AML Policy

Date of Last Revision: August 15, 2024

RULES OF INTERNAL CONTROL REGARDING PREVENTION OF MONEY LAUNDERING AND FINANCING OF TERRORISM FOR RWA.IO

(“AML Policy”)

  1. General provisions

    1. This AML policy has been developed in accordance with the AMLD5, AMLD6, and any other applicable legislation of the European Union, FATCA provisions, reports of FATF and international standards of money laundering prevention.

    2. AML policy is a set of internal rules and regulations that is used by the Company in order to check and reveal documentation and information regarding the operation that are under obligatory control and other operations with money or property that may be in any way connected to the legalisation (money laundering) or finance of terrorism and the provision of such information to the state authorities. For the avoidance of any doubt, this AML Policy shall also apply to the sale and purchase of RWAIO utility cryptographic tokens during the IDO, or other public token crowdsale event (either conducted by the Company or any of its Affiliates, or any third parties).

    3. The AML policy is a document that (i) Regulates the organisation of work, regarding the prevention of legalisation of illegally obtained funds (money laundering) and financing of terrorism; (ii) Sets the obligations and obligatory procedures for the employees or third party contractors regarding internal controls; and (iii) Sets the terms for the fulfilment of obligations by the employees or third party contractors and sets the authorized control persons.

    4. The AML policy contains the following protocols:

      1. Internal control methods;

      2. Implementation of internal control methods;

      3. User and persons associated with client’s identification;

      4. Risk analysis;

      5. Regulation of commercial relations with Users;

      6. Obligatory actions in case there are suspicions regarding money laundering;

      7. Correspondence exchange;

      8. Information documental fixation;

      9. Transaction refusal;

      10. Company employee or third party contractor preparation;

      11. Internal control;

      12. Document maintenance.

    5. The following capitalised terms shall have the meanings hereinafter assigned to them unless the context clearly otherwise requires:

“Affiliate(s)” means every present and future entity that directly or indirectly Controls, is Controlled by, or is under common Control with RWA.IO, where Control may be by either management authority, contract or equity interest.

“AMLD5” shall mean Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU.

“AML Officer”: shall have the meaning as set out in Clause 2.1 below.

“AML Policy” or “Policy”: means these Rules of Internal Control Regarding Prevntion of Money Laundering and Financing of Terrorism, as updated from time to time;

“AML” shall mean Anti Money Laundering.

“Authorized Team”: shall have the meaning as set out in Clause 2.2 below.

“Company” shall mean RWAIO OÜ, a company duly established under the laws of Marshall Islands;

“Control”: shall mean possession, directly or indirectly of at least fifty percent (50%) of the voting equity of another entity (or other comparable interest for an entity other than a corporation), or the power to direct or cause the direction of the management or policies of an entity whether through ownership of securities, by contract or otherwise.

“CTF” shall mean Counter-terrorist financing.

“FATCA” shall mean Foreign Account Tax Compliance Act.

“FATF” shall mean Financial Action Task Force.

“KYC Service Providers” shall have the meaning as set out in Clause 2.5 below.

“KYC” shall mean Know Your Customer.

“RWA.IO” shall mean the Company.

“RWAIO” shall mean the RWAIO cryptographic utility token as a form of digital asset, issued by an Affiliate.

“OFAC” shall mean Office of Foreign Assets Control.

“Purchaser” shall mean any person who purchase RWAIO tokens from RWA.IO or any of its Affiliates during the IDO or public crowdsale.

“SDN” shall mean Specially Designated Nationals And Blocked Persons List.

“State official” shall mean a person who has a state appointed position in any country including the United States or any EU member states or who holds a position in an International organisation, or any other politically exposed person.

“User” shall mean any user of goods or services offered by RWA.IO or its Affiliates, which shall include any Purchaser.

2. Internal Control Methods.

  1. The person responsible for the accurate implementation of the present policy shall be named by the management board of the company (the “AML Officer”).

  2. In order to adequately implement this AML Policy and considering the volume of Users and associated risk levels, the company may form a separate team, including the member of the board, the head accountant and the head of the legal department, in order to implement the AML Policy and all the protocols contained herein (the “Authorized Team”)

  3. (If applicable) Affiliates shall be accountable before the AML Officer and (if applicable) Authorized Team in the field of suspicious transactions. All the matters regarding the initial user identification shall be handled by the corresponding structural parts of the company.

