en

ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING POLICY


CRUZEUM Spółka z ograniczoną odpowiedzialnością with its registered seat in Łódź, Republic of Poland (hereinafter: “CRUZEUM”), is legal entity incorporated by law of Republic of Poland and entered into Commercial Register under KRS number: 0001003469, held by District Court for the city of Łódź-Śródmieście in Łódź, 20 th Commercial Division of National Court Register.

The European Union has passed Directives designed to combat money laundering and terrorism. These Directives, together with Poland legislation, rules, provide industry guidance, and form the cornerstone of CRUZEUM SP. Z O.O. AML/CFT obligations and outline the offenses and high penalties for failing to comply. To comply with Poland AML/CFT regulations CRUZEUM SP. Z O.O. has implemented AML program that has been approved by CRUZEUM SP. Z O.O. Members of the Board and MLRO.

CRUZEUM SP. Z O.O. AML/CFT Policy is designed to prevent money laundering by meeting the Poland and European standards on combating money laundering and terrorism financing, including the need to have adequate systems and controls in place to mitigate the risk of the company being used to facilitate financial crime.

CRUZEUM SP. Z O.O. AML program consist of the following:

  1. Risk Based Approach
  2. Money Laundering Reporting Officer
  3. Customer Due Diligence
  4. Sanctions/PEP Screening
  5. Monitoring
  6. Reporting
  7. Record Keeping/Sharing
  8. Training


1. RISK BASED APPROACH

CRUZEUM SP. Z O.O. shall adopt a risk-based approach (“RBA”) in determining whether to accept or reject customers, and to assess the risks of its business, its customers and transactions as the basis for developing adequate measures and rules to prevent money laundering and funding of terrorism. A Risk-Based assessment enables a more targeted and focused approach to identifying and assessing risks that CRUZEUM SP. Z O.O. is or may be exposed to by applying resources to where they are most needed. The type of information required must therefore reflect the inherent level of ML/FT risk that each merchant represents. A robust RBA will therefore reduce the costs incurred as regards to on-going monitoring of client transactions and the procurement of paraphernal KYC documentation.


2. MONEY LAUNDERING REPORTING OFFICER

CRUZEUM SP. Z O.O. shall appoint and maintain an officer of CRUZEUM to act as CRUZEUM Money Laundering Reporting Officer (‘MLRO’). The MLRO shall be an officer of CRUZEUM with sufficient seniority, education, reputable background, experience and command.

The MLRO’s responsibilities include:

  • Maintaining controls and procedures aimed at deterring criminal elements from using CRUZEUM resources;
  • Setting up, monitoring, updating AML/CFT procedures, including KYC, record keeping, risk assessment, STR escalation protocols;
  • Determining whether an Unusual Transaction Report (UTR), following
    • investigation, is to be classified as a Suspicious Transaction Report (STR);
  • Reporting suspicious transactions to the FIAU by submitting STRs;
  • Ensuring training of employees in AML/CFT matters and employees compliance with their AML/CFT obligations; and
  • Reporting to the Board of Directors on AML/CFT matters requiring the Board’s attention


3. CUSTOMER DUE DILIGENCE

Each new business relationship must be reviewed according to the criteria as set forth under the law. This must be done before the establishment of the relationship or – where necessary for the continued normal conduct of business and provided that the AML/CFT risks are low and verification steps are completed as soon as reasonably practical – during the relationship being established.

CRUZEUM must:

  • determine, document and verify the true identity of customers and their beneficial owners (UBOs) on the basis of documents, data or information from a reliable and independent source;
  • obtain background information on customers; and
  • obtain background information on the purpose and intended nature of the business in order to establish the business and risk profile of the customer.

Customer due diligence on legal persons also requires CRUZEUM to create an understanding on the nature of the merchant business, the ownership and control structure of the merchant. Furthermore, CRUZEUM must obtain and document any additional customer information, commensurate with the assessment of the money laundering risk using a risk-based approach and dedicate further attention to any customer (if a natural person) or any of the UBOs of customers that are regarded a politically exposed person as defined under Applicable Regulations. The KYC/Onboarding Policy provides more detail on the legal requirements for measures designed to investigate the new business relation (Customer Due Diligence) in order to deter, detect and disrup money laundering and terrorist financing. For the rules relating to customer due diligence, identity and verification (of merchants, ultimate beneficial owners and politically exposed persons), please be referred to this document. The above checks are part of an overall risk assessment.

In the event that, during an established relationship, doubts arise about the veracity or adequacy of previously obtained data, documents or information or changes have occurred, then the customer due diligence measures as described above are to be repeated.

3.1. Simplified Due Diligence

There are also circumstances where the risk of money laundering or terrorist financing may be lower, such as (but not limited to):

  • cases where the merchant is a financial institution subject to requirements to combat money laundering and terrorist financing (consistent with the FATF Recommendations) and are supervised;
  • cases where the merchant is a public company listed on a stock exchange and subject to disclosure requirements to ensure beneficial ownership transparency;
  • country: countries where merchant is located that are:
  • identified by credible sources as having effective anti-money laundering/counter terrorist financing systems;
  • identified by credible sources as having low level of corruption or other criminal activity.

In such cases, and provided there has been an adequate analysis of the risk, simplified customer due diligence measures may be taken. Note that a lower risk for identification and verification purposes does not automatically mean the same merchant is lower risk for all types of customer due diligence measures, for instance for ongoing monitoring.


