VIRTUAL MONEY BACK SERVICE AND VIRTUAL MONEY AGAINST THE PROVISION OF EXCHANGE SERVICE RULES OF PROCEDURE AND INTERNAL CONTROL RULES

1. General provisions

1.1 This document (hereinafter the " Guide" ) is governed by Arf Labs OÜ's obligation activities of a person (hereinafter AL ) for the prevention of money laundering and terrorist financing to implement the Act (RpTS).

1.2 The terms used in this Guide are as defined in RpTS. 1.3 AL provides the following services:

1.3 AL provides the following services:

1.3.1. virtual currency wallet service;

1.3.2. virtual currency exchange service.

1.4 The AL Board undertakes to ensure that both the AL Board members and employees perform the requirements set out in both the Guide and the RpTS and, if necessary, receive the same training or further training. Familiarity with this Guide is confirmed by each employee in writing with signature.

2. Due diligence measures  

2.1. The AL will apply RpTS due diligence measures to the extent appropriate and necessary, subject to the nature of the business and the degree of risk involved in the transaction.

2.2. AL pays special attention to the customer's activities and circumstances, which refer to money laundering or terrorist financing or which are related to money laundering; or terrorist financing is likely.

2.3. Prior to establishing a business relationship with a customer, conducting a transaction, and during a business relationship, the AL will apply the following due diligence measures:

2.3.1. Customer identification, verification of information provided, data preservation and updating;

2.3.2. identification of the representative of the client and the right of representation; and verification. The scope of the mandate given to the representative must be clarified, including whether it is with a longer-term relationship or with a one-time deal, and either representation allows you to establish a business relationship with an AL.

2.3.3. identification of the actual beneficiary;

2.3.4. daily diligence and vigilance in dealing with the client, including the business relationship tracking of transactions made during the course, identifying the data used to verify identity regular inspection of relevant documents, data and information and, where appropriate, the source and origin of the resources used in the transaction identification;

2.3.6. Informing the contact person of the situation when the content of the transaction or the customer's activity there may be signs of money laundering or terrorist financing and, if possible failure to execute such transactions.

2.4. Application of due diligence if not done by IT tools , the facts to be ascertained are ascertained by the customer based on original documents. If the original document cannot be obtained, you may use notarized or notarized or officially certified documents, including documents certified by a lawyer. A copy of the document may not be relied on if: there is a doubt that the copy matches the original.

3. Customer Identification

3.1. Identity must be established for all persons and their representatives who appear In a business relationship with AL. Personal knowledge or public awareness of the client or his agent does not preclude compliance with the identification obligation imposed by the Guidelines.

3.2. When establishing a business relationship with a customer, you must be a self-employed customer or a legal entity identify the representative of the customer by means of information technology. Identity a copy of the photo ID will be used for identification and verification document. Prior to each transaction, the AL must first ascertain the person / representative identity and the right of representation. To determine the right of representation the proxy requirement shall be used in particular.

3.3. The customer / agent will be asked to provide contact details (phone, address, post), e-residency or actual beneficiary.

3.4. The AL requires information as to whether the person is or has been discharging public authority or a close associate of a public authority with important functions; or a family member (ie a person with a national background within the meaning of the CashPTS).

3.5. The AL requests information from the client about the planned investment and financial the origin of the funds when the total investment exceeds EUR 25 000.

4. Identification of the risk profile of the individual customer, risk category determination

4.1. The AL undertakes to ascertain and determine the profile of the individual customer risk category.

4.2. The determination of the risk category of the individual customer is based on the customer residency and beneficial owners. Non - resident natural persons the risk category shall also be determined taking into account whether the customer is a national / his / her family member / close associate. If the customer is from a national background / his / her family member / close associate, he / she automatically belongs to III category.

4.3. The risk categories are as follows:

4.3.1. Category I - Low risk category: resident or non - resident natural person who is the beneficial owner himself and who investments below EUR 1000;

4.3.2. Category II - Medium risk category: a resident / non - resident natural person who is not the beneficial owner himself or who: investments in excess of € 10,000.

