Crypshark is owned and managed by Fincity Crypshark s.r.o.
Information about Fincity Crypshark s.r.o.
Date of incorporation: 21.05.2020
Registration number: 52349594
VAT identification number SK2121038535
Legal address: Miletičova 21, 821 09 Bratislava, Slovakia
Contact: office@fincity.sk
Crypshark

Own Activity Program for Prevention of Legalization of Proceeds from Criminal Activity and Protection against Terrorist Financing
(the “Program”)

Preamble

The purpose of this Own Activity Program for Prevention of Legalization of Proceeds from Criminal Activity and Protection against Terrorist Financing (the “Program”) is synchronization of internal activities with obligations imposed by Act No. 297/2008 Coll. on the Prevention of Legalization of Proceeds from Criminal Activity,  IRECTIVE (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU and Methodological Guideline of the Financial Market Supervision Unit of Národná banka Slovenska No 3/2019 of 29 April 2019 on the prevention of money laundering and terrorist financing at banks and branches of foreign banks.
(the “Act”).

1. This Program is intended for persons who are responsible (the “Mandated Person”) within the Company for identification of new and existing Customers and monitoring of their activities.
2. The Manager of the company, or an Authorized Person and his/her deputy are responsible for compliance with and updates to the Program.
3. This Program covers:
a) the manner in which customer due diligence is implemented;
b) overview of forms of unusual business transactions according to the subject matter of operations of the obliged person;
c) method of risk assessment and management under Article 20a of the Act;
assessment procedure as to whether the transaction being prepared or executed is unusual;
d) procedure following the discovery of an unusual business transaction to its immediate reporting to the Financial Intelligence Unit, including procedure and responsibilities of employees who assess such unusual business transaction;
e) procedure for postponing an unusual business transaction under Article 16 of the Act;
f) procedure for keeping data under Article 19 of the Act;
g) appointment of a person and his/her deputy responsible for protection against legalization and providing reporting of unusual business transactions and ongoing contact with the Financial Intelligence Unit;
h) the manner of protection for an employee who detects unusual business transactions;
i) content and schedule of special training for employees who may encounter an unusual business transaction in the course of the performance of their work;
the manner in which control of compliance with this Program is carried out and responsibilities arising out of this Act for an obliged person;
j) list of risky and unsupported activities, persons and entities, and countries

Article I
Definition of Basic Terms

Under the current legislation valid and effective in the territory of the Slovak Republic the following definitions apply:

1. Dirty money refers to money from crime, respectively any assets obtained through crime (profits, proceeds, proceeds from crime, assets of a non-financial nature valued in money, such as intellectual property, etc.). The process of transforming these illegal financial and non-financial resources into legal resources (creating the impression of a legal acquisition of assets) is called “money laundering”.

2. Legalization, or “money laundering” is understood to be a deliberate act consisting in:
a) conversion of nature of property or transfer of property, knowing that the property originates from criminal activity or involvement in criminal activity, with the aim of concealing or disguising the illicit origin of the property or with the aim to assist a person involved in the commission of such criminal activity to avoid the legal consequences of his/her conduct;
b) concealment or disguising of the origin or nature of property, the location or movement of property, the ownership or another title to the property, knowing that the property originates from criminal activity or involvement in criminal activity;
c) acquisition, possession, use and handling of property, knowing that the property originates from criminal activity or involvement in criminal activity,
d) involvement in an action under letters a) through c), even in the form of association, assistance, instigation and incitement, as well as in attempting such action;
e) i.e. act whose aim is to conceal the existence of property originating from criminal activity or to conceal its illicit origin and its further use as if the origin of such property was legitimate. It is irrelevant whether such property generating activity was carried out in the territory of the Slovak Republic or in the territory of any other country.
3. Terrorist financing is understood to be the provision or collection of funds with the intention to use them or knowing that they are to be used, in whole or in part, to commit:
a) the criminal offence of establishing, contriving or supporting a terrorist group or the criminal offence of terrorism,
or
b) the criminal offence of theft, the criminal offence of extortion or the criminal offence of counterfeiting or altering a public document, official stamp, official seal, official sign and official mark, or instigating, aiding or inciting a person to commit such criminal offence or to attempt it with the aim to commit a criminal offence of establishing, contriving and supporting a terrorist group or the criminal offence of terrorism;
c) financing of everyday needs of a person where it is reasonable to assume that such person intends to commit or has committed the criminal offence of terrorism and some other forms of participation in terrorism;
d) criminal offences under international agreements that were ratified and published in a manner consistent with law and by which the Slovak Republic is bound.
Terrorist financing is prohibited.
For Crypshark as an obliged entity, as well as its employees, directors, and chief clerks, it is important to know that with respect to legalization and financing of terrorism the reporting duty of Crypshark under the Act occurs at the moment when a transaction “indicates” that its execution may lead to legalization or to terrorist financing, i.e. it is not required to have knowledge of actual legalization or terrorist financing.
4. Politically Exposed Person:
1. a natural person who is or was entrusted with a prominent public function and does not have permanent residence in the Slovak Republic during performance of his/her prominent public function and for the period of one year after termination of such performance, namely a head of state, prime minister, deputy prime minister, minister, head of a government agency, state secretary or a similar deputy of a minister, member of Parliament, judge of the Supreme Court, judge of the Constitutional Court or other high-level judicial bodies the decisions of which are not subject to further appeal except for special cases, member of the court of auditors or of the central bank board, ambassador, chargé d ́affaires, high-ranking military officer, member of an executive body, supervisory body or auditing body of a state enterprise or a state-owned company, or a person holding a similar post in the institutions of the European Union or international organizations, or a member of a statutory body of a political party, or a political party;
2. a natural person who is:
a) the spouse or a person having a status equivalent to the spouse of a person referred to in paragraph 1) above;
b) a child, son-in-law or daughter-in-law of a person referred to in paragraph 1) above or a person having a status similar to such son-in-law or daughter-in-law referred to in paragraph 1) above, or
c) a parent of a person referred to in paragraph 1) above;
3. a natural person known to be the beneficial owner of
a) the same customer or to be in control of the same customer as a person referred to in paragraph 1) above or operates a business together with a person referred to in paragraph 1) above, or
b) a customer established for the benefit of a person referred to in paragraph 1) above.
5. Beneficial Owner – every natural person who ultimately operates or controls a legal person, natural person or an entrepreneur or corporation, and every natural person for the benefit of whom these entities operate, or a natural person who especially:
1. in case of a legal person who is not part of the corporation or an issuer of securities admitted to trading on a regulated market who is subject to disclosure requirements under a special regulation, an equivalent to a legal regulation of a Member State or an equivalent to international regulations, a natural person who:
a) has a direct or indirect interest or sum thereof of at least 25% in the voting rights in a customer who is a legal entity – entrepreneur, or its capital including bearer shares,
b) is entitled to appoint, otherwise constitute or dismiss a statutory body or another executive body, supervisory body, or auditing body of a customer who is a legal person – entrepreneur,
c) in a manner other than those referred to in letters a and b controls a customer who is a legal person – entrepreneur,
d) is entitled to at least 25% of the profit from the operations of a legal person or its other activities.
e) If no natural person meets the criteria referred to in paragraph 1) then the Beneficial Owner for this person is considered to be the members of its top management where a member of the top management is considered to be a statutory body, member of a statutory body, clerk and senior manager holding a post of the direct manager of the statutory body.
2. in case of a natural person – entrepreneur, a natural person who has the right to the profit of at least 25% from the operations of the natural person – entrepreneur or other activities of such person.
3. in the case of a corporation, a natural person who:
a) is the founder or establisher of the corporation; if the founder or establisher is a legal person, a natural person under paragraph 1);
b) has the right to appoint, otherwise constitute or dismiss a statutory body, executive body, supervisory body, or auditing body of the corporation or its member, or is a member of a body that has the right to appoint, otherwise constitute or dismiss these bodies or its member
c) is a statutory body, executive body, supervisory body, auditing body or a member of these bodies
d) is a beneficiary of at least 25% of funds supplied by a corporation, provided the future beneficiaries of those funds have been designated, or
e) is one of those persons for whose benefit a corporation is established or operates, if the future beneficiaries of funds of the corporation have not been designated,
4. has a reasonable assumption that the customer or the Beneficial Owner is a person on whom international sanctions are imposed under a special regulation, 1a) or a person who might have a relationship to such person, or
5. where there is a reasonable assumption that its subject is or is to be an object or a service that may relate to an object or a service on which international sanctions are imposed under a special regulation.1a)
1a) Act No. 289/2016 Coll. on the Enforcement of International Sanctions and on an amendment to Act No. 566/2001 Coll. on Securities and Investment Services and on amendments to certain laws (the Securities Act) as amended.
5.  Identific1ation –  is the finding of:

a) in the case of a natural person, identification of the name, surname and birth number or date of birth, if no birth number has been assigned, address of permanent residence or other residence, nationality, identification of the type and number of the identity document; in the case of a natural person – entrepreneur, as well as finding out the address of the place of business, identification number, if assigned, designation of the official register or other official register in which this entrepreneur is registered, and the number of entry in this register or register,
b) for a legal person, identification of the name, registered office address, identification number, designation of the official register or other official register in which the legal person is registered and the number of entry in this register or register, and identification of the natural person authorized to act on behalf of the legal person. persons
c) in the case of a person represented on the basis of a power of attorney, ascertaining his data pursuant to letter a) or b) and ascertaining the data of a natural person authorized to act on behalf of this legal entity or natural person within the scope of data pursuant to letter a),
d) in the case of a minor who does not have an identity document, the name, surname and birth number or date of birth, if no birth number has been assigned, of the minor’s nationality and legal representative, or the nationality of his or her legal representative; or
e) in the case of performance by third parties pursuant to Section 13 of the Act, receipt of data and documents from a credit institution or financial institution.
6.  Verification of identification – means:
a) in the case of a natural person, verification of data according to § 7 letter a) of the Act in his identity document, if they are listed there, and verification of the form of the person with the form in his identity document in his physical presence, or using technical means and procedures, if the liable person, taking into account the circumstances of implementation and security risks of the technology used whereas such means and procedures make it possible to verify identification at a level which, in terms of the reliability of the result of the verification, is similar to verification in the physical presence; for a natural person – entrepreneur also verification of data according to § 7 letter a) of the Act on the basis of documents, data or information obtained from the official register or other official records in which the entrepreneur is registered, or from another credible and independent source,
b) in the case of a legal entity, verification of data pursuant to § 7 letter b) of the Act on the basis of documents, data or information obtained from the official register or other official records in which the legal entity is registered, or from another reliable and independent source and verification of the identification of a natural person authorized to act on behalf of the legal entity according to § 7 letter a) of the Act in its physical presence, and verification of the authorization to act on behalf of a legal entity,
c) in the case of a person who is represented on the basis of a power of attorney, verification of his / her data in the scope of data pursuant to § 7 let. c) of the Act on the basis of documents, data or information obtained from the submitted power of attorney with a certified signature, official register or other official records or from another credible and independent source and verification of identification of natural person authorized to act on the basis of power of attorney letter a) of the Act in her identity document in her physical presence,
d) in the case of a minor who does not have an identity document, verification of the type and number of the identity document and the form of the legal representative of the minor present with the form in his / her identity document,
e) verification of the identification number or code assigned to the transaction through technical equipment to the client, the liable person according to a special regulation, if the client has already been identified according to § 7 letter a) to d) of the Act,
f) proving the client with a guaranteed electronic signature, if the client has already been identified according to § 7 letter a) to d) of the Act, or
g) verification of identification by other means, if such a method allows a special regulation.
7. Assets – are any assets, regardless of their nature, in particular movables, immovable property, flats, non-residential premises, securities, receivables, intellectual property rights, including industrial property rights, as well as legal documents and deeds, which prove a legal relationship to the property or a share in it.
8. Client – means a person who:

a) is a party to a contractual relationship linked to the obligor ‘s business persons
b) takes part in proceedings for the purpose of becoming a party to the contractual relationship associated with the business activity of the liable person,
c) represents, in proceedings with the liable person, a party to the contractual relationship related to the business activity of the liable person, or
d) is entitled, on the basis of other facts, to dispose of the subject of the commitment associated with the business activity of the liable person.

9. Business relationship – means a contractual relationship between the liable person and the client, inclusive any activities related to this relationship from which at the time of contact
expects to contain an element of duration and further performances or recurring performances.

10. Trade – means the creation, change or termination of a contractual relationship between the liable person and its client and any business operation of the client or on behalf of the client or disposal of the client’s property or on behalf of the client, related to the liable person’s activities, including in their own name and on their own account.

11. A type of transaction – means a group of transactions within the activities of a liable entity, which are characterized by certain features or contractual conditions of their provision by the liable entity.

12. Criminal activity – means criminal activity committed on the territory of the Slovak Republic or outside the territory of the Slovak Republic.

13. The financial intelligence unit – is a special unit of the financial police of the Police Force.

Article II
Overview of Forms of Unusual Business Transactions

1. Unusual business transaction (the “UBT”) means a legal act or other act which indicates that its execution may enable legalization or terrorist financing. The assessment whether a transaction is a UBT lies with Crypshark. It is Crypshark’s task to determine, based on its experience and other facts, whether a transaction with regards to legal and natural persons in cooperation with whom such transaction is being prepared or executed can be classified as unusual. Crypshark does not need to know what type of criminal offence might be involved, who might have committed it, nor does it need to know any other facts relating to constituent elements of a specific criminal offence. The Crypshark’s task is to evaluate certain anomalies which due to their nature, content or exceptionality clearly fall outside the normal parameters or nature of certain transactions or certain Customer.

2. The law generally defines a UBT as each of the following transactions:
a) which with regards to its complexity, unusually high amount of funds or its other nature goes apparently beyond the common framework or nature of a certain type of transaction or a transaction of a certain Customer;
b) which with regards to its complexity, unusually high amount of funds or its other nature has no apparent economic purpose or a visible lawful purpose;
c) where the Customer refuses to identify himself/herself or to provide the information necessary for the obliged entity to perform customer due diligence under Sections 10, 11 and 12 of the Act;
d) where the Customer refuses to provide information of the upcoming transaction or tries to provide as little information as possible or provides such information that the obliged entity can verify only with great difficulty or at a great cost;
e) where the customer demands its execution based on a project which raises doubts;
f) where funds of low nominal value in a considerably high amount are used;
g) with a Customer in whose case it can be presumed that with regards to his/her occupation, position or other characteristics he/she is not or cannot be the owner of the required funds;
h) where the amount of funds that the Customer has at his/her disposal is in apparent disproportion to the nature or scope of his/her business activity or financial status declared by him/her;
i) where there is a reasonable assumption that the funds or property is to be used or was used to finance terrorism;
j) where there is a reasonable assumption that a Beneficial Owner is a person who collects or provides funds or property for the purpose of financing terrorism;
k) which is executed from a country or to a country on the territory of which terrorist organizations operate or which provides funds or other support to terrorist organizations;
l) where there is a reasonable assumption that the Customer or Beneficial Owner is a person on whom international sanctions are imposed under a special regulation, or a person who might have a relationship with a person on whom international sanctions are imposed under a special regulation; or
m) where there is a reasonable assumption that its subject matter is an object or a service that may relate to an object or a service on which international sanctions are imposed under a special regulation;
n) where there is an assumption that during the execution of transfer or use of services unreasonably high transaction costs are to be incurred which clearly exceed the value of the services required.
o) in which the client requests the use of such forms of payment system, which is not usual with acquaintances business activities of the client,
p) in the case of frequent repetition of deposits below EUR 15,000 or in the equivalent in another currency, the deposit of which resulted in a significant deposit or which were later transferred to places not normally used by the client,
q) in the case of non-cash deposits of the client and third parties and subsequent cash withdrawals of funds to the client for such purposes for which other forms of payment are usually used, such as checks, letters of credit, bills of exchange,
r) in the case of clients’ activities related to the opening of several accounts, the amount of which is manifestly disproportionate to the subject of their activity, and transfers between these accounts,
s) in the case of movements on clients’ accounts which do not correspond to the nature or scope of their business activity,
t) in the number of turnovers on the account in one day or in consecutive days, which do not correspond to the usual monetary operations of the client,
u) in the case of frequent erroneously paid payments and subsequent requests for their return to another account,
v) for large one-off payments from and to abroad for no apparent reason,
w) which is carried out by a client belonging to a country on the list of risk countries.

