AML & KYB Policy

INTERNAL RULES FOR CONTROL AND PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING OF GREYCORP LTD.

These Rules were adopted by Beniamin Bozhinov, Manager of GREYCORP LTD., UIC 207364528, seat and registered address: Sofia, p.c. 1505, Oborishte district, 72 Oborishte Str., according to the requirements of Art. 101 in conjunction with Art. 4, p. 3 of the Measures Against Money Laundering Act (MAMLA), prom. SG, no. 27.03.2018

BASICS AND CONCEPTS
1. It is assumed that a business relationship is a business, commercial or professional relationship that is related to the activity of the obliged institutions and persons under MAMLA and, at the time when contact is established, it is expected to have an element of duration.
2. Related operations are operations and transactions that meet the following conditions:
a) a series of successive transfers of cash or valuables from or to the same natural person, legal person or other legal entity that have been made in connection with a single obligation where each individual transfer is below the legal threshold, but which together meet the criteria for the application of the due diligence measures, or
b) a series of transfers through different persons under Art. 4 MAMLA that relate to the same obligation, or
c) other relation established in view of the specificity of operations or transactions based on the application of the measures under MAMLA.
3. It is assumed that a customer is any natural or legal person or other legal entity entering into a business relationship or carrying out an occasional operation or transaction with the company.
4. It is assumed that related persons are considered to be:
4.1. the spouses or persons who live in factual union as spouses;
4.2. the relatives of first degree in descending line and their spouses or the persons with whom the relatives of first degree in descending line live in factual union as spouses;
4.3. the relatives of first degree in ascending line and their spouses or the persons with whom the relatives of first degree in ascending line live in factual union as spouses;
4.4. second degree collateral relatives and their spouses or the persons with whom the second degree collateral relatives live in factual union as spouses;
4.5. any natural person who is known to be a beneficial owner jointly with a person under paragraph 2 of a legal person or other legal entity or is in other close commercial, professional or other business relations with a person under paragraph 2;
4.6. any natural person who is the sole owner or beneficial owner of a legal person or other legal entity known to have been created for the benefit of a person under paragraph 2.
5. Money laundering is presumed to have been committed intentionally when:
5.1. the conversion or transfer of property, knowing that this property has been acquired through criminal activity or through an act of participation in such activity, in order to hide or conceal the illegal origin of the property or to support a person who participates in the performance of such action in order to avoid the legal consequences of the offence that might arise for this person;
5.2. the hiding or concealment of the nature, source, location, position, movement, rights in respect of or ownership of property, knowing that this property has been acquired through criminal activity or from an act of participation in such activity;
5.3. the acquisition, possession, holding or use of property knowing, at the time of receipt, that it has been acquired through criminal activity or from an act of participation in such activity;
5.4. the participation in any of the actions referred to in points 1 – 3, the association with the purpose of performing such action, the attempt to perform such action as well as the support, incitement, facilitation or the provision of advice in the performance of such action or its concealment.
5.5. It is assumed that money laundering is also present when the activity resulting in the acquisition of the property under p. 5 has been carried out in another member state or in a third country and does not fall under the jurisdiction of the Republic of Bulgaria.
6. It is assumed that beneficial owner is a natural person or natural persons who ultimately own or control a legal person or other legal entity, and/or a natural person or natural persons in whose name and/or on whose behalf an operation, transaction or activity is carried out; and who meet at least any of the following conditions:
6.1. With regard to corporate legal persons and other legal entities, the beneficial owner is the person who directly or indirectly holds a sufficient percentage of the stocks, shares or voting rights in that legal person or other legal entity, including by holding bearer shares or by exercising control by other means, except in the case of a company the shares of which are traded on a regulated market subject to disclosure requirements in accordance with the European Union law or equivalent international standards ensuring an adequate level of transparency with respect to ownership.
An indication of direct ownership is present when a natural person(s) holds a shareholding or ownership interest of at least 25 per cent in a legal person or other legal entity.
An indication of indirect ownership is present where at least 25 per cent of the shareholding or ownership interest in a legal person or other legal entity belongs to a legal person or other legal entity which is under the control of the same natural person or natural persons, or of multiple legal persons and/or entities which are ultimately under the control of the same natural person(s).
6.2. In respect of trusts, including trusts, escrow funds and other similar foreign legal entities incorporated and existing under the law of the jurisdictions providing for such forms of trusts, the beneficial owner shall be:
(a) the settlor;
(b) the trustee;
(c) the protector, if any;
(d) the beneficiary or the class of beneficiaries, or
(e) the person in whose principal interest the trust is created or managed where the natural person benefiting from it is yet to be determined;
(f) any other natural person who ultimately exercises control over the trust through direct or indirect ownership or by other means.
6.3. In respect of foundations and legal forms similar to trusts, the natural person or persons holding positions equivalent or similar to those referred to in p. 7. 2.
6.4. The natural person or persons who are nominee directors, secretaries, shareholders or owners of the capital of a legal person or other legal entity shall not be a beneficial owner if another beneficial owner is identified.
7. It is assumed that control within the meaning given by § 1c of the Supplementary Provisions of the Commerce Act, as well as any opportunity which, without being an indication of direct or indirect ownership, confers the possibility of exercising decisive influence on a legal person or other legal entity in the decision-making process for determining the composition of the bodies responsible for the management and supervision, the transformation of the legal person, the cessation of the activity thereof and other matters essential for the activity thereof.
8. It is assumed that exercising ultimate effective control over a legal person or other legal entity by means of exercising rights through third parties conferred, inter alia, by virtue of authorization, contract or another type of transaction, as well as through other legal arrangements conferring the possibility of exercising decisive influence through third parties, is an indication of indirect control.
9. Where, after having exhausted all possible means, no beneficial owner is identified according to p. 8 or if there is any doubt that the person or persons identified is the “beneficial owner”, the natural person who holds the position of senior managing official shall be regarded as “beneficial owner”. The obliged persons shall keep records of the actions taken in order to identify the beneficial owner under p. 1.
10. A suspicion of money laundering is presumed to arise whenever there are facts and circumstances sufficient to assess the aggregate amount of money to allow a reasonable assumption of money laundering to be made.
10.1. It is presumed that a reasonable assumption of money laundering may be made where:
10. 1. A customer of the company refuses to declare the circumstances provided for in MAMLA and the rules for its implementation.
10.2. Upon verification, it is established that the circumstances declared by the customer are untrue or false, altered document or a document with false content is presented both for the authentication of the customer’s personality and the reason for the operation or transaction.
10.3. Customers may be considered suspicious or the transactions or operations are unusual;
10.2. Customers may be considered suspicious when:
10.2.1. Their representatives or proxies submit identity documents, the authenticity of which gives rise to doubt;
10.2.2. It is well known that the customer has criminal record and preliminary proceedings have been initiated against him/her;
10.2.3. The customer is included in some of the lists of: the list indicated in Art. 5 of the Measures Against Terrorist Financing Act, of the U.S. Department of the Treasury – Office of Foreign Assets Control (OFAC), the sanctions lists of the European Commission, of the State Agency for National Security, Decision No 265 of the Council of Ministers of 23.04.2003 to adopt a List of natural persons, legal persons, groups and organizations subject to the measures under the Measures Against Terrorist Financing Act, the UN Security Council or any other list publicly announced by the State Agency for National Security or any other state body,
11. Operations or transactions are deemed to be unusual where:
11.1. Their volume and nature do not correspond to the turnover and the main business activity of the customer and therefore it can be assumed that they are fictitious and their only purpose is to transform property acquired through or in connection with a crime;
11.2. They are carried out by persons who do not have a proper authorization and license, when the activity is regulated by an authorization or license regime.
12. It is assumed that the due diligence is regulated in detail in MAMLA. The measures for enhanced due diligence are necessarily applied in the cases explicitly mentioned in Art. 35, p. 1-7 in respect of persons under Art. 36 of MAMLA (so-called politically exposed persons (PEPs) and their related persons); in respect of persons and legal entities established in high-risk third countries under Art. 46 MAMLA; in respect of products, operations and transactions which could lead to anonymity; in respect of new products, business practices and delivery mechanisms; in respect of new technologies in new or existing products, business practices and delivery mechanisms; in complex or abnormally large transactions or operations; in respect of correspondent relationships with a third-country credit institution or financial institution. These hypotheses are mandatory, but they do not exhaust the cases of application of enhanced due diligence measures. According to p. 8 of the same article, enhanced due diligence measures are also mandatory in all other cases where a higher risk of money laundering is identified during the risk assessment. Articles 37-43 of MAMLA lay down enhanced due diligence measures in respect of persons defined in Art. 36, who are politically exposed persons, and in respect of their related persons, such as: approval by an employee holding a senior management position of the person under Art. 4 to enter into or continue the business relationships with such persons; establishment of the origin of funds used in business relationships and operations and transactions carried out within such relationships, as well as clarification of the source of wealth; ongoing and enhanced monitoring of the business relationships; development of effective internal systems to identify such customers.
The due diligence shall include:
• identification
• identification and authentication of the beneficial owner;
• collecting information and assessing the purpose and nature of the business relationship;
• clarification of the origin of funds;
• ongoing monitoring of established business relationships and verification of transactions and operations; indication of the cases in which the obligation to apply customer due diligence measures arises.
13. The simplified due diligence measures are deemed to apply depending on the assessment of the potential risk under MAMLA, after approval by the manager. Simplified due diligence involves the application of all due diligence measures, but the extent and volume of their application takes into account the level of risk. The application of simplified due diligence measures is admissible only in the presence of all cumulative conditions listed in Art. 26 of MAMLA. Articles 27-31 of MAMLA provide for additional hypotheses in which the simplified customer due diligence measures can be applied.
14.1 If the operation or transaction is carried out in the name or on behalf of a third party without authorisation, the identification procedure is applied to both the third party in the name and on behalf of which the operation or transaction was carried out and to the person who carried out the operation or transaction. The relations/relationship between the third party and the person who carried out the operation/transaction must be clarified.
14.2 In the event that when performing a due diligence or when observing the operations of a customer, an employee of the Company suspects that the customer is acting in the name or on behalf of a third party without a logical and legal explanation for this, the employee notifies the Manager who may decide to order the performance of additional due diligence actions in respect of the customer and/or the third party.
14.3. In the case of carrying out an operation or transaction through a third party which is the bearer of the documents for carrying out the operation or transaction, the third party bearer is identified.
15. The above terms and their definitions are only indicative for the purposes of these Rules. In their application and interpretation, the existing legislation should be taken into account.
16. The following Customer Acceptance Policy is applied in the company as follows:

