Anti-Money Laundering and Counter Terrorism Financing Internal Policy and Procedure

Article 1. Introduction

The following policy (hereinafter – AML Policy) is based on the Law of Georgia ‘’on Facilitating the Suppression of Money Laundering and Terrorism Financing’’ (hereinafter – AML Law), ‘’Regulation on Approval of the Procedure of Identification and Verification of a Customer by Obliged Entity approved by N2 Order of the Head of the Financial Monitoring Service of Georgia dated June 5, 2020. The AML Policy entails rules and procedures on:

  • - Customer Due Diligence;
  • - Transaction monitoring;
  • - Risk assessment and risk-based approach;
  • - PEPs and sanctions;
  • - Rights, duties and responsibility of Anti-Money Laundering Officer (hereinafter – AML Officer) and other employees involved in the monitoring process;
  • - Record keeping;

Article 2. Definitions

The terms used in this document shall have the following meaning:

  • a) Customer – a person who has account on the Company’s Website;
  • b) Person – legal person;
  • c) Identification – obtaining the identification data of a person that permits the Company to trace that person and distinguish from others;
  • d) Verification – obtaining information/documentation that permits the Company to verify the accuracy of identification data and determining the identity of the beneficial owner;
  • e) Transaction – an unilateral, bilateral or multilateral declaration of intent aimed at creating, changing or terminating legal relations, including distribution of profit, issuance of the property right;
  • f) Location – a country or territory where a customer resides and/or is located;
  • g) Suspicious Transaction – a transaction in relation to which there is a reasonable ground for doubt that it has been prepared, concluded or carried out based on proceeds of an illegal activity or for the purpose of money laundering, or that a transaction is connected to terrorism financing;
  • h) Politically exposed Person – a natural Person set out in the Article 4 of this policy;
  • i) List of sanctioned persons – the list of natural and legal persons subject to sanctions under UNSCR;
  • j) UNSCR – a resolution of the United Nations Security Council concerning the prevention, detection, and suppression of financing of terrorism and proliferation of weapons of mass destruction adopted under Chapter VII of the Charter of United Nations;
  • k) Money Laundering - is the illegal process of making large amounts of money generated by criminal activity. giving legal form to illegal income (purchase, use, transfer, or other action), and/or attempt to commit such action;
  • l) Terrorism Financing - Collection or delivery of financial funds or other property with prior knowledge that they will be used or may be used in whole or in part by a terrorist or a terrorist organization and/or for carrying out terrorist activities and/or providing services to a terrorist or a terrorist organization with prior knowledge, harboring a terrorist or harboring and/or providing resources or other material support to a terrorist or terrorist organization

Article 3. Customer Due Diligence (CDD)

Customer due diligence (CDD) measures includes:

  • - Standard Due Diligence, which comprises of Identification and Verification;
  • - Enhanced Due Diligence, where applicable;
The Company applies CDD measures in the following circumstances:
  • - When establishing a business relationship with the Customer upon registration of the account;
  • - When there are doubts about the veracity or adequacy of previously obtained Customer identification data;
The aim of CDD information includes:
  • - To obtain and use the information to decide whether to keep engagement with a new Customer;
  • - To actively use the information to facilitate the effective monitoring of Customer relationships for unusual and potentially suspicious activity;

3.1 Identification and Verification

Citypay LLC conducts Customer identification at the time of registration. In order to register Customer as a legal entity and open account on the Website, Customer (Legal entity) shall submit registration application online via Website, which include following information:

  • - Extract from registry of Entrepreneurs and Non- Entrepreneurial legal entities;
  • - Legal entity registration certificate (If any);
  • - Certified Charter of a legal entity (If any);
  • - Copy of the license document of the legal entity (If any);
  • - Partner agreement and other related documentation (If any);
  • - Document of redistribution of shares of a legal entity (If any);
To identify Beneficial Owner, the following documentation is required:
  • - In case of Georgian citizen – a passport, an ID card, a certificate of a compatriot residing abroad;
  • - In case of foreign citizen – a residence card or a temporary identity card issued by Public Service Development Agency, International passport, other document permitted for crossing the customs border of Georgia according to Georgian legislation and/or based on an international agreement or a certificate of a compatriot residing abroad;
By the end of Identification procedures of the legal entity, Citypay LLC possesses the following information on the Customer:
  • - Name of the legal entity; - Date of registration of legal entity; - Legal address; - Identification number (If any); - Registration number (If any); - Legal form (If any); - Registration and foundation documentation of legal entity;
  • - The identity of the directors and beneficial owners of the company;
  • - Address of actual location;
After the standard procedures for the identification of the Beneficial owner, Citypay LLC possesses the following information:
  • - Name and Surname;
  • - Personal Number (If applicable);
  • - Date of Birth;
  • - Place of Birth;
  • - Gender;
  • - Country of Residency;
  • - Legal and Physical Address;
  • - Type of an identification document;
  • - Number of an identification document;
  • - Issuing date of an identification document;
  • - Validity date of an identification document;
  • - Issuing Country of an identification document;
  • - Issuing authority of an identification document;
In order to verify the beneficial owner, Citypay LLC possesses the identification document of the beneficial owner(s). The authorized employee must certify the copies of the obtained identification document according to the appropriate procedure, which involves adding the following information to the document:
  • - Full name of the employee who is responsible for the client;
  • - Date of certification of copies;
  • - Signature of the responsible employee;
  • - The text "verified"
A business relationship cannot be established if the beneficial owner of the company is a citizen of a suspicious country approved by the internal policy of Citypay LLC. Also, when establishing a business relationship with legal entity, the following information is required;
  • - Field of activity of a legal entity;
  • - The purpose and intended nature of establishing a business relationship with Citypay LLC;
  • - Expected monthly turnover;
  • - Whether the company`s beneficial owner/controlling head person/related person is a politically active person, a family member of a politically active person or a person in business relationship with a politically active person (PEP);
The client is verified according to the following rules: The authorized employee must certify the copies of the obtained identification document according to the appropriate procedure, which involves adding the following information to the document:
  • - Full name of the employee who is responsible for the client;
  • - Date of certification of copies;
  • - Signature of the responsible employee;
  • - The text "verified"
Enhanced due diligence along with standard identification procedures involve obtaining the following information:
  • - In order to verify the address, electoral lists, checking the place of registration on the website of the Public Service Development Agency;
  • - Verification of legal entity status based on reliable sources;
  • - Obtaining information on the property owned by the client from the real estate registry;
  • - Verification of a person in the business register and, if necessary, requesting additional information;
The following databases are used for data verification:
  • - Public Service Development Agency;
  • - Real Estate Registry;
  • - Electoral Lists;
  • - Portal of entrepreneurs/ legal entities/individuals;
  • - Business register databases of Georgia;
Citypay LLC provides services only to resident legal entities.

3.2 Ongoing Monitoring of activities

The company carries out monitoring of the Transactions and the business relationships to enable the detection of unusual or suspicious Transactions. For that purpose, company conducts on-going monitoring of activities on the transactions of the customers. Ongoing monitoring includes:

  • - Studying the transactions carried out by the client and determining their compliance with the knowledge about the client;
  • - keeping up-to-date information and records about the client, the purpose and intended nature of the business relationship;
  • - Capturing information, when there is necessity of obtaining the information on source of funds and source of wealth;
  • - Ensuring that documents, data or information held are kept up-to-date;
  • - Reviewing customer information involves checking data against politically active and sanctioned person databases;
  • - setting business limits / parameters regarding accounts or transactions that will trigger early warning signals and generate alerts for mandatory review;
Company conducts on-going monitoring of customers’ habits and behaviors to ensure that the transactions are consistent with the customer’s risk profile. This includes analyzing Customers’ transactions in order to identify suspicious and/or fraudulent behavior and unusual patterns which appear to have no valid economic purpose. Customer’s profile should be compiled and kept up to date and accessible at all times for comparison and review processes. All transactions with PEPs and high-risk Customers are continuously monitored.

