AML Policy

1. Purpose and Scope

1.1 Objective

This Anti-Money Laundering Policy (“AML Policy”) is established to ensure that Transferworld UK (the “Company”) fully complies with applicable anti-money laundering laws and regulations, reinforcing its commitment to preventing financial crimes.

1.2 Applicability

The AML Policy extends to all subsidiaries, branches, and representative offices of the Company, including those operating internationally, in accordance with SO-FIT regulations. In this context, the term “Company” shall encompass any subsidiary, branch, or representative office, depending on the circumstances.

2. Legal and Regulatory Framework

2.1 Supervision and Compliance

Transferworld UK is affiliated with and directly supervised by the self-regulatory organization SO-FIT. As such, SO-FIT regulations are directly applicable to the Company.

2.2 Applicable Regulations

The Company is committed to complying with the following legal and regulatory provisions:

The Federal Law on Combating Money Laundering and Terrorist Financing in the Financial Sector (“AMLA”).

The Ordinance on Combating Money Laundering and Terrorist Financing, enacted on November 11, 2015 (“AMLO”).

Articles 260quinquies, 305bis, and 305ter of the transferworldCriminal Code, dated December 21, 1937 (“SCC”).

The regulations set forth by SO-FIT.

The Company’s internal AML Policy.

Collectively, these constitute the “Applicable Regulations.”

2.3 Acknowledgment and Compliance

All members of the Board of Directors, Management, and employees of the Company shall receive a copy of the AML Policy, which they must acknowledge by signing. A signed copy of the policy will be retained in the Company’s records.

2.4 Ongoing Compliance

This AML Policy does not encompass all legal provisions governing anti-money laundering and counter-terrorism financing. The Company is responsible for ensuring continuous compliance with all applicable laws, regulations, and industry standards. Additionally, where other legal provisions, ordinances, regulatory requirements, or association rules take precedence, those provisions shall apply.

3. Organization and Responsibilities

Board of Directors

3.1. Oversight and Governance

The Board of Directors is responsible for structuring and overseeing the Company’s operations to ensure the active and effective prevention of money laundering and terrorist financing.

3.2. AML Policy Approval and Implementation

The Board approves the Company’s Anti-Money Laundering (AML) Policy and ensures its proper implementation. It also monitors the enforcement of AML measures and assesses the effectiveness of compliance instructions issued by the Company. The Board is responsible for periodically reviewing the adequacy of the AML Policy.

3.3. Risk Management

The Board of Directors establishes the Company’s risk appetite and ensures appropriate measures are in place to mitigate money laundering and terrorism financing risks.

3.4. Risk-Based Review Process

The Board conducts periodic reviews, at least annually, of all business relationships categorized as high-risk, provided that they have engaged in at least one transaction during the review period.

3.5. Appointment of an AML Officer

The Board appoints a designated AML Officer responsible for overseeing the Company’s anti-money laundering and counter-terrorism financing efforts.

Management Responsibilities

3.6. Implementation and Risk Management

The Management is responsible for executing, monitoring, and assessing risks related to business relationships that present an elevated risk of money laundering or terrorist financing. It oversees internal investigations and takes necessary actions in cases of non-compliance with the AML Policy and Applicable Regulations by Company staff. The Management may impose additional checks on high-risk relationships. If a suspicious situation arises—such as a high-risk business relationship, well-founded suspicion, policy violation, or internal disagreement—the Management must immediately notify the Board of Directors.

3.7. Reporting to Authorities

The Management is responsible for validating any reports submitted to the Money Laundering Reporting Office (MROS). If such a report is made, the Board of Directors must be informed immediately.

3.8. Approval of High-Risk Clients

The acceptance of high-risk clients, including Politically Exposed Persons (PEPs), requires Management approval.

3.9. AML Oversight and Reporting

The Management supervises the AML Officer’s activities, ensures their participation in required SO-FIT training, and evaluates reports they submit. It updates the Board of Directors on the Company’s compliance with the AML Policy and Applicable Regulations during Board meetings and presents an annual compliance report. If the AML Officer is also a member of Management, they cannot oversee their own activities.

AML Officer Responsibilities

3.10. Expertise and Training

The AML Officer must possess the necessary knowledge, experience, and skills in anti-money laundering (AML) to effectively fulfill their duties. They are required to undergo regular training on Applicable Regulations to stay updated on compliance requirements.

3.11. Reporting and Escalation

The AML Officer must submit both quarterly and annual reports to the Management, with copies provided to the Board of Directors, detailing their activities and the Company’s compliance with Applicable Regulations. If any breach of these regulations is identified, the AML Officer must immediately inform the Management in writing. If necessary, the matter should also be escalated to the Board of Directors. Additionally, the AML Officer has the authority to escalate concerns to the Board at any time.

3.12. Special Reports

Upon request from the Board of Directors or Management, the AML Officer prepares additional reports, particularly regarding contracting parties or potential clients with heightened risk factors.

3.13. Enhanced Due Diligence

The AML Officer conducts additional verifications in cases involving high-risk clients or suspicious transactions to ensure compliance with AML standards.

3.14. Authority and Access

To effectively carry out their responsibilities, the AML Officer is granted the necessary authority within the Company, including unrestricted access to information, records, and relevant documentation.

Outsourcing of Anti-Money Laundering Functions

4.1 Functions

4.1.1 Responsibilities of the AML Officer

The AML Officer is responsible for the following key tasks:

I. Advisory and Support

  1. Providing guidance to the Board of Directors, Management, and employees on the implementation of anti-money laundering measures and compliance with applicable regulations.
  2. Offering general and case-specific support to the Board of Directors, Management, and employees regarding anti-money laundering inquiries.