CUSTOMER ACCEPTANCE POLICY
Prior to entering into a relationship, the Company shall have sufficient information about the potential customer and their business. The Company shall apply the “Know Your Customer” principle which forms the basis of the rules for prevention of money laundering and terrorist financing and includes the collection and maintenance of adequate information on customers. For this purpose, the Company has established a Customer Acceptance Policy introducing the following prohibitions:
1. The Company shall not engage in business relationships with natural persons, legal persons and groups known or suspected to be associated with criminal activities, members of criminal or terrorist organisations or that they support politically or fund such organisations.
2. The Company shall not enter into or maintain business relationships and shall not carry out transactions or operations with natural or legal persons included in sanctions lists or carrying out activities that directly or indirectly include countries or territories subject to comprehensive sanctions.
3. The Company shall not enter into or maintain business relationships with natural persons, legal persons or groups active in the arms industry, if these business relationships are directly related to production, import, export, distribution, financing or mediation in armaments activities.
4. The Company shall not enter into or maintain business relationships with legal persons or other legal entities whose activity is related to nuclear energy, except for state-owned companies.
5. The Company shall not enter into or maintain relationships with credit institutions or financial institutions within the meaning of Art. 3(2) of Directive (EU) 2015/849 or institutions carrying out activities equivalent to those carried out by such institutions established in a jurisdiction in which they do not have a physical presence, including concept and management, and are not associated with a regulated financial group that is subject to effective consolidated supervision (“phantom banks”).
6. The Company shall not enter into or maintain business relationships with legal persons who do not provide a certified copy of a license, permit or certificate of registration – in case the activity of the person is subject to such authorisation.
7. The Company shall not offer anonymous products.
8. The Company shall not enter into relationships and shall not perform occasional operations or transactions when it is not possible to meet the customer due diligence requirements. If the Company cannot perform due diligence in cases of already established commercial or professional relations, including open account, the Company shall terminate these relations by considering whether to notify the Financial Intelligence Directorate.

Article 1. SUBJECT AND PURPOSE
1.1. The internal rules on measures against money laundering regulate the internal organisation and the manner of implementation of the measures against money laundering of GREYCORP LTD…, hereinafter referred to as “the Company”, according to the requirements of the Measures Against Money Laundering Act, prom. SG., no. 27.03.2018 and the rules for its implementation.
1.2. The purpose of the rules is to establish such an organisation of work in the Company which does not allow the Company’s activity to be used by any person / natural or legal, Bulgarian or foreign / for money laundering or terrorist financing, and any attempts to do so to be detected, prevented and brought to the knowledge of the competent authorities in the Republic of Bulgaria.
1.3. Prevention measures against the use of the Company for money laundering purposes are:
1.3.1. customer due diligence measures;
1.3.2. collection and compilation of documents and other information under the conditions and in accordance with the procedure laid down in MAMLA;
1.3.3. storage of the documents, data and information collected and drawn up for the purposes of MAMLA;
1.3.4. money laundering risk assessment;
1.3.5. disclosure of information concerning suspicious operations, transactions and customers;
1.3.6. disclosure of other information for the purposes of MAMLA;
1.3.7. exchange of information and interaction at national level, as well as exchange of information and interaction between the Company, the Financial Intelligence Directorate of the State Agency for National Security, the financial intelligence units of other countries and jurisdictions as well as with the competent authorities and organisations of other countries.

ARTICLE 2. SCOPE OF RULES
2.1. The rules of the anti-money laundering measures shall apply to Bulgarian and foreign natural and legal persons with whom the Company establishes a business relationship, hereinafter referred to as the customer(s), and with whom and/or on whose behalf the Company performs financial operations and/or concludes transactions at any of the following values:
2.1.1. Any payment in cash of more than BGN 30,000 or their equivalent in a foreign currency made by or to their customer within the established relationship or in case of occasional transactions or operations.
2.1.2. Carrying out an occasional operation or entering into an occasional transaction of a value equal to or exceeding the BGN equivalent of EUR 15,000 or their equivalent in another currency, whether the operation or transaction is carried out through one operation or through several related operations;
2.1.3. Carrying out an occasional operation or entering into an occasional transaction of a value equal to or exceeding the BGN equivalent of EUR 5,000 or their equivalent in another currency, where the payment is made in cash, whether the operation or transaction is carried out through one operation or through several related operations;
2.1.4. Carrying out an occasional operation or entering into an occasional transaction of a value equal to or exceeding the BGN equivalent of EUR 1,000 or their equivalent in another currency, which constitutes a transfer of funds, pursuant to Art. 3 (9) of Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds, which means any transaction at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:
(a) a credit transfer as defined in Article 2(1) of Regulation (EU) No 260/2012;
(b) a direct debit as defined in Article 2(2) of Regulation (EU) No 260/2012;
(c) a money remittance as defined in Article 4(13) of Directive 2007/64/EC, whether national or cross border;
(d) a transfer carried out using a payment card, an electronic money instrument, or a mobile phone, or any other digital or IT prepaid or postpaid device with similar characteristics;
2.2. In cases where, due to the nature of the occasional operation or transaction, its value cannot be determined at the time of its execution when the value of the operation or transaction is determined, if it is equal to or exceeds the values referred to in Article 2.1.2. and Article 2.1.3.
2.3. The rules shall apply to customers – Bulgarian and foreign natural and legal persons and their beneficial owners as well as to their authorised representatives with whom the Company enters into contractual relations.

