TRASTRA logo

INTRODUCTION

TRASTRA EU UAB (referred to as “TRASTRA” “the Firm”, “the Company”, “we” or “us”) is committed to the highest standards in the prevention of Money Laundering (AML), Bribery and Corruption (ABAC), Counter Terrorism Financing (CTF), Fraud and other punishable criminal acts.

This Anti-Money Laundering, Countering Terrorist Financing and Financial Crime Policy (“the Policy”) provides guidelines and procedures applicable to daily activities of the Company, which are intended to prohibit and actively prevent using the Company’s services for money laundering, funding of terrorist or criminal activities, or facilitation of any such activity. 

The Company has developed and implemented this Policy using a risk-based approach to address the risk of money laundering specific to the Company’s services, customers and business partners in order to comply with the Requirements and combat money laundering, terrorist financing, and other financial crimes.

Scope

The Policy outlines the minimum general standards of AML and CTF controls which should be followed by the Company’s management and employees in order to mitigate any legal, regulatory, reputational and as consequence financial risks. Detailed procedures will be produced for each AML/CTF measure in order to match local and international standards and best practices. The company adopts the following procedures:

  • Customer due diligence;
  • Risk-based approach;
  • Record keeping;
  • Internal reporting;
  • External reporting;
  • Training. 

Definitions

MLRO – The Firm’s Money Laundering Reporting Officer (also known as the “MLRO”), whose responsibility is to supervise, implement and report any activity which could be related to Money Laundering or Terrorism Financing.

AML – Anti-Money Laundering is a set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions.

ML – Money Laundering means the concealment of the origins of illegally obtained money, typically by means of transfers involving banks or legitimate businesses. In most cases money launderers hide their actions through a series of steps that disguise money coming from illegal or unethical sources to appear as if it were legitimate funds.

TF – Terrorism Financing refers to the processing of funds to sponsor or facilitate terrorist activity. A terrorist group, like any other criminal organisation, builds and maintains an infrastructure to facilitate the development of sources of funding, to channel those funds to the providers of materials and or services to the organisation, and, possibly, to launder the funds used in financing the terrorist activity, or resulting from that same activity. Terrorist organizations derive income from a variety of sources, often combining both lawful and unlawful funding, and where the agents involved do not always know the illegitimate portion of that income.

KYC – Know your customer (“KYC”) is the process used by businesses to verify the identity of their customers. KYC policies are becoming increasingly important globally to prevent identity theft, financial fraud, money laundering and terrorism financing.

CDD – Customer Due Diligence means:

a)

identifying the customer and verifying the customers’ identity based on documents, data or information;

b)

identifying where there is a beneficial owner who is not the customer;

c)

obtaining information on the purpose and intended nature of the business relationship.

EDD – Enhanced Due Diligence designates additional steps of examination and caution to identify the customers and confirm that their activities and funds are legitimate.

SDD – Simplified Due Diligence – means that it is not required for a business to apply the standard customer due diligence measures, where the business has reasonable grounds for believing that a customer falls into the relevant categories representing low risk for money laundering or terrorism financing.

PEP – Politically Exposed Persons (“PEPs”) are individuals who are or have been entrusted with prominent governmental / public functions.

FATF – Financial Action Task Force (www.fatf-gafi.org) is an independent inter-governmental body that develops and promotes policies to protect the global financial system against money laundering, terrorist financing and proliferation of weapons of mass destruction.

OFAC – Office of Foreign Assets Control – Is part of the U.S. Department of the Treasury. It is responsible for administering and enforcing trade and economic sanctions.

FCIS – Financial Crime Investigation Service – Financial Intelligence Unit (LT). The FCIS is the national central agency in UK that is responsible for the collection, collation, processing, analysis and dissemination of information with a view to combating money laundering and the funding of terrorism.

MFSA – Malta Financial Services Authority. The authority is the single regulator for financial services in Malta.

MONEYVAL – The Council of Europe Select Committee of Experts on the Evaluation of anti-Money Laundering Measures and the Financing of Terrorism

Tipping Off – Improper or illegal act of notifying a suspect that they are the subject of a Suspicious Activity / Transaction Report or is otherwise being investigated or pursued by the authorities.