II. Implementation and Oversight of Anti-Money Laundering Measures

  1. Propose internal organizational procedures for combating and preventing money laundering and terrorism financing, recommending updates as necessary.
  2. Review and assess the company’s marketing materials to ensure compliance with AML standards.
  3. Prepare and update the AML Policy as needed.
  4. Conduct an annual AML risk analysis and incorporate findings into the annual AML report.
  5. Ensure the Board of Directors, Management, and employees are informed of the AML Policy, its annexes, and any updates.
  6. Organize and oversee both initial and ongoing AML training for employees.
  7. Monitor the implementation and execution of internal AML procedures.
  8. Ensure company-wide compliance with applicable AML regulations.
  9. Provide Management with the necessary information to assess whether to establish or maintain business relationships in cases involving heightened risks.
  10. Ensure adherence to procedures for business relationship verification, risk classification, and the maintenance of an AML register for clients who have conducted at least one transaction within the relevant year.
  11. Verify that FIAT and digital asset transactions align with the initial AML assessment of the contracting party.
  12. Implement appropriate measures in cases of suspected money laundering or terrorist financing, including preparing reports for MROS and initiating asset freezes when required.
  13. Define parameters for the transaction monitoring system and oversee the processing of alerts generated by this system.
  14. Ensure the proper preservation and archiving of business relationship files subject to AML regulations, in accordance with Section 12 of this AML Policy.

III. Reporting

  1. Preparing quarterly and annual reports for Management, including risk analysis, with copies sent to the Board of Directors. When applicable, drafting ad hoc reports in case of breaches of Applicable Rules, along with proposed corrective measures.
  2. Prepare the necessary documentation for the audit firm and support the Company before and during the audit.

4.2 Outsourcing

The Company may outsource certain essential AML function tasks, provided the outsourcing complies with Applicable Regulations, including the SO-FIT Directive 10.

The Company may utilize digital tools to support its AML compliance, provided they adhere to Applicable Regulations. For digital onboarding, the Company ensures that the tool complies with FINMA Circular 2016/7.

5. Establishment of business relationships and periodic renewal of due diligence checks.

5.1. The establishment of business relationships encompasses the following four aspects:

  1. Verification of the contracting party’s identity and identification of the beneficial and/or controlling owner in accordance with Appendix I.
  2. Preparation of the contracting party’s onboarding file in compliance with Appendix I.
  3. Classification of the new business relationship into the appropriate risk category based on the criteria outlined in Section 8.2 below.
  4. Proof of ownership for crypto assets must be established in accordance with the travel rule, following FINMA’s Guidance 02/2019 on Payments on Blockchain and any future guidelines.

5.2. The Company shall verify the identity of the contracting party, the beneficial owner, and/or the controlling owner, as well as confirm the contracting party’s authority over any wallet before establishing a business relationship. This process shall follow the procedures outlined in Appendix I. Additionally, the Company adheres to the online identification process set forth in FINMA Circular 2016/7 on video and online onboarding.

5.3. Before opening an account and on an ongoing basis, the AML Officer will ensure that the customer does not hold a nationality, domicile, or conduct business in a jurisdiction identified as high-risk or non-cooperative in combating money laundering and terrorist financing by the FATF or FINMA (Appendix IV).

5.4. Before opening an account and on an ongoing basis, the AML Officer will verify that the customer is not listed on sanctions or embargo lists maintained by the State Secretariat for Economic Affairs (SECO), the United Nations, the European Union, or the United States, and is not engaging in prohibited transactions (Appendix III).

5.5. The AML Officer ensures that all documents and information are regularly updated.

5.6. The responsibility for preparing the file to establish a business relationship lies with the person in direct contact with the contracting party, under the supervision of the Compliance Officer.

5.7. The AML Officer must ensure the collection of all required documents and information. In cases of increased risk, the AML Officer shall follow the procedures outlined in Section 8.2.3 of the AML Policy.

5.8. The verification of the identity of the contracting party, the controlling party, or the beneficial owner of the assets must be repeated during the course of the business relationship if any doubt arises regarding:

    1. The accuracy of the information provided regarding the identity of the contracting party, controlling owner, or beneficial owner.
    2. Whether the contracting party or controlling owner is indeed the beneficial owner of the assets.
    3. The validity of the declaration submitted by the contracting party or controlling owner concerning the beneficial ownership of the assets.

5.9. The acceptance of any business relationship involving increased risks must be approved by Management. All acceptance decisions shall be documented in writing.

6. General Diligence and Control Principles

6.1. The level of diligence and monitoring required for establishing and maintaining a business relationship depends on the risk associated with the relationship or transaction, as defined in Section 9 below.

6.2. When establishing a new business relationship, the Company must identify the contracting party, the beneficial owner, or the controlling owner, collect the necessary documents for risk classification, and, if needed, conduct additional due diligence. The AML Officer is responsible for ensuring that all required supporting documents are obtained.

6.3. The Company has adequate technical systems to detect when cumulative inflows exceed a contracting party’s AML threshold and takes appropriate measures to prevent exceeding established limits.

6.4. The Company maintains a list of “increased risk” countries, which includes jurisdictions identified as high-risk or non-cooperative in combating money laundering and terrorist financing by the FATF or FINMA, as well as those listed under sanctions or embargoes by the State Secretariat for Economic Affairs (SECO), the United Nations, the European Union, and/or the United States (Appendices III and IV). Given the frequent updates to these lists, the Company will regularly review them and subscribe to relevant updates. To enhance efficiency and accuracy, the Company may also utilize specialized software to access and monitor these lists.

7. Prohibited Assets and Business Relationships

7.1. The Company is strictly prohibited from accepting assets that it knows or has reason to believe originate from a felony or an aggravated tax misdemeanour, even if the offense was committed abroad.

7.2. The Company is prohibited from entering into business relationships with:

  1. Entities or individuals known or suspected to be financing terrorism, belonging to criminal organizations, or supporting such organizations.
  2. Entities or individuals engaged in illegal activities, including financial crime, human trafficking, Ponzi schemes, money mule schemes, pump-and-dump schemes, boiler room schemes, drug trafficking, or any other illicit activities.
  3. Banks that lack a physical presence in the jurisdiction where they are incorporated (shell banks), unless they are part of a financial group subject to adequate consolidated supervision.

