Policies

Privacy Policy
AML / KYC policy
Cookie policy

TRANSFI GROUP GLOBAL PRIVACY POLICY

Last Updated: October 2024

CONTACT US
If you have any questions about this Privacy Policy, You can contact us:
By email: compliance@transfi.com

1. What is the objective ofTransFi’s Privacy Policy?

“TransFi” refers to Trans-Fi Inc.and its affiliates and subsidiaries worldwide, including Trans-Fi UAB and NEOMONEY INC. (collectively “TransFi Group”, “TransFi”, “we”, “us” or “our”).

TransFi may share your personaldata with its other entities (subsidiaries and affiliates) and use it inaccordance with this Privacy Policy.

The objective of TransFi’s (allsubsidiaries and affiliates) privacy policy (the “Privacy Policy”) is to committo protecting your privacy. Please read this carefully as this policy islegally binding when you choose to use our Services. For the purpose of therelevant data protection regulations, TransFi may act as either the “datacontroller”, “data processor” or both of your information.

This Privacy Policy describes howwe collect, use, handle and, under certain conditions, disclose your personaldata, when you access our Services, which include our content on the Websitelocated at www.transfi.com or any other websites,pages, features, or content we own or operate, including the TransFi paymentstransaction platform (collectively, the “Website(s)”), or any TransFiwidget, application programming interface (“API”) or third party applicationsrelying on such an API, products (Payouts, Collections and Ramp) and relatedservices (referred to collectively hereinafter as “Services”).

This Privacy Policy also explainsthe steps we have taken to secure your personal information. Finally, thisPrivacy Policy explains your options regarding the collection, use anddisclosure of your personal information. By visiting the Website, you acceptthe practices described in this Privacy Policy for the Website. If you do notacknowledge and accept this Privacy Policy, you may not use the Services.  

If you have any questions aboutthis policy, please send them to compliance@transfi.com.

2. What personal information dowe collect from you?

Personal information means anydata which relates to a living individual who can be identified from that data,or from that data and other information, which is in the possession of, or islikely to come into the possession of, TransFi (or its representatives orservice providers). In addition to information, it includes any expression ofopinion about an individual and any indication of the intentions of TransFi orany other person in respect of an individual. The definition of personalinformation depends on the relevant law applicable for your physical location.The data TransFi may collect and use about you is described below in sections2.1-2.3 of this Privacy Policy.

TransFi obtains information about you fromvarious sources. “You” may be an individual or legal entity entering into abusiness services agreement with TransFi and/or setting up a user account withTransFi and using the Services provided or through our Website or API (“User”),a legal entity/business identified under anti money laundering (“AML”) orcounter terrorist financing (“CTF”) identification requirements as per localregulations, verified by TransFi, that uses our Services to collect payments, makepayouts, or facilitate cross-border transfers (“Client”), a legal entity thathas a contractual relationship with a TransFi Client and may be subject toAML/CTF identification requirements, verified either by TransFi or the Client(“Merchant”), a legal entity that is a client of a Merchant and may be subjectto AML/CTF identification requirements, verified either by TransFi or theMerchant (“Sub-Merchant”), or individuals or legal entities that are the endusers of Merchants who interact with the Services provided (“End User”). Youmay also be a recipient/beneficiary of one of our Services, or a visitor to ourWebsite or other service that links to our API and Services. If You are aMerchant, a Sub-Merchant, or End User, your use of the Services will be governedby the applicable agreement between TransFi and the relevant Client.

2.1 Information you provide to us

This includes information youprovide to us in order to establish an account and access our Services. Thisinformation is either required by law (e.g. to verify your identity), necessaryto provide the requested Services (e.g. you will need to provide your bankaccount number if you would like to link that account to TransFi), or isrelevant for our legitimate interests described in greater detail below.

The nature of the Services youare using or interacting with will determine the kind of personal informationwe might ask for, but may include:

●       Personal IdentificationInformation: full name, date of birth, age, nationality/citizenship, country ofresidence, government-issued ID details (including ID number, ID type, issuanceand expiry dates), social security number, tax ID number, account credentials, geolocation,unique device details, network information or internet protocol address, walletaddress,  gender, signature, utilitybills, photographs, phone number, home address, email and/or any otherinformation deemed necessary to comply with our legal obligations underapplicable law and regulations;

●       Official Identity Documents:government-issued identity document such as a passport, visa or nationalidentity card, state ID card, driver’s licence, and/or any other information deemed necessary to comply with our legalobligations under applicable law and regulations;

●       Financial Information: bankaccount information, payment card information, tax identification number(“TIN”), transaction history, trading data. For transaction details, we storeorder details, the User’s bank account number, bank account name, and card information,including the cardholder’s name, card number, CVV, and expiration date. As weare Payment Card Industry Data Security Standard (“PCI DSS”) certified, we areable to securely store this information to meet our compliance obligations andensure data security. While we do not store your TransFi User account logincredentials, we securely handle and store card details in compliance with PCIDSS standards. Payment card information may also be processed through oursystem during transactions via secure third-party service providers.

●       TransactionInformation: information about the transactions you undertake inconnection with our Services, such as the name of the recipient, your name, theamount and/or timestamp, purpose of transaction, jurisdiction of transaction;

●       Verification Information: toverify your identify, including information for fraud checks and otherinformation you provide, including images of yourself and a liveliness check;

●       Employment Information: Officelocation, job title, and/or description of role; or

●       Correspondence: Surveyresponses, information provided to our support team or User research team.

If you are a company, we may requestinformation such as your employer Identification number (or comparable numberissued by a government), proof of legal formation (e.g. Articles ofIncorporation) and personal identification information for all materialbeneficial owners for Know Your Business (“KYB”) purposes.

If you do not provide us with the informationbelow, we may not be able to provide the Services to you, or your use of theServices may be restricted.

In addition to the information you provide tous in connection with your use of the Services, you may also choose to submitinformation to us via other channels, including in connection with an actual orpotential business relationship with TransFi.