Article 3. MAIN TASKS OF THE RULES
3.1. Implementation by all Company employees of the measures for control and prevention of money laundering and terrorist financing.
3.2. Development of internal principles and correct procedures in the Company for the prevention of money laundering and terrorist financing.
3.3. Collection, processing, storage and disclosure of information about specific transactions and operations.
3.4. Collection, processing, storage and disclosure of information about customers – Bulgarian and foreign natural and legal persons and their beneficial owners, as well as their authorised representatives with whom the Company enters into contractual relations.
3.5. Maintaining accurate and detailed information on operations with cash and currencies raising suspicion or subject to registration.
3.6. Exercising immediate and periodic control over the Company’s employees to implement the measures for the prevention, control and identification of suspicious operations, transactions, sources and customers and to take the necessary actions in case of suspected money laundering and terrorist financing.
3.7. Organisation of training for the employees to make them familiar with the requirements of MAMLA and its implementing acts, as well as with these internal rules.
3.8. Exchange of information and interaction at national level, as well as exchange of information and interaction between the Company, the Financial Intelligence Directorate of the State Agency for National Security, the financial intelligence units of other countries and jurisdictions as well as with the competent authorities and organisations of other countries, if necessary.

Article 4. CUSTOMER IDENTIFICATION AND AUTHENTICATION
4.1. In the cases referred to in Article 54 (1) of MAMLA, the identification of a legal person registered in a Member State is carried out by establishing circumstances entered in the Commercial Register, the Bulstat Register or in the relevant official public commercial or company register of that Member State or similar register, if it is not a Member State.
4.2. The actions taken to perform the verification and identification of customers under Art. 4.1. shall be documented in a manner that:
4.1.2. Allows to establish:
(a) the date and time of verification;
(b) the person who carried out the verification;
(c) the last date of update on the account of the legal person in the relevant register;
(d) the data under Article 54 (4) of MAMLA, namely:
 name;
 legal form;
 seat:
 registered address;
 mailing address;
 valid scope of business or purpose and nature of the business relationship;
or of the occasional operation or transaction;
 duration;
 control bodies, management and representation bodies;
 type and composition of the collective management body;
 principal place of business;
(e) the documents containing data under Article 54 (4) of MAMLA, referred to in Article 4.2.1., letter (d), where they are not apparent in the verification report but are available in scanned documents on the legal person’s account;
(f) generating a report on all identification actions;
(g) other data and information deemed necessary by the Company for the purpose of identification.
4.2.2. Does not allow:
(a) to change the order of actions taken;
(b) unlawful destruction and/or deletion of the report;
(c) unauthorised access, modification or dissemination of the report.
4.3.1. The Company shall apply simplified due diligence measures where:
 the customer is an adequately regulated credit or financial institution;
 the customer is a state or local authority of the Republic of Bulgaria;
 the customer is an institution that meets the following conditions:
 fulfils authority functions in accordance with the Treaty on European Union, the Treaties establishing the European Community or secondary Community legislation;
 the institution is publicly known, transparent and its identity is clearly established;
 the institution complies with reporting procedures and its activities are transparent;
 the institution reports to a Community body, to a Member State body, or there are verification procedures in place to ensure the control of its activities;
 to customers, products and services for which a lower risk has been identified, after approval by the Manager and due notification of the Financial Intelligence Directorate of SANS;
 Simplified customer due diligence requires the application of all due diligence measures, taking into account the extent and volume of their application in terms of the level of risk.
4.3.2. The Company shall not be obliged to collect copies of the official identity documents of the representatives, proxies and other natural persons who are subject to identification in connection with the identification of a customer – legal person or other legal entity, when:
4.3.2.1 The conditions of Article 26 of MAMLA, i.e. the conditions for applying simplified due diligence are met.
4.3.2.2. The necessary data have been collected for the identification of natural persons according to Article 25, Para 3, p. 1 of MAMLA, namely:
 names;
 date and place of birth;
 an official personal identification number or other unique identification element contained in an official identification document the validity of which has not expired and which bears a photograph of the customer;
 any nationality held by the person;
 country of permanent residence and address (P.O. Box number is not sufficient)
4.3.3. The data collected under Art. 4.3.2.2 have been checked in accordance with Art. 55, Para 1 of MAMLA (whether a copy of the identity document has been made or not) by using one or more of the following methods:
 requesting additional documents;
 confirmation of the identification by another person under Art. 4 of MAMLA or by a person obliged to apply anti-money laundering measures in another Member State or in a third country under Art. 27 of MAMLA;
 making inquiries in electronic pages and databases of local and foreign competent state and other authorities provided for public use for the purpose of verifying the validity of identity documents and other personal documents or of verifying other data collected during identification;
 making inquiries in publicly available local and foreign official commercial, corporate, company and other registers;
 using technical means to verify the authenticity of the documents submitted;
 establishing a requirement that the first payment under the operation or transaction be made through an account opened in the name of the customer with a credit institution from the Republic of Bulgaria, from another Member State or from a third-country bank under Art. 27 of MAMLA;
 re-requesting of the documents submitted when carrying out the identification and verification of the presence of a change in the identification data – in the case of authentication in the course of the already established business relationship, when the identification was carried out upon the entry into such relations;
 another method that gives a reason to the person under Art. 4 to accept the customer identification as reliably performed.
4.3.4. This article of the rules shall also apply in the cases referred to in Articles 27 – 31 of MAMLA only if the following cumulative conditions under Article 26 of MAMLA are met:
 the implementation of such measures does not fall under the medium or high risk conditions set out in the national risk assessment;
 the implementation of such measures is based on low or medium risk areas identified by the company, according to the risk assessment;
 the company has collected sufficient information to give it sufficient grounds to believe that the particular operation or transaction or business relationship with the customer is of low or medium risk;
 the specific case does not fall in the cases where the implementation of enhanced due diligence measures is mandatory;
 the implementation of such measures shall not prevent the carrying out of an adequate degree of ongoing monitoring of business relationships or of operations or transactions with a view to identifying cases of unusual operations or transactions, such that are complex or abnormally large transactions or operations, and all transactions and operations which do not have an obvious economic or legal purpose that can be established with regard to the information available to the company or do not correspond to the information available on the customer, or cases of suspected and/or known money laundering and/or the presence of funds of criminal origin that should be reported to the Financial Intelligence Directorate of the State Agency for National Security;
 the company does not apply a simplified due diligence if there are indications of money laundering or terrorist financing or of the existence of funds of criminal origin;
 the company is able to demonstrate that sufficient measures have been taken to identify and assess the risk and the fulfilment of the conditions set out above;
 the company has notified in advance the Financial Intelligence Directorate of the State Agency for National Security of the identified categories of customers, products and services with lower risk and of the intention to apply simplified due diligence measures in respect of them.
4.3.5. Notwithstanding the application of this article, the company shall also fulfil its obligations in relation to the identification of a natural person.
4.4. The Company shall authenticate the identification data of the customer, the beneficial owner and the representative by performing official check and presenting documents requested by the company about the customer. The correctness of the data in the reports prepared by the company and the documents provided by the customer shall be verified with the signature, date and stamp of the person who provided them and the person who checked and accepted them.
4.5. The company shall apply enhanced due diligence:
1. When entering into business relationships with customers who are politically exposed persons or persons related to politically exposed persons, in the course of such relationships as well as when carrying out an occasional operation or transaction of more than EUR 5,000 with such persons;
2. When carrying out an occasional operation or transaction of more than EUR 5,000 with natural persons, legal persons and other legal entities established in high-risk third countries;
3. When entering into business relationships with persons from high-risk third countries, subject to prior approval by the head of the relevant operational risk unit or by a higher level;
4. When entering into business relationships with persons whose place of habitual residence does not allow the company to establish the risk of money laundering and terrorist financing inherent to the relationship only by applying standard due diligence measures and/or entering into business relationships with persons whose identity document has been issued by a foreign country, therefore the Company cannot apply the standard authentication methods;
5. In business relationships with higher risk customers;
6. With relation to transactions or operations, or in respect of new or existing products, business practices and delivery mechanisms, including where new technologies are applied to them, when they are assessed as high-risk or may lead to anonymity;
7. In the case of complex or abnormally large transactions or operations, transactions or operations carried out under unusual schemes, as well as operations and transactions without an obvious economic or legal purpose;
4.6. Where a high risk of money laundering and terrorist financing is identified, enhanced risk-based due diligence measures shall apply.
4.7. The Company shall apply enhanced due diligence measures to the customer in accordance with the risk and where, as a result of identifying and assessing the risks arising from the establishment of a business relationship with the customer or from the execution of an occasional transaction or operation by the customer, it identifies a high level of risk of money laundering or terrorist financing.
4.8. Enhanced due diligence measures may include:
1. requesting and/or collecting a larger volume of data, documents and information;
2. requesting data, documents and information from different sources for the purpose of comparing, collecting and/or checking already collected data, documents and information;
3. bringing the frequency of the actions under p. 1 and 2 in compliance with the identified level of money laundering and terrorist financing risk;
4. requiring permission from the Manager to establish or continue a business relationship or perform an occasional transaction or operation, as well as to carry out certain transactions or operations within the business relationship or to allow the use of individual products or services, business practices, delivery mechanisms, as well as the use of new technologies;
5. clarification of the customer’s sources of wealth;
6. requesting references from customer’s counterparties or from other persons under Art. 4 of MAMLA;
7. assigning research or the taking of other necessary actions to persons with good reputation and proven expertise and practical experience in the field of prevention of money laundering and terrorist financing;
8. taking other actions deemed appropriate by the Company.
Article 5. IDENTIFICATION AND AUTHENTICATION OF BENEFICIAL OWNERS
5.1. The identification of any natural person who is the beneficial owner of a customer – a legal person or other legal entity – shall be carried out by collecting:
5.1.1. statements from the accounts of the legal persons and other legal entities established on the territory of the Republic of Bulgaria in the Commercial Register, in the Register of Non-Profit Legal Entities, and in the BULSTAT Register or in the respective official public commercial or company register of that Member State or similar register if it is not a Member State, namely:
5.1.1.1 identification data of beneficial owners – natural persons, including:
(a) names;
(b) nationality;
(c) personal number of the persons referred to in Article 3, Para 2 of the Civil Registration Act;
(d) date of birth of persons other than those referred to in point (c);
(e) country of residence, if different from the Republic of Bulgaria or from the country referred to in point (b);
5.1.1.2. details of the legal persons or other legal entities through which control is directly or indirectly exercised, including firm, number in a national register, legal form according to the national law, seat and registered address, and the identification data of the representatives referred to in p. 1;
5.1.1.3. the details referred to in p. 1 (a) through (d) of a natural contact person permanently residing on the territory of the Republic of Bulgaria, where the person’s account does not contain data about a legal representative permanently residing on the territory of the Republic of Bulgaria – a natural person who provides his/her notarised consent in this regard;
4. any change in the circumstances referred to in p. 1 – 3
