CTFpay procedures  for Transaction monitoring (TM) workflow and escalation process.

The procedures prepared and implemented by CTFpay are in line with the latest requirements in this area. CTFpay reserves the time of introducing the procedures for the moment of the actual commencement of market activity.

Transaction Monitoring (TM) Workflow

Step 1: Data Collection

• Data Sources:
  • Transaction Data: Incoming and outgoing transactions, account transfers, and payments.
  • Customer Data: KYC (Know Your Customer), Customer Due Diligence (CDD), and risk profiles.
  • External Data: Sanctions lists (e.g., OFAC, UN), PEP databases, and high-risk jurisdictions.
• Objective:
  • Aggregate data in real time or batches for analysis.
  • Ensure completeness and accuracy to avoid missing critical patterns.

Step 2: Data Analysis and Rule Application

• Automated Analysis:
  • Systems apply pre-defined rules, thresholds, and machine learning models to identify potentially suspicious activities.
• Common Rules/Triggers:
  • Transaction Value: Single or cumulative transactions exceeding a threshold (e.g., $10,000).
  • Geographic Risk: Transactions involving high-risk or sanctioned jurisdictions.
  • Behavioral Deviations: Unusual activity compared to a customer’s historical patterns.
  • Structuring (Smurfing): Repeated small deposits or withdrawals to avoid detection.
  • Velocity: High frequency of transactions in a short time frame.
• Outcome:
  • The system flags transactions that meet these criteria and generates alerts for manual review.

Step 3: Alert Generation

• Types of Alerts:
  • False Positives: Transactions flagged incorrectly due to normal activity resembling suspicious behavior.
  • True Positives: Alerts that warrant further investigation.
• Prioritization:
  • Alerts are categorized by severity (e.g., low, medium, high) based on risk score, transaction type, and jurisdiction.

Step 4: Alert Review

• Initial Review by Analysts:
  • Review flagged transactions to filter out false positives.
  • Use tools to cross-check customer profiles, transaction history, and any patterns suggesting suspicious activity.
  • Investigate red flags such as:
    • Frequent international transfers to unrelated parties.
    • Sudden changes in transaction volume or destination.
    • Transactions involving shell companies.
• Decision Points:
  • Clear Alert: If the activity aligns with the customer’s profile and no suspicion exists.
  • Escalate Alert: If there’s evidence of potential suspicious activity requiring deeper investigation.

Escalation Process

Step 1: Internal Escalation

• Escalation to Senior Analysts:
  • Alerts requiring further review are passed to experienced analysts or the compliance team.
  • Additional checks may include:
    • Verifying documents (e.g., invoices, contracts).
    • Assessing connections between sender/receiver.
• Documentation:
  • Maintain detailed notes on findings, including reasoning for escalation.

Step 2: Escalation to Compliance or MLRO

• Role of Compliance Team/MLRO:
  • The Money Laundering Reporting Officer (MLRO) or compliance officer conducts a thorough investigation.
  • Key activities:
    • Cross-referencing with sanctions or PEP lists.
    • Investigating linked transactions or accounts.
    • Evaluating potential regulatory breaches.
• Preliminary Decision:
  • Determine whether to file a Suspicious Activity Report (SAR).
  • If no suspicion is confirmed, document the decision to clear the alert.

Step 3: External Reporting

• Filing a Suspicious Activity Report (SAR):
  • If suspicious activity is confirmed, a SAR is submitted to the relevant Financial Intelligence Unit (FIU), e.g., FinCEN (USA), NCA (UK), or GIIF (Poland).
  • SAR must include:
    • Detailed description of the transaction(s).
    • Customer information.
    • Reasons for suspicion and evidence supporting the filing.
• Regulatory Deadlines:
  • Ensure SARs are submitted within the required timeframe (varies by jurisdiction).

Step 4: Post-Escalation Actions

• Follow-Up:
  • Monitor the customer’s activity for recurring suspicious behavior.
  • Take corrective actions, such as:
    • Enhanced Due Diligence (EDD).
    • Freezing accounts.
    • Terminating relationships with high-risk customers.
• Audit Trail:
  • Maintain a detailed record of the alert, investigation, and resolution for regulatory audits.

Best Practices for Effective TM Workflow and Escalation

1. Clear Policies and Procedures:
   • Define escalation thresholds, roles, and responsibilities for each stage.
2. Effective Training:
   • Train compliance and TM staff to recognize and investigate emerging threats (e.g., typologies, fraud schemes).
3. Technology and Automation:
   • Use advanced tools with AI and machine learning to reduce false positives.
   • Implement dashboards for better visibility and case management.
4. Periodic Review:
   • Regularly update thresholds and rules to adapt to changing risks and regulatory environments.
5. Regular Audits:

Conduct internal reviews to ensure the TM process and escalation framework remain robust.

