-consistence with customer / supplier’s personal or business profile, sources of funds or financial capacity, the employee must immediately notify the  ARBONUM managemet of ARBONUM, who must then investigate further and determine decide on the necessity of reporting to the authorised body of the customer / supplier’s activity or transaction.

8.4.          When monitoring the customer / supplier’s activities, transactions and operations, particular attention must be paid to:

a)              complex or unusually large transactions and any unusual transactional structures that have no apparent economic or visible legitimate purpose, and business relationships or operations with customer / suppliers from third countries, where, in accordance with official information published by international intergovernmental organizations, measures to prevent ML/TF (money laundering and terrorist financing) are insufficient or do not meet international standards.

b)              any threat of ML/TF that may arise from the use of the services provided or the transactions carried out in order to conceal the identity of the customer / supplier or the beneficial owner, as well as in respect of any business relationship or transaction with the customer / supplier who has not been identified through direct presence and, where necessary, immediate measures are taken to prevent the use of money for ML/TF.

c)              whether the customer / supplier or a beneficial owner is included in the consolidated list of the United Nations of persons, groups and entities and bodies subject to EU financial sanctions.

d)              whether the customer / supplier or the beneficial owner has no links with countries that are classified in the category of higher risk countries: they are subject to European Union sanctions or other restrictive measures.

8.5.          ARBONUM has ongoing control over its operations for possible violations of international sanctions. ARBONUM implements this obligation through a third party monitoring tool.

8.6.          The results and conclusions of unusual customer / supplier activities, transactions and operations investigations must be recorded in writing.

8.7.          In case ARBONUM has established business relationship with the customer / supplier, determined as a high risk customer / supplier, ARBONUM applies enhanced ongoing customer / suppliers due diligence (EODD). In addition to the measures applied for ODD, ARBONUM shall monitor and analyse the following actions of high-risk customer / supplier:

a)              Transaction types (e. g. series of high-value transactions in a short period of time, instant withdraw of deposits with no transaction activity);

b)              Transaction patterns (e. g. frequent transfers of large amounts of within a set period of time, to the same account from more than one person);

c)              Anonymity (e. g. multiple cryptocurrency wallets controlled from the same IP address; IP associated with suspicious sources);

d)              Senders and recipients (e. g. elderly or financially vulnerable customer / suppliers engaging in high-volume transactions);

e)              Source of funds (e. g. transactions involving cryptocurrency accounts with known links to illegal activities, such as fraud, extortion, etc.).

8.8.          If the Responsible employee becomes aware or otherwise suspects that a transaction, operation, or customer / supplier activity is suspicious, or for any other reason listed in this Guideline would be reported to authorised body, he/she will promptly record it, re-examine, carry out further examination of the information available in order to assess whether there is a basis for providing such information to the authorised body and, where available, submit the information in the format, procedures and timelines set by the authorised body.

8.9.          All employees of  ARBONUM, without exception, must be prohibited from informing the customer / supplier or any other person that information about the customer / supplier’s operations or transactions, or any other information, has been provided to the authorised body or other supervisory authority.

8.10.       The  ARBONUM or its employees are not liable to the customer / supplier for failure to perform their contractual obligations or for damage if this occurs as a result of suspending an operation or transaction and reporting the allegations to the authorised body or because of failure by the customer / supplier to provide data to confirm his identity, or providing incomplete or incorrect information, or if customer / supplier or his representative avoids providing the information necessary to identify him/her.

8.11.       No liability must be imposed on  ARBONUM’s director or other employees who, in good faith, report information on suspected ML/TF or suspicious operations or transactions to the authorised body. Likewise, they may not be subject to any disciplinary action by  ARBONUM.

8.12.       ARBONUM must notify the authorised body immediately, no later than within 1 (one) business day after the occurrence of such information or suspicion, if the  ARBONUM is aware or suspects that assets of any value are directly or indirectly derived from a criminal offence or by participating in a criminal offence.

