POLICIES AND MEASURES FOR THE PREVENTION OF MONEY LAUNDERING AND THE FINANCING OF TERRORISM

(hereinafter: Policy)

Digital Assets d.o.o. (hereinafter: the Company) is committed to the highest level of anti-money laundering and counter-financing of terrorism (hereinafter: AML/CFT). The Company follows the laws of the Republic of Croatia and the EU. It actively prevents all activities aimed at or facilitating the legalization of illicit funds.

This Policy prescribes the measures, actions, and procedures the Company undertakes to prevent money laundering (hereinafter: ML) and financing of terrorism(hereinafter: FT) in its regular business operations.

The Company reserves the right to suspend the service to the Customer if there is suspicion that the Customer obtained the funds illegally.

KEY TERMS

Customer identification is the process of establishing the Customer's actual identity based on reliable sources, primarily personal documents.

Financing of terrorism (FT) is the provision or collection of funds, or the attempt to provide or collect funds, by any means, with the intention or knowledge that terrorists or terrorist organizations will use them for any purpose, including financing travel to commit or contribute to terrorism, training for terrorism, and terrorist associations.

Money laundering (ML) is the exchange or transfer of property acquired through criminal activity, concealing or disguising the true nature, source, location, disposition, or movement related to the ownership of the property, acquisition, possession, or use of property obtained through criminal activity, attempting or participating in committing the actions as mentioned earlier.

A suspicious transaction is any attempted or executed transaction for which we assess that there are reasons to suspect ML or FT or that the transaction involves funds derived from illegal activities.

Terrorism can be financed from legal activities' revenues, which further complicates detection, unlike ML, which is always preceded by some illegal activity.

A transaction is any receipt, expenditure, transfer from account to account, exchange, storage, disposition, or another handling of money within the Bitcoin Store platform.

INTERNAL MEASURES FOR PREVENTING ML AND FT

The Company implements the AML/CFT process with the following measures:

  • KYC (Know Your Customer) process,
  • risk assessment,
  • monitoring Customer activities,
  • record-keeping,
  • employee training.

The Company carries out all activities and processes related to the AML/CFT Law (NN 108/17, 39/19, 151/22) when establishing a business relationship and during each Customer activity.

CUSTOMER IDENTIFICATION

Know Your Customer (KYC) is a process that involves taking measures through which the Company establishes the Customer's identity.

Customer Due Diligence measures

The Customer due diligence process includes:

  • determining and verifying the identity of the Customer/beneficial owner of a legal person based on documents, data, or information,
  • collecting data on the purpose of the business relationship, the source of funds, and other data per the AML/CTF Law (NN 108/17, 39/19, 151/22),
  • continuous monitoring of the business relationship.

The Company carries out enhanced due diligence measures to appropriately manage and reduce the risks of ML or FT:

  • when the Customer/beneficial owner of a legal person is a politically exposed person,
  • when assessing that the Customer represents a high risk of ML or FT,
  • when there is suspicion of ML or FT,
  • when transactions have no visible economic or legal purpose.

Natural person

Before performing a transaction at a branch, the Company establishes the Customer's identity based on an identification document. The type of identification document depends on the country of residence. It may include an ID card, passport, and residence permit.

In this case, the Company collects the following Customer data: name and surname, residential address, day, month, and year of birth, personal identification number (PIN), name and the number of the identification document, name and country of the identification document issuer, and nationality/nationalities.

Before establishing a business relationship, i.e., opening a Bitcoin Store account, the Company conducts a verification process. The Customer verification process involves collecting the previously mentioned Customer data and verifying the submitted data. The Customer is required to complete a questionnaire with additional questions to enhance the Services and better understand the business relationship.

In this case, the Company uses third-party services to determine the authenticity of the submitted data and identification document. For complete verification, the Company uses e-identification. The Customer must then take a selfie with a mobile device or personal computer, proving their presence.

Legal person

Before performing a transaction at a branch, the Company establishes the Customer's identity, a legal person, based on the identification document of the authorized representative.