The risk assessment process for customers involves evaluating several factors to determine their potential for involvement in Money Laundering (ML), Terrorist Financing (TF), or other financial crimes. The assessment typically includes geographic, product/service, and transactional risks, among others, and classifies customers as low, medium, or high risk based on predefined criteria.

Key Risk Factors

1. Geographic Risk

• Definition: Risks associated with the location of the customer, their business activities, or the jurisdictions involved in transactions.
• High-Risk Indicators:
  • Operations or accounts in jurisdictions identified by the Financial Action Task Force (FATF) as high-risk or under increased monitoring.
  • Presence in countries with weak AML/CTF regulations, high corruption levels, or political instability.
  • Sanctioned countries or those subject to embargoes (e.g., OFAC, EU sanctions lists).
• Medium-Risk Indicators:
  • Jurisdictions not classified as high risk but known for limited enforcement of AML standards.
• Low-Risk Indicators:
  • Jurisdictions with strong AML/CTF frameworks (e.g., EU countries, USA, UK).

2. Product/Service Risk

• Definition: Risks linked to the nature of the products or services being offered.
• High-Risk Products/Services:
  • Complex products like private banking or trade finance.
  • Anonymous instruments like prepaid cards or bearer shares.
  • Cryptocurrencies or virtual assets with limited regulatory oversight.
  • Services that involve large cash transactions.
• Medium-Risk Products/Services:
  • Standard banking services for individuals or small businesses.
  • Services offered to industries with moderate risks, such as retail.
• Low-Risk Products/Services:
  • Basic deposit accounts or services with minimal cash handling.
  • Products with strict regulatory compliance (e.g., regulated investment funds).

3. Transactional Risk

• Definition: Risks tied to the customer’s transactional behavior, including volume, frequency, and patterns.
• High-Risk Indicators:
  • Unusual or high-value transactions inconsistent with the customer’s profile.
  • Cross-border transactions, especially involving high-risk jurisdictions.
  • High cash deposits, withdrawals, or transfers.
  • Transactions with no clear business or economic rationale.
• Medium-Risk Indicators:
  • Frequent but smaller-value transactions that are consistent with the customer’s profile but involve non-local regions.
• Low-Risk Indicators:
  • Transactions within normal limits, conducted domestically, and aligned with the customer’s declared activity.

4. Customer/Business Profile Risk

• Definition: Risks stemming from the customer’s nature, industry, or ownership structure.
• High-Risk Indicators:
  • Politically Exposed Persons (PEPs) or their close associates.
  • Nonprofit organizations or charities operating in high-risk areas.
  • Companies with complex ownership structures or offshore entities.
  • Businesses in high-risk industries (e.g., gambling, precious metals trading).
• Medium-Risk Indicators:
  • Newly established businesses or industries with moderate exposure.
  • Customers with limited public or financial information.
• Low-Risk Indicators:
  • Established, reputable customers with transparent ownership and operations in low-risk industries.

5. Delivery Channel Risk

• Definition: Risks based on how products and services are delivered to the customer.
• High-Risk Channels:
  • Non-face-to-face relationships or onboarding via online-only channels.
  • Use of intermediaries or agents in high-risk locations.
• Medium-Risk Channels:
  • Hybrid interactions (e.g., partially online with in-person verification).
• Low-Risk Channels:
  • Face-to-face onboarding with full identity verification.

Customer Risk Classification

1. Low Risk

• Customers with transparent operations, low-risk products/services, and operating in well-regulated jurisdictions.
• Examples: Salaried individuals, established businesses in low-risk industries, government institutions.

2. Medium Risk

• Customers with moderate risk factors, such as cross-border transactions or newer businesses in moderately risky sectors.
• Examples: SMEs with international dealings, businesses in moderately regulated industries.

3. High Risk

• Customers exhibiting multiple high-risk indicators or red flags.
• Examples: PEPs, businesses in high-risk jurisdictions or industries (e.g., casinos, cryptocurrency), offshore entities.

Risk Assessment Methodology

1. Scoring Model:
   • Assign scores to each risk factor (geographic, product, transactional, etc.).
   • Calculate an aggregate risk score for each customer.
2. Enhanced Due Diligence (EDD):
   • Apply EDD for high-risk customers, requiring additional documentation and monitoring.
   • Perform detailed background checks and periodic reviews.
3. Periodic Reviews:
   • High-risk customers: Frequent reviews (e.g., annually or semi-annually).
   • Medium-risk customers: Periodic reviews (e.g., every 1-2 years).
   • Low-risk customers: Routine reviews (e.g., every 3-5 years).
4. Monitoring:

Continuous monitoring of transactions to identify changes in risk profiles or suspicious activity.

