AML / CTF

Program and Policy

Introduction

Arf Labs OÜ (hereinafter referred to as “ARF”) is a company duly established under the laws of Estonia.

ARF has established risk-based policies and procedures on Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) based on its Customer Identification Process (collectively referred to as “AML/CTF Program”) to prohibit and actively prevent money laundering and financing of terrorism and crime and any activity that facilitates such acts.

Money Laundering

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets.

Generally, money laundering occurs in three stages.

• Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler's checks, or deposited into accounts at financial institutions.
• At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin.
• At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.

Terrorist Financing

Terrorist financing does not have to not involve the proceeds of criminal conduct, but rather, it is an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment.

Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

AML/CTF Program

ARF’s AML/CTF Program comprise of:

• a system of internal policies, procedures, and controls, both automated and manual,
• an independent audit function to test the AML/CTF Program,
• an ongoing employee training program,
• and a designated compliance officer and unit with day-to-day oversight over the AML/CTF Program.

The main pillars of AML/CTF Program are (i) identification, (ii) due diligence, (iii) ongoing monitoring of the customers, and (iv) reporting/escalating where necessary, allowing action planning and mitigation of the potential risks ARF may be exposed to, in relation to money laundering and financing of terrorism and crime.

ARF’s risk-based approach enables the measurement of risks for potential money laundering and financing of terrorism and crime activities, and activation of the appropriate means and methods for mitigating and controlling such risks.

ARF holds itself subject to (whether they apply to ARF or not) the highest standards established across the globe in the fight against money laundering and financing of terrorism and crime. ARF is committed to reviewing its AML/CTF strategies and objectives on an ongoing basis and maintaining an effective AML/CTF program with highest standards, and requires its management and employees to adhere to to such in preventing the use of products and services for money laundering and financing of terrorism and crime.

Customer Identification (Know Your Customer)

Due Diligence

As part of its customer identification and onboarding process, and on an ongoing basis, ARF will undertake the following due diligence measures:

• Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information.
• For legal entity customers, correctly understanding and evaluating the ownership and control structure of the customer, followed by identifying the beneficial owner(s) and taking reasonable measures to verify the identity of the beneficial owner(s), if any,
• Monitor customer transactions taking into consideration the risk profile of the customer and the type, complexity, purpose, volume and pattern of their transactions.

Customers with high-risk profiles (as determined by the calculated risk score of the customer) are subjected to an Enhanced Due Diligence (EDD) processes to identify and verify the above information and may be subjected to lower thresholds applied on their transaction limits across various products for stringent monitoring.

If a potential or existing customer either refuses to provide the information aimed at determining the above when requested, or appears to have intentionally provided misleading information, ARF will either refuse to open an account for the potential customer and/or, after considering the risks signified, consider closing any existing account. In either case, the Compliance Officer will be promptly notified of the case to determine the necessity and extent of the reporting and escalation requirements arising from the case.

Risk Score and Profile

As part of its customer identification and onboarding process, and on an ongoing basis, ARF will ascertain and determine a risk profile for each customer. The customer’s initial risk score generated based on the due diligence information will be built upon and continuously updated based on the data obtained from ongoing monitoring of the customer’s activity.

The determination of the risk category of the individual customer is based on criteria and attached weights including but not limited to:

• geography (connection address, domicile, citizenship and origin),
• activity (occupation, ownership, industry, source of funds),
• product and service (type, volume and patterns),
• external information (sanction lists, political exposure, adverse media coverage)

The risk score calculated based on the above will lead to the categorization of the customer under one of the categories listed below:

• Category I: Low Risk
• Category II: Medium Risk
• Category III: High Risk

The determined risk-category may lead to:

• more frequent review of high-risk customers,
• applied controls on customers and their activities based on their risk levels,
• enhanced due diligence (EDD) conducted on high-risk customers, and lower thresholds applied on their transaction limits across various products for stringent monitoring,
• scenarios designed to monitor financial and non-financial activities of high-risk customers, triggering alerts on deviations from or breaching of thresholds.
• prioritization of alerts generated on suspicious transactions where a high-risk customer is involved.

ARF will periodically conduct a manual review of, and if needed improve, its risk-scoring model, based on its existing customers and their attached risk scores to determine the assessment quality of the risk-scoring model given real world data.

Sanctions, Political Exposure, and Adverse Media Coverage

A sanction is a preventative measure often implemented by governments and international bodies to change behavior, prohibit illicit activity and curb undesirable actions by certain high-risk persons or groups. A sanctions list is a compilation of individual sanctions that can be applied to individuals, countries, groups or companies. Sanctions lists are often collated by governments or international bodies.

