Policy

Anti-Money Laundering and Know Your Customer Policy

  • BitFlow
  • 07 Jul 2024
  • Important
  1. Introductory provisions:
    1. Bitflow's Anti-Money Laundering and Know Your Customer Policy (referred to as the “AML/KYC Policy”) aims to prevent and reduce the risk of involvement in illegal activities.
    2. To comply with both international and local laws, Bitflow as an obliged person in accordance with the Article 2(1)(l) of the Czech Act No. 253/2008 on certain measures against the legalization of proceeds from crime and the financing of terrorism and other applicable AML/CFT laws and regulations (hereinafter referred to as "Czech AML Act") establishes and maintains effective internal procedures and mechanisms to combat money laundering, terrorist financing, drug and human trafficking, the proliferation of weapons of mass destruction, corruption, bribery, and other financial crimes (altogether referred to hereinafter as "Criminal Offenses").
    3. Bitflow is also required to act upon any suspicious activities from its Users/Partners.
  2. Definitions:
    1. Terms and expressions used in these AML/KYC Policy shall be interpreted in accordance with the definitions provided below:
      • “AML” or “AML/CFT” means a set of applicable laws, regulations and procedures aimed at preventing money laundering, terrorist financing and any other criminal activity by using funds as legitimate income.
      • “Bitflow” means Bitflow Lab s.r.o., i.e. a company registered and incorporated under the laws of the Czech Republic with the business registration number (Identifikační číslo): 19305800, having its registered office at: Chudenická 1059/30, Hostivař, 102 00 Praha 10, Czech Republic. Bitflow Lab s.r.o. has been granted a trade license (authorisation) for providing services related to Virtual Assets.
      • “Fraud” means any act of dishonestly or unlawfully obtaining or attempting to obtain an advantage or financial gain through deceptive practices within the framework of Bitflow’s Services and operations.
      • "Czech AML Act" means the Czech Act No. 253/2008 on certain measures against the legalization of proceeds from crime and the financing of terrorism and other applicable AML/CFT laws and regulations.
      • “Internal AML/CFT Policies” means AML/CFT System of internal rules and principles, as well as Risk Assessment procedures, developed by Bitflow in accordance with Article 21 and 21a of the Czech AML Act.
      • “Risk-Based Approach” or “RBA” means is an approach which was developed and implemented on the basis of implementation of AML/CFT measures, specified in the mandatory and relevant AML/CFT laws, that enables an obliged person to allocate resources (human and financial) appropriately while effectively managing ML/TF risks. The effective RBA is based on a carefully conducted risk assessment (including their identification, evaluation and assessment). This enables the Company as an obliged person to implement effective and mitigative measures that are appropriate for the ML/TF risks elimination.
      • “Risk Factor” means:
        • the characteristic of the customer (User/Partner), to whom the Product and/or Services provided; and/or
        • the way the products and/or services are provided to the customer (User/Partner), and/or
        • geographic risk factors and/or
        • other factors in accordance with the Czech АML Аct, which increases the risk that the services and products of the Bitflow may be misused by the customer (User/Partner) for the purpose of legalizing proceeds of crime or for financing of terrorism.
      • “Know Your Customer” or “KYC” means one of the key AML/CFT tools (instrument) which permits Bitflow to know its customers in prior to execute any transactions for them.
      • “Know Your Business” or “KYB” is a process used by Bitflow to verify the identity and legitimacy of a business, preventing fraud, money laundering, terrorism financing, and other financial crimes or illegal activities.
      • “Know Your Transaction” or “KYT” means is a process used by Bitflow as an Obliged Person to verify, monitor, and/or analyse individual transactions to detect suspicious and/or unusual activity that may indicate Criminal Offenses, fraudulent behavior and/or other illicit financial activities.
      • “Business Relationship” means a business, professional and/or commercial relationship between the Bitflow and a Customer, which:
        • arises out of the business of the relevant person, and
        • is expected by the relevant person, at the time when contact is established, to have an element of duration.