Monitoring – An element of an institution’s anti-money laundering program in which customer activity is reviewed for unusual or suspicious patterns, trends or outlying transactions that do not fit a normal pattern. Transactions are often monitored using software that weighs the activity against a threshold of what is deemed “normal and expected” for the customer.

Risk-Based Approach – The assessment of the varying risks associated with different types of businesses, customers, accounts and transactions in order to maximise the effectiveness of an anti-money laundering program.

UBO – ‘Ultimate Beneficial owner’ means any natural person(s) who ultimately owns and consequently controls or directs the customer and/or the natural person(s) on whose behalf a transaction or activity is being conducted and includes at least.

SAR – A Suspicious Activity Report made by the MLRO to the FCIS regarding suspicious activity.

RBA – Risk-Based approach.

Regulatory framework

The Company must comply with the following regulatory framework (“the Requirements”):

  • Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market;
  • 5th AML Directive: Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018;
  • The General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016;
  • Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds;
  • Transparency International’s corruption perception index;
  • Technical Requirements for the Customer Identification Process for Remote Identification Authentication via Electronic Devices for Direct Video Transmission approved by the Director of the Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania on November 30th 2016 by Resolution No. V-314 “For the Technical Requirements for the Customer Identification Process for Remote Identification Authentication via Electronic Devices for Direct Video Transmission” (hereinafter – Technical Requirements);[1]
  • Resolution No. V-240 of December 5th of 2014 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania “On the Approval of the List of Criteria for Money Laundering and Suspicious or Unusual Monetary Operations or Transactions Identification”;[2]
  • Resolution No. V-5 of 5 January 10th of 2020 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania “On the Approval of Guidelines for the Depositary virtual currency wallet operators and virtual currency exchange operators to prevent money laundering and/ or terrorist financing.”;[3]
  • Resolution No. V-273 of October 20th of 2016 of the Director of Financial Crime Investigation Service under the Ministry of Internal Affairs of the Republic of Lithuania “On the Approval of Guidelines for the Supervision of Financial Crimes for the Implementation of International Financial Sanctions in the Field of Regulations of the Ministry of Internal Affairs of the Republic of Lithuania.”;[4]
  • the Minister of the Interior of the Republic of Lithuania 2017 October 16 by order no. 1V-701 “On Suspension of Suspicious Monetary Transactions or Transactions and Submission of Information on Suspicious Monetary Transactions or Transactions to the Financial Crime Investigation Service under the Description of Procedure of the Ministry of the Interior of the Republic of Lithuania and Information on Cash Transactions or Transactions equal to or exceeding 15,000 euros or submission of the corresponding amount in foreign currency to the Financial Crime Investigation Service under the approval of the description of the procedure of the Ministry of the Interior of the Republic of Lithuania ”;[5]
  • Director of the Financial Crime Investigation Service 2015 May 21 by order no. V-129 “On Approval of Information Forms, Submission Schemes and Recommendations for Completion of Information Provided in Accordance with the Requirements of the Law on Prevention of Money Laundering and Terrorist Financing of the Republic of Lithuania”;[6]
  • Lithuanian Law on the Prevention of Money Laundering and Terrorist Financing.

RESPONSIBILITIES

Compliance

The Compliance Officer and thus the Compliance Department monitor compliance with the relevant requirements and standards of the regulatory system for the activities of the Company. The compliance functions must not be involved in the performance of the services or activities they monitor.

The department also realizes day to day non-exhaustive list of functions including:

  • Assisting with the development, implementation, and maintenance of anti-money laundering and other regulatory compliance programs within the company.
  • Ensuring compliance with current AML/CFT regulations, and other relevant legislation.
  • Developing and maintaining a risk assessment framework for products and services, customers and customers, and other issues relating to money laundering and other financial crimes the company may be exposed to.
  • Compliance reporting to the authorities.
  • Arranging and implementing inspections and audits from third-party organizations and making compliance recommendations based on their findings.
  • Briefing and reporting to senior management on matters relating to adequacy of the internal policies and procedures and compliance with internal policies and procedures.
  • Overseeing and implementing an ongoing training program for other employees.

