AML/CTF and KYC Policy

AML/CTF and KYC Policy
Anti-Money Laundering (AML) Policy

Terms and Definitions

CocoPay: A trademark system that offers users the ability to exchange digital and electronic currency.
Service: An online system for exchanging, selling, and buying digital and/or electronic currencies.
User: Any individual utilizing the services of CocoPay.
Digital Currency: Currencies such as Bitcoin, Litecoin, Ethereum, and any other currencies based on blockchain technology.
Electronic Currency: Monetary funds held in user accounts of electronic payment systems.
Service’s Offerings: Facilitating peer-to-peer transactions between individuals for the purchase, sale, and exchange of digital currencies, as well as other services detailed on the Service’s platform.
Card Verification: The process of verifying the ownership of a card (or account) to its holder. The verification criteria are set by the Service and are conducted once for every new account (or card) of the User.
Money Laundering: The act of making illegally-gained proceeds appear legal. CocoPay strictly adheres to laws prohibiting us or any of our employees from knowingly engaging or attempting to engage in any activities related, directly or indirectly, to money laundering. Our anti-money laundering policy aims to enhance the safety of our clients and the services provided by the Service.
Terrorist Financing: The intentional provision or collection of funds, directly or indirectly, with the intention or knowledge that they will be used to commit terrorist acts.
2. Measures Taken in Compliance with the AML Policy

The CocoPay service administration, recognizing the public threat of crimes related to money laundering and the financing of terrorist activities, has developed a set of organizational and legal measures to comply with national legislation and the requirements of the intergovernmental organization FATF.
European AML regulation is based on a series of legislative directives. Specifically, the EU released the Sixth Anti-Money Laundering Directive (6AMLD), which came into effect on December 2, 2018.
In the UK, companies must adhere to the 2017 Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations (MLRs) and also consider the recommendations of the Joint Money Laundering Steering Group (JMLSG), which establishes guiding principles in the UK for companies to conduct comprehensive checks on their clients.
Other legislative acts aimed at combating the legalization of proceeds from crime and the financing of terrorism include:

• The Fifth Anti-Money Laundering Directive ((EU) 2018/843);
• The Proceeds of Crime Act 2002;
• The Terrorism Acts of 2000 and 2001;
• The Counter-Terrorism Act 2008;
• Treasury Sanction Notices;
• The UK Financial Conduct Authority’s Handbook.

1. Implementation of the KYC (Know Your Customer) policy: Mandatory identification of Users who are allowed to conduct transactions on our Service. For user verification, the administration may require the following information:
   Take a selfie with an identity document: a scanned copy of the front and back of an official ID with a photo, i.e., a valid passport, driver’s license, or other national ID;
   Confirm the place of residence: an official document issued within the last 3 months, clearly indicating the client’s name and address as registered on the CocoPay site. This can be a utility bill (for water, electricity, or landline phone) or a bank statement. The copy should include: full name, full residential address, date of issue (within the last 3 months), the name of the issuing authority with an official logo or stamp;
   Provide a copy of the front and back of the bank card and/or a photo of your bank card taken against the main page of the Service (service showcase). For confidentiality and security, only the last 4 digits of your credit card should be visible. It’s permissible to hide the 3 digits on the back of the card (CVV code).
   The CocoPay service administration will take steps to verify the authenticity of documents and information provided by Users. Identification information will also be cross-referenced with secondary sources, and the CocoPay service administration reserves the right to continue investigations to ensure full confidence in the authenticity of the submitted documentation.
   The CocoPay service administration reserves the right to monitor user data continuously, especially in cases where their identification information has been altered or their activity appears suspicious (unusual for that specific user). Furthermore, the administration reserves the right to request up-to-date documents from users, even if they have been previously verified.
2. Continuous monitoring of transactions processed through the Service. We maintain constant oversight of all requests made on the CocoPay site. The service administration notifies users about the prohibition of conducting exchange operations by third parties using their account.
3. Application of a Risk-Based Approach (RBA). We implement varying levels of verification, depending on the volume and number of transactions performed by the user.
4. Enhancing the professional skills and knowledge of the CocoPay team in compliance with Policy requirements.
5. Collaboration with governmental agencies as mandated by law. In the event of an official request from law enforcement or judicial bodies, we are obliged to provide the requested information. The service administration also has the right to provide data requested by official representatives of payment systems.
6. Enhancing the security of CocoPay service software. We prioritize the reliability and security of your transactions. Consequently, we continually improve our IT department, whose primary goal is to protect the site from unauthorized access by malicious actors.
7. The CocoPay service administration, in cases prescribed by law, may require a regulatory mandate to verify the source of fiat money and/or cryptocurrency to ensure that the funds’ sources used for exchange are legitimate. As proof of the origin of the funds, a bank statement for fiat money or a video showing wallet transaction details for cryptocurrencies might be required.
8. In accordance with this Policy, the Service Administration will:
9. Monitor all transactions. The Administration reserves the right to facilitate the reporting of suspicious transaction activities to the appropriate law enforcement agencies through the Designated Officer;
10. Request any additional information and documents from the User in the event of suspicious transactions, as well as upon the request of a regulator (The regulator can be an exchange, a government institution, or any other organization with the appropriate legal basis);
11. Suspend or terminate the User’s account if there is reasonable suspicion that such a User is involved in illegal activities.
12. The aforementioned list is not exhaustive, and the Designated Officer will monitor user transactions daily to determine whether to report such transactions and consider them as suspicious or to view them as bona fide.
13. Country of Residence: This Policy outlines our criteria for risk concerning AML/CTF. To mitigate this risk, the CocoPay Service Administration does not accept clients residing in the following high-risk countries.

