Kebijakan

Kebijakan Privasi Global TransFi

Terakhir Diperbarui: Januari 2023

HUBUNGI KAMI
Jika Anda memiliki pertanyaan tentang Kebijakan Privasi ini, Anda dapat menghubungi kami:
Melalui email: kepatuhan@transfi.com
Dengan mengunjungi halaman ini di situs web kami: www.transfi.com

ENTITAS KAMI
TransFi beroperasi melalui Trans- Fi UAB (“TransFi”, “kami”, “kita”, “milik kami”) untuk menyediakan layanan TransFi dapat membagikan data pribadi Anda dengan entitas lainnya (anak perusahaan dan afiliasi) dan menggunakannya sesuai dengan Kebijakan Privasi ini.
Alamat: Pramones 10G, Vilnius, Lithuania LT-11118
Kode: 306117433

1. Apa tujuan Kebijakan Privasi TransFi?

Tujuan dari kebijakan privasi TransFi (semua anak perusahaan dan afiliasi) adalah berkomitmen untuk melindungi privasi pengguna dan pelanggan situs web & layanan kami. Harap baca ini dengan cermat karena kebijakan ini mengikat secara hukum saat Anda menggunakan Layanan kami. Untuk tujuan peraturan perlindungan data yang relevan, TransFi adalah “pengendali data” informasi Anda.

Kebijakan Privasi ini menjelaskan bagaimana kami mengumpulkan, menggunakan, menangani dan, dalam kondisi tertentu, mengungkapkan data pribadi Anda, ketika Anda mengakses layanan kami, yang mencakup konten kami di situs web yang terletak di www.transfi.com atau situs web, halaman, fitur lainnya , atau konten yang kami miliki atau operasikan (secara kolektif disebut “Situs Web”), atau API TransFi apa pun atau aplikasi pihak ketiga yang mengandalkan API tersebut, dan layanan terkait (selanjutnya secara kolektif disebut sebagai “Layanan”).

Kebijakan Privasi ini juga menjelaskan langkah-langkah yang kami ambil untuk mengamankan informasi pribadi Anda. Terakhir, Kebijakan Privasi ini menjelaskan pilihan Anda mengenai pengumpulan, penggunaan, dan pengungkapan informasi pribadi Anda. Dengan mengunjungi situs ini, Anda menerima praktik yang dijelaskan dalam kebijakan privasi situs ini.

Jika Anda memiliki pertanyaan tentang kebijakan ini, silakan kirimkan kecompliance@transfi.com

2. Informasi pribadi apa yang kami kumpulkan dari Anda?

Informasi pribadi berarti setiap data yang berkaitan dengan individu hidup yang dapat diidentifikasi dari data tersebut, atau dari data tersebut dan informasi lainnya, yang dimiliki, atau kemungkinan besar akan dimiliki, TransFi (atau perwakilannya atau penyedia jasa). Selain informasi, hal ini mencakup ekspresi pendapat apa pun tentang seseorang dan indikasi niat TransFi atau orang lain sehubungan dengan seseorang. Definisi informasi pribadi bergantung pada hukum relevan yang berlaku di lokasi fisik Anda. TransFi dapat mengumpulkan dan menggunakan data berikut tentang Anda.

2.1 Informasi yang Anda berikan kepada kami

Ini termasuk informasi yang Anda berikan kepada kami untuk membuat akun dan mengakses Layanan kami. Informasi ini diwajibkan oleh hukum (misalnya untuk memverifikasi identitas Anda), diperlukan untuk menyediakan layanan yang diminta (misalnya Anda harus memberikan nomor rekening bank Anda jika ingin menghubungkan akun tersebut ke TransFi), atau relevan untuk kepentingan sah kami. kepentingan yang dijelaskan secara lebih rinci di bawah ini.

Sifat Layanan yang Anda minta akan menentukan jenis informasi pribadi yang mungkin kami minta, namun dapat mencakup:

  • Informasi Identifikasi: Nama lengkap, tanggal lahir, kewarganegaraan, jenis kelamin, tanda tangan, tagihan listrik, foto, nomor telepon, alamat rumah , dan/atau email;
  • Informasi Identifikasi Formal: Dokumen identitas yang dikeluarkan pemerintah seperti Paspor, Surat Izin Mengemudi, Kartu Identitas Nasional, Kartu Identitas Negara, Nomor Pokok Wajib Pajak, Nomor Paspor, Rincian Surat Izin Mengemudi, Rincian Kartu Tanda Penduduk, Informasi Visa, dan/atau informasi lain yang dianggap perlu untuk mematuhi kewajiban hukum kami berdasarkan undang-undang keuangan atau Anti Pencucian Uang;
  • Informasi Kelembagaan: Nomor Identifikasi Pemberi Kerja (atau nomor serupa yang dikeluarkan oleh pemerintah), bukti pembentukan hukum (misalnya Anggaran Dasar), informasi identifikasi pribadi untuk semua pemilik manfaat material;
  • Informasi Keuangan: Informasi rekening bank, nomor rekening utama kartu pembayaran (PAN), riwayat transaksi, data perdagangan, dan/atau identifikasi pajak;
  • Informasi Transaksi: Informasi tentang transaksi yang Anda lakukan pada Layanan kami, seperti nama penerima, nama Anda, jumlah dan/atau stempel waktu;
  • Informasi Ketenagakerjaan: Lokasi kantor, jabatan, dan/atau deskripsi peran; atau
  • Korespondensi: Respons survei, informasi yang diberikan kepada tim dukungan kami atau tim riset pengguna.

TransFi's Privacy Policy (where TransFi is not in the flow of funds)

Last Updated: May 2022

1. What is the objective of TransFi’s Privacy Policy?

The objective of TransFi’s (Trans-Fi Inc.) privacy policy is to commit to protecting the privacy of visitors to our website and our customers.  Please read this carefully as this policy is legally binding when you use our Services. For the purpose of the relevant data protection regulations, TransFi is the “data controller” of your information.