2.2 Information we collectautomatically or generate about you

This includes information wecollect automatically, such as whenever you interact with our Website or useour Services. With regard to your use of our Services we may automaticallycollect the following information:

●       Details of the transactions youcarry out when using our Services, including geographic location from which thetransaction originates;

●       Technical information, includingthe Internet protocol (“IP”) address used to connect your computer to theInternet, your login information, browser name, type and version, time zonesetting, browser plug-in types and versions, operating system, geolocation/trackingdetails and platform, device details;

●       Information about your visit,including the authentication data, security questions, full Uniform ResourceLocators (“URL”) clickstream to, through and from our Website or mobileapplication (including date and time); products you viewed or searched for;page response times, download errors, length of visits to certain pages, pageinteraction information (such as scrolling, clicks, and mouse-overs), andmethods used to browse away from the page and any email used to contact us.

●       Cookies and other Technology.Like many websites, our Website employs cookies, location-based Services andweb beacons (also known as clear GIF technology or “action tags”) to speed yournavigation of our Website, recognize you and your access privileges, and trackyour usage. Please read our CookiePolicy for moreinformation.

2.3 Information collected fromthird parties

We may receive information aboutyou if you visit or use our Website or use our Services. This includesinformation we may obtain about you from third-party sources. The main types ofthird parties we receive your personal information from are:

●       Public databases, ID verificationpartners in order to verify your identity in accordance with applicablelaw. ID verification partners use a combination of government records andpublicly available information about you to verify your identity. Suchinformation may include your name, address, job role, public employmentprofile, status on any sanction’s lists maintained by public authorities, andother relevant data;

●       Blockchaindata to ensure parties using our Services are not engaged in illegalor prohibited activity, sanctioned jurisdiction, dark net, child abuse, etc.and to analyze transaction trends for research and development purposes byscreening wallet address for the source of funds;

●       Marketing partners &resellers so that we can better understand which of our Services may be ofinterest to you;

●       The banks/financialservice providers you use to transfer money to us will provide uswith your basic personal information, such as your name and address, as well asyour financial information such as your bank account details;

●       Business partners mayprovide us with your name and address, as well as financial information, suchas card payment information; and

●       Advertising networks, analyticsproviders and search information providers may provide us withpseudonymised information about you, such as confirming how you found ourWebsite.

3. How do we use your personalinformation?

We may use your information inthe following ways and for the following purposes:

(a) Internal Use: We useyour personal information to provide you with our Services. We may  use your personal information to improve ourWebsite’s content and layout, and improve our marketing efforts. . Additionally,we use your information to ensure the safety, security, and integrity of ourServices by protecting against fraudulent, unauthorised, or illegal activity;monitoring identity and service access; and addressing security risks. .

(b) Communications withYou: According to your preferences and in compliance with applicable law,we may send you marketing communications to inform you about events, to delivertargeted marketing and to share promotional offers. This may involve sendingyou communications via emails or mobile application notifications about ourServices, features, promotions, surveys, news, updates, and events, managingyour participation in promotions and events, delivering targeted marketing, anddetermining general information about visitors’ usage behaviour on the Website.Our marketing will be conducted in accordance with your advertising andmarketing preferences and as permitted by applicable law. We require certaininformation, such as your identification, contact, and payment details, toprovide and maintain our Services. If you are a new User or Client, we willcontact you by electronic means for marketing purposes only if you haveconsented to such communication. If you do not want us to send you marketingcommunications, please go to your account settings to opt out or submit arequest via compliance@transfi.com.

We may send you service updatesregarding administrative or account-related information, security issues, orother transaction-related information. These communications areimportant to share developments relating to your account that may affecthow you can use our Services. You cannot opt out of receiving critical servicecommunications.

We also process your personalinformation when you contact us to resolve any questions, disputes, collectfees, or to troubleshoot problems. Without processing your personal informationfor such purposes, we cannot respond to your requests and ensure youruninterrupted use of the Services.

(c) Legal and RegulatoryCompliance:  TransFi is required to process your personal information incompliance with AML/CTF, and security laws, which may include the collection,use, and storage of your information in certain ways. For example, we mustidentify and verify customers using our Services, including collecting photoidentification and using third-party service providers to compare your personalinformation against databases and public records. When you seek to link a bankaccount to your TransFi account, we may request additional information toverify your identity or address and manage risk, as required by applicable law.Additionally, we may disclose personal information in response to requests fromlaw enforcement, subpoenas, court orders, or as otherwise required by law, andwhere necessary to protect our legal rights, enforce agreements, or preventfraud and abuse of our Services. This includes efforts to mitigate accountcompromise or loss of funds, investigate complaints, claims and/or disputes,and comply with regulatory or legal requests/inquiries.

(d) External Use: Wedisclose information to our service providers to help enable them to performServices on your behalf. For example, to facilitate the purchase and custody ofdigital assets, we share certain information with third parties, such as yourname, email address, physical address, social security number, date of birth,government-issued identification and the amount of digital assets beingpurchased.Further, the types of data we collect and share with third partiesare described above in the information you provide to us, which includes yourdate of birth, country of residence, first name, last name, ID number, ID type,ID issue date, and ID expiry date, your bank account number, bank account name,and card information, including the name on the card, card number, CVV, andexpiration date.

We may share non-personalinformation (such as the number of daily visitors to our Website or the size ofan order placed on a certain date) with third parties. This information doesnot directly personally identify you or any User. For the avoidance of doubt,any IP addresses or a device or other identifier we collect may be shared withone or more third parties.

(e) Our Legitimate BusinessInterests: Sometimes the processing of your personal information isnecessary for our legitimate business interests, such as:

●       quality control and stafftraining;

●       to enhance security, monitor andverify identity or service access, and to combat spam or other malware orsecurity risks;

●       research and developmentpurposes;

●       to enhance your experience of ourServices and Website;

●       to facilitate corporateacquisitions, mergers, or transactions;

to conduct internal operations needed to deliver our Services,including troubleshooting software bugs and operational issues.