8.13.       Where it is determined that the customer / supplier carries out a suspicious operation or transaction, regardless of the amount of the operation or transaction, it is mandatory to suspend the operation or transaction (unless due to the nature of the operation or transaction, the manner in which it is performed or other circumstances it is objectively impossible) and no later than 3 business hours from the time of the transaction or the suspension of the monetary operation to report this operation or transaction to the authorised governmental body. If, due to the nature of the operation or transaction, the manner in which they are performed, or other circumstances, the operation or transaction has not been suspended, the authorised governmental body must be notified no later than 3 business hours after such operation or transaction is identified. Immediate reporting is also required when the ARBONUM employees receive information that the customer / supplier intends or will attempt to execute a suspicious operation or transaction.

8.14.       ARBONUM is required to unilaterally suspend a suspicious operation / transaction and upon receipt of a written order from the authorised governmental body must suspend any suspicious operation or transaction performed by the customer / supplier for a period of up to 10 business days from the time or circumstances specified in the order. During this period, ARBONUM’s suspended transaction / operation may be renewed only with the permission of the authorised governmental body.

8.15.       If the Company is not obligated to execute the temporary restriction of the ownership rights within 10 business days after the notification or authorised governmental body order has been received, the operation or transaction shall be resumed.

9.     SIMPLIFIED APPLICATION OF DUE DILIGENCE MEASURES

9.1.         The employee of ARBONUM may apply simplified due diligence measures listed in the Guideline in the event of a low risk of money laundering and terrorist financing, if the risk profile of the customer / supplier is low, and if the risk assessment prepared by ARBONUM identifies that, under such circumstances, the risk of money laundering or terrorist financing is lower than usual.

9.2.         Before the application of simplified due diligence measures to the customer / supplier, the employee of ARBONUM establishes that the business relationship, transaction or act is of a lower risk, and a lower risk level than usual may be attributed to such transaction, act or customer / supplier.  First and foremost, the employee of ARBONUM before applying simplified due diligence measures, shall assess the likelihood of emergence of circumstances referring to a lower level of risk and implement them as separate grounds (i.e. the existence of every single circumstance allows to implement simplified due diligence measures in relation to the customer / supplier).

9.3.         ARBONUM shall apply simplified due diligence measures only within the scope which guarantees sufficient monitoring of transactions and business relationships, so that it would be possible to identify unusual transactions and to notify about suspicious transactions.

9.4.         In the event of application of simplified due diligence measures the identity of a customer / supplier or the customer / supplier’s representative may be verified on the basis of information obtained from a credible and independent source also at the time of establishment of the business relationship, provided that it is necessary for not disturbing the ordinary course of business.

10.  ENHANCED APPLICATION OF DUE DILIGENCE MEASURES

10.1        ARBONUM applies enhanced due diligence measures in order to adequately manage and mitigate a higher-than-usual risk of money laundering and terrorist financing.

10.2        Enhanced due diligence measures are applied always when:

10.2.1.  upon identification of a person or verification of submitted information by a customer / supplier, there are doubts as to the truthfulness of the submitted data, authenticity of the documents or identification of the beneficial owner(s);

10.2.2.  a participant in the transaction is from a high-risk third country, his or her place of residence or seat or the seat of the payment service provider of the payee is in a high-risk third country;

10.2.3.  a participant in the transaction is from such country or territory or their place of residence or seat or the seat of the payment service provider of the payee is in a country or territory that, according to credible sources such as mutual evaluations, reports or published follow-up reports, has not established effective money laundering and terrorist financing systems.

10.3.       At least one of the following additional measures shall be applied as an enhanced due diligence measure:

10.3.1.  the establishment of identity and the check-up of submitted data on the basis of additional documents, data and information, which originate from reliable and independent sources, including web-sites, CVs, LinkedIn accounts, etc.;

10.3.2.  the application of additional measures in order to assure oneself of the authenticity of the documents that have been submitted and the data included in them, among others, to demand for their notarial or official certification or the verification of the data by the credit institution specified in the first clause, which has issued the document;

10.3.3.  gathering additional information on the purpose and nature of the business relationship or transaction and verifying the submitted information based on additional documents, data or information that originates from a reliable and independent source;

10.3.4.  gathering additional information and documents regarding the actual execution of transactions made in the business relationship in order to rule out the extensibility of the transactions, including billings, parts of course code and other works, samples of business communication;

10.3.5.  establishment of business partnership or making a transaction at the permit of the management of ARBONUM.

10.3.6.  Upon application of enhanced due diligence measures, ARBONUM must apply the monitoring of a business relationship more frequently than usual, including reassessing the customer / supplier’s risk profile not later than six months after the establishment of the business relationship.