This Privacy Policy describes how we collect, use, handle and, under certain conditions, disclose your personal data, when you access our services, which include our content on the website located at www.transfi.com or any other websites, pages, features, or content we own or operate (collectively, the “Website (s)”), or any TransFi API or third party applications relying on such an API, and related services (referred to collectively hereinafter as “Services”).

This Privacy Policy also explains the steps we have taken to secure your personal information. Finally, this Privacy Policy explains your options regarding the collection, use and disclosure of your personal information. By visiting the site, you accept the practices described in this privacy policy for the site.

If you have any questions about this policy, please send them to compliance@transfi.com

2. What personal Information do we collect from you?

Personal information means any data which relates to a living individual who can be identified from that data, or from that data and other information which is in the possession of, or is likely to come into the possession of, TransFi (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of TransFi or any other person in respect of an individual. The definition of personal information depends on the relevant law applicable for your physical location. TransFi may collect and use the following data about you.

2.1 Information you provide to us

This includes information you provide to us in order to establish an account and access our Services. This information is either required by law (e.g. to verify your identity), necessary to provide the requested services (e.g. you will need to provide your bank account number if you would like to link that account to TransFi), or is relevant for our legitimate interests described in greater detail below.

The nature of the Services you are requesting will determine the kind of personal information we might ask for, but may include:

  • Identification Information: Full name, date of birth, nationality, gender, signature, utility bills, photographs, phone number, home address, and/or email;
  • Formal Identification Information: Government issued identity document such as Passport, Driver's License, National Identity Card, State ID Card, Tax ID number, passport number, driver's license details, national identity card details, visa information, and/or any other information deemed necessary to comply with our legal obligations under financial or Anti-Money Laundering laws;
  • Institutional Information: Employer Identification number (or comparable number issued by a government), proof of legal formation (e.g. Articles of Incorporation), personal identification information for all material beneficial owners;
  • Financial Information: Bank account information, payment card primary account number (PAN), transaction history, trading data, and/or tax identification;
  • Transaction Information: Information about the transactions you make on our Services, such as the name of the recipient, your name, the amount and/or timestamp;
  • Employment Information: Office location, job title, and/or description of role; or
  • Correspondence: Survey responses, information provided to our support team or user research team.

2.2 Information we collect automatically or generate about you

This includes information we collect automatically, such as whenever you interact with the Sites or use the Services. With regard to your use of our Services we may automatically collect the following information:

  • Details of the transactions you carry out when using our Services, including geographic location from which the transaction originates;
  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser name, type and version, time zone setting, browser plug-in types and versions, operating system, geolocation/tracking details and platform;
  • Information about your visit, including the authentication data, security questions, full Uniform Resource Locators (URL) clickstream to, through and from our Website or App (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any email used to contact us.
  • Cookies and other Technology. Like many websites, the website employs cookies, location-based services and web beacons (also known as clear GIF technology or “action tags”) to speed your navigation of the Site, recognize you and your access privileges, and track your usage. Please read our Cookie Policy for more information.

2.3 Information collected from third parties

We may receive information about you if you use any of the other websites we operate or the other services we provide This includes information we may obtain about you from third party sources. The main types of third parties we receive your personal information from are:

  • Public Databases, Credit Bureaus & ID Verification Partners in order to verify your identity in accordance with applicable law. ID verification partners use a combination of government records and publicly available information about you to verify your identity. Such information may include your name, address, job role, public employment profile, credit history, status on any sanction’s lists maintained by public authorities, and other relevant data;
  • Blockchain Data to ensure parties using our Services are not engaged in illegal or prohibited activity and to analyze transaction trends for research and development purposes;
  • Marketing Partners & Resellers so that we can better understand which of our Services may be of interest to you;
  • The banks/ financial service providers you use to transfer money to us will provide us with your basic personal information, such as your name and address, as well as your financial information such as your bank account details;
  • Business partners may provide us with your name and address, as well as financial information, such as card payment information; and
  • Advertising networks, analytics providers and search information providers may provide us with pseudonymised information about you, such as confirming how you found our website.

3. How do we use your personal information?

We may use your information in the following ways and for the following purposes:

(a) Internal Use: We use your personal information to provide you with our services. We may internally use your personal information to improve the Site’s content and layout, to improve our outreach and for our own marketing efforts (including marketing our services to you), and to determine general information about visitors’ usage behavior to the Site. We require certain information such as your identification, contact and payment information. Third parties that we use such as identity verification services may also access and/or collect your personal information when providing identity verification and/or fraud prevention services. In addition, we may need to collect fees based on your use of our Services. We collect information about your account usage and closely monitor your interactions with our Services. The consequences of not processing your personal information for such purposes is the termination of your account.

(b) Communications with You: According to your preferences and in compliance with applicable law, we may send you marketing communications to inform you about events, to deliver targeted marketing and to share promotional offers. If you are a new customer, we will contact you by electronic means for marketing purposes only if you have consented to such communication. If you do not want us to send you marketing communications, please go to your account settings to opt-out or submit a request via compliance@transfi.com

We may send you service updates regarding administrative or account-related information, security issues, or other transaction-related information. These communications are important to share developments relating to your account that may affect how you can use our Services. You cannot opt-out of receiving critical service communications.

We also process your personal information when you contact us to resolve any questions, disputes, collect fees, or to troubleshoot problems. Without processing your personal information for such purposes, we cannot respond to your requests and ensure your uninterrupted use of the Services.

(c) To maintain legal and regulatory compliance: TransFi needs to process your personal information in order to comply with Anti-Money Laundering and security laws. In addition, when you seek to link a bank account to your TransFi account, we may require you to provide additional information which we may use in collaboration with service providers acting on our behalf to verify your identity or address, and/or to manage risk as required under applicable law. We may be required to disclose certain information in response to requests from law-enforcement officials conducting investigations; subpoenas; a court order; or if we are otherwise required to disclose such information by law. We also will release personal information where disclosure is necessary to protect our legal rights, enforce other agreements, or to protect ourselves or others. For example, we may share information to reduce the risk of fraud or if someone uses or attempts to use the website for illegal reasons or to commit fraud. We also process your personal information in order to help detect, prevent, and mitigate fraud and abuse of our Services and to protect you against account compromise or funds loss. If you do not provide personal information required by law, we will have to close your account.

