Terms of Service
Last updated: July 30, 2019
PF Exchange OÜ, PROCEDURAL RULES, RISK ASSESSMENT, INTERNAL CONTROL RULES.
These Rules of Procedure are based on the Money Laundering and Terrorist Financing Prevention Act and the
International Sanctions Act and are intended for the internal use.
- DEFINITIONS AND ABBREVIATIONS
- RahaPTS – the Money Laundering and Terrorist Financing Prevention Act.
- RSanS – the International Sanctions Act.
- Private Limited Company – OÜ, registry code: 14403859, address: Harju maakond, Tallinn, Lasnamäe
linnaosa, Punane tn 56, 13619.
- Customer – physical person, to whom the Limited Company provides a service.
- Money Laundering means:
- the conversion or transfer of property derived from criminal activity or property obtained instead
of such property, knowing that such property is derived from criminal activity or from an act of
participation in such activity, for the purpose of concealing or disguising the illicit origin of the
property or of assisting any person who is involved in the commission of such an
activity to evade the legal consequences of that person’s actions
- the acquisition, possession or use of property derived from criminal activity or property obtained
instead of such property, knowing, at the time of receipt, that such property was
derived from criminal activity or from an act of participation therein;
- the concealment or disguise of the true nature, source, location, disposition, movement, rights with
respect to, or ownership of, property derived from criminal activity or property obtained instead of
such property, knowing that such property is derived from criminal activity or from
an act of participation in such an activity.
- Money laundering is regarded as such also where a criminal activity which generated the
property to be laundered was carried out in the territory of another country.
- Terrorist financing – the allocation or collection of funds for the design or commission of terrorist
acts or the financing of terrorist organizations for the purposes of the Penal Code or knowing that these
funds will be used for the aforementioned purpose.
International Sanction – A measure that is not related to the use of the armed forces and the
determination of which has been decided by the European Union, the United Nations, another international
organization or the Government of the Republic in pursuit of the following objectives:
- To maintain or restore peace.
- Prevent conflicts and strengthen international security.
- Support and consolidate democracy.
- Respect the rule of law, human rights and international law.
- Achieve other objectives of the European Union’s Common Foreign and Security Policy.
The actual beneficiary - a natural person who, by exploiting his or her influence, uses a transaction or
operation, or otherwise controls the transaction, operation or other person and for whose benefit or on
whose account the transaction or operation is performed. In the case of a commercial association, the
beneficial owner is a natural person who ultimately owns or controls a legal entity through a sufficient
number of shares, voting rights or ownership, whether directly or indirectly, including in the form of
bearer shares, or by any other means.
- Direct ownership is the way in which a natural person holds a 25% stake in a company, plus one
share, or more than 25% of ownership. Indirect ownership is the way of exercising a control in which a
company owns a 25% stake plus one share, or more than 25% ownership of a company controlled by a
natural person or several commercial associations, being
controlled by the same natural person.
- If, after any method of detection, it is not possible to identify that person and there is no doubt
that such a person exists, or if it is doubtful whether the identified person is the beneficial owner,
the beneficial owner is deemed to be a natural person – member of the senior management body.
- Financial Intelligence Unit – the independent structural unit of the Estonian Police and Border Guard
Board (PBGB), which monitors and applies national enforcement on the grounds and in the manner prescribed
by the law. Postal address: Tööstuse 52, 10416 Tallinn; e-mail: [email protected]; tel.: (+372) 612
This Guide establishes internal security measures to comply with the requirements for the prevention of
money laundering and terrorism and international sanctions, as well as the identification of suspicious
and unusual transactions.
The employees of the Private Limited Company must recognize and strictly observe the requirements of
international sanction, regulations on detecting suspicious transaction traits of money laundering and
terrorist financing, issued by the Financial Intelligence Unit, other instructions regulating the
compliance with the Money Laundering and Terrorist Financing Prevention Act and the requirements herein.
The employees of the Private Limited Company must independently review the amendments to laws and other
legal acts that appear on the website of the Financial Intelligence Unit at
- The Management Board of the Private Limited Company is required to present these Guidelines to all
members of the Private Limited Company.
- The employees of the Private Limited Company are obliged to confirm the reviewing of this manual with a
- The employees of the Private Limited Company are personally liable for compliance with the requirements
of the Money Laundering and Terrorist Financing Prevention Act pursuant to the procedure provided by law.
