Terms of Service

Last updated: July 30, 2019


PF Exchange OÜ, PROCEDURAL RULES, RISK ASSESSMENT, INTERNAL CONTROL RULES.


These Rules of Procedure are based on the Money Laundering and Terrorist Financing Prevention Act and the International Sanctions Act and are intended for the internal use.

  1. DEFINITIONS AND ABBREVIATIONS
    1. RahaPTS – the Money Laundering and Terrorist Financing Prevention Act.
    2. RSanS – the International Sanctions Act.
    3. Private Limited Company – OÜ, registry code: 14403859, address: Harju maakond, Tallinn, Lasnamäe linnaosa, Punane tn 56, 13619.
    4. Customer – physical person, to whom the Limited Company provides a service.
    5. Money Laundering means:
      1. the conversion or transfer of property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such activity, for the purpose of concealing or disguising the illicit origin of the property or of assisting any person who is involved in the commission of such an activity to evade the legal consequences of that person’s actions
      2. the acquisition, possession or use of property derived from criminal activity or property obtained instead of such property, knowing, at the time of receipt, that such property was derived from criminal activity or from an act of participation therein;
      3. the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property derived from criminal activity or property obtained instead of such property, knowing that such property is derived from criminal activity or from an act of participation in such an activity.
      4. Money laundering is regarded as such also where a criminal activity which generated the property to be laundered was carried out in the territory of another country.
    6. Terrorist financing – the allocation or collection of funds for the design or commission of terrorist acts or the financing of terrorist organizations for the purposes of the Penal Code or knowing that these funds will be used for the aforementioned purpose.
    7. International Sanction – A measure that is not related to the use of the armed forces and the determination of which has been decided by the European Union, the United Nations, another international organization or the Government of the Republic in pursuit of the following objectives:
      1. To maintain or restore peace.
      2. Prevent conflicts and strengthen international security.
      3. Support and consolidate democracy.
      4. Respect the rule of law, human rights and international law.
      5. Achieve other objectives of the European Union’s Common Foreign and Security Policy.
    8. The actual beneficiary - a natural person who, by exploiting his or her influence, uses a transaction or operation, or otherwise controls the transaction, operation or other person and for whose benefit or on whose account the transaction or operation is performed. In the case of a commercial association, the beneficial owner is a natural person who ultimately owns or controls a legal entity through a sufficient number of shares, voting rights or ownership, whether directly or indirectly, including in the form of bearer shares, or by any other means.
      1. Direct ownership is the way in which a natural person holds a 25% stake in a company, plus one share, or more than 25% of ownership. Indirect ownership is the way of exercising a control in which a company owns a 25% stake plus one share, or more than 25% ownership of a company controlled by a natural person or several commercial associations, being controlled by the same natural person.
      2. If, after any method of detection, it is not possible to identify that person and there is no doubt that such a person exists, or if it is doubtful whether the identified person is the beneficial owner, the beneficial owner is deemed to be a natural person – member of the senior management body.
    9. Financial Intelligence Unit – the independent structural unit of the Estonian Police and Border Guard Board (PBGB), which monitors and applies national enforcement on the grounds and in the manner prescribed by the law. Postal address: Tööstuse 52, 10416 Tallinn; e-mail: [email protected]; tel.: (+372) 612 3840.
  2. GENERAL PROVISIONS
    1. This Guide establishes internal security measures to comply with the requirements for the prevention of money laundering and terrorism and international sanctions, as well as the identification of suspicious and unusual transactions.
    2. The employees of the Private Limited Company must recognize and strictly observe the requirements of international sanction, regulations on detecting suspicious transaction traits of money laundering and terrorist financing, issued by the Financial Intelligence Unit, other instructions regulating the compliance with the Money Laundering and Terrorist Financing Prevention Act and the requirements herein.
    3. The employees of the Private Limited Company must independently review the amendments to laws and other legal acts that appear on the website of the Financial Intelligence Unit at https://www2.politsei.ee/en/organisatsioon/rahapesu-andmeburoo/
    4. The Management Board of the Private Limited Company is required to present these Guidelines to all members of the Private Limited Company.
    5. The employees of the Private Limited Company are obliged to confirm the reviewing of this manual with a handwritten signature.
    6. The employees of the Private Limited Company are personally liable for compliance with the requirements of the Money Laundering and Terrorist Financing Prevention Act pursuant to the procedure provided by law.
