ANTI-MONEY LAUNDERING POLICY

1. INTRODUCTION

It is the policy of savedroid to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities by complying with all applicable requirements under the DIRECTIVE (EU) 2015/849, local regulations as well as its implementing decrees.

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Generally, money laundering occurs in three stages. Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments, such as money orders or traveler’s checks, or deposited into accounts at financial institutions. At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes. Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations. In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

Our AML policy is designed to ensure compliance with all applicable regulations, rules, and compliance requirements by our business partners and will be reviewed and updated on a regular basis to ensure appropriate policies are in place to account for both changes in regulations and changes in our business.


2. STATUTORY REQUIREMENTS

The Liechtenstein Anti Money Laundering law and regulation form the basis of this policy. Also taken into account are the relevant guidelines from the financial market supervisory authority of Liechtenstein (FMA). As operator of an Exchange Office (Wechselstube) savedroid FL GmbH is subject to the Liechtenstein Anti Money Laundering law (“SPG”) pursuant to art. 3(1)(f) and art. 5(2)(g) requires savedroid to fulfill the due diligence obligations laid out in art. 5(1) SPG if the customers exchanges more than 1,000 CHF in one or multiple connected transactions.


3. OVERALL RISK ASSESSMENT

In accordance to art. 9a SPG and art 22a SPV savedroid continuously assesses the risks for money laundering, organized crime and terrorism financing associated with savedroid’s business model and customer base. Based on this risk assessment, (customer) risk categories are defined which form the basis for the design of concrete due diligence measures by savedroid as described in the chapters 5-8 below.

3.1 Risk analysis

The following risk analysis shows that savedroid’s mobile application has a low risk of money laundering or terrorist financing. The risk analysis is based in particular on the risk factors listed in Annexes 1 and 2 of the SPG in order to be able to carry out an analysis that is as comprehensive as possible and suitable for savedroid’s product. For this purpose, the relevant risk factors are selected, evaluated and weighted.

The risk factors are evaluated on a scale of 1-5:

1. very low risk
2. low risk
3. medium / normal risk
4. high risk
5. very high risk


The valuation is justified in the last column.

Factors relating to customer risk

Risk-reducing factors

Risk-increasing factors

Total risk

assessment

Valuation

Beneficial owners with residence in

geographical areas with lower risk according to

Annex 1 A c) SPG

Beneficial owners with residence in geographical areas with higher risk according to Annex 2 A c) SPG

2 (low)

Only natural persons acting in their own economic interest are accepted as customers (they are the ultimate beneficial owners). Customers from countries with strategic deficits in AML/ CTF are excluded.

Low value of assets and low volume of executed

transactions

High value of assets and high volume of executed transactions

2 (low)

Average transaction volume is less than

20 CHF. The maximum accumulated pay-in

amount per customer

is limited to

CHF 10,000.

Obvious economic purpose of a business relationship;

Unclear or doubtful purpose of a business relationship

2 (low)

Due to the nature of the services offered by savedroid, the economic purpose is obvious.

Factors relating to product or service channel risk

Products or transactions that could promote anonymity

2 (low)

All customers are identified regardless of the exchanged amount. Customers cannot receive virtual currencies from any third-party source except of savedroid.

Business relationships or transactions without personal contacts and without certain security measures such as electronic signatures

3 (normal)

Customers must use 3D Security for credit card transactions if provided and activated by their issuing banks.

Receipt of payments from unknown or unrelated third parties

2 (low)

Every customer account is linked to the device-ID of the device on which the savedroid application is installed (e.g. mobile phone) and cannot be accessed from another device without completing the device-change process.

Factors relating to geographical risk

EEA Member States; Third countries with well-functioning systems for combating money laundering and terrorist financing

States with strategic deficiencies and other States whose financial systems do not have sufficient systems in place to combat money laundering and terrorist financing

3 (normal)

Customers from countries with strategic deficits in AML/ CTF are excluded, c.f. section 5.1 below.

