Anti-Money Laundering

Anti-Money Laundering and Counter-Terrorist Financing Policy of Amarium s.r.o

  1. Overview

    1. Purpose

      This Anti-Money Laundering and Counter-Terrorist Financing ("AML/CFT") Policy sets forth the principles, standards and internal controls adopted by Amarium s.r.o. (hereinafter referred to as "Amarium" or "The Company"), a financial institution incorporated in Slovakia providing virtual currency wallet services, to prevent money laundering, terrorist financing and other financial crimes. The Policy ensures compliance with:

      • Slovak national AML Act No. 297/2008 Coll.

      • EU AML Directives (AMLD4 & AMLD5)

      • FATF Recommendations.

    2. Scope

      This policy applies to:

      • All directors, employees, contractors, and agents of the company.

      • All customers and counterparties; and

      • All third-party service providers handling client data, custody or payments.

  2. Definitions

  • Virtual Currency Wallet service: custody and administration of crypto-assests on behalf of clients.

  • Customer Due Diligence (CDD): identification and verification measures under the AML framework.

  • PEP: Politically Exposed Person.

  • Beneficial Owner: natural person(s) ultimately controlling or owning a customer.

  1. Governance & Oversight

  • Board of Directors: ultimate accountability for AML/CFT Compliance.

  • Money Laundering Reporting Officer (MLRO):

    The Company appoints an AML/CFT Compliance Officer (MLRO), notified to the competent authorities. The MLRO must have the necessary knowledge, experience, and good repute in the AML/CFT Compliance field, in line with the law. The MLRO has direct access to the Board of Directors and the authority to take measures to ensure AML compliance.

    • Direct reporting line to the Board.

    • Responsible for implementing AML/CFT measures, filing Suspicious Transactions Reports (STRs), and ensuring compliance with regulatory obligations.

  • Compliance Department: assist the MLRO in daily compliance operations including but not limited to monitoring, training and reporting.

  1. Risk-Based Approach

    The Company adopts a risk-based approach to AML/CFT, consistent with Slovak and the European Union Law (EU Law) and international best practices. The company assesses and manages risks in the following categories:

    1. Customer Risk Factors

      Examples of higher-risk customers include:

      • Business relationships take place under unusual circumstances,

      • Customers residing in geographic areas with higher risk,

      • Legal entities or entities without legal personality that serve as vehicles for holding personal assets,

      • Complex ownership structure

      • High-risk occupation (e.g, cash-incentive business)

      • Adverse Media results in high-risk

    2. Geographical Risk Factors

    Examples of higher-risk include:

    • Countries subject to sanctions, embargoes, or similar measures issued by entities such as the European Union or the United Nations,

    • Jurisdictions identified as having a significant level of corruption or other criminal activity

    • Jurisdictions identified as major sources of terrorist financing or where identified terrorist organizations operate.

    • FATF "Jurisdictions under Increased Monitoring" (i.e. "grey list")

    1. Product, Service, Business Risk Factors

      Examples of higher-risk include:

      • Use of private banking services

      • Products or businesses that could be conducive to anonymity

      • Rapid conversion between fiat and crypto assets

    2. Channel / Distribution Risk Factors

      Examples of higher-risk include:

      • Indirect commercial relations or transactions (use of third-party intermediaries, especially from high-risk jurisdictions)

      • Remote onboarding where robust electronic identity verification is not possible

    The Company has conducted an assessment of inherent ML/TF risks by categories of customers, services, channels, and geography, and also identified residual risks after applying control measures. Our internal procedures and controls are adequate and proportionate to the nature, scale, and complexity of the business, ensuring compliance with Act No. 297/2008 Z.z., Directive (EU) 2015/849, and Regulation (EU) 2023/1113.

    1. Application of Risk-Based Approach

    • The Business-Wide Risk Assessment (BWRA) will be conducted annually or whenever new risks emerges

    • Customer Risk Assessment (CRA): will be performed at onboarding stage and periodically reviewed (depending on the assigned risk level).