  4. The AML Officer shall be named as the contact person between the Company and any applicable regulatory or other official authorities. The AML Officer shall perform the following tasks:

  • Analysis of the performed or planned transaction regarding their possible connection to money laundering or finance of terrorism;

  • Presentation to the regulatory or other official authorities of any data regarding Users, their associated persons and transactions that may be connected to illegal activity.

  • Presentation of reports regarding the fulfilment of this policy the management board and the owners of the company.

  • Fulfilment of other obligations as set by the applicable legislation.

  1. The company may contract third parties (including specialized KYC services providers) (“KYC Service Providers”) for the purpose of performing or implementing, fully or partially, any processes, protocols or other obligations set out in this AML Policy and shall ensure that said contracted KYC Service Providers carry out the provisions of this AML Policy in full.

  1. Implementation of control methods

    1. Control methods are used in the following areas:

  • in compliance with the FATF Travel Rule;

  • during the initiation of commercial relationship with the users and during their activity;

  • in any case when the sum of the transaction exceeds 10 000 EUR or an equivalent in any other currency (including any virtual currency);

  • if there is any doubt that the provided data is accurate;

  • if the planned transaction is needlessly complex;

  • if there is any reason to suspect that the transaction is connected with money laundering or finance of terrorism or any other form of illegal activity or is considered a high-risk transaction in accordance with the risk evaluation procedure set by the current policy.

  1. Additional control methods are implemented in the situation when the User changes the conditions of the transaction, increasing the risk level:

  • If the transaction serves no rational purpose;

  • If the transaction is financially irrational;

  • If the same type of transactions is repeated multiple times over a short period;

  • Should the client refuse to provide information without giving a reason for the refusal or should the client express unusual concern with the matters of confidentiality;

  • Should the User decide to change the transaction in a manner that is not a usual practice of the organisation;

  • Should the User express unreasonable hurry to carry out the transaction;

  • Should the User implement changes into the transaction conditions shortly before it is performed;

  • Should the User prove impossible to contact;

  • Should there be any information that the data provided by the client is false or inaccurate;

  • In case of absence of any association between the activities of the User and the planned transaction;

  • In case the planned transaction be needlessly complicated.

  1. Additional methods for the control of a suspicious transaction:

  • Receipt from the User of necessary explanations and confirmations that clarify the purpose of the transaction;

  • Implementation of an increased monitoring in accordance with the present policy regarding all the transactions of the User in order to confirm if they are in any way connected to money laundering or finance of terrorism.

  1. User and their associated persons identification.

    1. In order to be able to access goods and services available on the RWA.IO platform or to be able to purchase RWAIO tokens from RWA.IO or any of its Affiliates, any User shall register on the platform and pass the “KYC” identification process.

Identification of individuals

  1. The initial identification of the User who is an individual is made on the basis of the provided client identification document.

  2. Regarding the physical persons the following shall be confirmed:

  • Name;

  • Surname;

  • Citizenship;

  • Date of birth;

  • Personal ID number;

  • ID document data (including photograph of a person);

  • Actual place of residence;

  • Personal tax number if applicable;

  • Valid Contact information – telephone number, e-mail address.

  1. During the identification the documents are checked for the accuracy of the information provided and the following is confirmed:

  • Is the document still legally valid;

  • Does the photo on it check out;

  • Should there be any doubt regarding the document the state authorities that issued the document may be contacted in order to obtain the necessary confirmation.

  1. Should the User present an ID document, a copy shall be saved, the quality of which allows the Company to review the data contained in the document.

State Officials

  1. When the identity of a physical person is confirmed it is also confirmed if they are a State Official. If a person is a State Official, the additional information shall be collected:

  • List of the closest associates and relatives if such information is publically available;

  • Confirmation of the property and sources of income that are meant to be used in the transaction;

  • Preparation of an inquiry to the proper database;

  • Preparation of an inquiry to the state supervision institutions;

  • Decision regarding the start of the commercial relationship with the state official is made by an AML Officer named in accordance with Clause 2.1 of this AML Policy.