States against which, for example, the European Union or the United Nations has imposed sanctions, embargoes or similar measures

3 (normal)

Politically exposed persons (PEP) or persons listed on sanctions lists are excluded, c.f. sections 5.4 and 5.5.


3.2 Customer risk categories

Considering the risk assessment and risk reducing measures illustrated in section 3.1 above and reflecting the cap specified in art. 5(2)(g) SPG, three customer risk categories are defined:

Level 1 / Simplified Due Diligence (low risk): customers who do not exceed a cumulative payout amount of 1,000 CHF within a period of 12 months.

Level 2 Regular Due Diligence (standard risk): customers who exceed a cumulative payout amount of 1,000 CHF within a period of 12 months but not more than 10,000 CHF.

Level 3 Enhanced Due Diligence (high risk): customers who exceed a cumulative payout amount of CHF 10,000 and customers with suspicious transactions and PEPs.

The respective due diligence measures per customer risk category implemented by savedroid are described in more detail in the subsequent chapters.


4. INTERNAL ORGANISATION AND DOCUMENTATION

4.1 Roles and responsibilities

The management board coordinates the prevention of money laundering, terrorist financing and any other criminal acts. The managing director of savedroid FL GmbH is ultimately responsible for compliance with all applicable laws and regulations.

In addition, the management appoints a money laundering officer (“MLO”) who is responsible for compliance with the Money Laundering Acts and all regulations relating to its administration. The MLO is at the same time also acting as internal investigator and fulfils in particular the following tasks and duties:

• Acting as contact person for the FMA, law enforcement agencies and the Financial Intelligence Unit (FIU),

• Development, implementation and enforcement of internal policies, procedures and controls to prevent money laundering; including the creation and revision of organizational guidelines in line with new or modified statutory provisions,

• Safe storage of due diligence records (c.f. 4.4 below),

• Training employees in dealing with money laundering regulations and due diligence measures,

• Monitoring and investigation on suspicious customer activities and reporting to relevant authorities.

The MLO has been granted the following powers for carrying out its tasks and duties:

• Issuance of internal company directives for all matters relating to the prevention of money laundering and fraud,

• Decision on rejection or termination of a business relationship, if necessary, after consultation with the management board,

• Filing of a suspicious activity report (SAR) and submission to the FIU. Current implementation of roles and responsibilities:

Role

Contact person

Contact details

AML responsible member of the management board

Dr. Yassin Hankir

yassin@savedroid.de

AML responsible member of the management board deputy

Joachim V. Brockmann

joachim@savedroid.de

Money Laundering Officer

Joachim V. Brockmann

joachim@savedroid.de

Money Laundering Officer deputy

Dr. Yassin Hankir

yassin@savedroid.de

Investigator

Joachim V. Brockmann

joachim@savedroid.de

Investigator deputy

Dr. Yassin Hankir

yassin@savedroid.de



4.2 Employee training

All employees who are engaged with the execution of due diligence tasks and/or involved in the customer acceptance process (“AML Agents”) receive a training on the methods of money laundering and terrorist financing and their obligations according to the existing laws. The training measures include explanations of the responsibilities as defined by the SPG/SPV, guidelines, the internal security measures as well as defensive measures for the prevention of money laundering.

The training of new employees is supervised by the money laundering officer and carried out internally or externally at qualified third-party institutions depending on the required training levels. The training of all AML Agents will be refreshed annually.


4.3 Internal Auditing

Internal Audit is required to verify compliance with the requirements of the SPG/SPV and related guidelines, to include the AML division in the auditing plan and to adapt this plan on new requirements and developments. The audit results have to be documented in report form and must be understandable to qualified third parties. The audit reports have to be presented to the management board in a timely manner, at least on a yearly basis.

The MLO will assist Internal Audit in the carrying out of their duties by: • providing all necessary information,

• making all necessary documents available on short notice, allowing insight into all operational and business processes.