5.1.1.4. The customers – legal persons, or other legal entities with nominee directors, nominee secretaries or nominee owners of the capital, present a certificate, contract or other valid document under the legislation of the jurisdiction in which they are registered, originating from a central register or from a registered agent, from which it is evident who are the beneficial owners of the customer – a legal person or other legal entity.
5.1.2. The identification of legal persons and other legal entities shall be carried out by submitting an original or a notarised copy of an official extract from the relevant register of their good standing and a certified copy of the articles of association, the deed of incorporation or other document necessary to verify the data under Para 4.
5.1.3. In the presence of an official public commercial or company register in a Member State in which the legal person is registered, the identification of legal persons shall be carried out by making an inquiry with the commercial register or with the relevant public register on the legal person’s account and documenting the actions taken to identify them. Where the data necessary for the identification of a legal person do not fall within the scope of the circumstances to be entered in the commercial register or in the relevant public register are not publicly available or the actions taken are not documented, their collection shall be carried out by submitting certified documents or declarations by the customer, as well as other documents showing the beneficial owner, the nature and type of ownership or control, and raising no doubt that the person for whom the information under p. 5.1.1. has been obtained is the beneficial owner.
5.1.4. In the identification of legal persons and other legal entities, data are collected for:
5.1.4.1. name;
5.1.4.2. legal form;
5.1.4.3. seat;
5.1.4.4. registered address;
5.1.4.5. mailing address;
5.1.4.6. valid scope of business or purpose and nature of the business relationship or of the occasional operation or transaction;
5.1.4.7. duration;
5.1.4.8. control bodies, management and representation bodies;
5.1.4.9. type and composition of the collective management body;
5.1.4.10. principal place of business.
5.2. The provision of a declaration by the legal representative or the proxy of the legal person.
5.3. For any natural person who is the beneficial owner of a customer – a legal person or other legal entity, data are collected on:
5.3.1. names;
5.3.2. date and place of birth;
5.3.3. an official personal identification number or other unique identification element contained in an official identification document the validity of which has not expired and which bears a photograph of the customer;
5.3.4. any nationality held by the person;
5.3.5. country of permanent residence and address (P.O. Box number is not sufficient).
5.4. For customers who are legal entities whose shares are traded on a regulated market subject to disclosure requirements in accordance with the European Union law or equivalent international standards ensuring an adequate level of transparency with respect to ownership, the information on the shareholding is collected, subject to disclosure pursuant to Chapter Eleven, Section I of the Public Offering of Securities Act, or similar information about companies on a regulated market outside the Republic of Bulgaria.
5.5. Depending on the type of customer and the level of risk that results from the establishment of the customer relationship and/or from the execution of transactions or operations with that type of customer, the company shall take actions to verify the identification of the natural persons who are the beneficial owners of a customer – a legal person or other legal entity. The data collected shall be checked in accordance with Art. 55, Para 1 of MAMLA (whether a copy of the identity document has been made or not) by using one or more of the following methods:
 requesting additional documents;
 confirmation of the identification by another person under Art. 4 of MAMLA or by a person obliged to apply anti-money laundering measures in another Member State or in a third country under Art. 27 of MAMLA;
 making inquiries in electronic pages and databases of local and foreign competent state and other authorities provided for public use for the purpose of verifying the validity of identity documents and other personal documents or of verifying other data collected during identification;
 making inquiries in publicly available local and foreign official commercial, corporate, company and other registers;
 using technical means to verify the authenticity of the documents submitted;
 establishing a requirement that the first payment under the operation or transaction be made through an account opened in the name of the customer with a credit institution from the Republic of Bulgaria, from another Member State or from a third-country bank under Art. 27 of MAMLA;
 re-requesting the documents submitted when carrying out the identification and verification of the presence of a change in the identification data – in the case of authentication in the course of the already established business relationship, when the identification was carried out upon the entry into such relationship;
 another method that gives a reason to the company to accept the customer identification as reliably performed.
5.6. The legal persons and other legal entities established on the territory of the Republic of Bulgaria and the natural contact persons shall provide data on:
5.6.1. Identification data of beneficial owners – natural persons, including:
(a) names;
(b) nationality;
(c) personal number of the persons referred to in Article 3, Para 2 of the Civil Registration Act;
(d) date of birth of persons other than those referred to in point (c);
5.6.2. The details referred to in p. 1 (a) through (d) of a natural contact person permanently residing on the territory of the Republic of Bulgaria, where the person’s account does not contain data about a legal representative permanently residing on the territory of the Republic of Bulgaria – a natural person who provides his/her notarised consent in this regard;
5.6.3. Customers are obliged to receive, dispose of and provide in the cases specified by law appropriate, accurate and up-to-date information about the natural persons who are their beneficial owners, including details of the rights they hold.
5.7. The data under Art. 5.5. should be available when:
5.7.1. Customer due diligence measures are taken – a legal entity, legal persons and other legal entities established on the territory of the Republic of Bulgaria which enter into a business relationship or carry out an occasional operation or transaction with or through them.
5.7.2. Natural and legal persons and other legal entities acting on the territory of the Republic of Bulgaria in their capacity as trustees of trusts, trust funds and other similar foreign legal entities established and existing under the law of the jurisdictions allowing such forms of trust.
5.7.3 When the Company takes customer due diligence measures, the customers, as trustees, enter into a business relationship or carry out an occasional operation or transaction with or through them.
5.8. The Company shall provide information to the Financial Intelligence Directorate of the State Agency for National Security when, in the performance of its obligations under this section, it establishes breach of the obligations of customers under Articles 5.5 and 5.6.
5.8. The customers – legal persons, or other legal entities with nominee directors, nominee secretaries or nominee owners of the capital, present a certificate, contract or other valid document under the legislation of the jurisdiction in which they are registered, originating from a central register or from a registered agent, from which it is evident who are the beneficial owners of the customer – a legal person or other legal entity.
5.9. The Company shall be obliged to establish whether the customer acts in his/her name and on his/her behalf, or in the name and/or on behalf of a third party. Where the operation or transaction is carried out through a representative, the Company shall require evidence of the representative authority and identification of both the representative and the represented.
5.10. If it is suspected that the person carrying out an operation or transaction does not act in his/her name and on his/her behalf, the Company shall notify the competent authorities and take appropriate measures to collect information to identify and verify the identification of the person in whose benefit the operation or transaction is actually carried out.
5.11. The actions taken to perform the verification and identification of customers under this article shall be documented in a manner that:
5.1.11. Allows to establish:
(a) the date and time of verification;
(b) the person who carried out the verification;
(c) the last date of update on the account of the legal person in the relevant register;
(d) the data under Article 54 (4) of MAMLA, namely:
 name;
 legal form;
 seat:
 registered address;
 mailing address;
 valid scope of business or purpose and nature of the business relationship;
or of the occasional operation or transaction;
 duration;
 control bodies, management and representation bodies;
 type and composition of the collective management body;
 principal place of business;
(e) the documents containing data under Article 54 (4) of MAMLA, referred to in Article 4.2.1. letter (d), where they are not apparent in the verification report but are available in scanned documents on the legal person’s account;
(f) generating a report on all identification actions;
(g) other data and information deemed necessary by the Company for the purpose of identification.
5.12. Does not allow:
(a) to change the order of actions taken;
(b) unlawful destruction and/or deletion of the report;
(c) unauthorised access, modification or dissemination of the report.
5.13. In the case of carrying out an operation or transaction through a third party which is the bearer of the document for carrying out the operation or transaction, the Company shall also identify and authenticate the third party which is the bearer of the document.
5.14. The company shall authenticate the identification data of the customer, the beneficial owner and the representative by performing official check and presenting documents requested by the Company about the customer. The correctness of the data in the reports prepared by the Company and the documents provided by the customer shall be verified with the signature, date and stamp of the person who provided them and the person who checked and accepted them.
Article 6. CLARIFICATION OF THE ORIGIN OF FUNDS
6.1. The origin of funds shall be clarified by applying at least two of the following methods:
6.1.1. Collecting information using a free-form declaration by the customer about his/her main activity, including the actual and expected volume of business relationships and operations or transactions expected to be carried out within those relationships, by completing a questionnaire or by any other appropriate means;
6.1.2. Collecting other information from independent official sources – data from publicly available registers, from databases, free space, etc.;
6.1.3. Using information collected in connection with the fulfilment of the requirements of this or other laws and regulations, which indicates a clear origin of the funds;
6.1.4. Through a written declaration by the customer on the origin of the funds or by his/her legal representative or proxy.
6.2. For the identification of a natural person who is a beneficial owner of a customer – a legal person or other legal entity, the Company shall also make the above inquiries through a declaration by a natural person.
6.3. The Company shall be obliged to establish whether the customer acts in his/her name and on his/her behalf or in the name and/or on behalf of a third party. Where the operation or transaction is carried out through a representative, the Company shall require evidence of the representative authority, for example a notarised power of attorney and identification of both the representative and the represented.
6.4. When the operation or transaction is carried out in the name and or on behalf of a third party without authorisation, the Company shall carry out identification and authentication of the third party in the name and/or on behalf of which the operation or transaction was carried out and of the person who carried out the operation or transaction.
6.5. If it is suspected that the person carrying out an operation or transaction does not act in his/her name and on his/her behalf, the Company shall be obliged to notify the Financial Intelligence Directorate of State Agency for National Security and to take appropriate measures to collect information to identify and authenticate the person in whose benefit the operation or transaction is actually carried out.
6.6. In order to collect information to identify and authenticate the person in whose benefit the operation or transaction is actually carried out, the Company shall take one or more of the listed actions to identify potential relations with third parties and identify those third parties:
6.6.1. if a business relationship is established – carry out enhanced ongoing monitoring of the operations and transactions carried out within it;
6.6.2. in the case of occasional operations and transactions – carry out a check for other occasional operations and transactions carried out by or in the name of and/or on behalf of the same customer;
6.6.3. carry out a review of the documents, data and information collected during the due diligence of the customer and his/her beneficial owner;
6.6.4. request additional documents;
6.6.5. make inquiries in publicly available local and foreign official commercial, company and other registers;
6.6.6. make inquiries in publicly available sources of information;
6.6.8. take other measures that it considers appropriate.
6.7. In the case of carrying out an operation or transaction through a third party which is the bearer of the document for carrying out the operation or transaction, the Company shall also identify and authenticate the third party which is the bearer of the document.
6.8. The Company shall authenticate the identification data of the customer, the beneficial owner and the representative by performing official check and presenting documents requested by the company about the customer. The correctness of the data in the reports prepared by the company and the documents provided by the customer shall be verified with the signature, date and stamp of the person who provided them and the person who checked and accepted them.
ARTICLE 6a. CUSTOMER CATEGORISATION
6a.1 In analysing the customer relationship, the Company shall take into account all aggravating (high-risk indicators) and mitigating factors when determining the final risk classification of the customer, using one of the following risk categories: low risk; medium risk; high risk.
6а.2. All information collected in the process of due diligence shall be kept in the customer’s file, duly documented.
6а.3. After establishing the relationship, according to the customer’s risk profile, the Company shall perform periodic due diligence at predetermined minimum time intervals, as follows:

Determined customer risk profile Frequency of due diligence
1) low – every 5 years
2) medium – every 3 years
3) high – every year

ARTICLE 7. STORAGE OF INFORMATION
7.1. The Company shall keep an electronic register of its customers. The Company’s software shall ensure the automatic immediate entry of customer data by the Company employees, as this information is contained in the Company’s registers, according to the legal requirements in force, in respect of whom there are circumstances leading to suspicion of money laundering and terrorist financing.
7.1.1. The following particulars shall be entered in the register: customer identification number, Bulstat number, name/denomination, tax number, registered address and mailing address, scope of business, manager, personal number, passport details, phone number, fax number, details of the person who has representative authority, type and size of the operation/transaction, date of the operation/transaction, and the employee who carried out the operation/transaction.
7.2. The Company shall store all collected documents, data and information for a period of 5 years.
7.2.1. In the case of establishing business relationships with customers, entering into correspondent relationships and performing occasional operations or transactions, the period shall begin to run from the beginning of the calendar year following the year of termination of the relationship.
7.2.2. In the case of disclosure of information to competent authorities, the period shall start to run from the beginning of the calendar year following the year of disclosure of the information.
7.2.3. For documents drawn up in connection with risk assessment, the period shall start to run from the beginning of the calendar year following the year of their preparation.
7.2.4. At the written instruction of the Director of the Financial Intelligence Directorate of the State Agency for National Security, the period under Art. 7.1. may be extended by up to two years.
7.2.5 The information, documents and data relating to individual operations, transactions and customers must be kept in a manner that allows for their timely recovery in the event that they are to be made available for use as evidence in judicial and pre-trial proceedings.
7.3. All documents, data and information collected and prepared by the Company, including such related to establishing or maintaining a business relationship, shall be kept so as to be available to the Financial Intelligence Directorate of the State Agency for National Security, the relevant supervisory authorities and the auditors. The same shall be provided, upon request, to the Financial Intelligence Directorate of the State Agency for National Security upon request in the original, officially certified copy, extract or statement within the term and format specified by the Director of the Directorate.
7.4. The internal rules and documents relating to them shall be kept for the entire duration of the activity and for a period of one year from its termination.