4. What personal information dowe  disclose to third parties?

We allow your personalinformation to be accessed only by those who require access to perform theirwork and share it only with third parties who have a legitimate purpose foraccessing it. TransFi will never sell or rent your personal information to thirdparties without your explicit consent. We will only share your personalinformation with selected third parties including:

●       Identity verification services toprevent fraud. This allows TransFi to confirm your identity by comparing theinformation you provide us to public records and other third-party databases;

●       Financial institutions which wepartner with to process payments you have authorised;

●       Affiliates, business partners,suppliers and sub-contractors for the performance and execution of any contractwe enter into with them or you;

●       Analytics and search engineproviders that assist us in the improvement and optimisation of our Website;

●       Companies or other third partiesin connection with business transfers or bankruptcy proceedings;

●       Companies or other entities thatpurchase TransFi assets;

●       Law enforcement, regulators, orany other third parties when we are compelled to do so by applicable law or ifwe have a good faith belief that such use is reasonably necessary, including toprotect the rights, property, or safety of TransFi, TransFi customers, thirdparty, or the public; comply with legal obligations or requests; enforce ourterms and other agreements; or detect or otherwise address security, fraud, ortechnical issues; and

●       If you authorise one or morethird-party applications to access our Services, then the information you haveprovided to TransFi may be shared with those third parties. A connection youauthorise or enable between your TransFi account and a non-TransFi account,payment instrument, or platform is considered an “account connection.” Unlessyou provide further permissions, TransFi will not authorise these third partiesto use this information for any purpose other than to facilitate yourtransactions using our Services. Please note that third parties you interactwith, should have their own privacy policies and TransFi is not responsible fortheir operations or their use of data they collect.

Examples of account connectionsinclude:

●     Merchants: Ifyou use your TransFi account to conduct a transaction with a third-partymerchant, the merchant may provide data about you and your transaction to us.

●     Yourfinancial services providers: For example, if you send us funds fromyour bank account, your bank will provide us with identifying information inaddition to information about your account in order to complete thetransaction.

You acknowledge and agree thatTransFi may continue to use and disclose your personal data for a reasonableperiod following the termination of the relationship between you and TransFifor one or more of the following purposes:

●     to enableTransFi to fulfil its outstanding obligations to you under any agreement, ifapplicable;

●     to allowTransFi to enforce its rights under any agreement, if applicable;

●     for anypurposes to which you have provided your written consent;

●     asrequired under applicable law; and as mandated by an order from a court ofcompetent jurisdiction.

5. Links to other sites

Our Website may contain links toother websites for your convenience or information. These websites are operatedby entities unaffiliated with TransFi, and we do not control, endorse, or takeresponsibility for their content or privacy practices. Each linked website mayhave its own terms of use and privacy policies, which may differ from ours. Weencourage you to review these policies whenever you visit third-party websites,as TransFi is not responsible for the practices or policies of these external sites.

6. How do we protect and storepersonal information?

TransFi implements and maintainsreasonable measures to protect your personal information. Your files areprotected with safeguards according to the sensitivity of the relevantinformation. Reasonable controls (such as restricted access) are placed on ourcomputer systems.

TransFi is an internationalbusiness with operations in multiple countries. This means we may transfer tolocations outside of your country. When we transfer your personal informationto another country, we will ensure that any transfer of your personal informationis compliant with applicable data protection law.

We may store and process all orpart of your personal and transactional information, including certain paymentinformation, such as your encrypted bank account and/or routing numbers. Weprotect your personal information by maintaining physical, electronic, andprocedural safeguards in compliance with the applicable laws and regulations.

As a condition of employment,TransFi’s employees are required to follow all applicable laws and regulations,including in relation to data protection law. Access to sensitive personalinformation is limited to those employees who need it to perform their roles.Unauthorized use or disclosure of confidential customer information by aTransFi employee is prohibited and may result in disciplinary measures.

Finally, we rely on third-partyservice providers for the physical security of some of our computer hardware.We require those third-party service providers to comply with commerciallyreasonable security practices and measures. For example, when you visit ourWebsite, you access servers that are kept in a secure environment. While wetake industry-standard precautions to safeguard your personal information andsecure your account, no system can be completely secure. As such, you assumethe risk of potential breaches and their consequences. To protect your account,please safeguard your credentials, choose a complex password when registering,enable advanced security features like two-factor authentication, and nevershare your account credentials with third parties.

If we anonymize your personalinformation so that it can no longer be associated with you, it will no longerbe considered personal information, and we can use it without further notice toyou.

We do not knowingly request tocollect personal information from any person under the age of 18. If a Usersubmitting personal information is suspected of being younger than 18 years ofage, TransFi will require the User to close his or her account and will notallow the User to continue using our Services. We will also take steps todelete the information as soon as possible.

We retain personal information as long asreasonably necessary to fulfil its intended purposes and meet our contractualand legal obligations. Email addresses and phone numbers are stored until theUser uses the TransFi Services, and data is retained for five years once theUser unsubscribes or removes themselves. Information will be deleted orde-identified when no longer needed, unless longer retention is required bylaw. TransFi retains certain information under AML/CTF regulations and holdsdata for a period of five years. If we cannot fully delete or de-identifyinformation, we will take reasonable measures to prevent further processing.

7. Do we do any profiling andautomated decision making?

We may use some instances of yourdata in order to customise our Services and the information we provide to you,and to address your needs - such as your country of address and transactionhistory. For example, if you frequently send funds from one particular currencyto another, we may use this information to inform you of new product updates orfeatures that may be useful for you. When we do this, we take all necessarymeasures to ensure that your privacy and security are protected - and we onlyuse pseudonymised data wherever possible. This activity has no legal effect onyou.  