4.4 Due diligence records

As required in art. 20 (1) SPG savedroid documents the compliance with due diligence and notification obligations in the due diligence records.

The due diligence records kept by savedroid contain both customer-related documents and transaction-related documentation. Customer related documents are stored for ten years after the business relationship has ended, transaction-related documents are stored for ten years after completion of the transaction. In particular, the following information is stored:

Customer-related documents:

• All information and documents received for / during customer identification and due diligence, including information on the AML Agent responsible for validation of customer identity (c.f. section 5 below)

• Email correspondence regarding customer identification and due diligence
• Customer business profiles (c.f. 7 below) Transaction-related documentation:

• All customer transactions of fiat money and virtual currencies

• Documentation on clarifications conducted by savedroid employees pursuant to art. 9 SPG

• Documentation on decisions of the MLO and reporting to FIU

The due diligence records are stored fully electronically using a file server hosted in Liechtenstein. To avoid any possible data loss the due diligence records are additionally stored on a redundant file server hosted outside of Liechtenstein (“mirroring”). Access to the due diligence records is enabled by deployment of dedicated software tools. The software tools comprise the following features and functionalities:

• The due diligence records are readily accessible any time for authorized persons such as the persons carrying roles and responsibilities defined in 4.1 above, AML Agents and external auditors and authorities

• Deletion of data is not possible before the end of the respective minimum storage time (i.e. ten years, see above)

• Any modification of the data such as additional documents, information updates or similar actions (“write access”) is logged and is only possible via automated data processing or via manual editing by the AML Agents or the MLO using personalized logins/accounts


5. CUSTOMER IDENTIFICATION AND DUE DILIGENCE

The establishment of valid customer identification and acceptance standards depends on the creation of an effective and efficient organizational structure and workflow framework for the successful implementation of the customer acceptance process.

The customer acceptance process ensures that:

• Every user is checked for exclusion criteria, which will lead to a customer rejection a standardized process for the recording of all AML risk-relevant information for every new customer is followed.

• A risk profile framework exists which can be used to assist in the decision-making process to the acceptance of any potential new customer.

• This risk profile is made available for research and further customer-related AML risk management to determine additional KYC measures.

Given savedroid’s business model, product and audience, and the risk assessment described in chapter 3 above a risk-based, tiered due diligence approach is implemented that best addresses the specific money laundering, terrorism financing and fraud risks.


5.1 Exclusion of customers from blacklisted countries

To use the savedroid app, each customer must connect a credit or debit card provided by the card schemes. Customers are rejected and not able to use the savedroid app if one of the following criteria applies:

• The customer’s credit card is issued by a bank of a country with strategic deficits in AML

• The customer’s credit card is issued by a bank of a country which is on savedroid’s internal blacklist


The following countries are currently treated as countries with strategic deficits in AML as defined in attachment 2 A c) SPG:

• Ethiopia

• Bosnia and Herzegovina

• Trinidad and Tobago

• Iraq

• Iran

• Tunisia

• Syria

• Sri Lanka

• Vanuatu

• Yemen

• North Korea


Additionally, the following countries are currently on savedroid’s internal blacklist:

• Germany

• United States of America

• Cuba

• Afghanistan

• Venezuela


5.2 Customer identification measures

Exceeding the requirements pursuant to art. 5(2)(g) SPG, all customers are identified regardless of the exchanged amount.

Every customer must provide the following basic identity information in the savedroid mobile application before the first pay-out. No pay-outs will be processed until customer identification is satisfactory completed:

• Full name (first name, surname) [middle names are optional]

• Date of birth

• Nationality

• Country of residence


5.3 Validation of customer identity

In accordance with savedroid’s risk assessment (c.f. chapter 3), customer identity is validated individually based on the identified specific risks concerning money laundering, terrorism financing and fraud.