CLIENT EVALUATION AND RISK ANALYSIS
- Each client of the Private Limited Company is assessed in accordance with these guidelines.
In the evaluation of the Client, the Private Company proceeds from the "Know Your Customer" principle and
international standards and practices.
When conducting a preliminary background check of a potential Client, the assessment of the risks of money
laundering and terrorist financing is based on the Client’s residence, economic and personal activities,
legal form, expected volume of transactions and selected services.
In the assessment of a potential Client, his reputation is also taken into account.
The following background study is conducted for the client:
- Information about the Client’s personal or economic activities.
- Information on the origin of the Client’s financial resources.
- Information about the actual beneficiary.
- Tracking transactions on the client’s account and, if necessary, asking for documents related to
- Keeping and protecting the information received and updating regular information and documents.
The private limited company does not serve or co-operate with the following persons:
- that are not identified in conformity with law requirements due to the lack of data provided.
- Who fails to submit the requested documents that are required by law and are necessary for the
establishment of the account and the execution of transactions or attempts to circumvent the
submission of documents or to submit fewer documents than required.
- There is a reason to doubt the authenticity of the documents submitted.
- Who refuses to provide data on the origin of his or her financial means where the provision of such
information is required by law.
- There are grounds for believing that he or she has participated in or contributed to the commission
of a terrorist act.
- Under 18 years of age.
- about whom information has been gathered accord to which there are grounds for believing that money
laundering or terrorist financing may be involved.
- to whom international sanctions apply.
ASSESSMENT OF RISKS AND DETERMINATION OF THE LEVEL OF APPLIED DUE DILIGENCE MEASURES
- In case of making a transaction with a client of a private limited company or establishing a business
relationship if the value of the client’s transactions in a calendar month exceeds 1000 euro, regardless
of whether the financial liability is fulfilled in a single payment or in the amount of several
interrelated payments in a period of up to one month or an equivalent amount in another currency, the
degree of risk of money laundering and terrorist financing must be assessed and, accordingly, the
appropriate diligence measures chosen and applied.
The following categories must be taken into account when assessing the level of risk of money laundering
and terrorist financing:
- Geographical risk.
- Customer risk.
- Transaction risk.
Geographic risk is considered to be high when a customer or transaction has a known relationship with the
following countries or territories:
- Countries and territories for which the UN or European Union sanction, embargo or other analogous
measure has been implemented.
- Countries where there are insufficient measures to combat money laundering and terrorist
- Countries that are undoubtedly known to support terrorism or where there is a high level of
- Customer risk is considered to be high when the client:
- is a person whose structure, form or relationship with other persons is unusual or systematized in
such a way that it is not possible to identify the beneficial owner;
- is a legal person, the majority of whose shares form the bearer’s shares;
- is a legal entity registered in a low-tax area;
- is a politically exposed person, his family member or a close associate;
- Listed on the UN or the European Union list of person’s subject to international financial
- is a natural or legal person that has, or has previously been, suspected of being involved in money
laundering or terrorist financing.
- The risk associated with the transaction is considered to be high if:
- The transaction is paid by a non-party person.
- A transaction is being requested, one of the objectives of which is to hide the actual dealers.
- A transaction is requested that does not have a reasonable commercial, economic, fiscal or legal
- The risk of money laundering or terrorist financing is considered to be high if there is any reason to
suspect that a customer or customer transaction may be related to money laundering or terrorist financing.
- If, for a client or transaction, at least one of the risks specified in this section appears, the
reinforced due diligence measures listed in paragraph 7 must be applied to the client.
IDENTITY OF PERSONALITY IN EXECUTION OF TRANSACTIONS AND ESTABLISHING CUSTOMER RELATIONS
An employee of the private limited company shall apply the following rules of procedure each time before
the customer makes a transaction or establishes a business relationship if the value of the client’s
transactions in a calendar month exceeds 1000 euros or equivalent in another currency, regardless of
whether the obligation is fulfilled in a single payment or in a series of interrelated or multiple
- A customer’s representative of a natural person or a legal entity is identified on the basis of the
1) the document specified in subsection 2 (2) of the Identity Documents Act;
2) a valid travel document issued in a foreign state;
3) a driving permit meeting the conditions provided for in subsection 4 (1) of the Identity Documents
4) for a person under 7 years of age, the birth certificate specified in § 30 (1) of the Vital
Where the original document specified in 5.1.1. of this section is not available, the identity can be
verified on the basis of a document specified in 5.1.1., which has been authenticated by a notary or
certified by a notary or officially, or on the basis of other information originating from a credible
independent source, including means of electronic identification and trust services for electronic
transactions, thereby using at least two different sources for verification of data in such an event.