7.3. The Company may not establish business relationships with individuals or entities presenting an increased risk under Article 8.2.3 if it is aware that they are subject to criminal proceedings for a felony, aggravated tax misdemeanour, or financial offense under the transferworld Criminal Code (SCC).

7.4. If the Company receives digital assets in its wallet that do not align with its AML analysis of the counterparty, and further AML verifications reveal a situation described in Sections 7.1 to 7.3, the Company is prohibited from accepting the digital assets and must proceed according to the measures outlined in Sections 11 and 12.

8. Risk classification and procedures

8.1. General principles

8.1.1. The Company establishes an effective procedure to systematically identify business relationships and transactions that pose increased risks, requiring financial background verification and enhanced vigilance to mitigate money laundering risks.

8.1.2. The Company classifies all business relationships, assigning each client a risk score of low, medium, or high (increased risk).

This classification is assigned at the initiation of each business relationship and remains in effect throughout its duration, with periodic updates conducted by the AML Officer. Each business relationship will be categorized into one of the three risk levels outlined in Section 8.2 of the AML Policy based on its associated risk.

8.2. Risk classification

Business relationships classified as low risk are those in which the contracting party meets the following cumulative criteria:
  • Located in a country that is **not** listed as high-risk (Appendix IV).
  • Low-risk customers, such as salaried individuals, whose identities and sources of income are easily verifiable, with transactions that generally align with their known profile.
  • Low-risk customers, such as companies with a clearly defined, transparent, and easily comprehensible business activity, whose financial background is straightforward to understand and verify.
  • No identified risk related to tax compliance.

A business relationship is considered free of particular tax compliance risks if the client provides proof of the tax compliance of their assets transferred to the Company. The following documents serve as acceptable evidence:

  • The client’s tax declaration, where the Company verifies that the client’s account is explicitly mentioned.
  • A receipt issued by the tax authorities of the client’s country of residence.
  • A confirmation letter from the client’s tax advisor.
  • A tax compliance statement signed by the client.
  • A payment statement from the client’s account with the Company to the tax authorities of the client’s country of residence.

Additionally, an individual who is a citizen of a country participating in the automatic exchange of information is considered low risk.

8.2.1. Business relationships presenting an average risk

Business relationships presenting an average risk are those that present neither a low risk nor an increased risk.

8.2.2. Business relationships presenting an increased risk

If a business relationship is deemed to present an increased risk, the procedure applicable is that set out in the current section of the AML Policy.

  1. Business relationships that pose an increased risk of money laundering and terrorist financing.

Business relationships that meet at least two risk criteria from the list below (letters A to L) are classified as high risk, with the understanding that:

  • If the country of nationality and domicile is the same, it is considered a single criterion.
  • Meeting the criterion for either the contracting party or the beneficial owner is sufficient.
  • Business relationships with PEPs and their close relatives, as defined in Appendix V, must always be classified as high risk, regardless of the fulfillment of other risk criteria.
  • Business relationships with crypto companies must always be classified as high risk, regardless of the fulfillment of other risk criteria.
  • Business relationships are prohibited if the domicile, registered office, or nationality of the contracting partner, controlling party, or beneficial owner is in a country that the FATF classifies as high-risk or non-cooperative and subject to a call for enhanced due diligence.
  • Business relationships are prohibited if the contracting partner or beneficial owner conducts activities in a country classified by the FATF as high-risk or non-cooperative and subject to a call for enhanced due diligence.
  • The risk criteria for money laundering and terrorist financing are as follows:
  1. The contracting partner, controlling owner, or beneficial owner is registered in a high-risk country (Appendix IV).
  2. The contracting partner or beneficial owner holds nationality from a high-risk country (Appendix IV).
  3. The contracting partner or beneficial owner conducts economic activities or makes frequent payments (if known) in a high-risk country (Appendix IV).
  4. The contracting partner or beneficial owner is engaged in an economic activity listed as high-risk (Appendix IV).
  5. Neither the contracting partner nor the beneficial owner has been identified in person or through digital channels compliant with FINMA Circular 16/07.
  6. The client frequently requests products or services that are not typical for the Company.
  7. The client’s AML profile indicates expected transactions exceeding CHF 25,000.
  8. The transactions do not align with the client’s AML profile.
  9. Transactions within the business relationship are frequently high-risk (i.e., more than six times per year), unless they follow a recurring and justifiable pattern.
  10. The contracting partner or beneficial owner has a complex structure, as defined in Appendix VI.
  11. The contracting partner, controlling owner, beneficial owner, or representative of the business relationship is a politically exposed person (PEP) or a close associate of a PEP, as defined in Appendix V.
  12. Additionally, the Company may, at its discretion, classify a client as high risk even if the above criteria are not met. This may occur in the following scenarios:
  • Customers who are unwilling to provide standard information when opening an account or who submit minimal or fictitious details during the account application process.
  • Customers who refuse to provide required information.
  • Customers providing unclear or inconsistent information about a transaction.
  • Customers who are reluctant or refuse to disclose the purpose of a large or complex transaction or the source of funds, or who provide a questionable purpose and/or source.
  • High-risk activities include trade in ammunition and arms, raw gemstones and diamonds, jewelry, international trade in exotic animals, casino and lottery businesses, and financial intermediaries.

8.2.3 In cases of increased risk, the AML Officer shall take all necessary measures to clarify the financial background and purpose of the transaction or business relationship.

8.2.4. Transactions Presenting an Increased Risk

Transactions presenting an increased risk are those that appear unusual, particularly in relation to the contracting party’s financial background or past transaction history.

