KYC & AML

1. These Rules for The Prevention of Money Laundering and (or) Terrorist Financing (hereinafter – the Rules) are prepared to ensure the prevention of money laundering and terrorist financing in activity of Bitocol Group UAB (hereinafter – the Company).

2. The Rules describe how the Company will organize and ensure the adequate anti-money laundering and counter terrorism financing procedures. The implementation of the Rules will ensure that the name, reputation and financial integrity of the 
Company, whilst ensuring compliance with all necessary laws and regulations.

3. The provisions of the Rules must be adhered to by all operations, organisation and staff of the Company.

4. The Rules are prepared in accordance with the Law on the Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania (hereinafter – the Law) and other applicable legal acts of the Republic of Lithuania.

5. Unless the Rules state otherwise, all terms used therein have the meaning indicated in the Law and other applicable legal acts.

6. Unless otherwise required by the context, the following terms beginning in a capital letter shall be taken to have the following definitions:
6.1. Customer – a legal or natural person performing monetary operations or concluding transactions with the Company;
6.2. Company – Bitocol Group UAB, legal entity code 305931596, registered address at Laisvės pr. 60, Vilnius, Republic of Lithuania;
6.3. Responsible Employee – an employee appointed by the CEO who is responsible for the implementation of measures for the prevention of money laundering and (or) terrorist financing in accordance with the Rules;
6.4. Prominent Public Functions – functions which are listed in Article 19(2) of the Law or are included on the list of prominent public functions published by the FCIS;
6.5. Close Family Member – spouse, a person with whom a civil partnership is registered, parents, siblings, children and spouses or civil partners of children;
6.6. Business relationship – a business, professional or commercial relationship between a Customer and the Company which is connected with their professional activities and which is expected, at the time when the contact is established, to have an element of duration.
6.7. Beneficial Owner – a natural person, who is the owner of a Customer (a legal person) or controls the Customer, and/or a natural person for the benefit of which a transaction or activity is being conducted. The Beneficial Owner is considered to be:
a) In a legal person:
(i) a natural person who owns the legal person or who controls it either directly or indirectly by owning a sufficient percentage of the legal person’s shares or voting rights, including bearer shares and control through other means, other than a company listed on a regulated market that is subject to disclosure requirements consistent with EU law or subject to equivalent international standards which ensure adequate transparency of ownership information;
(ii) a natural person holding 25 % plus one share or an ownership interest of more than 25% in the legal person is considered to be a direct owner. A natural person holding 25 % plus one share or an ownership interest of more than 25 % in a legal entity or entities which control or hold 25 % plus one share or an ownership interest of more than 25 % in a legal entity is considered to be an indirect owner;
(iii) a natural person performing the role of the senior manager if the person in point (i) above cannot be determined or there are doubts on whether the person determined is the Beneficial Owner;
b) in the case of trusts:
(i) the settlor;
(ii) the trustee(s);
(iii) the protector, if any
(iv) the beneficiaries, or where the individuals benefiting from the legal arrangement or entity have yet to be determined, the class of persons in whose main interest the legal arrangement or entity is set up or operates;
(v) any other natural person exercising ultimate control over the trust by means of direct or indirect ownership or by other means;
c) in the case of legal entities such as foundations, and legal arrangements similar to trusts, the natural person(s) holding equivalent or similar positions to those referred to in point (b);
6.8. EU Member State – a member state of the European Union or the European Economic Area;
6.9. Third Country – a country which is not a member state of the European Union or the European Economic Area;
6.10. FCIS – The Financial Crime Investigation Services under the Ministry of the Interior of the Republic of Lithuania;
6.11. Politically Exposed Person (PEP) – a natural person who is carrying out or has carried out Prominent Public Functions, their Close Family Members and Close Associates. A person who has not carried out Prominent Public Functions during at least the last year by the date of entering the Business relationship or making of a transaction or such a person’s Close Family Members or Close Associate are not considered as politically exposed persons;
6.12. Suspicious Financial Operation – a monetary transaction, which is performed with funds, which are suspected to have been received (either directly or indirectly) from criminal activities or from participating in such activities or/and are related to terrorist financing;
6.13. Close Associates – natural persons who are known to have joint Beneficial Ownership of legal entities or legal arrangements, or any other close business relations, with a Politically exposed person and (or) natural persons who have sole Beneficial Ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a Politically exposed person;
6.14. Virtual Currency – an instrument with a digital value but no legal currency or monetary status, which is not authorized or guaranteed by a central bank or other public authority and which is not necessarily pegged to currency but which is recognized by natural or legal persons as an exchange instrument and which is transferable and sold electronically;
6.15. Virtual Wallet – public key addresses which are generated for virtual currency addresses for the storage and management of virtual currencies entrusted to other natural or legal persons (third parties) but remaining in their ownership.

