The purpose of this Policy for the Prevention of Money Laundering and Terrorist Financing System (hereinafter, the "Policy") is to establish the basic mechanisms, policies and procedures that must be observed and applied by PROTERON OÜ (hereinafter , "Company"), to prevent the activities they perform from being exposed to their use for illicit purposes linked to the crimes of money laundering and the financing of terrorism (hereinafter, "AML/CFT").

In this sense, this Policy must be applied by Company, its shareholders, managers, officials and workers (hereinafter, "Employees"). Likewise, the scope of application of the Policy may be extended to the main suppliers and counterparts of Company when, in the opinion of the Compliance Officer, such third parties may generate risks of illicit activities.

If you wish to enter into a transaction or business relationship with company, you must read and approve of this policy and all of the other policies which are publicly available on www.dalongpay.com (“company website”).

This policy complies with the following regulations:

  • Estonian Money Laundering and Terrorist Financing Prevention Act
  • Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015

Application of customer due diligence measures

 

Aim of the Policy and its elements

The aim of this Policy is to ensure the proper identification and verification of customers or persons participating in transactions, as well as ongoing monitoring of business relationships, including transactions carried out during business relationships, regular verification of data used for identification, update of relevant documents, data or information and, when necessary, identification of

the source and origin of funds used in transactions.

Customer due diligence comprises a set of activities and practices arising from the organisational and functional structure of the Company and described in internal procedures, which have been approved by the Company and the implementation of which is subject to control systems established and applied by internal control rules.

The purpose of customer due diligence is to prevent the use of assets and property obtained in a criminal manner in the economic activities and in the services provided by them. Customer due diligence is aimed at applying the Know-Your-Customer principle, under which a customer shall be identified and the appropriateness of transactions shall be assessed based on the customer’s principal business and prior pattern of payments. Customer due diligence serves to identify unusual circumstances in the operations of a customer or circumstances whereby an employee of the Company has reason to suspect money laundering or terrorist financing.

Customer due diligence ensures the application of adequate risk management measures in order to ensure constant monitoring of customers and their transactions and the gathering and analysis of relevant information. Upon applying the customer due diligence measures, the Company will follow the principles compatible with its business strategy and, based on prior risk analysis and depending on the nature of the customer’s business relationships, apply customer due diligence to a different extent.

Customer due diligence is applied based on risk sensitive basis, i.e. the nature of the business relationship or transaction and the risks arising therefrom shall be taken into account upon selection and application of the measures. Risk-based customer due diligence calls for the prior weighing of the specific business relationships or transaction risks and, as a result thereof, qualification of the business relationship in order to decide on the nature of the measure to be taken (for instance, normal, enhanced or simplified due diligence measures could be applied).

If the risk level of a customer or a person participating in a transaction is low, the Company may apply simplified due diligence measures, but is not allowed to skip customer due diligence entirely. If the risk level arising from a customer or a person participating in a transaction is high, enhanced due diligence measures will be applied.

Upon establishing a business relationship, the Company will identify the person and verify their right of representation based on reliable sources, identify the beneficial owner and, in the case of companies, the control structure, as well as identify the nature and purpose of possible transactions, including, if necessary, the source and origin of the funds involved in the transactions.

Customer due diligence measures are appropriate and with suitable scope if they make it possible to identify transactions aimed at money laundering and terrorist financing and identify suspicious and unusual transactions as well as transactions that do not have a reasonable financial purpose or if they at least contribute to the attainment of these goals.

The first requirement for the measures of prevention of money laundering and terrorist financing is that the Company does not enter into transactions or establish relationships with anonymous or unidentified persons. Legislation requires that the Company waives a transaction or the establishment of a business relationship if a person fails to provide sufficient information to identify the person or about the purpose of the transactions or if the operations of the person involve a higher risk of money laundering or terrorist financing. Also, legislation requires the Company to terminate a continuing contract without the advance notification term if the person fails to submit sufficient information for application of customer due diligence measures.

The Company ensures that information concerning a customer (incl. gathered documents and details) is up to date. In the event of customers or business relationships falling in the high risk category, the existing information will be verified more frequently than in the event of other customers/business relationships. The respective data shall be preserved in writing or in a form that can be reproduced in writing and made available to all relevant employees who need it to perform their employment duties.