11.         ADDITIONAL DUE DILIGENCE MEASURES

11.1.       Where ARBONUM comes in contact with: a) a high-risk third country via a transaction executed within the frames of its economic or professional activities or via the customer / supplier; b) with the customer / supplier whose turnup of transaction exceeds 100 000 euro per month, it applies the following due diligence measures:

11.1.1.  gathering additional information about the beneficial owner of a customer / supplier;

11.1.2.  gathering additional information on the planned substance of the business relationship;

11.1.3.  gathering information on the underlying reasons of planned or executed transactions;

11.1.4.  receiving permission from the management of ARBONUM to establish or continue business relationship;

11.1.5.  improving the monitoring of business relationships by increasing the number and frequency of the applied control measures and by choosing transaction indicators that are additionally verified.

12.     ESTABLISHING BUSINESS PARTNERSHIP WITH A POLITICALLY EXPOSED PERSON

12.1.       With regard to politically exposed persons, the following due diligence measures are additionally applied:

12.1.1.  Obtaining the required additional information from a customer / supplier in order to ascertain the source if his or her wealth and the origin of the funds that are used within the frames of business partnership or a transaction;

12.1.2.  verification of data or submitting enquiries to the databases of state institutions of a relevant country as well as searching for and verifying the data that can be obtained online;

12.1.3.  submitting enquiries and verifying the data on relevant web-pages of supervision institutions and other official bodies in the home country of a customer / supplier or a person.

12.2.       The    ARBONUM makes a decision as to whether or not to establish a business partnership with a politically exposed person.

12.3.       The employee verifying the data shall notify the management of ARBONUM if a customer / supplier or a beneficial owner is or might become a politically exposed person in the future.

12.4.       Regular enhanced check-ups are implemented with regard to business partnerships with politically exposed persons. Regular enhanced check-ups shall also be implemented after a politically exposed person has ceased acting as a politically exposed person if a higher level of risk still accompanies that person, proceeding from the risk-based approach.

12.5.       Where a politically exposed person no longer performs important public functions placed upon him or her, it is necessary within at least within 12 months to take into account the risks that remain related to the person and apply relevant and risk sensitivity-based measures as long as it is certain that the risks characteristic of politically exposed persons no longer exist in the case of the person.

13.     NATURE AND PURPOSE OF BUSINESS RELATIONSHIP, MONITORING OF BUSINESS RELATIONSHIP

13.1.       The responsible employee shall ascertain the purpose and nature of business relationship and a transaction, based on the following data:

13.1.1.  statements provided by a customer / supplier upon the establishment of business relationship or making a transaction;

13.1.2.  the data obtained from the area and profile of activities of a customer / supplier.

14.     APPLICATION OF THE "KNOW YOUR CUSTOMER / SUPPLIER" (KYC) PRINCIPLE

14.1.       "Know your customer / supplier" principle:

14.1.1.  The "Know your customer / supplier" principle means gathering relevant information and data about a customer / supplier, including, in addition to customer / supplier identification, also identifying profile of activities of a customer / supplier, the purpose of his or her activities, the beneficial owner and, if required, also the sources used within the transaction and their origin, which will enable  ARBONUM  to assess whether or not the transactions made by a customer / supplier conform to his or her main field of activities and/or payment practices and to decide whether or not the transaction is usual or suspicious or unusual.

14.1.2.  The employee of ARBONUM shall select a suitable scope of the implementation of the "Know your customer / supplier" principle in accordance with a risk level attributed to specific business relationship or a transaction, based on a risk-based approach.

14.2.       In order to ascertain in a fast and efficient manner whether or not (i) a customer / supplier is a politically exposed person, whose place of residence or seat is in a high-risk third country, (iii) a person, with regard to whose activities there is a prior suspicion that he or she might be related to money laundering and terrorist financing, (iv) a person, with regard to whom international sanctions apply, or (v) a person, with whom a transaction is executed by means of communication, the responsible employee shall use relevant web-pages and databases. A member of the management of ARBONUM that is in charge of the prevention of money laundering and terrorist financing shall provide the availability of relevant databases and their use (including the provision of access and relevant training).

