Holyheld AML Policy

Last Update: 01.03.2023

This document is a summarized overview of UAB Holyheld Financial’s (“Holyheld”) procedures for prevention of money laundering (“ML”), financing of terrorism (“FT”) and other forms of illicit activity.

Holyheld is a Lithuanian licensed entity duly authorized to provide services of exchanging virtual currency against fiat currency and virtual currency wallet services, and complies with the Money Laundering, Terrorist Financing and Transfer for Funds Regulations 2017 as amended.

Risk-Based Approach

Holyheld takes a risk-based approach (“RBA”) towards assessing and containing the money laundering and terrorist financing risks arising from any customer’s transactions according to Holyheld’s implemented risk management framework, controlled by a certified risk manager.

Holyheld performs a risk-based due diligence by collecting any necessary information and documentation on each prospective customer in order to assess the risk before entering into a customer relationship, or when attributing a risk profile.

The customer risk profile will be revised periodically upon knowledge of the client identification and its activities.

Customer Due Diligence

Customer due diligence (CDD) measures are required for verifying the identity of a new or existing Customer as a well-performing risk-based ongoing monitoring of the Customer Relationship.

The CDD measures are taken and performed to the extent necessary considering the Customer’s risk profile and other circumstances in the following cases:

  • upon establishment of the Customer Relationship and during the ongoing monitoring of the Customer Relationship;
  • upon verification of information gathered while applying due diligence measures, or in the case of doubts as to the sufficiency or truthfulness of the documents or data gathered earlier while updating the relevant data;
  • upon suspicion of Money Laundering or Terrorist Financing, regardless of any derogations, exceptions or limits provided for in the Holyheld AML Policy and applicable legislation.

Holyheld does not establish or maintain a Customer Relationship and does not perform any transaction if:

  • Holyheld is not able to take and perform any of required CDD measures;
  • Holyheld has any suspicions that Holyheld’s services or transaction will be used for Money Laundering or Terrorist Financing;
  • the risk level of the Customer or of the transaction does not comply with Holyheld’s risk assessment.

Each Customer is assigned a documented individual risk level which shall form the basis for follow-up measures, and which is followed up and updated when necessary.

Upon the application of CDD measures, Holyheld acquires the knowledge, understanding and assertion that has enough information about the Customer’s identity, activities, purpose of the Customer Relationship and of the transactions carried out, and origin of the funds, so that Holyheld understands the Customer’s purpose, thereby taking into account the Customer’s risk level, the risk associated with the Customer Relationship and the nature of such relationship.

Simplified Due Diligence

Simplified due diligence (SDD) measures are applied where the Customer’s risk profile indicates low risk level of ML/TF.

SDD measures must not be carried out in the circumstances where enhanced due diligence measures (as described below) must be carried out.

Where, in the course of performing ongoing monitoring of the Customer’s Relationships, it is established that the risk of ML and/or TF is no longer low, Holyheld must apply the relevant level of CDD measures.

Standard Due Diligence

Standard due diligence measures are applied to all Customers where CDD measures must be applied in accordance with Holyheld’s Policies. The following standard due diligence measures should be applied:

  • identification of the Customer and verification of the submitted information based on information obtained from a reliable and independent source;
  • identification and verification of a representative of the Customer and their right of representation;
  • understanding of Customer Relationship, transaction or operation and, where relevant, gathering information thereon;
  • gathering information on whether the Customer is PEP, their family member or a person known to be close associate;
  • monitoring of the Customer Relationship.

The CDD measures specified above must be applied before establishing the Customer Relationship or performing any transaction.

Enhanced Due Diligence

In addition to standard due diligence measures, Holyheld applies enhanced due diligence (EDD) measures in order to manage and mitigate an established risk of Money Laundering and Terrorist Financing in the case where the risk is established to be higher than usual.