    • Enhanced Due Diligence: will be performed when a high-risk client is identified or unusual transaction patterns occur.

    • Monitoring frequency: aligns with customer risk classification

  2. Customer Due Diligence

    1. Basic Customer Due Diligence (CDD)

      1. For Individuals:

        • Full name

        • Date of birth

        • Nationality

        • Government-issued ID

        • Biometric verification

        • Address

        • Unique identification number (e.g, identity card number, birth certificate number, or passport number)

      2. For Entity

        • Certificate of Incorporation

        • Unique identification number (e.g, the business registration number)

        • Directors

        • Registered address

        • Beneficial Owners

        • Verification against the Slovak Commercial Register

      3. When Customer Due Diligence (CDD) is conducted

      The Company performs CDD in the following situations, in accordance with the Slovak AML Act and EU AML directives:

      • At the establishment of a business relationship.

      • For occasional transactions involving:

        • Transactions amounting EUR 15,000 or more, whether carried out in a single operation or in several linked operations.

        • Crypto-assest transactions of EUR 1,000 or more, in line with Slovak AML Act.

      • For all crypto-assets transfers, the Company collects and transmits originator and beneficiary information in accordance with EU 2023/1113, regardless of value.

      • When there is suspicion of money laundering, terrorist financing, or proliferation financing.

      • When we doubt the veracity or adequacy of any information.

      • When material changes occur in customer circumstances, that may affect their risk profile.

      The Company shall refuse to establish a new business relationship or terminate an existing one if it cannot properly identify and verify the customer or the beneficial owner. The Company will not carry out any transactions for such a client until all mandatory CDD measures are completed. In such cases, the Company shall report to the Financial Intelligence Unit as required by law.

      1. When will Enhanced Due Diligence (EDD) be required:

        • For Politically Exposed Person (PEP) and their close associates (including family members)

          • When establishing or maintaining a business relationship with a PEP, the Company applies enhanced measures: (i) obtaining approval from senior management; (ii) identifying the source of wealth and source of funds; (iii) applying ongoing enhanced monitoring of the PEP's transactions. If the client ceases to be a PEP, the Company will continue enhanced monitoring for at least 12 months before lowering the risk level.

        • High-risk jurisdictions

        • Use of privacy coins, mixers or layering activities

        • Unusual transactions

        • Adverse Media Screening result generates a high-risk alert

      2. Prohibited Customers

      The Company will not establish or maintain a business relationship with customers who fall into any of the following categories:

      • Individuals or entities who fail to provide satisfactory identification or verification documentation, where the Company is unable to identify the customer and beneficiary;

      • Individuals or entities that are currently sanctioned by UN, EU, OFAC, and other governmental sanctions;

      • Individuals or entities dominclied in jurisdictions subject to international sanctions or FATF "High-Risk Jurisdictions subject to a Call for Action (i.e. "black list")"

      • Payable through Accounts;

      • Accounts for Political Campaigns;

      • Accounts for Shell Banks;

      • Accounts for engaging in business activities that are prohibited under this Policy;

      • Other prohibited types of customers/accounts, i.e. Customers who are out of the Company's risk appetite based on the Company's risk scoring system;

The detailed list of risk appetite is outlined in the Company's Money Laundering and Terrorist Financing Risk Assessment Procedure.

  1. Ongoing Monitoring

    1. Transaction monitoring

      The Company utilizes an internally developed Automated Transaction Monitoring System and the pre-established rules to monitor real time and retrospective transactions that are unusual. These rules have been designed tailoring the nature of different products and services. The system is designed to detect unusual/suspicious patterns or trends that may indicate money laundering or terrorist financing. Examples of red flags include:

      • Structuring of transactions to evade detection

      • Links to darknet platforms

    2. Ongoing review

    • The Company will continuously monitor customer profiles and transaction activity.

    • The Company will conduct risk-based periodic review depending on customers' risk level.

