ANTI MONEY LAUNDERING POLICY - Fibonacci Network

(Effective February 28^TH,^, 2023)

Table Of Contents

General Framework
Cooperation and Information Requests
Risk-Based Approach
Client Due Diligence
Rules of Procedure & Internal Controls
Enhanced Due Diligence
Sector and Jurisdiction Restrictions
Politically Exposed Persons
Sanctions
Suspicious Activity Monitoring and Reporting
Termination of Services
Data Retention
Training
Cooperation and Information Requests
General Guidelines for Requests
Submitting a Request

General Framework

We have no tolerance for money laundering, the financing of terrorism or any other form of illicit activity, and are committed to implementing appropriate policies, procedures and controls to prevent those activities. Our policies are shaped by industry best practices, a risk-based approach and the effective anti-money laundering standards applied in the European Union and worldwide. These policies apply, without exception, to all employees of Fibonacci Network, its Board Members and Directors, as well as to its subsidiaries.

The purpose of this AML Policy is to provide to Fibonacci Network’s Clients, Providers, Partners, Vendors, Contractors, Employees, Law enforcement and other concerned stakeholders a high-level and summarized overview of Fibonacci Network’s main AML/CTF policies and procedures. By no means is this content to be considered as the whole set of all policies, procedures and controls that are implemented and in place by Fibonacci Network for prevention of money laundering, financing of terrorism and other forms of illicit activity.

This document and all underlying policies, processes and procedures are prepared in line with provisions, requirements and recommendations of:

Money Laundering and Terrorist Financing Prevention Act, as amended from time to time;
FATF Guidance for a Risk-Based Approach to Virtual Assets and Virtual Assets Service Providers.

As a regulated business, Fibonacci Network is required to comply with the Money Laundering and Terrorist Financing Prevention Act and International Sanctions Act, which require Fibonacci Network to identify and verify its clients’ identities appropriately, conduct ongoing monitoring of their activity (including transaction monitoring), maintain records of clients’ activity and related documents for at least six years and report suspicious transactions to authorities.

Cooperation and Information Requests

Fibonacci Network is required to cooperate with supervisory and law enforcement authorities in preventing money laundering and terrorist financing, thereby communicating information available to Fibonacci Network and replying to queries within a reasonable time, following the duties, obligations and restrictions arising from legislation. As part of its duties, as per applicable law and company policy, we are required to assist enforcement agencies’ requests. We comply with Law Enforcement requests for information where it pertains to specific preservation orders and fund freezing.

We will not and do not voluntarily disclose non-public information to a requesting party. In accordance with European Union privacy laws, Fibonacci Network will only disclose non-public user information if it has received consent of the user and in response to a legitimate and an enforceable subpoena, court order or search warrant from a body that has jurisdiction to compel Fibonacci Network to disclose that information. Please note that in case you represent the law enforcement agency outside of the European Union, procedure under the Mutual Legal Assistance Treaty (“MLAT”) may apply.

We take data protection and security seriously, and encourage you to consult our Privacy Policy for more information.

Risk-Based Approach

Fibonacci Network takes a risk-based approach (“RBA”) towards assessing and containing the money laundering and terrorist financing risks arising from any transactions it has with clients and uses all available data when reviewing client activity.

Fibonacci Network performs a risk-based due diligence and collects necessary information and documentation on each prospective client in order to assess the risk profile. Before entering into a client relationship, necessary checks are conducted in line with the RBA so as to ensure that the identity of the clients does not match with an entity with a known criminal background or with banned entities, such as terrorist organizations. Enhanced due diligence is required for clients who are deemed to be of high risk, especially those for whom the business activity (sources of funds) are not clear, or for transactions of higher value and frequency, which can be determined by Fibonacci Network at its sole and absolute discretion.

Fibonacci Network’s employees exercise care, due diligence and good judgement in determining the overall profile and business nature of its clients. Fibonacci Network conducts its business in accordance with the highest ethical standards and may decide not to enter into a client relationship that can adversely affect Fibonacci Network’s reputation.