      • “User” means any person who uses Our Platform and/or Services and/or has agreed to the terms and conditions of Bitflow’s Terms of Use.
      • "Partner" means any individual or legal entity that engages in a Business Relationship or collaboration with the Bitflow.
      • “Obliged Person” means Bitflow, i.e. the person who under applicable AML/CFT laws is obliged to prevent money laundering, terrorist financing and any other criminal activity by using funds as legitimate income.
      • “Identity card” means a document issued by a public authority listing the first name and surname, date of birth and facial image and any other data enabling identification of its bearer as its true holder.
      • “Source of Funds” means the funds received from a one-time event (for example, inheritance, sale of real estate, winnings, sale of other assets, etc.) or continuous activity (funds from the customer's business, his/her employment, other legal activities, etc.).
      • “Suspicious transaction” means a transaction made under circumstances giving rise to suspicion of an attempt to the laundering of proceeds of crime or suspicion that the funds used in the transaction are intended for terrorist financing or that the transaction is otherwise related to or connected with terrorist financing, or any other fact that might indicate such suspicion.
      • “Compliance Officer” or “MLCO” means the person responsible for application and implementation of the AML/CFT rules, principles and procedures in accordance with Czech AML Act.
      • “MLRO” means the person responsible for the notification obligation in accordance with Article 18 of the Czech AML Act and ensure constant contact with the Office.
      • “Sumsub” means the User’s/Partner’s verification platform used by the Bitflow to secure its due and proper KYC/KYB procedures (website: https://sumsub.com/).
      • “Politically Exposed Person” or “PEP” means:
        • A natural person, who performs or performed an important public function with regional, national and/or even higher importance;
        • A natural person, close to the above specified person(s);
        • A natural person from his/her "business surroundings";
        • Any other persons who are considered to be as a PEP in accordance with the Methodological Instruction No. 7 of 22.11.2022, intended for obliged entities pursuant to Article 2 of the Czech AML Act.
      • “Office” means the Financial Analytical Office (FAO) located at Washingtonova 1621/11, 11000 Praha 1, Czech Republic, website: https://fau.gov.cz/
    2. The masculine or feminine gender may be used interchangeably throughout these Terms. Wherever one gender is used it shall be construed as meaning the other. Any use of the male or female pronouns in these Terms, whether "he," "she," "him," "her" or words or phrases to similar effect, shall have no significance in the interpretation and application of the terms, provisions and conditions of these Terms, such use being solely for the sake of convenience.
    3. Where the context so admits words denoting the singular shall include the plural and vice versa.
    4. All other terms and expressions not used in this AML/KYC Policy shall be interpreted in accordance with the definitions provided in the Terms of Use (including Additional Documents), the Czech AML Act and/or Internal AML/CFT Policies.
  3. The scope of this Policy
    1. The AML/KYC Policy encompasses the following areas:
      • Principles, processes, and procedures for the identification and verification of KYC/KYB/KYT.
      • Verification of local and international sanctions lists and databases, including Politically Exposed Persons (PEP) databases.
      • Roles, functions, and obligations of the Money Laundering Compliance Officer (MLCO) and/or Money Laundering Reporting Officer (MLRO) and their respective team members.
      • Monitoring of transactions and other operations conducted by users and partners.
      • Establishment and maintenance of a system of internal rules and risk assessment.
      • Execution of regular internal AML/CFT audits.
      • Implementation of comprehensive record-keeping practices.
      • Provision of AML/CFT education and trainings to all Bitflow staff.
      • Engagement of third-party professional vendors for various monitoring procedures.
      • Compliance with all additional obligations as stipulated by Internal AML/CFT Compliance Policies.
    2. This Policy applies to all employees, contractors, agents or other persons, working on behalf of Bitflow and covers all aspects of its Services and operations.
  4. Customer Due Diligence Procedures
    1. Bitflow follows international rules, standards, guidelines and recommendations to prevent possible Criminal Offenses by conducting Customer Due Diligence (CDD).