      Risk level

      Periodic review

      Low

      3 years

      Medium

      2 years

      High

      1 year

    • The company will review all automated alerts integrated into the monitoring system.

  2. Adverse Media, Politically Exposed Persons (PEP) and Sanctions Screening

    • Screening against:

      • EU Sanctions Lists;

      • United Nations Security Council Consolidated List;

      • OFAC and other relevant watchlists

      • PEP Screening

      • Adverse Media

    • Transactions that involve sanctioned parties should be frozen and reported to the Slovak FIU.

  3. Travel Rule Compliance

    • The Company complies with EU TFR obligations. Details are set out in the separate Travel Rule Policy.

      • Key obligations include:

      • Collecting and verifying originator and beneficiary information for crypto-asset transfers.

      • Ensuring security and accurate transmission of data.

      • Managing transfer from unhosted wallets in line with risk-based procedures.

  4. Reporting

    1. Reporting obligations

      The Company is obliged to report unusual financial transactions ("UFT") to the Financial Intelligence Unit (Finančná spravodajská jednotka) without any undue delay:

      • unusual business operation,

      • attempt to carry out an unusual business operation, or

      • EDD is unable to perform on the requested unusual business operation

      The Company's reporting obligation is implemented by filing a report on an unusual business operation in a way that guarantees that the information contained therein will remain confidential from unauthorized persons.

    2. Delaying Unusual Business Operations

      • In accordance with the Slovak AML Act, the Company is obliged to delay an unusual business operation until the unusual business operation is reported to the FIU. The delay of an unusual business operation is carried out primarily by suspending the orders entered by the customer, or by suspending and temporarily disabling any transactions from and to the customer’s virtual currency wallet. The Responsible Person decides on the delay.

      • The Company shall not delay the unusual business operation if:

        • it cannot be delayed for operational or technical reasons; the Company shall immediately inform the FIU on this fact; or

        • the delay could, according to the previous notice from the FIU, frustrate the processing of the unusual business operation.

    3. Anti-Tipping-Off (Prohibition on Disclosure of Suspicious Activity Reporting)

      • It is prohibited to disclose to a client or any third party the fact that checks are being conducted or that a Suspicious Transaction Report has been filed with the Financial Intelligence Unit. Employees must keep such actions strictly confidential; exceptions apply only when expressly required by law.

  5. Record Keeping

    1. Retention:

      • The Company shall retain all data and transaction records for five years from termination of bisiness relationship or execution of an occasional transation.

    2. Extension

      • The Slovak FIU may, by written notice, extend the retention period by up to an additional five years.

      • The Company retains the data of cross-border correspondent relationships with a partner institution providing similar services, including crypto-asset transfers, the crypto-asset service provider involving the provision of crypto-asset services, for the duration of the period during which the natural person holds the status of ultimate beneficial owner and for an additional five years after the termination of this status or the dissolution of the legal entity.

  6. Data Protection

    • Compliance with the General Data Protection Regulation (GDPR) - EU 2016/679

    • We shall safeguard the personal data of our customers in the manner prescribed.

    • Secure systems with restricted access.

  7. Training and Awareness

    • Mandatory training on AML/CFT for all employees;

    • Annual refresher training for all staff

    • Specialized training for the Compliance Department

    • Training records kept for audit and supervisory review

  8. Independent Controls and Review

    • Regular system tests for monitoring systems.

    • Annual Independent audit of the AML/CFT framework.

    • Findings escalated to the Board, with corrective action plans implemented.

  9. Cooperation with Authorities

    • The Company shall cooperate with the Slovak FIU; National Bank of Slovakia; European and international competent authorities upon receiving official written requests.

  10. Policy Review

This Policy will be reviewed annually, or earlier if:

  • New regulations or regulatory guidance are issued;

  • Internal or external audit results demand updates;

  • Emerging risks or typologies are identified.

PreviousAnti-Robot StrategiesNextRisk Classification

Last updated