For the purpose of identification, assessment and analysis of risks related to its activities, Fibonacci Network has established a risk assessment, taking account of the following factors:

Client risk;
Geographical risk;
Product risk;
Delivery channel risk.

After the risk assessed and attributed to a particular client. Depending on the assigned degree of risk, it will be revised periodically upon knowledge of the client and its activities.

Client Due Diligence

We require all business clients to undergo proper due diligence or Know Your Business (KYB) checks before using our services. This includes, without limitation:

A high-resolution, clearly readable, non-expired, detailed and verifiable copy of the Client Company incorporation document. This must include details on the ownership of the Company, its address, tax number, website, purpose and activities;
A description of the sector and business activities and corresponding online website. The website must be registered under the same entity name as the certificate of incorporation provided;
Details of the bank account of the Client.

Additionally, for any clients deem to be of high risk, the Identity Verification may include:

A high-resolution, clearly readable, non-expired copy of the business beneficial owners’ government-issued ID or IDs (passport, national identity card and/or a driver’s license);
A high-resolution, clearly readable, non-expired proof of address document not older than 3 months old. The document must carry the Client’s business name and address (recent utility bill or bank statement);
A video conference with the account holder/business contact person and/or company Director(s), if deemed necessary.

Further documentation may be required for businesses operating in certain regulated, restricted or high-risk sectors of activity. Care must be taken that all documents provided are true copies of the original. Providing false, forged, modified or documents meant to deceive will be considered fraud and treated as such. All assets derived from fraudulent transactions and/or suspicious activity may be seized and forfeited. Such activity may also be reported to the relevant authorities.

Fibonacci Network may use recognized and specialized electronic providers for the technical acquisition of the identity data. Fibonacci Network may also decide to use the following non-documentary methods of verifying identity:

Independently verifying the Client’s identity through the comparison of information provided by the Client with information obtained from a consumer reporting agency, public database or other source;
Checking references with other institutions;
Analyzing whether there is logical consistency between the identifying information provided, such as the Client’s name, street address, postal code, and date of birth;
Utilizing complex device identification (such as “digital fingerprints” or IP geolocation checks); and
Obtaining a notarized or certified true copy of an owner, manager, shareholder or UBO’s government-issued ID for valid identification.

When there shall be any suspicion of illicit activity including money laundering or terrorism financing activities, or where there shall be any doubt about the adequacy or veracity of previously obtained Clients’ identification data, further due diligence measures shall be undertaken, including verifying the identity of the Client again and obtaining information regarding the purpose and intended nature of the relationship with Fibonacci Network

Rules of Procedure & Internal Controls

Fibonacci Network has developed and implemented rules of procedure that allow for effective mitigation and management of risks relating to money laundering and terrorist financing, which are identified in the risk assessment performed in accordance with Fibonacci Network’s risk-based approach. Each employee of Fibonacci Network must strictly adhere to rules of procedure set for them by us.

Fibonacci Network applies at least the following due diligence measures:

Requests identification of Fibonacci Network based on documentation submitted by the Client;
Requests identification of Fibonacci Network’s sector of activity, place of incorporation and public profile (where applicable);
Verifies Fibonacci Network-related information and documentation submitted by the Client;
Requests identification of the beneficial owner(s) at the proper tier level, for the purpose of verifying their identity, taking measures to the extent that allows Fibonacci Network to make certain that it knows who the beneficial owner is, and understands the ownership and control structure of the client;
Performing additional due diligence for the Client and its transactions, as necessary per established risk assessment policies and procedures;
Maintains ongoing monitoring of the business relationship and transactions.

Enhanced Due Diligence

Fibonacci Network applies enhanced due diligence (“EDD“) measures in order to adequately manage and mitigate a higher-than-usual risk of money laundering and terrorist financing. EDD measures are applied always when:

Prior to client onboarding:

Upon analysis of submitted client information and documents, there are reasonable doubts as to the truthfulness of the submitted data, authenticity of the documents or the true purpose of its business activities;
The client is engaged in a sector or activity classified as high risk;
The client is incorporated in a jurisdiction classified as high risk (eg: in jurisdictions that have not established effective AML/CTF systems that are in accordance with the recommendations of the Financial Action Task Force).