    2. Bitflow has its own developed procedures for verifying Users/Partners, aligning with anti-money laundering and KYC/KYB/KYT rules and regulations.
    3. Based on national risk assessments and specific characteristics of Users/Partners and their activities duly specified in its Internal AML/CFT Policies, Bitflow will perform Enhanced Due Diligence (EDD), when necessary and appropriate.
    4. Bitflow evaluates the Risk factors associated with each user or partner and takes extra steps to verify high-risk individuals or entities to prevent possible Criminal Offenses and/or other illegal activities in its business practice.
    5. Bitflow uses SumSub for conducting identification, verification and control procedures in accordance with Czech AML/CFT Act.
    6. Bitflow also has developed KYC/KYB Questionnaires in case if there is a need to conduct manual checks and verification.
    7. Bitflow undertakes to perform constant and permanent monitoring and due diligence of the relevant developments in the field of applicable measures and their effectiveness against legalization of proceeds of crime and financing of terrorism, i.e. the Acts, Decrees, Notices, as well as the relevant regulations published by the Office and available at: www.financnianalytickyurad.cz.
    8. In the process of application of these internal rules, the Bitflow undertakes to act in its business practice in accordance with the Czech AML Act, as well as other applicable and relevant Methodological instructions developed by Office and available at https://www.financnianalytickyurad.cz/metodicke-pokyny (hereinafter altogether referred to as “Methodological Instructions”).
    9. Bitflow ensures that its Services, transactions, operations, products and activities comply with all applicable local and international regulations, as well as regularly reviews and updates its compliance procedures to stay in line with evolving legal requirements.
  5. KYC/KYB/KYT identification and verification procedures
    1. Bitflow carries out User/Partner identification in the following cases:
      • it is clear that the value of the transaction and/or other operation will exceed the amount of 1000 EUR;
      • if it is a Suspicious Transaction; or
      • if it concerns the establishment of a Business Relationship.
    2. Based on the risk assessment, Bitflow can change the limits for carrying out identification and control (inspections) at any time, or introduce new limits for individual types of transactions and/or other operations.
    3. Bitflow always takes steps to confirm the authenticity of data, documents and/or information provided by the Users/Partners.
    4. All legal and effective methods for double-checking identification are used. Bitflow reserves the right to investigate certain Users/Partners who have been determined to be risky and/or suspicious.
    5. Bitflow reserves the right to verify User’s/Partner's identity in a regular and on-going basis, especially when:
      • -their identification information has been changed, or
      • -their activity seemed to be suspicious (unusual for the particular User/Partner).
    6. Bitflow reserves the right to request up-to-date data, information and/or documents from the Users/Partners at any time, even though they have passed KYC/KYB/KYT identification and/or verification in the past.
    7. User’s identification data, information and/or documents are collected, stored, shared and protected by Bitflow strictly in accordance with its Privacy Policy and other applicable laws and regulations.
    8. Once the User’s/Partner's identity has been verified, Bitflow is able to remove itself from potential legal liability in a situation where its Website, Platform, Wallet and/or Services are used to conduct possible Criminal Offenses.
    9. Bitflow carries out the identification in this way:
      • -If the User is a natural person, Bitflow will record and verify from the User's identity card:
        1. Identification data;
        2. Type and number of Identity card;
        3. The state, or the authority that issued it;
        4. Its validity period;
        5. 5.User’s selfie ID for verifying that the User’s likeness matches the image on his/her Identity card;
      • -If the User is a legal entity, we will record and verify its identification data from the document on the existence of the legal entity and further identify the natural person who represents the legal entity in the given case;
      • -If the legal entity’s statutory body, member or controlling person is another legal entity, Bitflow also checks and records its identification data, documents and information.
    10. As part of the identification, Bitflow also determines and records whether the User is a politically exposed person or whether the User is a person against whom the Czech Republic applies international sanctions in accordance with the Act on the Implementation of International Sanctions.