4.2.3. Category III - High risk: Resident and non-resident physical the person who is or if the beneficial owner is a person of national background / his / her family / his close associate.

4.3. The risk category determines the AL at the start of the customer relationship and during the customer relationship, by adding the appropriate category to the customer data.

4.4. If the client falls into risk category III, reinforced application must be made due diligence (clause 10).

5. Identification of the customer profile of a legal person, risk category determination

5.1. When establishing a business relationship, an AL is required to identify a legal entity and define the risk profile of the corporate customer.

5.2. The risk category shall be determined on the basis of the country of residence of the legal person, and the structure of the governing bodies and the legal entity owners transparency.

5.2.1. Category I - Low risk category:
A legal person registered in the Republic of Estonia with a specified field of activity (excluding currency and / or payment, gambling, gambling, casino);

A legal entity established in a Member State of the European Union or Norway, Iceland, Switzerland, whose shares are publicly listed and the company is not active in foreign exchange and / or payment, gambling, gambling, casino;

5.2.2. Category II - Medium risk category:

A legal entity established in a Member State of the European Union or Norway, Iceland, Switzerland, whose shares are not publicly quoted and whose business is not in the currency and / or payment, gambling, gambling, casino;

A legal entity registered in Estonia whose field of activity is currency and / or payment, gambling, gambling, casino;

A legal entity established in a Member State of the European Union or Norway, Iceland, Switzerland, whose shares are publicly quoted and the company is active in foreign exchange and / or payment, gambling, gambling, casino;

legal entities established in third countries and in publicly quoted and not engaged in foreign exchange and / or payment intermediation, gambling, gambling, casino.

5.2.3. Category III - High risk category: legal entities established in third countries and in Liechtenstein. A legal entity established in a Member State of the European Union or Norway, Iceland, Switzerland, whose shares are not publicly quoted and whose business is in the currency and / or payment, gambling, gambling, casino.

5.3.If the client falls into risk category III, reinforced application must be made due diligence (clause 10).

5.4. The risk category determines the AL at the start of the customer relationship and during the customer relationship, by adding the appropriate category to the customer data.

6. Identifying a person during the customer relationship

The AL has the right to suspend or terminate transactions if during the duration of the business relationship in the event of a suspected money laundering suspicion, the customer shall not provide documents or data that are such cast doubt on it.

7. Identifying and transacting a national background

7.1. Persons of national background are persons listed in § 3 (11) of the Money Laundering Act who: divided into tasks assigned by national and international organizations executive national backgrounds.

7.2. Identifying national backgrounds for AL clients and potential among the clients, the Contact Person shall be responsible, unless otherwise specified by the AL Board person.

7.3. Identifying a person with a national background is possible:

7.3.1. When interviewing a client;

7.3.2. existing public or paid databases and internet search engines using;

7.3.3. making inquiries or verifying the data with the authorities of the customer's country of residence through web pages.

7.4. The AL does not generally establish a customer relationship with persons of national background.

8. Low and High Risk Transactions

8.1. When conducting the transaction, the AL shall assess the risk of money laundering and terrorist financing and select and apply appropriate due diligence measures in accordance with the Guidelines.

8.2. The assessment of the risk of money laundering and terrorist financing takes into account the customer risk and transaction risk.

8.3. The risk associated with a transaction is considered to be low if they occur simultaneously the following circumstances:

8.3.1. the benefits of the transaction cannot be realized by the customer before one year the expiry of the transaction;

8.3.2. the transaction is not an urgent payment.

8.4. Low Risk Criteria «Prevention of Money Laundering and Terrorist Financing persons or clients specified in clauses 34 (2) 1) -6) of the Act » the following shall be considered simultaneously for the purposes of identification and verification the following circumstances:

8.4.1. Customer identification is possible with publicly available information basis;

8.4.2. the customer's ownership and control structure is transparent and stable;

8.4.3. The client's operations and accounting practices are transparent;

8.4.4. the client is accountable and verifiable in Estonia or Europe Economic State Contracting Executive State authority, other public by the body performing the tasks or by the body of the European Community.