(d) External Use: We disclose information to our service providers to help enable them to perform services on your behalf. For example, in order to purchase and custody cryptos & or virtual digital assets, we must share some information with third parties, such as your name, email address, physical address, social security number, date of birth, government-issued identification and the amount of cryptos & or virtual digital assets being purchased. Similarly, when we obtain bank account information for ACH transaction and credit card or debit card information, a third-party receives that information to process the payment in connection with the sale of cryptos & or virtual digital assets. Even when you ask us to remember your bank account information, or credit card or debit card information, we do not store sensitive payment data such as the entire credit card number and CVV. Rather, we pass the payment data to the third-party processor and receive back from them a token that does not contain the sensitive data. We do retain non-sensitive payment data used to identify a payment such as the last four digits of a card number and expiration date.

We may share non-personal information (such as the number of daily visitors to the website or the size of an order placed on as certain date) with third parties. This information does not directly personally identify you or any user. For the avoidance of doubt, any IP addresses or a device or other identifier we collect may be shared with one or more third parties.

(e) In our legitimate business interests: Sometimes the processing of your personal information is necessary for our legitimate business interests, such as:

  • quality control and staff training;
  • to enhance security, monitor and verify identity or service access, and to combat spam or other malware or security risks;
  • research and development purposes;
  • to enhance your experience of our Services and Sites; or
  • to facilitate corporate acquisitions, mergers, or transactions.

4. Do we disclose your personal information to third parties?

We allow your personal information to be accessed only by those who require access to perform their work and share it only with third parties who have a legitimate purpose for accessing it. TransFi will never sell or rent your personal information to third parties without your explicit consent. We will only share your personal information with the selected third parties including:

  • Identity verification services to prevent fraud. This allows TransFi to confirm your identity by comparing the information you provide us to public records and other third-party databases;
  • Financial institutions which we partner with to process payments you have authorized;
  • Affiliates, business partners, suppliers and sub-contractors for the performance and execution of any contract we enter into with them or you;
  • Advertisers and advertising networks solely to select and serve relevant adverts to you and others;
  • Analytics and search engine providers that assist us in the improvement and optimisation of our site;
  • Companies or other third parties in connection with business transfers or bankruptcy proceedings;
  • Companies or other entities that purchase TransFi assets;
  • Law enforcement, regulators, or any other third parties when we are compelled to do so by applicable law or if we have a good faith belief that such use is reasonably necessary, including to protect the rights, property, or safety of TransFi, TransFi customers, third party, or the public; comply with legal obligations or requests; enforce our terms and other agreements; or detect or otherwise address security, fraud, or technical issues; and
  • If you authorize one or more third-party applications to access your TransFi Services, then information you have provided to TransFi may be shared with those third parties. A connection you authorize or enable between your TransFi account and a non-TransFi account, payment instrument, or platform is considered an “account connection.” Unless you provide further permissions, TransFi will not authorize these third parties to use this information for any purpose other than to facilitate your transactions using TransFi Services. Please note that third parties you interact with, should have their own privacy policies and TransFi is not responsible for their operations or their use of data they collect.

Examples of account connections include:

Merchants: If you use your TransFi account to conduct a transaction with a third-party merchant, the merchant may provide data about you and your transaction to us.

Your financial services providers: For example, if you send us funds from your bank account, your bank will provide us with identifying information in addition to information about your account in order to complete the transaction.

5. Do we link to other sites?

Our website may contain links to other websites for your convenience or information. These websites may be operated by companies unaffiliated with TransFi, and we are not responsible for the content or privacy practices of those websites. Linked websites may have their own terms of use and privacy policies, and we encourage you to review those policies whenever you visit the websites.

6. How do we protect and store personal information?

TransFi implements and maintains reasonable measures to protect your information. Customer files are protected with safeguards according to the sensitivity of the relevant information. Reasonable controls (such as restricted access) are placed on our computer systems.

TransFi is an international business with operations in multiple countries. This means we may transfer to locations outside of your country. When we transfer your personal information to another country, we will ensure that any transfer of your personal information is compliant with applicable data protection law.

We may store and process all or part of your personal and transactional information, including certain payment information, such as your encrypted bank account and/or routing numbers, in the US and elsewhere in the world where our facilities or service providers are located. We protect your personal information by maintaining physical, electronic, and procedural safeguards in compliance with the applicable laws and regulations.

As a condition of employment, TransFi’s employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal information is limited to those employees who need to it to perform their roles. Unauthorized use or disclosure of confidential customer information by a TransFi employee is prohibited and may result in disciplinary measures.

Finally, we rely on third-party service providers for the physical security of some of our computer hardware. We require those third-party service providers to comply with commercially reasonable security practices and measures. For example, when you visit our website, you access servers that are kept in a secure environment. While we use industry-standard precautions to safeguard your personal information, we cannot and do not guarantee complete security. 100% complete security does not exist anywhere online or offline. As such, you assume the risk of security breaches and all consequences resulting from them. To that end, please safeguard your credentials.

If we anonymize your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.

We do not knowingly request to collect personal information from any person under the age of 18. If a user submitting personal information is suspected of being younger than 18 years of age, TransFi will require the user to close his or her account and will not allow the user to continue using our Services. We will also take steps to delete the information as soon as possible. Please notify us if you know of any individuals under the age of 18 using our Services so we can take action to prevent access to our Services.

We retain the personal information we collect for so long as reasonably necessary to fulfill the purposes for which the data was collected and to perform our contractual and legal obligations. Not with standing the generality of the foregoing, we store email addresses and phone numbers until the user requests to be unsubscribed or removes themselves through any self-service tools offered to the user. 

