1. Introduction to the Mosaic Exchange! AML & KYC Program
It is the policy of Mosaic Exchange! to prohibit and actively prevent money laundering, any activity that facilitates money laundering, funding of terrorist or any kind of illegal activities by complying with applicable international and local requirements and regulations.
Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets. Terrorist financing is an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes.
Mosaic Exchange AML/KYC policies, procedures and internal controls are designed to prohibit any illegal activities and ensure compliance with applicable Estonian, EU and US regulations and rules.
Mosaic Exchange AML/KYC procedural and internal control rules are prepared in accordance with the §14 of Money Laundering and Terrorist Financing Prevention Act (Passed by 2017.10.26) and §13 of the International Sanctions Act (Passed by 2010.05.12).
Our AML/KYC policies will be reviewed and updated on a regular basis to ensure appropriate policies, procedures and internal controls are in place to account for both changes in regulations and changes in our business.
2. AML Compliance Person Designation and Duties
Mosaic Exchange! has a designated Anti-Money Laundering Program Compliance Person (AML Compliance Person), with full responsibility for Mosaic Exchange AML program. The AML Compliance Person has a working knowledge of the current AML regulations and is qualified by experience, knowledge and training. The duties of the AML Compliance Person include monitoring Mosaic Exchange compliance with AML obligations, overseeing communication and training for employees. The AML Compliance Person also ensure that Mosaic Exchange! keeps and maintains all of the required AML records. The AML Compliance Person is vested with full responsibility and authority to enforce Mosaic Exchange AML program.
3. Customer Identification Program - Know Your Customer (KYC)
We have established, documented and maintained a written Know Your Customer (KYC) program. We will collect certain minimum customer identification information from each customer who opens an account; utilize risk-based measures to verify the identity of each customer who opens an account; record customer identification information and the verification methods and results; provide the required adequate KYC notice to customers that we will seek identification information to verify their identities.
a. Required Customer Information
For any person that is opening a new account we will collect the following information:
2. date of birth;
4. verified mobile phone number and/or email address.
For any person that is requesting to use Mosaic Exchange services we will collect the additional identification documentation, including but not limited to the high resolution (300 DPI) color scan of any of the following government issued personal identity documents:
5. ID page of current valid passport that includes the photo and personal data;
6. Front and back of current valid National ID card;
7. Front and back of current valid Driving License.
Additionally, Mosaic Exchange reserves the right to request documents for further identification:
8. proof of address documents - recent utility bill or bank statement;
9. photo of the user holding the government issued personal identity document and the handwritten note with the text “Mosaic Exchange”
b. Customers Who Refuse to Provide Information If a potential customer either refuses to provide the information described above when requested, or appears to have intentionally provided misleading information, Mosaic Exchange! will not open a new account and, after considering the risks involved, consider closing any existing account. In either case, our AML Compliance Person will be notified so that we can determine whether we should report the situation.
c. Verifying Information Based on the risk, and to the extent reasonable and practicable, we will ensure that we have a reasonable belief that we know the true identity of our customers by using risk-based procedures to verify and document the accuracy of the information we get about our customers. Our AML Compliance Person will analyze the information we obtain to determine whether the information is sufficient to form a reasonable belief that we know the true identity of the customer - whether the information is logical or contains inconsistencies.
We will verify customer identity through documentary means, non-documentary means or both. We will use documents to verify customer identity when appropriate documents are available. We will supplement the use of documentary evidence by using the non-documentary means described below whenever necessary. We may also use non-documentary means, if we are still uncertain about whether we know the true identity of the customer. In verifying the information, we will consider whether the identifying information that we receive, such as the customer’s name, street address, zip code, telephone number (if provided), date of birth, allow us to determine that we have a reasonable belief that we know the true identity of the customer.
Appropriate documents for verifying the identity of customers include the following:
• an unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport
We understand that we are not required to take steps to determine whether the document that the customer has provided to us for identity verification has been validly issued and that we may rely on a government-issued identification as verification of a customer’s identity. If, however, we note that the document shows some obvious form of fraud, we must consider that factor in determining whether we can form a reasonable belief that we know the customer’s true identity. We will use the following non-documentary methods of verifying identity:
• Independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database or other source;
• Checking references with other financial institutions; or
• Obtaining a financial statement.