8.5. A client's risk is considered high if the client is:

8.5.1. appearing on the UN or European Union list of persons whose: is subject to international financial sanctions;

8.5.2. a person in respect of whom the AL has prior knowledge that the person may be related money laundering or terrorist financing.

8.6. The risk associated with a transaction is considered high if:

8.6.1. The client's agent, who is not convincingly able to explain the transaction, wants to do the transaction the origin of the money;

8.6.2. The transaction is requested by a customer who the AL has previously suspected may be involved in money laundering or terrorist financing.

8.7. For high-risk transactions, due diligence must be exercised reinforced procedure.

8.8. The due diligence measures must be applied in the enhanced procedure also when low suspicious money laundering or terrorism is suspected in risky transactions or customers in financing.

9. Application of due diligence measures

9.1. Due diligence may be applied under the following conditions:

9.1.1. To persons specified in § 34 (2) 1) -6) of the Money Laundering Act; or

9.1.2. if the customer has a written duration agreement; or

9.1.3. where there is no doubt as to the accuracy of the information provided by the customer or the legal capacity of the customer; or legal capacity; and

9.1.4. there is no suspicion of money laundering or terrorist financing related to the transaction; and

9.1.5. If the transaction or customer risk can be considered as low; and

9.1.6. if you have a previous business relationship with the customer that was established prior to this Guide or the customer has been identified after the introduction of this Guide according to the Guide

9.2. For the purposes of simplified due diligence measures:

9.2.1. Persons shall be identified in accordance with Section 3 of this Guide;

9.2.2. However, if the AL is in doubt as to the application of the simplified due diligence measures If the information provided is correct, the staff will carry out additional checks. Extra during the verification, the AL specifies the customer details and may ask others control issues.If an inspection cannot be performed or the inspection reveals that the customer is unable to answer the control questions, then the customer is not dealt with.

9.2.3. The application of simplified due diligence measures shall be prohibited where: money laundering or terrorism has occurred at any stage of customer interaction suspicion of funding. If an AL is encountered during the application of the simplified due diligence measure suspicion of money laundering or terrorist financing, any transaction shall be waived making a customer.

10. Applying due diligence measures in a reinforced procedure

10.1. The AL shall apply due diligence measures, if the nature of the situation so requires there is a high risk of money laundering or terrorist financing. Big money laundering or in the event of a terrorist financing risk, a rocking relationship is created or the transaction is exceptional cases and by separate decision.

10.2. Enhanced due diligence measures must be applied if: the customer involved in the transaction has been identified and the information provided has been verified without being in the same place as him; and when verifying the identity or verifying the information provided, there is a suspicion (a) the authenticity of the data or the authenticity of the documents or the beneficial owner; or identifying the actual beneficiaries; and The customer involved in the transaction is from another Contracting Party to the Agreement on the European Economic Area or a third country national, family member or close associate; and characteristics of higher risk transactions.

10.3. Applicable in the case of an obligation to apply enhanced maintenance in addition to the usual due diligence measures, at least one of the following is strengthened due diligence:

10.3.1. verifying the identity and verifying the information provided in supporting documents, based on data or information from a reliable and independent source; or From a credit institution or a branch of a foreign credit institution registered in the Estonian Commercial Register, or from a credit institution incorporated or domiciled in Europe A Contracting State of the Economic Area or a country with equivalent requirements the Money Laundering and Terrorist Financing Prevention Act, and if so the credit institution has the person's identity at the same place as the person identified; ii) taking additional measures to verify the authenticity of the documents submitted and any documents contained therein to verify the accuracy of the information, including notarial or official information requesting verification or verifying the accuracy of the information that issued the document by a credit institution referred to in point (i); (iii) the first payment related to the transaction through an account opened with a credit institution in the name of the person participating in the transaction, registered or established in the European Economic Area a Contracting State or a country where equivalent requirements apply to money laundering and terrorism the Prevention of Funding Act.

10.3.2. If an unusual transaction, act or circumstance occurs, the AL shall have an obligation analyze and compare the circumstances of the transaction with money laundering and terrorist financing with suspicious transaction characteristics. The AL has a duty to verify the legal origin of the property at least before the transaction is concluded if the transaction is based on a previous customer relationship unusual money laundering or terrorist financing suspicion.