3.3 Risk Assessment and Risk-based Approach

Citypay LLC uses a risk-based approach to each client, which involves assigning high and medium risk levels to clients. According to the risk, the company has standard and enhanced identification rules. The category of high-risk clients includes clients who meet one of the listed criteria:

  • - Beneficial owner/controlling head person/related person of the company is a politically active person;
  • - Beneficial owner/controlling head person/related person is a citizen of a high-risk country;
  • - The company's field of activity is one of the activities specified in Annex N2;
If the client meets the criteria defined for belonging to the high risk category, enhanced identification procedures are carried out. High-risk customer data is updated twice a year. Medium risk customer = 1 year; Low risk = 2 years.The director of Citypay LLC issues permission to establish or continue business relations with high-risk clients. The following clients are of medium risk:
  • - The beneficial owner/controlling head person/related person is a citizen of Georgia and a person with a permanent or temporary residence permit of Georgia;
Citypay LLC implements standard identification and verification procedures for medium risk clients. For risk mitigation purposes, the following procedures are in place with respect to high risk jurisdictions;
  • - Access to the e-wallet of Citypay LLC is restricted from IP addresses of suspicious jurisdictions;
  • - Legal entities registered in suspicious jurisdictions do not have the opportunity to establish business relations with Citypay LLC;
In order to implement preventive measures, Citypay LLC has defined a daily withdrawal limit.
  • - The daily withdrawal limit is set at 50,000 GEL
According to the internal policy of Citypay LLC, the procedure for increasing the limit for the user has been developed. According to the mentioned procedure, the limit is increased after analyzing the transaction history of the user and the information (documentation) obtained during the business relationship.

Article 4. Politically Exposed Persons (PEPs)

Politically Exposed Person shall mean a natural person who has been entrusted with prominent public or political functions (except for middle or low-ranking officials) and shall include:

  • - Heads of State, heads of government, members of government (ministers) and deputies, heads of government institutions;
  • - Members of legislative bodies (parliament);
  • - Heads and members of governing bodies of political parties;
  • - Members of supreme courts, constitutional courts and other high-level judicial bodies, the decisions of which are not subject to further appeal, save in exceptional circumstances;
  • - General auditors and deputies, members of courts of auditors;
  • - Members of boards of central (national) banks;
  • - Ambassadors;
  • - High-ranking officers in defense (armed) forces;
  • - Heads and members of governing bodies of state-owned enterprises;
  • - Heads, deputies and members of governing bodies of international organizations;
The category of politically active persons includes family members of a politically active person and persons who have close business relations with a politically active person. PEPs are considered ‘’High-risk’’ because the positions that they hold can potentially be abused for private gain, corruption, bribery, or abusing or misappropriating public funds. Similarly, relatives and close associates of persons entrusted with prominent public functions can also benefit from, or be used to facilitate abuse by such persons of their position and therefore Enhanced due diligence (EDD) measures are required for them as well. After Company becomes aware that the customer is PEP, the following procedure is undertaken: AML Officer sends the request to the Customer Service Unit, asking to contact customer in order to fill out EDD Questionnaire.Information collected via EDD Qeuestionnaire include:
  • - Products intended to be used;
  • - Field of activity;
  • - Source of customer’s income;
  • - Customer’s monthly income;
  • - Understanding and documenting the nature and intended purpose of the business relationship;
  • - Understanding and documenting the customer’s source of funds and source of wealth (e.g. salary and compensation from official duties and wealth derived from other sources);
Company may use internet and media searches to determine and/or validate this information.After receiving completed EDD Questionnaire, AML Officer analyses whether the information provided by the customer corresponds to the data the company holds (if any).AML Officer conducts further review of the customer, which entails the following:
  • - Obtaining additional information on the customer, which is available through public databases;
  • - Customer Media check;
  • - Checking customer’s transactions (if any) – types of products, series of transactions, amounts of transactionsAs part of high-risk customer ongoing monitoring, AML officer takes below measures on an annual basis:
  • - Completing initial risk assessment form;
  • - Checking that identification document is up-to-date;
  • - Analyzing information about customer, which is available through public databases;
  • - Sending collected information/form/report to the CEO;
Filling EDD questionnaire is not required as a rule, may be additionally requested in the AML Officer’s discretionThe AML officer sends information to the director of Citypay LLC in order to establish a business relationship with a politically Exposed Person/continue or reject a business relationship. Customer's status as a politically Exposed Person is verified manually by the AML officer.

Article 5. Sanctions

In order to verify the status of users, Citypay LLC uses the United Nations Security Council's list of terrorists and persons supporting terrorism. The mentioned list is downloaded from the following website: United Nations Security Council Consolidated List | United Nations Security Council The company verifies the user's status in the lists of terrorists and supporters of terrorism during the registration process. If the client is found in the mentioned lists, the AML officer verifies the accuracy of the match based on reliable sources. If the user correctly matches the record, the registration process stops. In case the Customer has been false matched with the sanctioned list, the user can complete the registration process.