  1. Official sources will be first used to check the provided information, such as official public registries. Other sources may be used if there is no doubt regarding their accuracy and competence.

  2. Identification of a natural person (individual) that acts as a representative is made in accordance with the provisions of this AML Policy.

  3. Identification of an individual is not a one time procedure. The information regarding the individual should be checked constantly and updated when necessary.

  4. Should there be any doubt, the actual beneficiary must be revealed – a person that actually controls the legal person and receives profit from it.

Sanctions Lists

  1. Before opening a user account, and on an ongoing basis, the Company will check to ensure that a User does not appear on the SDN list or is not engaging in transactions that are prohibited by the economic sanctions and embargoes administered and enforced by OFAC, UN or EU.

Identification of legal persons

  1. The following information must be obtained during the registration of an account of a User which is a legal person:

  • Name of the legal entity;

  • Registration number;

  • Legal address and the address of principal activity;

  • Corporate form;

  • Full information regarding directors or any other legal representatives;

  • Shareholders;

  • Beneficial owners.

  1. The review of information is made by the use of public registries and databases or by sending inquiries to the state authorities. Certificate from a registry may be replaced by an authorised access to the registry.

  2. All documents issued by foreign state authorities must be legalised or have an apostille.

  3. The control of the legal entity management board or other similar control organ must also be carried out regarding their connection to state officials, also regarding beneficiaries and their representatives. Should the information provided by the User not be trustworthy enough, the information may be controlled by the means of an inquiry to state officials or international organisations.

  4. All the provided information is gathered and carefully studied if the company has any subsidiaries, representatives or in any way connected to countries that do not cooperate in the field of international opposition to money laundering and finance of terrorism, or if those states are considered low tax jurisdictions.

  5. If the legal entity acts as a representative of another entity, then the information of that other entity must also be gathered in accordance with this AML Policy.

  6. Only an authorised legal representative may register a legal entity on the website of the company. The authorised representative must provide sufficient documents proving his authority to represent the legal person. Should the provided documents fail to provide the required information or if there is any doubt regarding their accuracy, no commercial relationship may be started and the account may be blocked. The document proving the authority must contain further information:

  • Scope of rights;

  • Date the authority was granted and for what period;

  • Reason the authority was granted.

  1. Any transaction with the legal person requires the identification of beneficial owners. Should a person have more than one beneficiary, then all other beneficiaries must also be identified.

  2. Should it prove impossible to clarify who is the beneficiary in the company, then all owners of the company must be confirmed and sufficient explanation must be provided by the User.

  3. Special care should be used when confirming the actual beneficiary if the planned transaction may in any way be connected to the increase of the risk due to the field of activity of the legal person, state of registration, type of provided services and nature of the transaction, also if the legal person is registered or connected to a low tax jurisdiction.

  4. The non-resident legal person must comply with the same identification process as stated above. The Company has the right to deny a transaction if the legal person is a resident of a country whose legislation violates the provisions or standards set out in this AML policy.

  5. Should the risk of the transaction be considered high or should there be reasons to consider the risk of commercial relations high, a higher level control method of client identification should be used, by requesting the client to provide additional information and documents that can rule out the risk. Information is also to be provided to the state authorities to get more instructions. Aside from the high-risk level that was given under the risk analysis following the provisions of Section 5 of this AML Policy, additional reasons to consider the transaction to be high risk are the following:

  • unusual circumstances for the transactions;

  • User operates with high volumes of cash;

  • User, who is a legal person, has hidden owners or recipient type shares;

  • the structure of the User which is a legal person is too complex and confusing;

  • new or unknown goods are the subject of the transaction and transaction specifics are unusual;

  • transaction is made for anonymity purposes;

  • unknown third parties make payments following the transaction;

  • any other circumstances mentioned as stated in any applicable legislation.

Special provisions for RWAIO token purchase

  1. All RWAIO token Purchasers are required to pass the Know Your Customer (“KYC”) procedure in accordance with this AML Policy (as specified, in particular, in above clauses of this Section 4 and any other applicable clauses of this Policy) and participate in the whitelisting process. The Company shall reserve the right to unilaterally terminate any RWAIO and/or not to sell any Tokens due to KYC/AML considerations or due to any other grounded reasons (e.g. if it is subsequently established that the information provided during the course of AML/KYC procedure was not correct or that you do not meet any other eligibility criteria). In that case, any amounts as a Purchase Price for the Tokens will be refunded (provided that this would be technically possible and that no KYC/AML restrictions would apply for such reimbursement). We further reserve the right to take any other steps or actions for ensuring full compliance with any applicable KYC/AML legislation or regulation.