After client onboarding:

When the client processed transactional volume exceed the assigned risk threshold for the client;
If unusual or suspicious patterns of activity are detected;
If a transaction request is not consistent with a client’s stated business activity.

Fibonacci Network also applies EDD measures whereas the assessment of risk is assessed as higher, in accordance to its internal policies and procedures.

Sector and Jurisdiction Restrictions

We do not serve Clients from certain jurisdictions that are deemed too high-risk and/or unwelcoming from a legal or regulatory perspective. While it’s beyond our scope to set policies for the client’s own business dealings, we reserve the right to not serve Clients who themselves have business activities, clients or otherwise accept purchases originating from certain jurisdictions.

It goes without saying that we can’t provide services to any client that isn’t legally established, or is offering illegal goods or services in their operating jurisdiction(s). Besides this base consideration we also cannot serve Clients who operate in certain restricted sectors.

We update and review those lists periodically, taking into account a range of international policies and recommendations. Clients incorporated in non-serviced jurisdictions and from restricted sectors cannot access or be onboarded to use our services. Attempts to circumvent this policy, by providing false, forged or modified documents meant to deceive or mislead will be considered fraud and treated as such with law enforcement.

Politically Exposed Persons

Politically Exposed Persons (“PEP“) (as well as their families and persons known to be close associates, as described below) are required to be subject to enhanced scrutiny by reporting entities. This is because international standards issued by the Financial Action Task Force recognize that a PEP may be in a position to abuse their public office for private gain and a PEP may use the financial system to launder the proceeds of this abuse of office.

PEP means a natural person who is or who has been entrusted with prominent public functions including:

head of State;
head of government;
minister and deputy or assistant minister;
a member of parliament or of a similar legislative body;
a member of a governing body of a political party;
a member of a supreme court;
a member of a court of auditors or of the board of a central bank;
an ambassador, a chargé d’affaires and a high-ranking officer in the armed forces;
a member of an administrative, management or supervisory body of a State-owned enterprise;
a director, deputy director and member of the board or equivalent function of an international organisation.

PEPs do not include middle-ranking or more junior officials. Family member of a PEP means the spouse, or a person considered to be equivalent to a spouse, of a PEP or local PEP; a child and their spouse, or a person considered to be equivalent to a spouse, of a PEP or local PEP; a parent of a PEP or local PEP.

A person known to be a close associate of a PEP means a natural person who is known to be the beneficial owner or to have joint beneficial ownership of a legal person or a legal arrangement, or any other close business relations, with a PEP or a local PEP; and a natural person who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the de facto benefit of a PEP or local PEP.

While Fibonacci Network does not accept natural persons as clients, the PEP definition and classification still applies to the beneficial owners of the business and may constitute an additional factor of risk.

Sanctions

Dealing with persons against which imposed international sanctions poses a great risk to Fibonacci Network, its directors, officers and owners. Fibonacci Network may employ automated screening software to identify and block known virtual asset addresses associated with sanctions and numerous illegal and high-risk activity. Per its established policy, Fibonacci Network does not do business with companies under sanctions. Sanction lists considered include, among others:

EU Sanctions;
UN Sanctions;
Sanctions administered by the Office of Foreign Assets Control (“OFAC-US”).

All verified matches are automatically blocked and the matter escalated to a Compliance Officer for further analysis and appropriate actions.

Suspicious Activity Monitoring and Reporting

An investigation into suspicious activity will try to establish the true motivation behind the activity in question. This may result in confirmation of the suspicious activity or removal of reasonable doubt. If suspicious activity is confirmed, the issue will be escalated accordingly both internally and externally. When such suspicious activity is detected, the Compliance Officer will determine whether a filing with any law enforcement authority is necessary.

Where Fibonacci Network identifies an activity or facts whose characteristics refer to the use of criminal proceeds or terrorist financing or other criminal offences or an attempt thereof or with regard to which Fibonacci Network suspects or knows that it constitutes money laundering or terrorist financing or the commission of another criminal offence, a Compliance Officer of Fibonacci Network must report it to the FIU diligently.