ARTICLE 8. DISCLOSURE OF INFORMATION IN CASE OF SUSPECTED MONEY LAUNDERING
8.1. In case of suspected and/or known money laundering and/or existence of funds of criminal origin, the Company shall be obliged to immediately notify the Financial Intelligence Directorate of the State Agency for National Security before the operation or transaction is carried out, delaying its implementation within the permissible period, according to the regulations governing the type of activity concerned, by specifying the maximum period within which the operation or transaction may be delayed.
8.2. Upon becoming aware of money laundering or existence of funds of criminal origin, the Company shall also notify the competent authorities in accordance with the Criminal Procedure Code, the Law on the Ministry of Interior and the Law on the State Agency for National Security.
8.3. When the delay of the operation or transaction under Art. 8.1. and 8.2. is objectively impossible or likely to thwart the actions of prosecuting the beneficiaries of a suspicious transaction or operation, the Company shall notify the Financial Intelligence Directorate of the State Agency for National Security immediately after it has been carried out, stating the reasons why the delay was impossible.
8.4. The obligation under Art. 8.1. and 8.2. shall also arise in cases where the operation or transaction has not been completed.
8.5. The notification under Art. 8.1. and 8.2. is based on an established model. Officially certified copies of all documents collected on the operation or transaction and the customer shall be enclosed to the notification. Where the documents are provided on an electronic medium, the Company may certify the correctness of the copies of the documents presented with the originals, by explicitly indicating this in the notification.
8.6. In urgent cases, notification may also be made orally with subsequent written confirmation within 24 hours, unless it must be made in a specific format or electronically.
8.7. The Company shall keep a record in a special bound and paginated register which shall be certified with the signature of the head of the specialized office and with the company seal, for:
8.7.1. any message delivered by a staff member about a suspected money laundering or existence of funds of criminal origin, regardless of the manner in which the message was delivered, together with a conclusion on the need to report the suspicion to the competent authorities;
8.7.2. a conclusion on the purpose and nature of operations or transactions, in case of complex or abnormally large transactions or operations, in case of operations and transactions without a clear economic or legal purpose; and a conclusion on suspected money laundering or existence of funds of criminal origin.
8.7.2. messages and conclusions made before a representative of the Company’s specialized office, before the persons who manage and represent the Company, before the Company or another employee holding a senior management position.
8.8. When filing a message pursuant to Art. 8.7, the person before whom the message was delivered shall open a file in which all documents relating to the actions carried out by the employees of the company in connection to the message or in case of complex or unusually large transactions or operations are collected and arranged in the order of their receipt, as well as operations and transactions with no obvious economic or legal purpose.
8.9. The register referred to in Art. 8.7. may also be maintained electronically, or the information may be otherwise stored through the Company’s internal systems, if the electronic register, respectively the manner of storage through the internal systems, meets the following requirements:
8.9.1. its functional characteristics allow:
(a) the time of recording the message to be certified with accuracy to year, date, hour, minute and second with a qualified timestamp;
(b) the creation of a historical record of all movements related to the entry of records in the electronic register;
8.9.2. its functional characteristics do not allow:
(a) to change the order of recorded messages or their content;
(b) unlawful destruction and/or deletion of a recorded message;
(c) unauthorized access, modification or dissemination of the register.
8.10. The representatives of the specialized office and the managers of the Company shall be responsible for the proper storage and keeping of the register and files.
8.11. Any employee of the Company who is not responsible for the implementation of measures against money laundering may notify the Financial Intelligence Directorate of the State Agency for National Security in case of suspected money laundering.

ARTICLE 8A. DISCLOSURE OF OTHER INFORMATION
8а.1. The Company shall notify the Financial Intelligence Directorate of the State Agency for National Security of any payment in cash of more than BGN 30,000 or their equivalent in a foreign currency made by or to their customer within the established relationship or in the case of occasional transactions or operations, on a monthly basis, up to the 15th day of the month following the month to which the information relates, on paper or magnetic medium or electronically, after setting up a secure electronic connection with the Financial Intelligence Directorate of the State Agency for National Security.

ARTICLE 9. PROHIBITION OF DISCLOSURE OF INFORMATION
9.1. All Company employees shall be obliged to fully assist the control bodies of the Financial Intelligence Directorate of the State Agency for National Security, the financial intelligence units of other countries and jurisdictions as well as the competent authorities and organizations of Bulgaria and of other countries, in the performance of their functions.
9.2. No employee or manager of the Company, including former ones, may notify a customer of the Company, a beneficial owner of a customer, a person representing a customer or their related persons of the collection, processing, storage and disclosure of information about operations and transactions related to them under these rules, MAMLA and the rules for its implementation.

10. CRITERIA FOR IDENTIFICATION OF SUSPICIOUS OPERATIONS, TRANSACTIONS AND CUSTOMERS AIMED AT TERRORIST FINANCING.
10.1. The main criteria for the detection of suspicious operations, transactions and customers aimed at terrorist financing shall be the list of individuals, legal entities, groups and organizations referred to in Article 5 of the Measures Against Terrorist Financing Act.
10.2. The operation or transaction is carried out at the request of a person about whom there is information that his/her activities and objectives are close to those of terrorist organizations.
10.3. Each employee of the Company shall be obliged, when performing official actions, to consult the list and, in the slightest suspicion of matching names and denominations of natural persons, legal persons, groups or organizations, to inform the manager of the Company or any of the partners in order to take the necessary actions in accordance with these rules, MAMLA, the rules of its implementation, and the Measures Against Terrorist Financing Act.
10.4. The manager of the Company shall be obliged to monitor the updates of the list and bring them to the knowledge of the Company’s employees in a timely manner, as well as to place it in a prominent place in the Company’s office, available for familiarization and use by the employees.

ARTICLE 11. CRITERIA FOR IDENTIFICATION OF SUSPICIOUS OPERATIONS, TRANSACTIONS AND CUSTOMERS AIMED AT MONEY LAUNDERING.
11.1. In carrying out any of the following types of operations or transactions, all Company employees should consider them as suspicious if they involve:
11.1.1. Money laundering through cash operations, as follows:
 The execution by an individual customer of many transactions for small amounts, where the total value of the transactions is considerable;
 The execution of an unusually large operation or transaction at a teller’s desk (in cash) by a customer whose business payments are normally made by bank transfer.
 Frequent exchange of large quantities of coins or banknotes with small denominations against denominations of greater value.
 Frequent operations or transactions related to the purchase and sale of foreign currency for the payment of an unusually large amount, where these operations are not related to the customer’s main activity;
 Larger and unusual for the respective customer operations and transactions and their payment in cash;
11.2. The characteristics that could classify an operation as suspicious are:
 unusual conditions and complexity of the operation, without economic and legal justification;
 from or to a country on the list of countries at risk;
 the originator of the operation is a citizen of a suspicious country;
 other facts that raise suspicions.
 the provision of large amounts of money for the conclusion of a transaction by a customer when the funds invested obviously do not correspond to his/her financial position.
 the provision of large amounts of money not corresponding to his/her turnover and subsequent transfer of the received amount to a foreign account.
 the funds provided by newly established legal entities are of large size which clearly does not correspond to the capabilities of the newly established legal entity or its founders.
 Other risk factors set out in the EBA Guidelines on ML/TF risk factors.