  1. Risk evaluation.

    1. Any User and his planned transaction are evaluated regarding the risk factor of money laundering and finance of terrorism.

    2. During the risk evaluation the User is given the risk status, from lowest to highest, by the means of evaluating further risk factors:

  • User corporate structure and field of activity;

  • Is the User a State Official or connected to one;

  • Is the User represented by a legal person;

  • If the beneficiary of a physical person is a third person;

  • Problems identifying the beneficial owners of a User which is a legal person;

  • The User is connected to low tax jurisdictions;

  • The User is subject to international sanctions;

  • The User is an atypical client;

  • Term of cooperation;

  • Nature of the planned transaction;

  • Amount of the transaction;

  • Are the Users stable or constantly shifting;

  • Problems during identification procedures;

  • Goods or property origins are unclear.

  1. The nature of the transaction must be evaluated to set the risk status.

  2. The transaction may be awarded with a low, medium or high risk status depending on the risks factors, which include:

  • The transaction involves currency exchange or purchase of precious metals;

  • The transaction involves a private bank;

  • The transaction involves alternative payment methods;

  • The transaction involves gambling;

  • The transaction involves rarities or exclusive goods;

  • The transaction involves innovations;

  • The transaction involves commercials;

  • The transaction involves company establishment or management.

  1. In addition to risks listed in Clause 5.4 above, geographical circumstances are to be evaluated (geographical risk). The transaction may be awarded with a low, medium or high risk status depending on the following geographical actors:

  • The transaction involves low tax jurisdictions. This entails a company registered at the low tax jurisdiction or services provided at the low tax jurisdiction.

  • The transaction involves a state that does not cooperate in the field of money laundering prevention and finance of terrorism.

  • The transaction involves a state with high crime rate or trafficking of drugs;

  • The transaction involves a state with high level of corruption;

  • The transaction involves a state that is a subject to international sanctions;

  • Other factors that may increase the geographical risk.

  1. Along with the risks connected to the User, risks regarding his partners or associated persons are also evaluated.

  2. The risk evaluation is performed by giving each risk group a status on a three-point scale:

  • Risk is considered low: no category has a risk factor and the transaction is clear;

  • Risk is considered medium: there are risk factors, but the transaction itself is clear, though there are suspicions that all of the risk factors together may indicate money laundering or finance of terrorism;

  • Risk is considered high: there are multiple risk factors and the transaction itself is not clear.

  1. Overall result is achieved by adding the factor of each category, whereas risks regarding client and partner are multiplied by two and then the whole sum is divided by a factor of 4.

  • If the sum is 2 or lower the risk is low;

  • If the sum is 2 to 2,75 the risk is medium;

  • If the sum is higher than 2,75 the risk is high.

  1. If the risk in any category is high, the overall risk is considered high no matter the overall sum.

  1. Commercial relationship with the User.

    1. Any commercial relationship with the User (e.g. acceptance of Terms of Service, signing of a SAFT agreement, etc) can be initiated only after the User agreed to act in accordance with this AML Policy.

    2. Before the start of any commercial relationship, the nature, the contractual terms and expected volume of the planned agreement shall be determined. Received information shall be saved and kept in an electronic form.

    3. Actions in case of suspicions regarding money laundering and obligation to provide information.

    4. Should there be any suspicion before the initiation of commercial relationship or during the use of control methods, that the transactions may be connected to money laundering or finance of terrorism, then further cooperation or engagement with such User is impossible.

    5. Any suspicions are registered and analysed by the AML Officer. The official state authorities must be notified without delay along with the results of the analysis.

    6. Should the denial to perform the transaction result in damages to the User or the arrest of a person suspected in money laundering or terrorism, the transaction may be delayed or performed on the condition that the state authorities are informed without delay.

    7. Persons suspected in money laundering or finance of terrorism should not be provided any information regarding the suspicions or notified of such by any other means.

