Effective date: October 24, 2024
1. Introduction
This Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) Policy (hereinafter referred to as "the Policy") is intended to be read in conjunction with the User Agreement, the Privacy Notice and Risk Disclosure Notice of the Platform. Unless otherwise defined herein, all capitalized terms used shall have the same meanings defined in the User Agreement and the Privacy Notice. For the avoidance of doubt, this Policy serves solely as general information and is not legally binding on the Platform or any other individual or entity (natural person or otherwise).
2. Purpose of the Policy
We are committed to maintaining an effective compliance program that meets legal requirements and aligns with industry best practices. Our approach is grounded in a zero-tolerance policy toward transactions linked to money laundering, terrorism financing, sanctioned entities, and high-risk jurisdictions, as such activities undermine the integrity and reputation of our Platform and global financial security.
We acknowledge that regulatory authorities worldwide have adopted different approaches to AML/CTF due to disparities in circumstances, regulatory frameworks, risk levels, financial infrastructures, and other factors across jurisdictions. Given this diversity, and recognizing that our Platform operates on a global scale, we are committed to closely adhering to international standards, including the recommendations of the Financial Action Task Force (FATF). However, if the legal requirements of a particular jurisdiction where the customer is located are stricter than the provisions of this Policy, such legal requirements shall prevail.
In support of global efforts to combat money laundering and terrorism financing, we adopt the following principles:
a. Layered Risk-Based Approach
We implement a layered risk-based approach, allocating resources and applying controls proportionate to the risk level identified in our business activities. This includes:
i. Customer Due Diligence (CDD): Conducting thorough due diligence on all customers, including any authorized representatives.
ii. Enhanced Due Diligence (EDD): When necessary, performing enhanced due diligence to protect our reputation and ensure compliance with legal requirements.
iii. Ongoing Monitoring: Implementing continuous monitoring of customers and transactions to identify and respond to emerging risks.
b. High Ethical Standards
We uphold the highest ethical standards in our business practices, striving to prevent, to the fullest extent possible, the establishment of any business relationships associated with or potentially contributing to money laundering or terrorism financing.
c. Cooperation with Legal Authorities
We will cooperate with legal and regulatory authorities to the maximum extent permitted by law, supporting efforts to prevent and mitigate the risks associated with money laundering and terrorist financing.
3. Risk-Based Approach
Our risk-based approach aligns with the recommendations of the Financial Action Task Force (FATF) and the regulatory expectations across relevant jurisdictions. We conduct regular risk assessments to identify emerging threats and update internal controls accordingly. The assessments cover risks associated with products, services, customers, and geographical locations, ensuring a comprehensive and proactive strategy, which may include:
a. Identification of Risk Factors: Key factors include the identity of our customers, customer profiles, transaction patterns and jurisdictions or countries from or in which our customers are located.
b. Risk Categorization: Identified risks are categorized into levels (e.g., low, medium, high) based on their impact and likelihood, allowing prioritization of high-risk cases.
c. Ongoing Monitoring and Review: We regularly monitor risks and assess review controls, updating assessments in response to operational, product, or regulatory changes.
4. Customer Due Diligence (CDD)
We conduct CDD procedures for all customers, verifying identity and understanding the nature of their activities, and do not open, maintain, or accept anonymous or pseudonymous accounts.
CDD is a core part of our AML/CTF framework. It ensures that customers' identities are verified, their business nature is understood, and potential risks are assessed. We will not establish a business relationship with, or execute trades for, any customer if we have reasonable grounds to suspect that their assets or funds are derived from or linked to criminal or money-laundering activities. In such cases, we will file a Suspicious Transaction Report (STR) and submit a copy to the relevant Financial Intelligence Unit (FIU).
We will conduct CDD procedures in the following circumstances:
- When entering into a business relationship with customers.
- When executing transactions on behalf of customers who have not established a business relationship with us.
- When receiving cryptocurrency transfers for customers who do not have a business relationship with us.
- When money laundering or terrorist financing seems to be probable.
- When there is doubt about the accuracy or adequacy of any customer information.