We will use non-documentary methods of verification when Mosaic Exchange! is unfamiliar with the documents the customer presents for identification verification or there are other circumstances that increase the risk that Mosaic Exchange! will be unable to verify the true identity of the customer through documentary means.
We will verify the information within a reasonable time before or after the account is opened. Depending on the nature of the account and requested transactions, we may refuse to complete a transaction before we have verified the information, or in some instances when we need more time, we may, pending verification, restrict the types of transactions or EUR amount of transactions. If we find suspicious information that indicates possible money laundering, terrorist financing activity, or other suspicious activity, we will, after internal consultation with Mosaic Exchange!'s AML Compliance Person, file a report in accordance with applicable laws and regulations.
We recognize that the risk that we may not know the customer’s true identity may be heightened for certain types of accounts, such as an account opened in a jurisdiction that has been designated as a primary money laundering jurisdiction, a terrorist concern, or has been designated as a non-cooperative country or territory. We will identify customers that pose a heightened risk of not being properly identified.
4. Customer Due Diligence
It is important to our AML program that we obtain sufficient information about each customer to allow us to evaluate the risk presented by that customer and to detect and report suspicious activity. When we open an account for a customer, the due diligence we perform may be in addition to customer information obtained for purposes of our KYC.
For accounts that we have deemed to be higher risk, we will obtain the following information:
• the purpose of the account;
• the source of funds and wealth;
• the beneficial owners of the accounts;
• the customer’s occupation or type of business;
• financial statements;
• banking references;
• description of the business operations and anticipated volume of trading;
• explanations for any changes in account activity.
Mosaic Exchange prohibits its services to individuals and countries that are on the Sanctions lists of the United Nations, European Union, UK Treasury and US Office of Foreign Assets Control (OFAC).
5. AML Recordkeeping
Our AML Compliance Person will be responsible for ensuring that AML records are maintained properly.
We will document our verification, including all identifying information provided by a customer, the methods used and results of verification, and the resolution of any discrepancies identified in the verification process. We will keep records containing a description of any document that we relied on to verify a customer’s identity, noting the type of document, any identification number contained in the document, the place of issuance, and if any, the date of issuance and expiration date. With respect to non-documentary verification, we will retain documents that describe the methods and the results of any measures we took to verify the identity of a customer.
We will also keep records containing a description of the resolution of each substantive discrepancy discovered when verifying the identifying information obtained. We will retain records of all identification information for five years after the account has been closed; we will retain records made about verification of the customer's identity for five years after the record is made.
6. AML Training Programs
We will develop ongoing employee training under the leadership of the AML Compliance Person and senior management. Our training will occur on at least an annual basis. It will be based on Mosaic Exchange size, its customer base, and its resources and be updated as necessary to reflect any new developments in the law.
Our training will include, at a minimum: (1) how to identify red flags and signs of money laundering that arise during the course of the employees’ duties; (2) what to do once the risk is identified (including how, when and to whom to escalate unusual customer activity or other red flags (3) what employees' roles are in Mosaic Exchange compliance efforts and how to perform them; (4) Mosaic Exchange record retention policy; and (5) the disciplinary consequences (including civil and criminal penalties) for non-compliance.
We will develop this training internally or contract for it. Delivery of the training may include in-person workshops, meetings and explanatory memos. We will maintain records to show the persons trained, the dates of training and the subject matter of their training.
We will review our operations to see if certain employees require specialized additional training. Our written procedures will be updated to reflect any such changes.
7. Program to Independently Test AML Program
The testing of our AML program will be performed at least every two calendar years by an independent third party. We will evaluate the qualifications of the independent third party to ensure they have a working knowledge of applicable AML requirements and its implementing regulations. Independent testing will be performed more frequently if circumstances warrant.
8. Confidential Reporting of AML Non-Compliance
Employees will promptly report any potential violations of Mosaic Exchange!’s AML compliance program to the AML Compliance Person, unless the violations implicate the AML Compliance Person, in which case the employee shall report to the Board. Such reports will be confidential, and the employee will suffer no retaliation for making them.
9. Additional AML Risk Areas
Mosaic Exchange! has reviewed all areas of its business to identify potential money laundering risks that may not be covered in the procedures described above.
10. Senior Manager Approval
Senior management has approved this AML compliance program as reasonably designed to achieve and monitor Mosaic Exchange ongoing compliance with the requirements and the implementing regulations under it.