A politically exposed person (PEP) is an individual with a high-profile political role, or who has been entrusted with a prominent public function. PEP status does not predict criminal behavior, but the additional risk exposure it brings means that financial institutions must apply additional AML / CFT measures when establishing and during a business relationship. As a baseline, the following may be categorized as PEP:

• Government Officials: Current or former officials appointed to domestic government positions, or positions in a foreign government. This may include heads of state or individuals working in executive, legislative, administrative, military, or judicial branches, in elected and unelected roles.
• Political Party Officials: Senior officials appointed to roles in major political parties at home or in foreign countries.
• Senior Executives: Individuals serving in senior executive roles, such as directors or board members, in government-owned commercial enterprises or international organizations – that is corporations, businesses, or other entities formed by or for the benefit of any such individuals.
• Family Members: An immediate family member of a government or political official, or senior executive – meaning spouses, parents, siblings, children, and spouses’ parents and siblings.

As part of its customer onboarding process, and on an ongoing basis, ARF will monitor all relevant sanctions and politically exposed persons -PEP- lists, applicable based on the profile of the customer, and at a minimum the sanctions lists maintained by the sanctioning bodies of the European Union, HM Treasury, US Office of Foreign Assets Control (OFAC) and the UN Security Council.

In addition to the checking such lists, ARF will strive, to the best extent possible, to determine whether the customer and/or its beneficial owner(s) are politically exposed, manually and by automated internal tools and real-time integration with expert third party services (that are in compliance with FATF requirements), through adverse media screening.

Transaction Monitoring

ARF will continuously monitor, through automated as well as manual systems, all account activity taking into consideration the risk profile of the customer and the type, complexity, purpose, volume and pattern of their transactions.

ARF strives to establish and develop an automated transaction monitoring system, comprising of internal systems integrated with expert third party services, that provides the ability to:

• monitor transactions and identify anomalies that might indicate suspicious activity,
• gather relevant due diligence information on both new and existing customers,
• conduct advanced evaluation and analysis of suspicious/unusual transactions,
• view individual transactions within the broader context of the customer’s total activity,
• establish new and update existing risk-parameter settings and scenarios without requiring programming skills,
• establish workflow features that include automated alerts, simultaneous collaboration among designated units, escalation and reporting mechanisms,
• produce comprehensive reports for different consumers, including management and relevant regulators.

The monitoring aims to flag, at a minimum, the following type of transactions:

• transactions by customers with a high-risk profile,
• transactions to or from customers in risky jurisdictions,
• transactions above determined thresholds,
• transactions ordered from previously unknown devices or new geolocations,
• transactions following a repeating pattern albeit below determined thresholds,
• complex and unusual transactions,
• transactions inconsistent with the customer’s profile, business, or source of funds,
• and transactions that are flagged by the customized scenarios developed by ARF.

with relevant alerts and reports being distributed to designated units in the system with a proper audit trail.

The Compliance Unit will review any activity that the monitoring system detects, will determine whether any additional steps are required, will document when and how this monitoring is carried out, and will file a Suspicious Activity Report (SAR) with appropriate authorities.

Record Keeping

ARF will document each step of the verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process and keep records containing a description of any document relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date.

With respect to non-documentary verification, ARF will retain documents that describe the methods and the results of any measures taken to verify the identity of a customer.

ARF will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained and will retain records of all identification information.

All records within the scope of AML/CTF Program will be maintained for a period of at a minimum 5 years, unless there is a longer period arising from any legislation or standards ARF adhere to.

Independent Audit

The AML/CTF Program will be audited, at least annually and whenever deemed necessary, by either a fully independent internal audit unit or by an independent third party competent in AML and CTF auditing.

The conducted audit will cover, at a minimum:

• A full review of the AML/CTF Program, including policies and procedures,
• A full review of the customer identification component,
• Testing and evaluation of the transaction monitoring component,
• Review of past escalations and SARs filed with authorities, if any,
• Evaluation of the training component,
• Review of past audit reports to assess the efficacy of recommended implemented changes.

While determining the scope of the audit, any inconveniences and risky customers, services and transactions determined by the AML/CTF Program will be included in the audit scope. Furthermore, the scope should include transactions of sufficient quantity and quality to represent the entire transactions performed by ARF.

The results of the conducted audit, including any determined imperfections, errors and misconduct revealed, the opinions and proposals for preventing recurrence of any such imperfections, errors and misconduct, will be reported directly to the Board of Directors.

Training

All new ARF employees receive mandatory training on ARF’s policies and procedures that constitute a part of the AML/CTF Program. All applicable employees are also required to complete further training annually. Participation in additional targeted trainings is required for all employees with day-to-day responsibilities relevant to AML/CTF Program.

The above-mentioned trainings cover, at a minimum:

• concepts of money laundering and financing of terrorism, and all related concepts, including methodologies used for such purposes with case studies,
• national and international regulations concerning anti-money laundering and financing of terrorism and crime, and
• how to identify flags and signs of money laundering that arise during the course of the employees’ duties,
• what to do once the risk is identified (including how, when and through which organizational channels to escalate unusual customer activity or other red flags),
• what employees' roles are in ARF’s compliance efforts and how to perform them,
• ARF’s record retention policy, and
• the disciplinary consequences (including civil and criminal penalties) for non-compliance.

ARF’s operations are regularly reviewed to check whether certain employees require specialized additional training. Written procedures are updated to reflect any such changes.