The following transactions are classified as increased-risk transactions:

  • The KYT reveals discrepancies from the original KYC, such as digital assets being transacted from non-whitelisted addresses or transactions that do not align with the client’s declared information in the KYC.
  • When forensic analysis (e.g., Chainalysis) detects any of the following: mixing patterns, scams or Ponzi schemes identified within the crypto community, known exchange or DeFi protocol hacks, assets linked to the dark web, phishing, malware activity, or stolen assets.
  • When forensic analysis identifies a connection to a cluster officially blacklisted on transferworld, EU, or US sanctions lists.
  • The contracting party conducts small transactions without a valid rationale, indicating smurfing behavior.
  • The nature, type, size, or adequacy of a transaction deviates from the expected scope based on the pre-established AML profile of the business relationship.
  • Payments sent to or received from a country classified by the FATF as high-risk or non-cooperative.
  • Transactions exceeding an equivalent value of CHF 25,000, either in a single transaction or through multiple transactions within one year.
  • In cases of increased risk, the AML Officer shall take all necessary measures to clarify the financial background and purpose of the transaction or business relationship.

9. Internal procedures

9.1. Procedure for Low Risk

For business relationships deemed low risk according to the criteria in Section 8, the Company follows the procedures outlined in Sections 5, 6, and Appendix 1.

9.2. Procedure for Average Risk

For business relationships deemed an average risk according to the criteria in Section 8, the Company follows the procedures outlined in Sections 5, 6, and Appendix 1.

9.3. Procedure for Increased Risk

For business relationships deemed an increased risk according to the criteria in Section 8 and transactions classified as high risk under Section 8.2.4, the AML Officer determines additional risk assessment measures, including gathering more detailed information to clarify the economic background. If further measures are necessary, the AML Officer implements them as soon as possible.

  1. For business relationships deemed an increased risk according to the PEP criteria:
    • The initiation of a PEP business relationship is subject to management approval. The Company maintains documented records for the relevant business relationship.
  2. For business relationships transitioning from low or medium risk to high risk:
    • If an existing business relationship classified as normal risk transitions to a PEP business relationship or a high-risk client, the Company must immediately inform the AML Officer. The AML Officer will initiate or arrange for further clarifications as outlined above, ensuring they are conducted as soon as possible. The AML Officer will then present a file on the business relationship to Management, who will determine whether to continue the relationship.
  3. For business relationships transitioning from high risk to medium or low risk:
    • When a business relationship’s PEP classification is terminated due to a person no longer holding a public service position, the relationship remains classified as a PEP. However, exceptions apply to individuals with transferworld PEP status, where the classification is removed no earlier than 18 months after the end of the PEP status. In such cases, the Management determines whether the transferworld PEP business relationship should no longer be categorized as a PEP.
  4. For business relationships deemed an increased risk based on criteria other than the PEP criteria:
    • The responsible member of the Board of Directors must reassess the relevance of the business relationship every six months.

9.3.1. Complementary Measures

The AML Officer may implement additional measures to assess risk, including gathering more detailed information on the economic background of the contracting party, beneficial owner, controlling owner, or the transaction. If such measures are deemed necessary, the AML Officer ensures their implementation as soon as possible.

10. Procedure in presence of suspicions and MROS reporting

10.1. Each member of Management and the Board of Directors, as well as every employee, must inform the AML Officer if they become aware of suspected involvement of assets in the business relationship with (Art. 9, para. 1, let. a AMLA):

  • are linked to an offense as defined in Article 260ter SCC;
  • originate from the proceeds of a felony or an aggravated tax misdemeanor (Art. 305bis SCC);
  • are under the control or disposal of a criminal organization;
  • are used to finance terrorism (Art. 260quinquies, para. 1 SCC).

10.2. Each member of Management and the Board of Directors, as well as every employee, must inform the AML Officer if the data of a contracting party, beneficial owner, or authorized signatory match or closely resemble the data provided to the Company by FINMA, the Federal Commission on Gambling (FGB), or a self-regulatory organization.

10.3. If there are doubts or suspicions under Article 9 AMLA, the AML Officer informs the Management and the Board of Directors. If further clarifications prove unsuccessful and there is a reasonable suspicion (“*soupçon fondé*”) as per Article 9, para. 1 let. a AMLA and Article 9, para. 1quarter AMLA (as defined in Clause 10.4 below), or if the Company halts negotiations to establish a business relationship due to well-founded suspicion under Article 9 AMLA, or if the Company knows or has reason to believe that the data of a contracting party, beneficial owner, or authorized signatory match or closely resemble those provided by FINMA, the FGB, or a self-regulatory organization, the Management must immediately notify MROS. If necessary, appropriate measures are taken with the assistance of the Compliance Officer. The Management and the Compliance Officer shall keep the Board of Directors informed.

10.4. A reasonable suspicion (“*soupçon fondé*”) exists if the Company has concrete evidence or multiple indications that the criteria outlined in Article 9, para. 1 let. a AMLA (see Clause 10.1 above) may apply to the assets involved in the business relationship, and additional clarifications conducted under Article 6 AMLA do not dispel the suspicion.

10.5. If the Company determines that no reasonable suspicion exists and decides not to report to MROS despite remaining doubts, the AML Officer must document the rationale for this decision.

10.6. It is strictly prohibited to inform the involved parties (contracting party, beneficial owner, controlling owner, or representative of the business relationship) that a report has been submitted to MROS, in accordance with Article 10a AMLA.

10.7. If the Company terminates the business relationship without filing a report with MROS, it must proceed in accordance with Articles 32 ff AMLO-FINMA, applied by analogy.

10.8. The Compliance Officer must inform SO-FIT of any reports made to MROS. A copy of any communication submitted by the Company must be sent spontaneously and without delay to SO-FIT.

10.9. During MROS’s analysis, the Company must execute client orders related to assets reported under Article 9, para. 1 let. a AMLA or Article 305ter, para. 2 SCC. However, it must only execute client orders involving significant assets in a manner that enables prosecution authorities to trace them.

10.10. The Company may not terminate the business relationship if the conditions for reporting to MROS under Article 9 AMLA are met or if it exercises its right to report under Article 305ter, para. 2 SCC. In cases of reasonable suspicion, the Company may only terminate the business relationship under the following circumstances:

(i) If, within 40 working days of a report under Article 9, para. 1 let. a AMLA or Article 305ter, para. 2 SCC, the MROS does not inform the Company that it is forwarding the reported information to a prosecuting authority. The termination of the business relationship and the date on which it occurred must be reported to MROS without delay.