Article III
The method of performing care in relation to the client

1. The company is obliged to perform basic care in relation to the client in the following cases:
a) concluding a business relationship,
b) in the case of an occasional non – commercial transaction of at least 15 000. It does not matter whether the trade is executed individually or as several on top of each other subsequent transactions that are or may be connected,
c) if it is suspected that the client is preparing or carrying out an unusual business operation, regardless of to the value of the trade,
d) in case of doubt as to the veracity or completeness of previously obtained identification data on client, or
e) in the case of the payment of the balance of the cancelled deposit to the bearer.
2. Basic care means:
a) identification of the client and verification of his identification,
b) depending on the risk of legalization or terrorist financing, the identification of the end-user of the benefits and the adoption of appropriate measures to verify his identification, including measures to establish the ownership and management structure of a client who is a legal entity or an association of assets;
c) obtaining information on the purpose and intended nature of the business relationship,
d) carrying out ongoing monitoring of the business relationship, including a review of specific transactions carried out during the duration of the business relationship in order to determine whether the transactions carried out are in accordance with the obligated person’s knowledge of the client, his business profile and an overview of possible risks associated with the client, and depending on the risk of legalization or terrorist financing , data or information available to the client on the client.
3. The company is obliged in accordance with par. § 10 par. 3 of the Act to identify the client and verify his identification even when executing a transaction, resp. the sum of trades with a value of at least EUR 1,000 / month, unless it is a case under point 2 of this Article, together with the company’s obligation to ascertain whether the client is acting in its own name (carrying out the trade on its own account).
4. When performing basic care, the company ascertains whether the client is acting in its own name. If he finds that the client is not acting in his own name, he shall invite him to prove in the form of a binding written statement the name, surname, birth number or date of birth of the natural person or business name, registered office and identification number of the legal entity in which currency the business is conducted; the liable person shall proceed in the same way even if there are doubts as to whether the client is acting in his own name.
5. The company is obliged to identify the end user of the benefits always in the case of legal entities; whereas the legal form of the company must not interfere with the identification of the end-user of the benefits. Verification of the information obtained on the end-user of benefits in accordance with the Act should be carried out to an appropriate extent; e.g. by requesting a written declaration of end-user benefits and subsequently verifying such information from available sources. If the client’s risk profile allows, the company may, when exercising basic care, identify the end-user of the benefits on the basis of information from public sources, without having to contact or verify the client’s information.
6. The company is obliged to refuse a new client, terminate the existing business relationship with the client, or refuse to perform a business operation if it is not possible to perform basic care for reasons on the part of the client under point 2 (a). a) to c) of this Article.

7. Fincity Crypshark s.r.o. shall refuse to establish a business relationship, termination of a business relationship or refusal to carry out a transaction if Fincity Crypshark s.r.o. cannot apply customer due diligence:
a) identifying the customer and verifying the customer’s identification,
b) identifying the beneficial owner and taking adequate measures to verify his identification including the measures to understand the ownership and control structure of the customer that is a legal entity or trust; in identifying the beneficial owner, the obliged person must not rely exclusively on the data obtained from the register of legal entities, entrepreneurs and public authorities,
c) obtaining information on the purpose and intended nature of the transaction or business relationship,
d) the ascertainment whether the customer or beneficial owner of the customer is a politically exposed person or sanctioned person,
e) depending on the risk of money laundering or terrorist financing, the determination of the origin of funds or property used in the transaction or business relationship,
or the customer refuses to prove in whose name they act.
8. Depending on the risk of legalization or terrorist financing, the company is obliged to take measures to determine whether the client is a politically exposed person.
9. When monitoring existing clients, the company is obliged to focus on ongoing investigation and verification of whether the client has become a politically exposed person; in such a case, the consent of the manager must be required for the continuation of the business relationship, and the employee is considered to be one management level higher. If the politically exposed person is the owner, or operates in the management structure of the client – legal entity, or is the end user of the benefits in this case, it is a situation that requires the application of increased care against the client – legal entity.
10. In the cases provided for in Section 11 of the Act, it is sufficient if the company provides simplified care.
11. The company will exercise increased care in relation to the client, if the client is not physically present for identification and verification purposes, so that in addition to basic identification requires official verification of the client’s signature on relevant documents or requires the submission of a photocopy of the client’s identity card submission of other required documents and in dealing with a politically exposed person the company will exercise increased care in relation to the client to the extent: obtains the consent of the manager before concluding a business relationship with a politically exposed person and takes measures to determine the origin of assets and origin of funds.

Article IV.
Method of risk assessment and management

1. The scope of care in relation to the client is determined by the company with regard to the risk of legalization or terrorist financing.
2. The risk of legalization or terrorist financing shall be assessed by the company according to the following criteria:
a) type of client (natural person – legal person; native – foreigner; non – entrepreneur – entrepreneur, politically exposed person, etc.)
b) type of trade (purchase – sale – free transfer)
c) type of business relationship (type of contract that the company and the client will enter into)
d) other criteria (especially Article III point 1 of the Program, etc.).
3. As part of the management of risks related to protection against money laundering and terrorist financing, the company shall accept payments from clients in carrying out transactions exclusively through bank transfers or bank deposits in a Member State or in a third country guaranteeing an equivalent level of protection against money laundering and terrorist financing. In this case, the protection is doubled in the sense that the relevant financial institution also implements measures aimed at protection against legalization and terrorist financing.

Article V.
The procedure for assessing whether a transaction being prepared or executed is unusual. The process from the detection of an unusual business operation to its immediate reporting to a financial intelligence unit

1. Suspicion of an unusual business operation, the relevant employee conducting the business shall consult with one of the managers, the managing director or the person  responsible for the performance of the compliance function (designated person); consider the operation to be unusual.
2. In assessing the nature of the transaction, the employee performing the transaction, as well as the designated person to whom that employee has notified the transaction, shall base the assessment of the transaction on data obtained from the care taken against the client concerned.
3. The company shall report to the financial intelligence unit an unusual business operation or an attempt to perform it, as well as a refusal to perform the requested unusual business operation without undue delay.
4. The reporting obligation is fulfilled by submitting a report on an unusual business operation in a manner guaranteeing that the information contained therein remains confidential from an unauthorized person, namely: in person (Račianska 45, 832 23 Bratislava), in writing (Financial Intelligence Unit, Pribinova 2, 812 72 Bratislava), by telephone (if the matter cannot be postponed, with subsequent written confirmation within three days of receipt of the telephone report by the financial intelligence unit), electronically (sjfpnoo@minv.sk).
5. The reporting of unusual business operations and ongoing contact with the financial intelligence unit shall be ensured by the person responsible for the performance of the compliance function (designated person).
6. The report on an unusual transaction shall contain in particular:
a) business name, registered office and identification number of the company,

b) data obtained by identifying the persons concerned by the unusual business operation,
c) details of the unusual business operation, in particular the reason for the unusual nature, the time course of events, account numbers, details of when they were established, who owns them and who has the right to dispose of them, photocopies of the documents on which the accounts were based, identifications persons authorized to handle the accounts, photocopies of concluded contracts and other related documents. and information,
d) data on third parties who have information about an unusual business operation,
e) the name of the designated person responsible for protection against legalization and financingterrorism, which provides contact with the financial intelligence unit and telephone contact to this person.
7. The notification of an unusual transaction is without prejudice to the obligation to report the facts indicating the commission of a criminal offense.
8. For the purposes of this Article and Article XIV of the Program is also considered by the managing director of the Company, its the CEO or another person acting in the name and on behalf of the company, which is not an activity performed on the basis of a contractual relationship arising from the Labor Code.

Article VI.
Procedure for delaying an unusual business operation

1. The company shall hold an unusual business operation until the reporting of the unusual business operation to the FIU.
2. A company shall hold an unusual business operation if there is a risk that it may frustrate or make it significantly more difficult to seize the proceeds of crime or terrorist financing funds, or if the FIU so requests in writing, upon receipt of a notification from the FIU. units to carry out an unusual business operation; however, a maximum of 120 hours.
3. After the expiry of this period, Fincity Crypshark s.r.o. is obliged to delay the unusual business operation on the basis of the notification of the financial intelligence unit that it has handed over the case to the law enforcement authorities, but for a maximum of another 72 hours. Saturday and non-working days are not counted until the delay of an unusual business operation.
The  person shall be obliged to delay an unusual business operation if there is a threat that if it is carried out, it can frustrate or essentially hinder the seizure of proceeds from criminal activity or funds determined for terrorist financing; or if asked for it by the financial intelligence unit in writing, until it receives the notice from the financial intelligence unit that it has to carry out the unusual business operation, however, maximum for 120 hours; after the expiry of this time-limit, the obliged person shall be obliged to delay the unusual business operation based on the notice from the financial intelligence unit that the matter has been handed over to law enforcement authorities, however, no longer than for additional 72 hours. The period of delaying the unusual business operation shall not include Saturdays and rest days. The obliged person shall immediately inform the financial intelligence unit on the delaying of the unusual business operation.
4. The company is obliged to immediately inform the financial intelligence unit about the delay of an unusual business operation.
5. A company shall not hold an unusual business transaction if:
a) it cannot be delayed for operational or technical reasons; of this fact the liable person immediately inform the financial intelligence unit,
b) a delay as previously notified to the FIU could frustrate the processing of an unusual business operationf.