Customer Screening Process is an automated process based on software purchased by CTFpay from a third party

Yes, companies engaged in regulated activities or those following Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations typically screen customers before entering into relationships with them. This process is part of both customer due diligence (CDD) and ongoing monitoring to identify potential risks, such as connections to illicit activities, sanctions violations, or adverse reputations.

Scope of Screening

1. Sanctions Lists

• Screening includes lists maintained by government authorities and international organizations to ensure compliance with economic sanctions. Examples include:
  • United Nations Security Council Sanctions Lists.
  • OFAC (Office of Foreign Assets Control, USA).
  • European Union (EU) Sanctions Lists.
  • UK Sanctions List (HM Treasury).
  • Australian Department of Foreign Affairs and Trade (DFAT) Sanctions.
  • Other jurisdiction-specific sanctions lists, where applicable.
• Objective:
  • Prevent onboarding or transacting with individuals/entities subject to financial sanctions or trade embargoes.

2. Politically Exposed Persons (PEPs)

• Screening identifies PEPs and their close associates or family members.
• Objective:
  • Mitigate risks related to corruption, bribery, or misuse of public funds.

3. Adverse Media Lists

• Customers are screened for negative mentions in news outlets, databases, and other sources, including:
  • Allegations of involvement in money laundering, terrorist financing, fraud, corruption, or organized crime.
• Objective:
  • Identify reputational risks or criminal connections.

4. Watchlists

• Screening includes global and regional watchlists, such as:
  • Interpol Red Notices.
  • FBI Most Wanted Lists.
  • Local law enforcement watchlists.
• Objective:
  • Detect customers flagged for criminal investigations or arrests.

5. Anti-Terrorism Screening

• Includes terrorism-related lists, such as:
  • OFAC SDN (Specially Designated Nationals) List with entities linked to terrorism.
  • UN Counter-Terrorism Committee Consolidated List.
• Objective:
  • Prevent financing or support of terrorism.

6. Human Rights & Environmental Risks

• Screening for customers flagged for involvement in:
  • Human rights abuses.
  • Environmental crimes (e.g., illegal deforestation, wildlife trafficking).
• Objective:
  • Address corporate social responsibility (CSR) concerns.

Watchlist Screening Program

A typical watchlist screening program includes:

1. Data Sources

• Comprehensive databases integrating sanctions, PEP, and adverse media lists from:
  • Government agencies.
  • Global data providers (e.g., Refinitiv World-Check, Dow Jones Risk & Compliance, LexisNexis).
  • Industry-specific sources (e.g., shipping, real estate, or finance).

2. Screening Stages

• Pre-Onboarding Screening:
  • Conducted before entering into a relationship with the customer to identify risks upfront.
• Ongoing Screening:
  • Continuous or periodic checks to identify any changes in the customer’s risk profile.
• Event-Driven Screening:
  • Triggered by specific customer activities (e.g., unusual transactions, account updates).

3. Screening Criteria

• Customer Name Matching: Exact or fuzzy name matches.
• Geographic Risk: Connections to high-risk jurisdictions.
• Nature of Business: Screening industries or sectors known for high risk (e.g., gambling, cryptocurrency).
• Transaction Patterns: Screening high-value or cross-border activities for flagged customers.

4. Risk Mitigation Measures

• Escalation Process: Matches are flagged and escalated to compliance teams for review.
• Enhanced Due Diligence (EDD): For high-risk or flagged customers, additional documentation and verification are conducted.
• Decline or Exit: If a customer is confirmed to pose an unacceptable risk, the relationship is terminated or rejected.

Technological Tools for Screening

• Automated systems and machine-learning algorithms are widely used for efficient and accurate watchlist screening. Examples include:
  • Transaction monitoring platforms integrated with watchlists.
  • Real-time alerts for flagged individuals/entities.

The specific deadline for submitting a Suspicious Activity Report (SAR) after confirming a suspicion of Money Laundering (ML) or Terrorist Financing (FT) depends on the regulatory framework of the country or jurisdiction your organization operates in. CTFpay includes potential requirements in its procedures depending on the market in which it will operate or the market in which the CTFpay`s partner will operate. As a rule, CTFpay reports in Poland to GIFF on the dates described below

SAR Submission Deadlines by Jurisdiction

1. United States (FinCEN – Bank Secrecy Act):

• Deadline:
  • 30 calendar days from the date the suspicious activity is detected and the suspicion is confirmed.
  • If the subject’s identity is not determined, the deadline extends to 60 calendar days while attempting to identify them.
• Regulation: Bank Secrecy Act (BSA) and FinCEN guidelines.

2. European Union (EU AML Directives):

• Deadline:
  • Immediately or without undue delay after forming a reasonable suspicion of ML/FT.
  • While specific timelines vary by member state, this is typically interpreted as 1-3 business days.
• Regulation: 6th Anti-Money Laundering Directive (AMLD6) and national laws of EU member states.

