Anti-Money Laundering (AML) Policy
IVPAYs.r.o. (“IVPAY” / “Company”) is fully committed to combating money laundering, terrorist financing, and all forms of illicit financial activity. The Company strictly adheres to implementing robust anti-money laundering (AML) and counter-terrorist financing (CTF) policies, procedures, and controls. These standards are grounded in industry best practices and comply with the most stringent requirements in the Czech Republic and internationally. This policy applies to all IVPAY employees, directors, officers, contractors, and consultants without exception. This document aims to provide stakeholders, including partners, clients, vendors, contractors, employees, regulators, law enforcement, and other concerned parties, with a high-level understanding of IVPAY’s AML/CTF compliance measures. It does not represent the entirety of the Company’s policies and procedures but serves as a broad overview of our efforts to prevent money laundering, terrorist financing, and other illicit activities. This policy, alongside the Company's detailed internal procedures, is crafted in compliance with the following legal and regulatory frameworks:
- Act No. 253/2008 Coll. on Certain Measures against Money Laundering and Terrorist Financing of the Czech Republic (as amended);
- Act No. 69/2006 Coll. on the Implementation of International Sanctions (as amended); and
- Financial Action Task Force (FATF) Guidelines for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers. IVPAY operates under Czech law and complies with the country's regulatory requirements for virtual asset services. This includes client identification, verification, transaction monitoring, data retention, and reporting obligations to the appropriate authorities.
Compliance Officer
IVPAY’s management will appoint a Compliance Officer responsible for overseeing the implementation and enforcement of AML/CTF policies. The Compliance Officer must have the necessary qualifications, experience, and integrity for the role, which requires approval from the Financial Analytical Office (FAU) in the Czech Republic. This individual reports directly to the management board and has access to all relevant company information necessary to fulfill their duties. Key responsibilities include:
- Collecting and analyzing data on suspicious transactions or activities that may involve money laundering or terrorist financing.
- Ensuring timely reporting of such activities to the FAU.
- Regularly submitting compliance reports to the management.
- Ensuring the Company’s adherence to AML/CTF regulations.
Definition of Money Laundering and Terrorist Financing
Money laundering involves:
- The conversion, transfer, or handling of assets derived from criminal activity to hide their illicit origin or help someone avoid legal consequences.
- The concealment of the origin, ownership, location, or movement of assets acquired through criminal means.
- The acquisition, possession, or use of property knowing its criminal origin.
- Assisting or participating in these activities. Terrorist financing refers to the collection or provision of funds, directly or indirectly, for the purpose of supporting terrorist activities.
Customer Due Diligence
IVPAY applies a comprehensive customer due diligence (CDD) process to verify the identity of all customers. This process includes:
- Identification and verification of the client’s identity using reliable and independent sources, including digital means where applicable.
- Identification of beneficial owners and understanding the ownership and control structure of corporate clients.
- Gathering information on the nature and purpose of the business relationship.
- Screening clients to determine if they are Politically Exposed Persons (PEPs) or subject to international sanctions.
Risk-Based Approach
IVPAY employs a risk-based approach to identify, assess, and manage the risks of money laundering and terrorist financing. This approach involves classifying clients into different risk categories based on the following factors:
- Customer Risk: Evaluating the type of customer (individual or entity), their occupation, and reputation.
- Geographical Risk: Assessing the country of residence or operations, considering whether it is a high-risk jurisdiction.
- Product Risk: Determining the level of risk associated with the types of products or services provided.
- Delivery Channel Risk: Assessing how products or services are delivered (e.g., in-person vs. online).
Simplified and Enhanced Due Diligence
- Simplified Due Diligence (SDD): May be applied to clients with a lower risk profile, based on the Company's risk assessment. This allows for reduced verification measures, provided that sufficient monitoring mechanisms are in place.
- Enhanced Due Diligence (EDD): Is mandatory for high-risk clients, such as PEPs or clients from high-risk jurisdictions. In these cases, additional checks and closer scrutiny are required to mitigate risks.
Politically Exposed Persons (PEPs) and Sanctions Screening
IVPAY ensures enhanced due diligence when dealing with PEPs, their close associates, or family members, as they pose a higher risk of being involved in corrupt practices. Furthermore, the Company conducts sanctions screening to verify whether a client is subject to any international sanctions, including those imposed by:
- United Nations (UN);
- European Union (EU);
- Office of Foreign Assets Control (OFAC – US);
- Office of Financial Sanctions Implementation (OFSI – UK);
- Any other sanctions lists applicable under Czech law. All true matches are immediately escalated to the Compliance Officer for review and further action.
Suspicious Activity Monitoring and Reporting
If IVPAY identifies any suspicious transactions or activities, the Compliance Officer must immediately report them to the Financial Analytical Office (FAU). The report must be made within two business days of identifying the suspicious activity. Employees are strictly prohibited from informing the client or any third party about the report, in accordance with Czech AML laws.
Internal Procedures and Controls
IVPAY has developed comprehensive internal procedures to mitigate money laundering and terrorist financing risks. These include:
- Procedures for identifying and verifying customer identities;
- Enhanced monitoring of high-risk customers and transactions;
- Clear processes for reporting suspicious activity;
- Procedures for data retention and ensuring the security of personal data.
Data Retention
IVPAY retains all documents and records relating to customer identification and transactions for at least five years following the termination of the business relationship. These records are processed solely for AML/CTF purposes and are safeguarded in compliance with Czech data protection regulations.
Employee Training
The Company provides regular AML/CTF training to its employees to ensure they understand their legal obligations and can recognize potential money laundering or terrorist financing risks. Training programs are updated periodically to reflect changes in legislation, regulations, and industry best practices.
Cooperation with Authorities
IVPAY actively cooperates with the Financial Analytical Office (FAU) and other law enforcement agencies, providing requested information in accordance with legal requirements. For international inquiries, the Mutual Legal Assistance Treaty (MLAT) process may be applied.