If we suspect that two or more transactions may be connected or that a single transaction has been deliberately broken down into smaller transactions to circumvent AML/CFT controls, we will treat such transactions as a single transaction. The total value will be aggregated to ensure compliance with AML/CFT requirements.
a. Customer Information Collection
As part of our Know Your Customer (KYC) process, we will collect and verify the following essential information from all customers who are natural persons:
i. Full Legal Name: Customers are required to provide their full legal name as it appears on official identification documents and also aliases (if applicable). This ensures accurate identification and mitigates the risk of fraudulent or fictitious identities.
ii. Date of Birth: Customers must supply their complete date of birth to verify age eligibility and to comply with jurisdiction-specific legal requirements regarding age-related restrictions.
iii. Residential Address: When a certain threshold is met, we may also collect and verify the customer's current residential address. This information will be corroborated with official documents (e.g., utility bills, bank statements) to ensure accuracy and help assess the customer's geographical risk profile.
iv. Nationality and Country of Residence: Customers are required to declare their nationality and country of residence. This information helps identify the applicable regulatory and sanctions compliance requirements, including jurisdictional risks.
v. Contact information which may include the mobile phone number, email address, and home address.
vi. Other additional information or documents requested by the Platform.
Where the customer is a legal person (e.g., corporate entity or organization), we will collect and verify the following information:
vii. Legal Entity Name: The full registered name of the corporate entity or organization as listed on official registration documents.
viii. Registration Number and Legal Form: The unique registration number and legal structure of the entity (e.g., corporation, limited liability company, partnership).
ix. Incorporation or Registration Documents: A certified true copy of the certificate of incorporation, articles of association, certificate of incumbency and/or equivalent documents that verify the entity's current legal status.
x. Registered Address and Principal Place of Business: The official registered address of the entity, as well as its primary business address, if different.
xi. Identification of Directors and Senior Management: Full names, positions, and identification documents for directors and key management personnel.
xii. Ultimate Beneficial Ownership (UBO) Information: Details of the individuals who ultimately own or control the legal entity, including full names, nationalities, and identification documents. This typically applies to individuals who own 25% or more of the entity.
xiii. Authorized Signatories: Identification and verification of individuals authorized to act on behalf of the entity, including providing documentation of their authority to represent the company for matters in connection with our Platform.
xiv. Business Activities and Source of Funds: Description of the entity's primary business activities and the source of funds used for transactions.
xv. Sanctions and Adverse Media Screening: Conduct screening to ensure that the entity, its owners, and key individuals are not subject to international sanctions or involved in negative media linked to illegal activities.
b. Verification of Identification Documents
To verify the identity of each customer who is a natural person, we require the submission of official identification documents, which may include but are not limited to:
- Government-Issued Identification: Customers must provide valid, unexpired, government-issued identification, such as a passport, national Identity Card, or driver's license. These documents are checked for authenticity, ensuring the customer is who they claim to be.
- Proof of Address: We may request a copy of recent (no older than three months) proof of address documentation, such as utility bills, bank statements, or government-issued correspondence, to validate the customer’s declared residential address.
- Additional Documentation for Higher-Risk Customers: In the case of higher-risk customers, additional verification measures may be required, such as providing multiple forms of identification, additional proof of source of funds, or a declaration of beneficial ownership.
To verify the identity of each legal entity customer, we require the submission of official identification documents, which may include but are not limited to the following:
- Certificate of Incorporation or Registration: An official document issued by the relevant government authority confirming the legal existence and registration details of the entity.
- Articles of Association or Memorandum of Association: Documents that outline the entity's internal governance, structure, and objectives.
- Business License: Where applicable, a valid business license or permit indicating the legal authorization for the entity to conduct its business activities.
- Company Registry Extract: A recent extract from the relevant company registry, providing up-to-date information about the entity's registration, directors, and shareholders.
- Identification Documents for Directors and Beneficial Owners: Copies of government-issued identification (e.g., passport, national ID) for directors, senior management, and individuals who are beneficial owners (usually those owning 25% or more of the entity).
- Proof of Registered Address: A recent utility bill, bank statement, or other official document confirming the entity's registered address.
- Board Resolution Authorizing the Account Opening: A document demonstrating that the entity's board of directors has authorized the opening of the account and designated authorized signatories.