- The Client is identified on the basis of an identity document whose personal data and photocopy of
the page are kept in the Private Company’s customer database. Identity is determined on the basis of
the following documents: on the basis of the Estonian citizen’s passport, ID card, alien’s passport,
residence permit or driving license issued in Estonia, travel document issued in a foreign country
(in a Member State of the European Union and in a third country).
- The following data are recorded and stored for a natural person:
- Name, representative’s name.
- Personal code, or, in its absence, the date and place of birth.
- Name, number, date of issue and name of the issuing authority for the document used to
identify and verify the person.
- Residential address.
- Person’s occupation or field of activity.
- If a person is a natural person in another Contracting Party to the European Economic Area or
third country, in addition to the data above, the following data shall be recorded:
- Whether a person performs or has performed essential functions of public authority.
- Whether he is a close associate or a family member who performs important functions of public
- If a person is a representative of a foreign legal person, he or she must submit a document
approved notarial or in the equal manner, certifying his or her authority, which is legalized or
approved by a certificate replacing legalization, unless otherwise provided by an international
A customer of a legal nature is identified and stored on the basis of the following information:
1) the business name or the name of the legal entity;
2) the registry code or registration number and time;
3) the name of the director or the names of the members of the Management Board or other body replacing
and their powers in representing a legal person;
4) the data of the means of communication of a legal person.
- The identity of a legal entity registered in Estonia and a branch of a foreign company registered
Estonia is identified by an extract from the relevant registry card.
- The identity of a foreign legal person is established on the basis of an extract from the relevant
register or a copy of the certificate of registration or equivalent, issued by the competent
or body not earlier than six months before it is submitted.
- The document submitted to identify a person must at least include:
- Business name, or name, location and address of legal entity.
- Registry code or registration number.
- Date of issue and name of the issuing authority.
- The name of director or names of the members of the Management Board or members of other body
replacing it, and their powers in representing a legal person.
- Field of activity of a legal person.
- Means of communication: telephone and e-mail address.
- The data of beneficial owners of a legal entity.
- If a legal entity can be associated with a politically exposed person from another state of the
Agreement or a third country, the following information must also be recorded:
- Whether a person performs or has performed essential functions of public authority.
- Whether he is a close associate or a family member who performs important functions of public
A private limited company shall not enter into a contract and shall not perform a transaction:
- with a person who refuses to provide the information and documents specified in this section as
as with a person who is suspected of being a shadow person.
- If the client fails to submit the required documents and relevant information, or if, on the basis
of the documents submitted, it is suspected that there may be money laundering or terrorist
or there is a person subject to an international sanction.
- In mediating a transaction between multiple clients, the employee of the private limited company is
required to verify the identity of each person participating in the transaction and verify the information
IMPLEMENTATION OF DUE DILLIGENCE MEASURES
The employee of the private limited company applies due diligence measures when establishing a business
relationship with the client or in making or arranging transactions, if the value of the customer’s
transactions in a calendar month exceeds 1000 euro or an equivalent amount in another currency, regardless
of whether the financial obligation is executed in a transaction in one payment or several interconnected
payments, unless otherwise provided by law.
- Greater attention should be paid to the activities and circumstances of a person or customer involved in
a transaction that refers to money laundering or terrorist financing, or which are likely to be linked to
money laundering or terrorist financing, including complex, high value and unusual transactions that do
not have a reasonable economic purpose.
- There are following applicable diligence measures:
- Identification of the person who participates in a client or occasional transaction, and
verification of the information provided, and the information obtained from a reliable and independent
source, including e-identification and e-transactions trust services.
- Identification and verification of a customer or a person participating in an occasional transaction
and their right of representation.
- Identification of the beneficial owner, including the collection of information on the ownership and
control structure of a legal entity, trust company, partnership or other such contractual legal
entity, information supplied in the pre-contractual negotiations or other reliable information
obtained from an independent source;
- Obtaining information about the client's business relationship and the purpose and nature of the
- Continuous monitoring of the customer business relationship, including tracking transactions
conducted during a business relationship, regular checking of the data used to identify the person,
updating relevant documents, data and information, and, if necessary, identifying the source and
origin of the funds used in the transaction.