3. United Kingdom (National Crime Agency – NCA):

• Deadline:
  • As soon as possible after confirming suspicion, typically interpreted as within 1 business day.
  • For requests requiring a Defense Against Money Laundering (DAML), a 7-working-day notice period applies, during which the NCA must respond, followed by a 31-calendar-day moratorium period if consent is refused.
• Regulation: Proceeds of Crime Act (POCA) 2002 and Money Laundering Regulations 2017.

4. Poland (General Inspector of Financial Information – GIIF):

• Deadline:
  • Immediately, but no later than 2 business days after confirming suspicion.
• Regulation: Polish AML/CTF laws in alignment with EU directives.

5. Australia (AUSTRAC):

• Deadline:
  • Within 24 hours if the suspicion relates to terrorism financing.
  • For other suspicious activities, within 3 business days.
• Regulation: Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

6. Canada (FINTRAC):

• Deadline:
  • 30 days from the date of detection of suspicious activity.
• Regulation: Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA).

7. Singapore (Suspicious Transaction Reporting Office – STRO):

• Deadline:
  • Without delay, generally interpreted as within 1 business day of confirming suspicion.
• Regulation: Corruption, Drug Trafficking, and Other Serious Crimes Act (CDSA).

Key Considerations

1. Timeliness:
   • Regulatory authorities emphasize filing SARs immediately or within the prescribed timeframe to ensure prompt action on potential ML/FT activities.
2. Ongoing Monitoring:
   • Continue monitoring the customer’s activities for additional suspicious transactions while the SAR is under review by authorities.
3. Compliance Risk:
   • Failure to submit SARs within the required deadlines may result in significant penalties or enforcement actions.
4. Incomplete Information:
   • Submit the SAR even if all details are not available, and follow up with updates as necessary.

FThe specific deadline for submitting a Suspicious Transaction Report (STR) upon identifying reasonable suspicion of Money Laundering (ML) or Terrorist Financing (FT) depends on the regulatory requirements of the jurisdiction your company operates in. CTFpay includes potential requirements in its procedures depending on the market in which it will operate or the market in which the CTFpay partner will operate. As a rule, CTFpay reports in Poland to GIFF on the dates described below

Typical Deadlines for STR Submission

1. United States (FinCEN – Bank Secrecy Act):
   • Deadline:
     • 30 calendar days from the date of detecting the facts that formed the basis of the suspicion.
     • If a subject’s identity is unknown, the deadline extends to 60 days while the institution attempts to identify them.
   • Regulation: Bank Secrecy Act (BSA).
2. European Union (EU AML Directives):
   • Deadline:
     • Immediately or without undue delay upon forming a reasonable suspicion.
     • The exact interpretation of „without undue delay” can vary by member state but is typically within 1-3 business days.
   • Regulation: AMLD (Anti-Money Laundering Directives).
3. United Kingdom (NCA – Proceeds of Crime Act 2002):
   • Deadline:
     • As soon as possible after forming the suspicion, typically within 1 working day for urgent cases.
     • A defense against money laundering (DAML) may be required for certain transactions, with a 7-working-day notice period and a 31-calendar-day moratorium period for consent.
   • Regulation: Proceeds of Crime Act (POCA) 2002.
4. Poland (General Inspector of Financial Information – GIIF):
   • Deadline:
     • Immediately, no later than 2 business days after forming a suspicion of ML/FT.
   • Regulation: National AML/CTF legislation in alignment with EU directives.
5. Other Jurisdictions:
   • Australia (AUSTRAC): Within 3 business days of forming a suspicion of ML/FT.
   • Canada (FINTRAC): Within 30 days of detecting suspicious activity.
   • Singapore (Suspicious Transaction Reporting Office – STRO): Without delay, generally interpreted as within 1 business day.

General Best Practices

• Internal Escalation: Ensure that suspicions are immediately escalated to the compliance team or MLRO for review.
• Filing Without Delay: Even if certain details are unavailable (e.g., customer identification), an STR should be submitted promptly, with updates provided as additional information becomes available.
• Regulatory Adherence: Failing to file within the prescribed timeframe may result in regulatory penalties or non-compliance risks.

Zawartość przełącznika

CTFpay conducts PEP monitoring, which is an automated process in the company that occurs in the AML/Kyc monitoring module. The rules for monitoring PEP`s are written in the procedure below .Procedures for handling PEPs by CTFpay  will follow  involve enhanced due diligence measures  and take stapes as follows

1. Definition and Identification

• Who is a PEP?
  A PEP is an individual who holds or has held a prominent public position, such as heads of state, government officials, judges, military leaders, or executives of state-owned enterprises. Family members and close associates of PEPs are also considered in this category.
• Identification Process:
  • Conduct screening during customer onboarding using PEP databases and watchlists.
  • Regularly update and rescreen your customer database to identify new PEPs or changes in status.