11. Business relationship monitoring

11.1. The AL employee undertakes to monitor the business relationship with the client on a regular basis to ensure that the transactions executed correspond to its business and risk profile. To that end, he undertakes regularly check the client's legal status (legal capacity), financial status, industry, ownership information (actual beneficiaries).

11.2. In addition, at least once a year: Customer risk assessment;
Assessment of the risk of the country of the client; liter, or combined risk. Customer risk (risk factors that are attributable to the customer) must take into account: the legal form, governance structure (including trusts, partnerships, etc.) of the person contractual legal entities, legal entities that hold bearer shares);
the ownership structure of the company, especially those for which there is no obvious commercial justification and which may make it easier to conceal the final beneficiary;
personal business area (customers who are involved in a business that includes large business customers) handling of cash amounts such as currency exchange offices, cash handlers, high value merchandise dealers, casinos, betting and other gambling companies involved in activities that receive regular cash payments); whether the person is a national / family member or a close relative a co-worker (customer or beneficial owner);
whether the person is represented by a legal person;
the residency of the person, including whether they are registered in the offshore area (tax-free and low-tax territories, such as the Tax and Customs Board on the basis of the respective data provided on the website http://www.emta.ee/en/ariklient/tulud- costs-mining-profits / non-resident-estonian-income-taxation / list- territories;
communication with the client, its partners, owners, agents, etc. circumstances arising from experience (eg suspicious cases identified in a previous business relationship) transactions, suspicious customer behavior, failure to submit required documents); duration of business, nature of business relationship.
Country risk, with risk factors resulting from differences in the legal environment of different countries, the level of crime and whether or not there are persons in that country or in that country international sanctions have been or are being applied. Countries that are more risky include: subject to international sanctions or embargoes;
lacking adequate compliance with international standards money laundering laws and regulations;
who have been identified as financing or supporting terrorism;
for which significant corruption or organized crime has been identified level of crime or other crime (including drug crime);
tax-free and low-tax, offshore financial centers. Cumulative or combined risks Special attention should be given by the staff member to situations which suggest higher risk in several of the above risk groups.

12. Collection, verification, storage and updating of data

12.1. Collection of data

12.1.1. The Customer shall be identified for the first time in accordance with section 3 of the Guidelines . The Customer shall be registered and kept in accordance with the instructions and other necessary data. In addition, any observations are unusual transactions and any other material matters that may arise.

12.2. Data retention The data provided by the Client and his / her representative, identifying the Client and his / her representative a copy of the document, other documents requested by the client pursuant to the Guidelines and the MoneyPTS stored digitally or on paper for at least 5 years after customer termination of contractual relations.

12.3. Update of data and documents, internal control measures

12.3.1.The data shall be updated at least every two years. During the data update, a report is prepared which must include the risks that: business identified, risk management established a description of the control measures and how to address them in case of deficiencies.

12.3.2. the member of staff responsible for client relations (client manager) makes a significant contribution greater attention to the high risk category identified as a result of risk analysis (III category) to check customer data and know business. In addition, for annual analysis, the client manager must continually evaluate the clients' business related to possible money laundering and terrorist financing risks and is required to notify the Contact person immediately of any change in the risk profile.

12.4.3. The contact person shall carry out a detailed monitoring based on the results of the report a plan for the Contact Person to monitor and monitor riskier transactions customer profile.

13. Piracy transactions

13.1. An AL employee is not allowed to:

13.1.1. Settle in cash; 131.2. Transact with a client whose identity is not identified in the Guidelines according to;

13.1.3. Transact with anonymous or fictitious individuals who use others names or a pseudonym.

13.2. AL shall refuse to enter into a transaction with a customer:

13.2.1. whose documents or other information are in doubt and the customer does not adequately explain the doubts the circumstances that caused it;

13.2.2. whose identity or the accuracy of the representative's authority cannot be ascertained or check;

13.2.3. whose place of residence or occupation or occupation or activity profile is not available identify;

13.2.4. who appear on the list of international sanctions or who is money laundering identified by the FIU as suspected of money laundering or terrorist financing the performer of the transactions, if such information is provided by a financial intelligence unit disclosed;

13.2.5. who otherwise suspect that the person may be money laundering or terrorist financing.

