The purpose of the Know Your Customer Due Diligence (“KYC”) Policy (“Policy”) is to ensure that MiddleC OÜ (or the “Company”) has defined and implemented sufficient controls to identify and conduct due diligence of the customersof the Company. Identifications and due diligence practices enable the Company to effectively perform monitoring of customer activity and apply corrective action as necessary in order to comply with applicable Anti-Money Laundering (“AML”) and Counter Financing of Terrorism (“CFT”) programmes.
This Policy applies to all employees of the Company, whereby all appropriate functions are required to develop and implement written procedures that comply with this Policy.
The Company shall, at all times maintain a KYC/Due Diligence Policy reasonably designed to (i) prevent its services from being used for illegal activity, detect and report suspected money laundering or terrorist financing, and (ii) ensure the Company complies with all applicable laws and regulations in all jurisdictions in which it does business.
This Policy is effective on the date of approval by the Board of Directors of the Company, as noted within the Version Change Control section of this Policy and supersedes previous policy documentation related to KYC/Due Diligence.
The Company has developed this KYC Policy designed to minimise the risk that the Company’s products and services will be used for money laundering, terrorist financing or fraud. The Company is committed to taking steps to avoid conducting business with any customer that presents undue risk in connection with potential money laundering, terrorist financing or customer fraud, and will seek to prevent any relationship that is found to present such undue risk.
This risk based programme is designed to identify and verify the Company’s customers as well as to understand how and why the Company’s customers, especially those considered higher risk, use the Company’s products and services.
This Policy complies with the requirements of the EU Fifth Money Laundering Directive, as transposed in the United Kingdom by the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017 and The Proceeds of Crime Act 2002 and its amendments, as well as all other relevant legislation and local industry guidelines applicable in each jurisdiction in which the Company conducts business, through passport of the relevant license issued by The Financial Conduct Authority (the “FCA”).
This Policy will also take into account and look to integrate upstream regulatory developments. Additionally, the Policy sets forth the minimum standards for identification, verification and due diligence that must be fulfilled prior to establishing a business relationship and/or conducting certain transactions. These standards, inclusive of processes related to sanctions screening and screening for Politically Exposed Persons (“PEP”), ensure that the Company has collected and assessed sufficient information on customers prior to conducting business with the Company.
The activities initiated during the KYC process are intended to identify the customer which the company is conducting business and when required verify the identity of that customer. Unless otherwise directed through regulation in the jurisdictions in which the Company operates, the Company takes a risk based approach to apply Customer Due Diligence (“CDD”) or Enhanced Due Diligence (“EDD”) standards.
The Company prohibits the establishment of business under the following conditions:
· Customers that do not provide information requested or whose identity cannot be reasonably verified under the standards and criteria outlined in this policy;
· Customers that have provided false or misleading information;
· Individuals prohibited under sanctions within the jurisdiction in which the Company conducts business;
· Customers that are suspected of facilitating money laundering, terrorist financing, fraud or other financial crimes;
· Customers facilitating activities which are illegal under applicable laws, or which sell goods or services that are illegal under applicable laws;
· Identified ex-convicts or convicted criminal whose crimes relate to money laundering, terrorist financing or fraud crimes;
· Any other individual or entity that the MLRO or designee deems to pose unacceptable AML/CFT or sanctions risk.
A customer is identified upon signing up/registering to use the Company product. The Company works to establish the identity of each customer as prescribed by law in the applicable jurisdictions and by the guidelines established in this policy.
The minimum customer data which is collected at sign-up/registration includes:
· Full Name
· Residential Address (House/Flat Number, Street, Town, City, Post Code and Country)
· Date of Birth
All customers are screened against international sanctions list and screened for PEP status.
When required, the customers identity will be verified, by the customer providing government issued photographic identification which, at minimum should contain:
· Full name
· Date of birth
It is the Company’s policy not to conduct third party transactions or transactions on behalf of an entity; therefore, beneficial ownership is not required.
Further information is requested when a customer is determined to be a higher risk based on, but not limited to, the following:
· PEP status
· Elevated customer risk based on either transactional or non-transactional conditions.
In order to mitigate the risk of money laundering or terrorist financing, high risk customers are subject to enhanced scrutiny at the onset of the business relationship and during ongoing transactional monitoring throughout the life of the relationship with the Company. Additional information requested can include, but is not limited to:
· Proof of address
· Documentation supporting source of funds
· Expected volumes and intended use of product/s.
Approval of any customer who presents an elevated level of risk are referred to the Money Laundering Reporting Officer (“MLRO”) for final determination.
The Company complies with pertinent statutes and regulations in all jurisdictions in which the Company conducts business. Accordingly, the Company performs sanctions screening processes for all customers using systems capable of filtering names that match individuals and entities on the HM Treasury Consolidated List of Targets, Office of Foreign Assets Control List (OFAC) and the United Nations Security Council (UNSC) Sanctions List.
Potential name matches are reviewed by trained Company employees and released or blocked as appropriate.
For additional details, refer to the Company’s Sanctions Screening Policy document.
As with sanction screening the Company adopts the same approach with PEP screening. All customers are screened for PEP status prior to the establishment of a business relationship, with potential name matches being reviewed by trained Company employees and either confirmed as a PEP or declared a false positive. Identified PEPs will be referred to the MLRO for approval.
Transaction Monitoring is performed on real time basis, whereby all customer activity in monitored using proprietary software that reviews all transactions and generate alerts based on rule-sets. All alerts are reviewed by the Transaction Monitoring Team and either discounted as a false positive, or escalated for further investigation whereby if the alert is a positive hit, the case will be referred to MLRO for review and decision making, which may ultimately result with a Suspicious Activity Report (“SAR”) being filed with the national FIU.
All new employees are introduced to the KYC policy as part of the AML/CFT Compliance Training at the time of the hire. Existing employees are trained as part of the annual AML/CFT Compliance training programme and receive targeted training when changes are made to the policy.
Records will be retained in accordance with the Company AML/CFT Programme Manual, which at minimum will be for the period required by applicable law or regulation.
Exceptions to this Policy may be granted upon the written submission of the exception by the Company business head to the Group Head of Compliance, whom upon review and approval must obtain permission from the Company Board of Directors.
All employees of the Company are required to adhere to and follow this Policy. Failure to do so may result in corrective employment action or other disciplinary measures, up to and including termination.
This Policy will be reviewed and approved annually by the Company Board of Directors.