AML & KYC Policy
Last updated Jan 27, 2025
The Anti-Money Laundering, Countering Financing of Terrorism and Know Your Customer Policy (the "AML/CFT Policy") of Zypto sp. z ograniczona odpowiedzialnoscia ("ZYPTO") is designated to prevent and mitigate possible risks of ZYPTO being involved in any kind of illegal activity.
Money Laundering
Money laundering shall be defined and understood as the act referred to in Article 299 of the Act of 6 June 1997 - Polish Penal Code, that is:
Art. 299 §1. Anyone who receives, transfers or transports abroad, or assists in the transfer of title or possession of legal tender, securities or other foreign currency values, property rights or real or movable property obtained from the profits of offences committed by other people, or takes any other action that may prevent or significantly hinder the determination of their criminal origin or place of location, their detection or forfeiture, is liable to imprisonment for between six months and eight years.
§2. Anyone who, as an employee of a bank, financial or credit institution, or any other entity legally obliged to register transactions and the people performing them, unlawfully receives a cash amount of money or foreign currency, or who transfers or converts it, or receives it under other circumstances raising a justified suspicion as to its origin from the offences specified in §1, or who provides services aimed at concealing its criminal origin or in securing it against forfeiture, is liable to the penalty specified in §1.
There are three common stages in money laundering, and they frequently involve numerous transactions:
- Placement - this stage involves the physical introduction of cash or other assets derived from criminal activity into the financial system.
- Layering - the launderers make numerous transactions to distance the true owner and the source of illegal money, making it harder for the authorities to track. This can typically be as easy as using illegitimate funds to invest in something legitimate so that the funds now appear to be "clean." Such funds are then transferred to purchase goods and services, making their detection nearly impossible.
- Integration - the final stage, where the disguised criminal proceeds are returned to and used by the money launderer, with a legitimate appearance given to the criminal proceeds.
Terrorism Financing
Terrorism financing shall be understood as the act referred to in Article 165a of the Act of 6 June 1997 - Polish Penal Code; that is:
Art. 165a. Anyone who collects, transfers or offers means of payment, financial instruments, securities, foreign exchange, property rights or other movable or immovable property in order to finance a terrorist offence is liable to imprisonment for between two and 12 years.
Components of ML/TF Prevention Framework
- adequate organizational structure and clear reporting lines (including a system for reporting to management-level bodies that would allow making timely decisions on ML/TF risk management)
- identification, assessment and management/mitigation of ML/TF risks
- Customer Due Diligence
- identification and verification of the Customer and the Beneficial Owner
- collection and assessment of KYC information (when applicable)
- ongoing due diligence (including updates to KYC information)
- implementation of international financial sanctions and restrictive measures
- ongoing monitoring of the Customer's Business Relationship and Transactions
- internal investigations of possibly Suspicious Transactions
- reporting to the GIIF
- record keeping
- personnel training
Risk Based Approach (RBA)
ZYPTO takes a risk-based approach to assessing the risks involved in establishing a Business Relationship with Customer. By adopting a risk-based approach ZYPTO is able to ensure that measures to prevent or mitigate ML and TF threats are commensurate to the risks identified. This will allow resources to be allocated in the most efficient ways. The resources should be directed in accordance with priorities so that the greatest risks receive the highest attention.
The inherent risk is assessed in the course of identification of the specific products, services, customers, entities, and geographic locations. Depending on the specific characteristics of the particular product, service, or customer, the risks are not always the same. The ML/TF risk associated with the specific Business Relationship or the Occasional Transaction shall be assessed taking into account various factors, in particular:
- the type of the Customer;
- geographical area;
- purpose of the account opened with ZYPTO;
- type of products, services and methods of their distribution;
- level of assets deposited by the customer or value of transactions performed;
- objective, regularity or duration of the Business Relationship.