Holyheld applies EDD measures, when:

  • the Customer's risk profile indicates high risk level of ML / TF;
  • upon identification of the Customer or verification of submitted information, there are doubts as to the truthfulness of the submitted data, authenticity of the documents;
  • where cross-border correspondent relationships are commenced with the Customer, which is financial institution of Third Country;
  • in the case of performance of transaction or Customer Relationship with the PEP, the family member of the PEP or a person known to be the close associate of the PEP;
  • where transaction or Customer Relationship are carried out with natural persons residing in high-risk Third Countries as identified by the European Commission;
  • the Customer is from such country or territory or their place of residence or seat or the seat of the payment service provider of the payee is in a country or territory that, according to credible sources such as mutual evaluations, reports or published follow-up reports, has not established effective AML/CFT systems that are in accordance with the recommendations of the FATF.

Prior to applying EDD measures, Holyheld ensures that the Customer Relationship or transaction has a high risk and that a high-risk rate can be attributed to such Customer Relationship or transaction. Above all, Holyheld assesses prior to applying the EDD measures whether the features described above are present and applies them as independent grounds (that is, each of the factors identified allows application of EDD measures with respect to the Customer).

Holyheld shall notify about EDD measures applied within 2 working days after the start of applying of the EDD measures by sending relevant notification to the compliance Officer.

In the case of application of EDD measures, the Holyheld reassesses the Customer’s risk profile no later than every six months.

Customer Identification

The Holyheld identifies the Customer who is a natural person and retains the following data:

  • name(s) and surname(s);
  • personal number;
  • citizenship;
  • photograph;
  • signature.

The following valid identity documents which contain data specified above may be used as the basis for the identification of a natural person:

  • an identity document of the Republic of Lithuania;
  • an identity document of a foreign state;
  • a residence permit in the Republic of Lithuania;
  • a driving license issued in a state of the European Economic Area in accordance with the requirements laid down in Annex I to Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licenses (recast).

The Customer, who is a natural person, cannot use a representative in the course of customer relationship with the Company.

The Holyheld does not accept legal entities as Customers.

Holyheld uses data from a reliable and independent third party service provider to confirm that the personal data and information provided by the Customer is true and correct.

Politically Exposed Persons

The Holyheld shall take measures to ascertain whether the Customer, or the representative of this Customer is a PEP, their family member or close associate or if the Customer has become such a person.

The Holyheld shall request from the Customer information to identify if the Customer is a PEP, their family member or close associate (e. g. providing the Customer with an opportunity to specify the relevant information when collecting data about the Customer).

The Holyheld shall identify close associates and family members of PEPs only if their connection with PEP is known to the public or if the Holyheld has reason to believe that such a connection exists.

Identification of purpose of the customer relationship or of a transaction

Holyheld shall understand the purpose and nature of the establishing Customer Relationship or performing a transaction. Regarding the services provided, Holyheld may request from the Customer information for understanding the purpose and nature of the Customer Relationship or transaction.

Holyheld also applies additional measures and collects additional information to identify the purpose and nature of the Customer Relationship in cases where there is a situation that refers to high value or is unusual; and/or where the risk and/or risk profile associated with the Customer and the nature of the Customer Relationship gives reason for the performance of additional actions in order to be able to appropriately monitor to Customer Relationship later.

Customer relationship monitoring

Holyheld shall monitor established Customer Relationships where ongoing due diligence (ODD) measures are implemented by regularly checking and updating the documents, data and information collected within the course of the implementation of CDD measures and updating the Customer's risk profile. The regularity of the checks and updates must be based on the risk profile of the Customer.

The collected documents, data and information must also be checked if an event has occurred which indicates the need to update the collected documents, data and information.

Holyheld shall identify the source and origin of the funds used in transaction(s) if necessary. The need to identify the source and origin of funds depends on the Customer’s previous activities as well as other known information. The identification of the source and origin of the funds used in a transaction can be performed in specific cases.