Sources used for categorization include:

• Transparency International;
• Know Your Country;
• FATF list of high-risk jurisdictions;
• EU list of high-risk jurisdictions;
• Countries where digital assets are banned or have trading restrictions;
• Countries where digital assets are not banned;
• Countries subject to UN Security Council sanctions.
• All clients residing in the countries listed below are prohibited from using the CocoPay service and cannot be accepted as Users. Any clients from these countries will be denied service, and any funds will be returned to the source.
• Full list of prohibited jurisdictions:

Afghanistan
American Samoa
U.S. Virgin Islands
Territory of Guam
Iran
Yemen
Libya
State of Palestine
Puerto Rico
Somalia
Democratic People’s Republic of Korea (DPRK)
Northern Mariana Islands
USA
Syria
Republic of Sudan
Transnistria
Temporarily occupied territories of Georgia
Turkish Republic of Northern Cyprus
Western Sahara
Federal Republic of Ambazonia
Kosovo
South Sudan
Canada
United Kingdom (Great Britain)
Nicaragua
Trinidad and Tobago
Venezuela
Myanmar
Singapore
South Korea
Japan
Austrastronga
Austria
Belgium
Bulgaria
Croatia
Czech Repubstrongc
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
strongthuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
China

The CocoPay service administration also does not accept clients from disputed territories, as they do not provide universally recognized official documents, including:
Donetsk People’s Republic (DPR) / Luhansk People’s Republic (LPR)
Pridnestrovian Moldavian Republic
Nagorno-Karabakh Republic Republic of Abkhazia
Republic of Somaliland
Republic of South Ossetia
Turkish Republic of Northern Cyprus
Republic of China (Taiwan)
Passports issued by the Russian Federation in Crimea, and passports issued to residents of the Donetsk and Luhansk regions of Ukraine, are not subject to verification.
Republic of Kosovo
Sahrawi Arab Democratic Republic
Republic of Artsakh

KYT Policy
(Know Your Transaction)

Effective Date: November 1, 2021
Updated: May 27, 2022
The KYT (Know Your Transaction) policy is aimed at identifying the client of a transaction in cases where the Service has reasonable suspicions that the Client is misusing CocoPay.

Such a precedent can arise if the Service suspects the Client of illegal activities, which may be classified as laundering or attempting to launder digital assets acquired unlawfully, or if the funds clearly have a criminal origin. For these purposes, the Service has the right to use any lawful information, third-party tools for analyzing the origin of digital assets, as well as its own screening system developments.

In such cases, CocoPay Service reserves the full right to:

1. Require the Client to provide additional information revealing the origin of the digital assets and/or confirmation that these assets were not acquired unlawfully.
2. Freeze the account and any operations related to the Client, and forward all available information and documents regarding the incident to financial regulatory and/or law enforcement agencies based on the Service’s registration location and, if necessary, based on the Client’s registration address.
3. Demand documents from the Client confirming identity, physical existence, registration address, and solvency.
4. Return digital assets only to the details from which the transfer was made or switch to other details after a full security service check if the Client’s funds’ legal origin is verified.
5. Deny the Client’s request to withdraw funds to a third party’s account without explaining the reasons.
6. Retain the Client’s funds until a full investigation of the incident is completed.
7. Reserve the right to monitor the entire transaction chain to detect suspicious transactions.
8. Reserve the right to deny the Client service if the Service has justified suspicions about the legality of the digital assets’ origin and hold the funds in the Service’s special accounts.
9. Reserve the right to deny the Client service if the Service has justified suspicions about the legality of the digital assets’ origin and hold the funds in the Service’s special accounts, especially if it’s impossible to trace the entire chain of digital asset movements since their inception.

Conditions for the return of funds halted for review after an AML transaction analysis:
The refund is made after a full check by the Service’s security department, which may include a detailed verification of the sender. The refund is made with a deduction of a commission of up to 5% of the transaction amount to cover the labor costs of processing the application and organizing the refund.
If approved by the Service, the refund will be processed by the Service within 7 (seven) calendar days from the date the User was notified of the Service’s decision regarding their refund request.
When arranging a refund after passing the check (verification), the user must confirm the details to receive the refund.