The principles and instructions provided for in the customer due diligence measures are set out in the internal procedures of the Company. Independent control mechanisms are established over adherence to these procedures and the relevant training of employees are ensured.

 

General obligatory identification rules

The Policy for the application of customer due diligence measures requires the identification and verification in case of:

  1. establishing business relationships with persons with whom the Company has no previous business relationships;
  2. conducting transactions with persons with whom the relationship between the person and the Company will not constitute a business relationships and whereby the amount transferred exceeds EUR 15 000, or an equal amount in any other currencies, whether in one-time transfer or several related payments over a period of up to one year;
  3. establishing business relationships with persons in respect of whom simplified due diligence measures are applied;
  4. establishing business relationships with politically exposed persons;
  5. conducting transactions through means of communication with persons with whom the Company has a business relationship;
  6. establishing business relationships with persons whose place of residence or registered office is in a country where the application of measures for the prevention of money laundering and terrorist financing is insufficient.

 

Establishment of business relationships

The Company shall identify each customer upon establishment of a business relationship and upon making a transaction if the value of the transactions of the customer per year exceeds 15 000 euros.

The prerequisite for the establishment of a business relationship is an explicit and recorded certification by the customer that it will fulfil the conditions established by the Company for the establishment of the business relationship and execution of transactions.

The internal procedures of the Company shall set out the terms and conditions on the basis of which the services to be used by the customer and the scope of the services will be determined. The Company shall make certain in advance that the services provided match the substance of the actual declarations of intent by the customer, are in accordance with the nature and purposes of the given contract and correspond to the risk level attributed to the customer.

The rules of procedure regulating the establishment of a business relationship shall, in addition to provisions of law, contain the following: 

the procedure for introducing the prerequisites for the establishment of a business relationship, entry into long-term contracts and execution of transactions (including the procedure for recording the customer's declaration of intent and identification of the purpose of the business relationship and the transaction) by the Company;

the requirement for receiving confirmation from the customer that the customer is aware of and has understood the duties and obligations established by the relevant conditions, including the request for information required for the establishment of the business relationship by and the form of submission of the information.

If upon the establishment of a business relationship, the customer or its representative and the representative of the Company shall not be in the same place, the following can be used upon verifying data submitted to identify a person:

  1. a colour scan copy of at the customer’s passport, as well as a selfie picture of the customer, while holding his/her passport, when the passport picture page and the person can be clearly seen and identified in the picture;
  2. an up to date scanned document proving the address of the customer, e.g. a utility bill or bank statement;
  3. A filled and signed PEP declaration; and
  4. data collected by the Company and/or public databases for the purpose of verifying the personal identification code, registry code and data of the representatives of the company and the address. The Company may use other legible documents to identify a person, including certification by other credit institutions, notaries, foreign missions, public authorities and foreign business partners.
  5. A customer must specify whether they are the beneficial owner of the legal entity / individual; and whether they are acting as a proxy on behalf of another individual or legal entity.

The purpose of application of customer due diligence measures is not merely the identification of the customer. Sufficient application of customer due diligence measures means a situation where, among other things, the customer's risk level is determined.

In the event of extraordinary termination of a business relationship on grounds resulting from § 42 of the Money Laundering and Terrorist Financing Prevention Act, different time limits for provision of services (above all, restrictions on making transactions) and termination of a business relationship (long-term contract) may be established. In the event of extraordinary termination of a business relationship, the internal procedures of the Company shall set out a procedure for the subsequent use of the customer's assets (e.g. allowing for a payment to be made to the account of a credit institution in another contracting state of the European Economic Area or in an equivalent third country). No disbursements in cash are allowed.

 

Customer identification

The Know-Your-Customer (KYC) principle shall be followed upon customer identification. This principle means that the operating profile, purpose of operation, beneficial owner of the person as a potential customer and, if necessary, the source and origin of the funds used in the transactions and other similar information essential for the establishment of a business relationship shall be identified in addition to the person. Upon making transactions, the customer shall be identified and the compliance of transactions shall be assessed based on the customer's main fields of activity and prior payment behaviour.

In line with the internal risk-based approach, the Company shall choose, among other things, the suitable scope of the KYC principle but the minimal requirements of establishment of the business relationship shall apply to any customer. No customer will be able to make transactions on the company’s website without passing this minimal KYC procedure.  