    11. For other Services, Bitflow verifies the identity of natural persons (acting on their own behalf or representing a legal entity).
    12. During the duration of the Agreement or during further Services, Bitflow checks the validity and completeness of your identification data, information and/or documents.
    13. At the place of identification, Bitflow may ask its Users/Partners to provide identification by a notary public or public administration contact point, or take over the identification carried out by a credit or financial institution in connection with the establishment of a Business Relationship.
  6. Monitoring Transactions
    1. The Users are known not only by verifying their identity (who they are) but, more importantly, by analyzing their transactional patterns (what they do).
    2. Bitflow relies on its data analysis including risk-assessment and suspicion detection tools.
    3. Bitflow performs a variety of compliance-related tasks, including capturing data, filtering, record-keeping, investigation management, and reporting.
    4. Bitflow monitors all transactions and it reserves the right to:
      • ensure that suspicious transactions are reported to the Compliance Officer and MLRO;
      • request the User/Partner to provide any additional data, information and documents in case of suspicious transactions;
      • suspend or terminate User’s Account and/or Services when Bitflow has reasonably suspicion that such User engaged in Criminal Offenses and/or any other illegal activity.
    5. The above list is not exhaustive and the Compliance Officer will monitor Users’ transactions on a day-to-day basis in order to define whether such transactions are to be reported and treated as suspicious or are to be treated as bona fide.
  7. Red Flags and other Risk Factors
    1. Bitflow establishes a non-exhaustive list of red flags indicating the features of potential fraudulent and other illegal activities, as well as provide guidance on how to respond to these Risk factors, described below in this Section.
    2. Bitflow always conducts KYC/KYB procedures to duly and properly identify and verify its Users’/Partners’ identities in accordance with the applicable laws, regulations and best practices. Users are required to promptly update their Personal Data (Personal Information) when changes occur.
    3. Bitflow investigates any accounts, transactions and/or operations, engaged in suspicious or manipulative Users’/Partners’ activities.
    4. Bitflow terminates the provision of its Services, transactions and other operations, if its User/Partner is involved in any type of financial manipulations, wash trading, or spoofing.
    5. Bitflow terminates the provision of its services, transactions and other operations, if its user provides false or misleading identity information until the identity verification of such a user is completed correctly.
    6. Bitflow encourages its users to report all phishing attempts to our Support Team to the following e-mail address:[email protected] for our immediate investigation.
    7. The User should comply with the following clear instructions (steps) for reporting any suspicious activity, fraud and/or phishing attempts:
      • In the subject line of the email, use a clear and descriptive phrase, such as "Fraud Report" or "Phishing Attempt"
      • In the email body, the User should provide the following information:
        1. His/her full name and username on the platform (if applicable).
        2. A detailed description of the fraudulent or phishing activity the User encountered, including any relevant dates, times, and affected accounts.
        3. Any and all evidences and/or screenshots related to the incident (if available).
      • The User should not include any sensitive personal or account information in the email, such as its password or account credentials. Bitflow will never ask for such information via email.
      • After composing the email, the User should click the "Send" button to submit report.
      • The User will receive an email confirmation acknowledging receipt of his/her report. Bitflow’s Support Team will review the information provided and, if necessary, initiate an investigation or ask for more details.
    8. Bitflow takes reports of Fraud and phishing attempts seriously and are committed to safeguarding our users from such activities. Such reports will help us maintain a secure and trustworthy trading environment.
    9. In case of any further questions or concerns, the User should reach out to our Support Team for assistance to the following e-mail address: [email protected]
    10. Bitflow implements strong cybersecurity measures to protect customer data and assets, including encryption, regular security assessments and so on.
    11. Users who provide false or misleading identity information may have their accounts suspended until identity verification is completed correctly.
    12. Multiple accounts under the same identity information, as well as frequent and large deposits from unverified or high-risk sources will be flagged for review.