  3. CLIENT EVALUATION AND RISK ANALYSIS
    1. Each client of the Private Limited Company is assessed in accordance with these guidelines.
    2. In the evaluation of the Client, the Private Company proceeds from the "Know Your Customer" principle and international standards and practices.
    3. When conducting a preliminary background check of a potential Client, the assessment of the risks of money laundering and terrorist financing is based on the Client’s residence, economic and personal activities, legal form, expected volume of transactions and selected services.
    4. In the assessment of a potential Client, his reputation is also taken into account.
    5. The following background study is conducted for the client:
      1. Information about the Client’s personal or economic activities.
      2. Information on the origin of the Client’s financial resources.
      3. Information about the actual beneficiary.
      4. Tracking transactions on the client’s account and, if necessary, asking for documents related to transactions.
      5. Keeping and protecting the information received and updating regular information and documents.
    6. The private limited company does not serve or co-operate with the following persons:
      1. that are not identified in conformity with law requirements due to the lack of data provided.
      2. Who fails to submit the requested documents that are required by law and are necessary for the establishment of the account and the execution of transactions or attempts to circumvent the submission of documents or to submit fewer documents than required.
      3. There is a reason to doubt the authenticity of the documents submitted.
      4. Who refuses to provide data on the origin of his or her financial means where the provision of such information is required by law.
      5. There are grounds for believing that he or she has participated in or contributed to the commission of a terrorist act.
      6. Under 18 years of age.
      7. about whom information has been gathered accord to which there are grounds for believing that money laundering or terrorist financing may be involved.
      8. to whom international sanctions apply.
  4. ASSESSMENT OF RISKS AND DETERMINATION OF THE LEVEL OF APPLIED DUE DILIGENCE MEASURES
    1. In case of making a transaction with a client of a private limited company or establishing a business relationship if the value of the client’s transactions in a calendar month exceeds 1000 euro, regardless of whether the financial liability is fulfilled in a single payment or in the amount of several interrelated payments in a period of up to one month or an equivalent amount in another currency, the degree of risk of money laundering and terrorist financing must be assessed and, accordingly, the appropriate diligence measures chosen and applied.
    2. The following categories must be taken into account when assessing the level of risk of money laundering and terrorist financing:
      1. Geographical risk.
      2. Customer risk.
      3. Transaction risk.
    3. Geographic risk is considered to be high when a customer or transaction has a known relationship with the following countries or territories:
      1. Countries and territories for which the UN or European Union sanction, embargo or other analogous measure has been implemented.
      2. Countries where there are insufficient measures to combat money laundering and terrorist financing.
      3. Countries that are undoubtedly known to support terrorism or where there is a high level of corruption.
    4. Customer risk is considered to be high when the client:
      1. is a person whose structure, form or relationship with other persons is unusual or systematized in such a way that it is not possible to identify the beneficial owner;
      2. is a legal person, the majority of whose shares form the bearer’s shares;
      3. is a legal entity registered in a low-tax area;
      4. is a politically exposed person, his family member or a close associate;
      5. Listed on the UN or the European Union list of person’s subject to international financial sanctions.
      6. is a natural or legal person that has, or has previously been, suspected of being involved in money laundering or terrorist financing.
    5. The risk associated with the transaction is considered to be high if:
      1. The transaction is paid by a non-party person.
      2. A transaction is being requested, one of the objectives of which is to hide the actual dealers.
      3. A transaction is requested that does not have a reasonable commercial, economic, fiscal or legal purpose.
    6. The risk of money laundering or terrorist financing is considered to be high if there is any reason to suspect that a customer or customer transaction may be related to money laundering or terrorist financing.
    7. If, for a client or transaction, at least one of the risks specified in this section appears, the reinforced due diligence measures listed in paragraph 7 must be applied to the client.
  5. IDENTITY OF PERSONALITY IN EXECUTION OF TRANSACTIONS AND ESTABLISHING CUSTOMER RELATIONS
    1. An employee of the private limited company shall apply the following rules of procedure each time before the customer makes a transaction or establishes a business relationship if the value of the client’s transactions in a calendar month exceeds 1000 euros or equivalent in another currency, regardless of whether the obligation is fulfilled in a single payment or in a series of interrelated or multiple interconnected payments:
      1. A customer’s representative of a natural person or a legal entity is identified on the basis of the following documents:
        1) the document specified in subsection 2 (2) of the Identity Documents Act;
        2) a valid travel document issued in a foreign state;
        3) a driving permit meeting the conditions provided for in subsection 4 (1) of the Identity Documents Act;
        or
        4) for a person under 7 years of age, the birth certificate specified in § 30 (1) of the Vital Statistics Registration Act.