The Company shall identify the customer and the beneficial owner within a reasonable period of time prior to the commencement of the steps for entry into a long-term contract or while entering into the contract. A person participating in the transaction shall be identified prior to the commencement of the steps for entry into the long-term contract or while entering into the contract.

Identification and verification of persons upon the establishment of a business relationship are mandatory in the event of the use of any and all financial services, regardless of whether a long term contract is entered into with the person participating in the transaction or not, thereby taking into account the exceptions arising from the Money Laundering and Terrorist Financing Prevention Act.

 

General requirements regarding identification of legal entity upon establishment of business relationship

The business name, registry code, seat and place of business, information about the legal form, passive legal capacity, representatives (legal representatives and those authorised to represent the legal entity before the Company) and beneficial owners shall be identified upon identifying legal entities. The operating profile, business partners, purpose of operation, purpose of establishment and characteristics of business relationships and other similar information required for the establishment of business relationships shall be identified as well.

Upon determining the seat of a legal entity, both the theory of the country of foundation as well as the theory of the seat shall be used to identify whether the legal entity may involve country and geographical risks.

The place of business of a legal entity shall be determined on the basis of factual circumstances, i.e. where production is based or a service is provided.

The identification and verification of the identity and passive legal capacity of a legal entity shall be carried out, as a general rule, on the basis of the information contained in the commercial register (in

Estonia) or another equivalent register or a copy of the registration certificate or an equivalent document (for instance, in countries where there is no national register, foundation documents certified by a notary are considered equivalent) submitted in accordance with the procedure provided by law.  Documents issued by a register or their equivalents shall have been issued no earlier than 6 months prior to their submission to the Company.

Documents issued in a foreign state shall be legalised or apostilled, i.e. in order to use an official document issued in one country in another, an internationally recognised certificate of the authenticity of the document is given in another, unless the international treaty on recognition of official documents has been signed with the country of origin.

Upon identification, legal entities are not required to submit an extract of their registry card if the Company has access to the required extent via the computer network to the data in the commercial register or register of non-profit organisations and foundations (including access to data in respective registers in the foreign country).

Upon identification of a legal entity, the Company is required to register the names of the executive of the legal person or members of its management board or another body substituting for it, their powers in representing the legal entity and the principal field of activity of the legal entity. If the aforesaid details are not indicated by the register extract or another relevant document, the relevant information shall be obtained by using other documents and/or reliable sources of information.

The Company shall identify the existence of politically exposed persons related to the legal entity. If no respective links appear in the information about a politically exposed person obtained from the representative of the legal entity, an enquiry shall be made with the respective databases in the event of suspicion.

In the case of international organisations, the documents serving as the basis for their activities (including in Estonia) shall be determined and the submission of relevant documents shall be requested. If necessary, information required for the establishment of the business relationship which is contained in the documents shall be verified.

 

 

General requirements regarding the application of customer due diligence measures upon execution of transactions

In addition to the establishment of a business relationship, customer due diligence measures shall also be taken if:

in the event of any kind of transaction, incl. in the event of an offer made in the course of provision of a counselling service whose price exceeds the limit specified in the Money Laundering and Terrorist Financing Prevention Act. Thereby it is irrelevant whether the pecuniary obligation is performed by means of cash or cashless settlements;

the amount of a single transaction or the total amount of consecutive transactions exceeds 15,000 EUR. The obligation shall be performed upon occasional transactions made by a non-customer;

the Company has doubts about the correctness or sufficiency of the data collected upon establishment of the business relationship and if the actions of the other party are not ordinary or transparent as well as if the Company suspects money laundering or terrorist financing; and

the Company does not suspect money laundering or terrorist financing for the purposes of subsection 1 of § 49 of the Money Laundering and Terrorist Financing Prevention Act and does not have the reporting obligation for the purposes of subsection 3 of § 49 of the Money Laundering and Terrorist Financing Prevention Act, but the transaction is complex and extraordinarily large or the transaction scheme is unusual and does not have an obvious economic or legal purpose.

The Company shall constantly assess changes in the customer's operations and whether these may raise the risk level so that additional customer due diligence measures need to be taken.

The application of customer due diligence measures also calls for the existence of the respective monitoring systems whose purpose is to detect reaching the transaction limit or the existence of risk factors and inform the appropriate persons thereof for the purpose of identifying suspicious or unusual transactions. If the Company comes to suspect money laundering in the course of monitoring transactions, the FIU shall be informed thereof.