- Power of Attorney or Letter of Authorization: If applicable, documentation that authorizes specific individuals to act on behalf of the legal entity.
c. Digital Verification Tools
We may employ digital verification technologies to verify the identity or identification documents of our customers. These may include:
- Biometric Verification: Facial recognition technology may be used to match the customer's photograph on the government-issued ID with a live photo or video submitted during the on-boarding process.
- Document Authenticity Verification: Automated tools will check the legitimacy of identification documents by examining security features, expiration dates, and comparing them against global databases of known fraudulent documents.
5. Enhanced Due Diligence (EDD)
We implement enhanced measures to assess and manage the risks associated with higher-risk customers, transactions, and jurisdictions. This includes comprehensive information gathering, ongoing monitoring, and increased scrutiny to effectively identify, mitigate, and report potential money laundering and terrorism financing risks. As part of this approach, we conduct adverse media screening to identify any potential risks linked to customers or transactions. Should any adverse media be identified, customers will be subject to EDD, with appropriate actions taken based on the severity and nature of the findings.
We recognize that EDD is required in circumstances that include, but are not limited to, the following:
- Politically Exposed Persons (PEPs): Customers who are PEPs, or have close associates or family members who are PEPs, due to the potential for involvement in corruption or misuse of power.
- High-Risk Jurisdictions: Customers from, or conducting transactions, involving countries identified as having weak AML/CFT controls, high levels of corruption, or being subject to international sanctions.
- Complex or Unusual Business Structures: Customers with complex ownership structures that appear to have no clear or legitimate economic purpose, such as multiple layers of ownership or shell companies.
- Anonymous or High-Value Transactions: Transactions involving high monetary value, conducted in cash or with digital assets that enhance anonymity, such as privacy-focused cryptocurrencies.
- Frequent or Unusual Transaction Patterns: Customers exhibiting unusual transaction behaviors, such as high-frequency trading, rapid movement of funds across accounts, or significant changes in transaction activity without a clear business reason.
- High-Risk Business Activities: Customers engaged in industries or business activities that are commonly associated with higher money laundering risks, such as gambling, cryptocurrency exchanges, offshore financial services, or cash-intensive businesses.
- Non-Face-to-Face Customers: Customers who open accounts or conduct transactions without face-to-face interaction, which may increase the risk of identity fraud or misrepresentation.
- Adverse Media or Negative Publicity: Customers or beneficial owners who have been the subject of adverse media coverage or negative information related to financial crimes, fraud, or other illegal activities.
- Use of Intermediaries: Customers utilizing intermediaries or third parties to conduct transactions on their behalf, which may obscure the true identity or ownership of assets.
6. Ongoing Monitoring
Continuous monitoring of transactions is performed to detect suspicious activities. We utilize automated systems alongside manual reviews to flag unusual patterns, high-value transactions, or activity involving high-risk jurisdictions. Alerts generated by monitoring systems are reviewed by compliance personnel for further investigation.
- Monitoring Criteria: Transactions are monitored based on various criteria, including but not limited to:
- Unusual Patterns: Transactions that deviate significantly from a customer's established transaction behavior.
- High-Value Transactions: Transactions that exceed predefined monetary thresholds or involve substantial cash amounts.
- Frequent Transactions: Multiple transactions occurring within a short timeframe or frequent alterations in transaction patterns.
- International Transfers: Cross-border transactions, particularly those involving high-risk jurisdictions or unusual routing.
- Unusual Account Activity: Transactions that appear inconsistent with a customer's known business activities or profile.
- Automated Monitoring Systems: We utilize automated systems to continuously analyze transactions in real time. Alerts generated by these systems are subject to review and investigation by our compliance team.
- Manual Reviews: Transactions flagged by automated systems undergo manual reviews by trained compliance personnel. These assessments evaluate the context and potential risk associated with flagged transactions.
