This Anti-Money Laundering Policy (“Policy
”) prepared by CloudNFT OÜ, a company incorporated under the laws of Estonia under registered number 16356748, having legal and business address at: Harju maakond, Tallinn, Lasnamäe linnaosa, Võru tn 11, 13612 (the “Company
”), website https://cloudnft.io/
.This Policy is prepared in accordance with the Estonian Money Laundering and Terrorist Financing Prevention Act
with all relevant amendments adopted and came into force on the 10.01.2021, 5th AML EU Directive (Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU), International Sanction Act with all relevant amendments adopted and came into force on the 01.01.2021.The Company created this Policy to decrease the risk of money laundering and terrorist financing associated with its business and the sale of its products. This Policy emphasizes our individual obligation for adhering to anti-money laundering (also referred as “AML
”) and counter-terrorist financing (also referred as “CFT
”) legislation (and also with laws around the world, such as European Union Directives etc).This Policy shall be disseminated to all Company personnel who manage, monitor, or oversee in any manner the Customers‘ transactions and are responsible for the implementation of the practices, measures, procedures, and controls established herein. Any employee who breaches the provisions in this Policy, or who allows others to break this Policy, may face appropriate disciplinary action, up to and including dismissal, as well as civil or criminal fines.By no means this document shall not be read as an entire set of all policies, procedures and controls in place implemented by the Company for prevention of money laundering, financing of terrorism and other forms of illicit activity.The Company shall regularly check whether the Policy is up-to-date and make necessary changes upon amendments to the regulations in force.
1. CUSTOMER DUE DILIGENCE AND CUSTOMER ACCEPTANCE PROCESS
1.1. Customer due diligence (“CDD
”) is one of the main tools for ensuring the implementation of legislation aimed at preventing money laundering and terrorist financing and at applying sound business practices. CDD comprises a set of activities and practices arising from the organizational and functional structure of the Company and described in internal procedures, which have been approved by the directing bodies of the Company and the implementation of which is subject to control systems established and applied by internal control rules.
1.2. The purpose of CDD is to prevent the use of assets and property obtained in a criminal manner in the economic activities of credit institutions and financial institutions and in the services provided by them whose goal is to prevent the exploitation of the financial system and economic space of the Republic of Estonia for money laundering and terrorist financing. CDD is aimed, first and foremost, at applying the Know Your Client (“KYC
”) principle, under which a Customer shall be identified and the appropriateness of transactions shall be assessed based on the Customer’s principal business and prior pattern of payments. In addition, CDD serves to identify unusual circumstances in the operations of a Customer or circumstances whereby an employee of the Company has reason to suspect money laundering or terrorist financing.
1.3. CDD ensures the application of adequate risk management measures in order to ensure constant monitoring of Customers and their transactions and the gathering and analysis of relevant information. Upon applying the CDD measures, the Company will follow the principles compatible with its business strategy and, based on prior risk analysis and depending on the nature of the Customer’s business relationships, apply CDD to a different extent.
1.4. CDD is applied based on a risk sensitive basis, i.e. the nature of the business relationship or transaction and the risks arising therefrom shall be taken into account upon selection and application of the measures. Risk-based CDD calls for the prior weighing of the specific business relationships or transaction risks and, as a result thereof, qualification of the business relationship in order to decide on the nature of the measure to be taken.
1.5. CDD measures are appropriate and with suitable scope if they make it possible to identify transactions aimed at money laundering and terrorist financing and identify suspicious and unusual transactions as well as transactions that do not have a reasonable financial purpose or if they at least contribute to the attainment of these goals.
1.6. The first requirement for the measures of prevention of money laundering and terrorist financing is that the Company does not enter into transactions or establish relationships with anonymous or unidentified persons. Legislation requires that the Company waives a transaction or the establishment of a business relationship if a person fails to provide sufficient information to identify the person or about the purpose of the transactions or if the operations of the person involve a higher risk of money laundering or terrorist financing. Also, legislation requires the Company to terminate a continuing contract without the advance notification term if the person fails to submit sufficient information for application of CDD measures.
1.7. The Company ensures that information concerning a Customer (incl. gathered documents and details) is up to date. In the event of Customers or business relationships falling in the high risk category, the existing information will be verified more frequently than in the event of other Customers/business relationships. The respective data shall be preserved in writing or in a form that can be reproduced in writing and made available to all relevant employees who need it to perform their employment duties (management board members, account managers, risk managers and internal auditors).
1.8. The Company carries out CDD measures at the outset of any business relationship and, if necessary, where any suspicions arise subsequently on our suppliers, distributors, counterparties, agents and any person with whom the Company has an established business relationship that will involve the transfer to or receipt of funds, so the Company can ensure that there are no legal barriers to working with them before contracts are signed or transactions occur.
1.9. Various factors will determine the appropriate forms and levels of screening. The Company shall perform KYC procedure for every Customer (natural or legal entity), Representative of the Customer (an individual who is authorized to act on behalf of the Customer), Beneficial Owner of the Customer and Politically Exposed Person (“PEP
”) or a person connected with the PEP.
1.10. During the KYC (and registration) procedure, every Customer must provide to the Company with personal information and documents, which the Company needs to establish a portfolio of the Customer and access the risk (for more detailed risk description see Section 4 of the Policy), connected to it (see Table #1).
1.11. KYC is carried out by a third party – Sum And Substance Ltd (UK), with its registered office at Suite 1, 5 Percy Street, Fitzrovia, London, England, W1T 1DG (hereinafter - “SumSub
”), who is a trusted partner of the Company for collecting and processing Users data on behalf of the Company. SumSub is an experienced identity verification company that will process personal data and run KYC/AML procedures and ensure compliance with the relevant AML legislation.