Money Laundering Reporting Officer

The Money Laundering Reporting Officer is responsible for the oversight of all aspects of the Company’s AML activities

MLRO is responsible for reporting ML/FT activity or transaction by fulfilling the following steps:

  • receiving reports of knowledge or suspicion of ML/FT;
  • considering such reports to determine whether a suspicion of ML/FT is valid;
  • reporting knowledge or suspicion of ML/FT to the FCIS;
  • responding promptly to any request for information made by the FCIS.

The MLRO is also responsible for reporting regarding specific transactions without ML/TF activity (e.g. for daily transactions with ≤ €15,000 value).

The Company may appoint a nominated officer to carry out information disclosure tasks. The Compliance officer may execute functions of the MLRO.

The Board of Directors

In its task of directing the company, the board has the following responsibilities:

To designate an individual as the MLRO.

To be informed about the management of the Compliance Program executed by the MLRO.

To assign the required budget and resources to the MLRO for appropriately performing and running the AML CTF Compliance Function and its Program.

To review and approve the AML CFT Policy and its updates proposed by the MLRO.

Senior Management

The Company’s senior management is responsible for establishing and communicating the Compliance policy and maintaining the Compliance function.

In its responsibility, the AML CTF Lithuanian Law has assigned the role to review and approve establishing relationships with High Risk Customers (HRC), when those are being proposed as prospective clients by the MLRO, before entering into a business relationship with, or when a customer from the stock becomes a HRC.

Senior management accepts their Compliance responsibilities and understands the key elements of the regulatory regime and how it impacts the activities and aspirations of the company.

Senior management is kept fully informed of Compliance activities and priorities. Senior management lends their full support to the Compliance Department.

Middle Management and Employees

Middle management and all staff of the company should be fully aware and understand their legal and regulatory responsibilities and obligations with regards to money laundering and terrorist financing activities.

Employees AML training programs will be organised with respect of operational tasks and responsibilities.

Enforcement and Disciplinary Consequences

Any employee found to have violated this Policy will receive a verbal warning. The second incident of the same nature will result in a warning letter to the employee. A third such violation will result in termination of employment of the employee. Deliberate breach of this Policy might result in dismissal for gross misconduct and external report to authorities.

Employees have to pass mandatory AML compliance training arranged by the Company and be aware about the consequences of their failure to comply with the Policy, including reporting potential fraudulent/suspicious activities that may lead to the employee’s voluntary or involuntary involvement into criminal activities. (See more in Training)

Any third-party partner found to have violated this Policy will be subject to contract termination as well as any other remedial measures available under applicable law including reporting to FCIS.

The company will never ignore AML concerns or information from its partners: Financial Institutions, Merchants, Customers and/or law enforcement agencies. Each such concern, information, request will be carefully considered and investigated by the MLRO, and relevant necessary measures will be taken by the Company.

CUSTOMER AND PARTNER DUE DILIGENCE

This Policy also applies to certain engagements of third parties intermediaries or agents (“partners”) who are retained to act on behalf of the Company to solicit new customers, support efforts to retain existing customers or supply services to fulfill a legal, regulatory or practical business operational need. The Company expects all business partners to act with integrity and in accordance with the highest business standards.

Prior to the conclusion of business relationship with a customer or partner the company obtains a range of information from the customer/partner and verifies this information using reliable, independent source documents, data or information. Satisfactory identification of the customer takes place on the onboarding stage. Satisfactory identification of the partner is done prior to signing the agreement or making a payment (whichever occurs first).

As a starting point for the partners, the Company’s employee is required to get information on the nature and purpose of the proposed business cooperation. This includes understanding what the partners business is, cooperation of what sort is expected, and what value for the Company it might bring.

Due Diligence measures are to be designed but not limited to:

be satisfied that its customers are who they say they are;

  • understand whether its customers are acting on behalf of others;
  • the identity of any ultimate beneficial owner(s);
  • understand its customers’ circumstances to guard against them being used for fraud, money laundering or other criminal activity;
  • prognose the expected amount of referrals from the partner and assess their quality;
  • prognose the expected level of customers’ activity in terms of volume, velocity or geography;
  • regularly review and update if necessary, the information about a customer/partner. 