Article VII.
Data retention

1. The company shall keep for five years:
a) from the end of the contractual relationship with the client, data and documents obtained during the implementation of the basic, simplified or increased care,
b) from the execution of the transaction, all data and documents about it.
2. The company shall keep the data and documents referred to in point 1 of this Article for more than five years, if requested in writing by the financial intelligence unit, stating the period and extent of retention of data and written documents.
3. Records that need to be archived:
a) records on customer due diligence
Financial institutions shall archive data and written documents on customer due diligence they apply (basic, simplified enhanced) obtained by way of the procedure described in Articles 10 and 12 of the AML Act, on the identification and verification of customers and beneficial owners, politically exposed or sanctioned persons, and information on the purpose and planned nature of transactions. Documentation on facts about the origin of property and funds also needs to be archived when relevant to the risk of money laundering or terrorist financing.
b) records on customers’ risk rating
Documents and information related to the assignment of customers to risk groups must be archived, too. Financial institutions shall record and archive important information confirming the circumstances justifying a customer’s reassignment to a different risk group (and therefore change in the customer’s risk profile) together with other data on the customer.
c) records on financial operations
The internal regulations of a financial institution should establish the duty to record all financial operations carried out for customers in the financial institution’s accounting and reporting system. Records on financial operations that support accounting entries should be archived in a form that allows the FIU, supervisory authority, control authority and the law enforcement authorities to compile a satisfactory record and to verify each customer’s risk profile. Supporting records shall also contain the customer’s instructions related to the customer’s payments. The financial institution shall archive records on each financial operation made by the customer, including single financial operations performed for customers who do not have an account at the financial institution. The archiving period in this case is the same as for archiving identification records and documents.
d) records on internal notifications of UTs and UT reports
Financial institutions shall archive all reports on a customer’s unusual activities, namely internal notifications of UTs intended for the NO, as well as UT reports that the NO has sent to the FIU.   If, after assessing the relevant information and knowledge concerning a customer’s unusual activity, the NO decides that this does not constitute a UT and so there is no need to report the case to the FIU, the reasons for that decision must also be recorded and archived, together with the records on the relevant transaction.
e) records on staff training and education
Financial institutions shall archive records on staff training focussed on familiarisation with the AML/CFT Programme, containing the names and positions of the participating employees, the date and place of training, and its form and content.
f) Form of records
Archives must be kept of originals or photocopies of paper documents and documentation, as well as data stored in personal computers and on mechanical media in electronic form.
Copies of documents must be made in a manner ensuring that the relevant data are legible and suitable for archiving. A natural person’s image copied from their identity document must be of adequate quality, enabling easy identification and verification.
g) Place, manner and period for which records must be archived
Archiving periods are the same, regardless of the form in which the data are archived. In view of the need to provide additional data on customers and on their financial operations, particularly for the FIU, NBS and law enforcement authorities, it is important that financial institutions are able to find, without undue delay, the necessary data or records (in their archives of documents and data media). Financial institutions shall also continue to archive such information and documents on customers and their financial operations after the expiry of the statutory archiving period in cases where an investigation has been started by the competent law enforcement authorities, or a criminal prosecution has begun, for the purposes of investigation and criminal prosecution, on the basis of a written request received from the FIU pursuant to Article 19(3) of the AML Act; the scope and the additional period required must be stated in the request.
Article VIII.
Persons responsible for protection against legalization and terrorist financing

1. The person responsible for protection against legalization and terrorist financing and for ensuring the reporting of unusual business operations and ongoing contact with the financial intelligence unit (designated person) is in the company Alexander Dedishchev, e-mail: office@fincity.sk, mobile: + 43 664 755 38 531.

Article IX.
Powers and responsibilities of the company’s bodies and employees in protection against legalization
and terrorist financing

1. Managers, the managing director, the person responsible for the performance of the compliance function (designated person) and all employees of the company are obliged to prevent the legalization and financing of terrorism in their activities.
2. Managers, the managing director, the person responsible for performing the compliance function (designated person) and all employees of the company are obliged to provide the financial intelligence unit, upon request, with all necessary cooperation, assistance, information and written documents.
3. The Company shall draw up and update a Program of its own activities aimed at anti-money laundering and terrorist financing.
4. The protection against legalization and financing of terrorism and the methodology of the procedure for the prevention and detection of legalization and financing of terrorism shall be supervised by the person responsible for the performance of the compliance function (designated person).
5. The person responsible for the performance of the compliance function (designated person), in his absence, directly by the company’s executives shall ensure the practical implementation of activities, in particular the performance of routine day-to-day activities
6. In the event that the managing director, the managing director, the person responsible for the performance of the compliance function (designated person) or another employee culpably breaches his obligations in the field of protection against legalization and terrorist financing, he shall be fully liable for such breach and shall be liable for any damage. caused by this action.

Article X.
Obligation of secrecy about the reported unusual business operation

1. The company maintains confidentiality about the reported unusual business operation, about the measures performed by the financial intelligence unit, as well as confidentiality pursuant to Section 18 of the Act. This obligation applies to members of the Board of Directors, members of the Supervisory Board, the Chief Executive Officer, the person responsible for performing the compliance function (designated person), the person responsible for performing internal control, all employees, as well as legal and natural persons acting for the Company. on the basis of another contractual relationship.
2. The obligation under paragraph 1 of this Article shall not be extinguished by the termination of the employment relationship, similar employment relationship or other contractual relationship.

Article XI.
Responsibility of employees

1. The staff of the company shall be liable for infringements of the legislation on combating money laundering and terrorist financing.
2. For breach of the duty of confidentiality pursuant to Section 18 of the Act, a financial intelligence unit may impose a fine on an employee in accordance with the Act.
3. The staff member shall not be liable for damage arising from the reporting of an unusual business operation or its delay, if he has acted in good faith. In case of doubt, the employee acted in good faith when reporting or delaying an unusual business operation. The state is responsible for the damage.

Article XII.
MLRO Responsibilities

The MLRO is accountable for the following activities:
1. monitor and verify on an ongoing basis that the Company is fulfilling the requirements prescribed by these Policy and related documents and according to external laws and regulations.
2. provide the Company’s staff and members of the Management with advice and support regarding the rules relating to Money Laundering and Terrorist Financing.
3. inform and train the members of the Management and relevant persons about the rules relating to Money Laundering and Terrorist Financing.
4. investigate and register sufficient data on received internal notifications and decide whether the activity can be justified or whether it is suspicious.
5. file the relevant reports with the appropriate regulatory authorities in accordance with applicable legislation;
6. check and regularly assess whether the Company’s procedures and guidelines to prevent the use of the business for Money Laundering or Terrorist Financing are fit for purpose and effective.
7. The MLRO reports to the Management quarterly. This report must be in writing and include at least the following items:
-number of Customers under all risk classifications
-number of hits of persons in relation to the Sanctions lists and applied measures.
-number of Customers or Customers’ representatives identified as PEPs or persons with a connection to a PEP.
-number of internal notifications on suspicious activity or transactions.
-confirmation that the Company’s risk assessment for Money Laundering and Terrorist Financing is up to date.
-confirmation that the staffing in respect of AML measures is sufficient.
-all inadequacies (if any) identified by control function have been addressed.
-list of obligatory trainings which have been held for the staff in respect of AML measures
-The MLRO is responsible for the development, maintenance and updating of Fincity Crypshark s.r.o. ’s risk-based approach to AML/CTF.
-The MLRO will coordinate with other members of senior management at Fincity Crypshark s.r.o.  to manage AML risk specific to individual business areas. Furthermore, the board will count on the MLRO to keep AML/CTF on the board’s agenda so that effective, centralised.
-The MLRO shall ensure that the company has sufficient procedures and control measures in place to screen the following against international sanctions lists:
– Client’s representatives, key directors, UBOs, a payee to which the client transfers funds, a payer who is transferring funds to the client, the payment purpose of the fund transfer – in case of each payment transaction.
– If during the performance of the clientʼs identification process, or during the monitoring of the clientʼs business relationship, it is identified that the respective person (as specified above) appears to be on an international sanctions list, any fuzzy sanction match should be investigated before the client can be accepted. All reasons for sanction clearance are recorded and attached to the clientʼs file. The investigation should be undertaken by the MLRO who will record the results of the investigation against the client file.
-The MLRO of the Fincity Crypshark s.r.o.  will advise employees on a case-by-case basis what additional measures should be taken in respect of this category of client. All accounts for PEPs must be approved by the MLRO and subject to enhanced monitoring.
-The MLRO is obliged to raise an internal SAR immediately (within the shortest term possible) if they consider that there is knowledge, suspicion, or reasonable grounds for knowledge or suspicion that another person is engaged in ML/TF. Having made such a report, the director or employee concerned will have met his or her legal obligations under the regulations.
-When an account is the subject of a suspicious activity report, the MLRO will mark it as high risk. Care must be taken when speaking to a client whose account is so marked. Advice must be sought from the MLRO as soon as possible.
-MLRO shall ensure that all relevant team members (who are involved in day-to-day business activities) receive training that is appropriately comprehensive for them to fulfil their roles within the company. All sta should be trained at the point of induction and on at least an annual basis or if needed to reflect any new developments in laws and risks faced by the company in accordance with business wide risk assessment. Following the training a test should be given of the material covered.
-In cases when the client is assigned to a high-risk group according to the risk assessment, the following extra measures are decided by the MLRO and applied with respect to high-risk clients on a risk sensitive basis and they include, at the minimum:
8. obtaining additional information on the client and UBOs;
9. obtaining additional information on the business relationship;
10. identifying UBOs applying a 10 percent threshold (instead of 25 percent as provided by the Law);
11. engaging outside compliance consultants, advisors to prepare due diligence reports on selected clients.
12. assessing sources of funds and wealth of the client and its UBOs applying enhanced ongoing monitoring of the business relationship and transactions (e.g. lower value / volume limited, increased number and timing of controls applied);
13. performing annual KYC information and document updates.
14. Fincity Crypshark s.r.o.  has empowered the MLRO to act independently in the execution of their responsibilities. The MLRO may liaise directly with the NCA regarding any question on whether to proceed with transactions that have been identified as suspicious.
15. Fincity Crypshark s.r.o.  is committed to properly resourcing its compliance function and the functions of its Anti- Money Laundering programme, as led by the MLRO. Technology, manpower and absence coverage will be provided for by the board and any limitations of the ability of the MLRO to fulfil their statutory duties due to limited resources will be considered a serious breach of the board’s
16. The board of Fincity Crypshark s.r.o.  will ensure that a competent and trained deputy MLRO will be kept on staff to support the MLRO with their duties and provide coverage in the event of their absence.
17. Certain AML/CTF tasks may be delegated by the MLRO, but the ultimate managerial responsibility (and liability) resides with the MLRO.