Official identification documents and data collected by the Company are the same as in the case of identifying an natural person. For a legal person, the Company collects the following data: name, legal form, headquarters (street and house number, city and country), identification number of the legal person.

Before establishing a business relationship, i.e., opening a Bitcoin Store account for legal entities, the Company carries out the following steps:

  • the authorized representative must go through the verification process under the same conditions as a natural person,
  • the authorized representative must submit the official documentation of the legal person.

Depending on the legal form of the Customer, the Company collects the following documentation:

For companies (PLC, LLC and Simple LLC):

  • official excerpt from the court register (no older than 3 months),
  • official excerpt from the Register of Beneficial Owners (no older than 1 month),
  • a copy of the founding act - partnership agreement (signed by all founders) or a statement on the establishment of the company (if the company is founded by only one person),
  • a copy of the valid identification document(s) (depending on the country of residence) of the actual/real owner(s),
  • authorization letter from the actual/real owner(s) if the authorized representative is not the actual owner (no older than 1 month).

Note: If the legal person has multiple beneficial owners who own 25% or more of the legal person's shares, identification documents for all beneficial owners registered in the Register of Beneficial Owners must be submitted. If the Customer is a legal person conducting business in the Republic of Croatia through a branch, the Company collects the necessary documentation for the foreign legal person and the branch.

For an Association:

  • official decision on registration in the Register of Associations,
  • official extract from the Register of Associations (not older than 3 months),
  • official extract from the Register of Ultimate Beneficial Owners (not older than 1 month).

For Craft business:

  • official decision on registration in the Trade Register,
  • official extract from the Trade Register (not older than 3 months) trade license or permit,
  • partnership agreement (if it is a joint trade). In this case, all partners are required to submit copies of personal identification documents.

For other legal entities and equivalent entities (foundations, institutions, art organizations, chambers, unions, employers' associations, political parties, cooperatives, credit unions, religious communities):

  • original or certified copy of documentation from the register, ledger, or other official records (not older than 3 months),
  • official extract from the Register of Ultimate Beneficial Owners for foundations, institutions, and art organizations (not older than 1 month).

All official documents of a legal person with headquarters outside the Republic of Croatia must be submitted in a certified translation into Croatian or English.

The Company has the right to request additional documentation necessary for establishing a business relationship or during a business relationship with a legal person or an equivalent person at any time.

PRIVACY AND DATA PROTECTION

Customer data is stored per the General Data Protection Regulation (GDPR). More information about the collection, processing, and use of personal data can be found in the Privacy Policy document.

RISK ASSESSMENT

The Company regularly conducts a risk assessment at the level of the entire Company to identify changes within the Customer base, products, geographic data, and distribution channels and verify whether control measures are sufficient to keep the remaining risk low.

The Company conducts an individual risk assessment for each Customer before entering into a business relationship or if the Company learns about certain circumstances indicating a possible change in the Customer's risk group.

Each Customer of the Company is permanently assigned to a relevant risk group: low, medium, or high.

CUSTOMER ACTIVITY MONITORING

The Company conducts continuous monitoring of the business relationship . This includes transaction monitoring and updating of Customer personal data. The Company also ensures and applies both current and retrospective monitoring procedures.

Monitoring may be carried out using third-party services. In this case, the Company ensures that third parties comply with the requirements established by the signed contract with the Company and by the Law.

RECORD KEEPING

The Company ensures that documents and data related to business, transactions, business relationships, employee training material, and other documents are stored per the legal regulations of the Republic of Croatia and the European Union.

EMPLOYEE TRAINING

The Company conducts professional training and education of its employees at least once a year. The employee training program ensures that all Company employees who face AML/CTF measures in performing their functions are properly educated.

FINAL PROVISIONS

The Company reserves the right to amend the Policy and measures at any time to maintain the highest level of compliance with the AML/CFT Law.

This abbreviated Policy takes effect on January 1, 2023. It replaces any other Policy that applied before that date.