7. Do we do any profiling and automated decision making?

We may use some instances of your data in order customise our services and the information we provide to you, and to address your needs - such as your country of address and transaction history. For example, if you frequently send funds from one particular currency to another, we may use this information to inform you of new product updates or features that may be useful for you. When we do this, we take all necessary measures to ensure that your privacy and security are protected - and we only use pseudonymised data wherever possible. This activity has no legal effect on you.  

8. What are your privacy and information access rights?

Depending on applicable law of where you reside, you may be able to assert certain rights related to your personal information. These rights include:

  • the right to obtain information regarding the processing of your personal information and access to the personal information which we hold about you;
  • the right to withdraw your consent to the processing of your personal information at any time. Please note, however, that we may still be entitled to process your personal information if we have another legitimate reason for doing so (for example, we may need to retain personal information to comply with a legal obligation);
  • in some circumstances, the right to receive some personal information in a structured, commonly-used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided directly to TransFi;
  • the right to request that we rectify your personal information if it is inaccurate or incomplete;
  • the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled to retain it;
  • the right to object to, or request that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request;
  • the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us; and
  • the right to transfer your personal data between data controllers, for example, to move your account details from one online platform to another.

Our Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for them. Please check these policies before you submit any personal data to these websites. Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction.

Subject to applicable laws, you may have the right to access information we held about you. Your right of access can be exercised in accordance with the relevant data protection legislation.

9. How often is the Privacy Policy updated?

We may update this Privacy Policy from time to time and without prior notice to you to reflect changes in our information practices, and any such amendments shall apply to information already collected and to be collected. Your continued use of the website after any changes to this Privacy Policy indicates your agreement with the terms of the revised Privacy Policy. Please review this Privacy Policy periodically and especially before you provide personal data to us. If we make material changes to this Privacy Policy, we will notify you here, by email or by means of a notice on the home page the website. The date of the last update of the Privacy Policy is indicated at the top of this document.

10. How can you contact us regarding any privacy issues?

TransFi is headquartered at:

100 Ashley Drive,
Suite 600,
Tampa, FL 33602,
USA

If you have questions or concerns regarding this Privacy Policy, please contact us at compliance@transfi.com

TransFi AML KYC Policy

Last updated: May 2024

The guidelines contained in this reference shall provide guidance to the staff of Trans-Fi UAB and its subsidiaries & affiliated entities (together referred to as “TransFi” and “the Company”) AND its customers, regarding practices and standards that TransFi expects to have in place, in order to detect and prevent money laundering and terrorist financing; identify and report suspicious activity; comply with anti-terrorism & sanctions laws and regulations; and other relevant international laws.

KYC laws have been a standard AML obligation around the world for decades and were introduced in the United States with the USA Patriot Act1 and in Europe with the European Union Anti-Money Laundering Directives (AMLD) to help detect and prevent Terrorism Financing activities

These Guidelines have been adopted to ensure that the Company also complies with the rules and regulations set out in:

  1. the Lithuanian International Sanctions Act (ISA);
  2. the Lithuania Money Laundering and Terrorist Financing Prevention Act;
  3. the Lithuania Financial Crime Investigation Services General Policy lines regarding measures against money laundering, terrorist financing and regarding implementation of international sanctions;
  4. DIRECTIVE (EU) 2018/843 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and amending Directives 2009/138/EC and 2013/36/EU (AMLD5).

These Policy lines are the subject of a review by the Company's Money Laundering Reporting Officer at least annually. The proposal for a review and the review of these Policy lines may be scheduled more often by the decision of the Company's Money Laundering Reporting Officer (MLRO) and obligations of applicable laws.

1. Policy Statement And Objectives

TransFi has created this AML KYC policy to:

  • Assist its employees in complying with the laws, rules and regulations across jurisdictions in our collective effort to ensure that the services that TransFi provides are fully compliant;
  • Put in place appropriate systems and controls to ensure compliance with policies;
  • Develop a risk-based approach to manage money-laundering and terrorist financing risk;
  • Set clear customer due diligence procedures, including Identification & Verification (ID&V) and KYC, and providing guidance when enhanced due diligence is required;
  • Conduct transaction monitoring to detect unusual and suspicious activity and to report to local supervisory authorities;
  • Take appropriate measures to freeze or close relationships to mitigate financial crime risk; and
  • Develop a robust employee training program as an essential component of an effective AML compliance program.

This Policy, coupled with internal controls, independent compliance testing and appropriate training, are the key segments of TransFi’s Anti-Money Laundering (AML) and Know-your-customer & Business (KYC/KYB) approach.

TransFi’s AML/KYC & KYB policy covers the following elements:

  • Definitions
  • Customer Due Diligence which includes Identification & Verification requirements (ID&V) and Know your customer (KYC) & Know your Business (KYB), which include Standard Due diligence (SDD) as well as Enhanced Due Diligence (EDD); and various ongoing screenings like, adverse media, PEP and sanctions;
  • Risk Management;
  • Internal Control;
  • Transaction Monitoring;
  • Prohibited Customer Types;
  • Implementation of Sanctions;
  • TransFi Compliance department;
  • Employee training;
  • Record keeping;
  • Law enforcement requests;
  • Conclusions.

2. Definitions

(i) Beneficial Owner in the case of a legal entity, is a natural person whose direct or indirect holdings, or the sum of all direct and indirect holdings in the legal entity, exceeds 25 percent, including holdings in the form of shares or other forms of bearer holdings.

(ii) Business Relationship means a relationship that is established upon conclusion of a long-term contract by the Company in economic or professional activities for the purpose of provisioning of a service or distribution thereof in another manner or that is not based on a long-term contract, but whereby a certain duration could be reasonably expected at the time of establishment of the contract and during which the Company repeatedly makes separate transactions in the course of economic or professional activities while providing a service.

(iii) CDD means Customer due diligence which is collecting and evaluating the new customers' information and determining their risk for illegal financial transactions

(iv) Company means TransFi.

(v) Customer means a legal entity which has business relationship with the Company or legal entity with which the Company enters into an occasional transaction.

(vi) Employee means the Company's employee, including persons who are involved in application of this Policy in the Company.