Article XIII.

Client onboarding: risk assessment, screening procedure, customer acceptance
Onboarding procedure. Risk assessment:
A) The Company assess risks  through AML and KYC checks. For each client’s verification the Company uses the services of Idenfy and E-Compliance. The Company does not enter into any transaction with anonymous or unidentified customers. Client’s background shall be checked using AML and KYC policies
B) Client identification: the Company conducts client identification and based on its results, the Company accepts or rejects the client. The Company decides to reject the client if it is a PEP, in a sanction or black list, holds any criminal records or fails to provide necessary information and documentation. The Company may refuse to deal with the client on the grounds of its economic activities or funds originations as provided by applicable AML and KYC laws.
C) Client risk level: the Company assigns a risk level (medium-risk client or high–risk client) to each client based on the client identification, risk scoring and conducts enhanced due diligence of high risk clients.
D) No cash: the Company does not accept cash.
E) No third party accounts: the Company does not accept payments from any third party other than the relevant identified client.
F) Therefore, and as a result of the above listed AML mitigation measures and risk management procedures it can be concluded that initial high risk level of a business model is decreased to a medium risk.
G) An enhanced risk rating, which has applied for those Fincity Crypshark s.r.o. which are involved in unregulated funds, schemes or financing, such as those which might be involved in tax evasion. When onboarding a new client, the analyst will select “Unregulated Financial Services Products” resulting in an enhanced risk score.
H) The individual areas shall be risk assessed in order create a comprehensive picture of the Fincity Crypshark s.r.o. vulnerabilities from an AML perspective include customers and where relevant ultimate beneficial owners; products; delivery channels; geographical areas of operation; and operating environment.
I) Any product shall be risk assessed against its utility for criminals and terrorists. The level of attraction that our products hold for people engaging in money laundering will vary depending on the product’s features, or controls. Any relevant risks should be mitigated by controls and procedures that are examined for efficacy and updated or strengthened as needed. A constant awareness should be kept with respect to how our business evolves and if the products that we offer change.
J) The calculated scores are provided in the Fincity Crypshark s.r.o. ‘s Risk Assessment, under the Product Risks tab.
K) Fincity Crypshark s.r.o.  shall reflect the outcome of this product risk assessment as part of each client risk assessment it carries out. This will result in the initial client risk score always taking into consideration the highest risks of the products which a client is utilizing.
L) Geographic risks can be assessed by cross referencing the jurisdiction against databases such as the Corruption Perception Index or the FATF list of non-compliant countries in order to gauge the general level of AML/CTF compliance for particular jurisdictions. Countries that are subject to sanctions, regimes and/or embargoes will be considered to be a higher risk.
M) Fincity Crypshark s.r.o.  shall highlight some of the risk elements in the customer risk assessment section: who the customer is;  where they operate; the nature and purpose of the account (What the Fincity Crypshark s.r.o.  does, how it operates); how it came to be introduced to the Fincity TRX s.r.o, potential clients’ predicted level of activity with Fincity Crypshark s.r.o. , the industry
N) Based on our Fincity Crypshark s.r.o.  wide industry risk assessment, we will not operate any accounts for entities in the following industries:
– Unregulated financial services (where licensing required)
– Pyramid or Ponzi scheme or multi-level marketing programs
– Hawala
– Un-licensed FX broker
– Binary options
– Debt restructuring, credit repair, debt settlement, providing credit, debt collection      – Gambling
– Get rich quick scheme
– Crypto-currency
– Activities aimed at circumventing security controls (software, hardware)
– Unregulated pharmaceuticals / food supplements (e.g.“nutraceuticals”)
– Piracy or illegal streaming
– Counterfeit goods and violation of intellectual property, items that violates someone’s privacy
– Arms / dual use goods/ human organs
– Unlicensed charities
– Shell companies
– Companies formed of Bearer Shares
– Remittances funded in cash
– Offshore bank transactions/ Shell banks
– Adult services connected to human trafficking; intermediation of prostitution; production, visual broadcasting of pornography or striptease clubs (the approach does not include literature, toys, DVDs, or dating site
– Fourth party payment & multi-layered MSB arrangements
– Transactions for goods subject to export prohibition/restrictions
– Transactions with living animals (exceptions possible like for payments for horse riding, or dog classes)
– Political / religious organizations engaged in hate speech.
O) In assessment of the alleged connection of the property with terrorist financing, the following aspects must be taken into consideration:
– Funds mean any type of tangible or intangible, movable or immovable property irrespective of the way of Acquisition the fand legal documents or any other documents, including electronic or digital, evidencing ownership of or property rights in such property, including, however not limited to: bank credits, traveler’s cheques, bank cheques, postal remittance, shares, securities, bonds, notes, letters of credit.
– The property (funds) may be of either legal or illegal origin – it is important that it is being collected, accumulated, or provided for purposes of the terrorist financing.
1.28. Both direct and indirect collection, accumulation, or provision of the property (funds) are treated as the terrorist financing activity.
– Collection, accumulation or provision of the property (funds) are regarded as intentional deliberate activity where it is intending or knowing that this property (funds) or only a part thereof will be aimed at terrorist financing, i.e .mere perception of a person that the property might be used for terrorist financing, even if they do not have an intentional pursuit thereof
– Terrorist financing includes collection, accumulation, provision of the property (funds) for committing particular terrorist crimes (e.g. to perform a terrorist attack), training of terrorists (e.g. inciting crimes of terrorism, recruiting, training terrorists, creating terrorist groups), and also supporting individual or several terrorists or terrorist groups even if this property will not be aimed at committing particular terrorist crimes (e.g. for the rent of premises, material support, healthcare, relief). It is not necessary to establish a connection of the collected, accumulated, provided property (funds) with a particular terrorist crime.
– Fincity Crypshark s.r.o.  shall create a Client Risk Assessment which takes into consideration the risks posed by the clients, geographies, products, delivery channels, transactions and operating environment handled by the Fincity Crypshark s.r.o. . It will look at the features and factors inside of those categories which may make the product
either attractive to, or susceptible to, money laundering.
– A risk assessment shall be conducted for each client at the point of onboarding and on an ongoing basis. Each client shall always be assigned to a relevant risk group. When a risk is flagged then the Fincity Crypshark s.r.o. shall take action to mitigate the risk highlighted or conduct additional monitoring and reporting to control those risks. It should also provide the basis for rejecting a client which is outside of Fincity Crypshark s.r.o.  risk appetite.
Fincity Crypshark s.r.o.  shall:
1) meet the mandatory requirements of AML/CTF regulation.
2) accurately measure the AML/CTF risk inherent in each client.
3) identify high risk and unacceptable clients.
4) apply a flexible risk rating mechanism that allocates proportionate risk weightings.
– While following the risk-based approach and individual assessment of each clientʼs risk, the Fincity Crypshark s.r.o.  shall segment its clients to the following risk groups:
• low risk;
• medium risk;
• high risk;
• unacceptable risk.
– Depending on the particular risk group to which the client is assigned, the Fincity Crypshark s.r.o.  shall tailor measures for CDD and monitoring (e.g., if a client is assigned to a high-risk group, EDD is applied and if a client is of medium risk, ordinary CDD is applied).
– Apart from the individual customer risk assessment, Fincity Crypshark s.r.o.  shall have a business wide risk assessment, which should be performed at least once per year. The purpose of that risk assessment is to establish the risk level to which the company is exposed and to be able to assess how relevant risk criteria and risk levels have evolved over time and to decide whether identified changes require additional measures to be put in place, or to reconsider its risk tolerance levels.
-The business wide risk assessment shall always be performed by the MLRO in a written and detailed format. The MLRO may rely on the assistance of third parties (both employees of the company and external advisors) and provide the business wide risk assessment to senior management of Fincity Crypshark s.r.o. .
– The business wide risk assessment shall be performed following a risk assessment methodology approved by senior management. The risk assessment methodology shall, as a minimum, establish rules and procedures covering sources to be assessed in the course of risk assessment, a procedure for data collection and assess ment, ratios for ML/TF occurrence and relevance, responsible employee(s) and their duties, rights and responsibilities, and frequency of the assessment, etc.
– The business wide risk assessment shall be based, inter alia, on various statistical data regarding the Fincity Crypshark s.r.o.  activities (e.g., % of individual and corporate clients forming the whole client base of the company, the distribution of clients among different risk groups
a) i.e., what % of low-risk clients, what % of medium risk clients, what % of high-risk                         b) clients – jurisdictions being serviced by the company, type of products).
P) Remote identification of a client (natural person) identification and ID document validity verification shall be performed following these steps:
– the client shall enter a mobile application or website dedicated to onboarding
– before starting the identification process, a technical compatibility check shall be performed, during which it shall be checked whether parameters of the client’s device being used for identification purposes are set properly. If the technical compatibility check is passed, the process shall continue.
– Photo transmission: the client shall take a photo of their ID document. The Fincity Crypshark s.r.o.  should only accept valid ID documents and only if there are no circumstances showing possible forgery.
– taking a photo of the ID document should be preceded by holding the ID document up in front of the mobilephone/computer camera in the area specified on the screen in a manner so that the imageof the ID document fits in to the. Frame displayed on the screen. If the client uses a passport, a photo must betakenof the page with the client’s facial image by holding the passport in front of the camera. If the clientusesanID card, a photo must first be taken of the front of the ID card and then of the back. The client shall click the relevant button for capture displayed on the screen and the device will automatically take at least two consecutive photos of the ID document. The Fincity Crypshark s.r.o.  shall use the photo with the best resolution. If the photo is suitable, the relevant message shall appear on the screen and the client shall click on the button which allows proceeding. If the photo is not suitable for the identification purpose, the client shall be requested to take a new photo;
– When ID document photo has been confirmed (it may take a few seconds), the client shall be redirected to take a portrait photo of themselves. When taking the photo, the client shall look straight into thecamera, with head visible and in the frame.
– The clientʼs portrait photo shall permit the Fincity Crypshark s.r.o.  to verify the person depicted in the portrait photo.
– The client shall participate in real-time video transmission during which, without interruptions, the client must show their ID document in front of the camera for a few seconds, then put the ID document next to their face so that both would be seen in one time for some seconds.
– ID document and facial image transmission (video recording) is finished, the client is automatically directed to another page where they are requested to provide additional information.