14.3.       In order to implement the "Know your customer / supplier" principle, the responsible employee must:

14.3.1.  implement measures in order to ascertain the field of activity and profile of activities of a customer / supplier, including asking for information from a customer / supplier upon the establishment of business partnership or making a transaction;

14.3.2.  making check-ups in public databases and registries;

14.3.3.  monitoring, analysing, and distinguishing the transactions executed by a customer / supplier in  ARBONUM;

14.3.4.  if the responsible employee has a suspicion of money laundering or terrorist financing related to the transaction with a low level of risk, he or she should apply enhanced due diligence measures.

14.4.       The monitoring of a business relationship must include at least the following:

14.4.1.  checking of transactions made within a business relationship in order ensure that the transactions are in concert with ARBONUM’s knowledge of a customer / supplier, its activities and risk profile;

14.4.2.  regular updating of relevant documents, data or information gathered in the course of application of due diligence measures;

14.4.3.  paying more attention to transactions made in the business relationship, the activities of a customer / supplier and circumstances that refer to criminal activity, money laundering or terrorist financing or that are likely to be linked with money laundering or terrorist financing, including to complex, high-value and unusual transactions and transaction patterns that do not have a reasonable or visible economic or lawful purpose or that are not characteristic of the given business specifics, including ascertaining the nature, reason, and background of such transactions, and also gathering other data in order to understand the nature of transactions;

14.4.4.  paying more attention to business relationship or transaction whereby a representative of a customer / supplier or a beneficial owner is from a high-risk third country, or whereby a customer / supplier is a citizen of such country, or whereby the customer / supplier’s place of residence or seat or the seat of the payment service provider of the payee is in such country or territory.

14.5.       When monitoring business relationships, employees must:

14.5.1.  monitor and remember the characteristics of suspicious transactions listed in the Guideline;

14.5.2.  check the transactions made by a customer / supplier with the frequency that conforms to the risk level attributed to a customer / supplier, remembering about the fact that with regard to customer / suppliers with a low level of risk, check-ups should be carried out at least one time in three years, while with regard to customer / suppliers with a high level of risk, check-ups should be performed annually;

14.5.3.  notify the compliance officer about every single transaction that is suspected of money laundering or terrorist financing;

14.5.4.  where necessary, change the risk level of a customer / supplier.

15.     REFUSING FROM EXECUTING A TRANSACTION AND TERMINATION OF BUSINESS RELATIONSHIP

15.1.       It is prohibited to establish a business relationship or allow for making or closing an occasional transaction or a transaction within business partnership if at least one of the following circumstances exists:

●               it is not possible to apply required due diligence measures;

●               there is a suspicion of money laundering and terrorist financing;

●               there is a suspicion that a person is a subject of an international sanction.

15.2.       ARBONUM does not establish business relationship (it is forbidden to establish business relationship and execute transactions) if a person participating in a transaction or in a professional act or a customer / supplier, in spite of a respective request, does not submit documents and relevant information required for the purpose of applying due diligence measures, or where, based on the submitted documents, the employee comes to suspect money laundering or terrorist financing.

15.3.       In the event of refusal from making a transaction or establishing business partnership as well as in the event of extraordinary withdrawal from the long-term contract serving as the basis for the business relationship, the responsible employee has to register and preserve an explanation concerning detailed circumstances underlying the refusal or withdrawal as well as any other information serving as the basis for the duty to report in accordance with the procedure for gathering and retaining data listed in the present Guideline.

16.     SUBJECTS OF INTERNATIONAL SANCTIONS

16.1.       A subject of an international sanction is a natural or legal person, an institution or any other entity which is directly specified in the act on the imposition or implementation of international sanctions and with regard to whom the measures prescribed therein are taken.

16.2.       A person responsible for the implementation of an international financial sanction is a compliance officer assigned by the managemet of ARBONUM.

16.3.       Upon entry into force of an act on the imposition or implementation of international financial sanctions employees shall take measures to fulfil the obligations arising therefrom and shall demonstrate due diligence to ensure the achieving of the objective of the international financial sanction and shall avoid breach of a sanction.

16.4.       The responsible employee shall draw special attention to the person who is in business relationship with ARBONUM or is making a transaction or carrying out a proceeding with him or her, as well as to the activities of the person intending to establish business relationship, make a transaction or carry out a proceeding with him or her and to the facts which refer to the possibility that the person is a subject of international financial sanction.