Enforcement and Disciplinary Consequences

Any employee found to have violated this Policy will receive a verbal warning. The second incident of the same nature will result in a warning letter to the employee. A third such violation will result in termination of employment of the employee. Deliberate breach of this Policy might result in dismissal for gross misconduct and external report to authorities.

Employees have to pass mandatory AML compliance training arranged by the Company and be aware about the consequences of their failure to comply with the Policy, including reporting potential fraudulent/suspicious activities that may lead to the employee’s voluntary or involuntary involvement into criminal activities. (See more in Training)

Any third-party partner found to have violated this Policy will be subject to contract termination as well as any other remedial measures available under applicable law including reporting to FCIS.

The company will never ignore AML concerns or information from its partners: Financial Institutions, Merchants, Customers and/or law enforcement agencies. Each such concern, information, request will be carefully considered and investigated by the MLRO, and relevant necessary measures will be taken by the Company.

CUSTOMER ACCEPTANCE

Enforcement and Disciplinary Consequences

Any employee found to have violated this Policy will receive a verbal warning. The second incident of the same nature will result in a warning letter to the employee. A third such violation will result in termination of employment of the employee. Deliberate breach of this Policy might result in dismissal for gross misconduct and external report to authorities.

Employees have to pass mandatory AML compliance training arranged by the Company and be aware about the consequences of their failure to comply with the Policy, including reporting potential fraudulent/suspicious activities that may lead to the employee’s voluntary or involuntary involvement into criminal activities. (See more in Training)

Any third-party partner found to have violated this Policy will be subject to contract termination as well as any other remedial measures available under applicable law including reporting to FCIS.

The company will never ignore AML concerns or information from its partners: Financial Institutions, Merchants, Customers and/or law enforcement agencies. Each such concern, information, request will be carefully considered and investigated by the MLRO, and relevant necessary measures will be taken by the Company.

RISK-BASED APPROACH: AML RISK ASSESSMENT

Enforcement and Disciplinary Consequences

Any employee found to have violated this Policy will receive a verbal warning. The second incident of the same nature will result in a warning letter to the employee. A third such violation will result in termination of employment of the employee. Deliberate breach of this Policy might result in dismissal for gross misconduct and external report to authorities.

Employees have to pass mandatory AML compliance training arranged by the Company and be aware about the consequences of their failure to comply with the Policy, including reporting potential fraudulent/suspicious activities that may lead to the employee’s voluntary or involuntary involvement into criminal activities. (See more in Training)

Any third-party partner found to have violated this Policy will be subject to contract termination as well as any other remedial measures available under applicable law including reporting to FCIS.

The company will never ignore AML concerns or information from its partners: Financial Institutions, Merchants, Customers and/or law enforcement agencies. Each such concern, information, request will be carefully considered and investigated by the MLRO, and relevant necessary measures will be taken by the Company.

ONGOING MONITORING PROCESS

The company recognizes the risks relevant to its business model and operations and uses internal solutions for monitoring. One of the vital processes for this task is an ongoing monitoring of customer activity.

Suspicious Activity: Characteristics and Red Flags

Any employee 

Automated systems - The AML filters for real life monitoring

Any employee

Post Monitoring Alerts Analysis by Compliance

Any employee

Protocol of actions upon detecting Suspicious activity

Any employee

REPORTING

Internal Reporting and SAR Procedure

Enforcement and Disciplinary Consequences

Any employee

Identification and investigation of Suspicious Activity by Compliance: Internal SAR Procedure

Any employee

External SAR (report to FNTT) Procedure

When all the applicable information gathered is analysed and documented by the MLRO and they decide that a SAR is required, the information should be described in the SAR.

It is the MLRO’s responsibility to file a SAR. Therefore, they must ensure that all relevant information is verified, disclosed with the SAR and compliant with the legal requirement. The information generated is crucial and plays an important basis for identifying a potential illegal activity such as money laundering and terrorist financing hence, it should be as accurate and complete as possible. It assists the responsible authority in detecting and preventing the flow of illicit funds through the financial systems.