8. What are your privacy andinformation access rights?

Depending on applicable law ofwhere you reside, you may be able to assert certain rights related to yourpersonal information. These rights include:

●       the right to obtain informationregarding the processing of your personal information and access to thepersonal information which we hold about you;

●       the right to withdraw yourconsent to the processing of your personal information at any time. Pleasenote, however, that we may still be entitled to process your personalinformation if we have another legitimate reason for doing so (for example, wemay need to retain personal information to comply with a legal obligation);

●       in some circumstances, the rightto receive some personal information in a structured, commonly-used andmachine-readable format and/or request that we transmit that data to a thirdparty where this is technically feasible. Please note that this right onlyapplies to personal information which you have provided directly to TransFi;

●       the right to request that werectify your personal information if it is inaccurate or incomplete;

●       the right to request that weerase your personal information in certain circumstances. Please note thatthere may be circumstances where you ask us to erase your personal information,but we are legally entitled to retain it;

●       the right to object to, orrequest that we restrict, our processing of your personal information incertain circumstances. Again, there may be circumstances where you object to,or ask us to restrict, our processing of your personal information but we arelegally entitled to refuse that request;

●       the right to lodge a complaintwith the relevant data protection regulator if you think that any of yourrights have been infringed by us; and

●       the right to transfer yourpersonal data between data controllers, for example, to move your accountdetails from one online platform to another.

Our Services may, from time totime, contain links to and from the websites of our partners, advertisers andaffiliates. If you follow a link to any of these websites, please note thatthese websites have their own privacy policies and that we do not accept anyresponsibility for them. Please check these policies before you submit anypersonal data to these websites. Further information about your rights may beobtained by contacting the supervisory data protection authority located inyour jurisdiction.

Subject to applicable laws, youmay have the right to access information we hold about you. Your right ofaccess can be exercised in accordance with the relevant data protectionlegislation.

9. How often is the PrivacyPolicy updated?

We may update this Privacy Policyfrom time to time and without prior notice to you to reflect changes in ourinformation practices, and any such amendments shall apply to informationalready collected and to be collected. Your continued use of our Website or anyof our Services after any changes to this Privacy Policy indicates youragreement with the terms of the revised Privacy Policy.

Please review this Privacy Policyperiodically and especially before you provide personal data to us. If we makematerial changes to this Privacy Policy, we will notify you here, by email orby means of a notice on the home page of our Website. The date of the lastupdate of the Privacy Policy is indicated at the top of this document.

10. How can you contact usregarding any privacy questions?

If you have any questions aboutthis Privacy Policy, please contact us at compliance@transfi.com or sendphysical mail to the relevant entity below:

Trans-Fi UAB

Lvivo st. 21A, LT – 09313

Vilnius, Lithuania

 

NEOMONEY INC.

325 Front Street West 2nd floor

Toronto, ON M5V2Y1

Canada

TransFi AML KYC Policy

Last updated: May 2024

The guidelines contained in this reference shall provide guidance to the staff of Trans-Fi UAB and its subsidiaries & affiliated entities (together referred to as “TransFi” and “the Company”) AND its customers, regarding practices and standards that TransFi expects to have in place, in order to detect and prevent money laundering and terrorist financing; identify and report suspicious activity; comply with anti-terrorism & sanctions laws and regulations; and other relevant international laws.

KYC laws have been a standard AML obligation around the world for decades and were introduced in the United States with the USA Patriot Act1 and in Europe with the European Union Anti-Money Laundering Directives (AMLD) to help detect and prevent Terrorism Financing activities

These Guidelines have been adopted to ensure that the Company also complies with the rules and regulations set out in:

  1. the Lithuanian International Sanctions Act (ISA);
  2. the Lithuania Money Laundering and Terrorist Financing Prevention Act;
  3. the Lithuania Financial Crime Investigation Services General Policy lines regarding measures against money laundering, terrorist financing and regarding implementation of international sanctions;
  4. DIRECTIVE (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directives 2009/138/EC and 2013/36/EU (AMLD5).

These Policy lines are the subject of a review by the Company's Money Laundering Reporting Officer at least annually. The proposal for a review and the review of these Policy lines may be scheduled more often by the decision of the Company's Money Laundering Reporting Officer (MLRO) and obligations of applicable laws.

1. Policy Statement And Objectives

TransFi has created this AML KYC policy to:

  • Assist its employees in complying with the laws, rules and regulations across jurisdictions in our collective effort to ensure that the services that TransFi provides are fully compliant;
  • Put in place appropriate systems and controls to ensure compliance with policies;
  • Develop a risk-based approach to manage money-laundering and terrorist financing risk;
  • Set clear customer due diligence procedures, including Identification & Verification (ID&V) and KYC, and providing guidance when enhanced due diligence is required;
  • Conduct transaction monitoring to detect unusual and suspicious activity and to report to local supervisory authorities;
  • Take appropriate measures to freeze or close relationships to mitigate financial crime risk; and
  • Develop a robust employee training program as an essential component of an effective AML compliance program.

This Policy, coupled with internal controls, independent compliance testing and appropriate training, are the key segments of TransFi’s Anti-Money Laundering (AML) and Know-your-customer & Business (KYC/KYB) approach.

TransFi’s AML/KYC & KYB policy covers the following elements:

  • Definitions
  • Customer Due Diligence which includes Identification & Verification requirements (ID&V) and Know your customer (KYC) & Know your Business (KYB), which include Standard Due diligence (SDD) as well as Enhanced Due Diligence (EDD); and various ongoing screenings like, adverse media, PEP and sanctions;
  • Risk Management;
  • Internal Control;
  • Transaction Monitoring;
  • Prohibited Customer Types;
  • Implementation of Sanctions;
  • TransFi Compliance department;
  • Employee training;
  • Record keeping;
  • Law enforcement requests;
  • Conclusions.

2. Definitions

(i) Beneficial Owner in the case of a legal entity, is a natural person whose direct or indirect holdings, or the sum of all direct and indirect holdings in the legal entity, exceeds 25 percent, including holdings in the form of shares or other forms of bearer holdings.

(ii) Business Relationship means a relationship that is established upon conclusion of a long-term contract by the Company in economic or professional activities for the purpose of provisioning of a service or distribution thereof in another manner or that is not based on a long-term contract, but whereby a certain duration could be reasonably expected at the time of establishment of the contract and during which the Company repeatedly makes separate transactions in the course of economic or professional activities while providing a service.

(iii) CDD means Customer due diligence which is collecting and evaluating the new customers' information and determining their risk for illegal financial transactions

(iv) Company means TransFi.