When such suspicious activity is detected, the Compliance Officer will determine whether a filing with any law enforcement authority is necessary. Fibonacci Network and all its employees, officers and directors are prohibited to inform a person, its beneficial owner, representative or third party about a report submitted on them to the FIU, an intention to submit such a report as well as about the commencement of criminal proceedings.

Termination of Services

Fibonacci Network reserves the right to deny or terminate servicing a client or account at any time in line with the terms stipulated in the Terms of Service Agreement if suspicion arises that a Client is involved with or connected with money laundering, criminal activity, terrorist financing or any other predicate offense to money laundering or terrorist financing.

Data Retention

Fibonacci Network is obligated to retain all documents and information which served for identification and verification of the client, for a period of no less than 8 (eight) years after termination of the business relationship.

Fibonacci Network is obligated to retain public and private keys, and all transaction data including on chain and off chain transaction data.

Fibonacci Network implements necessary rules for the protection of personal data upon application of the requirements arising from its obligations hereunder.

Fibonacci Network is allowed to process personal data gathered upon implementation of these rules only for the purpose of preventing money laundering and terrorist financing and the data must not be additionally processed in a manner that does not meet the purpose, for instance, for marketing purposes.

Training

The Compliance Officer shall ensure that Fibonacci Network’s employees are fully aware of their legal obligations under the AML/CTF regime, by introducing a complete employees’ education and training program. The training program aims at educating Fibonacci Network’s employees on the latest developments in the prevention of money laundering and terrorist financing, including the practical methods and trends used for this purpose.

Cooperation and Information Requests

We take data protection and security seriously, and encourage you to consult our Terms of Service for more information.

General Guidelines for Requests

When law enforcement agencies request non-public information (such as a client personal or financial information),

We will notify affected clients if we believe we are legally required to provide their personal or financial information to a law enforcement agency, unless we are prohibited by law from doing so;
We will not share this information unless an enforceable court order, subpoena or search warrant has been issued, received and validated as legitimate;
When law enforcement agencies request information about a client, we cannot and will not provide information about such client’s clients who are not our clients or platform users. We consider this information to be in the possession, control and custody of the client, who is the controller and processor of such information. If law enforcement agencies request this information, such requests for information should be directed to the relevant client and not us;
Only information specifically requested and clearly outlined in an enforceable court order, subpoena or search warrant will be disclosed.

This policy does not constitute legal advice or a promise or guarantee that we will respond to any requests for information in a specific way, timeframe or at all. All legal requests for information are evaluated on a case-by-case basis. We reserve the right to change this policy or these guidelines in our sole discretion at any time.

When requesting the confirmation of the existence of data on our platform the law enforcement agency must be very specific about what information it is looking to obtain as we may not be able to respond to vague, ambiguous or blanket requests. Certain identifiers may be helpful in determining whether we currently retain the requested information.

Submitting a Request

All legal requests must be submitted by email to compliance@utrust.com, originating from an email address domain of a recognized government or enforcement authority.

To aid the expeditious review of information requests received, law enforcement officers must include at least the following information in their request:

Name of the law enforcement authority;
Proof that the officer is authorized to request the information (proof of authority) and current position within the law enforcement organization;
Proof of identification of the requesting officer within the law enforcement organization (e.g. photo or other official ID which includes badge number, internal ID number);
Email address from a government domain;
Contact information (email address, phone number) from the governmental organization;
The name of the legal entity that the request is addressed to;
Details of the request, including:
- The subpoena / court order identification number in the subject line;
- Instructions on how we should authenticate the subpoena as valid (eg: call-back procedure);
- Any public address or transaction IDs in either plain, excel or comma-separated file formats (images or PDFs are not accepted);
- A reasonable deadline for the request;
- An official and enforceable court order, subpoena or search warrant;
- The reason for the requested information (eg:. possible crimes in question);
- MLAT request for cross-border law enforcement (if applicable).

Please do note that failure to include all the mandatory information stated above may result in delayed response times and/or no response.