7. Sanctions Screening and Watchlist Screening
We conduct thorough sanctions screening and watchlist screening for all customers and transactions against sanctions lists. Sanctions Lists are databases maintained by governments, international organizations, or regulatory authorities that identify individuals, entities, and countries subject to economic or trade restrictions. Our screening includes Sanctions Lists from various jurisdictions and regulatory bodies, including but not limited to:
- Office of Foreign Assets Control (OFAC) – U.S. Department of the Treasury
- United Nations Security Council (UNSC) Sanctions List
- European Union (EU) Sanctions List
- Her Majesty's Treasury (HMT) – UK Sanctions List
- Monetary Authority of Singapore (MAS) – Sanctions and Restrictions List
- Australian Department of Foreign Affairs and Trade (DFAT) Sanctions List
- Local national sanctions lists where we operate
The Sanctions List also includes a screening of jurisdictions subject to comprehensive sanctions or significant restrictions. We will not engage in business relationships or facilitate transactions involving these jurisdictions. The list of sanctioned jurisdictions includes, but is not limited to:
- North Korea
- Iran
- Syria
- Cuba
- Sudan
- Crimea region of Ukraine
- Donetsk People's Republic (DPR) region of Ukraine
- Luhansk People's Republic (LPR) region of Ukraine
- Russia (specific sanctions apply to certain sectors, individuals, and entities)
Our sanctions screening covers all relevant jurisdictions based on updates from regulatory bodies, ensuring compliance with international sanctions and restrictions. Our screening procedures ensure that we do not engage with or facilitate transactions involving individuals, entities, or countries subject to these sanctions. Transactions involving sanctioned individuals or entities are immediately suspended, and assets may be frozen if required by law. Any confirmed matches will be reported to the appropriate regulatory authorities.
We regularly screen customers and transactions against various watchlists, including lists of PEPs, individuals involved in financial crimes, and other high-risk entities. Watchlist screening helps us identify potential risks and ensures EDD is applied where necessary.
- Handling Positive Matches
When a customer, transaction, or counterparty is identified as a match to a Sanctions List or watchlist, we will take the following actions:
- Investigation of Match: We will immediately investigate the positive match to determine whether it is a true or false positive. This may involve gathering additional information from the customer or counterparty to clarify their identity and business activities.
- Reporting to Compliance Officer: All confirmed matches will be escalated to the Compliance Officer for further review and decision-making.
- Suspension of Transactions: Any transaction or business relationship involving a confirmed sanctioned individual or entity will be immediately suspended, pending further investigation.
- Freezing of Assets: If required by sanctions regulations, we will freeze any assets or funds associated with the sanctioned individual or entity.
- Regulatory Reporting: We will file a report with the relevant regulatory authorities when a sanctioned match is confirmed.
- Escalation and Senior Management Review
In cases where there is uncertainty about a potential sanctions match, our Compliance Officer will escalate the case to senior management. Senior management will assess the risks associated with the transaction or customer relationship and determine whether to proceed, suspend, or terminate the business relationship in accordance with regulatory requirements.
- Use of Technology and Third-party Providers
- Automated Sanctions Screening Tools: We engage and utilize advanced technology solutions to automate the screening process for customers, transactions, and counterparties. These tools continuously monitor all parties against updated Sanctions Lists from various jurisdictions.
- Third-Party Databases: We engage with reputable third-party service providers that maintain comprehensive and up-to-date Sanctions Lists to ensure accurate and timely screening.
- Sanctions Screening for Cryptocurrencies
Given the unique risks associated with cryptocurrencies, we will apply sanctions screening to all cryptocurrency wallets and transactions. This includes:
- Screening the origin and destination wallets involved in cryptocurrency transactions against Sanctions Lists.
- Monitoring blockchain activity for transactions involving sanctioned entities or individuals.
- Sanctions Evasion Prevention Policy
We will monitor and assess transactions to detect any potential indicators of sanctions evasion, including but not limited to the following:
- Use of Intermediaries or Shell Companies: Any attempts to obscure the involvement of sanctioned entities using intermediaries or shell companies will be flagged for further investigation.
- Routing Transactions through Non-Sanctioned Jurisdictions: We will monitor for transactions routed through jurisdictions not subject to sanctions, which may be intended to obscure the ultimate beneficiary or origin of funds.
- Unusual Transaction Patterns or Behaviors: We will analyze transaction patterns and client behaviors that deviate from expected norms, particularly those that suggest an attempt to evade sanctions detection.
Any detected attempt to evade sanctions may be treated as a confirmed match and reported to the relevant authorities, in accordance with applicable AML and sanctions regulations.