2. Risk Assessment

• Categorization: Assess the risk level associated with the identified PEP based on their role, influence, and geographical risk (e.g., involvement in high-corruption countries).
• Factors Considered:
  • Source of wealth and funds.
  • Nature of the business relationship.
  • Transaction patterns or activities.

3. Enhanced Due Diligence (EDD)

For PEPs, CTFpay will also  implement the following additional measures:

• Obtain senior management approval before establishing or continuing the business relationship.
• Understand the source of wealth and source of funds to ensure legitimacy.
• Conduct ongoing monitoring of the business relationship and transactions to detect suspicious activities.
• Apply stricter transaction thresholds or restrictions where necessary.

4. Monitoring and Reporting

• Implement continuous monitoring of transactions involving PEPs to identify unusual or suspicious activities.
• Report suspicious activities to the relevant Financial Intelligence Unit (FIU) or regulatory authority in compliance with local regulations.
• PEP`S classification according to class hierarchy, Class 1 is the most exposed people, Class 4 is less exposed people.
• Giving higher security priorities to the Rules describing PEP C1 and phasing down towards PEP C4
• Software support using tools available in the service agreement between CTFpay and the AML monitoring software provider

5. Training and Awareness

• Provide training to staff on identifying and managing PEP-related risks.
• Ensure employees understand the legal and regulatory obligations concerning PEPs.

Additional Notes on Company-Specific Policies

• Internal Risk Scoring Systems: Assigning a risk score based on various factors to decide the level of monitoring required.
• Audit and Review Mechanisms: Regular audits to ensure compliance with internal policies and regulatory standards.
• Sanction Screening Tools: Integration of automated tools for real-time PEP and sanction screening.

Suspicious Transaction/Activity Reporting (STR/SAR) procedures, from initial detection to submission to the relevant regulator. The local authority competent to receive notifications from CTFpay in Poland is the General Inspector of Financial Information (GIIF)

STR/SAR Procedures and Workflow

1. Detection of Suspicious Activity

The process begins with identifying potentially suspicious transactions or activities through:

• Transaction Monitoring Systems (TMS):
  • Automated alerts generated based on predefined rules, such as unusual transaction amounts, patterns, or destinations.
• Manual Identification:
  • Employees, such as branch staff or relationship managers, identify suspicious behavior (e.g., unusual customer requests, inconsistent documentation).
• Customer Complaints or External Triggers:
  • Reports from whistleblowers or third-party entities.

2. Preliminary Review and Investigation

Once suspicious activity is detected:

• Initial Review:
  • Analysts or compliance officers review the flagged activity to confirm its validity.
  • Steps include:
    • Checking transaction details (amounts, frequency, and destinations).
    • Reviewing the customer’s profile, including KYC and risk rating.
    • Assessing past transaction history to identify anomalies.
• Classification of Alerts:
  • False Positives: Alerts that align with normal customer behavior and require no further action.
  • Potentially Suspicious: Alerts needing deeper investigation.
• Documentation:
  • All findings are logged, including why an alert was cleared or escalated.

3. In-Depth Investigation

For potentially suspicious activities:

• Enhanced Investigation:
  • Cross-referencing customer activities with external databases (e.g., PEP lists, sanctions databases).
  • Identifying links to other suspicious transactions or accounts.
  • Verifying documents provided by the customer (e.g., invoices, contracts).
• Red Flags Considered:
  • Structuring transactions below regulatory thresholds.
  • Unexplained large cash transactions.
  • Frequent international transfers to high-risk jurisdictions.
  • Transactions inconsistent with the stated business or personal profile.
• Decision Point:
  • The investigator determines whether the activity meets the threshold for reporting to the regulator.

4. Escalation to Compliance or MLRO

If the activity is deemed suspicious:

• Escalation Process:
  • The case is forwarded to the Money Laundering Reporting Officer (MLRO) or a designated compliance officer.
• MLRO Review:
  • Conducts a thorough analysis to confirm whether the activity is reportable.
  • Evaluates evidence, including transaction patterns, customer intent, and external risk factors.
• Preparation for Reporting:
  • MLRO ensures all necessary documentation and details are collected, such as:
    • Customer details (e.g., name, account number, address).
    • Transaction details (e.g., dates, amounts, recipients).
    • Reasons for suspicion and relevant evidence.

5. Preparation and Filing of STR/SAR

• Report Compilation:
  • A formal Suspicious Transaction/Activity Report (STR/SAR) is prepared, including:
    • Narrative description of the suspicious activity.
    • Supporting evidence (e.g., transaction logs, communications).
    • Analysis of how the activity breaches AML/CTF regulations.
• Internal Approval:
  • Senior compliance officers or committees may review the report before submission.
• Confidentiality:
  • All reporting processes are confidential to prevent tipping off the involved parties.