– Client provides all the requested information; they are asked to confirm it and submit. When the session is over and the client is informed by automatic message that their information will be assessed, and that the client will be notified of the decision of the Fincity Crypshark s.r.o.  to onboard the client as soon as possible but in any case no later than within 2 business days.
– Fincity Crypshark s.r.o.  shall check the correctness and validity of the information provided by the client.
Q) Remote identification of a client (legal person)
– Real-time photo (video) transmission, as the client identification method for a legal entity, shall be applied in the following manner:
a) during real-time photo (video) transmission only the identity of the client’s representative shall be established by applying all the measures that are listed above for identification of a client (natural
b) the real-time photo (video) transmission session of the client’s representative is finished, the representative of the client is automatically directed to another page where they are requested to provide additional information about the legal entity, as specified in this Guidance.
c) the representative of the legal entity provides all the requested information, they are asked to confirm it and submit. A er the session is over, the client is informed that their information will be assessed, and that the client will be notified of the decision of the Fincity Crypshark s.r.o.  to onboard the client as soon as possible but in any case no later than within 2 business days.
R) ID documents
Government documents should incorporate the clientʼs full name, personal code or date of birth, photo, signature (if required in the identification document):
– Passport
– ID Card
– Driver’s license issued in EEA Member States.
S) Each time any of these additional ID documents are used for client identification purposes, Fincity Crypshark s.r.o.  shall ensure that it has checked the laws of the issuing country and ascertained that the document indeed has a status of “personal ID document” in that country.
T) In addition to identifying the customer as indicated above, the Fincity Crypshark s.r.o.  shall collect the following:
– the nature and purpose of the business relationship;
– country of residence;
– address;
– sources of funds and wealth;
– financial services to be requested from the company (e.g. payment cards, payment account, transfers); • confirmation of whether the customer is acting on their own behalf;
– whether the customer (its representative, key director, UBO) is a PEP;
– an in case of payment services use – expected amount (in EUR) of monthly and yearly monetary operations and countries to which / from which monetary operations will be initiated or received.
U) Legal persons
– Legal persons are those which are registered with the local company register in their country of incorporation. The Fincity Crypshark s.r.o.  must collect all information necessary to understand the legal personʼs legal structure and its management and ownership structure, and must then identify and verify the information on the legal person, as well as the individuals who own or control the company.
– The customerʼs representative (key director or a person authorized under a Power of Attorney) shall be identified according to the above procedure for identification of natural persons.
– Furthermore, Fincity Crypshark s.r.o.  should collect the following KYC information and documents with respect to a legal person: KYC information about the customer:
customer’s details, including the following: full name, legal structure, legal code, establishment country, registered address and actual business address, trading name;
nature and purpose of the business relationship; the source of funds of the customer, a brief description of the nature and activity of the business (including, but not limited to, products and services provided, information on the intended turnover and scale of the business which the customer intends to transact with the Fincity Crypshark s.r.o. , information on the expected currencies and destination of the payments, licence status and licence number (if relevant), public domains – websites); financial services to be requested from the company (e.g. payment cards, payment account, transfers, etc.); whether the customer is a PEP (its representative, key director, UBO); and in case of payment services use – expected amount (in EUR) of monthly and yearly monetary operations and countries to which / from which monetary operations will be initiated or received; KYC information about the key director:
full name, personal code or date of birth, citizenship. KYC information about the UBO:
– full name, personal code or date of birth, citizenship; and
– ownership percentage.
– Collection of documents about the customer for data verification purposes: About the customer: an extract from companies register; a certificate of incorporation;
– Articles of Association;
– Documents confirmingshare holding and controlling structure of the customer, i.e. documents that allow the Fincity Crypshark s.r.o.  to assess and ascertain the whole shareholding chain until the UBOs; • organizational structure certified by key director(s);
– Power of Attorney, if the representative of the customer is not the key director; and additional documents that may be required due to specific risks inherent to the customer(e.g. financial statements or key agreements in order to ascertain sources of funds, licence in case the customer is a licenced entity, AML/CTF policies in case the customer is an obliged entity under AML/CTF regulation).
– About the key director: ID document; andproof of address (e.g. personal utility bill, personal bank statement) not older than 3 months.
– About the UBO: ID document; and proof of address (e.g. personal utility bill, personal bank statement)not older than 3 months.
– Fincity Crypshark s.r.o.  shall collect the documents listed above in one of the following ways: collect such documents itself (or through a third party service provider acting on an outsourcing basis) from public registries. If using this method, the Fincity Crypshark s.r.o.  must obtain written confirmation from the customers representative that the data and any supporting documents collected are authentic; OR
– Request the customer (its representative) to provide such o icial documents which shall be notarized and, if relevant, apostilled/legalized (except for organizational structure which shall be certified by the key director), proof of address which may be a simple copy and ID documents of the key director and UBO which may be provided in a form of a photo or scanned copy.
– Request documents issued by relevant state authorities, such as an extract from the relevant companies register about the customer, certificate of incorporation of the customer, Articles of Association of the customer, documents confirming shareholding and controlling structure of the customer, i.e. documents that allow the Fincity Crypshark s.r.o.  to assess and ascertain the whole shareholding chain until the UBOs of the customer must be always notarized copies.
Article XIV.
Screening procedure against Sanctions, PEPs and adverse media
The MLRO of the shall ensure that the company has sufficient procedures and control measures in place to screen the following against international sanctions lists:
clients, their representatives, key directors, UBOs – before entering into business relationship, clients representatives, key directors, UBOs, a payee to which the client transfers funds, a payer who is transferring funds to the client, the payment purpose of the fund transfer – in case of each payment transaction.
Fincity Crypshark s.r.o.  is also required to screen the individuals and entities against adverse media alerts before entering into a business relationship.
Before starting operations, the MLRO shall ensure that the company has the following procedures and control measures in place to screen the following against international sanctions lists:
– clients, their representatives, key directors, UBOs – before entering business relationship and in the course thereafter.
– client’s representatives, key directors, UBOs, a payee to which the client transfers funds, a player who is transferring funds to the client, the payment purpose of the fund transfer – in case of each payment transaction.
A) Fincity Crypshark s.r.o.  staff manually screen client against World Check.
B) The Company shall therefore screen against United Nations Sanctions, US Consolidated Sanctions, US Office of Foreign Assets Control (OFAC), Office of the Superintendent of Financial Institutions of Canada, Global Affairs Canada Sanction List, EU Financial Sanctions, UK Financial Sanctions, Interpol Wanted List, FATF blacklist, FinCEN advisory list, NCCT sanction list in all jurisdictions in which we operate.
C) Customers are re-screened when reactivating a dormant account, that is an account that has been inactive for a period of six months or more.
D) Third party beneficiaries of instructed payments are screened following the same procedure as laid out above. Their banking counterparty is also screened, but only for sanctions.
E) Standing data is automatically checked against the latest OFAC and Treasury lists and  automatically re-screen entities which have been previously screened on an ongoing basis. If a match or potential match is found the system immediately flags an alert for the attention of the MLRO.
F) The MLRO tests the existing sanctions screening system, on its ‘fuzzy logic’. If slightly misspelled known PEPs or sanctioned individuals and entities are undetected by the system during testing, the MLRO will either secure documented improvements from the supplier or switch to another e-ID provider.
G) The sanctions screening system shall be audited and tested annually with the MLRO committed to frequently and at regular intervals, testing the system and reporting relevant findings to the Board of Directors at the monthly meetings, or immediately upon discovery of severe issues that could threaten the Fincity Crypshark s.r.o. ’s regulatory status.
H) Systems are in place to monitor active accounts for suspicious transactions. If one is flagged up, part of the investigation that will be carried out includes re-screening the client against the list of sanctioned individuals.
I) If during routine customer screening the Fincity Crypshark s.r.o.  discovers that a PEP has changed their status, this should be escalated to the compliance officer and MLRO and all information for the last 12 months shall be checked, an additional account review should be scheduled for when the classification expires to ensure the risk rating is appropriate. Where it has been over 12 months since the PEP has changed its status, the MLRO will determine whether the company shall continue to consider the individual a PEP. The risk assessment shall be adjusted to take into consideration any changes, and the rationale and decisions relating to the account amendments are to be recorded.
J) Fincity Crypshark s.r.o.  shall screen the individuals and entities against adverse media alerts before entering a business relationship.
K) The MLRO is empowered to freeze funds that are suspected of being used to violate sanctions.
L) International sanctions may also be imposed against a particular country and directed to restriction of certain activity (e.g., sanction against Belarus restricting the export of guns, or other ammunition, to Belarus). Such sanctions will not necessarily be assessed during the compliance database screening against a particular client; therefore, the Fincity Crypshark s.r.o.  should always check and ensure that the activity, or actions of the client, do not violate such sanctions (e.g. if the client indicates that its business is export of guns and indicates that Belarus is one of the key business countries, this should be considered as a red flag indicating non-acceptance of such a client and possible infringement of international sanctions requirements). Such sanctions may be checked at the website of the United Nations Organization and EU sanctions map.
M) In the screening report shall be stated the following: date and amount of transaction, details of person making transaction – ID and occupation details for PEP/Sanctions screening Reason for screening and the nature of the transaction.
In transaction monitoring alerts shall be triggered (positive screening hits) may alter risk profile and require EDD.
Article XV.
Customer acceptance and risk categorisation
The Company customer’s acceptance policy is prepared by the Compliance Officer after detailed assessment of the risks faced by the Company. In this regard the Company applies appropriate measures and procedures, on a risk-based approach, so as to focus its effort in those areas where the risk of money laundering and terrorist financing appears to be higher.