8. Travel Rule Compliance
In certain jurisdictions, we will ensure compliance with global AML regulations, including FATF Recommendation 16 regarding the Travel Rule, and we adopt the following procedures:
- Identification of Transactions
- Transaction Thresholds: We establish thresholds for transactions that trigger the Travel Rule. The exact thresholds for triggering the Travel Rule vary by jurisdiction, but typically, the rule applies to transactions of USD 1,000 or equivalent or higher. However, some jurisdictions may require lower thresholds for certain types of transactions.
- Aggregate Transactions: The Travel Rule requirements will also apply to multiple smaller transactions taking place within a 24-hour period (for example) that in aggregate exceed the transaction thresholds.
- Automated Monitoring: Implement automated systems to monitor transactions in real time for compliance.
- Verification: All transmitted information will be verified through our KYC, CDD, and EDD procedures.
- Collecting Required Information
- Sender and Receiver Information: We collect and store necessary information for both the sender and receiver of funds:
- Originator Information includes:
- Originator's name
- Physical address
- Date of birth or national identification number
- Account number or unique wallet identifier
- Beneficiary Information includes:
- Full legal name
- Physical address
- Account number or unique wallet identifier
- Transaction Information
- Amount: The total amount of the transaction, including the type of digital asset.
- Date: The date and time of the transaction initiated.
- Purpose of Transaction (if required by specific jurisdictions).
- Other Optional Information (Jurisdiction-Specific)
- Nationality or National ID Number: Some jurisdictions may require the sender or receiver's national identification number or passport number.
- (KYC) Information: Some regulators may request additional KYC information, such as the sender's or beneficiary's employment details or nature of business.
- Originator Information includes:
- Data Retention and Privacy
- Secure Storage: We ensure that collected data is securely stored and protected against unauthorized access.
- Retention Period: We usually keep records for a minimum of five (5) years.
d) Reporting and Record Keeping
- Transaction Records: Detailed records of all transactions subject to the Travel Rule will be stored in our system.
- Audit Trail: An audit trail for compliance monitoring is maintained in order to ensure all transactions can be traced back through our systems.
e) Training and Awareness
- Staff Training: Regular training sessions will be provided for all employees on AML regulations and internal procedures concerning the Travel Rule.
- Compliance Culture: We seek to foster a culture of compliance, ensuring all employees recognize the significance of adhering to these procedures.
f) Third-party Compliance
We also conduct due diligence on third-party service providers to confirm their compliance with the Travel Rule.
g) Incident Reporting
- Suspicious Activity Reporting: A protocol for reporting suspicious transactions to relevant authorities will be established in accordance with the legal requirements of the jurisdictions where we operate.
- Internal Review: Internal review of transactions flagged as suspicious will be conducted.
h) Regular Audits and Compliance Reviews
- Internal Audits: Regular audits of compliance procedures will be conducted to identify areas for improvement.
- Policy Updates: Policies and procedures will be updated as necessary based on regulatory changes or best practices.
i) Customer Communication
- Transparency: Customers will be informed about how their data is utilized and the importance of compliance with AML regulations.
- Support Channels: Accessible channels will be provided for customers to inquire about compliance procedures.
9. Transaction Reporting
We comply with all relevant reporting obligations, including the submission of Suspicious Activity Reports (SARs) when activities suggest potential money laundering or terrorism financing.
Reports are prepared promptly and submitted to the appropriate regulatory authorities as required.
In general, our structured reporting process is as follows:
- Internal Reporting: Our employees are required to report any suspicious activities or transactions immediately to our compliance team.
- Suspicious Activity Reports (SARs): The compliance team will conduct reviews and prepare and file SARs to the relevant authorities if necessary.
- Confidentiality: All reports of suspicious activities are managed with utmost confidentiality. We will ensure that information concerning suspicious transactions and SARs will be protected and disclosed only to authorized personnel and regulatory bodies.
- Timeframes for Reporting:
- Immediate Reporting: Highly suspicious activities indicative of money laundering or terrorism financing will be reported internally without delay.
- Regulatory Reporting: SARs will be submitted to relevant authorities within the prescribed timeframe following the identification of the suspicious activity. This ensures timely compliance with regulatory obligations.
10. Record Keeping
All records related to CDD, transactions, suspicious activity investigations, and SARs are retained for at least five years or as mandated by applicable regulations. This includes maintaining documentation of customer identity, transaction details, and communications with regulatory authorities. For more information in relation to the retention of data, please refer to our Privacy Notice.