6. Submission to Relevant Regulator

• Regulatory Reporting:
  • The finalized STR/SAR is submitted to the Financial Intelligence Unit (FIU) or relevant authority. Examples include:
    • USA: FinCEN (Financial Crimes Enforcement Network).
    • UK: NCA (National Crime Agency).
    • EU: Local FIUs as per EU AML directives.
    • Poland: Generalny Inspektor Informacji Finansowej (GIIF).
• Deadlines:
  • Most jurisdictions mandate specific timeframes for submission after detection (e.g., within 24-72 hours).
• Digital Submission:
  • Reports are often submitted via secure electronic portals provided by the regulator.

7. Post-Submission Follow-Up

• Acknowledgment:
  • Regulators may provide an acknowledgment receipt after submission.
• Further Requests:
  • The regulator may request additional details or clarification.
• Ongoing Monitoring:
  • The institution continues to monitor the customer and account for any additional suspicious activity.

8. Record-Keeping

• Retention Period:
  • STR/SARs and supporting documentation must be retained for a specified period (e.g., 5-10 years depending on jurisdiction).
• Audit Trails:
  • Maintain detailed records of all decisions, escalations, and communications to ensure compliance during audits.

Key Considerations for STR/SAR Processes

1. Timeliness:
   • Ensure rapid escalation and reporting to meet regulatory deadlines.
2. Confidentiality:
   • Protect the identity of individuals involved in reporting and investigation to avoid legal repercussions.
3. Training:
   • Regular training for staff to recognize suspicious activities and ensure they understand internal escalation protocols.
4. Technology Support:
   • Use automated systems for monitoring and SAR preparation to reduce human error and increase efficiency.
5. Regulatory Updates:

Stay updated on changing reporting obligations and thresholds across jurisdictions.

The documents collected during the KYC (Know Your Customer) and KYB (Know Your Business) The type and method of collecting documentation by CTFpay from both individuals and business entities is described in the procedure below. The tools for such verification are provided by an external company iComplyis.com, of which CTFpay is a subscriber Below is a comprehensive breakdown of the key documents typically required in these processes:

KYC Documents for Individual Clients

The purpose of collecting these documents is to verify the identity, address, and risk profile of the individual client.

1. Proof of Identity:

• Government-issued ID, such as:
  • Passport
  • National ID card
  • Driver’s license
  • Residency card (if applicable)
• For enhanced due diligence (EDD), additional IDs may be requested.

2. Proof of Address:

• Utility bills (e.g., electricity, water, gas) issued within the last 3 months.
• Bank statements with an official address.
• Government-issued residency certificates.
• Lease or rental agreements.

3. Source of Funds/Wealth:

• Payslips or employment contracts.
• Tax returns or income statements.
• Investment statements.
• Inheritance documents (if applicable).

4. Risk-Specific Documents (if flagged):

• Politically Exposed Person (PEP) declaration or additional screening results.
• Sanctions screening or adverse media reports.

KYB Documents for Corporate Clients

For corporate clients, the KYB process involves verifying the legal existence, ownership structure, and financial activities of the business entity.

1. Proof of Business Registration:

• Certificate of incorporation or registration.
• Trade license or business license.
• Articles of association or partnership agreements.

2. Proof of Address:

• Business utility bills (recent).
• Lease agreement for business premises.
• Registered address document.

3. Ownership and Management Information:

• List of directors or executives.
• Shareholder registry or ownership structure document.
• Ultimate Beneficial Owner (UBO) declarations (if applicable).

4. Financial Documents:

• Recent audited financial statements.
• Tax registration number or recent tax filings.
• Bank statements (usually from the last 3-6 months).

5. Risk-Specific Documents:

• For high-risk entities:
  • Additional proof of source of funds.
  • Documents on transactions with high-risk jurisdictions.
  • Enhanced due diligence reports (e.g., PEP screening).

6. Industry-Specific Licenses (if applicable):

• Financial institutions: Regulatory approvals or licenses.
• Nonprofits: Proof of registration with relevant charity boards.
• Other regulated industries: Specific operational licenses (e.g., import/export permits).

Exchange of Documents in Practice

1. Collection Methods:
   • Secure portals for document uploads.
   • Physical submission (in branches or offices).
   • Email submission (secured with encryption, if permitted).
2. Verification Processes:
   • Identity documents are verified through:
     • Government databases.
     • Third-party identity verification services.
   • Corporate documents are cross-checked with:
     • Registries (e.g., Companies House in the UK, or equivalent).
     • Public business records.
3. Storage and Security:
   • All documents must be securely stored in compliance with data protection laws (e.g., GDPR, CCPA).
   • Regular audits ensure the accuracy and up-to-date status of stored records.
4. Ongoing Monitoring:
   • Clients are subject to periodic updates (e.g., every 1-3 years) and monitoring for high-risk indicators.