1.12. For the purposes of maintaining Customers’ accounts and reviewing Customers for the purposes of KYC/AML compliance, the Company will collect and process the same that SumSub will collect in the process of Customer verification (KYC) procedure, according to Privacy Notice for Cloud NFT Token Sale.
1.13. The Company obtains all information necessary to establish to its full satisfaction the identity of each new Customer and the purpose and intended nature of the business relationship. The extent and nature of the information depends on the type of applicant (personal, corporate, etc.) and the expected size of the account. Therefore, the Company has categorized the Customers (and personal information).2. ESTABLISHING THE SOURCE OF FUNDS
2.1. The Company should follow a risk-based approach when establishing Source of Funds. The risk-based approach is that the Company is on alert to any possibility that the funds may not be from a legitimate source or are not destined for a legitimate purpose. For example, when funds are sourced from a high-risk third country with inadequate AML legislation and regime, it is appropriate to obtain more information before proceeding with any transaction. A detail/extent depends on the Customer’s money laundering and terrorist finance risks.
2.2. For the purpose of ensuring that the source of the funds is legitimate, the Company undertakes the following measures:
2.2.1. considers the reliability of the Customer based on the information provided;
2.2.2. questions information and/or proof documents of the source of funds that the Customer intends to invest;
2.2.3. considers the jurisdiction and the bank rating that those money are being transferred;
2.2.4. considers whether the funds are being transferred from an account which is held in the name of the Customer or a third party.
2.3. Where the funds come from a third party, the risk is greater and further enquiries shall be made by the Company: about the relationship between the Customer and the ultimate underlying principal of the funds (i.e., the actual provider of the funds) assessing whether the purpose of the transaction is in line with the documented profile of the Customer.
2.4. The Company undertakes to ensure that the source of funds is logical and backed by supporting documentation (e.g,. a deed of sale, etc.).
3. CORPORATE GOVERNANCE AND COMPLIANCE FUNCTION
3.1. In accordance with the Money Laundering and Terrorist Financing Prevention Act the Company is an obliged entity responsible for the implementation of Money Laundering and Terrorist Financing Prevention Act and guidelines adopted on the basis thereof.
3.2. In accordance with §20 of the International Sanction Act the Company is the person having specific obligations and shall appoint a person who shall be responsible for the compliance with the obligations provided for in §21, §22 and §23 of the International Sanctions Act and for the performance of legislation and instructions established on the basis of the International Sanctions Act. The position of a Compliance officer within the organizational structure of the Company allows the Compliance officer to be appointed as a person who shall be responsible for the compliance with the obligations provided by §21, §22 and §23 of the International Sanctions Act.
3.3. The management board of the Company appoints a Compliance officer. The functions of a Compliance officer are performed by an employee and a structural unit subordinate to the Compliance officer with the relevant duties.
3.4. The Company ensures that only a person who has the education, professional suitability, the abilities, personal qualities, experience and impeccable reputation required for performance of the duties of a Compliance officer may be appointed as a Compliance officer.
3.5. Only a person who works permanently in Estonia and has the education, professional suitability, abilities, personal qualities, experience and impeccable reputation required for performance of the duties of a compliance officer may be appointed as a compliance officer. The appointment of a Compliance officer is coordinated with the Financial Intelligence Unit (“FIU
3.6. The position of a Compliance officer within the organizational structure of the Company shall allow for the performance of the requirements provided by law for the prevention of money laundering and terrorist financing. Upon establishment of the compliance officer position, the compliance officer shall be made directly accountable to the management board of the Company and made as independent of business processes as possible.
3.7. The Compliance officer’s independence from business processes does not mean that the officer is prohibited to advise or train colleagues for the purpose of ensuring the compliance of the actions of the executives and employees with the requirements of the Money Laundering and Terrorist Financing Prevention Act.
3.8. The functions of the Compliance officer are as follows:3.8.1. organization of collection and analysis of information referring to unusual transactions or transactions suspected of money laundering or terrorist financing in the activities of the Company (collection of information means collection of any and all suspicious or unusual notices received from the employees, contractual partners and agents of the Company, and systemizing and analysis of the information contained in them);3.8.2. reporting to the FIU in the event of suspicion of money laundering or terrorist financing (notice being given in the manner agreed with the FIU);3.8.3. periodic submission of written statements on implementation of the rules of procedure to the management board of the Company; and3.8.4. performance of other obligations related to the fulfilment of the requirements of the Money Laundering and Terrorist Financing Prevention Act by the Company and training employees and applying respective control mechanisms).
3.9. The Compliance officer shall have access to the information forming the basis or prerequisite for establishing a business relationship, including any information, data or documents reflecting the identity and business activity of the Customer. The management board also grants the compliance officer the right to participate in the meetings of the management board if the compliance officer deems this necessary to perform their functions.3.10. The contact details of the Compliance officer shall be communicated to the Financial Supervision Authority. The Compliance officer shall inform the Financial Supervision Authority within a reasonable term about the appointment of a new compliance officer or a change in contact details.
4. RISK LEVELS AND CATEGORIES
4.1. The Company shall classify Customers into various risk categories and based on the risk perception decide on the acceptance criteria for each category of Customer. Where the Customer is a prospective Customer, an account must be approved only after the relevant pre-account opening CDD and identification measures and procedures have been conducted, according to the principles and procedures set in Policy. No account shall be opened in anonymous or fictitious names.
4.2. The criteria for accepting new Customers and categorization of Customers based on their risk is described below. The Compliance Officer shall be responsible for categorizing Customers in one of the following three (3) categories based on the criteria of each category set below in the Tables #2, #3, #4 and Table #1 set above.