11. Employee Training
We conduct ongoing AML/CTF training for employees to ensure awareness of legal obligations and internal procedures.
Training is tailored to different roles, with enhanced sessions for employees in higher-risk functions, such as compliance officers and customer service personnel.
The primary objectives of the AML/CTF training program are to:
- Enhance Awareness: Ensure all employees understand the importance of AML/CTF compliance and their role in preventing money laundering and terrorism financing.
- Provide Knowledge: Equip employees with knowledge of relevant AML/CTF laws, regulations, and company policies.
- Develop Skills: Train employees to identify suspicious activities, comprehend reporting procedures, and apply appropriate AML/CTF controls.
12. Independent Audit and Program Review
Our AML/CTF program undergoes regular independent audits to assess its effectiveness and adherence to legal requirements. Regular reviews and updates are conducted:
- Annual Review: The AML/CTF Policy is reviewed annually to assess its effectiveness, ensuring it remains aligned with regulatory requirements and industry best practices.
- Updates as Needed: Amendments to the policy are made promptly in response to regulatory changes, operational needs, or identified deficiencies.
- Communication of Changes: All employees are informed of significant updates to the AML/CTF Policy and are required to acknowledge their understanding and compliance.
13. Virtual Asset Risk Assessment
Before listing or trading any new tokens, we conduct a thorough risk assessment, considering factors such as anonymity, regulatory compliance, and historical use for illicit activities.
The risk assessment will take into consideration the following factors (which are non-exhaustive):
- Anonymity and Transparency: The assessment will evaluate whether the token promotes anonymity or undermines our ability to identify users and implement effective AML/CFT measures. Tokens that pose challenges to transparency or hinder user identification will be subject to heightened scrutiny or may be excluded from listing.
- Market Manipulation and Fraud Risk: We will assess the volatility and liquidity of the token, including whether token concentration in specific addresses makes it susceptible to market manipulation or fraud. Tokens identified as having high volatility or liquidity risks will undergo EDD and may be excluded from listing if deemed excessively risky.
- Illicit Use of Tokens: We will evaluate whether the token has been associated with illicit or fraudulent purposes. If there is evidence or history of the token being used for criminal activities, it will be considered high risk and subject to enhanced due diligence or exclusion.
We maintain an ongoing monitoring process for all virtual asset issuers whose tokens are listed or traded on our Platform. This includes continuous screening for changes in ownership structure, sanctions status, adverse media, and other risk indicators. If significant changes are detected that elevate the risk profile of an issuer, we may reassess the listing status of the token and apply further enhanced due diligence measures. The token issuer is also contractually obliged to inform us of any market risks, operational risks, technology risks, regulatory risks, fraud, and cybersecurity risks that will materially affect the price of the token and/or the reputation of the Platform.
14. Cooperation with Authorities
We fully cooperate with law enforcement and regulatory bodies to address risks associated with money laundering and terrorism financing, including facilitating audits, inspections, and information requests.
15. Policy Review and Updates
We will maintain the relevance and effectiveness of the AML/CTF Policy through regular reviews. These reviews will be conducted at least annually or whenever significant changes in regulations, business operations, or risk profiles occur. The goal is to ensure that the Policy reflects current legal requirements, emerging threats, and industry best practices in combating money laundering and terrorism financing.
16. User Responsibility for Account Security
-
- Protecting Account Information: We remind all users to take appropriate steps to protect their account information, including passwords, private keys, and any other sensitive data related to their accounts. Users should never share this information with anyone and should regularly update their security settings.
- Reporting Suspicious Activity: Users are encouraged to report any suspicious activity or unauthorized access to their accounts immediately. We will investigate such reports promptly and take appropriate action to protect the user and the Platform.
17. Language
Please be informed that we will publish this Policy in different languages. Should there be any inconsistencies or discrepancies in translation, this English version shall prevail.
18. Communication with Us
If you have any concerns, questions, requests and comments in connection with our due diligence practices, you may contact our customer service representatives by chat or email. If it is related to your personal data, you may contact our data protection officer by sending an email to data@weex.com.
If you are a law enforcement officer and request our assistance, please refer to our Law Enforcement Guidelines.
If you wish to have your account deleted, you may approach our customer service officers.