In line with art. 10 SPG and attachment 1 A a) 4 SPG and attachment 1 B a) SPG for customers with a low risk profile savedroid applies simplified due diligence measures. The following table gives an overview of the applicable validation measures per risk level:

Validation via…

Level 1

Level 2

Level 3

Duplicate checks

X

X

Currently not accepted

Passport verification

X

Photo identification

X


More details are provided in the subsequent paragraphs.


5.3.1 DUPLICATE CHECKS

To prevent multiple use of credit cards and/or the creation of multiple user accounts for the same natural person, the following duplicate checks are run on each customer (all risk levels):

• Credit card check: A duplicate check is run on every credit card based on the technically available possibilities. The check contains at least matching the combination of BIN (first six digits) plus last four digits of the credit card number with a list of cards already in use. If the combination matches with an existing entry the customer is flagged as a potential duplicate and upgraded to risk level 2 for further investigations. If technically available, savedroid applies further measures to prevent double use of credit cards.

• Device-ID check: In addition, the customer’s device ID is checked for duplicates by matching it to a list of device IDs already in use. If the device ID is already in use, the customer is flagged as a potential duplicate and upgraded to risk level 2.

If the subsequent passport and photo identification - which the customer has to undergo in risk level 2 - confirms the customer duplicate the account is closed.


5.3.2 PASSPORT VERIFICATION

All customers classified as risk level 2 have to provide detailed address information (street, house number, zip) and photos of the front and back side of their passport or national ID card. If the customer’s address is not shown on the provided passport or national ID card, additional proof of address (not older than three months) must be provided by the customer, such as:

• Utility bill

• Bank statement

• Register excerpt

The photos have to be uploaded via savedroid’s mobile application and must fulfil the following criteria:

• All identification documents must be valid and must not be expired.
• Thephotos must not be blurred, distorted or of insufficient exposure.
• All text and numbers must be readable.

All photographs will be checked by trained AML Agents or automatically. Photographs of insufficient quality will be rejected and have to be resubmitted by the customer.

Based on the proof of address and the information taken from the user’s passport and/or national ID document the following additional checks are performed: Verification of identity details as specified by the customer.

Ultimate failure in passport verification leads to rejection of the customer and his account will be locked.


5.3.3 PHOTO IDENTIFICATION

All customers classified as level 2 risk have to provide a photograph of themselves. The photograph has to be uploaded via savedroid’s mobile application and must fulfil the following criteria:

• The photograph must show the customer holding his/her passport or national ID document that he has used for Passport Verification and a handwritten note displaying the word “savedroid” plus the date of the upload.

• The photograph must not be blurred, distorted or of insufficient exposure.

• The photograph must show the customer’s face in sufficient resolution to recognize facial characteristics.

The photograph will be checked by trained AML Agent and must match with the photograph on the customer’s passport or national ID document. Ultimate failure in photo identification will lead to rejection of the customer and his account will be locked.


5.4 Compliance with Sanction Regimes

The provided customer identity information of all customers classified as risk level 2 or higher is run through a systematic screening of international sanctions and law enforcement lists.

The sanctions-database contains natural persons and organizations of the following sanctions regimes:

• EU

• UN

• OFAC

• Further publicly available information

Given a positive match the case will be manually reviewed by an AML Agent to exclude false positives. If the review ultimately confirms the match, the customer will be rejected and his account locked.


5.5 Politically Exposed Persons

The provided customer identity information of all customers classified as risk level 2 or higher is run through a systematic screening of international lists of politically exposed persons.

Given a positive match with one of the lists each case will be manually reviewed by an AML Agent to exclude false positives. If the review ultimately confirms the match, the customer will be rejected and his account locked.


5.6 Customer rejection

In case a customer needs to be rejected the MLO reviews the case and decides if the case has to be reported to the FIU and how to proceed with the funds.