(vii) MLRO means Money Laundering Reporting Officer, who is appointed to the Company as a compliance officer in the meaning of § 17 of MLTFPA.

(viii) Money Laundering (ML) means the concealment of the origins of illicit funds through their introduction into the legal economic system and transactions that appear to be legitimate. There are three recognized stages in the money laundering process:

  1. placement, which involves placing the proceeds of crime into the financial system;
  2. layering, which involves converting the proceeds of crime into another form and creating complex layers of financial transactions to disguise the audit trail and the source and ownership of funds; and
  3. integration, which involves placing the laundered proceeds back into the economy to create the perception of legitimacy

(ix) Occasional Transaction means the transaction performed by the Company in the course of economic or professional activities for the purpose of provision of a service or sale of goods or distribution thereof in another manner to the customer and / or user outside the course of an established business relationship.

(x) PEP (Politically exposed person) means a natural person who performs or has performed prominent public functions and with regard to whom related risks remain.

At least the following persons are deemed to be PEPs:

  1. head of State or head of government;
  2. minister, deputy minister or assistant minister;
  3. member of a legislative body;
  4. member of a governing body of a political party;
  5. judge of the highest court of a country;
  6. auditor general or a member of the supervisory board or executive board of a central bank;
  7. the Chancellor of Justice;
  8. ambassador, envoy or charge d'affaires;
  9. high-ranking officer in the armed forces;
  10. member of an administrative, management or supervisory body of a state-owned enterprise;
  11. director, deputy director and member of a management body of an international organization;
  12. person in list of Lithuania positions whose holders are considered politically exposed persons is established by a regulation of the minister responsible for the field;
  13. person in list of positions, which is established by international organisation accredited in Lithuania;
  14. a person who, as per list published by the European Commission, is considered a performer of prominent public functions by a Member State of the European Union, the European Commission or an international organisation accredited on the territory of the European Union is deemed a politically exposed person.
  15. Close family member or associate of 1-14 above

Middle ranking or more junior officials are not considered PEPs.

(xi) Sanctions mean an essential tool of foreign policy aimed at supporting the maintenance or restoration of peace, international security, democracy and the rule of law, following human rights and international law or achieving other objectives of the United Nations Charter or the common foreign and security Policy of the European Union. Sanctions include:

  1. international sanctions which are imposed regarding a state, territory, territorial unit, regime, organization, association, group or person by a resolution of the United Nations Security Council, a decision of the Council of the European Union or any other legislation imposing obligations on Lithuania;
  2. sanctions of the Government of the Republic of Lithuania which is a tool of foreign policy which may be imposed in addition to the objectives specified in previous clause to protect the security or interests of Lithuania.

International sanctions may ban the entry of a subject of an international sanction in the state, restrict international trade and international transactions, and impose other prohibitions or obligations.

The subject of Sanctions is any natural or/and legal person, entity, or body, designated in the legal act imposing or implementing Sanctions, with regard to which the Sanctions apply

(xii) Terrorist Financing (TF) means the financing and supporting of an act of terrorism and commissioning thereof, as well as the financing and supporting of travel for the purpose of terrorism, in the meaning of applicable legislation.

(xiii) User means a natural person who has business relation with the Company or the Company’s customers, or with whom the Company or the Company’s customers enter into occasional transactions.

(xiv) Virtual currency means a value represented in the digital form, which is digitally transferable, preservable or tradable and which natural persons or legal persons accept as a payment instrument, but that is not the legal tender of any country or funds for the purposes of Article 4(25) of Directive (EU) 2015/2366 of the European Parliament and of the Council on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, pp 35-127) or a payment transaction for the purposes of points (k) and (I) of Article 3 of the same Directive.

3. Know Your Customer & Identification & Verification Requirements

TransFi is an international services provider in a host of countries within which it provides its services. Regulatory requirements across the world require customer due diligence as a critical tool to prevent illegal activity. TransFi has set up data collection, verification, analytics, investigation and reporting processes within the standards of Anti-Money Laundering regulations through its “Know Your Customer (KYC/KYB)” framework. Key elements of this framework are:

A. Standard Due Diligence

Standard due diligence (SDD) is applied where the customer's risk profile indicates lower risk and where, in accordance with the risk assessment of the Company, it has been identified that in such circumstances the risk of money laundering or terrorist financing is lower than usual.

The Company will verify the identity of its customers and users under its “Know Your customer” processes. For individual users, this will include name and date of birth that is verifiable electronically through an accepted and valid Government issued document accurately containing the users name and date of birth. Acceptable forms of identification for an individual user varies by country of operation and includes one or more of the following:

  • National ID;
  • Passport;
  • Residence permit for a foreign national;
  • Any other acceptable ID allowed by regulation; and as additional verification form
  • Valid Address document like a Utility bill/bank statement (could be any of the above if they have the complete address and not merely a PO Box).

Required documents for a corporate (KYB) includes the following:

  • Proof of registration- Company Registration /Incorporation;
  • Shareholders registry (issued by the state registry within last 6 months) or
  • Recent company excerpt showing shareholders identifying the UBO(issued within last 6 months);
  • Memorandum of Association (MOA) & Articles of Association (AOA) wherever applicable- These document sets out how a company is operated, governed and owned and the extent of Authority/ powers key executives hold;
  • Official address or Principal business address (proof of address);
  • EIN / TIN;
  • All ID docs for natural persons owning >25% of the legal entity and any natural person who is a controlling person or the Beneficial Owner. All the company’s beneficiaries (that own 25% or more) will need to individually complete the KYC process.

The Company will take steps to confirm the authenticity of documents and information provided by users and customers, including verification with regulatory / government sources, and running analytics. Identification information taken above will be collected, stored, shared and protected strictly in accordance with the company’s Privacy Policy related regulations.

B. Enhanced Due Diligence (EDD)

The Company will flag users & customers presenting a higher risk (e.g., politically exposed persons or high-risk customers) and request additional documents & verification.