(ii) If, after the MROS notifies the Company that it is forwarding the reported information to a prosecuting authority within the 40-day deadline, the prosecuting authority does not render a decision within 5 working days. The termination of the business relationship and the date on which it occurred do not need to be reported to MROS.

(iii) If, after a report under Article 9, para. 1 let. c AMLA, the prosecuting authorities do not render a decision within 5 working days. The termination of the business relationship and the date on which it occurred do not need to be reported to MROS.

(iv) If, after a freezing order has been issued by the prosecuting authority based on a report under Article 9, para. 1 AMLA or Article 305ter, para. 2 SCC, the Company is informed that the freezing order has been lifted, unless other communications from the prosecuting authorities indicate otherwise. The termination of the business relationship and the date on which it occurred do not need to be reported to MROS.

The Company may authorize the withdrawal of significant assets only in a manner that enables prosecuting authorities to trace them. The prohibition on disclosure under Article 10a, para. 1 AMLA (ban on information) must continue to be observed even after the business relationship has been terminated.

10.11. If there are concrete indications that measures by an authority are imminent, the Company may not:

(i) Terminate a business relationship where it has decided not to exercise the right of disclosure under Article 305ter, para. 2 SCC, even if the conditions for doing so are met.

(ii) Authorize the withdrawal of significant assets.

10.12. If the Company terminates a business relationship where it has decided not to exercise the right of disclosure under Article 305ter, para. 2 SCC, even though the conditions for disclosure are met, it may only authorize the withdrawal of significant assets in a form that allows prosecution authorities to trace them.

10.13. If the Company informs another financial intermediary that it has made a report to MROS, it must document this appropriately.

11. Freezing of assets

11.1. Immediate Freezing: The Company must immediately freeze assets if there is any possible correspondence between the data of a client, beneficial owner, or authorized signatory and the data provided by FINMA, the FGB, or a self-regulatory organization (Article 10, para. 1bis AMLA).

The assets remain frozen until a decision is made by the competent authority, but for a maximum of 5 working days from the date of communication to MROS, unless the Company receives an order from the criminal prosecution authorities.

11.2. Delayed Freezing: If a report is made under Article 9, para. 1 let. a AMLA or Article 305ter, para. 2 SCC, the Company must freeze the assets as soon as MROS notifies that it has transmitted the information to the prosecuting authorities.

The assets remain frozen until the decision of the competent authority, but for a maximum of five working days from the day of the notification by MROS regarding the transmission of the Company’s communication to the prosecuting authorities.

11.3. After the initial freezing period, the Company will refer to the decision of the criminal prosecution authorities regarding the continued freezing of the assets.

12. Business relationship register

12.1. The Company maintains a register of business relationships, known as the AML Register, which contains a complete list of all business relationships subject to the AMLA (“Anti-Money Laundering Act”) in Switzerland. The AML Officer is responsible for the upkeep and maintenance of the AML Register.

12.2. In cases where the Company is involved in a business relationship with a structure comprising multiple entities, such as domiciliary companies, trusts, or foundations, which are interrelated or share at least one common beneficial owner, the AML Register and the file for each of the entities involved must include an up-to-date section that clearly outlines the relationships between these entities and the beneficial owner of each one. For complex cases, an organizational overview must be prepared.

The AML Register may be fully digital, provided it complies with legal requirements regarding digital record-keeping (see clause 16 below). An annual snapshot of the digital AML Register, dated 20 December of the ongoing year, is retained in the Company’s digital archives. The Company preserves these snapshots for a period of ten years.

13. Employee training

13.1. The AML Officer is responsible for training employees, especially those in contact with contracting parties, to ensure they receive regular training.

13.2. The AML Officer must ensure that employees who interact with the Company’s contracting parties, as well as newly employed staff, receive basic anti-money laundering training on Applicable Regulations within six months of their employment. The AML Officer may seek the assistance of a third party to provide this training.

13.3. The AML Officer takes the necessary measures to ensure that employees gain a comprehensive understanding of the following regulations:

  1. The provisions of the transferworld Criminal Code concerning the fight against money laundering and terrorism, specifically:
    • Financing or participating in a criminal organization (Art. 260ter SCC);
    • The financing of terrorism (Art. 260 quinquies SCC);
    • Acts of money laundering or aggravated tax misdemeanors (Art. 305bis SCC);
    • A lack of vigilance in financial transactions (Art. 305ter SCC).
  2. The AMLA, AMLO, and SO-FIT regulations;
  3. The ordinances, circulars, and information letters of FINMA.

13.4. The AML Officer updates the legal watch related to the regulatory framework of the crypto industry on a bi-annual basis. The AML Officer may request assistance from an external agent for this task.

13.5. Employees must acquire a solid understanding of the duties of financial intermediaries as outlined in these regulations, particularly regarding:

– Verification of the identity of the contracting party and identification of the controlling party;

– Identification of the beneficial owner;

– Ownership of wallets (travel rule);

– Indicators of money laundering or terrorism financing;

– The risk-based approach;

– Clarification of business relationships and transactions;

– Retention of documents;

– Reporting of founded suspicions and freezing of assets.

13.6. The training and instructions provided must be documented, enabling the Company to present this information if requested by the auditing firm and/or FINMA.

13.7. The AML Officer ensures that the knowledge remains current and the level of vigilance stays high at all times. The AML Officer conducts periodic assessments, at least once a year, of the knowledge level of the individuals undergoing training within the Company.

14. Audits

14.1 The Company shall comply with AML audit requirements in accordance with SO-FIT’s guidelines and the auditor’s instructions.