CTFpay conducts a periodic review depending on the risk category. The standard procedure is described below along with the time periods indicated. The frequency of periodic reviews based on the risk category assigned to a client as part of the risk assessment:

Suggested Frequency of Periodic Review Based on Risk Category

Additional Guidelines:

• High-Risk Clients:
  High-risk clients, such as Politically Exposed Persons (PEPs), clients in high-risk industries (e.g., cryptocurrency, casinos), or clients from high-risk jurisdictions, should be reviewed more frequently. These clients may also require ongoing monitoring and review of their transactions to identify any suspicious activities.
• Medium-Risk Clients:
  These clients, such as those with moderate exposure to risk (e.g., businesses with international operations or clients from moderately risky regions), should undergo reviews at a more moderate frequency, generally every two years. However, if there are any changes in their risk profile (e.g., a significant change in the ownership structure), their review should be expedited.
• Low-Risk Clients:
  Clients who are considered low-risk, such as individuals with stable financial profiles or businesses in low-risk industries, can be reviewed less frequently, typically every three years. If there are no significant changes in their profile or transaction behavior, their review cycle may be extended.

Review Triggers:

In addition to the standard review cycle, clients may require a review triggered by the following:

• Changes in the client’s behavior or transaction patterns (e.g., significant increase in transaction volume).
• Changes in regulations or sanctions affecting the client’s jurisdiction or industry.
• Major events (e.g., changes in business ownership, political status, or legal circumstances).

The timeframe for retaining Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) varies by jurisdiction and organizational policy. The jurisdiction suitable for CTFpay is Poland with the relevant GIFF authority indicated in the procedure below:

General Retention Periods

1. USA (FinCEN):
   • Retention Period: Minimum of 5 years from the date of filing the SAR.
   • Regulation: As per the Bank Secrecy Act (BSA), all records related to SARs and supporting documents must be preserved for this period.
2. European Union (EU AML Directives):
   • Retention Period: Typically 5 years, with the possibility of extension to 10 years in some countries if deemed necessary for ongoing investigations or compliance.
   • Directive: EU AMLD specifies a 5-year retention period for records, including SARs, after the relationship with the customer ends.
3. United Kingdom (NCA):
   • Retention Period: Minimum of 5 years under the Money Laundering Regulations 2017.
   • Additional Requirements: SARs and related documentation should be kept for audit and compliance purposes.
4. Poland (GIIF):
   • Retention Period: At least 5 years from the date of filing the STR or SAR.
   • National Regulation: Based on Polish AML/CTF laws aligned with EU directives.
5. Other Jurisdictions:
   • Most countries require a minimum 5-year retention period; however, this may vary based on national laws and industry practices.

Key Considerations for Your Company

• Regulatory Compliance: Confirm the specific requirements for the jurisdiction(s) your company operates in. Regulators may have unique stipulations for SAR retention.
• Internal Policies: Some companies retain SARs longer (e.g., up to 10 years) to mitigate risks during audits or investigations.
• Confidentiality: Maintain strict access controls to protect SAR-related data, as unauthorized disclosure is prohibited by law in most jurisdictions.

Ongoing Obligations

• Audits: Retained SAR data must be accessible for audits, regulatory inquiries, and internal reviews.
• Disposal: After the retention period expires, ensure SARs are securely disposed of, following data protection regulations (e.g., GDPR for EU-based companies).

At the moment CTFpay uses the extended software provided to CTFpay by iComply. Taking into account the legal requirements CTFpay will extend the scanning and monitoring modules according to the procedure described below

Transaction Monitoring (TM) Policy and Thresholds

1. Purpose of the TM Policy

The Transaction Monitoring Policy establishes guidelines for identifying, detecting, and mitigating suspicious or unusual transactions. Its primary objective is to ensure compliance with Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), and other regulatory requirements.

2. Key Components of a TM Policy

• Scope and Objectives:
  • Monitor all customer transactions in real-time or through batch processing.
  • Detect potential indicators of money laundering, fraud, or regulatory violations.
• Roles and Responsibilities:
  • Define responsibilities for compliance teams, investigators, and reporting officers.
  • Outline procedures for escalating suspicious activities.
• Risk Assessment:
  • Categorize customers and transactions by risk levels (e.g., low, medium, high).
  • Regularly update the risk matrix based on emerging trends and typologies.
• Data Sources:
  • Include transaction records, customer profiles, risk assessments, and historical data.
• Threshold Parameters:
  • Set specific thresholds for triggering alerts, based on customer profiles, transaction patterns, and jurisdictions.

3. Transaction Monitoring Thresholds

Thresholds are criteria used to flag unusual activities and vary depending on the institution’s risk appetite, customer base, and regulatory requirements. Below are examples of common TM thresholds:

High-Risk Customers/Transactions:

• Large cash deposits or withdrawals exceeding predefined limits (e.g., $10,000).
• Wire transfers to/from high-risk jurisdictions or sanctioned countries.
• Transactions involving Politically Exposed Persons (PEPs) exceeding a defined threshold.