A) Risk criteria
The Compliance Officer identifies, records and evaluates three main risk criteria when assessing the extent of money laundering and terrorist financing risks. Based on the extent and the combination of the given risk criteria, the overall risk of a customer will be quantified as either High or Medium.
The Compliance Officer considers the following risk criteria:
• Country or geographic risk
• Client (Customer) risk
• Products/services risk

Further analysis of the above risk criteria (individually or in combination) in assessing the overall risk of potential money laundering and terrorist financing is shown below.
The Compliance Officer should document and periodically review its risk assessment approach.

B) Risk indicators
The Compliance Officer analyses the above risk criteria into different risk indicators as shown in the following table):

Table: Risk Indicators

Risk Criteria Risk Indicator
Customer Risk Customer characteristics/behaviour/History
Customer Business
Customer ownership structure
Duration of Business relationship
Business activity/Expected transaction turnover

Product and Service Risk Transaction Types
Product/service Types

Country/Geographic Risk Country/Geographic Risk

C) Risk Variables
For each risk indicator the Compliance Officer identifies various “risk variables”, as shown in the following table (table 1.3.1):

Table: Risk Variables

Risk Criteria Risk Indicator Risk variables
Customer Risk Customer characteristics/behaviour/History No financial/commercial rationale for the customer performing the specific transaction
The origin of wealth and/or source of funds cannot be easily verified
Requests to associate undue levels of secrecy (unwillingness to provide information on the beneficial owners)
Number of related accounts
SAR Filed Previously

Customer or Individual BusinessWeapon manufacturers
Art and antique dealers
Dealers in high value or precious goods
Real estate agents
Unregulated charities
Unregulated “non for profit” organisations
Remittance houses
Exchange houses
Gambling/betting  and lotteries
Financial and other professional services
Money transfer agents
Bank note traders
Pharmaceuticals/drug paraphernalia
Cash intensive business

For business.
Customer ownership structure Complex business ownership structures
Transparency structure
Bearer shares
Incorporated in offshore centres

Duration of Business relationshipD < 1 year
1 year < D < 3 Years D > 3 years

Product and Service Risk Transaction Types Cash transaction
Size of transaction

Product/service TypesDo the products/services allow/facilitate payments to third parties
Can the product/service features be used for money laundering or terrorist financing, or to fund other crime
Do the products/services intended to render the customer deliberately anonymous to the Company

Country/Geographic Risk Country/Geographic Risk FATF recommendations
Transparency International (CPI)
MONEYVAL
EU Common Foreign & Security Policy (CFSP)
UN Security Council Sanctions Committees
Office of Foreign Assets Controls (OFAC)
Transactions to/from high-risk jurisdictions
Low Risk jurisdiction

Article XVI
A method of securing an employee who detects unusual business operations

1. The report of an unusual transaction shall in no case contain particulars of the employee who discovered the reported transaction.

Article XVII
Content and schedule of staff training

1. The company is required to provide at least once a year staff training aimed at combating money laundering and terrorist financing.
2. Employee training includes acquainting employees with the Act and its terminology, company obligations, unusual business operations and an overview of their forms, the method of performing care in relation to the client, the method of risk assessment and management, procedures for assessing whether the prepared or executed business is unusual , procedures from the detection of an unusual business operation to its immediate reporting to the FIU, procedures for the delay of unusual business operations, data retention procedures, powers and responsibilities of individual employees in protection against legalization and terrorist financing, broken down by activities performed by individual employees, method of ensuring protection an employee who detects unusual business operations

Article XVIII
The method of monitoring compliance with the Program and the obligations arising from the Act

1. Members of the Board of Directors, members of the Supervisory Board, the General Manager, the person responsible for performing the compliance function (designated person), the person responsible for performing internal control and all employees of the company are obliged to comply with the Program in their activities.
2. The person responsible for the performance of the compliance function (designated person) draws up and updates the Program and at the same time supervises its observance at all levels of the company’s activities.
3. Any managing director or CEO is entitled at any time to request from the person responsible for the performance of the compliance function (designated person) information on the status of compliance with the Program at any level of the company’s activities.