16.5.       If the responsible employee has doubts or knows that a person, who is in business relationship with ARBONUM  or is making a transaction or carrying out a proceeding with him or her, as well as a person intending to establish business relationship, make a transaction or carry out a proceeding with him or her, is a subject of international financial sanction, shall immediately notify Director of the doubt thereof and of the measures taken.

16.6.       If a person who is in business relationship with  ARBONUM  or is making transactions or is carrying out a proceeding, as well as a person who intends to establish business relationship, make a transaction or carry out a proceeding, refuses to provide additional information or it is impossible to identify by means thereof if the person is a subject of international financial sanction, a responsible person shall refuse to make a transaction or carry out a proceeding and shall notify the compliance officer immediately, who shall take measures provided for in the act on the imposition or implementation of international financial sanction.

16.7.       Upon entry into force of an act on the imposition or implementation of international financial sanction, the amendment, repeal or expiry thereof, the compliance officer or a person authorized by the compliance officer shall immediately check whether a person with whom  ARBONUM is in business relationship or is making a transaction or carrying out a proceeding, as well as a person intending to establish business relationship, make a transaction or carry out a proceeding is a subject of international financial sanction with regard to whom the financial sanction is imposed, amended or terminated.

16.8.       The responsible employee shall pay attention to the factors distorting personal data. The following errors or differences that may occur upon translating, handling, or processing of personal data and names are the factors distorting personal data:

16.8.1.  transcription of foreign names, including differences arising in the course of latinization of Russian and Scandinavian names;

16.8.2.  different order of words in personal or company names consisting of several words, e.g. AS TOOMAS RAMM or RAMM TOOMAS;

16.8.3.  replacing letters with diacritical marks (points or letters with diacritical markings denoting stressed vowels) with other letters or leaving them out (partially);

●               replacing double letters with single ones (and the other way round), e.g. METALL or METAL;

●               replacing letters F, Š, Z, Ž, C ... with other letters or letter combinations, e.g. FARMA or PHAR-MA, CRISTAL or KRISTAL;

16.8.4.  replacing foreign letters W, Q, X, Y ... with other letters, e.g. WOX QYIT or VOKS KÜIT.

16.8.5.  replacing double letters and foreign letters with other letters or leaving them out (partially);

16.8.6.  using abbreviations;

16.8.7.  writing numbers in the text properly, e.g. 2 FAST 4 YOU or TWO FAST FOUR/FOR/ YOU;

16.8.8.  using/not using subordinate compounds and prepositions (letters, conjunctions);

16.8.9.  other factors:

●               faults arising from human error;

●               replacing hard consonants with soft consonants and the other way round, e.g. AS GAASI KÜTE or AS KAASI GÜTE;

●               inclusion of a name or its part into another name or its part.

16.9.       The compliance officer assigned by the managemet of ARBONUM shall gather and preserve the following information for five years:

16.9.1.  time of check-up;

16.9.2.  name of a person that has done check-up;

16.9.3.  results of check-up;

16.9.4.  measures taken.

17.     OUTSOURCING ACTIVITIES

17.1.       ARBONUM may outsource an activity related to identification to a third party who applies due diligence measures and data retention requirements.

17.2.       ARBONUM shall not outsource relevant activities to a person that has been founded in a high-risk third country.

17.3.       Relevant activities may only be outsourced to third parties that hold required knowledge and skills or have prerequisites for their acquisition, and that are capable of fulfilling the obligations provided the Guideline. Upon outsourcing of relevant activities, ARBONUM shall notify a third party about all laws, other legal acts issued on the basis of such laws and reserve the right to check the compliance with those requirements.  ARBONUM reserves the right to withdraw from the contract entered into with a third party if there are shortcomings in the way the third party is performing its duties.

17.4.       Whenever the need arises, ARBONUM shall offer relevant training in the field of money laundering and terrorist prevention to a third party (and its employees), that will be held by the responsible employee or another expert in the field assigned by ARBONUM may enable a third party (and its employees) to take part in the training arranged by ARBONUM for its own employees if the parties agree accordingly. If the need for training a third party in the field of money laundering and terrorist prevention is minor, ARBONUM must explain to a third party at least the requirements listed in the Guideline and notify the third party about amendments made in the Guideline, global best practices, or legal acts.