SAR’s Content

Any employee

Obligatory reports

Any employee

Tipping off

Any employee

Information sharing

Cooperation with state agencies

Any employee

Sharing information with other Financial Institutions

Any employee

EMPLOYEES

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Enforcement and Disciplinary Consequences

Any employee found to have violated this Policy will receive a verbal warning. The second incident of the same nature will result in a warning letter to the employee. A third such violation will result in termination of employment of the employee. Deliberate breach of this Policy might result in dismissal for gross misconduct and external report to authorities.

Employees have to pass mandatory AML compliance training arranged by the Company and be aware about the consequences of their failure to comply with the Policy, including reporting potential fraudulent/suspicious activities that may lead to the employee’s voluntary or involuntary involvement into criminal activities. (See more in Training)

Any third-party partner found to have violated this Policy will be subject to contract termination as well as any other remedial measures available under applicable law including reporting to FCIS.

The company will never ignore AML concerns or information from its partners: Financial Institutions, Merchants, Customers and/or law enforcement agencies. Each such concern, information, request will be carefully considered and investigated by the MLRO, and relevant necessary measures will be taken by the Company.

Enforcement and Disciplinary Consequences

Any employee found to have violated this Policy will receive a verbal warning. The second incident of the same nature will result in a warning letter to the employee. A third such violation will result in termination of employment of the employee. Deliberate breach of this Policy might result in dismissal for gross misconduct and external report to authorities.

Employees have to pass mandatory AML compliance training arranged by the Company and be aware about the consequences of their failure to comply with the Policy, including reporting potential fraudulent/suspicious activities that may lead to the employee’s voluntary or involuntary involvement into criminal activities. (See more in Training)

Any third-party partner found to have violated this Policy will be subject to contract termination as well as any other remedial measures available under applicable law including reporting to FCIS.

The company will never ignore AML concerns or information from its partners: Financial Institutions, Merchants, Customers and/or law enforcement agencies. Each such concern, information, request will be carefully considered and investigated by the MLRO, and relevant necessary measures will be taken by the Company.

RECORD RETENTION

List of documents

The Company will keep the following documents and records for eight (8) according to the Lithuanian regulation:

  • Copies of, or references to, the evidence obtained of a customer’s identity for eight years after the end of the customer relationship;
  • Details of customer transactions for eight years from the date of the relevant transaction;
  • Records of all AML/CTF training delivered;
  • Details of actions taken in respect of internal and external suspicion reports;
  • Details of information considered by the MLRO or his nominee in respect of an internal report where no external report is made.

SAR storage

All internal and external SAR filings and copies of supporting documentation are segregated by the Head of Compliance department from other Company books and records to avoid unauthorised disclosure of those documents.

Records and reports are stored separately from all other Company confidential information and documentation, including SARs.

Disposal Procedures

Documents no longer required to be retained will be disposed of in accordance with the Company’s Information Security Policy, including:

  • electronic documents will be deleted without a recovery option, and
  • the paper documents will be shredded.

Disposition will be made and recorded by the Head of Compliance department, and the records of disposal will be maintained for eight [8] years.

AUDIT OF THE CURRENT AML CTF Program

  1. The Head of Compliance department is responsible for annually reviewing and assessing this policy. The Head of Compliance department will keep a record of this procedure and protocol the results.
    Based on the results of this audit, the Head of Compliance department will suggest the necessary amendments for internal procedures and controls which will be presented at the next Board meeting for the approval of necessary policy amendments and operational changes.
  2. Using statistical data, records and testing, the audit will include, but not be limited to, the evaluation of the following:
    • Customer types;
    • Duration of business relations;
    • Number and nature of new accounts;
    • Number of closed and blocked accounts;
    • Analysis of international activity: customer locations and transaction jurisdictions;
    • Review the strength of screening systems;
    • List of approved PEPs;
    • Transactions data: amount, velocity for each product/service;
    • High value transactions;
    • Review of initial risk profile score;
    • Assessment of random customer accounts and their activity;
    • Assessment of random transactions and their AML Compliance;
    • Review of internal and external SARs;
    • Review amount of external Compliance requests (from authorities and other FIs);
    • AML employee’s expertise and coverage;
    • Reviews of training records and scheduling training program for the next calendar year;
    • Review AML audits from previous years to assess the progress and efficiency of changes.