        Where the original document specified in 5.1.1. of this section is not available, the identity can be verified on the basis of a document specified in 5.1.1., which has been authenticated by a notary or certified by a notary or officially, or on the basis of other information originating from a credible and independent source, including means of electronic identification and trust services for electronic transactions, thereby using at least two different sources for verification of data in such an event.
        1. The Client is identified on the basis of an identity document whose personal data and photocopy of the page are kept in the Private Company’s customer database. Identity is determined on the basis of the following documents: on the basis of the Estonian citizen’s passport, ID card, alien’s passport, residence permit or driving license issued in Estonia, travel document issued in a foreign country (in a Member State of the European Union and in a third country).
        2. The following data are recorded and stored for a natural person:
          1. Name, representative’s name.
          2. Personal code, or, in its absence, the date and place of birth.
          3. Name, number, date of issue and name of the issuing authority for the document used to identify and verify the person.
          4. Residential address.
          5. Person’s occupation or field of activity.
        3. If a person is a natural person in another Contracting Party to the European Economic Area or third country, in addition to the data above, the following data shall be recorded:
          1. Whether a person performs or has performed essential functions of public authority.
          2. Whether he is a close associate or a family member who performs important functions of public authority.
        4. If a person is a representative of a foreign legal person, he or she must submit a document approved notarial or in the equal manner, certifying his or her authority, which is legalized or approved by a certificate replacing legalization, unless otherwise provided by an international agreement.
      2. A customer of a legal nature is identified and stored on the basis of the following information:
        1) the business name or the name of the legal entity;
        2) the registry code or registration number and time;
        3) the name of the director or the names of the members of the Management Board or other body replacing it and their powers in representing a legal person;
        4) the data of the means of communication of a legal person.
        1. The identity of a legal entity registered in Estonia and a branch of a foreign company registered in Estonia is identified by an extract from the relevant registry card.
        2. The identity of a foreign legal person is established on the basis of an extract from the relevant register or a copy of the certificate of registration or equivalent, issued by the competent authority or body not earlier than six months before it is submitted.
        3. The document submitted to identify a person must at least include:
          1. Business name, or name, location and address of legal entity.
          2. Registry code or registration number.
          3. Date of issue and name of the issuing authority.
          4. The name of director or names of the members of the Management Board or members of other body replacing it, and their powers in representing a legal person.
          5. Field of activity of a legal person.
          6. Means of communication: telephone and e-mail address.
          7. The data of beneficial owners of a legal entity.
        4. If a legal entity can be associated with a politically exposed person from another state of the EEA Agreement or a third country, the following information must also be recorded:
          1. Whether a person performs or has performed essential functions of public authority.
          2. Whether he is a close associate or a family member who performs important functions of public authority.
      3. A private limited company shall not enter into a contract and shall not perform a transaction:
        1. with a person who refuses to provide the information and documents specified in this section as well as with a person who is suspected of being a shadow person.
        2. If the client fails to submit the required documents and relevant information, or if, on the basis of the documents submitted, it is suspected that there may be money laundering or terrorist financing or there is a person subject to an international sanction.
    2. In mediating a transaction between multiple clients, the employee of the private limited company is required to verify the identity of each person participating in the transaction and verify the information provided.
  6. IMPLEMENTATION OF DUE DILLIGENCE MEASURES
    1. The employee of the private limited company applies due diligence measures when establishing a business relationship with the client or in making or arranging transactions, if the value of the customer’s transactions in a calendar month exceeds 1000 euro or an equivalent amount in another currency, regardless of whether the financial obligation is executed in a transaction in one payment or several interconnected payments, unless otherwise provided by law.
    2. Greater attention should be paid to the activities and circumstances of a person or customer involved in a transaction that refers to money laundering or terrorist financing, or which are likely to be linked to money laundering or terrorist financing, including complex, high value and unusual transactions that do not have a reasonable economic purpose.
    3. There are following applicable diligence measures:
      1. Identification of the person who participates in a client or occasional transaction, and verification of the information provided, and the information obtained from a reliable and independent source, including e-identification and e-transactions trust services.
      2. Identification and verification of a customer or a person participating in an occasional transaction and their right of representation.