15. AML Documentation

15.1 The Company maintains AML records that include a list of all business relationships subject to the AMLA. Each business relationship results in the creation of a file containing at least the following documents (see Appendix 1):

  1. Documents used to verify the identity of the contracting party;
  2. Documents used to verify the identity of the ultimate beneficial owner and controlling owner;
  3. Signed form A/K in the original copy;
  4. CV of the ultimate beneficial owner;
  5. Lexis Nexis and GlobalPass tools for Warnings, Sanctions, PEPs, and Negative news;
  6. Documents concerning ownership of wallets (Travel Rule);
  7. Documents concerning the examination of the source of funds and financial background (Let’s get to know each other form);
  8. Chainalysis report (forensic/chain analysis on wallet);
  9. Documents concerning their TAX identification number;
  10. A ‘Know Your Customer’ form (KYC/KYB) (EDD form);
  11. A written note regarding the results of applying the risk criteria (increased risks) (risk profile);
  12. A written note or documents related to the results of clarifications provided (including regarding transactions, high risks, or suspicions);
  13. A copy of any communication to the MROS according to Art. 9 para. 1 AMLA and Art. 305ter SCC;
  14. Decisions in criminal or AML matters notified by the prosecuting authorities;
  15. Documents related to the transactions carried out.

15.2 The AML Officer is responsible for ensuring that the AML register and files are complete and regularly updated. Only the AML Officer is authorized to modify the AML register within the Company. The periodicity, extent, and method of verifying the AML register and files will depend on the risk represented by the business relationship.

15.3 The Company also retains documents related to transactions (such as instructions from the contracting party, correspondence, detailed accounts, etc.), as well as any documents required for clarification purposes, reporting, or decisions not to report to the MROS.

16. Document retention

16.1 The AML Officer ensures that all documentation is organized and securely stored in Switzerland, in a location that is accessible at all times and in accordance with applicable regulations, specifically Art. 22 AMLO-FINMA, which is applied by analogy.

16.2 The retention of documents in electronic format must comply with the requirements of Art. 74 para. 4 AMLO-FINMA, applied by analogy. The server hosting these documents must be located in Switzerland. If this is not the case, the Company must retain current physical or electronic copies of the relevant documents in Switzerland, which must be accessible at all times.

16.3 The AML Officer categorizes the documents separately, including any reports of suspicious activity under Art. 9 AMLA and the execution of any asset freezes in accordance with Art. 10 AMLA.

16.4 Closed business relationships are stored separately from ongoing ones. These records are kept for a period of ten years. The AML Officer is responsible for ensuring the safekeeping of these closed business relationships and their destruction after the legal retention period has expired.

16.5 The Company must retain AML documentation for a period of ten years following the end of the business relationship or the completion of the transaction. Documentation related to a report to the MROS must be retained for five years.

16.6 The storage of documents must comply with Directive 6 of SO-FIT.

17. Entry into force, adoption and updates

17.1 The most recent updates to this AML Policy were approved by the Board of Directors on 5 February 2024. Any changes or updates to this AML Policy must receive approval from the Board of Directors. Appendices to this AML Policy may be amended by the Compliance Officer, with the approval of Management.

17.2 This AML Policy and its Appendices come into effect on the day of their execution.

Appendix I – Internal Process on Client Identification and Transaction Monitoring

All of the following documents are stored on the Company’s digital document management system (cloud-based solution, Amazon Web Services).

1. NATURAL PERSONS ONBOARDING

In order to begin using TRANSFER WORLD services, the potential customer must complete the following steps:

a. To register on the platform, potential individual clients must visit the website http://www.transferworld.com and complete the registration process.

b. During the identification process, the individual must verify their identity via the Identify or GlobalPass identity verification system (or any other identity verification system approved by the Board of Directors).

c. Provide a valid Proof of Address document, not older than 3 months.

d. Submit a Source of Wealth/Funds Declaration along with supporting documents (when Enhanced Due Diligence (EDD) is applied).

e. Complete and sign the “Let’s Get to Know Each Other” form.

2. CORPORATE CLIENT ONBOARDING

To begin using transferworld services, potential corporate clients must follow these steps:

a. Register on the platform by visiting our website (www.transferworld.com) and completing the registration process.

b. Verify the identity of the authorized representative through the Identify or GlobalPass identity verification system, or any other approved identity verification method as determined by the Board of Directors.

c. Submit valid copies of passports or ID cards for all company UBOs (Ultimate Beneficial Owners), shareholders, directors, and authorized signatories.

d. Provide a valid Proof of Address document, dated within the last 3 months, for all company UBOs, shareholders, directors, and authorized signatories.

e. Submit relevant corporate documentation, which may vary depending on the specific onboarding case.

  • Certificate of Incorporation and/or Extract from the National Registry;
  • Memorandum and Articles of Association or Bylaws;
  • Certificate of Registered Office;
  • Certificate of Directors and Secretary;
  • Certificate of Shareholders;
  • Certificate of Incumbency (if applicable, which replaces the certificates of incorporation, registered office, directors, secretary, and shareholders);
  • If registered shareholders are acting as nominees for beneficial owners, a copy of the trust agreement between the nominee shareholder and the beneficial owners;
  • Power of Attorney (if an authorized signatory has been appointed);
  • Copy of the current Tax Identification Number (TIN) or its equivalent;
  • Recent audited tax returns, or financial statements reviewed or audited by a Certified Public Accountant (CPA). For newly incorporated or inactive companies, the account application must include verified and signed financial statements of the shareholders by a CPA;
  • Recent bank statements;
  • Documentation supporting the source of funds;
  • Documents verifying the identity of registered shareholders and beneficial owners (e.g., passport, utility bill, and company reference);
  • Curriculum Vitae (CV) of the major shareholder(s) (holding more than 15%) and the board of directors;
  • Recent utility bill (dated within the last 3 months) showing the legal entity’s current address;
  • Form K;
  • Signed and dated W8BENE form;

The initial set of required documents may vary based on the type of business, business model, and the overall profile of the potential customer. If, during the sanctions and adverse media screening, it is determined that the customer or related parties (such as shareholders, beneficial owners, directors, or authorized signatories) are:

  • Sanctioned – The Compliance/Onboarding associate must initiate the necessary actions.

“Sanctions Reporting Procedure” – Notify the AML Officer about the situation. Note: transferworld UK will not initiate a business relationship with the client.