    8. If the Company shall determine that engaging in transactions that are prohibited by the economic sanctions and embargoes, the company shall reject the transaction and/or block the client's assets and file a blocked assets and/or rejected transaction form with OFAC or other competent sanctions authority within 10 days.

  2. Correspondence exchange.

    1. Should it be deemed by the management to be necessary for the control method implementation, correspondence exchange with third persons may be initiated, including banks and other financial institutions if that will allow to gather more accurate information. Any such correspondence exchange must be drawn up in the form of a two-way agreement, including the used control methods.

    2. There can be no correspondence exchange with shadow banks, unlicensed organisations or with organisations situated in jurisdictions whose legislation is not up to the international standards in the field of AML legislation and prevention of finance of terrorism.

  3. Information recording.

    1. Information recording protocol sets the obligation for the company employee or third party contractor who performed the transaction to draw up an internal document containing all specifics of the transaction, that must include:

  • Category of the transactions, reasons why the transaction may be considered a high-risk transaction;

  • Details of the transactions including the volume of the transaction and currency;

  • Details on the persons involved in the transactions;

  • Information on the involved Company employee or third party contractor and his signature;

  • Act date;

  • Written note of the company management board member or of another authorized person regarding a transaction performed under this act.

  • Information regarding any additional methods of control used in regards to the transactions.

  1. There is no pre-arranged act form. Acts are made by hand by each employee and are presented to the member of the management board for review.

  1. Transaction denial.

    1. If the User, despite their obligation, did not present the required document in accordance with the control methods, the applicable legislation and this AML Policy, such User shall be denied in the performance of the transaction.

    2. Should the User fail to present information regarding the source of the funds upon the request, the transactions shall be denied.

    3. Information regarding the transaction denial must be kept in accordance with Clause 13 of this AML Policy:

  • Information on the circumstances for the transaction denial and account blocking.

  • Circumstances for the denial of the start of commercial cooperation;

  • Any circumstances regarding the end of commercial cooperation in accordance with Clause 7.1 and Clause 7.2 of this AML Policy.

  • Information that was the reason the state authorities were notified.

  1. Decisions regarding the denial to perform the transaction may be reversed if the User provides the required information and documents or if such shall be set by the decision of the competent official authorities.

  1. Company employees or third party contractor training.

    1. The protocol regarding the training of employees or third party contractor in the field of AML Legislation and CTF is made in accordance with applicable legislation and includes proper instructions for the employee or third party contractor regarding control methods and information analysis.

    2. The company shall ensure that any contracted third parties carry out the provisions of this AML Policy in full.

  2. Internal control review.

    1. The internal control review protocol ensures that the employees or third party contractor and members of the company abide to the provisions of the applicable legislation in the field of income obtained by illegal means and terrorism finance. The protocol ensures that the employee or third party contractor abides to the internal company rules and regulations in the field of internal control.

    2. Internal controls set the following:

  • Regularly, at least once every six months, internal checks must be carried out regarding the proper implementation of internal regulations and applicable legislation.

  • The AML Officer must provide the management board of the Company with regular reports regarding all violations of internal regulations in the field of money laundering prevention and prevention of finance of terrorism and regarding the implementation of this policy, also providing suggestions regarding any possible improvements, if any are required.

  • Any violations revealed during checks must be properly handled by the means chosen by the management board member.

  1. Document maintenance.

    1. All documents connected to the client identification procedure and all information regarding the start of commercial cooperation must be maintained in the company archive for no less than 5 years. The Company may contract third parties for the purpose of this provision.

    2. All documents that became the reason for notifying state authorities must be maintained for no less than 5 years.

    3. All information on the inquiries made in order to abide by the provisions of the applicable legislation must be kept for no less than five years from the start of commercial cooperation. If the identity was confirmed by the means of a digital document, then the picture of the face and signature is kept for no less than 5 years from the date of the end of commercial cooperation.

    4. The documents must be maintained in a form that allows their written reproduction, so that they would be readily available for financial control or for other state authorities in accordance with the applicable legislation, should they be required for use in civil, criminal or arbitrary proceedings.

    5. Internal control rules set confidentiality standards for the information that was received during the identification process and other means prescribed by the applicable legislation.

Last updated