(v) Customer means a legal entity which has business relationship with the Company or legal entity with which the Company enters into an occasional transaction.

(vi) Employee means the Company's employee, including persons who are involved in application of this Policy in the Company.

(vii) MLRO means Money Laundering Reporting Officer, who is appointed to the Company as a compliance officer in the meaning of § 17 of MLTFPA.

(viii) Money Laundering (ML) means the concealment of the origins of illicit funds through their introduction into the legal economic system and transactions that appear to be legitimate. There are three recognized stages in the money laundering process:

  1. placement, which involves placing the proceeds of crime into the financial system;
  2. layering, which involves converting the proceeds of crime into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds; and
  3. integration, which involves placing the laundered proceeds back into the economy to create the perception of legitimacy

(ix) Occasional Transaction means the transaction performed by the Company in the course of economic or professional activities for the purpose of provision of a service or sale of goods or distribution thereof in another manner to the customer and / or user outside the course of an established business relationship.

(x) PEP (Politically exposed person) means a natural person who performs or has performed prominent public functions and with regard to whom related risks remain.

At least the following persons are deemed to be PEPs:

  1. head of State or head of government;
  2. minister, deputy minister or assistant minister;
  3. member of a legislative body;
  4. member of a governing body of a political party;
  5. judge of the highest court of a country;
  6. auditor general or a member of the supervisory board or executive board of a central bank;
  7. the Chancellor of Justice;
  8. ambassador, envoy or charge d'affaires;
  9. high-ranking officer in the armed forces;
  10. member of an administrative, management or supervisory body of a state-owned enterprise;
  11. director, deputy director and member of a management body of an international organization;
  12. person in list of Lithuania positions whose holders are considered politically exposed persons is established by a regulation of the minister responsible for the field;
  13. person in list of positions, which is established by international organisation accredited in Lithuania;
  14. a person who, as per list published by the European Commission, is considered a performer of prominent public functions by a Member State of the European Union, the European Commission or an international organisation accredited on the territory of the European Union is deemed a politically exposed person.
  15. Close family member or associate of 1-14 above

Middle ranking or more junior officials are not considered PEPs.

(xi) Sanctions mean an essential tool of foreign policy aimed at supporting the maintenance or restoration of peace, international security, democracy and the rule of law, following human rights and international law or achieving other objectives of the United Nations Charter or the common foreign and security Policy of the European Union. Sanctions include:

  1. international sanctions which are imposed regarding a state, territory, territorial unit, regime, organization, association, group or person by a resolution of the United Nations Security Council, a decision of the Council of the European Union or any other legislation imposing obligations on Lithuania;
  2. sanctions of the Government of the Republic of Lithuania which is a tool of foreign policy which may be imposed in addition to the objectives specified in previous clause to protect the security or interests of Lithuania.

International sanctions may ban the entry of a subject of an international sanction in the state, restrict international trade and international transactions, and impose other prohibitions or obligations.

The subject of Sanctions is any natural or/and legal person, entity, or body, designated in the legal act imposing or implementing Sanctions, with regard to which the Sanctions apply

(xii) Terrorist Financing (TF) means the financing and supporting of an act of terrorism and commissioning thereof, as well as the financing and supporting of travel for the purpose of terrorism, in the meaning of applicable legislation.

(xiii) User means a natural person who has business relation with the Company or the Company’s customers, or with whom the Company or the Company’s customers enter into occasional transactions.

(xiv) Virtual currency means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp 35-127) or a payment transaction for the purposes of points (k) and (I) of Article 3 of the same Directive.

3. Know Your Customer & Identification & Verification Requirements

TransFi is an international services provider in a host of countries within which it provides its services. Regulatory requirements across the world require customer due diligence as a critical tool to prevent illegal activity. TransFi has set up data collection, verification, analytics, investigation and reporting processes within the standards of Anti-Money Laundering regulations through its “Know Your Customer (KYC/KYB)” framework. Key elements of this framework are:

A. Standard Due Diligence

Standard due diligence (SDD) is applied where the customer's risk profile indicates lower risk and where, in accordance with the risk assessment of the Company, it has been identified that in such circumstances the risk of money laundering or terrorist financing is lower than usual.

The Company will verify the identity of its customers and users under its “Know Your customer” processes. For individual users, this will include name and date of birth that is verifiable electronically through an accepted and valid Government issued document accurately containing the users name and date of birth. Acceptable forms of identification for an individual user varies by country of operation and includes one or more of the following:

  • National ID;
  • Passport;
  • Residence permit for a foreign national;
  • Any other acceptable ID allowed by regulation; and as additional verification form
  • Valid Address document like a Utility bill/bank statement (could be any of the above if they have the complete address and not merely a PO Box).

Required documents for a corporate (KYB) includes the following:

  • Proof of registration- Company Registration /Incorporation;
  • Shareholders registry (issued by the state registry within last 6 months) or
  • Recent company excerpt showing shareholders identifying the UBO(issued within last 6 months);
  • Memorandum of Association (MOA) & Articles of Association (AOA) wherever applicable- These document sets out how a company is operated, governed and owned and the extent of Authority/ powers key executives hold;
  • Official address or Principal business address (proof of address);
  • EIN / TIN;
  • All ID docs for natural persons owning >25% of the legal entity and any natural person who is a controlling person or the Beneficial Owner. All the company’s beneficiaries (that own 25% or more) will need to individually complete the KYC process.

The Company will take steps to confirm the authenticity of documents and information provided by users and customers, including verification with regulatory / government sources, and running analytics. Identification information taken above will be collected, stored, shared and protected strictly in accordance with the company’s Privacy Policy related regulations.

B. Enhanced Due Diligence (EDD)

The Company will flag users & customers presenting a higher risk (e.g., politically exposed persons or high-risk customers) and request additional documents & verification.

A high-risk customer is identified based on business activities and includes, but not limited to, the following

  • Custodial digital assets services
  • Other digital assets services that are not non-custodial
  • Money services / Payments / other financial services
  • Gambling services
  • Any customer with a politically exposed beneficial owner

For a high-risk customer, the company will request any additional documents to ascertain AML risks under Enhanced due diligence as necessary, including but not limited to Proof of source of funds, relevant licenses and AML / KYC policies. If an EDD requires an investigation, the Company will take any such measures as deemed fit.