  • Criminal Record – The Compliance/Onboarding associate must notify the AML Officer and obtain approval before proceeding with onboarding the client. Once onboarding confirmation is received, Enhanced Due Diligence (EDD) onboarding must be initiated.
  • Adverse Media Negative Information – The Compliance/Onboarding associate must review the provided information, and if any suspicious details are detected, initiate Enhanced Due Diligence (EDD).
  • Non-Standard Situations – If any other non-standard situation arises, the Compliance/Onboarding associate must review the provided information, and if suspicious details are identified, initiate Enhanced Due Diligence (EDD).

g. Once the identification process is successfully completed, the client must complete and sign the “Let’s Get to Know Each Other” form. The application form should be filled out fully and signed by the client.

h. All financial institutions (FIs) or cryptocurrency companies must provide the following documents:

  • All required documents or their equivalents
  • AML/Compliance policy documentation
  • Additional relevant documents depending on the specific situation
  • A valid copy of the license

I. Apostille for Corporate Documents: An apostille will be requested for documents if the company is incorporated outside the EU/EEA or if there are any concerns about the authenticity of the provided documents.

J. Domicile Companies: Completing Form A is mandatory for domicile companies.

3. Transaction Monitoring

The Company’s SEPA and SWIFT transaction monitoring is done manually.

Each transaction is individually reviewed by a Compliance associate to ensure thorough examination.

Transactions are only processed if they meet the following requirements:

SEPA and SWIFT Transactions

  • SEPA and SWIFT transactions, both incoming and outgoing, must originate and be sent to the same account. The Company does not process transactions to or from third-party accounts.
  • The Client is required to provide details of any additional bank accounts in the KYC form. The Company only processes transactions to accounts listed in the KYC form.
  • If the Client initiates a transaction to a new, unverified bank account, they must provide accurate information regarding the new account.
  • The Client must provide supporting documentation (such as a bank statement or relevant paperwork) for any new bank account.
  • Transactions exceeding 25,000 CHF must be supported by additional documentation, such as contracts, bank statements, or invoices, to facilitate a source of funds investigation.

TRANSACTIONS WITH CRYPTOCURRENCIES

  • Receive a unique exchange wallet for each cryptocurrency.
  • Transactions are automatically recorded and marked as “Submitted” when crypto inflows are detected.
  • Our system uses Chainalysis for automatic cryptocurrency integrity checks.
  • Scores above 5.0 trigger a wallet freeze and request for client clarification.
  • Unclear explanations lead to rejection and return of the crypto to the sender.
  • Transactions with a score below 5.0 proceed to the travel rule test.
  • The system checks against known whitelisted addresses.
  • Approved addresses automatically move to transaction approval.
  • New addresses prompt a request for client proof (photos/video/pdf) of ownership.
  • Failure to prove ownership results in transaction rejection.

Transactions can be halted (under investigation) at any time by the Compliance Officer, particularly in the following cases:

  • The Client is found on possible sanctions lists, flagged as a potential PEP, has a criminal background, or intends to execute an unusual transaction.
  • The transaction involves an account/wallet that has not passed the travel rule test and is not listed in the Client’s Application form.

PROCESS

  • The Compliance department reviews all transactions, cross-checking details with the information provided in the Application form and other KYC documents.
  • If further clarification is needed, the Client is asked for additional documentation. If the provided documents meet compliance guidelines and the Client’s risk profile, the transaction is approved.
  • If the documents are insufficient or do not meet the requirements, the transaction is canceled and returned to the sender or the Client’s account.
  • Transaction details are verified to ensure the transfer originates and is sent to the same entity registered with the Company.
  • The Company allows 5 business days for the Client to submit the correct documentation. If documents are not provided within this period, the transaction is canceled and returned.

SUSPENDED TRANSACTION PROCEDURE:

Suspicious transactions may be suspended for up to 5 business days. During this time, the Compliance department must gather and verify all necessary information to determine whether the transaction should be executed or canceled/suspended.

A compliance associate handling suspended transactions should follow these steps:

  • The client must be contacted to provide the Source of Funds and other relevant documents. The employee ensures that the documents are authentic, comply with internal policies, and provide sufficient information to support the client’s actions and confirm the transaction’s validity.
  • If no issues are identified, approval is granted to proceed with the suspended transaction, and it should be released immediately.
  • If the client fails to provide the required information repeatedly or if the provided information appears suspicious or inauthentic, an internal investigation is initiated.
  • If, during the internal investigation, it is determined that the client may be involved in prohibited or illegal activities, the case is reported to the Money Laundering Reporting Office (MROS) in Switzerland by the AML Officer.

Appendix II – Risk Scoring

The company implements a risk scoring system in accordance with this AML policy for every client.

Hard risk factor

Risk rating

Crypto type of services / crypto operations

HIGH

Holding structure with 3 or more companies

HIGH

Domicile registration / legal address of the company

HIGH

Business structure with several jurisdictions

HIGH

Digital onboarding of the company’s end clients

MEDIUM

If any of these risk factors apply to the client, the associated risk rating will override the score-based risk rating; the HIGH risk rating takes precedence over the MEDIUM risk rating.

For example, if a client is assigned a LOW risk rating based on scoring but a HIGH risk factor applies, the final risk rating will be HIGH. Similarly, if both MEDIUM and HIGH hard risk factors apply, the final risk rating will be HIGH.

The risk assessment is stored in the client’s file, and the risk level is displayed on the client’s profile in the company’s platform.

Appendix III – Sanctions Screening

1. Sanctions risk refers to the potential for customers to use our products or services to circumvent sanctions and restrictions. To manage this risk, the company follows these steps:

1.1. Investigate whether the customer has any connections to sanctioned countries, individuals, entities, or specific sanctions listed in official sanction lists.

1.2. Assess whether and to what extent a customer is exposed to sanctions, either directly or indirectly, through their business activities or transactions.

1.3. Evaluate the risk that a customer’s sanctions exposure poses to the company. The first step in assessing sanctions risk is determining the level of exposure, which can vary for both corporate and individual clients.