A high-risk customer is identified based on business activities and includes, but not limited to, the following

  • Custodial crypto / digital assets services
  • Other crypto / digital assets services that are not non-custodial
  • Money services / Payments / other financial services
  • Gambling services
  • Any customer with a politically exposed beneficial owner

For a high-risk customer, the company will request any additional documents to ascertain AML risks under Enhanced due diligence as necessary, including but not limited to Proof of source of funds, relevant licenses and AML / KYC policies. If an EDD requires an investigation, the Company will take any such measures as deemed fit.

Politically Exposed Person

A politically exposed person (PEP) is one defined in Clause 2(x) of this policy. The Company will take measures to ascertain whether the user or the beneficial owner of the customer is a PEP, their family member2 or close associate3, or if the customer has become such a person. Enhanced due diligence as necessary, including but not limited to Proof of source of funds and

The Company will request the PEP for any additional documents to ascertain AML risks under Enhanced due diligence as necessary, including but not limited to Proof of source of funds and Proof of address. The Company will verify the data received from the PEP by making inquiries in relevant databases or public databases or making inquiries or verifying data on the websites of the relevant supervisory authorities or institutions of the country in which the PEP has place of residence or seat.

Where a PEP no longer performs important public functions placed upon them, the Company shall at least within 12 months take into account the risks that remain related to the PEP and apply relevant and risk sensitivity-based measures as long as it is certain that the risks characteristic of PEPs no longer exist.

Adverse Media, PEP and sanctions screenings

The Company KYC’s all its customers. In addition to the KYC and KYB , the customer is subjected to various screenings like, adverse media, PEP and sanctions on an ongoing basis.

C. Ongoing Monitoring

The Company will verify the identity of users and customers on an ongoing basis, especially if there has been any change in the identification information or their activities are deemed suspicious. Such activities could include, though not limited to, changes in customer information, address, ownership, and activities wherein KYC details will be updated on an ongoing basis. The Company reserves the right to ask such users for updated KYC documents, even if they have been successfully verified in the past. The Company shall conduct periodic review of its client's basis their risk categorization review of its client's basis their risk categorization. The risk levels are: High risk - 1 year and Medium & Low risk - 3 years.

D. Acceptable Sources Of Funds

Source of funds refers to the origin of the funds. It refers to the activity that generated the funds, for example salary payments or sale proceeds, as well as the means through which the customer's or beneficial owner's funds were transferred. Acceptable sources of funds include

  • Salary /Business income;
  • Pension releases;
  • Personal savings from legal sources;
  • Share sales and dividends;
  • Property sales;
  • Inheritances and gifts allowed by law;
  • Tax return receipts and other incomes from government;

E. Transaction Blocking

The Company will prohibit business relationships and occasional transactions with users and customers that fail KYC at any point in time as per the requirements of this Policy

F. Verifying User Identity

For KYC, in case of individual users, a user can do a transaction up to $100, cumulative. Once threshold is achieved the user is required to be KYCed. The above limit is allowed as we encourage users to try out our platform. For KYB, in case of legal entities, any business relationship is established once the KYB process is completed and the legal entity is verified.

4. Risk Management

Risk assessment is a process whereby a methodology is maintained to identify and measure the inherent financial crime risk to which the Company is exposed, assess the coverage of controls to mitigate these risks and determine the residual levels. This is done in order to estimate the threat to compliant practices, as the Company provides services to its customers, are calculated; and as may be necessary, eliminated, reduced or controlled. The main purpose of risk assessment is to identify transactions that may threaten to take advantage of compliance vulnerabilities and evaluate the risks presented, to effectively conduct the elimination of such threats.

The Company will follow a risk-based approach to combating money laundering and terrorist financing. This approach applies both to user transactions and company’s customers. By adopting a risk-based approach, the Company will ensure that measures taken are commensurate to the identified risks, thereby enabling efficient allocation of resources. This principle also ensures that the greatest risks receive the highest attention.

The Company’s risk-based approach is based on, but not limited to the following:

  • Monitoring transactions and assigning risk based on multiple parameter such as location, destination, user behavior and value of transactions
  • Bank card verifications to ensure the ownership of card is determined to be to the user before processing transactions
  • Monitoring crypto transactions and assessing risk of dealing with dark net, high money laundering risk counterparties, and likely association with other illegal activities

The risk-based approach will cover all markets where the Company has a business presence.

5. Internal Control

Management is ultimately responsible for ensuring that TransFi maintains an effective AML/KYC internal control structure, including suspicious activity monitoring and reporting. TransFi management follows a culture of compliance to ensure staff adherence to the AML/KYC policies, procedures, and processes. Internal controls are the TransFi’s policies, procedures, and processes designed to limit and control risks and to achieve compliance with relevant rules and regulations. The level of sophistication of the internal controls commensurates with the size, structure, risks and complexity of the TransFi’s operations and lines of business.

6. Transaction Monitoring

Regulations across jurisdictions require the company to monitor and analyse transactions of both individual users and customers. The Company will use a comprehensive approach of transaction monitoring including, but not limited to:

  • screening i.e., monitoring transactions in real-time;
  • monitoring i.e., analyzing transactions later.

The objective of screening is to identify:

  • suspicious and unusual transactions and transaction patterns;
  • transactions exceeding the provided thresholds;
  • politically exposed persons and circumstances regarding international sanctions.

The screening of the transactions is performed automatically and includes the following measures:

  • established thresholds for transactions, depending on the user / customer's risk profile and the estimated transactions turnover declared by the user / customer;
  • the scoring of virtual currency wallets where the virtual currency shall be sent in accordance with the user / customer’s order;
  • the scoring of virtual currency wallets from which the virtual currency is received.

When monitoring transactions the Company will assess transaction with a view to detect activities and transactions that:

  1. deviate from what there is reason to expect based on the due diligence measures performed, the services provided, the information provided by the user / customer and other circumstances (e.g. exceeding estimated transactions turnover, virtual currency sending each time to new virtual currency wallet, volume of transactions exceeding limit);
  2. without deviating according to previous clause, may be assumed to be part of a money laundering or terrorist financing;
  3. may affect the user / customer's risk profile score.