14. Transaction monitoring and analysis

14.1. The AL employee must monitor and analyze whether or not the transaction is occurring when executing transactions The Client is not involved in money laundering or terrorist financing. Money laundering or terrorism suspicious of financing and a list of features of unusual transactions is given In the documents, the FIU Guide “FIU Recommended a guide on the characteristics of transactions suspected of money laundering 'and the FIU guideline 'Advisory guide to the FIU suspected of terrorist financing transaction characteristics ").

14.2. If the client's activity refers to money laundering or terrorist financing, the client comes from ask for more information to determine the origin of the money. More information can be orally and / or in writing, but the information received must be recorded in writing.

14.3. The contact person analyzes customer transactions as necessary to clarify the transaction potential involvement in money laundering or the possibility of money being illegally sourced.

14.4. It is responsible for managing the risk assessment of money laundering and terrorist financing A point of contact who must regularly analyze whether an AL may be present in business Money laundering and terrorist financing risk factors not covered in this guide.

15. Contact person

15.1. The contact person / board member is accountable to the board. The AL Board shall be informed by the money laundering authority of the contact details and any changes thereto data offices without delay. The contact person shall be the member of the Management Board, if not designated Other member of staff as contact person. If the contact person is a member of the board who is the sole member of the Management Board, the Contact Person is accountable to the shareholders.

15.2. The contact person shall have the right to demand from all staff members as set out in the Code fulfillment of obligations and immediate termination of any breach.

15.3. The tasks of the contact person are:

15.3.1. unusual transactions or those suspected of money laundering or terrorist financing organizing, analyzing and archiving reference information;

15.3.2. forwarding information to the FIU for money laundering or terrorism in the event of doubt as to financing;

15.3.3. The names of the persons on the UN and the European Union list of financial sanctions checking among clients and potential clients;

15.3.4. Verification of compliance of the Guide with MoneyPTS and other legislation at least once a year and, if necessary, propose amendments to the Governing Board To change the guide;

15.3.5. Necessary for completing the guide and transmitting information in a timely manner checking the availability of technical equipment;

15.3.6. A guide to the law and money laundering and terrorist financing verification of compliance with prevention requirements and the results of the verification analyzing and informing the Management Board about the implementation of the Guidelines;

15.3.7. proposing risk assessment on money laundering and terrorist financing; and management;

15.3.8. combating money laundering and terrorist financing identification of training needs and staff training;

15.3.9. informing the FIU of the identity of the client the transfer of an obligation to a third party; 3/15/10 precepts issued by the FIU and other authorities enforcement. 3/15/11 identifying clients with a national background;

15.3.1.2 Fulfillment of other obligations related to fulfillment of the requirements of the Money PTS.

16. Internal control measures

16.1. Compliance by the AL with measures to prevent money laundering and terrorist financing verifies Contact person is defined in this Guide and its annexes as well as in legislation while performing tasks.

16.2. In addition, the Contact Person shall conduct, at least once a year, an internal audit which shall: course checks: The compliance of due diligence procedures with these instructions; the compliance of the registrations with this Guide; compliance with other requirements to prevent money laundering and terrorist financing; Compliance with Business Relationship Monitoring Procedures conducted under this Guide To the guide, Compliance of the Code with the legislation and the guidelines of the competent authorities; Staff training needs;

16.3. The Contact Person shall prepare a written report on the conduct of internal control. The report states: Purpose of inspection; Time of inspection Name of inspector and title; Description of the checks carried out; Analysis of control results or the overall conclusions and analysis of the controls carried out; Deficiencies in the occurrence of deficiencies the description and the associated risks; Time for correction of deficiencies recommended measures for disposal and the time period for follow-up.

16.4. When performing a follow-up inspection, the Contact Person shall add a follow-up to the inspection report an analysis of the results and a list of the measures taken to remedy the shortcomings, indicating the actual time taken to rectify the deficiencies.