1.4. Analyze the nature and extent of the sanctions exposure to determine if it can be accepted by the company.

1.5. If the risk is deemed acceptable, follow the established process for seeking approval to onboard the customer.

2. The company will continuously monitor updates to sanctions lists from Switzerland, the European Union, the United States, and the UN Security Council. This includes reviewing names designated in sanctions lists issued under UN Security Council Resolutions 1267, 1988, 1989, and any related successor resolutions. Any assets (direct or indirect, joint or otherwise) linked to these names will be frozen immediately, without prior notice, as soon as they are listed.

3. Additionally, if the company is notified that SECO has issued a list of known or suspected terrorists for identification purposes, the company will, within a reasonable timeframe after an account is opened, check whether the customer appears on any such list of known or suspected terrorists or terrorist organizations issued by SECO. The company will comply with all guidance issued in connection with these lists.

Appendix IV – Prohibited, High-Risk Countries and High-Risk Professions

1. The company prohibits entering into business relationships with any contracting partner, control holder, beneficial owner of assets, or individual with power of attorney over an account if their domicile, registered office, nationality, or activities are linked to a country that the FATF classifies as high-risk or non-cooperative, and for which enhanced due diligence is required.

Similarly, the company does not engage in business relationships with contracting partners or beneficial owners of assets whose activities are carried out in a country deemed high-risk or non-cooperative by the FATF, necessitating increased due diligence.

Additionally, it is prohibited to enter into a business relationship if the domicile, registered office, nationality, control holder, beneficial owner, or individual with power of attorney over an account is in a country subject to international sanctions recognized by Switzerland, the European Union, the United States, or the UN Security Council.

The company also prohibits business relationships with contracting partners or beneficial owners whose activities are carried out in countries under international sanctions recognized by Switzerland, the European Union, the United States, or the UN Security Council.

2. The company identifies the following jurisdictions as high-risk countries:

2.1. Countries under increased monitoring by the Financial Action Task Force (FATF).

https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/Increased-monitoring-october-2023.html

2.2. Countries identified by the EU as having strategic deficiencies in their AML/CFT (Anti-Money Laundering/Combating the Financing of Terrorism) regimes.

https://finance.ec.europa.eu/financial-crime/high-risk-third-countries-and-international-context-content-anti-money-laundering-and-countering_en

2.3. The following professions are considered high-risk:

  • Art dealers
  • Diamond dealers
  • Gemstone retail businesses and jewelry stores
  • Casino owners (including producers or managers of the gaming industry, such as slot machines, casinos, and bingos)
  • Currency exchange offices
  • Arms and ammunition dealers
  • Weapons manufacturing
  • International trade in exotic animals
  • Mining, oil, and gas industries, particularly those linked to developing countries

Appendix V – Individuals with Political Exposure

The following individuals are specifically regarded as Politically Exposed Persons (PEPs):

Public function

The following roles or organizations, both in Switzerland and internationally, are regarded as holding a significant public function:

  • Head of State
  • Government leader or member
  • Head of Parliament or member
  • President of a political party
  • Senior official in administration, judiciary, or military
  • State representative (e.g., ambassador, consul)
  • Monarchs (King and Queen) in their official roles
  • Representative of a state-owned company
  • Public sector companies
  • Representative of international organizations
  • Senior roles in intergovernmental organizations
  • Senior positions in international sports federations

To be classified as a PEP, individuals must hold one of the public functions listed above at a national level.

For individuals acting at a regional level, the PEP status may apply depending on the level of autonomy or the significance of the region for which the person holds the aforementioned public function.

Close relatives

Family members and close associates of PEPs are individuals who have a strong connection to the persons holding the public functions mentioned above, either through family ties or social or professional relationships.

Specifically, the following individuals are considered to be closely associated with a PEP:

  • Direct family members of the PEP (such as siblings, children, parents, spouse, or partner)
  • Individuals with a clear personal connection to a PEP
  • Individuals who have business relationships with a PEP
  • Companies where a PEP holds a majority stake or holds a senior position (e.g., board member or executive management)

Appendix VI – Intricate Structures

Structures that possess at least one of the following characteristics are regarded as complex:

  • The structure includes entities from more than two jurisdictions without a clear and understandable reason for such complexity.
  • A trust where another trust acts as the founder or beneficiary.
  • The presence of a nominee shareholder on a permanent basis within a structure located in a jurisdiction known for its lack of transparency.
  • The structure consists of more than two domiciliary companies or similar entities without a clear and understandable purpose or solely for short-term investment purposes.

Structures that include a trust and an underlying company are not considered complex, as their purpose is usually clear, typically aligned with the company’s business model.

APPENDIX VII – Travel rule

In accordance with FINMA guidance 02/2019 “Payments on the Blockchain” and to comply with the Travel Rule, the Company has established the following procedures to verify the ownership of client wallets.

All clients are subject to the Travel Rule, regardless of the amounts involved.

Scenario 1: The client’s wallet address is pre-approved and added to the whitelist.

In the client panel, there is an option called “Add Crypto Address,” where the client is prompted to provide the following details:

  1. In the client panel, there is an option called “Add Crypto Address,” where the client is prompted to provide the following details:
  2. The panel asks the client for the following details:
    1. Network
    2. Wallet address
    3. Wallet source
    4. A declaration confirming the client as the wallet owner
    5. A section where the client can upload a video, photo, or PDF as proof of wallet ownership (“Proof Documents”).
    6. The declaration is then sent to the client’s email, where they are required to digitally sign their submission.
  3. The Company receives a notification in the admin panel when a new wallet address is submitted.
  4. The Company performs checks on the wallet address using [Name of Tool] and verifies the integrity of the proof of ownership by reviewing the Proof Documents.

If the Company has any doubts about the Proof Documents, it will request a Satoshi test. Should there be any concerns regarding the Satoshi test, the wallet will be rejected.

Scenario 2: The wallet address is added to the whitelist at the time of the transaction.

  1. The client receives a notification to whitelist the new wallet, and the process proceeds as described in Scenario 1.