      3. Identification of the beneficial owner, including the collection of information on the ownership and control structure of a legal entity, trust company, partnership or other such contractual legal entity, information supplied in the pre-contractual negotiations or other reliable information obtained from an independent source;
      4. Obtaining information about the client's business relationship and the purpose and nature of the transaction.
      5. Continuous monitoring of the customer business relationship, including tracking transactions conducted during a business relationship, regular checking of the data used to identify the person, updating relevant documents, data and information, and, if necessary, identifying the source and origin of the funds used in the transaction.
    4. Increased attention must be paid to the activities and circumstances of a person or customer involved in the transaction if a person engaged in an economic or professional transaction or an official act, a person using the professional service, a customer or a beneficial owner thereof is a , a family member of a politically exposed person or a close associate of a .
      1. „Family member” includes the following persons:
        (a) a person considered to be a spouse of a politically exposed person or a person deemed equivalent to a spouse;
        (b) children of a politically exposed person and their spouses or persons deemed equivalent to their spouses;
        (c) parents of a politically exposed person.
      2. “Person considered as a close associate” includes the following persons:
        (a) a natural person who is known to be a joint owner of a legal person or legal entity, who is deemed a beneficiary owner together with a politically exposed person or who has close business relations with a politically exposed person;
        (b) a natural person who is the sole beneficial owner of a legal entity or legal unit known to be actually established for the benefit of a politically exposed person.
    5. Applicable diligence measures are:
      1. receiving an approval of the senior management for creation or continuation of a business relationship with this person;
      2. the origin of the wealth of a person and the sources of funds that are used in business or occasional transactions, and the monitoring of this business relationship in an enhanced manner.
      3. If a politically exposed person no longer fulfills the significant public tasks assigned to him, the Private Limited Company must, within a period of 12 months’ least, take into account the risks that continue
        Identification and verification of a customer or a person participating in an occasional transaction
    6. The application of diligence measures may be based on information, received in the reproducible in writing form from a branch registered in the commercial credit institution in Estonia or a foreign credit institution or a credit institution registered or whose place of business is in a Contracting State of the European Economic Area or a third country in which the requirements equivalent to those set forth in the RahaPTS apply.
    7. The above-mentioned due diligence measures must be applied before the establishment of a business relationship or transaction.
    8. The identity of the customer, of a person taking part in the transaction and the beneficial owner can be identified and the information checked during the establishment of the business relationship or transaction if this is necessary to ensure that the normal course of business is not interrupted or if the risk of money laundering or terrorist financing is low. In this case, due diligence measures should be discontinued as soon as possible after the first contact has been established and before the binding operations are carried out.
    9. If necessary, to require the confirmation of the information and documents submitted by the person or client involved in the economic or professional activity or official action with the signature confirming the accuracy of the information and documents submitted for the application of the diligence measures.
  7. IMPLEMENTATION OF DUE DILIGENCE MEASURES IN ENHANCED MANNER
    1. The diligence measures must be implemented in an enhanced manner if:
      1. The identity of a person or customer participating in the transaction is identified and submitted to the inspected person or the client without being present at the same place.
      2. Identifying the identity or checking the information provided gives rise to the suspicion in the truth of the data submitted or in the authenticity of the documents or the identification of the actual beneficiary or actual beneficiaries.
      3. person or customer participating in an economic or professional activity or transaction is a politically exposed person of another Member State or a third country, a member of his family or a close associate.
      4. The nature of the situation is accompanied by a high risk of money laundering or terrorist financing.
    2. A member of the private limited company must apply at least one of the following enhanced due diligence measures in the case referred to in clause 7.1:
      1. Identification and verification of the information submitted on the basis of supporting documents, data or information originating from a reliable and independent source or from a credit institution incorporated in the commercial register in Estonia or a branch of a foreign credit institution or a credit institution registered or having a registered place of business in a Contracting State of the European Economic Area or in a country subject to the provisions equivalent to the requirements of the RahaPTS, and if the identity of that person is identified by the person present in the same place.
      2. Implementation of additional measures to verify the authenticity of the documents submitted and the accuracy of the information contained therein, including requiring their notarial or formal confirmation or validation of the data by the credit institution referred to in clause 7.2.1 of the document.
      3. Making a first payment related to a transaction through an account opened in the name of the person participating in the transaction or in the name of the client in a credit institution that is registered or whose place of business is in a Contracting State of the European Economic Area or in a country where requirements equivalent to those set forth in the RahaPTS are enforced.