Article XVIII
Final provisions

1. The program is a binding internal regulation for all employees of the company, as well as for other persons who perform activities for the benefit of the company on the basis of another legal relationship.
2. An amendment or supplement to the program may be made by the adoption of a written amendment to the program by the company’s executives. Managers can also cancel the existing program in its entirety by adopting a new program.
3. All employees of the company are obliged to become acquainted with the provisions of the Program. On the working day following the day of publication of the Program, it is considered that each employee has been acquainted with the Program. Demonstrable notification can also be made by the signature of the employee on the preparation of the regulation, which is deposited with the employee responsible for the performance of the function of compliance (designated person).
4. The program enters into force and effect on the day of its approval by the company executive on 30.04.2022.
5. The program have Annex 1 and Annex 2 and Annex 3 which form an integral part of it:

ANNEX NO. 1

Sample report of an unusual business operation
according to § 17 of Act no. 297/2008 Coll. on Protection against Money Laundering and Terrorist Financing and on Amendments to Certain Acts, as amended

A / Details of the liable person
Business name:
Seat:
ID:
Name and surname of the designated person: Tel .:
E-mail:

B / Data on an unusual business operation
Trade date:
Trade value:
Related to NOO report:
Name and surname of the person who performed the NOO: Birth number:
Address:
Type and number of identity document:
Relation to the liable person:
Date and time of start of the NOO delay: Rejection of the NOO execution:
Reason for unusualness:
Characteristics

C / Account
Account number:
Currency in which the account is maintained: Date of account creation: Date of account cancellation:
D / Account holder Legal entity Business name: IČO:
Registered office address:
Natural person entrepreneur
Name and surname: Business name: Client ID:
Birth number: Address:
Registered office address:
Type and number of identity document:
Individual
Name and surname :
Identification number:
Address:
Type and number of identity document:

E / Persons authorized to handle the account
Name and surname :
Identification number:
Address:
Type and number of identity card:
Name and surname :
Identification number:
Address:
Type and number of identity card:

F / Data on third parties in connection with NOO
Name and surname:
Identification number:
Address:
Type and number of identity card: Relation to the liable person:

MLRO reports to:
– In person Racianska 45, 832 02 Bratislava, Slovakia Pribinova 2, 812 72 Bratislava, Slovakia for reporting
– In writing sjfpnoo@minv.sk,
– By telephone or fax: + 421 961 051 419 or fax: + 421 961 059 047 for reporting via electronic means.

ANNEX 2.
HIGH RISK COUNTRY LIST
Sanctioned Countries:
Crimea
Cuba
Iran, Islamic Republic of North Korea
Syria
Sudan
Russian Federation

Prohibited Countries:
Iraq
Libya
South Sudan
Controlled Risk Countries:
Afghanistan
Venezuela
Belarus
Central African Rep
Congo, the Democratic Republic Eritrea
Ethiopia
Republic of Guinea
Lebanon
Liberia
Mali
Myanmar
MM
Pakistan
Russian Federation
Somalia
Ukraine
Yemen
Zimbabwe
Botswana
Ghana
Panama
Barbados
Cambodia
Jamaica
Nicaragua
Uganda
Albania
Mauritius
Trinidad and Tobago
West Bank (Palestinian Territory)
Bahamas
Burkina Faso
Cayman Islands
Morocco Senegal

Antigua and Barbuda
Dominican Republic
Guatemala
Kenya
St Kitts & Nevis
Belize
Marshall Islands
Nauru
Guernsey
American Samoa
Vanuatu
Seychelles
Aruba
Bahrain
Cook Islands
Uruguay
Anguilla
Bermuda
Palau
Fiji
British Virgin Islands
Ecuador
St Maarten
United States
Virgin Islands
Gibraltar
Jersey
Montserrat
NigeriaIsle Of Man
Liechtenstein
Comoros
Dominica
Philippines
Turkey
Tunisia
Azerbaijan
Bolivia
Bosnia-Herzegovina
Brazil
Burundi
China
Egypt
Gaza Strip
Guinea Bissau
Haiti
Lao People’s Democratic Republic
Western Sahara
Samoa
United States Virgin Islands
Samoa
Fiji
St Maarten
Guam
Samoa
Palau
Madeira
Meno Sala
Tahiti
Turks and Caicos Islands
Namibia
Niue
Saint Helena, Ascension and Trista
Saint Pierre and Miquelon
Tonga
Azores
Kiurasao
Brunei Darussalam
Maldives

LIST OF FROZEN BANKS
Payments from/to the following banks will be freezed until further notification
1. North Korea North AMROGGANG DEVELOPMENT BANKING
2. North Korea CORPORATION BANK OF EAST LAND
3. North Korea DAEDONG CREDIT BANK
4. North Korea FOREIGN TRADE BANK
5. North Korea Nord ILSIM INTERNATIONAL BANK
6. North Korea KOREA DAESONG BANK
7. North Korea KOREA KWANGSON BANKING CORPORATION
8. North Korea KORYO BANK
9. North Korea KOREA UNITED DEVELOPMENT BANK
10. North Korea KORYO CREDIT DEVELOPMENT BANK
11. North Korea TANCHON COMMERCIAL BANK
12. IRAQ RAFIDAIN BANK
13. IRAQ RASHEED BANK
14. ANSAR BANK
15. SYRIAN LEBANESE COMMERCIAL BANK
16. LIBYAN AGRICULTURAL BANK
17. RUSSIAN NATIONAL COMMERCIAL BANK
18. BANQUE COMMERCIALE DE SYRIE
19. SYRIA REAL ESTATE BANK

LIST OF BANKS EXCLUDED
German EUROPAEISCH-IRANISCHE HANDELSBANK
Belarus CREDEX BANK
Bahrein AL BARAKA ISLAMIC BANK
CHINA BANK OF KUNLUN
CHINA BANK OF DANDONG
France BANK TEJARAT
Iraq ELAF ISLAMIC BANK
Iraq UNION BANK FOR SAVINGS AND INVESTMENT WARKA
Iran Al BILAD ISLAMIC BANK
Iran SADERAT
Iran MELI
Iran BANK TEJARAT TEHERAN
Lebanon EXPORT DEVELOPMENT BANK OF IRAN LEBANESE Libanon Lebanon Lebanese CANADIAN BANK
Lebanon BYBLOS BANK
Latvia ABLV
Latvia BLUEORANGE BANK
Macao BANCO DELTA ASIA
Malta PILATUS BANK
Russia RUSSIAN NATIONAL COMMERCIAL BANK
Sudan AL SHAMAL ISLAMIC BANK
Syria SYRIAN ISLAMIC INTERNATIONAL BANK
Turkey ARAB TURKISH BANK

CONTROLLED COUNTRIES GOVERNANCE CONTROL FRAMEWORK
Controlled jurisdictions are identified by international organizations (FATF and EU commission) as having strategic deficiencies in their counter money laundering, terrorist financing, and proliferation financing regimes.
Due to the high-risk factor, customers who intend to provide services related to these countries should carry out a comprehensive risk assessment to identify, assess, and manage the specific risks to their business model.
Under the Money Laundering Regulations, enhanced due diligence (EDD) is mandated for any business relationship with a person established in a high-risk third country. End users and payments flow through these jurisdictions should be subject to enhanced due diligence and ongoing monitoring.
These countries continue to work with the FATF to address their strategic deficiencies, and FATF review and update the list accordingly.
Subsequently, will periodically review our country list to ensure it remains accurate and reflects the latest update in removing countries that have made progress and new jurisdictions added onto the list.
In order to assist customers who, provide services related to the ‘Controlled’ countries, this policy sets out the additional governance steps applied to such requests.
The compliance team will review and assess the propriety of such request and seek MLRO’s approval.
The quality of these policies and procedures are essential for final decision making.

ANNEX 3.

With this model we have 3 Risk Levels. Risk Level 1 represents accounts with the highest risk.

Risk Level 1 (High risk customer): Accounts with two or three (2 or 3) High Risk designations.
Risk Level 2 (Medium risk customer): Accounts with one (1) High Risk designation.
Risk Level 3 (Low risk customer): Accounts with no High-Risk designations.

1.5 Customer’s categories
Based on the criteria described above customers will be categorised in the following two categories:
 Medium risk (Risk level 2 and Risk level 3)
 High risk (Risk level 1)

1.6 Categories of customers who are not acceptable for establishing a business relationship or an execution of an occasional transaction
All customers are carefully examined by the Compliance Officer as described above and the decision is taken on a case-by-case basis. To approve an application, the Compliance Officer must verify the following:
• The correctness, authenticity and completeness of the information provided by the applicant
• The creditworthiness of the applicant, through a database search whenever this deems necessary
• The probability that the applicant is involved in illegal or criminal activities
• The completeness of the required agreement/identification documents
and reject all applications that:
• Do not include all the necessary information
• Involve persons of doubtful creditworthiness or persons that may be involved in illegal or criminal activities
• Applications where the Client has not promptly provided the information or has done so incompletely.