In addition, the Compliance Department shall take any appropriate actions to ensure compliance with laws & regulations including

  • Daily check of users against recognized “blacklists” (e.g. OFAC or any other Specially Designated National (SDN) list as prescribed in other jurisdictions), aggregating transfers by multiple data points, placing users on watch and service denial lists, opening cases for investigation where needed, sending internal communications and filing out statutory reports, if applicable;
  • Regular filing of reports such as Currency Transaction Reports, Filing Suspicious Activity Reports;
  • Requesting users and customers for any additional information and documents in case of suspicious transactions, including suspending or terminating accounts when the company has reasonable suspicion of illegal activity;
  • Maintaining a record of all transactions as required by the respective regulatory authority in their respective countries or for a period dictated by laws and regulations in the jurisdiction which they operate

7. Prohibited Customer Types

The Company shall not establish business relationships or do occasional transactions with customers who pose serious money laundering risks and fall outside the Company's risk appetite. The Company will not under any circumstances accept the following types of customers.

  • Known beneficiaries of Corruptions or Illegal Activities;
  • Shell companies/shell banks;
  • Unregulated casinos or gambling companies;
  • Incomplete or failed KYB (Know your business);
  • Unlicensed money transmitters / payments / financial services companies; and
  • Customers with bearer shares in the ownership structure.
  • Marijuana/cannabis;
  • Guns, Arms and ammunition;
  • Precious metals;
  • Adult content or Pornography

8. Implementation Of Sanctions

Upon the entry into force, amendment or termination of any sanctions, the Company shall verify whether the customer or User who is planning to have the business relationship or occasional transaction with the Company is a subject of these sanctions. If the Company identifies a such a person or legal entity who is a subject of Sanctions or that the transaction intended or carried out by them is in breach of Sanctions, the Company shall apply Sanctions and immediately inform the relevant regulatory authority thereof.

The Company will use at least one of the following sources (databases) to verify the user / customer's relation to Sanctions:

  1. Comply Advantage watchlists;
  2. Financial sanctions information and search;
  3. Other internal databases or databases managed by third parties, which contain at least the lists from databases specified above.

The watchlists sources include:

  • The Office of Foreign Assets Control (OFAC) Sanctions
  • The United Nations Security Council’s Sanctions list
  • Her Majesty’s (HM) Treasury List
  • The EU Consolidated Sanctions List
  • The EU Most Wanted Warnings
  • The Bureau of Industry and Security
  • The State Department Foreign Terrorist Organizations List and Non Proliferation List
  • US DOJ (FBI, DEA, US Marshals, and others)
  • Interpol’s Most Wanted CBI List (The Central Bureau of Investigation)

The Company shall perform the abovementioned verification on an ongoing basis in the course of an established business relationship. The frequency of the ongoing verifications depends on the risk profile of the user / customer

If the Company has doubts that a person or legal entity is a subject to Sanctions, it shall immediately notify the MLRO. In this case the MLRO shall decide on whether to ask or acquire additional data from the person or notify the regulatory authority immediately of their suspicion.

Below is the list of prohibited jurisdictions for TransFi:

  • Abkhazia
  • Afghanistan
  • Angola
  • Belarus
  • Burma (Myanmar)
  • Burundi
  • Central African Republic
  • Congo
  • Cuba
  • Democratic Republic of Congo
  • Ethiopia
  • Guinea-Bissau
  • Iran
  • Iraq
  • Ivory Coast (Cote D’Ivoire)
  • Lebanon
  • Liberia
  • Libya
  • Mali
  • Nagorno-Karabakh
  • Nicaragua
  • North Korea
  • Northern Cyprus
  • Russia
  • Sahrawi Arab Democratic Republic
  • Somalia
  • Somaliland
  • South Ossetia
  • South Sudan
  • Sudan
  • Syria
  • Ukraine (including Region of Crimea)
  • Venezuela
  • Yemen
  • Zimbabwe

Note: In light of the recent Financial Promotion Regime by the FCA UK in Oct 2023, we have included UK in the Prohibited country list until we comply with the FPR .

9. TransFi Compliance Department

The Company has established a Compliance Department that is headed by a designated Compliance Officer and MLRO, who shall ensure implementation and enforcement of the AML / KYC policy. With support and oversight of transactional and administrative practices, the Compliance Department shall supervise all aspects of the Company’s Anti Money Laundering and counter-Terrorist Financing policies and ensures compliance with laws and regulations.

The scope of Compliance Department’s efforts includes, but not limited to the following:

  • Collect user’s identification information & conduct relevant checks as appropriate;
  • Establish and update internal policies and procedures for the completion, review, submission and retention of all reports and records required under the applicable laws and regulations;
  • Monitor transactions and investigate any significant deviations from normal activity;
  • Implement a records management system for appropriate storage and retrieval of documents, files, forms and logs;
  • Conduct a business risk assessment on a periodic basis; and
  • Provide law enforcement with information as required under the applicable laws and regulations.
AML Officer

The Company has appointed an MLRO who is not operationally involved, but who will monitor and verify the functioning of the Company independently. The MLRO is accountable for the following activities:

  1. produce and when necessary, update the Company's AML policy;
  2. monitor and verify on an ongoing basis that the Company is fulfilling the requirements prescribed by this policy and related documents and according to external laws and regulations
  3. provide the Company's employees and members of the Board with advice and support regarding the rules relating to money laundering and terrorist financing
  4. inform and train the employees of the Company and relevant persons about the rules relating to money laundering and terrorist financing
  5. investigate and register sufficient data on received internal notifications and decide whether the activity can be justified or whether it is suspicious;
  6. file the relevant reports (i.e. UARs, SARs, STRs, etc.) with the appropriate regulatory authorities in accordance with local jurisdictional requirements;
  7. check and regularly assess whether the Company's procedures and guidelines to prevent the use of the business for money laundering or terrorist financing are fit for purpose and effective;
  8. identify the incidents in accordance with the Company's policies and take measures regarding such incidents.