11.3. In carrying out operations or transactions, all Company employees should consider the customers as suspicious if they are:
 Natural persons submitting identity documents with suspicious authenticity;
 The signature on the customer’s identity document does not correspond to the customer’s signature affixed before an employee of the Company;
 The photo on the customer’s identity document does not correspond to the customer’s identity document produced before an employee of the Company.
 Legal representatives or proxies of natural or legal persons – customers, where the documents for identity and registration of the legal person or the documents certifying the representative authority are suspicious;
 The customer provides an address that is the address of a third party and a mailing address which is a P.O. box;
 Customers who are known to have a criminal record;
 Customers included in sanctions lists of Bulgarian and foreign countries, institutions and organisations.

ARTICLE 12. PROCEDURE FOR ESTABLISHING AND ENTERING INTO RELATIONS WITH POLITICALLY EXPOSED PERSONS AND THEIR RELATED PERSONS
12.1.1. For the purpose of establishing whether a potential customer, existing customer or a customer’s beneficial owner is a politically exposed person or a person related to a politically exposed person, the Company shall check the CACIAF’s website (see Articles 15.3.1 and 15.3.2 on sources of information) by performing initial and subsequent periodic checks.
12.1.2. In addition to the inquiry under Para 1, the Company shall require confirmation from each customer whether he/she (or his/her beneficial owner) is a politically exposed person or a person related to a politically exposed person, and for this purpose, a declaration under Article 42, Para 2, p. 2 of MAMLA, according to model Appendix 1 to the Rules for Implementation of MAMLA shall be filled in.
12.2.1 In order to confirm the information in accordance with 12.1.1 and 12.1.2, the Company shall also carry out enhanced due diligence when:
1. the customer or the customer’s beneficial owner is from a high-risk country;
2. the customer legal entity or other legal entity has an ownership structure
that includes nominee owners and managers or otherwise makes it difficult to identify beneficial owners and/or implies anonymity;
3. in case of partial matching of the identification data with those of persons for whom negative information is available in databases or information from open sources;
4. where the customer has confirmed that he/she is a politically exposed person or a person related to a politically exposed person.
12.2.2. In the event that, before entering into a relationship, it is established that a potential customer or a beneficial owner of such customer is a politically exposed person or a person related to a politically exposed person, the establishment of a relationship shall be approved by the Manager of the Company.
12.2.3. Where, in the course of the ongoing and enhanced monitoring of the business relationship with a customer for whom or for the beneficial owner of whom it is established that the customer or the customer’s beneficial owner – a legal person or other legal entity, who are politically exposed persons in the Republic of Bulgaria, in another member state, or in a third country, or in international organisations, as well as in relation to potential customers, existing customers and customer’s beneficial owners – a legal person or other legal entity that is related to such politically exposed persons, situations of potentially higher risk are identified, approval is requested from the manager of the Company to continue the business relationship with the customer. Depending on the frequency of situations, such authorisation may also be requested on an annual basis or at shorter periods according to the level of risk identified.
12.3. The Company considers as politically exposed persons only persons who perform or have performed important public functions in the last year. This does not limit the application of enhanced due diligence measures based on the risk assessment.

ARTICLE 13. ASSESSMENT OF THE RISK
13.1. In order to identify, understand and assess the risks of money laundering and terrorist financing, the Company shall prepare its own risk assessments, taking into account relevant risk factors, including those relating to customers, countries or geographic areas, products and services offered, operations and transactions carried out or delivery mechanisms. The internal risk assessment shall take into account the Company’s business profile as well as the factors and risks specific to its business activity.
13.2. The risk assessment shall be updated every two years in January or at shorter periods of time if:
 the Company deems it necessary;
 such instructions are given by the Director of the Financial Intelligence Directorate of the State Agency for National Security;
 on the basis of information contained in guidelines, decisions or documents adopted by the institutions of the European Union, the Financial Action Task Force against money laundering (FATF), international organisations competent in the field of prevention of money laundering and terrorist financing and in guidelines, decisions or documents adopted by public authorities and institutions competent in the field of prevention of money laundering and terrorist financing, or of other available information, taking into account the reliability of its source.
13.3. When preparing and updating the risk assessment, the results of the national risk assessment, as well as the results of the supranational risk assessment and the recommendations of the European Commission must be taken into account.
13.4. On the basis of the risk assessment carried out, the Company shall determine the risk profile of the customer and the business relationship with him/her and shall apply measures in accordance with the specified risk profile.
13.5. Before the introduction of new products, business practices and delivery mechanisms, as well as before the use of new technologies in new or existing products, business practices and delivery mechanisms, in identifying and assessing the risks arising from money laundering and terrorist financing, the Company shall assess the risks arising from this, taking into account the following categories of risk factors related to:
1. the established control mechanisms;
2. the quality and degree of compliance of the measures for identification and authentication with the established risk of money laundering and terrorist financing;
3. the reliability of the measures under p. 2.
13.6. With a view to assessing the overall risk to the exercise of its activities related to the introduction of new products, business practices and delivery mechanisms, as well as to the use of new technologies in new or existing products, business practices and delivery mechanisms, in addition to the risk factors, the Company shall also take into account:
1. the technical capacity, including knowledge and skills of the Company’s officers, in connection with the introduction, implementation and use of new products, business practices, delivery mechanisms and new technologies;
2. the extent to which the Company’s officers are aware of the characteristics and/or functionalities of the new products, business practices, delivery mechanisms and new technologies;
3. the existence or absence of a contingency plan;
4. the way new products, business practices, delivery mechanisms and new technologies are developed and used by the Company – whether they are developed by the Company, whether they are delivered by an external supplier, whether they are used by a third party by referring to a previous identification made by that person or used by a third party to which actions have been assigned in connection with customer due diligence.
13.7. When identifying risk factors related to established control mechanisms, the Company shall take into account at least the following risk factors:
1. the effectiveness of the risk management systems related to the application of new products, business practices, delivery mechanisms and new technologies, which may include, for example, the parallel application of traditional methods for a certain time, until the person under Article 4 of MAMLA makes sure of their reliability;
2. the degree to which the person under Article 4 of MAMLA has the opportunity to have a decisive influence in terms of changes in the new products, business practices, delivery mechanisms and new technologies, their introduction and application;
3. the effectiveness of the mechanisms for ongoing monitoring of new products, business practices, delivery mechanisms and new technologies;
4. the presence or absence of identified weaknesses or systemic errors;
5. the capabilities of data storage in accordance with the requirements of Chapter Three, Section I of MAMLA;
6. the effectiveness of data protection mechanisms;
7. the level of professional training of the employees of the persons under Article 4 of MAMLA, offering and applying the new products, business practices, delivery mechanisms and new technologies;
8. where a third party or an external supplier is used, whether it is registered in a country or jurisdiction that does not apply or applies partially the AML international standards;
9. where a third party or an external supplier is used – the presence or absence of restrictions on that person for disclosure of information to the person under Article 4 of MAMLA or to the competent authorities exercising control for compliance with the requirements of the preventive legislation against money laundering and terrorist financing.
13.8. In identifying the risk factors related to the quality and degree of compliance of the measures for identification and authentication with the established risk of money laundering and terrorist financing;
1. the available guarantees that the business relationship is established in compliance with the requirements of MAMLA for customer identification and authentication;
2. the effectiveness of quality control systems in terms of customer identification actions and authentication, including the possibility of ongoing monitoring;
3. the effectiveness of the systems for control over the timeliness and accuracy of the data and information collected in the course of identification and authentication;
4. the effectiveness and efficiency of the new products, business practices and delivery mechanisms in the context of the type and volume of the activity of the person under Art. 4 of MAMLA.
13.11. In the process of carrying out the internal risk assessment, the Company shall review these internal rules for the control and prevention of money laundering and terrorist financing
13.9. The results of the internal risk assessment shall also be reflected in the training programmes of the Company’s employees so that they understand how this affects their day-to-day work and what measures they should apply to mitigate the risks identified by the assessment.
13.10. The Company shall document the internal risk assessment, as well as any changes made to this assessment, in a way that enables the Company and the control and supervisory bodies under MAMLA to understand how it was carried out and why it was carried out in a certain way.
13.11. The internal risk assessment and related documentation shall be kept in accordance with Article 7.4. of these rules.
13.12. Relationship between own risk assessment and individual risk assessments
13.12.1. The own risk assessment shall reflect the actions taken to prepare individual risk assessments relating to individual business relationships.
13.12.2. The own risk assessment shall determine the level of initial customer due diligence to be applied in specific situations to certain categories of customers, as well as to certain products, services and delivery channels.
13.12.3. Individual risk assessments should take into account the internal risk assessment.
13.13. The assessment under Art. 13 shall be approved by the manager of the Company.