17.5.       Upon the assessment of both the suitability of a third party and his or her need for training, the parties shall proceed from his or her usual professional and economic activities and the main job duties of the third party and his or her employees as well as their education and other circumstances that may refer to insufficient knowledge or capacity for dealing with the activities to be outsourced.

17.6.       ARBONUM may outsource relevant activities only in the manner that does not affect its own interests or the interests of its customer / suppliers, its own activities or the performance of its obligations listed in the present Guideline and does not interfere with state supervision exercised over it. Hereby upon outsourcing its duties ARBONUM shall proceed from the following conditions:

17.6.1.  the heads of ARBONUM must not delegate their liabilities upon outsourcing;

17.6.2.  outsourcing must not damage the interests of the customer / suppliers of ARBONUM or the relations with the customer / suppliers, and the commitments of ARBONUM to the customer / suppliers must not change due to outsourcing;

17.6.3.  outsourcing must not contradict the conditions that ARBONUM must conform to in order to receive an authorisation and remain in compliance with it;

17.6.4.  outsourcing must not annul or change any other conditions, on the basis of which ARBONUM was granted authorisation.

17.7.       In order to outsource relevant activities, ARBONUM shall enter into a written contract with a third party, which shall provide:

17.7.1.  that outsourcing shall not hinder the activities of ARBONUM or the performance of obligations listed in the present Guideline;

17.7.2.  that a third party shall perform all of the obligations of ARBONUM related to outsourcing;

17.7.3.  that outsourcing shall not interfere with supervision exercised over ARBONUM;

17.7.4.  the existence of required knowledge and skills at the person’s carrying out relevant activities and his or her capacity to conform to the requirements listed in the Guideline;

17.7.5.  ARBONUM has the right to check on the compliance with requirements listed in the Guideline without any limitations;

17.7.6.  documents and data gathered for the purpose of compliance with the requirements arising from Guideline are preserved and, at the request of ARBONUM, copies of documents relating to the identification of a customer / supplier and its beneficial owner or copies of other relevant documents are handed over or submitted to the competent authority immediately.

17.8.       Upon identification, a third person shall notify the compliance officer immediately about a suspicion of money laundering and terrorist financing.

17.9.       While performing the obligations delegated to him or her, a third person must apply due diligence measures listed in the Guideline and comply with the requirements pertaining to gathering data and preserving it that are applied by the responsible employee of ARBONUM.

17.10.    A third person whose activities have been outsourced shall apply the present Guideline on the same grounds as the responsible employee. A third person (or his or her employee) shall confirm the familiarisation with the Guideline by signing the document.

18.     PROCEDURE FOR GATHERING DATA AND ITS PRESERVATION

18.1.       Preservation of the used data:

18.1.1.  The responsible employee shall preserve the data and documents used for the purpose of customer / supplier identification in such a manner that it would allow their reproduction in writing at least in the following scope:

●               first name and surname of a person;

●               personal identification number, date and place of birth;

●               address of the place of residence (actual place of residence of a person, postbox number is not acceptable);

●               citizenship;

●               activity profile, professional field of activity;

●               means of communication (phone number and e-mail address);

●               whether or not a person is politically exposed or is a close associate of a politically exposed person;

●               information about all proceedings that have been carried out in order to identify a beneficial owner of a person participating in the transaction on behalf of a customer / supplier;

●               name and number of the document used for the purpose of identification and verification, the date of its issue and name of the institution that has issued it.

●               copy of the document used for identification;

●               the manner, date and place of submission or updating of data or documents;

●               information about establishing business relationship or the circumstances pertaining to refusing from making a transaction or terminating business relationship;

●               the circumstances of refusing from making a transaction or establishing business partnership at the initiative of a customer / supplier if the refusal has been related to the application of due diligence measures;

●               the name and position of the employee that has carried out identification, checked or updated data.

18.1.2.  The name and position of the employee that has updated data must be retained.

18.2.       ARBONUM shall register and preserve the following data:

18.2.1.  information about the circumstances of refusal from establishment of business partnership or making an occasional transaction;

18.2.2.  information about the circumstances of refusal from business relationship with a customer / supplier or from making a transaction if such a refusal has been related to the application of due diligence measures on the part of ARBONUM;

18.2.3.  the entire scope of information if it not possible to apply due diligence measures with the help of information technology means;

18.2.4.  on the circumstances of termination of a business relationship in connection with the impossibility of application of the due diligence measures;

18.2.5.  information serving as the basis for the duty to report;

18.2.6.  the entire correspondence and all the data and documents gathered in the course of monitoring the business relationship as well as data on suspicious or unusual transactions.