7. The Company takes all necessary, proportionate measures in order to identify its Customer and to verify the identity of the Customer and Customer’s Beneficial Owners. The Company takes measures and determine identity of the Customer or his representative in the following cases:
7.1. before establishing a Business relationship;
7.2. before conducting one or several related Virtual Currency transactions (exchanges) or allowing a deposit of Virtual Currency on a Virtual Wallet the value of which is equal to or exceeds EUR 1,000 at the time of the transaction and/or deposit;
7.3. if there is suspicion that information previously provided about the Customer or his representative is incorrect and/or incomplete;
7.4. in any other case, when there are suspicions that an act of money laundering and / or terrorist financing is, was or will be carried out.
8. The Company establishes Customer’s identity only remotely, i. e. when the Customer is not physically present.
Remote Customer identification
9. The Company establishes Customer’s (natural person’s or legal person representative’s) identity remotely by using the following measures:
9.1. when using information from third parties about the Customer or the beneficial owner in accordance with the procedure laid down in the Law;
9.2. when information about the Customer’s identity is confirmed with a qualified electronic signature supported by a qualified certificate for electronic signature which conforms to the requirements of Regulation (EU) No 910/2014;
9.3. when using electronic means allowing direct video streaming in one of the following ways:
a) the original of the identity document or an equivalent residence permit in the Republic of Lithuania is recorded at the time of direct video streaming and the identity of the Customer is validated using at least an advanced electronic signature which conforms to the requirements laid down in Regulation (EU) No 910/2014;
b) the facial image of the Customer and the original of the identity document or an equivalent residence permit in the Republic of Lithuania shown by the Customer is recorded at the time of direct video streaming.
10. In every case establishing Customer’s identity remotely by using measures specified in paragraph 9 is allowed only when there are all conditions laid down in the Law.
11. When establishing Customer’s identity remotely, the Company shall:
11.1. verify whether there are any circumstances to apply enhanced Customer due diligence. If such circumstances are present the procedures for enhanced Customer due diligence accordingly shall be followed;
11.2. assess whether the Customer provides copies of valid identity documents or corresponding travel documents which photographs are matching. This requirement does not apply if the identity is being determined using a qualified electronic signature;
11.3. find out whether the Customer will act on his own behalf or someone else’s interests;
11.4. verify whether a representative has legal permit or power of attorney to act in the name of the Customer;
11.5. to receive additional documents with the necessary information, if additional information is required from the Customer;
11.6. check whether Customer or Customer’s beneficiary is included in the list of people that are financially sanctioned by Lithuania, European Union (EU sanctioned person list) and United Nations;
11.7. use reliable and independent sources to verify whether the Customer is a PEP.
12. If the Customer is represented by another person, the Company shall request proof of power of attorney and, if possible, check its validity (i.e. if the Customer or its representative has the right to issue such a power of attorney), expiry date, actions that representative can undertake in the name of the Customer. Power of attorney shall comply with rules established in the Civil Code of the Republic of Lithuania. In case the power of attorney is given by the Customer natural person, such power of attorney on behalf of the Customer shall be certified by the notary.

13. The Company shall always establish the identity of Beneficial Owner of the Customer (in accordance to the Law and these Rules).
14. The Customer shall submit the following data on the Beneficial Owner:
14.1. Name/names;
14.2. Surname/surnames;
14.3. Personal identification number (in the case of a foreigner: date of birth (where available – personal number or any other unique sequence of symbols granted to that person, intended for personal identification, the number and period of validity of the residence permit in the Republic of Lithuania and the place and date of its issuance);
14.4. Citizenship.
15. The data submitted by the Customer shall be validated using electronic identification means issued in the European Union which operate under the electronic identification schemes with the assurance levels high or substantial, or with a qualified electronic signature supported by a qualified certificate for electronic signature which conforms to the requirements of Regulation (EU) No 910/2014, or using electronic means allowing direct video streaming.