  8. DATA COLLECTION, STORAGE AND PROTECTION
    1. 8.1. The obligated person registers the date or a period for making the transaction and the description of the content of the transaction. The obligated person registers, in addition to point 8.1.:
      1. information on the circumstances of the establishment of the business relationship by the obligated person or, in the event of a case of refusal to do so, the circumstances of refusal from the transaction;
      2. about the establishment of the business relation or the transaction at the initiative of a person participating in a transaction or official action, of a person using the official service or at the customer’s initiative, including the circumstances of the waiver of the transaction if the waiver is related to the application of due diligence measures by the obligated person;
      3. information if due diligence cannot be implemented through IT measures;
      4. information on the circumstances surrounding the termination of the business relationship with the impossibility of applying due diligence measures;
      5. information about the activity or circumstances in the course of business or professional activity, official action or in the provision of professional services, where characteristics indicate the use of the proceeds of a criminal activity, the financing of terrorism or the commissioning of related crimes or the testing of such activity, or if it is suspected or he knows that it is a money laundering or terrorist financing or the commissioning of related crimes. A member of the private limited company is required to inform the Financial Intelligence Unit without delay, but no later than two working days after the identification of the activity or circumstances or the arisen suspicion.
      6. information on any transaction that has become known, in which a financial obligation of more than EUR 32,000 or equivalent in another currency is settled in cash regardless of whether the transaction is carried out in a single payment or in a series of interrelated payments within a period of up to one year.
      7. when making transactions with the representative of the association of persons or a private foundation that has no status of legal personality of partnership, association or other legal entity, the circumstance that the person has such a status and the extract from the registry card or a certificate from the registrar in which the association of persons with no legal personality is registered.
    2. The private limited company must maintain the originals or copies of documents establishing the identification and the documents based on the verification of the submitted information, and the documents establishing the basis for the establishment of the business relationship (including the identification of the natural person and the legal person, the underlying documents and the data collected for the client and the information specified in section 8.1). five years after the termination of the business relationship.
  9. TRANSMITTING OF INFORMATION TO THE FINANCIAL INTELLIGENCE UNIT
    1. If a member of the Private Limited Company identifies in the course of an economic or professional activity or an official action, activities or circumstances whose features indicate money laundering or terrorist financing, or if he is suspicious or knows that there is money laundering or terrorist financing, if the establishment of a business relationship, transaction, operation or provision of services remains unfulfilled and in the event of occurrence of the circumstances specified in § 42 and § 43 of the RahaPTS, he immediately informs the company’s contact person who transmits the information to the FIU, in accordance with the requirements for the content of the notification, the form and the instruction on submission of a notification to the Financial Intelligence Unit.
    2. An employee of the private limited company is forbidden to inform the person about whom the information is forwarded to the Financial Intelligence Unit to notify the person thereof.
    3. For the completed notification form, the contact person shall enclose copies of the underlying documents of the transaction as well as copies of the documents on which the identification of the person is based. Copies of other documents characterizing the nature of the transaction may be enclosed to the notice.
    4. An employee of the private limited company is required to forward the information requested in the precept at the first request of the Financial Intelligence Unit.
  10. TRAINING OF EMPLOYEES
    1. Responsibility for training of the employees of the private limited company on the prevention of money laundering and terrorist financing and compliance with international sanctions rests with the Contact person or employee appointed by the management board or a specialist in the field.
    2. Training is carried out as needed, but not less than once a year.
    3. The employee confirms participation in the training with his/her signature.
    4. The contact person has the right to make proposals to the management board of the institution regarding the educators.
  11. CONTROL
    1. The compliance with the requirements of the RahaPTS and legislation established on the basis thereof shall be monitored and controlled by the Management Board of the Private Limited Company.
    2. The monitoring of the compliance by the Private Limited Company with the RahaPTS and the legislation established on the basis thereof is carried out by the Financial Intelligence Unit.
    3. The compliance of the RSanS and the legislation established on the basis thereof with the employees of the Private Company is monitored and controlled by the Management Board of the Private Limited Company.
    4. The monitoring of the compliance by the private limited company with RSanS and the legislation established on the basis thereof is carried out by the Financial Intelligence Unit.
  12. INTERNAL CONTROL AND RESPONSIBLE PERSONS
    1. The compliance with the requirements for the prevention of money laundering and terrorist financing by the employees of the Private Limited Company is monitored and controlled by the Management Board of the Private Limited Company.
    2. The risk assessment and the identification and control of the customer’s personal data referred to in Section 4 is carried out by a specifically trained employee of the Private Limited Company.
    3. The control over the customer’s activities and operations (i.e., analysis, monitoring, etc.) is performed by a specifically trained employee of the Private Limited Company.

Andrei Ponomarev
PF Exchange OÜ
Management board member