- Increased attention must be paid to the activities and circumstances of a person or customer involved in
the transaction if a person engaged in an economic or professional transaction or an official act, a
person using the professional service, a customer or a beneficial owner thereof is a , a family member of
a politically exposed person or a close associate of a .
- „Family member” includes the following persons:
(a) a person considered to be a spouse of a politically exposed person or a person deemed equivalent
to a spouse;
(b) children of a politically exposed person and their spouses or persons deemed equivalent to their
(c) parents of a politically exposed person.
“Person considered as a close associate” includes the following persons:
(a) a natural person who is known to be a joint owner of a legal person or legal entity, who is deemed
a beneficiary owner together with a politically exposed person or who has close business relations
with a politically exposed person;
(b) a natural person who is the sole beneficial owner of a legal entity or legal unit known to be
actually established for the benefit of a politically exposed person.
- Applicable diligence measures are:
- receiving an approval of the senior management for creation or continuation of a business
relationship with this person;
- the origin of the wealth of a person and the sources of funds that are used in business or
occasional transactions, and the monitoring of this business relationship in an enhanced manner.
- If a politically exposed person no longer fulfills the significant public tasks assigned to
him, the Private Limited Company must, within a period of 12 months’ least, take into account the
risks that continue
Identification and verification of a customer or a person participating in an occasional
- The application of diligence measures may be based on information, received in the reproducible in
writing form from a branch registered in the commercial credit institution in Estonia or a foreign credit
institution or a credit institution registered or whose place of business is in a Contracting State of the
European Economic Area or a third country in which the requirements equivalent to those set forth in the
- The above-mentioned due diligence measures must be applied before the establishment of a business
relationship or transaction.
- The identity of the customer, of a person taking part in the transaction and the beneficial owner can be
identified and the information checked during the establishment of the business relationship or
transaction if this is necessary to ensure that the normal course of business is not interrupted or if the
risk of money laundering or terrorist financing is low. In this case, due diligence measures should be
discontinued as soon as possible after the first contact has been established and before the binding
operations are carried out.
- If necessary, to require the confirmation of the information and documents submitted by the person or
client involved in the economic or professional activity or official action with the signature confirming
the accuracy of the information and documents submitted for the application of the diligence measures.
IMPLEMENTATION OF DUE DILIGENCE MEASURES IN ENHANCED MANNER
- The diligence measures must be implemented in an enhanced manner if:
- The identity of a person or customer participating in the transaction is identified and submitted to
the inspected person or the client without being present at the same place.
- Identifying the identity or checking the information provided gives rise to the suspicion in the
truth of the data submitted or in the authenticity of the documents or the identification of the
actual beneficiary or actual beneficiaries.
- person or customer participating in an economic or professional activity or transaction is a
politically exposed person of another Member State or a third country, a member of his family or a
- The nature of the situation is accompanied by a high risk of money laundering or terrorist
- A member of the private limited company must apply at least one of the following enhanced due diligence
measures in the case referred to in clause 7.1:
- Identification and verification of the information submitted on the basis of supporting documents,
data or information originating from a reliable and independent source or from a credit institution
incorporated in the commercial register in Estonia or a branch of a foreign credit institution or a
credit institution registered or having a registered place of business in a Contracting State of the
European Economic Area or in a country subject to the provisions equivalent to the requirements of the
RahaPTS, and if the identity of that person is identified by the person present in the same place.
- Implementation of additional measures to verify the authenticity of the documents submitted and the
accuracy of the information contained therein, including requiring their notarial or formal
confirmation or validation of the data by the credit institution referred to in clause 7.2.1 of the
- Making a first payment related to a transaction through an account opened in the name of the person
participating in the transaction or in the name of the client in a credit institution that is
registered or whose place of business is in a Contracting State of the European Economic Area or in a
country where requirements equivalent to those set forth in the RahaPTS are enforced.
DATA COLLECTION, STORAGE AND PROTECTION
- 8.1. The obligated person registers the date or a period for making the transaction and the description
of the content of the transaction.