  8. Obligations of the client and the consequences of their violation
    1. It is the User's/Partner's duty to provide Bitflow with the data, documents and/or information necessary to carry out the identification, verification and control, including the submission of the relevant documents, and all cooperation necessary to fulfill the obligations arising from the Czech AML/CFT Act and other applicable laws and regulations.
    2. Failure to submit to identification, verification, control and/or inspection or failure to provide the necessary cooperation on your part will result in the refusal to carry out our Services or the termination of the Agreement.
    3. We are obliged to report suspicious transactions to the Office without undue delay, which will then decide on further measures.
    4. In the case of a suspicious transaction, the processing of your order may be delayed, or your property may be seized, in accordance with the decision of the Office.
  9. Sanctions and PEP lists screening.
    1. Bitflow screens applicants against recognised Sanctions and PEP lists and/or databases.
    2. Individuals and legal entities are screened against mentioned lists:
      • -on the onboarding stage when the user is submitting the application;
      • -on each anti-fraud and AML alerts manually by MLCO/MLRO.
    3. For the screening process performing Bitflow uses various official online search tool for manual confirmation.
  10. Control and Inspections
    1. Bitflow checks:
      • before making a transaction outside the business relationship at the latest when it is clear that the transaction will reach a value of 10000 EUR or more,
      • If it is a suspicious transaction;
      • upon the establishment of a business relationship, before the transaction; and
      • regularly during the duration of the Business Relationship.
    2. The inspection includes:
      • obtaining information about the purpose and intended nature of the transaction or business relationship;
      • ascertaining the ownership and management structure of the client and its real owner, if the client is a legal entity, and taking measures to find out and verify the identity of the real owner;
      • ongoing monitoring of the business relationship, including review of trades made during the course of the relationship;
      • reviewing the sources of funds or other assets involved in the business or business relationship;
      • carrying out other measures and procedures where necessary and appropriate in accordance with the Czech AML/CFT Act and other applicable laws and regulations.
  11. Risk Assessment
    1. Bitflow, in line with the international requirements, has adopted RBA to combating money laundering and terrorist financing.
    2. By adopting RBA, Bitflow is able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate to the identified risks.
    3. The Bitflow's strategy will allow resources to be allocated in the most efficient ways. The principle is that resources should be directed in accordance with priorities so that the greatest risks receive the highest attention.
  12. Compliance Officer (MLCO) and MLRO
    1. The Compliance Officer and MLRO are the persons duly authorized by Bitflow who are responsible for ensuring that the AML/KYC Policy is effectively implemented and adhered to, as well as overseeing all aspects of AML/CFT activities, including but not limited to:
      • Establishing and updating internal policies and procedures for completing, reviewing, submitting and maintaining all reports and records required by applicable laws and regulations;
      • Monitoring transactions and investigating any significant deviations from normal activities;
      • Implementing of a records management system for the proper storage and retrieval of documents, files, forms and logs;
      • Regular updating of the risk assessment procedures;
      • Providing information to law enforcement agencies in accordance with applicable laws and regulations.
    2. The Compliance Officer/MLRO has the right to interact with law enforcement agencies that are involved in the prevention of money laundering, terrorist financing and other illegal activities.
    3. MLCO/MLRO regularly educate all employees on recognizing and preventing Fraud, Criminal Offenses and other illegal activities, as well as ensure that they are up to date with the latest AML/CFT, Fraud trends, legislative and/or practical changes, and prevention techniques.
    4. Employees who suspect or detect fraudulent activities must report them immediately to the MLCO/MLRO.
  13. Final Provisions
    1. This AML Policy is a binding, integral and mandatory part of the Bitflow's Terms of Use, and Bitflow can unilaterally change, amend and/or supplement it at any time. This AML Policy is a part of the Bitflow’s Additional Documents.
    2. By confirming Your consent to the Bitflow's Terms of Use, You confirm that You have thoroughly read and accepted this AML Policy as well.
    3. If You have any questions about this AML Policy, procedures and/or any other AML/KYC-related matters or any complaints about Bitflow’s Services, You may contact Us at [email protected].