Politically Exposed Person

A politically exposed person (PEP) is one defined in Clause 2(x) of this policy. The Company will take measures to ascertain whether the user or the beneficial owner of the customer is a PEP, their family member2 or close associate3, or if the customer has become such a person. Enhanced due diligence as necessary, including but not limited to Proof of source of funds and

The Company will request the PEP for any additional documents to ascertain AML risks under Enhanced due diligence as necessary, including but not limited to Proof of source of funds and Proof of address. The Company will verify the data received from the PEP by making inquiries in relevant databases or public databases or making inquiries or verifying data on the websites of the relevant supervisory authorities or institutions of the country in which the PEP has place of residence or seat.

Where a PEP no longer performs important public functions placed upon them, the Company shall at least within 12 months take into account the risks that remain related to the PEP and apply relevant and risk sensitivity-based measures as long as it is certain that the risks characteristic of PEPs no longer exist.

Adverse Media, PEP and sanctions screenings

The Company KYC’s all its customers. In addition to the KYC and KYB , the customer is subjected to various screenings like, adverse media, PEP and sanctions on an ongoing basis.

C. Ongoing Monitoring

The Company will verify the identity of users and customers on an ongoing basis, especially if there has been any change in the identification information or their activities are deemed suspicious. Such activities could include, though not limited to, changes in customer information, address, ownership, and activities wherein KYC details will be updated on an ongoing basis. The Company reserves the right to ask such users for updated KYC documents, even if they have been successfully verified in the past. The Company shall conduct periodic review of its client's basis their risk categorization review of its client's basis their risk categorization. The risk levels are: High risk - 1 year and Medium & Low risk - 3 years.

D. Acceptable Sources Of Funds

Source of funds refers to the origin of the funds. It refers to the activity that generated the funds, for example salary payments or sale proceeds, as well as the means through which the customer's or beneficial owner's funds were transferred. Acceptable sources of funds include

  • Salary /Business income;
  • Pension releases;
  • Personal savings from legal sources;
  • Share sales and dividends;
  • Property sales;
  • Inheritances and gifts allowed by law;
  • Tax return receipts and other incomes from government;

E. Transaction Blocking

The Company will prohibit business relationships and occasional transactions with users and customers that fail KYC at any point in time as per the requirements of this Policy

4. Risk Management

Risk assessment is a process whereby a methodology is maintained to identify and measure the inherent financial crime risk to which the Company is exposed, assess the coverage of controls to mitigate these risks and determine the residual levels. This is done in order to estimate the threat to compliant practices, as the Company provides services to its customers, are calculated; and as may be necessary, eliminated, reduced or controlled. The main purpose of risk assessment is to identify transactions that may threaten to take advantage of compliance vulnerabilities and evaluate the risks presented, to effectively conduct the elimination of such threats.

The Company will follow a risk-based approach to combating money laundering and terrorist financing. This approach applies both to user transactions and company’s customers. By adopting a risk-based approach, the Company will ensure that measures taken are commensurate to the identified risks, thereby enabling efficient allocation of resources. This principle also ensures that the greatest risks receive the highest attention.

The Company’s risk-based approach is based on, but not limited to the following:

  • Monitoring transactions and assigning risk based on multiple parameter such as location, destination, user behavior and value of transactions
  • Bank card verifications to ensure the ownership of card is determined to be to the user before processing transactions
  • Monitoring digital assets transactions and assessing risk of dealing with dark net, high money laundering risk counterparties, and likely association with other illegal activities

The risk-based approach will cover all markets where the Company has a business presence.

5. Internal Control

Management is ultimately responsible for ensuring that TransFi maintains an effective AML/KYC internal control structure, including suspicious activity monitoring and reporting. TransFi management follows a culture of compliance to ensure staff adherence to the AML/KYC policies, procedures, and processes. Internal controls are the TransFi’s policies, procedures, and processes designed to limit and control risks and to achieve compliance with relevant rules and regulations. The level of sophistication of the internal controls commensurates with the size, structure, risks and complexity of the TransFi’s operations and lines of business.

6. Transaction Monitoring

Regulations across jurisdictions require the company to monitor and analyse transactions of both individual users and customers. The Company will use a comprehensive approach of transaction monitoring including, but not limited to:

  • screening i.e., monitoring transactions in real-time;
  • monitoring i.e., analyzing transactions later.

The objective of screening is to identify:

  • suspicious and unusual transactions and transaction patterns;
  • transactions exceeding the provided thresholds;
  • politically exposed persons and circumstances regarding international sanctions.

The screening of the transactions is performed automatically and includes the following measures:

  • established thresholds for transactions, depending on the user / customer's risk profile and the estimated transactions turnover declared by the user / customer;
  • the scoring of virtual currency wallets where the virtual currency shall be sent in accordance with the user / customer’s order;
  • the scoring of virtual currency wallets from which the virtual currency is received.

When monitoring transactions the Company will assess transaction with a view to detect activities and transactions that:

  1. deviate from what there is reason to expect based on the due diligence measures performed, the services provided, the information provided by the user / customer and other circumstances (e.g. exceeding estimated transactions turnover, virtual currency sending each time to new virtual currency wallet, volume of transactions exceeding limit);
  2. without deviating according to previous clause, may be assumed to be part of a money laundering or terrorist financing;
  3. may affect the user / customer's risk profile score.

In addition, the Compliance Department shall take any appropriate actions to ensure compliance with laws & regulations including

  • Daily check of users against recognized “blacklists” (e.g. OFAC or any other Specially Designated National (SDN) list as prescribed in other jurisdictions), aggregating transfers by multiple data points, placing users on watch and service denial lists, opening cases for investigation where needed, sending internal communications and filing out statutory reports, if applicable;
  • Regular filing of reports such as Currency Transaction Reports, Filing Suspicious Activity Reports;
  • Requesting users and customers for any additional information and documents in case of suspicious transactions, including suspending or terminating accounts when the company has reasonable suspicion of illegal activity;
  • Maintaining a record of all transactions as required by the respective regulatory authority in their respective countries or for a period dictated by laws and regulations in the jurisdiction which they operate

7. Prohibited Customer Types

The Company shall not establish business relationships or do occasional transactions with customers who pose serious money laundering risks and fall outside the Company's risk appetite. The Company will not under any circumstances accept the following types of customers.