Unusual Account Activity:

• Abrupt changes in transaction volume or frequency.
• Transactions inconsistent with a customer’s historical profile (e.g., a sudden large wire transfer by a dormant account).
• Round-dollar transactions or repetitive patterns with no business justification.

Geographic Risk:

• Transactions routed through high-risk jurisdictions or offshore financial centers.
• Multiple international wire transfers in quick succession, exceeding cumulative limits.

Velocity Monitoring:

• Exceeding a set number of transactions within a specified timeframe (e.g., 10 transactions per day).
• Rapid movement of funds between multiple accounts with minimal balances retained.

Structuring/Smurfing:

• Transactions structured to avoid reporting thresholds (e.g., multiple deposits below $10,000).
• Frequent splitting of transactions into smaller amounts.

4. Alert Handling and Escalation

• Initial Review: Alerts are reviewed by the transaction monitoring team for false positives.
• Investigation: Suspicious transactions are escalated to investigators for in-depth analysis.
• Reporting: Confirmed suspicious activities are reported via Suspicious Activity Reports (SARs) to regulatory authorities.

5. Policy Review and Update

• Regularly review and update thresholds to account for emerging risks, regulatory changes, and system improvements.
• Conduct periodic audits and validations to ensure the system’s effectiveness.

6. Key Tools and Technology

• Automated TM systems with machine learning to reduce false positives.
• Real-time alerts for critical thresholds.
• Dashboards for compliance teams to visualize risk trends and manage cases.

7. Metrics for Success

• Reduction in false positives.
• Timely detection and escalation of suspicious activities.
• Compliance with regulatory reporting deadlines.

The process of customer risk assessment by CRFpay is automated using various tools and databases to streamline and enhance the effectiveness of compliance efforts. Specific data and tools regarding the scope of databases and instruments for Customer Monitoring are included in the software provided to CTFpay by the third party provider iComply

Automation in Customer Risk Assessment

1. Tools and Databases for Screening and Risk Assessment
2. Risk Assessment Tools

• Refinitiv World-Check: A widely used database for screening customers against global sanctions, PEP lists, adverse media, and high-risk individuals/entities.
• Dow Jones Risk & Compliance: Provides comprehensive screening solutions for AML and sanctions compliance, including PEP and sanctions list monitoring.
• LexisNexis World Compliance: Offers automated customer screening and ongoing monitoring, including access to global sanctions lists and adverse media databases.
• Acuris (formerly Mergermarket): Provides investigative data, adverse media, and PEP screening tools.

1. AML and KYC Platforms

• Actimize (NICE): A leading platform for automated AML solutions, providing transaction monitoring, KYC onboarding, and risk assessments.
• Fenergo: Offers client lifecycle management and KYC solutions that automate risk assessments, PEP screening, and ongoing monitoring.
• Trulioo: A global identity verification platform that automates the process of assessing customer risk in real-time, including KYC checks.
• Onfido: A technology-driven platform focused on identity verification and risk-based assessments, often used for online customer onboarding.

2. Automation in Risk Assessment Process

• Screening: Automated checks against:
  • Global sanctions lists (OFAC, EU, UN, etc.)
  • PEP databases
  • Adverse media sources
  • High-risk jurisdictions and industry watchlists
• Risk Scoring: Automated risk scoring based on factors such as:
  • Geographic location of the customer
  • Industry type (e.g., financial services, gambling)
  • Transactional behavior
• Profile Updates: Automated triggers for periodic reviews based on changes in the customer’s transaction behavior or risk profile.
• Alerts and Escalations: Automated alerts when a customer matches a high-risk category or adverse media report. These are escalated to compliance teams for further investigation.

3. Integration with Other Systems

• Many AML/KYC tools can be integrated with existing core banking systems or CRM software to ensure seamless workflow and consistent data flow across the organization.
• APIs can connect automated risk assessment systems with external databases for real-time updates on sanctions and PEP lists.

Process Flow Using Automated Tools

1. Customer Onboarding:
   • The customer’s identity and background information are entered into an automated KYC platform.
   • The system runs real-time checks against global sanctions lists, PEP lists, and adverse media sources.
2. Risk Assessment and Scoring:
   • Based on the data gathered, the system automatically generates a risk score that classifies the customer as low, medium, or high risk.
   • If the customer’s score is high risk, the system may trigger an Enhanced Due Diligence (EDD) process.
3. Ongoing Monitoring:
   • The system continuously monitors the customer’s transactions for suspicious activity or any changes in their risk profile.
   • Automated alerts are generated for any significant changes, and the risk assessment is updated accordingly.