The obligated person registers, in addition to point 8.1.:
- information on the circumstances of the establishment of the business relationship by the obligated
person or, in the event of a case of refusal to do so, the circumstances of refusal from the
- about the establishment of the business relation or the transaction at the initiative of a person
participating in a transaction or official action, of a person using the official service or at the
customer’s initiative, including the circumstances of the waiver of the transaction if the waiver is
related to the application of due diligence measures by the obligated person;
- information if due diligence cannot be implemented through IT measures;
- information on the circumstances surrounding the termination of the business relationship with
the impossibility of applying due diligence measures;
- information about the activity or circumstances in the course of business or professional
activity, official action or in the provision of professional services, where characteristics indicate
the use of the proceeds of a criminal activity, the financing of terrorism or the commissioning of
related crimes or the testing of such activity, or if it is suspected or he knows that it is a money
laundering or terrorist financing or the commissioning of related crimes. A member of the private
limited company is required to inform the Financial Intelligence Unit without delay, but no later than
two working days after the identification of the activity or circumstances or the arisen suspicion.
- information on any transaction that has become known, in which a financial obligation of more
than EUR 32,000 or equivalent in another currency is settled in cash regardless of whether the
transaction is carried out in a single payment or in a series of interrelated payments within a period
of up to one year.
- when making transactions with the representative of the association of persons or a private
foundation that has no status of legal personality of partnership, association or other legal entity,
the circumstance that the person has such a status and the extract from the registry card or a
certificate from the registrar in which the association of persons with no legal personality is
- The private limited company must maintain the originals or copies of documents establishing the
identification and the documents based on the verification of the submitted information, and the documents
establishing the basis for the establishment of the business relationship (including the identification of
the natural person and the legal person, the underlying documents and the data collected for the client
and the information specified in section 8.1). five years after the termination of the business
TRANSMITTING OF INFORMATION TO THE FINANCIAL INTELLIGENCE UNIT
- If a member of the Private Limited Company identifies in the course of an economic or professional
activity or an official action, activities or circumstances whose features indicate money laundering or
terrorist financing, or if he is suspicious or knows that there is money laundering or terrorist
financing, if the establishment of a business relationship, transaction, operation or provision of
services remains unfulfilled and in the event of occurrence of the circumstances specified in § 42 and §
43 of the RahaPTS, he immediately informs the company’s contact person who transmits the information to
the FIU, in accordance with the requirements for the content of the notification, the form and the
instruction on submission of a notification to the Financial Intelligence Unit.
- An employee of the private limited company is forbidden to inform the person about whom the information
is forwarded to the Financial Intelligence Unit to notify the person thereof.
- For the completed notification form, the contact person shall enclose copies of the underlying documents
of the transaction as well as copies of the documents on which the identification of the person is based.
Copies of other documents characterizing the nature of the transaction may be enclosed to the notice.
- An employee of the private limited company is required to forward the information requested in the
precept at the first request of the Financial Intelligence Unit.
TRAINING OF EMPLOYEES
- Responsibility for training of the employees of the private limited company on the prevention of money
laundering and terrorist financing and compliance with international sanctions rests with the Contact
person or employee appointed by the management board or a specialist in the field.
- Training is carried out as needed, but not less than once a year.
- The employee confirms participation in the training with his/her signature.
- The contact person has the right to make proposals to the management board of the institution regarding
- The compliance with the requirements of the RahaPTS and legislation established on the basis thereof
shall be monitored and controlled by the Management Board of the Private Limited Company.
- The monitoring of the compliance by the Private Limited Company with the RahaPTS and the legislation
established on the basis thereof is carried out by the Financial Intelligence Unit.
- The compliance of the RSanS and the legislation established on the basis thereof with the employees of
the Private Company is monitored and controlled by the Management Board of the Private Limited Company.
- The monitoring of the compliance by the private limited company with RSanS and the legislation
established on the basis thereof is carried out by the Financial Intelligence Unit.
INTERNAL CONTROL AND RESPONSIBLE PERSONS
- The compliance with the requirements for the prevention of money laundering and terrorist financing by
the employees of the Private Limited Company is monitored and controlled by the Management Board of the
Private Limited Company.
- The risk assessment and the identification and control of the customer’s personal data referred to in
Section 4 is carried out by a specifically trained employee of the Private Limited Company.
- The control over the customer’s activities and operations (i.e., analysis, monitoring, etc.) is
performed by a specifically trained employee of the Private Limited Company.
PF Exchange OÜ
Management board member