6. VERIFICATION OF THE ULTIMATE BENEFICIAL OWNER

According to art. 5 (1) b) SPG and art. 7 SPG savedroid identifies and verifies the identity of the ultimate beneficial ownership (“UBO verification”) for every customer. Since savedroid does only accept natural persons as customers (c.f. 3.1 above) and – according to savedroid’s conditions of use – these natural persons may only act in their own economic interest and not on behalf of third parties, UBO verification is carried in the course of customer identification and validation as described in chapter 5 above. In addition, every customer is required to confirm acting in his/her own economic interest by a separate declaration, which is also captured by the click-wrap method in savedroid’s mobile application.


7. CUSTOMER BUSINESS PROFILES

As required by art. 8 SPG savedroid creates a business profile for every customer based on the information received and stored in the due diligence records (c.f. 4.4 above). In line with art. 20 (2) SPV and annex 1 B b) and c) SPG the detail level of the business profiles is adjusted to savedroid’s risk assessment and customer risk categories (c.f. 3 above).

The following table gives an overview of the contents of the business profiles per customer risk level:

Business profile content

Level 1

Level 2

Level 3

Customer / UBO identity details

X

X

Currently not accepted

Customer risk category

X

X

Means of payment for deposits

X

X

Means of payment for payouts/withdrawals

X

X

Transaction history of all

customer transactions of fiat money and virtual currencies

X

X

Intended use of the assets

X

X

Origin of the assets

X

Economic background of the customer

X


Due to the very nature of savedroid’s services offered in the mobile application, the intended use of the assets is set to “savings” for every customer. Due to the low risk associated to risk category 1, the origin of the assets and economic background of the customer are only collected for customer risk category 2.

The customer business profiles are accessible through several software tools. Whenever new and/or additional data/information about the customer is received (e.g. address updates, new transactions, etc.). this information will be included in the customer business profiles via automatic import or manual entry of an AML Agent and the business profile is updated accordingly.


8. MONITORING OF BUSINESS RELATIONSHIPS

As required by art. 9 SPG savedroid implements a continuous monitoring of its business relationships in a way adequate to the risks concerned. In line with annex 1 B d) SPG the monitoring of business relationships is adjusted to savedroid’s risk assessment and risk reducing measures (c.f. 3 above).

For every customer savedroid employs the business analytics software Mixpanel (https://mixpanel.com) for the monitoring of the business relationship. Using the features and functionalities provided by the Mixpanel software, savedroid monitors both the customer’s app usage (behaviour) and the customer’s fiat money transactions.

To detect irregularities and conspicuous activities, specific alerts are created which trigger further investigations. Following the guidelines stated in annex 3 II SPV, alerts are triggered in particular in the following cases:

• The customer’s transaction frequency for deposits and withdrawals exceeds a normal standard.

• The customer’s payment method (e.g. credit card, bank account reference) is changed exceptionally often.

• The customer’s registered address changes exceptionally often.

When an alert is triggered, an AML Agent will be notified to review the case and to decide whether a simple or special investigation is needed and/or if the MLO has to be informed. The results of any investigation will be noted in the customer business profile (c.f. 7 above). In case the investigation by the AML Agent reveals a potential case of money laundering, organised crime or terrorism financing, the user account is frozen until the MLO has reviewed the case and decided if it has to be reported to the FIU and how to proceed with the customer’s funds.

In case the MLO classifies the case as a suspicious activity and decides to file a report to the FIU, this report has to be prepared in writing and may not be communicated to any other third party. Additionally, if the suspicion is caused by a specific transaction this transaction may not be released prior to the report to the FIU and an additional period of

• 2 days if the suspicion is related to money laundering.

• 10 days if the suspicion is related to terrorism financing (c.f. art. 17-19SPG).


9. REVIEW AND UPDATE OF THIS POLICY

This policy is regularly reviewed by management and the Money Laundering Officer to ensure that it is up to date and, if necessary, amended, and adjusted accordingly. In particular, the risk analysis and risk assessment presented in chapter 3 above will be updated at least once every three years (c.f. art. 22a (3) SPV).

mail

By continuing to use the site, you agree to the use of cookies. Cookies policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close