  • Known beneficiaries of Corruptions or Illegal Activities;
  • Shell companies/shell banks;
  • Unregulated casinos or gambling companies;
  • Incomplete or failed KYB (Know your business);
  • Unlicensed money transmitters / payments / financial services companies; and
  • Customers with bearer shares in the ownership structure.
  • Marijuana/cannabis;
  • Guns, Arms and ammunition;
  • Precious metals;
  • Adult content or Pornography

8. Implementation Of Sanctions

Upon the entry into force, amendment or termination of any sanctions, the Company shall verify whether the customer or User who is planning to have the business relationship or occasional transaction with the Company is a subject of these sanctions. If the Company identifies a such a person or legal entity who is a subject of Sanctions or that the transaction intended or carried out by them is in breach of Sanctions, the Company shall apply Sanctions and immediately inform the relevant regulatory authority thereof.

The Company will use at least one of the following sources (databases) to verify the user / customer's relation to Sanctions:

  1. Comply Advantage watchlists;
  2. Financial sanctions information and search;
  3. Other internal databases or databases managed by third parties, which contain at least the lists from databases specified above.

The watchlists sources include:

  • The Office of Foreign Assets Control (OFAC) Sanctions
  • The United Nations Security Council’s Sanctions list
  • Her Majesty’s (HM) Treasury List
  • The EU Consolidated Sanctions List
  • The EU Most Wanted Warnings
  • The Bureau of Industry and Security
  • The State Department Foreign Terrorist Organizations List and Non Proliferation List
  • US DOJ (FBI, DEA, US Marshals, and others)
  • Interpol’s Most Wanted CBI List (The Central Bureau of Investigation)

The Company shall perform the abovementioned verification on an ongoing basis in the course of an established business relationship. The frequency of the ongoing verifications depends on the risk profile of the user / customer

If the Company has doubts that a person or legal entity is a subject to Sanctions, it shall immediately notify the MLRO. In this case the MLRO shall decide on whether to ask or acquire additional data from the person or notify the regulatory authority immediately of their suspicion.

Below is the list of prohibited jurisdictions for TransFi:

  • Abkhazia
  • Afghanistan
  • Angola
  • Belarus
  • Burma (Myanmar)
  • Burundi
  • Central African Republic
  • Congo
  • Cuba
  • Democratic Republic of Congo
  • Ethiopia
  • Guinea-Bissau
  • Iran
  • Iraq
  • Ivory Coast (Cote D’Ivoire)
  • Lebanon
  • Liberia
  • Libya
  • Mali
  • Nagorno-Karabakh
  • Nicaragua
  • North Korea
  • Northern Cyprus
  • Russia
  • Sahrawi Arab Democratic Republic
  • Somalia
  • Somaliland
  • South Ossetia
  • South Sudan
  • Sudan
  • Syria
  • Ukraine (including Region of Crimea)
  • Venezuela
  • Yemen
  • Zimbabwe

Note: In light of the recent Financial Promotion Regime by the FCA UK in Oct 2023, we have included UK in the Prohibited country list until we comply with the FPR .

9. TransFi Compliance Department

The Company has established a Compliance Department that is headed by a designated Compliance Officer and MLRO, who shall ensure implementation and enforcement of the AML / KYC policy. With support and oversight of transactional and administrative practices, the Compliance Department shall supervise all aspects of the Company’s Anti Money Laundering and counter-Terrorist Financing policies and ensures compliance with laws and regulations.

The scope of Compliance Department’s efforts includes, but not limited to the following:

  • Collect user’s identification information & conduct relevant checks as appropriate;
  • Establish and update internal policies and procedures for the completion, review, submission and retention of all reports and records required under the applicable laws and regulations;
  • Monitor transactions and investigate any significant deviations from normal activity;
  • Implement a records management system for appropriate storage and retrieval of documents, files, forms and logs;
  • Conduct a business risk assessment on a periodic basis; and
  • Provide law enforcement with information as required under the applicable laws and regulations.
AML Officer

The Company has appointed an MLRO who is not operationally involved, but who will monitor and verify the functioning of the Company independently. The MLRO is accountable for the following activities:

  1. produce and when necessary, update the Company's AML policy;
  2. monitor and verify on an ongoing basis that the Company is fulfilling the requirements prescribed by this policy and related documents and according to external laws and regulations
  3. provide the Company's employees and members of the Board with advice and support regarding the rules relating to money laundering and terrorist financing
  4. inform and train the employees of the Company and relevant persons about the rules relating to money laundering and terrorist financing
  5. investigate and register sufficient data on received internal notifications and decide whether the activity can be justified or whether it is suspicious;
  6. file the relevant reports (i.e. UARs, SARs, STRs, etc.) with the appropriate regulatory authorities in accordance with local jurisdictional requirements;
  7. check and regularly assess whether the Company's procedures and guidelines to prevent the use of the business for money laundering or terrorist financing are fit for purpose and effective;
  8. identify the incidents in accordance with the Company's policies and take measures regarding such incidents.

The Company through its MLRO will report to the regulatory authority on the activity or the circumstances that they identify in the course of economic activities and whereby:

  • the characteristics indicate the use of criminal proceeds, or the commission of crimes related to this (this is primarily a report on a suspicious and unusual transaction or activity, i.e. UTR or UAR);
  • in the case of which they suspect or know or the characteristics of which indicate the commission of money laundering or related crimes (this is primarily a report on a transaction or activity whereby money laundering is suspected, i.e., STR or SAR);
  • in the case of which they suspect or know or the characteristics of which indicate the commission of terrorist financing or related crimes (this is primarily a report on a transaction or activity whereby terrorist financing is suspected, i.e., TFR);
  • in the case of which an attempt of the activity or circumstances specified in previous clauses are present.