16. It is forbidden to start Business relationship if the Customer and / or his representative:
16.1. fails to submit the data confirming his identity;
16.2. submits not all the data or where the data are incorrect;
16.3. avoids submitting the information required for establishing his identity,
16.4. conceals the identity of the Beneficial Owner or avoids submitting the information required for establishing the identity of the Beneficial Owner or the submitted data are insufficient for that purpose;
16.5. the Company, due to the Customer’s actions or omissions, is not able to ensure proper compliance with the Law and the related legal acts.
17. In such cases, specified in paragraph 17, the Company shall, upon assessment of the threat posed by money laundering and/or terrorist financing, decide on the appropriateness of forwarding a report on a suspicious monetary operation or transaction to the Financial Crime Investigation Service of the Republic of Lithuania (hereinafter – the FCIS).
18. If the Company is unable to comply with points above, the Company shall not conduct business relations with such Customer. In these cases, the Responsible Employee of the Company has to evaluate possible money laundering or terrorist financing threat and inform the CEO and FCIS.
19. If the Customer avoids or declines a request by the Company to provide information on source of assets, money and etc., the Responsible Employee has to inform the CEO. In that case CEO shall make a decision to terminate Business relationship with the Customer and the Responsible Employee shall inform FCIS. The Responsible Employee has a responsibility to take immediate action to interrupt money laundering and / or terrorist financing.
20. Information gained identifying the Customer and beneficiary owner, monitoring Customer activities has to be documented either physically or electronically.

21. All Customers should be classified according to the risks of being involved in money laundering or terrorist financing (TF).
22. Risk categorization shall encompass three different Customers risk levels.
23. Such categorization shall be based on multiple parameters, including, but not limited to:
23.1. Customer’s identity;
23.2. Customer’s residency (registration place, if Customer is a legal entity);
23.3. Nature of business activity;
23.4. Actual location of business activities;
23.5. Customer’s (legal entity’s) ownership and complexity of control structure;
23.6. Nationality of Beneficial Owner;
23.7. Volume and nature of transactions carried out by the Customer;
23.8. Social / financial status;
24. The following Customer risk classification is used:

a) In the cases specified by the European Supervisory Authorities and the European Commission.
b) In the cases where the Customers are legal persons whose securities are admitted to trading on a regulated market in one or more EU Member States;
c) In the cases where the Customers are entities of public administration – state and municipal institutions and institutions, the Bank of Lithuania;
d) In the cases where the Customer is a financial institution covered by the Law (or a financial institution registered in another European Union Member State).
e) The Customer is identified as low risk in accordance with the Company’s Risk Assessment Procedure.

a) All other Customers not identified as low or high risk.

a) The Customer or his / her representative or at least one of the Customer’s Beneficial Owners is a PEP;
b) During the identification procedure the Customer avoids performing actions necessary for the verification of his / her identity and providing information about him / herself;
c) At the request of the Company, the Customer did not provide the documents evidencing the financial activities (documents evidencing the transactions concluded or being concluded by the Customer and other documents evidencing the financial activities performed or being performed by the Customer);
d) The Responsible Employee of the Company establishes existence of the features unusual to the ordinary activities performed by the Customer (performance of monetary operations with larger amounts, complex transactions, transactions are carried out in an unusual pattern etc.);
e) The Customer’s age, official position, status and / or financial condition (low income of the Customer when compared with the extent of the Customer’s financial activities) do not comply objectively with the financial activities performed by the said Customer;
f) If a suspicion is raised during the monitoring of Customer’s business relations with the Company.
g) The Customer is determined to be of a high risk in accordance with the Company’s Risk Assessment Procedure.

a) The Customer or his / her representative or at least one of the Customer’s Beneficial Owners is a PEP;
b) During the identification procedure the Customer avoids performing actions necessary for the verification of his / her identity and providing information about him / herself;
c) At the request of the Company, the Customer did not provide the documents evidencing the financial activities (documents evidencing the transactions concluded or being concluded by the Customer and other documents evidencing the financial activities performed or being performed by the Customer);
d) The Responsible Employee of the Company establishes existence of the features unusual to the ordinary activities performed by the Customer (performance of monetary operations with larger amounts, complex transactions, transactions are carried out in an unusual pattern etc.);
e) The Customer’s age, official position, status and / or financial condition (low income of the Customer when compared with the extent of the Customer’s financial activities) do not comply objectively with the financial activities performed by the said Customer;
f) If a suspicion is raised during the monitoring of Customer’s business relations with the Company.
g) The Customer is determined to be of a high risk in accordance with the Company’s Risk Assessment Procedure.