17. Fulfillment of notification obligation

17.1. The Employee will inform the Contact Person (or the Contact Person will fix it himself) of each of the following the occurrence of the situation:

17.1.1. suspected of money laundering or terrorist financing. Money laundering or suspected terrorist financing; and list of unusual transaction characteristics In these documents, the FIU Guide “FIU an indicative guide to the features of transactions suspected of money laundering 'and Money Laundering FIU Guide “FIU's Recommended Guide to Terrorism on the characteristics of suspicious financing transactions';

17.1.3. if the customer fails to provide the identity document despite the request, the details their place of residence and area of activity and, in the case of representation, the basis on which they are represented documents.

17.2. No suspicion of money laundering or terrorist financing shall be discovered Notify anyone (including a colleague) other than the Contact Person or the Board. Informing the client about the notification sent to the FIU suspected of money laundering or terrorist financing.

17.3. Becoming aware of a transaction suspected of money laundering or terrorist financing the Contact Person analyzes the content of the information received in connection with the Customer's past transactions and other and, if necessary, consult with a member of the management board as to whether this may be the case be a transaction suggesting money laundering or terrorist financing.

17.4. Data on a transaction suspected of money laundering or terrorist financing will be retained by the Contact Person in a way that other employees will not have Contact without written permission of the contact person.

17.5. Detecting a transaction with features that indicate money laundering or terrorist financing shall be referred by the Contact Person to the FIU you immediately report the suspicious transaction orally, in writing, or in writing in an enabling form. If the message has been transmitted orally, the Contact person will repeat it at the latest on the following working day in writing;

17.6. An ongoing transaction may be carried out after the receipt of money laundering by the FIU written permission to complete the transaction.

17.7. At the request of the FIU, the Contact Person shall submit to the FIU additional information about the circumstances of the transaction suspected of money laundering or terrorist financing and customer, if such information is available.

17.8. Reporting obligations in case of suspected money laundering and terrorist financing additional requirements may derive from the instructions of the FIU with which: The contact person must visit the contact person at least once a year.

17.9. The AL maintains a record of all suspicious and unusual transactions received from employees for at least 5 years from the date of receipt of the notice, as well as their notice information collected for analysis and other related documents; and notifications to the FIU, together with the time of the notification and transmitting employee data.

17.10. Pursuant to § 52 (2) of the Money Laundering Act, the obligated person is not deemed to be money laundering and in the event of suspected terrorist financing, complying with a duty to provide information in good faith; and the provision of relevant information to the FIU by law or contract violation of the confidentiality requirement; and persons who have given notice shall not be subject to any disclosure by law or contract for such information prescribed liability.

18. Training and information for workers

18.1 The contact person will periodically conduct staff training and information to raise staff awareness:

18.1.1. regarding typical cases of suspicious and unusual transactions; and the preventive measures to be taken.

18.1.2. Compliance with legal requirements;

18.1.3. Sanctions for non-compliance with legal requirements.

18.2 When a new employee starts to work, the Contact Person will introduce the new employee to the Guide and informs the employee of the suspicion of due diligence and money laundering information requirements.

18.3. The employee may require the Contact Person to launder money and terrorist financing prevention training or explanations on how to prevent money laundering; and prevention of terrorist financing in the AL business.

18.4. The contact person shall regularly evaluate staff money laundering and terrorist financing training and report to the Board.

19. Monitoring

19.1. Compliance with the rules is monitored by the Contact Person. Contact person activity shall be subject to supervision by the Board of Directors, subject to these instructions.

19.2. The contact person must, in particular, oversee risk assessment and management, data collection and storage, and reporting obligations. Board compliance with the obligation to inform.

19.3. The contact person shall have the right to verify that AL staff members are complying with money laundering and terrorist financing prevention and infringement requirements immediate termination.

19.4. The AL contact person / executive board member shall cooperate with the FIU providing information to the above authority on the implementation of the Guidelines and other related matters at their request.

Confirmed
By the decision of the Management Board of Arf Labs OÜ