10. Independent Review

The Company shall engage an independent third-party firm with expertise in antimoney laundering (AML) compliance to conduct a comprehensive review and assessment of the effectiveness of the AML program. The independent review shall include, but not be limited to, an evaluation of the AML policies, procedures, and controls in place to detect and prevent money laundering and terrorist financing activities. The findings and recommendations of the independent review shall be documented in a written report provided to the Board of Directors, detailing any identified deficiencies and proposing remedial actions to address them.

11. Employee Training

Employee training is an essential part of an AML Compliance program. It is crucial to train the employees to improve their skills and comply with regulations and protect the company from criminal attempts.

The Company shall provide effective AML & internal controls training to its employees that will help to identify & prevent money laundering activities, minimize the risk of fines & penalties, and enhance the reputation of the Company. The training will be arranged on a periodic basis for the employees of the Company and members of the Board and documented. In case, an employee comes across a non-compliant situation, he or she is required to bring it to the attention of the Compliance Officer and MLRO (Money laundering reporting officer). They then take the required actions.

If required , the MLRO, who is independent of TransFi to report, prepares and submits a report to the FCIS (Financial Crime Investigation Service), Lithuania,

12. Record Keeping

Record keeping is an integral part of regulatory responsibility. To assist in record keeping the Company shall maintain an employee training log including details of their assessment results, when they were examined, when they were trained, and any reassessment necessary.

AML RECORDS

Where applicable, the following records will be retained by the Company for anti-money laundering purposes:

  1. Identification of users / customers - full details of evidence of identity for no less than five years from the end of the relationship
  2. Transactions – user / customer files containing the full details of the transaction for no less than five years from the date the transaction was completed
  3. Internal and external reporting – full details of action taken by Compliance Department for no less than five years from the creation of the record
  4. Detailed records must be kept no less than five years from the date the transaction or customer relationship ended.

RECORD ACCESSIBILITY

The Company shall maintain systems that ensure records are kept in accordance with regulatory requirements. The Company shall keep records electronically in the operating systems or on specific storage facilities for onsite or offsite storage, or paper based. In any case Company shall ensure that:

  1. Records can be accessed in a reasonable time and at a minimum as required by regulation.
  2. Records are protected against unauthorized access and accidental deletion or destruction, as per Data Protection requirements applicable in different jurisdictions.
  3. Third party providers used for storage of records shall have systems and procedures in place to ensure that records are protected against unauthorized access accidental deletion and securely stored for the required amount of time.

RECORD RETENTION

The overall principles in this respect are the following:

  1. Records verifying identity must be kept for no less than five years after the termination of a customer relationship/agreement.
  2. Records supporting individual transactions must be kept for no less than five years following completion of the transaction.
  3. Records of any report made to the compliance department (whether forwarded further) will be retained as part of the customer records.
  4. Records of customers / users who, according to the company's internal risk assessment pose a higher risk of money laundering and/or terrorist financing, must be kept for no less than ten years after the termination of a customer relationship/agreement.
  5. Records of customers / users with whom business relations or occasional transactions were refused for the reasons of prevention of money laundering and terrorist financing, must be kept for no less than ten years after the termination of the relationship/agreement.

13. Law Enforcement Requests

Government regulators and law enforcement agencies may seek information and records from time to time. Any person associated or connected with our company who receives or is served with a summons, subpoena or court order related to the Company’s business should immediately contact the Company Compliance Department for further assistance.

The Company shall assist entities in their investigations, provided the request(s) is / are conducted in a lawful manner. If a customer or user is subject to an examination by an equivalent regulatory body, the Company shall always comply with the examination process.

For any law enforcement requests, please direct your official document to our Compliance team at compliance@transfi.com

14. Conclusions

The Company is required by policy to operate in a legal and responsible manner. The Company will remain compliant, in all aspects, with all laws, rules, regulations across jurisdictions, as well as extend its full cooperation to law enforcement and regulatory authorities, maintain records, as per regulatory requirements and in accordance with the Company’s policies and procedures.

The Company will not tolerate its reputation to be put in jeopardy.

The Company will make sure that its customers do their part to ensure full compliance with all aspects and the spirit of this policy and support the Company as it strives to maintain its progressive stance in the industry.

The USA Patriot Act requires all financial institutions to develop and implement their own AML program and emphasizes several mandatory checks and screening capabilities. Accordingly, a firm’s USA Patriot Act Anti-Money Laundering program must be built around the following criteria:

  • The Company must develop internal Anti-Money Laundering policies, procedures, and controls;
  • An AML Compliance Officer must be appointed to oversee the Anti-Money Laundering program;
  • Employees must receive ongoing Anti-Money Laundering training; and
  • The Anti-Money Laundering program must be independently audited regularly.

The Financial Action Task Force (FATF) defines UBO as “the natural person(s) who owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.” UBO is defined as the following.

  • Owning >= 25% of share capital;
  • Exercise at least 25% of voting rights;
  • Beneficiaries of at least 25% of an entity’s capital;
  • Persons with power of attorney;
  • Guardians of minors;
  • Corporate directors or nominee directors that are appointed to conceal the true owners of a given firm; and
  • Shareholders, including the holders of bearer shares that may be transferred anonymously.
Transfi Logo
Borderless Payments Boundless Potential
Excellent
English (US)
Integrate TransFi

Subscribe to newsletter

Get latest industry, company, product and partnerships updates from our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Follow us

Linkedin IconTwitter IconTelegram IconDiscord IconInstagram IconLinkedin IconLinkedin Icon
Services are provided by Trans-Fi UAB (registration no. 306117433) with an address at Pramones 10G, Vilnius, Lithuania - 11118. Lithuania operating under virtual asset service provider licenses issued by Financial Crime Investigation Service of Lithuania.
Copyright @2023 TransFi-Inc. (Registration no. 6538509 with office at 100 S, Ashley Drive, Suite 600, Tampa, FL 33602, USA). All rights reserved