ARTICLE 14. SPECIALISED SERVICES, TRAINING AND CONTROL
14.1. By adopting these rules, the Company creates a specialised office which shall prepare, offer for approval and implement training programs for the employees on the implementation of MAMLA, its implementing acts and internal rules, as well as organise, manage and control the following activities:
1. collection, processing, storage and disclosure of information about specific operations or transactions
2. collection of evidence concerning the ownership of the property subject to transfer;
3. requesting information about the origin of cash or valuables – subject of the operations or transactions, as well as the source of wealth, in the cases provided by law;
4. collecting information about clients and maintaining accurate and detailed documentation of their operations with cash or valuables, including the information and documents under Article 6 of the Currency Act;
5. reviewing and updating on an annual basis – in January – all databases of the Company and the information collected in them about operations, transactions and customers.
6. providing the collected information to the Financial Intelligence Directorate of the State Agency for National Security, if necessary.
14.2. The specialised office shall be headed by the manager of the Company. The head of the specialised office shall be responsible for the exercise of the internal control over the implementation of the obligations under MAMLA and the rules for its implementation.
14.3. In case of replacement of the head of the specialised office, the Company shall, within 7 days of the appointment or replacement, notify the Financial Intelligence Directorate of the State Agency for National Security about the names of the employee, as well as provide his/her contact details.
14.4. The head of the specialised office shall be obliged to keep up to date with the amendments to MAMLA, the rules for its implementation, the Measures Against Terrorist Financing Act and all special laws regulating the activity of the Company, as well as with any other information related to operations, transactions and customers, including sanctions lists of Bulgarian and foreign countries, institutions and organisations. The manager shall be obliged to bring any change to the knowledge of the Company[s employees.
14.5. The Company’s manager shall conduct the training and control on the implementation of the adopted plan for introductory and continuing training of the employees of GREYCORP LTD…
14.6. The Company’s manager shall exercise overall control over the work of the Company’s employees, operations, transactions and customers.
14.7.1 All employees of the Company shall be obliged to inform the head of the specialised office if they notice suspicious operations, transactions and customers or anything else that seems suspicious and could cause harm to the Company or violation of MAMLA, the rules for its implementation and these internal rules, and the Company shall be obliged to record them in the register and keep the employee’s anonymity.
14.7.2. In the event of suspicion of money laundering or terrorist financing, the employees shall:
– indicate, in chronological order, full details of the possible offence, including what is unusual, improper or suspicious about the operation or transaction;
– inform the specialised office whether this is the first attempt for offence by the natural or legal person concerned;
– keep secret all facts and circumstances and report them in writing to the specialised office;
– keep all documents for the attempted fraud or concealment of traces of a previous violation.
14.8. A contact with the head of the specialised office and the manager of the Company can be established by any employee or a third person in person, by phone, or by e-mail: office@crypteroexchange.com.
14.9. The manager shall be obliged to transmit the information in case of suspicion of money laundering and terrorist financing and to report on the risk to which the company is exposed.
14.10 The manager shall exercise control on the work of the persons who will represent the company through:
a/ verification of the completed and submitted information and submission of corrections;
b/ explicit confirmation of the entered data by the authorized persons;
c/ imposition of disciplinary penalties under the Labour Code in case omissions are found in the work of the employees, incl. failure to comply with their obligations under MAMLA and MATFA.
14.11. Upon a decision of the manager, actions can be taken to conduct an independent audit of the rules, procedures and measures that apply to the fulfilment of the obligations under MAMLA, MATFA and their implementing acts.

ARTICLE 15. TECHNICAL MEANS TO PREVENT AND DETECT MONEY LAUNDERING
15.1. The Company shall use technical means to prevent and detect money laundering in the following directions:
15.1.1. providing specialised computer protection when working with the software;
15.1.2. providing specialised equipment for the detection of advanced counterfeits;
15.1.3. other.
15.2. The manager of the Company shall ensure that the available technical means are in good working order and at his/her discretion can replace them with new ones or introduce new ones.
15.3.1. The technical means for preventing and detecting money laundering and terrorist financing shall include external sources, including:
* Inquiry for validity of Bulgarian personal documents (https://www.mvr.bg/). Information on the characteristics of the identity document issued by the EU and EEA Member States is available at:
https://www.consilium.europa.eu/prado/bg/check-document-numbers/check-document- numbers.pdf;
and
https://www.consilium.europa.eu/prado/bg/prado-start-page.html;
* Making inquiries in publicly available local and foreign official commercial, corporate, company and other registers (e.g., of EU member states European e-Justice Portal (europa.eu))
* Inquiry on local PEPs on the CACIAF’s webpage CACIAF – List of Public Office Holders (caciaf.bg)
* Corruption perceptions indexes; reports of OECD countries on the implementation of the OECD Anti-Bribery Convention; information and guidelines of government authorities; information from industry organisations or international standardisation bodies, publicly available reports and research, etc.; Financial Action Task Force (FATF), European Commission
15.3.2. The list under Art. 15.3.1. of these rules is not exhaustive and, depending on the specific case and risk assessment of a customer or change of source / addresses, it shall be consulted as necessary.

16. FINAL PROVISIONS
§ 1. These rules shall be reviewed for update on an annual basis in February, as well as at any other time as necessary, and if necessary, new rules, amendments or supplements to these rules shall be adopted.
§ 2. For any cases not settled in these internal rules of GREYCORP LTD… for control and prevention of money laundering and terrorist financing, the provisions of MAMLA, the Rules for Implementation of MAMLA and MATFA shall apply.
§ 3. These internal rules on control and prevention of money laundering and terrorist financing were adopted by the Manager on 23.08.2023.

Manager: Beniamin Bozhinov

Contact us

Address:

Sofia, № 1505 Oborishte district str. "Oborishte" No. 72, ent. In, ap. 3

Email:

info@crypteroexchange.com

Phone:

+359 885 876 213

Greycorp Ltd. is company registered in Bulgaria with number 207364528. From 2023 Greycorp Ltd. has obtained a license to provide crypto exchange services VASP - BB-171/12.05.2023. The materials presented on the website are for general information purposes only and are not investment advice or a recommendation or solicitation to buy, sell or hold any crypto asset or to engage in any specific trading strategy. Some crypto products and markets are unregulated, and you may not be protected by government compensation and/or regulatory protection schemes. The unpredictable nature of the crypto asset markets can lead to loss of funds. Tax may be payable on any return and/or on any increase in the value of your crypto assets and you should seek independent advice on your taxation position.

GREYCORP Ltd. copyright © 2023. All Rights Reserved.