Know Your Customer (KYC) policy and Data protection
This document is a summary information for customers, business partners and professional counterparties (FI, Banks)
AML/CFT and KYC procedures also enable Payment service provider (BESTPAY s.r.o./ BESTPAY Ltd.) to know, as well as to understand the customers and their financial dealings better which in turn help to manage the risks prudently.
Following standards are to be considered as minimum requirements. The Board of directors approved policy on Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT); Know Your Customer (KYC) is a subject to annual review. Internal AML/CFT policy was also submitted to Finance Intelligence Unit (FIU).
Relevant legal requirements / CZ:
Act no. 253/2008 Coll., on Selected Measures against Legitimization of Proceeds of Crime and Financing of Terrorism, as amended. Hereinafter “AML Act”.
Act no. 69/2006 Coll., on Carrying Out of International Sanctions as amended.
Czech Government Order No. 210/2008 Coll., regarding the implementation of special measures in the fight against terrorism, as amended.
Act no. 101/2000 Coll., on the Protection of Personal Data, as amended.
Relevant legal requirements / EU:
Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds and repealing Regulation (EC) No 1781/2006.
The Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (hereafter "4th AMLD").
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”).
Definitions and Process
For this policy, a 'Customer' is defined as:
- a person or entity that maintains an account and / or has a business relationship with our company;
- one on whose behalf the account is maintained (i.e. the Beneficial owner);
- beneficiaries of transactions conducted by professional intermediaries; and
- any person or entity connected with a financial transaction which can pose significant reputational or other risks to the Payment service provider (a wire transfer or issue of a high value demand draft as a single transaction).
Customer Acceptance policy:
We must ensure the following aspects of customer relationship; therefore, no payment account is opened or maintained in anonymous or fictitious name(s).
Necessary checks are done before opening a new account to ensure that the identity of the customer does not match with any person with known criminal background or with banned entities such as individual terrorists or terrorist organizations etc.
Specific measures are taken to ensure an enhanced due diligence about politically exposed persons (PEP). We must also prepare a risk profile for each new customer based on risk categorization. The customer profile may contain information relating to customer's identity, social / financial status, nature of business or economic activity, information about his clients' business activities, transactions, and their location etc. Customer Acceptance procedure is in place, and we have client considered as normal risk, high risk and unacceptable. At the same time when carrying out the transactions, the BESTPAY company can carry out identification of the client prior to the transaction for any amount, depends on client risk profile.
Identification Data; Identification & Verification; Identification Requirements
- a natural person’s identification data shall mean all names and surnames, a birth identification number (for a person with no birth identification number a date of birth), and further a place of birth, sex, permanent or other residence and citizenship; for a natural person as an entrepreneur it shall also mean the business name, an appendix to the business name or any other identification features, place of business, and business identification number of the person,
- a legal person’s identification data shall mean the company name, including its appendices or other identification features, company’s registered office, business identification number of the person or a business identification number given under foreign law; for individuals acting as statutory bodies or their members, identification data shall mean the data under letter a). Beneficial owners are also identified, verified, and scored.
- Trusts or another legal organization with no legal personality shall mean the name and ID data of his administrator, manager, or person in similar function. Scope of ID data defined in letter a) and b).
AML Act: identification requirements.
The Payment service provider, should it be a party to a transaction exceeding EUR 1,000, shall always identify the customer prior to the transaction, unless stipulated otherwise by this AML Act. Cash transactions limit: 10,000 EUR.
Customer Due Diligence /Enhanced Due Diligence
The nature and extent of due diligence will depend on the risk perceived by the Payment service provider. However, while preparing customer AML risk profile we will take care to seek only such information from the client, which is relevant to the risk category and is not intrusive. The client´s profile is a confidential document (only in the file) and details contained therein will not be divulged for payments or any other
Customer´s data have been protected and collected due to the AML Act purpose.
In case of transactions carried out by a walk-in customer, where the amount of transaction is equal to or exceeds 15,000 EUR, whether conducted as a single transaction or several transactions that appear to be connected, the customer's identity and address shall be verified. The AML Act request further requests.
Ongoing Due Diligence
This ongoing customer due diligence will help us, as obliged entity to identify, mitigate and manage any money laundering or terrorism financing (ML/TF) risks that may arise from providing one or more designated services to our customers.
Components of this due diligence are:
- Collection and verification of additional AML/KYC information and documents;
- A transaction monitoring program e.g. each transaction screening;
- An enhanced customer due diligence program.
Periodic and risk based reviews are carried out to ensure that client related documents, identification data or further information are kept up-to-date.
Monitoring of transactions
Payment service provider ensures that ongoing transaction monitoring is conducted to detect transactions which are unusual or suspicious compared to the customer´s risk profile and transaction profile. Agent or Relationship manager conduct the first line monitoring.
The second line is prepared by appointed employee of the Internal control system. Due to the transaction monitoring process, we request supporting documents, such as: contracts, invoices, declarations, or the other documents, if needed.
Rejection of Transaction
Payment service provider will refuse a transaction or to enter into a business relationship if:
- identification and verification requirements are not met;
- customer refuse the identification process or fail to submit the power of attorney;
- customer fail to assist the due diligence process;
- customer identification or due diligence be impossible for other reasons, or
- should the person performing the customer identification or due diligence have a reason to doubt the correctness or authenticity of submitted documents.
Payment service provider will refuse a transaction for a politically exposed person if the origin of assets, used in the transaction be unknown.
Politically exposed persons and their transactions must be accepted and approved by Statutory body. Without such a consent issued by Statutory body member, no employee of Payment service provider can process such a transaction.
Internal control system
Payment service provider has the internal control system in place, incl. below mentioned:
- AML/CTF policy, including minimum KYC standards, into operational procedures considering their type of activities, their volume, and their size together with the local legal and regulatory requirements.
- A training program is developed, including follow-up trainings on a regular basis, to create and maintain a satisfying AML/CTF awareness. The content of this training program must be worked out in accordance with the kind of business the trainees are working for and the kind of functions they hold.
- Suspicious Transactions Reporting (STR): a contact person is appointed to ensure that unusual transactions detected are reported to the appropriate FIU. The reporting of suspicious transactions must comply with the laws and regulations of the respective local authority.
- Internal Compliance monitoring assessments, risk heat maps & checks: several controls by samples are performed. Reviews and quality controls are developed and in place.
- AML/CTF and KYC issues and activity reports are submitted on a regular basis to the Board of the director’s members.
Identification client’s data, due diligence checks, customers´ requests, specified information concerning transactions are stored up to 10 years.
BESTPAY, Ltd., as Payment service provider is obliged person and has appropriate AML/CFT policy in place; procedures, trainings, and the other measures.
EU legal requirements, as well as the Czech Republic local legal requirements have been fully respected and implemented. The international guidelines (e.g. FATF) in this area have been also taken into the account and respected.
Payment service provider has license from CNB and has been supervised by CNB.
This document is linked in with Wolfsberg AML questionnaire.