3.2. Enhanced Due Diligence

Apart from the business, there are circumstances where the risk of money laundering orterrorist financing is higher, such as (but not limited to):

  • Country: Countries where merchant is located that are:
    • subject to sanctions, embargos or similar measures issued by the United Nations;
    • identified by FATF as non-cooperative;
    • identified by credible sources as:
    • not having adequate anti-money laundering/counter terrorist financing systems;
    • funding or supporting terrorist financing or that have designated terrorist organizations operating in that country;
    • having significant levels of corruption or other criminal activity;
    • having a non-transparent tax environment;
    • The ownership structure appears unusual or excessively complex given the nature of the merchant’s business;
    • directors or ultimate beneficial owners identified as politically exposed persons; or
    • transaction and merchant behavior (Is a risk posed by a merchant’s behavior? What risk is posed by the products the merchant is using? To whom and where are the collected payments settled?).

In such cases extended customer due diligence measures have to be taken.


4. SANCTIONS/PEP SCREENING

CRUZEUM must screen all customers and involved entities, directors and ultimate beneficial owners against international PEP/Sanctions lists. CRUZEUM rely on reputable automated screening system

5. MONITORING

CRUZEUM is to conduct ongoing monitoring of its business relationships. Monitoring of customers shall be maintained on a risk-sensitive basis, and transactions shall be scrutinized to ascertain whether throughout the course of the relationship the transactions undertaken are consistent with CRUZEUM knowledge of the customer’s business and risk profile and the information provided to CRUZEUM in the course of onboarding and carrying out KYC checks. Data and documents are to be kept updated, including identification documentation. Thus, the team shall monitor the transactions and upon discovery of a transaction of suspicious nature, an internal investigation shall be initiated. All CRUZEUM customers are obliged to inform CRUZEUM with regards to any changes within the corporate structure, directors, beneficial owners, registered address

6. REPORTING

CRUZEUM reporting of unusual transactions or activities must comply with Applicable Regulations. In the event the customer due diligence does not provide the desired results and there are indications that the customer is involved in money laundering or terrorist financing, CRUZEUM is required to report this in accordance with this chapter and the STR procedure as described in the AML Procedure. Furthermore, all (i) unusual transactions (including attempted transactions); (ii) unusual patterns of transactions or (iii) business relationships with merchants or partners located in a non-reputable jurisdiction AND that have no apparent economic or visible lawful purpose, regardless of the amount, should be recorded and either maintained on file and available to the FCIS upon request or reported pro-actively (in accordance with Applicable Regulations). Such reporting is to be done at the Financial Intelligence Unit in Poland as soon as reasonably practicable. When a Compliance Officers detects any red flag he/she will investigate further under the direction of the Designated Employee. This may include gathering additional information internally or from third-party sources and suspending (part) of the services upon consultation with the Designated Employee and MLRO. In the event the Designated Employee suspects there are sufficient facts present that require a suspicious transaction report to be sent to the FCIS, he/she will get in touch with the MLRO. The MLRO may determine that filing such report to the FCIS will be required. CRUZEUM may not disclose to the person concerned or any third party that it has filed a suspicious transaction report, it is sharing information with the FCIS and that investigation is being or may be carried out.

7. RECORD KEEPING/SHARING

CRUZEUM must be able to demonstrate its compliance with the Applicable Regulations, by means of keeping evidence and records of due diligence checks made and information held on merchants and transactions. The following records are to be kept:
  • All documents obtained for the purpose of identifying the merchant and the ultimate beneficial owners;
  • Verification evidence on the identification documents obtained and the resolution of any discrepancy in the identifying information;
  • Supporting records in respect of the business relationships;
  • Results of credit analysis or any other analysis undertaken;
  • Transaction data must be maintained in a form that can easily be compiled for an audit trail and which establishes the right transaction profile of the merchant;
  • All other information related to money laundering matters.

Records are to be kept for at least five years, beginning either on the date on which (i) the business relationship ends for all customer identification/due diligence records and (ii) the transaction is completed for all transaction records.

7.1. Record Sharing

CRUZEUM will share AML information (customer identification, due diligence and transaction records and other relevant information) with the FCIS, law enforcement authorities and other financial institutions, if it is requested to do so. CRUZEUM will maintain procedures to protect on one hand the security of requests from such authorities, but on the other hand not unnecessarily jeopardize the confidentiality rights of the merchants. CRUZEUM will share information about those suspected of terrorist financing and money laundering with other financial institutions for the purposes of identifying and reporting activities that may involve terrorist acts or money laundering activities and to determine whether to establish or maintain a business relationship or engage in a transaction. Furthermore, upon request, CRUZEUM may be required to submit periodical reports on its policies, procedures and other information, in a format as required by the FCIS.



8. TRAINING

The MLRO shall make sure that initial and on-going training is provided to employees, at least annually, to ensure that all relevant staff is aware of the regulatory obligations of CRUZEUM under the Applicable Regulations, their personal responsibilities and how to recognize and handle suspicious transactions.

Compliance team including any other customer-facing and/or transaction- facing employees whose duties include the handling of relevant financial business or activity as defined under the Applicable Regulations shall receive more detailed training about CRUZEUM AML procedures with respect to identifying clients, monitoring, record-keeping, remaining vigilant at all times, and reporting any unusual/suspicious transactions. Training logs will be maintained.