POLICIES AND MEASURES FOR THE PREVENTION OF MONEY LAUNDERING AND THE FINANCING OF TERRORISM

(hereinafter: Policy)

Digital Assets d.o.o. (hereinafter: the Company) is committed to the highest level of anti-money laundering and counter-financing of terrorism (hereinafter: AML/CFT). The Company follows the laws of the Republic of Croatia and the EU. It actively prevents all activities aimed at or facilitating the legalization of illicit funds.

This Policy prescribes the measures, actions, and procedures the Company undertakes to prevent money laundering (hereinafter: ML) and financing of terrorism(hereinafter: FT) in its regular business operations.

The Company reserves the right to suspend the service to the Customer if there is suspicion that the Customer obtained the funds illegally.

KEY TERMS

Customer identification is the process of establishing the Customer's actual identity based on reliable sources, primarily personal documents.

Financing of terrorism (FT) is the provision or collection of funds, or the attempt to provide or collect funds, by any means, with the intention or knowledge that terrorists or terrorist organizations will use them for any purpose, including financing travel to commit or contribute to terrorism, training for terrorism, and terrorist associations.

Money laundering (ML) is the exchange or transfer of property acquired through criminal activity, concealing or disguising the true nature, source, location, disposition, or movement related to the ownership of the property, acquisition, possession, or use of property obtained through criminal activity, attempting or participating in committing the actions as mentioned earlier.

A suspicious transaction is any attempted or executed transaction for which we assess that there are reasons to suspect ML or FT or that the transaction involves funds derived from illegal activities.

Terrorism can be financed from legal activities' revenues, which further complicates detection, unlike ML, which is always preceded by some illegal activity.

A transaction is any receipt, expenditure, transfer from account to account, exchange, storage, disposition, or another handling of money within the Bitcoin Store platform.

INTERNAL MEASURES FOR PREVENTING ML AND FT

The Company implements the AML/CFT process with the following measures:

  • KYC (Know Your Customer) process,
  • risk assessment,
  • monitoring Customer activities,
  • record-keeping,
  • employee training.

The Company carries out all activities and processes related to the AML/CFT Law (NN 108/17, 39/19, 151/22) when establishing a business relationship and during each Customer activity.

CUSTOMER IDENTIFICATION

Know Your Customer (KYC) is a process that involves taking measures through which the Company establishes the Customer's identity.

Customer Due Diligence measures

The Customer due diligence process includes:

  • determining and verifying the identity of the Customer/beneficial owner of a legal person based on documents, data, or information,
  • collecting data on the purpose of the business relationship, the source of funds, and other data per the AML/CTF Law (NN 108/17, 39/19, 151/22),
  • continuous monitoring of the business relationship.

The Company carries out enhanced due diligence measures to appropriately manage and reduce the risks of ML or FT:

  • when the Customer/beneficial owner of a legal person is a politically exposed person,
  • when assessing that the Customer represents a high risk of ML or FT,
  • when there is suspicion of ML or FT,
  • when transactions have no visible economic or legal purpose.

Natural person

Before performing a transaction at a branch, the Company establishes the Customer's identity based on an identification document. The type of identification document depends on the country of residence. It may include an ID card, passport, and residence permit.

In this case, the Company collects the following Customer data: name and surname, residential address, day, month, and year of birth, personal identification number (PIN), name and the number of the identification document, name and country of the identification document issuer, and nationality/nationalities.

Before establishing a business relationship, i.e., opening a Bitcoin Store account, the Company conducts a verification process. The Customer verification process involves collecting the previously mentioned Customer data and verifying the submitted data. The Customer is required to complete a questionnaire with additional questions to enhance the Services and better understand the business relationship.

In this case, the Company uses the outsourcing provider services to determine the authenticity of the submitted data and identification document. For complete verification, the Company uses e-identification. The Customer must then take a selfie with a mobile device or personal computer, proving their presence.

Legal person

Before conducting a transaction at the Branch, the Company establishes the identity of the Customer who is a legal entity based on the identification document of the authorized person representing the legal person.

The identification documents and information that the Company collects for the authorized person representing the legal person are the same as in the case of identifying a natural person.

For a legal person, the Company collects the following information: name, legal form, address (street and house number, place and country), and the identification number of the legal entity.

Establishing and verifying a legal person that enters into a business relationship with the Company (opening a Bitcoin Store account), includes the following:

  • the authorized representative and the actual owner(s) of the legal person must undergo the process of establishing and verifying identity,
  • the authorized representative must provide the official documentation of the legal person.

Depending on the legal form of the Customer, the Company collects the following official documentation:

For companies (PLC, LLC and Simple LLC):

  • excerpt from the court register (not older than 3 months),
  • excerpt from the Register of Beneficial Owners (not older than 1 month),
  • a copy of the founding act (articles of association or statement of incorporation).

For craft business:

  • decision on registration in the Trade Register,
  • excerpt from the Trade Register (not older than 3 months),
  • trade license,
  • partnership agreement (if it is a joint trade). In that case, all partners are required to undergo the process of identification and verification of identity.

For an association:

  • decision on registration in the Register of Associations,
  • Articles of Association,
  • excerpt from the Register of Associations (not older than 3 months),
  • excerpt from the Register of Beneficial Owners (not older than 1 month).

All official documents of a legal person headquartered outside the Republic of Croatia must be provided in a certified translation into Croatian or English.

The Company has the right at any time to request additional documentation necessary for establishing a business relationship or during a business relationship with a legal person.

PRIVACY AND DATA PROTECTION

Customer data is stored per the General Data Protection Regulation (GDPR). More information about the collection, processing, and use of personal data can be found in the Privacy Policy document.

RISK ASSESSMENT

The Company regularly conducts a risk assessment at the level of the entire Company to identify changes within the Customer base, products, geographic data, and distribution channels and verify whether control measures are sufficient to keep the remaining risk low.

The Company conducts an individual risk assessment for each Customer before entering into a business relationship or if the Company learns about certain circumstances indicating a possible change in the Customer's risk group.

Each Customer of the Company is permanently assigned to a relevant risk group: low, medium, or high.

CUSTOMER ACTIVITY MONITORING

The Company conducts continuous monitoring of the business relationship.

This includes transaction monitoring and updating of Customer personal data. The Company also ensures and applies both current and retrospective monitoring procedures.

Monitoring may be carried out using the services of an outsourcing provider. In this case, the Company ensures that the outsourcing provider services comply with the requirements established by the signed contract with the Company and by the Law.

RECORD KEEPING

The Company ensures that documents and data related to business, transactions, business relationships, employee training material, and other documents are stored per the legal regulations of the Republic of Croatia and the European Union.

EMPLOYEE TRAINING

The Company conducts professional training and education of its employees at least once a year. The employee training program ensures that all Company employees who face AML/CTF measures in performing their functions are properly educated.

FINAL PROVISIONS

The Company reserves the right to amend the Policy and measures at any time to maintain the highest level of compliance with the AML/CFT Law.

This abbreviated Policy takes effect on March 6th, 2024. It replaces any other Policy that applied before that date.