AML / KYC Policy

Last updated: March 24, 2024

CepheiEX’s (formally “1CepheiEX s.r.o.”) Anti-Money Laundering and Know Your Customer Policy (hereinafter – the “AML/KYC Policy”) is designated to prevent and mitigate possible risks of money laundering, terrorism financing and similar.

Both international and local regulations require CepheiEX to implement effective internal procedures and mechanisms to prevent money laundering, terrorist financing, drug and human trafficking, proliferation of weapons of mass destruction, corruption and bribery and to take action in case of any form of suspicious activity from its Users.

AML/KYC Policy covers the following matters:

1. Verification procedures
2. Sanctions and PEP lists screening
3. Compliance Officer.
4. Monitoring Transactions.
5. Risk Assessment

The Policies are designed to lay down a framework to:

• prevent CepheiEX from being used, intentionally or unintentionally, by criminal elements for money laundering or financing terrorist activities;
• enable CepheiEX to know and understand its customers, clientele, contributors, and other contacts with which CepheiEX has any financial dealings with (collectively, “Clients”) and their financial background and source of funds better, which in turn would help it to manage its risks prudently;
• put in place appropriate controls for detection and reporting of suspicious activities in accordance with applicable laws, procedures and regulatory guidelines; and
• equip employees and contractors of CepheiEX with the necessary training and measures to deal with matters concerning KYC/AML procedures and reporting obligations.

The Policies are revisited periodically and amended from time to time based on prevailing industry standards and international regulations designed to facilitate the prevention of illicit activity including money laundering and terrorist financing. All senior management and employees of CepheiEX are required to acknowledge and be familiar with the Policies.

This AML and KYC policy is an online abstract of the company’s Czech FNTT-approved AML and KYC policies, which forms the foundation of CepheiEX’s financial license. It is supplemented by further documentation, such as CepheiEX‘s Anti-Bribery Policy.

1. Identity Verification procedures

One of the international standards for preventing illegal activity is customer due diligence (“CDD”). According to CDD, CepheiEX establishes its own verification procedures within the standards of anti-money laundering and “Know Your Customer” (KYC) frameworks.

1.1. Identity verification

CepheiEX’s identity verification procedure requires the User to provide CepheiEX with reliable, independent source documents, data or information (e.g., login via BankID/NemID, national ID, international passport, bank statement, utility bill). For such purposes CepheiEX reserves the right to collect, store and process User’s identification information for the AML/KYC Policy purposes. User’s identification information will be collected, stored, shared and protected strictly in accordance with the CepheiEX’s Privacy Policy and related regulations.

CepheiEX will take steps to confirm the authenticity of documents and information provided by the Users. All legal methods for double-checking identification information will be used and CepheiEX reserves the right to investigate certain Users who have been determined to be risky or suspicious.

CepheiEX reserves the right to verify User’s identity in an on-going basis, especially when their identification information has been changed or their activity seemed to be suspicious (unusual for the particular User). In addition, CepheiEX reserves the right to request up-to-date documents from the Users, even though they have passed identity verification in the past.

Once the User’s identity has been verified, CepheiEX shall be able to remove itself from potential legal liability in a situation where its Services are used to conduct illegal activity.

1.2. Card verification

The Users who are intended to use payment cards in connection with the CepheiEX’s Services have to pass card verification in accordance with instructions available on the CepheiEX’s Site. This includes 3D Secure and other security measures.

2. Sanctions and PEP lists screening

CepheiEX screens applicants against recognised Sanctions and Politically Exposed Persons (PEPs) lists. Individuals and legal entities are screened against mentioned lists:

• on the onboarding stage when the user is submitting the application;
• on each anti-fraud and AML alerts manually by Compliance Officer;
• monthly by running automatically, re-checking all customers in the database.

For the screening process performing CepheiEX uses NameCheck, MemberCheck, Acuris and other data providers, integrated into the proprietary software and supported by World-Check online search tool for confirmation.

3. Compliance Officer

The Compliance Officer is the person, duly authorized by CepheiEX, whose duty is to ensure the effective implementation and enforcement of the AML/KYC Policy. It is the Compliance Officer’s responsibility to supervise all aspects of CepheiEX’s anti-money laundering and counter-terrorist financing, including but not limited to:

1. Collecting Users’ identification information.
2. Establishing and updating internal policies and procedures for the completion, review, submission and retention of all reports and records required under the applicable laws and regulations.
3. Monitoring transactions and investigating any significant deviations from normal activity.
4. Implementing a records management system for appropriate storage and retrieval of documents, files, forms and logs.
5. Updating risk assessment regularly.
6. Providing law enforcement with information as required under the applicable laws and regulations.

The Compliance Officer is entitled to interact with law enforcement, which are involved in prevention of money laundering, terrorist financing and other illegal activity.

4. Monitoring Transactions

The Users are known not only by verifying their identity (who they are) but, more importantly, by analyzing their transactional patterns (what they do – so-called “Know Your Transaction” (KYT)). Therefore, CepheiEX relies on data analysis as a risk-assessment and suspicion detection tool.;

CepheiEX performs a variety of compliance-related tasks, including capturing data, filtering, record-keeping, investigation management, and reporting. System functionalities include:

1. Daily check of Users against recognized “black lists” (e.g. OFAC), aggregating transfers by multiple data points, placing Users on watch and service denial lists, opening cases for investigation where needed, sending internal communications and filling out statutory reports, if applicable;
2. Case and document management.

Data providers include ChainScore, Wallet Explorer, Blockchain.com and other data providers.

With regard to the AML/KYC Policy, CepheiEX will monitor all transactions and it reserves the right to:

• ensure that transactions of suspicious nature are reported to the proper law enforcement through the Compliance Officer;
• request the User to provide any additional information and documents in case of suspicious transactions;
• suspend or terminate User’s Account when CepheiEX has reasonably suspicion that such User engaged in illegal activity.

The above list is not exhaustive and the Compliance Officer will monitor Users’ transactions on a day-to-day basis in order to define whether such transactions are to be reported and treated as suspicious or are to be treated as bona fide.

5. Risk Assessment

CepheiEX, in line with the international requirements, has adopted a risk-based approach (“RBA”) to combating money laundering and terrorist financing. By adopting a risk-based approach, CepheiEX is able to ensure that measures to prevent or mitigate money laundering and terrorist financing are commensurate to the identified risks. This will allow resources to be allocated in the most efficient ways. The principle is that resources should be directed in accordance with priorities so that the greatest risks receive the highest attention. The risk-based approach guidelines are as follows:

• Before entering into any transaction or proposed transaction, necessary checks shall be conducted in line with the RBA so as to ensure that the identity of the Clients does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations;
• For the purpose of risk categorization of the Clients, the relevant information shall be obtained from the Clients at or before the time of entering into a transaction;
• The risk categorization process for different types of Clients may take into account the background of the Clients, country of origin, sources of funds, volume of turnover or deposits, as well as social and financial background;
• The outcome of the risk categorization process shall be decided based on the relevant information provided by the Clients at the time of commencement of business relationship;
• Enhanced due diligence would be required for higher-risk Clients, especially those for whom the sources of funds are not clear, or for transactions of higher value and frequency, which shall be determined by CepheiEX at its sole and absolute discretion; and
• CepheiEX must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the CepheiEX in compliance with the relevant legislations in place.