Sanctions Implementation

Upon the entry into force, amendment or termination of any Sanctions, Holyheld shall verify whether the Customer, or a person who is planning to have the Customer Relationship or transaction with them is a subject of Sanctions.

Holyheld shall perform the Sanctions’ verification on an ongoing basis in the course of an established Customer Relationship. The frequency of the ongoing verifications depends on the Customer’s risk profile.

Refusal of Transaction and Customer Relationship Termination

Holyheld is prohibited to establish a Customer Relationship and the existing Customer Relationship or transaction shall be terminated when:

  • Holyheld suspects Money Laundering or Terrorist Financing;
  • it is impossible for the Holyheld to apply the CDD measures, because the Customer does not submit the relevant data or refuses to submit them or the submitted data gives no grounds for reassurance that the collected data are adequate;
  • the Customer which capital consists of bearer shares or other bearer securities wants to establish the Customer Relationship;
  • the Customer who is a natural person behind whom is another, actually benefiting person, wants to establish the Customer Relationship (suspicion that a person acting as a front is used);
  • the Customer´s risk profile has become inappropriate with the Company´s risk assessment (i. e. the Customer´s risk profile level is “prohibited”).

Reporting

Holyheld must suspend the transaction disregarding the amount of the transaction (except for the cases where this is objectively impossible due to the nature of the Monetary Operation or transaction, the manner of execution thereof or other circumstances) and must report to the FCIS on the activity or the circumstances that they identify in the course of economic activities, and whereby Holyheld has established that the Customer is carrying out a suspicious transaction; and/or knows or suspects that assets of any value are obtained directly or indirectly from criminal activity or participation in such activity.

Training

Holyheld ensures that its employees, its contractors and others participating in the business on a similar basis and who perform work tasks that are of importance for preventing the use of the Company's business for Money Laundering or Terrorist Financing (‘Relevant Persons’) have the relevant qualifications for these work tasks.

When a Relevant Person is recruited or engaged, the Relevant Person’s qualifications are checked as part of the recruitment/appointment process by carrying out background checks, which is documented using a special standard form assessing Employee suitability.

In accordance with the requirements applicable to the Holyheld on ensuring the suitability of Relevant Persons, the Holyheld makes sure that such persons receive appropriate training and information on an ongoing basis to be able to fulfil the Company’s obligations in compliance with the applicable legislation.

Data Processing and Logbooks

Holyheld shall keep a registry of all relevant data regarding Holyheld’s potential Customers, Customers and their activities during the Customer Relation.

The data shall be retained for 8 years after the expiry of the Customer Relationship or the completion transaction.

The data related to the performance of the reporting obligation must be retained for 5 years after the performance of the reporting obligation. The correspondence of a Customer Relationship with the Customer must be retained for 5 years from the date of termination of transactions or Customer Relationship.

Holyheld implements all rules of protection of personal data upon application of the requirements arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and other applicable law. Holyheld is allowed to process personal data gathered upon CDD implementation only for the purpose of preventing Money Laundering and Terrorist Financing and the data must not be additionally processed in a manner that does not meet the purpose, for instance, for marketing purposes.

Compliance Officer

Holyheld appointed a Compliance Officer, who acts as a contact person of the FCIS and performs the ML/TF duties and obligations on behalf of Holyheld.

The Compliance Officer reports directly to the management board and has the competence, means and access to relevant information across all the structural units of Holyheld.

The duties of Holyheld Compliance Officer include:

  • Organisation of the collection and analysis of information referring to possible unusual transactions or transactions or circumstances suspected of money laundering or terrorist financing
  • Reporting to the FCIS in the event of suspicion of money laundering or terrorist financing;
  • Periodic submission of written statements on compliance with the requirements arising from the law to the management board of Holyheld;
  • Performance of other duties and obligations related to compliance with the requirements of Holyheld;
  • Updating internal policy documents, business and client risk assessment regularly.