Risk assessment during the on-boarding stage of the new customer provides ZYPTO with an opportunity to gain an insight into the type and nature of its potential customers, their geographic locations and business activities, whereas ongoing determination of the customer's risk profile allows ZYPTO to ensure that the correct risk level is assigned to the customer throughout the established relationship.
ZYPTO determines the extent of its CDD measures and ongoing monitoring, using a risk-based approach depending upon the background of the customer and the product, transaction or service used by that customer, so that preventive or mitigating measures are commensurate to the risks identified. RBA does not exempt ZYPTO from mitigating ML/TF risks where these risks are assessed as low.
AML Officer
This person acts as the focal point within ZYPTO for the oversight of all activities relating to the prevention and detection of ML/TF and providing support and guidance to the Responsible Senior Management Member(s) to ensure that ML/TF risks are adequately managed. The AML Officer is sufficiently independent and has a direct reporting line to ZYPTO's Responsible Senior Management Member(s). The AML Officer has access to sufficient resources and information to be able to ensure ZYPTO's compliance with effective laws and regulations of the Republic of Poland.
In particular, the AML Officer takes responsibility for:
- developing and/or continuously reviewing the AML/CTF systems (including risk assessment) to ensure they remain up-to-date and meet current statutory and regulatory requirements;
- the oversight of all aspects of the AML/CTF systems which include monitoring effectiveness and enhancing the controls and procedures where necessary;
- playing an active role in the identification and reporting of suspicious transactions;
- reviewing all internal disclosures and exception reports and determining whether or not it is necessary to make a report to the GIIF and maintaining all records related to such internal reviews;
- providing guidance on how to avoid "tipping off" if any disclosure is made;
- acting as the main point of contact with the GIIF, law enforcement, and any other competent authorities in relation to ML/TF prevention and detection, investigation or compliance;
- organizing rules of conducting ongoing monitoring of ZYPTO's relationships with its customers and reviews of monitoring conducted on a regular basis;
- identifying suspicious transactions and activities and creating SARs, then submitted to GIIF;
- monitoring changes of regulatory requirements with respect to AML/CTF prevention and counteraction; communicating all AML/CTF relevant issues to the Responsible Senior Management Member(s);
- developing internal training programs and materials, as well as receiving relevant trainings.
Personnel Training
ZYPTO ensures that its personnel have the relevant qualifications for their work tasks. When the personnel is recruited or engaged, their qualifications are checked as part of the recruitment/appointment process. In accordance with the requirements applicable to ZYPTO on ensuring the suitability of the personnel, ZYPTO makes sure that they receive appropriate training and information on an ongoing basis to be able to fulfil ZYPTO's obligations in compliance with the applicable legislation.
It shall be ensured through training that the personnel are knowledgeable within the area of AML/CTF to an appropriate extent considering their tasks and functions. The training is structured on the basis of the risks identified through the ZYPTO risk assessment. For new employees, the training consists at least of a review of the content of the applicable rules and regulations, the Company's internal policies and other relevant procedures.
The content and frequency of the training is adapted to the personnel's tasks and function. The personnel receive training on an ongoing basis under the management of the AML Officer in accordance with the following training plan:
- Periodicity: at least once a year.
- Scope:
- review of applicable rules and regulations;
- specific information relating to new/updated features in the applicable rules and regulations;
- review of this Internal Procedure and other relevant procedures and information that should facilitate employees to fulfil the obligations associated with counteracting ML and TF, taking into account personal data protection issues;
- specific information on all the most contemporary ML and TF methods and risks arising therefrom;
- report and exchange of experience relating to transactions reviewed since the previous training.
The training held is to be documented electronically and confirmed with the employee's signature on the training protocol. This protocol should include the content of the training, names of participants and date of the training. In addition to the above, the employees are kept informed by the AML Officer on an ongoing basis about new trends, patterns and methods and are provided with other information relevant to the prevention of ML and TF.
Preservation of Data
ZYPTO retains the originals or copies of documents that serve as the basis for the identification and verification of persons and documents serving as the basis for the establishment of business relationships for a period of at least five years after the business relationship has ended.