Article 6. Instruction on the Suspension of Implementation of the Transaction

There are the following criteria for determining a suspicious operation in Citypay LLC:

  • - The customer expresses curiosity about the company's internal systems, control mechanisms and procedures;
  • - The documentation presented by the client during the identification process causes suspicion;
  • - The client offers different types of benefits to the employee of Citypay LLC in exchange for the financial operation;
Based on the limited services of Citypay LLC, the Customer may be considered suspicious:
  • - authenticity of the presented identification data causes suspicion, verification is impossible;
  • - authenticity of the submitted documentation causes suspicion, verification is impossible;
  • - the behavior of the client, the purpose and intended character of the business relationship do not correspond to the information available to the company;
In order to identify suspicious/unusual transactions, Company will manually study the client's transaction history if one or more of the listed criteria are identified:
  • - The amount of transactions performed by the client exceeds the daily limit determined by the policy, namely 50,000 GEL;
  • - The withdrawal operation by the client is initiated by 10 or more transactions in 24 hours;
  • - The field of activity declared by the client in the KYC form is high risk;
  • - Beneficial owner is a politically exposed person;
The transaction history is studied and analyzed by the AML officer. In case of suspicious/unusual operations, a report will be sent to the director of Company (Citypay LLC). Report includes recording of detailed information about the Customer. After the mentioned process, the director makes a decision to provide service to the Customer. Citypay LLC rejects to provide services to the client in case of identifying suspicious characteristics during the additional verification of the customer. On receipt of an internal suspicious activity report, AML officer investigates the suspicion and will decide whether to qualify the activity as suspicious and accordingly submit Suspicious Activity Report (SAR) to the appropriate state body.Any information request received from s Supervisory authority or police authority that explicitly notes or implies that the customer is involved in financial crime, should be reffered to the AML officer.Company reports transactions it suspects to be linked to ML/TF. The filling of a Suspicious Transaction Report (hereinafter, STR) is made in following circumstances:
  • - In case the compny becomes aware of any suspicious transactions;
  • - In situations where there is a suspicion of FT or that funds are proceeds of crime.
The decision to submit a SAR/STR to the appropriate state body is the discretion of the AML Officer.Information about SAR is kept for a period of 5 years , unless another competent body requires storage for a longer period, additional period not exceeding five (5) years;The list of criteria specified in this article is not exhaustive.

Article 7. Functions, Authority and Responsibility of AML Officer

On the basis of the order of the Director of Citypay LLC, AML Officer is assigned the following functions, obligations and responsibilities:

  • - Develop Company’s AML/KYC/CTF regulation policies and procedures;
  • - Develop the technical requirements for and implement AML software;
  • - Participate in a new products/service implementation process at the company (study the new products/services from AML perspective);
  • - Provide consultations to the company employees on AML matters;
  • - Review and update AML policies and procedures to ensure the compliance with regulatory changes;
  • - Conduct training for the staff involved in the AML process (once a year);
  • - Manage AML compliance process;
  • - Prepare periodic reports for the Company Management;
AML Officer shall have direct and timely access to the information, data and documents, which is available to the company and may be of assistance to him/her.

Article 8. Functions, Authority and Responsibility of Other Employees

All Citypay employees are obliged to get acquainted with this policy and comply with the requirements thereof. Monitoring process shall be conducted in a way that Customers do not become aware that their activities are subject to monitoring (by being considered as suspicious or otherwise). The employees do not have the right to disclose to Customers and to any other third parties the information on the undertakings described in this Policy, they are also prohibited to hide information on suspicious Transactions from AML Officer.

Article 9. Record Keeping

Upon performing CDD the Company should collect, analyze and store Customer data.Collection and processing of data for AML/CTF purposes should be limited to what is necessary for the purpose of complying with the applicable legislation and this Policy.Citypay LLC stores the following types of documentation electronically for a period of at least five (5) years:

  • - Copies of documents and information required for the compliance with the CDD requirements as determined in the policy – from the termination of the business relationship with the Customer;
  • - Information about operations (documents) for at least 5 years from the date of the operation or execution, unless another competent body requires storage for a longer period, additional period not exceeding five (5) years;
Identification documents are stored in the form of copies, documentation of the transaction in the form of original.

Anti-Money Laundering and Counter Terrorism Financing Internal Policy

Approved by Head of AML Department