18.3.       Method of preservation of data and terms of preservation

18.3.1.  The data shall be preserved in a manner in that allows for exhaustively and in accordance with legislation, those of other supervisory authorities, investigative bodies or courts, inter alia, regarding whether ARBONUM has or has had in the preceding five years a business relationship with the given person and what is or was the nature of the relationship.

18.3.2.  Data about business partnerships (including the correspondence related to the application of due diligence measures and all the documents gathered in the course of monitoring the business relationship as well as data on suspicious activity) shall be preserved for five years after the termination of the business relationship.

18.3.3.  Data about a transaction shall be preserved for five years after the transaction has been made.

18.3.4.  ARBONUM shall guarantee the deletion of gathered data after the expiry of the term of its preservation, except for the cases when a longer term of preservation arises from legislation, another legal act, or a precept.

18.4.       Protection of personal data

18.4.1.  The data gathered upon the establishment of business partnership and within its duration shall be only used for the purpose of money laundering and terrorist financing prevention as well as for the purpose of performance of obligations listed in the Guideline, and that data must not be used in any other ways or for any other purposes not specified in the present procedure, except for the cases when a customer / supplier has given his or her consent to the usage of data for other purposes.

18.4.2.  Before establishing a business partnership, the information pertaining to the processing of personal data shall be sent to a potential customer / supplier by ARBONUM. The scope of such information also includes general information about the obligations of ARBONUM upon the processing of personal data for the purpose of money laundering and terrorist financing prevention.

18.4.3.  ARBONUM, upon the implementation of the requirements arising from the present procedure, shall apply all of the rules of personal data protection.

19.     PROCEDURE FOR PERFORMING THE DUTY TO REPORT

19.1.       In a situation where, within the frames of relations with a customer / supplier, unusual circumstances arise or the circumstances, with regard to which the employee of ARBONUM comes to a suspicion of money laundering or terrorist financing, the compliance officer assigned by the    ARBONUM should be notified about it immediately.

19.2.       The main conditions that parties should proceed from when analysing suspicious and unusual transactions are the following:

19.2.1.  Is there a suspicious circumstance pertaining to a proceeding, a transaction, or some other situation?

19.2.2.  Has ARBONUM made sure that it knows a customer / supplier to a required extent, or should additional data be gathered about the customer / supplier?

19.2.3.  When identifying a customer / supplier or his or her representative while making a transaction or carrying out a proceeding, ARBONUM must make sure that they have completed the relevant procedure accordingly. Was any information or data insufficient?

19.2.4.  Did ARBONUM have to ask for additional data or demand that a customer / supplier would provide rectification in any other way?

19.2.5.  To find out whether or not there have been recurrent manifestations of suspicious proceedings and transactions.

19.3.       By collecting the data, the process of gathering of the information about suspicious or unusual transactions from the employees, agents (if there are any), and contractual partners of ARBONUM as well as systematisation and analysis of the accumulated scope of information is meant.

19.4.       The main circumstances that parties should pay attention to while analysing suspicious and unusual transaction are the following:

19.4.1.  what is a suspicious circumstance pertaining to a proceeding, a transaction, or some other situation?

19.4.2.  has the employee of ARBONUM made sure that he or she knows a customer / supplier to a required extent, or should additional data be gathered about the customer / supplier?

19.4.3.  when identifying a customer / supplier or his or her representative, the responsible employee must make sure that they have completed the relevant procedure accordingly. The responsible employee must find out whether or not the whole scope of the information has been provided, and whether or not additional information has been requested or obtained in any other manner;

19.4.4.  the responsible employees must find out whether or not there have been recurrent manifestations of suspicious proceedings.

19.5.       The    ARBONUM shall within 3 years after closing the customer / supplier’s business relationship  retain in a form that can be reproduced in writing all of the notices about suspicious or unusual transactions received from its employees, and also the information collected for the purpose of analysing those notices as well as other related documents, together with the data concerning the time when each notice was forwarded and the name of the employee that has forwarded it.