The Company through its MLRO will report to the regulatory authority on the activity or the circumstances that they identify in the course of economic activities and whereby:

  • the characteristics indicate the use of criminal proceeds, or the commission of crimes related to this (this is primarily a report on a suspicious and unusual transaction or activity, i.e. UTR or UAR);
  • in the case of which they suspect or know or the characteristics of which indicate the commission of money laundering or related crimes (this is primarily a report on a transaction or activity whereby money laundering is suspected, i.e., STR or SAR);
  • in the case of which they suspect or know or the characteristics of which indicate the commission of terrorist financing or related crimes (this is primarily a report on a transaction or activity whereby terrorist financing is suspected, i.e., TFR);
  • in the case of which an attempt of the activity or circumstances specified in previous clauses are present.

10. Independent Review

The Company shall engage an independent third-party firm with expertise in antimoney laundering (AML) compliance to conduct a comprehensive review and assessment of the effectiveness of the AML program. The independent review shall include, but not be limited to, an evaluation of the AML policies, procedures, and controls in place to detect and prevent money laundering and terrorist financing activities. The findings and recommendations of the independent review shall be documented in a written report provided to the Board of Directors, detailing any identified deficiencies and proposing remedial actions to address them.

11. Employee Training

Employee training is an essential part of an AML Compliance program. It is crucial to train the employees to improve their skills and comply with regulations and protect the company from criminal attempts.

The Company shall provide effective AML & internal controls training to its employees that will help to identify & prevent money laundering activities, minimize the risk of fines & penalties, and enhance the reputation of the Company. The training will be arranged on a periodic basis for the employees of the Company and members of the Board and documented. In case, an employee comes across a non-compliant situation, he or she is required to bring it to the attention of the Compliance Officer and MLRO (Money laundering reporting officer). They then take the required actions.

If required , the MLRO, who is independent of TransFi to report, prepares and submits a report to the FCIS (Financial Crime Investigation Service), Lithuania,

12. Record Keeping

Record keeping is an integral part of regulatory responsibility. To assist in record keeping the Company shall maintain an employee training log including details of their assessment results, when they were examined, when they were trained, and any reassessment necessary.

AML RECORDS

Where applicable, the following records will be retained by the Company for anti-money laundering purposes:

  1. Identification of users / customers - full details of evidence of identity for no less than five years from the end of the relationship
  2. Transactions – user / customer files containing the full details of the transaction for no less than five years from the date the transaction was completed
  3. Internal and external reporting – full details of action taken by Compliance Department for no less than five years from the creation of the record
  4. Detailed records must be kept no less than five years from the date the transaction or customer relationship ended.

RECORD ACCESSIBILITY

The Company shall maintain systems that ensure records are kept in accordance with regulatory requirements. The Company shall keep records electronically in the operating systems or on specific storage facilities for onsite or offsite storage, or paper based. In any case Company shall ensure that:

  1. Records can be accessed in a reasonable time and at a minimum as required by regulation.
  2. Records are protected against unauthorized access and accidental deletion or destruction, as per Data Protection requirements applicable in different jurisdictions.
  3. Third party providers used for storage of records shall have systems and procedures in place to ensure that records are protected against unauthorized access accidental deletion and securely stored for the required amount of time.

RECORD RETENTION

The overall principles in this respect are the following:

  1. Records verifying identity must be kept for no less than five years after the termination of a customer relationship/agreement.
  2. Records supporting individual transactions must be kept for no less than five years following completion of the transaction.
  3. Records of any report made to the compliance department (whether forwarded further) will be retained as part of the customer records.
  4. Records of customers / users who, according to the company's internal risk assessment pose a higher risk of money laundering and/or terrorist financing, must be kept for no less than ten years after the termination of a customer relationship/agreement.
  5. Records of customers / users with whom business relations or occasional transactions were refused for the reasons of prevention of money laundering and terrorist financing, must be kept for no less than ten years after the termination of the relationship/agreement.

13. Law Enforcement Requests

Government regulators and law enforcement agencies may seek information and records from time to time. Any person associated or connected with our company who receives or is served with a summons, subpoena or court order related to the Company’s business should immediately contact the Company Compliance Department for further assistance.

The Company shall assist entities in their investigations, provided the request(s) is / are conducted in a lawful manner. If a customer or user is subject to an examination by an equivalent regulatory body, the Company shall always comply with the examination process.

For any law enforcement requests, please direct your official document to our Compliance team at compliance@transfi.com

14. Conclusions

The Company is required by policy to operate in a legal and responsible manner. The Company will remain compliant, in all aspects, with all laws, rules, regulations across jurisdictions, as well as extend its full cooperation to law enforcement and regulatory authorities, maintain records, as per regulatory requirements and in accordance with the Company’s policies and procedures.

The Company will not tolerate its reputation to be put in jeopardy.

The Company will make sure that its customers do their part to ensure full compliance with all aspects and the spirit of this policy and support the Company as it strives to maintain its progressive stance in the industry.

The USA Patriot Act requires all financial institutions to develop and implement their own AML program and emphasizes several mandatory checks and screening capabilities. Accordingly, a firm’s USA Patriot Act Anti-Money Laundering program must be built around the following criteria:

  • The Company must develop internal Anti-Money Laundering policies, procedures, and controls;
  • An AML Compliance Officer must be appointed to oversee the Anti-Money Laundering program;
  • Employees must receive ongoing Anti-Money Laundering training; and
  • The Anti-Money Laundering program must be independently audited regularly.

The Financial Action Task Force (FATF) defines UBO as “the natural person(s) who owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.” UBO is defined as the following.

  • Owning >= 25% of share capital;
  • Exercise at least 25% of voting rights;
  • Beneficiaries of at least 25% of an entity’s capital;
  • Persons with power of attorney;
  • Guardians of minors;
  • Corporate directors or nominee directors that are appointed to conceal the true owners of a given firm; and
  • Shareholders, including the holders of bearer shares that may be transferred anonymously.